Merge pull request #174 from tomoveu/add-ek-attestation

Added option to create keys under the EK in keygen example

Author: dgarske

.gitignore

@@ -26,8 +26,10 @@ src/.deps
 src/.libs
 RemoteSystemsTempFiles
 *.o
+*.dep
 *.deps
 *.libs
+IDE/IAR-EWARM/settings
 wolftpm/options.h
 
 examples/wrap/wrap_test
@@ -75,12 +77,16 @@ certs/server-*.pem
 certs/client-*.der
 certs/client-*.pem
 certs/serial.old
-*.dep
-IDE/IAR-EWARM/settings
+
+# Test files
 quote.blob
 keyblob.bin
 ecc_test_blob.raw
 rsa_test_blob.raw
+ak.name
+cred.blob
+ek.pub
+srk.pub
 
 # Generated Documentation
 docs/html

examples/README.md

@@ -44,6 +44,15 @@ More information about how to test and use PCR attestation can be found in the i
 `./examples/pcr/extend`
 `./examples/pcr/reset`
 
+### Remote Attestation challenge
+
+Demonstrates how to create Remote Attestation challenge using the TPM 2.0 and afterwards prepare a response.
+
+Detailed information about using these examples can be found in  [examples/attestation/README.md](./examples/attestation/README.md)
+
+`./examples/attestation/make_credential`
+`./examples/attestation/activate_credential`
+
 ## Parameter Encryption
 
 ### Key generation with encrypted authorization

examples/attestation/README.md

@@ -12,6 +12,8 @@ Complete list of the required examples is shown below:
 * `./examples/attestation/activate_credential`: Used by a client to decrypt the challenge and respond
 * `./examples/keygen/keygen`: Used to create a primary key(PK) and attestation key(AK)
 
+Note: All of these example allow the use of the Endorsement Key and Attestation Key under the Endorsement Hierarchy. This is done by adding the `-eh` option when executing any of the three examples above. The advantage of using EK/EH is that the private key material of the EK never leaves the TPM. Anything encrypted using the public part of the EK can be encrypted only internally by the TPM owner of the EK, and EK is unique for every TPM chip. Therefore, creating challenges for Remote Attestation using the EK/EH has greater value in some scenarios. One drawback is that by using the EK the identity of the host under attestation is always known, because the EK private-public key pair identifies the TPM and in some scenarios this might rise privacy concerns. Our remote attestation examples support both AK under SRK and AK under EK. It is up to the developer to decide which one to use.
+
 ## Technology introduction
 
 Remote Attestation is the process of a client providing an evidence to an attestation server that verifies if the client is in a known state.
@@ -41,7 +43,6 @@ Note:
 Using the `keygen` example we can create the necessary TPM 2.0 Attestation Key and TPM 2.0 Primary Storage Key that will be used as a Primary Attestation Key(PAK).
 
 ```
-
 $ ./examples/keygen/keygen -rsa
 TPM2.0 Key generation example
 	Key Blob: keyblob.bin
@@ -53,15 +54,13 @@ RSA AIK template
 Creating new RSA key...
 Created new key (pub 280, priv 222 bytes)
 Wrote 508 bytes to keyblob.bin
-
 ```
 
 ### Make Credential Example Usage
 
 Using the `make_credential` example an attestation server can generate remote attestation challenge. The secret is 32 bytes of randomly generated seed that could be used for a symmetric key in some remote attestation schemes.
 
 ```
-
 $ ./examples/attestation/make_credential
 Using default values
 Demo how to create a credential blob for remote attestation
@@ -72,7 +71,6 @@ Reading the private part of the key
 AK loaded at 0x80000001
 TPM2_MakeCredential success
 Wrote credential blob and secret to cred.blob, 514 bytes
-
 ```
 
