Merge branch 'master' into ecc-point

Author: brandonweeks

attest/application_key_test.go

@@ -30,6 +30,8 @@ import (
 	"encoding/asn1"
 	"math/big"
 	"testing"
+
+	"github.com/google/go-cmp/cmp"
 )
 
 func TestSimKeyCreateAndLoad(t *testing.T) {
@@ -678,3 +680,28 @@ func testKeyOpts(t *testing.T, tpm *TPM) {
 		})
 	}
 }
+
+func TestOptsSetDefault(t *testing.T) {
+	if optsSetDefault(nil) != defaultConfig {
+		t.Errorf("expecting optsSetDefault(nil) to return the defaultConfig")
+	}
+
+	normalOpts := KeyConfig{
+		Algorithm: RSA,
+		Size:      2048,
+	}
+	if optsSetDefault(&normalOpts) != &normalOpts {
+		t.Errorf("expecting optsSetDefault() to return the same pointer for normal options")
+	}
+
+	optsMissingAlgorithmAndSize := KeyConfig{
+		QualifyingData: []byte("hello"),
+	}
+	optsAfter := optsSetDefault(&optsMissingAlgorithmAndSize)
+	if optsAfter == &optsMissingAlgorithmAndSize {
+		t.Errorf("expecting optsSetDefault() to return a pointer to a copy")
+	}
+	if diff := cmp.Diff(optsAfter, &KeyConfig{Algorithm: ECDSA, Size: 256, QualifyingData: []byte("hello")}); diff != "" {
+		t.Errorf("optsSetDefault() mismatch (-want +got):\n%s", diff)
+	}
+}

attest/attest_simulated_test.go

@@ -60,6 +60,60 @@ func TestSimEK(t *testing.T) {
 	}
 }
 
+func TestSimWrappedtpmEKCertificatesInternal(t *testing.T) {
+	sim, tpm := setupSimulatedTPM(t)
+	defer sim.Close()
+
+	eks, err := tpm.EKCertificates()
+	if err != nil {
+		t.Errorf("EKCertfificates() failed: %v", err)
+	}
+	if len(eks) != 0 {
+		t.Errorf("simlator returned an ekCertificate this should not happen")
+	}
+	// Since the tpmsimulator does not have ek certificates we will
+	// test some of the internal logic here, in particular search
+	// and injection of missing 2k rsa key.
+	// Because of this, the test dependent on internal apis which
+	// is not optimal.
+
+	// Use a wrappedTPM with the simulator as the tpm
+	wtpm := &wrappedTPM20{
+		interf: TPMInterfaceCommandChannel,
+		rwc:    &fakeCmdChannel{sim},
+	}
+	eks, err = wtpm.ekCertificates()
+	if err != nil {
+		t.Errorf("wtpm  ekCertificates failed")
+	}
+	if len(eks) != 0 {
+		t.Fatalf("should have returned with no EKs")
+	}
+	// Now we inject a single key and search for it
+	_, handleFoundMap, err := wtpm.getKeyHandleKeyMap()
+	if err != nil {
+		t.Fatal(err)
+	}
+	if len(handleFoundMap) != 0 {
+		t.Fatal("the simulator should be empty at this time")
+	}
+	injected2khandle, err := wtpm.create2048RSAEKInAvailableSlot(handleFoundMap)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if injected2khandle != commonRSAEkEquivalentHandle {
+		t.Errorf("injected cert at not default handle when empty")
+	}
+	_, handleFoundMap, err = wtpm.getKeyHandleKeyMap()
+	if err != nil {
+		t.Fatal(err)
+	}
+	_, ok := handleFoundMap[commonRSAEkEquivalentHandle]
+	if !ok {
+		t.Fatalf("injected key notfound")
+	}
+}
+
 func TestSimInfo(t *testing.T) {
 	sim, tpm := setupSimulatedTPM(t)
 	defer sim.Close()

