Age | Commit message (Collapse) | Author |
|
The TPM2 library and cr50 board have separate definitions of the NVMEM
size, which need to be changed manually and are enforced by a compile
time check in the cr50 code.
CQ-DEPEND=CL:433184
BRANCH=none
BUG=chrome-os-partner:62260
TEST=see dependent CL for test description
Change-Id: I0586a35b77b2f52538023442f537c7a48b3357e7
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/433839
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
5bbd9763d5
am: fe6b30fb4e
Change-Id: Ie8e28a2badaec6e58f932304c0d8f1d593d7b239
|
|
am: 5bbd9763d5
Change-Id: Ifff46be5982398cc1282df9077db3691a38fd1cf
|
|
am: 94907f49fd
Change-Id: Ief4d7c45c0eccc62fc09a662fb3c974e2f06a029
|
|
am: 6ece5a16ed
Change-Id: Ie30be3fd1839ea681901a88e6721f8803236de16
|
|
am: 21756127fd
Change-Id: I3ec3888ba566dc15bd81084da00fe9e581e9296c
|
|
Reference implementation stores OBJECT structures in NVRAM
unmarshaled, even though this structure layout is such that most of
its 1540 bytes remain unused by the object stored in the structure.
Marshaling the structure before storing it in NVMEM allows to save a
lot of room there.
To make sure that marshaling is not processing junk data, clear the
entire structure before allocating a new OBJECT.
This change is meant to be backwards compatible. When data is read
from NVMEM, in case its size is equal the size of OBJECT structure,
data is considered stored unmarshaled and is copied to the output
directly. If the stored size is smaller - unmarshaling function is
invoked.
BUG=chrome-os-partner:60502
TEST=tcg test suite passes (not that it exercises this a lot, just
five instances of storing/retrieving objects for the entire
suite). Will test on real tpm to verify NVMEM storage format
backwards compatibility.
Also tried taking a chrome os device through enterprise
enrollment. With the old code after enrollment there is room for
just two eviction objects left:
# command to retrieve number of objects in nvmem(is in the last
# byte of the response)
localhost ~ # trunks_send --raw 80 01 00 00 00 16 00 00 01 7a 00\
00 00 06 00 00 02 08 00 00 00 01
80010000001B000000000100000006000000010000020800000003
# command to retrieve how many objects the tpm estimates it is
# still possible to store in nvram (is in the last byte of the
# response)
localhost ~ # trunks_send --raw 80 01 00 00 00 16 00 00 01 7a \
00 00 00 06 00 00 02 09 00 00 00 01
80010000001B000000000100000006000000010000020900000002
with the new code after enrollment the responses the above commands
are:
80010000001B000000000100000006000000010000020800000003
80010000001B000000000100000006000000010000020900000004
That is with three objects stored there is room for 4 more
objects.
Also verified that the device enrolled with the old version of the
cr50 firmware remains enrolled after firmware update, which
demonstrates backward compatibility.
Change-Id: Ic2d5f902220b451523b740b57edb7867441d1faa
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/424171
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
acdff2ed61 am: abf58a352b
am: 2ba96f18ca
Change-Id: I5d06675027c4bc201e4cc093bd9e29fd1b408461
|
|
acdff2ed61
am: abf58a352b
Change-Id: I008be36f019c3cda402734f64e594a9b26bcaf1e
|
|
am: acdff2ed61
Change-Id: I25c29962e149bac7c9fc57d33ae253f5553a71ab
|
|
am: be42694d9f
Change-Id: I79933c1fb3b91ddf6ff30cdc32d4560495f5c85d
|
|
am: 569c3c58dc
Change-Id: I9c12247c6c6ec66ac1091275db40dc371be9bcab
|
|
Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is
TPM_ALG_NULL in TPM2_Sign parameters and in the key public area.
This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro.
BUG=chrome-os-partner:60967
BRANCH=none
TEST=On a unowned machine with TPM2: corp enroll, login, install
a network certificate (gECC or GMC), then:
a) retrieve the public key from the installed certificate
LIBCHAPS=`ls /usr/lib**/libchaps.so`
CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \
-O | grep "ID:" | awk '{print $2}'`
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \
--type=cert -r > /tmp/cert
openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key
b) sign a sample text using the private key for the certificate and
MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command:
echo "ABCDEF" > /tmp/1.txt
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \
-i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS
c) verify signature:
openssl dgst -md5 -verify /tmp/pub.key -signature /tmp/1.sig /tmp/1.txt
Step (b) should succeed and step (c) should return "Verified OK".