 The transfer of the PAK and AK public parts between the client and attestation server is not part of the `make_credential` example, because the exchange is implementation specific.
@@ -82,7 +80,6 @@ The transfer of the PAK and AK public parts between the client and attestation s
 Using the `activate_credential` example a client can decrypt the remote attestation challenge. The secret will be exposed in plain and can be exchanged with the attestation server.
 
 ```
-
 $ ./examples/attestation/activate_credential
 Using default values
 Demo how to create a credential blob for remote attestation
@@ -97,7 +94,6 @@ TPM2_StartAuthSession: sessionHandle 0x3000000
 TPM2_policyCommandCode success
 Read credential blob and secret from cred.blob, 514 bytes
 TPM2_ActivateCredential success
-
 ```
 
 The transfer of the challenge response containing the secret in plain (or used as a symmetric key seed) is not part of the `activate_credential` example, because the exchange is also implementation specific.

examples/attestation/activate_credential.c

@@ -42,16 +42,19 @@
 static void usage(void)
 {
     printf("Expected usage:\n");
-    printf("./examples/attestation/activate_credential [cred.blob]\n");
+    printf("./examples/attestation/activate_credential [cred.blob] [-eh]\n");
     printf("* cred.blob is a input file holding the generated credential.\n");
     printf("Demo usage without parameters, uses \"cred.blob\" filename.\n");
 }
 
 int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[])
 {
     int rc = -1;
+    int endorseKey = 0;
     WOLFTPM2_DEV dev;
+    WOLFTPM2_KEY endorse;
     WOLFTPM2_KEY storage;
+    WOLFTPM2_KEY *primary = NULL;
     WOLFTPM2_KEYBLOB akKey;
     WOLFTPM2_SESSION tpmSession;
 #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
@@ -63,7 +66,6 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[])
 
     union {
         ActivateCredential_In activCred;
-        PolicyCommandCode_In policyCommandCode;
         byte maxInput[MAX_COMMAND_SIZE];
     } cmdIn;
     union {
@@ -84,13 +86,18 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[])
         if (argv[1][0] != '-') {
             input = argv[1];
         }
+        if (XSTRNCMP(argv[1], "-eh", 3) == 0) {
+            printf("Use Endorsement Key\n");
+            endorseKey = 1;
+        }
     }
     else {
         printf("Incorrect arguments\n");
         usage();
         goto exit_badargs;
     }
 
+    XMEMSET(&endorse, 0, sizeof(endorse));
     XMEMSET(&storage, 0, sizeof(storage));
     XMEMSET(&akKey, 0, sizeof(akKey));
 
@@ -104,61 +111,67 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[])
 
     printf("Credential will be read from %s\n", input);
 
-    /* Load SRK, required to unwrap credential */
-    rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_RSA);
-    if (rc != 0) goto exit;
-    printf("SRK loaded\n");
-    /* Prepare the auth password for the Storage Key */
-    storage.handle.auth.size = sizeof(gStorageKeyAuth)-1;
-    XMEMCPY(storage.handle.auth.buffer, gStorageKeyAuth,
-            storage.handle.auth.size);
-    wolfTPM2_SetAuthHandle(&dev, 0, &storage.handle);
+    /* Load key, required to unwrap credential */
+    if (endorseKey) {
+        rc = wolfTPM2_CreateEK(&dev, &endorse, TPM_ALG_RSA);
+        if (rc != 0) goto exit;
+        printf("EK loaded\n");
+        /* Endorsement Key requires authorization with Policy */
+        endorse.handle.policyAuth = 1;
+        rc = wolfTPM2_CreateAuthSession_EkPolicy(&dev, &tpmSession);
+        if (rc != 0) goto exit;
+        /* Set the created Policy Session for use in next operation */
+        rc = wolfTPM2_SetAuthSession(&dev, 0, &tpmSession, 0);
+        if (rc != 0) goto exit;
+
+        primary = &endorse;
+    }
+    else {
+        rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_RSA);
+        if (rc != 0) goto exit;
+        printf("SRK loaded\n");
+        wolfTPM2_SetAuthHandle(&dev, 0, &storage.handle);
+
+        primary = &storage;
+    }
 