attest/attest_test.go

@@ -80,6 +80,25 @@ func TestEKs(t *testing.T) {
 	}
 }
 
+func TestEKCertificates(t *testing.T) {
+	if !*testLocal {
+		t.SkipNow()
+	}
+	tpm, err := OpenTPM(nil)
+	if err != nil {
+		t.Fatalf("OpenTPM() failed: %v", err)
+	}
+	defer tpm.Close()
+
+	eks, err := tpm.EKCertificates()
+	if err != nil {
+		t.Errorf("EKCertificates() failed: %v", err)
+	}
+	if len(eks) == 0 {
+		t.Log("EKCertificates() did not return anything. This could be an issue if an EK is present.")
+	}
+}
+
 func TestAKCreateAndLoad(t *testing.T) {
 	if !*testLocal {
 		t.SkipNow()

attest/tpm.go

@@ -488,15 +488,25 @@ func (t *TPM) NewAK(opts *AKConfig) (*AK, error) {
 	return t.tpm.newAK(opts)
 }
 
-// NewKey creates an application key certified by the attestation key. If opts is nil
-// then DefaultConfig is used.
-func (t *TPM) NewKey(ak *AK, opts *KeyConfig) (*Key, error) {
+// Return a KeyConfig with default values if appropriate. It never modifies the
+// incoming pointer.
+func optsSetDefault(opts *KeyConfig) *KeyConfig {
 	if opts == nil {
-		opts = defaultConfig
+		return defaultConfig
 	}
 	if opts.Algorithm == "" && opts.Size == 0 {
-		opts = defaultConfig
+		optsCopy := *opts
+		optsCopy.Algorithm = defaultConfig.Algorithm
+		optsCopy.Size = defaultConfig.Size
+		return &optsCopy
 	}
+	return opts
+}
+
+// NewKey creates an application key certified by the attestation key. If opts is nil
+// then DefaultConfig is used.
+func (t *TPM) NewKey(ak *AK, opts *KeyConfig) (*Key, error) {
+	opts = optsSetDefault(opts)
 	return t.tpm.newKey(ak, opts)
 }
 
@@ -506,12 +516,7 @@ func (t *TPM) NewKey(ak *AK, opts *KeyConfig) (*Key, error) {
 // Thus it can be used in cases where the attestation key was not created
 // by go-attestation library. If opts is nil then DefaultConfig is used.
 func (t *TPM) NewKeyCertifiedByKey(akHandle tpmutil.Handle, akAlg Algorithm, opts *KeyConfig) (*Key, error) {
-	if opts == nil {
-		opts = defaultConfig
-	}
-	if opts.Algorithm == "" && opts.Size == 0 {
-		opts = defaultConfig
-	}
+	opts = optsSetDefault(opts)
 	ck := certifyingKey{handle: akHandle, alg: akAlg}
 	return t.tpm.newKeyCertifiedByKey(ck, opts)
 }

attest/wrapped_tpm20.go

@@ -20,7 +20,9 @@ import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rsa"
+	"crypto/x509"
 	"encoding/asn1"
+	"encoding/base64"
 	"errors"
 	"fmt"
 	"io"
@@ -106,6 +108,21 @@ func (t *wrappedTPM20) info() (*TPMInfo, error) {
 	return &tInfo, nil
 }
 
+// createEK creates a persistent EK given an ek template and a handle location
+func (t *wrappedTPM20) createEK(ekTemplate tpm2.Public, targetEKHandle tpmutil.Handle, rerr error) error {
+	keyHnd, _, err := tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", ekTemplate)
+	if err != nil {
+		return fmt.Errorf("ReadPublic failed (%v), and then CreatePrimary failed: %v", rerr, err)
+	}
+	defer tpm2.FlushContext(t.rwc, keyHnd)
+
+	err = tpm2.EvictControl(t.rwc, "", tpm2.HandleOwner, keyHnd, targetEKHandle)
+	if err != nil {
+		return fmt.Errorf("EvictControl failed: %v", err)
+	}
+	return nil
+}
+
 // Return value: handle, whether we generated a new one, error.
 func (t *wrappedTPM20) getEndorsementKeyHandle(ek *EK) (tpmutil.Handle, bool, error) {
 	var ekHandle tpmutil.Handle
@@ -138,15 +155,9 @@ func (t *wrappedTPM20) getEndorsementKeyHandle(ek *EK) (tpmutil.Handle, bool, er
 	}
 	rerr := err // Preserve this failure for later logging, if needed
 
