-
Notifications
You must be signed in to change notification settings - Fork 161
/
Copy pathTpmExtensions.java.snips
310 lines (268 loc) · 8.4 KB
/
TpmExtensions.java.snips
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
/*
This file contains source-code snippets that the code-generator inserts into the
appropriate class definition file.
*/
>> TPM_HANDLE
public static final TPM_HANDLE
/** Represents TPM_RH.NULL handle constant */
NULL = TPM_HANDLE.from(TPM_RH.NULL),
/** Represents TPM_RH.NULL handle constant */
PW = TPM_HANDLE.from(TPM_RH.PW),
/** Represents TPM_RH.OWNER handle constant */
OWNER = TPM_HANDLE.from(TPM_RH.OWNER),
/** Represents TPM_RH.ENDORSEMENT handle constant */
ENDORSEMENT = TPM_HANDLE.from(TPM_RH.ENDORSEMENT),
/** Represents TPM_RH.PLATFORM handle constant */
PLATFORM = TPM_HANDLE.from(TPM_RH.PLATFORM);
/** Authorization value associated with this handle object.<BR>
* NOTE: It is tracked by the framework whenever possible but in some cases may be left uninitialized.
*/
public byte[] AuthValue;
/** Name of the TPM entity represented by this handle object.<BR>
* NOTE: It is tracked by the framework whenever possible but in some cases may be left uninitialized.
*/
public byte[] Name;
/** Wraps an arbitrary int value into a TPM handle object
* @param val int value to be used as a TPM handle
* @return New TPM_HANDLE object
*/
public static TPM_HANDLE from(int val)
{
return new TPM_HANDLE(val);
}
/** Creates a TPM handle from the given reserved handle constant
* @param _handle Reserved handle constant
* @return New TPM_HANDLE object
*/
public static TPM_HANDLE from(TPM_RH _handle)
{
return new TPM_HANDLE(_handle.toInt());
}
/** @return New NULL TPM handle */
public static TPM_HANDLE nullHandle()
{
return new TPM_HANDLE(TPM_RH.NULL.toInt());
}
/** Creates a pesistent TPM handle with the given offset (0 - 0x00FFFFFF)
* @param handleOffset Reserved handle offset
* @return New persistent TPM handle
*/
public static TPM_HANDLE persistent(int handleOffset)
{
return new TPM_HANDLE(((TPM_HT.PERSISTENT.toInt()) << 24) + handleOffset);
};
/** Creates a TPM handle for a PCR with the given index
* @param PcrIndex The PCR index (0 - 23)
* @return New TPM_HANDLE object
*/
public static TPM_HANDLE pcr(int PcrIndex)
{
return new TPM_HANDLE(PcrIndex);
}
/** Creates a TPM_HANDLE for the given NV index
* @param NvSlot NV index
* @return New TPM handle object
*/
public static TPM_HANDLE NV(int NvSlot)
{
int handleVal = (TPM_HT.NV_INDEX.toInt() << 24) + NvSlot;
return new TPM_HANDLE(handleVal);
};
/** @return This handle type */
public TPM_HT getType()
{
return TPM_HT.fromInt(handle >> 24);
};
/** Creates a password session handle with the given authorization value
* @param authValue Authorization value
* @return New session handle
*/
public static TPM_HANDLE pwSession(byte[] authValue)
{
TPM_HANDLE pwapHandle = TPM_HANDLE.from(TPM_RH.PW);
pwapHandle.AuthValue = authValue;
return pwapHandle;
}
/** @return The TPM name of this handle */
public byte[] getName()
{
int handleType = getType().toInt();
switch (handleType) {
case 0:
case 2:
case 3:
case 0x40:
Name = Helpers.hostToNet(handle);
return Name;
case 1:
case 0x80:
case 0x81:
if (Name.length == 0)
throw new RuntimeException("Name is not set for handle");
return Name;
default:
throw new RuntimeException("Unknown handle type");
}
}
>> TPMT_PUBLIC
/**
* Validate a TPM signature. Note that this function hashes dataThatWasSigned before
* verifying the signature.
*
* @param _dataThatWasSigned The data
* @param _signature The TPM signature
* @return True if the signature is valid
*/
public boolean validateSignature(byte[] _dataThatWasSigned, TPMU_SIGNATURE _signature)
{
return Crypto.validateSignature(this, _dataThatWasSigned, _signature);
}
public byte[] encrypt(byte[] inData, String label)
{
return Crypto.asymEncrypt(this, inData, label);
}
/**
* Returns the TPM name of this object. The name is the alg-prepended hash of the public area.
*
* @return The TPM object name
*/
public byte[] getName()
{
byte[] pub = toTpm();
byte[] pubHash = Crypto.hash(nameAlg, pub);
byte[] theHashAlg = Helpers.hostToNet((short)nameAlg.toInt());
return Helpers.concatenate(theHashAlg, pubHash);
}
/**
* Validate a TPM quote against a set of PCR and a nonce.