Change-Id: Iefc85d163089d6f7e09b3e7a41e1df33ba88fa3b
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420811
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
|
|
09170b3a3c am: 12242f389d
am: 6c856e6362
Change-Id: I3c4c9e70b879f414fffc23a30ddbd7a32d3c8e8e
|
|
09170b3a3c
am: 12242f389d
Change-Id: I8f2fc3d7789e065c9a7d5b9db324276eb212dc01
|
|
am: 09170b3a3c
Change-Id: I0f6ea2214f7e9eaaa9aa588e8fe430e157f6154b
|
|
am: 458b6689d7
Change-Id: I0a6124b6f177077f05c8c466c170692b12f99455
|
|
am: 1d3ac31070
Change-Id: I6fd167b748ac45fdacde2af135b96375aee59896
|
|
Add a build assert that checks the sizeof the tpm2
OBJECT struct. This check indicates that NV_FORMAT_VERSION
needs to be bumped, due to a change to tpm2 data structures.
BRANCH=none
BUG=none
TEST=build succeeds
Change-Id: Id6cddd7bec10ebf0aa78e2199826fb6e1ff4fd8c
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/419120
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
am: 29b86236a6 am: 5e683e8a4c
am: 03d6eae321
Change-Id: Ic07b6cabbcff7f97fe771e0119e5a16e7f354b37
|
|
am: 29b86236a6
am: 5e683e8a4c
Change-Id: Ieb33e4c449e2c41cec845c500ab391dac2bd6ba7
|
|
am: 29b86236a6
Change-Id: I55a7459aa15d16a5fddb30a3608eb2fac1507d74
|
|
am: be4ffac51a
Change-Id: I987dfeaa1ffc6875230a0e883fefa17bd025aa61
|
|
am: abb7a18cbd
Change-Id: Ie29134b65552a2ff0a1b68e3ff7d9b50cd7fd6df
|
|
BUG=none
BRANCH=none
TEST=follow instructions in fuzz/build.sh
Change-Id: Id3f1ade1ec74401e741928a6961f1da6a21deb6a
Reviewed-on: https://chromium-review.googlesource.com/417702
Commit-Ready: Mike Aizitsky <aizatsky@chromium.org>
Tested-by: Mike Aizitsky <aizatsky@chromium.org>
Reviewed-by: Mike Aizitsky <aizatsky@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
am: da73c11811 am: d936fce981
am: 2fe751e255
Change-Id: I56532cceef1e79c440629dd1efa304339b6b1ee3
|
|
am: da73c11811
am: d936fce981
Change-Id: I22beb227166d3e90196b76f9ac42726cb96df520
|
|
am: da73c11811
Change-Id: I2480d22a46dce31b5cc5228c46e855cec452b779
|
|
am: 3f545ad4e8
Change-Id: I5fcd8c43f428a148f2b80829f136f5d9bb9ab487
|
|
am: f037a5c57c
Change-Id: Ib1700fc14aaa486b3740877aa0598496e6ed01ed
|
|
In practice, RSASSA/SHA-512 is used for signing with tpm-backed keys,
so we need to enable this algorithm. SHA-384 is also enabled, as it
doesn't affect the size of objects, and support for it is also added
in the code.
Note that for cr50 this change combined with CL:415218 is sufficient
to support SHA-384/512 digests in RSA Sign operations. However, more
changes are required to actually support the new hashing algorithm,
and will come in a separate CL.
Bumped NV_FORMAT_VERSION to 2 since this change increases OBJECT size
(that has 5 digest structures inside, so +32 (32->64) to max digest
means +160 bytes to OBJECT).
Note that it leads to decreasing the number of persistent objects that
can be stored in NVRAM.
BUG=chrome-os-partner:59754
TEST=1) On TPM2 simulator for a pre-generated key pair (/tmp/priv.key +
/tmp/pub.key) and input /tmp/1.txt, import the private key, sign
the text using it and SHA512-RSA-PKCS, and verify that the
signature is correct:
openssl pkcs8 -inform pem -outform der -in /tmp/priv.key \
-out /tmp/priv.der -nocrypt
p11_replay --import --path=/tmp/priv.der --type=privkey \
-id=bbbbbb
pkcs11-tool --module=`ls /usr/lib**/libchaps.so` --slot=0 \
--id=bbbbbb --sign -i /tmp/1.txt -o /tmp/1.sig \
-m SHA512-RSA-PKCS
openssl dgst -sha512 -verify /tmp/pub.key \
-signature /tmp/1.sig /tmp/1.txt
The last operation should say "Verified OK".
2) Repeat the same for SHA384-RSA-PKCS and openssl dgst -sha384.
3) Boot on TPM2 board after clearing tpm owner, corp enroll,
login.