-	keyHnd, _, err := tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", ekTemplate)
-	if err != nil {
-		return 0, false, fmt.Errorf("ReadPublic failed (%v), and then CreatePrimary failed: %v", rerr, err)
-	}
-	defer tpm2.FlushContext(t.rwc, keyHnd)
-
-	err = tpm2.EvictControl(t.rwc, "", tpm2.HandleOwner, keyHnd, ekHandle)
+	err = t.createEK(ekTemplate, ekHandle, rerr)
 	if err != nil {
-		return 0, false, fmt.Errorf("EvictControl failed: %v", err)
+		return 0, false, err
 	}
 
 	return ekHandle, true, nil
@@ -171,27 +182,112 @@ func (t *wrappedTPM20) getStorageRootKeyHandle(parent ParentKeyConfig) (tpmutil.
 	default:
 		return 0, false, fmt.Errorf("unsupported SRK algorithm: %v", parent.Algorithm)
 	}
-	keyHnd, _, err := tpm2.CreatePrimary(t.rwc, tpm2.HandleOwner, tpm2.PCRSelection{}, "", "", srkTemplate)
+	err = t.createEK(srkTemplate, srkHandle, rerr)
 	if err != nil {
-		return 0, false, fmt.Errorf("ReadPublic failed (%v), and then CreatePrimary failed: %v", rerr, err)
+		return 0, false, err
 	}
-	defer tpm2.FlushContext(t.rwc, keyHnd)
+	return srkHandle, true, nil
+}
 
-	err = tpm2.EvictControl(t.rwc, "", tpm2.HandleOwner, keyHnd, srkHandle)
+// returns the base64 encoding of the der encoding of a public key
+func serializePublicKey(pub crypto.PublicKey) (string, error) {
+	derKey, err := x509.MarshalPKIXPublicKey(pub)
 	if err != nil {
-		return 0, false, fmt.Errorf("EvictControl failed: %v", err)
+		return "", err
 	}
+	return base64.StdEncoding.EncodeToString(derKey), nil
+}
 