*
* @param expectedPcrs PCR values expected
* @param nonce The nonce
* @param quote The TPM generated quote
* @return Whether the quote was valid
*
*/
public boolean validateQuote(PCR_ReadResponse expectedPcrs, byte[] nonce, QuoteResponse quote)
{
return Crypto.validateQuote(this, expectedPcrs, nonce, quote);
}
>> TPMS_PCR_SELECTION
/** Create a PCR_SELECTION naming a single PCR
* @param pcrAlg The hash algorithm
* @param pcrIndex The PCR index
*/
public TPMS_PCR_SELECTION(TPM_ALG_ID pcrAlg, int pcrIndex)
{
hash = pcrAlg;
int sz = 3;
if ((pcrIndex / 8 + 1) > sz)
sz = pcrIndex / 8 + 1;
pcrSelect = new byte[sz];
pcrSelect[pcrIndex / 8] = (byte) (1 << (pcrIndex % 8));
}
/** Create a PCR_SELECTION[] from a single PCR
* @param pcrAlg The hash algorithm
* @param pcrIndex The PCR index
* @return A new selection array
*/
public static TPMS_PCR_SELECTION[] CreateSelectionArray(TPM_ALG_ID pcrAlg, int pcrIndex)
{
TPMS_PCR_SELECTION[] arr = new TPMS_PCR_SELECTION[1];
arr[0] = new TPMS_PCR_SELECTION(pcrAlg, pcrIndex);
return arr;
}
/**
* Create a PCR_SELECTION from an array of PCRs in the same bank
*
* @param pcrAlg The hash algorithm
* @param pcrIndices The PCRs to select
*/
public TPMS_PCR_SELECTION(TPM_ALG_ID pcrAlg, int[] pcrIndices)
{
hash = pcrAlg;
int pcrMax = 0;
for (int j = 0; j < pcrIndices.length; j++)
{
if (pcrIndices[j] > pcrMax)
pcrMax = pcrIndices[j];
}
if (pcrMax < 23)
pcrMax = 23;
pcrSelect = new byte[pcrMax / 8 + 1];
for (int j = 0; j < pcrIndices.length; j++)
{
pcrSelect[pcrIndices[j] / 8] |= (byte)(1 << (pcrIndices[j] % 8));
}
}
>> TPMT_TK_HASHCHECK
/** Create a NULL ticket (e.g. used for signing data with non-restricted keys)
* @return The null ticket
*/
public static TPMT_TK_HASHCHECK nullTicket()
{
TPMT_TK_HASHCHECK t = new TPMT_TK_HASHCHECK();
t.hierarchy = TPM_HANDLE.from(TPM_RH.OWNER);
return t;
}
>> TPMT_SYM_DEF
/** @deprecated Use default constructor instead */
@Deprecated
public static TPMT_SYM_DEF nullObject() { return new TPMT_SYM_DEF(); }
>> TPMT_SYM_DEF_OBJECT
/** @deprecated Use default constructor instead */
@Deprecated
public static TPMT_SYM_DEF_OBJECT nullObject() { return new TPMT_SYM_DEF_OBJECT(); }
>> TPMT_HA
/** Create a TPMT_HA from the hash of data
* @param hashAlg The hash algorithm
* @param data The data to hash
* @return A new TPMT_HA
*/
public static TPMT_HA fromHashOf(TPM_ALG_ID hashAlg, byte[] data)
{
return new TPMT_HA(hashAlg, Crypto.hash(hashAlg, data));
}
/** Create a TPMT_HA from the hash of a UTF8 encoded string
* @param hashAlg The hash algorithm
* @param s The string to hash
* @return A new TPMT_HA
*/
public static TPMT_HA fromHashOf(TPM_ALG_ID hashAlg, String s)
{
byte[] buf = s.getBytes();
return TPMT_HA.fromHashOf(hashAlg, buf);
}
/** Perform a TPM Extend operation on the contents of this TPMT_HA
* @param x The data to extend
* @return The same object (to allow chaining)
*/
public TPMT_HA extend(byte[] x)
{
byte[] t = Helpers.concatenate(digest, x);
digest = Crypto.hash(hashAlg, t);
return this;
}
/** Perform a TPM Event operation on the contents of this TPMT_HA
* @param x The data to event
* @return The same object (to allow chaining)
*/
public TPMT_HA event(byte[] x)
{
byte[] s = Crypto.hash(hashAlg, x);
byte[] t = Helpers.concatenate(digest, s);
digest = Crypto.hash(hashAlg, t);
return this;
}
/** Reset the contents of this hash object to all zeros */
public void reset()
{
digest = new byte[Crypto.digestSize(hashAlg)];
}
/** Create an all zero hash object
* @param alg The hash algorithm to use
* @return The new zero TPMT_HA
*/
public static TPMT_HA zeroHash(TPM_ALG_ID alg)
{
return new TPMT_HA(alg, new byte[Crypto.digestSize(alg)]);
}