Change-Id: I03e24bd0659aa8b1d76dd16640ea44b6eb46bf56
Reviewed-on: https://chromium-review.googlesource.com/415108
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
630e2e46ea am: a8882eec97
am: 7906c74bd6
Change-Id: If2cb45262fcf7f5afc3756eb98ac8859cee3f512
|
|
630e2e46ea
am: a8882eec97
Change-Id: I7bfc4a0c5132ad853062391894078ab0e17d16ec
|
|
am: 630e2e46ea
Change-Id: Ib35cc66f14c576c24ab4ee2aedfbded38cfa124d
|
|
am: 06c8e853bb
Change-Id: I19dc48853afa6f18e2bac3325e768fe533edbcbe
|
|
am: 889c3dda30
Change-Id: I9603767efa64fe7148d7580904d2092a1fcaaf23
|
|
We want to be able to detect situations when NVRAM storage format
changes for whatever reason. At the very least the NVRAM needs to be
reinitialized, ideally its contents should be migrated from old to new
storage format.
This patch implements the reinitialization part.
BUG=chrome-os-partner:60537
TEST=added some code to print out a message when NvInit() is invoked
in NvCheckAndMigrateIfNeeded(). Verified that it is invoked on
the first restart after upgrade to this new version.
Change-Id: Ia713a6fe7814bbe44ed5ce28ebcc0435a99b7716
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/416294
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
cb032573c6 am: e5e91df302 am: 9dacaf8fac
am: c156f79ffa
Change-Id: I6cd654554479ecb26a42a89a016f3f4b3622db86
|
|
cb032573c6 am: e5e91df302
am: 9dacaf8fac
Change-Id: I6d1c1e898039a76b0ea020247779c0fdc9172845
|
|
cb032573c6
am: e5e91df302
Change-Id: Id3c6f31fe4d54c36c98a40c1b061ee3bdcab5ddb
|
|
am: cb032573c6
Change-Id: Ib6bfbda3590de4336095795cf50536a69f680555
|
|
am: 81e70877e2 -s ours
Change-Id: I95f472fb59d75128a717f5693cc15c9435c7c128
|
|
Uncomment the AlgorithmIdentifier values for hashing algorithms.
Without that, all zeroes were used for DER encoding the hash value
when signing using RSASSA.
BUG=chrome-os-partner:59754
BUG=chrome-os-partner:60382
TEST=On TPM2 for a pre-generated key pair (/tmp/priv.key + /tmp/pub.key)
and input /tmp/1.txt, import the private key, sign the text using
it and SHA256-RSA-PKCS, and verify that the signature is correct:
openssl pkcs8 -inform pem -outform der -in /tmp/priv.key \
-out /tmp/priv.der -nocrypt
p11_replay --import --path=/tmp/priv.der --type=privkey \
-id=bbbbbb
pkcs11-tool --module=`ls /usr/lib**/libchaps.so` --slot=0 \
--id=bbbbbb --sign -i /tmp/1.txt -o /tmp/1.sig \
-m SHA256-RSA-PKCS
openssl dgst -sha256 -verify /tmp/pub.key \
-signature /tmp/1.sig /tmp/1.txt
The last operation should say "Verified OK".
Change-Id: I8c29ec320d8c5832267c6295d00440846d27ff87
Reviewed-on: https://chromium-review.googlesource.com/415024
Commit-Ready: Andrey Pronin <apronin@chromium.org>
Tested-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
|
|
c5912a41a9 am: efd9019ab1 am: 5e61a77898
am: 0080bf0cc7
Change-Id: I29789dd5914847f822039069fc47ff13b102bcd1
|
|
c5912a41a9 am: efd9019ab1
am: 5e61a77898
Change-Id: I5d62e87a4653fa27edafbc6b7747f998350aa4f5
|
|
am: efd9019ab1
Change-Id: I8c1dba1a158e9b07558e99ecbbd25378323c2bc3
|
|
am: c5912a41a9
Change-Id: I0411bf2ef17f7753b89a0be44770594c7174ea13
|
|
am: 07ec984d63
Change-Id: Icf15d5a8d4fee0f678c5e3b8dddc6e3a18a003a0
|
|
This patch fixes an assert case reached by clusterfuzz.
The assert is reached to an input parameter (hashAlg)
not being validated early in the call chain. This change
adds the appropriate check.
This abort originally reported here:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=107
BUG=chrome-os-partner:59293
BRANCH=none
TEST=TCG tests pass, fuzz testcase no longer crashes
Change-Id: I2b2a49a69ebf00a6c63dbcb184f96d27e76c4f1c
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/406578
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
am: dd9467de0e am: 740b7a5f67 am: 1ad80faae9
am: 3c244e5768
Change-Id: I7bdf13b5d83ce8d005f7d9cd83b50b1adf2b1e4c
|