-	return srkHandle, true, nil
+// Unfortunatelly some TPMs have a non rsa2048 key in the commonRSAEkEquivalentHandle
+// handle location. Thus we need an alternative handle to use for both creating
+// and searching for the rsa2048 ek.
+// The "Registry-of-Reserved-TPM-2.0-Handles-and-Localities-Version 1.2"  section 2.3.1
+// asserts that persistent EK handles should be in the range 0x8101000-0x810100FF
+// Thus any value in this range is acceptable, so we arbitrarily chose
+// a value inmediatelly after the ECC (p256) handle.
+const altRSAEkEquivalentHandle = commonECCEkEquivalentHandle + 1
+
+// creates a map of a base64 pkcs8 encoding of public keys to handles
+func (t *wrappedTPM20) getKeyHandleKeyMap() (map[string]tpmutil.Handle, map[tpmutil.Handle]struct{}, error) {
+	key2Handle := make(map[string]tpmutil.Handle)
+	handleFound := make(map[tpmutil.Handle]struct{})
+	// The handles to searh today are the nvram locations where we expect to find keys
+	// we could augment this list int the future, by including the equivalent of
+	// "tpm2_getcap handles-persistent". However we want to limit the number of locations
+	// to probe as accessing the tpm is a relatively slow path.
+	knownHandlesToSearch := []tpmutil.Handle{
+		commonRSAEkEquivalentHandle,
+		commonECCEkEquivalentHandle,
+		altRSAEkEquivalentHandle,
+	}
+	for _, keyHandle := range knownHandlesToSearch {
+		pub, _, _, err := tpm2.ReadPublic(t.rwc, keyHandle)
+		if err != nil {
+			continue
+		}
+		if pub.RSAParameters != nil || pub.ECCParameters != nil {
+			key, err := pub.Key()
+			if err != nil {
+				return nil, nil, fmt.Errorf("failed to obtain public key for handle %x: %w", keyHandle, err)
+			}
+			serializedKey, err := serializePublicKey(key)
+			if err != nil {
+				return nil, nil, fmt.Errorf("failed to serialize public key for handle %x: %w", keyHandle, err)
+			}
+			key2Handle[serializedKey] = keyHandle
+			handleFound[keyHandle] = struct{}{}
+		}
+	}
+	return key2Handle, handleFound, nil
+}
+
+func (t *wrappedTPM20) create2048RSAEKInAvailableSlot(handleFoundMap map[tpmutil.Handle]struct{}) (tpmutil.Handle, error) {
+	rsakeyHandles := []tpmutil.Handle{
+		commonRSAEkEquivalentHandle,
+		altRSAEkEquivalentHandle,
+	}
+	for _, targetHandle := range rsakeyHandles {
+		_, handleInUse := handleFoundMap[targetHandle]
+		if handleInUse {
+			continue
+		}
+		ekTemplate := t.rsaEkTemplate()
+		err := t.createEK(ekTemplate, targetHandle, fmt.Errorf(""))
+		if err != nil {
+			return tpmutil.Handle(0), err
+		}
+		return targetHandle, nil
+	}
+	return tpmutil.Handle(0), fmt.Errorf("no available handles to create RSA 2048 key in persistent handle")
 }
 
 func (t *wrappedTPM20) ekCertificates() ([]EK, error) {
 	var res []EK
-	if rsaCert, err := readEKCertFromNVRAM20(t.rwc, nvramRSACertIndex); err == nil {
-		res = append(res, EK{Public: crypto.PublicKey(rsaCert.PublicKey), Certificate: rsaCert, handle: commonRSAEkEquivalentHandle})
+	certIndexes := []int{nvramRSACertIndex, nvramECCCertIndex}
+	keyHandleMap, handleFoundMap, err := t.getKeyHandleKeyMap()
+	if err != nil {
+		return nil, err
 	}
-	if eccCert, err := readEKCertFromNVRAM20(t.rwc, nvramECCCertIndex); err == nil {
-		res = append(res, EK{Public: crypto.PublicKey(eccCert.PublicKey), Certificate: eccCert, handle: commonECCEkEquivalentHandle})
+	for _, certIndex := range certIndexes {
+		if cert, err := readEKCertFromNVRAM20(t.rwc, tpmutil.Handle(certIndex)); err == nil {
+			serializedKey, err := serializePublicKey(cert.PublicKey)
+			if err != nil {
+				return nil, err
+			}
+
+			handleToUse, keyfound := keyHandleMap[serializedKey]
+			if !keyfound && certIndex == nvramRSACertIndex {
+				handleToUse, err = t.create2048RSAEKInAvailableSlot(handleFoundMap)
+				if err != nil {
+					return nil, err
+				}
+				keyfound = true
+			}
+			if !keyfound {
+				continue
+			}
+			res = append(res, EK{Public: crypto.PublicKey(cert.PublicKey), Certificate: cert, handle: handleToUse})
+		}
 	}
 	return res, nil
 }

go.mod

@@ -8,7 +8,7 @@ require (
 	github.com/google/go-cmp v0.7.0
 	github.com/google/go-tpm v0.9.7
 	github.com/google/go-tpm-tools v0.4.7
-	golang.org/x/sys v0.38.0
+	golang.org/x/sys v0.39.0
 )
 
 require golang.org/x/crypto v0.45.0 // indirect

go.sum

@@ -18,7 +18,7 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
 golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
 google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=