     /* Load AK, required to verify the Key Attributes in the credential */
     rc = readKeyBlob(keyblob, &akKey);
     if (rc != TPM_RC_SUCCESS) {
         printf("Failure to read keyblob.\n");
     }
-    storage.handle.hndl = TPM2_DEMO_STORAGE_KEY_HANDLE;
-    rc = wolfTPM2_LoadKey(&dev, &akKey, &storage.handle);
+    rc = wolfTPM2_LoadKey(&dev, &akKey, &primary->handle);
     if (rc != TPM_RC_SUCCESS) {
         printf("Failure to load the AK and read its Name.\n");
         goto exit;
     }
     printf("AK loaded at 0x%x\n", (word32)akKey.handle.hndl);
+
+    rc = wolfTPM2_UnsetAuth(&dev, 0);
+
+    if (endorseKey) {
+        /* Fresh policy session for EK auth */
+        rc = wolfTPM2_CreateAuthSession_EkPolicy(&dev, &tpmSession);
+        if (rc != 0) goto exit;
+        /* Set the created Policy Session for use in next operation */
+        rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, 0);
+        if (rc != 0) goto exit;
+    }
+    else {
+        wolfTPM2_SetAuthHandle(&dev, 1, &storage.handle);
+    }
+
     /* Prepare the auth password for the Attestation Key */
     akKey.handle.auth.size = sizeof(gAiKeyAuth)-1;
     XMEMCPY(akKey.handle.auth.buffer, gAiKeyAuth,
             akKey.handle.auth.size);
     wolfTPM2_SetAuthHandle(&dev, 0, &akKey.handle);
 
-    /* Start an authenticated session (salted / unbound) */
-    rc = wolfTPM2_StartSession(&dev, &tpmSession, NULL, NULL,
-        TPM_SE_POLICY, TPM_ALG_NULL);
-    if (rc != 0) goto exit;
-    printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
-        (word32)tpmSession.handle.hndl);
-
-    /* ADMIN role required for Activate Credential command */
-    XMEMSET(&cmdIn.policyCommandCode, 0, sizeof(cmdIn.policyCommandCode));
-    cmdIn.policyCommandCode.policySession = tpmSession.handle.hndl;
-    cmdIn.policyCommandCode.code = TPM_CC_ActivateCredential;
-    rc = TPM2_PolicyCommandCode(&cmdIn.policyCommandCode);
-    if (rc != TPM_RC_SUCCESS) {
-        printf("policyCommandCode failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
-        goto exit;
-    }
-    printf("TPM2_policyCommandCode success\n"); /* No command response payload */
-
-    /* Prepare Key Auths in correct order for ActivateCredential */
-    wolfTPM2_SetAuthHandle(&dev, 0, &akKey.handle);
-    wolfTPM2_SetAuthHandle(&dev, 1, &storage.handle);
-
     /* Prepare the Activate Credential command */
     XMEMSET(&cmdIn.activCred, 0, sizeof(cmdIn.activCred));
     XMEMSET(&cmdOut.activCred, 0, sizeof(cmdOut.activCred));
     cmdIn.activCred.activateHandle = akKey.handle.hndl;
-    cmdIn.activCred.keyHandle = TPM2_DEMO_STORAGE_KEY_HANDLE;
+    cmdIn.activCred.keyHandle = primary->handle.hndl;
     /* Read credential from the user file */
 #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
     fp = XFOPEN(input, "rb");
@@ -169,7 +182,8 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[])
                                 sizeof(cmdIn.activCred.secret), fp);
         XFCLOSE(fp);
     }
-    printf("Read credential blob and secret from %s, %d bytes\n", input, dataSize);
+    printf("Read credential blob and secret from %s, %d bytes\n",
+        input, dataSize);
 #else
     printf("Can not load credential. File support not enabled\n");
     goto exit;
@@ -185,7 +199,7 @@ int TPM2_ActivateCredential_Example(void* userCtx, int argc, char *argv[])
 
 exit:
 
-    wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
+    wolfTPM2_UnloadHandle(&dev, &primary->handle);
     wolfTPM2_UnloadHandle(&dev, &akKey.handle);
     wolfTPM2_Cleanup(&dev);