ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-19 21:17:59 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

[#105] Updated tpm_version to get data from TPM hardware.

Browse Source 
The TPM 2 Provisioner gets packaged with an application called
tpm_version, which reported hard-coded values for the TPM
manufacturer and version. Now it collects those things from
the TPM and reports them.
This commit is contained in:
apldev4 2019-04-24 15:03:56 -04:00
parent 00099ebfc5
commit 74ab4d46b1
7 changed files with 227 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.ci/docker/Dockerfile.amazonlinux2
View File

@ -5,7 +5,7 @@ MAINTAINER apl.dev3@jhuapl.edu
# Install packages for building HIRS
RUN yum -y update && yum clean all
RUN yum groupinstall -y "Development Tools"
RUN yum install -y wget java-1.8.0-openjdk-devel protobuf-compiler rpm-build cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel trousers-devel libcurl-devel
RUN yum install -y wget java-1.8.0-openjdk-devel protobuf-compiler rpm-build cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel tpm2-abrmd-devel trousers-devel libcurl-devel
# Install EPEL
WORKDIR /tmp

2
.ci/docker/Dockerfile.centos7
View File

@ -4,7 +4,7 @@ MAINTAINER apl.dev3@jhuapl.edu
# Install packages for building HIRS
RUN yum -y update && yum clean all
RUN yum install -y java-1.8.0-openjdk-devel protobuf-compiler rpm-build epel-release cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel trousers-devel libcurl-devel
RUN yum install -y java-1.8.0-openjdk-devel protobuf-compiler rpm-build epel-release cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel tpm2-abrmd-devel trousers-devel libcurl-devel
RUN yum install -y cppcheck log4cplus-devel re2-devel
# Set Environment Variables

7
.ci/docker/Dockerfile.ubuntu18
View File

@ -4,7 +4,12 @@ MAINTAINER apl.dev3@jhuapl.edu
# Install packages for building HIRS
RUN apt-get update -y && apt-get upgrade -y && apt-get clean -y
RUN apt-get -y install openjdk-8-jdk protobuf-compiler build-essential devscripts lintian debhelper cmake make git g++ doxygen graphviz cppcheck liblog4cplus-dev libssl-dev libprotobuf-dev libre2-dev libsapi-dev trousers libtspi-dev libcurl4-openssl-dev
RUN apt-get -y install autoconf autoconf-archive automake libtool pkg-config m4 openjdk-8-jdk protobuf-compiler build-essential devscripts lintian debhelper cmake make git g++ doxygen graphviz cppcheck liblog4cplus-dev libssl-dev libprotobuf-dev libre2-dev libsapi-dev trousers libtspi-dev libcurl4-openssl-dev
# Install Newer TPM2-TSS & TPM2-Abrmd from Source for Building HIRS_ProvisionerTPM2
RUN apt-get -y install wget libdbus-1-dev libglib2.0-dev
RUN mkdir tpm2tss && cd tpm2tss && wget https://github.com/tpm2-software/tpm2-tss/releases/download/1.3.0/tpm2-tss-1.3.0.tar.gz && tar -xzf tpm2-tss-1.3.0.tar.gz && cd tpm2-tss-1.3.0 && ./configure && make && make install && cd ../ && cd ../
RUN mkdir tpm2abrmd && cd tpm2abrmd && wget https://github.com/tpm2-software/tpm2-abrmd/releases/download/1.3.1/tpm2-abrmd-1.3.1.tar.gz && tar -xzf tpm2-abrmd-1.3.1.tar.gz && cd tpm2-abrmd-1.3.1 && ./configure && make && make install && cd ../ && cd ../
# Set Environment Variables
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64

5
HIRS_ProvisionerTPM2/CMakeLists.txt
View File

@ -93,7 +93,9 @@ list(APPEND REQUIRED_LIBS ${RE_LIB})
find_library(TPM2_SAPI_LIB NAMES sapi tss2)
find_library(TPM2_TCTI_DEVICE_LIB NAMES tcti-device tss2)
find_library(TPM2_TCTI_SOCKET_LIB NAMES tcti-socket tss2)
set(TPM2_TSS_LIBRARIES ${TPM2_SAPI_LIB} ${TPM2_TCTI_DEVICE_LIB} ${TPM2_TCTI_SOCKET_LIB})
find_library(TPM2_TCTI_TABRMD_LIB NAMES tcti-tabrmd tss2)
set(TPM2_TSS_LIBRARIES ${TPM2_SAPI_LIB} ${TPM2_TCTI_DEVICE_LIB}
${TPM2_TCTI_SOCKET_LIB} ${TPM2_TCTI_TABRMD_LIB})
list(APPEND REQUIRED_LIBS ${TPM2_TSS_LIBRARIES})
# Set variable to determine TSS SAPI import
@ -145,6 +147,7 @@ add_executable(${PROJECT_NAME} src/TPM2_Provisioner.cpp ${PROJECT_CONFIG_FILES})
# In TPM 2.0 land, there is currently not a way to fetch the TPM version info
add_executable(tpm_version src/tpm_version.cpp)
target_link_libraries(tpm_version ${TPM2_SAPI_LIB} ${TPM2_TCTI_TABRMD_LIB})
# Link necessary libraries
target_link_libraries(${PROJECT_NAME} TPM2_PROVISIONER_LIBRARY)

35
HIRS_ProvisionerTPM2/docs/developer-dependencies-centos.md
View File

@ -7,20 +7,21 @@ Please look up their respective names in the CentOS repositories.
If no available repository for the development environment contains the dependencies at an acceptable version level, it is expected that the packages be retrieved and built from their respective source repositories.
| Dependency | Version used | Minimum required | Repository | Project repository |
| ----------------- | ------------ | ------------------ | --------------------- | -------------------------------------- |
| cppcheck | 1.80 | 1.72 | CentOS 7 epel-release | http://cppcheck.sourceforge.net/ |
| doxygen | 1.8.13 | 1.8.0 (estimated) | CentOS 7 base | https://github.com/doxygen/doxygen |
| graphviz | 2.30.1 | 2.28.0 (estimated) | CentOS 7 base | https://gitlab.com/graphviz/graphviz |
| gcc-c++ | 4.8.5 | 4.8.5 | CentOS 7 base | https://gcc.gnu.org/ |
| libcurl-devel | 7.29.0 | 7.0.0 (estimated) | CentOS 7 base | https://github.com/curl/curl |
| libssh2-devel | 1.4.3 | 1.4.3 (estimated) | CentOS 7 base | https://github.com/libssh2/libssh2 |
| log4cplus-devel | 1.1.3 | 1.1.2 | CentOS 7 epel-release | https://github.com/log4cplus/log4cplus |
| openssl-devel | 1.0.2k | 1.0.2g (estimated) | CentOS 7 base | https://github.com/openssl/openssl |
| protobuf-compiler | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
| protobuf-devel | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
| re2-devel | 20160401 | 20160201 | CentOS 7 epel-release | https://github.com/google/re2 |
| tpm2-tss-devel | 1.2.0 | 1.0.0 | CentOS 7 base | https://github.com/intel/tpm2-tss |
| cmake | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
| cpack | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
| git | 1.8.3.1 | 1.6.0 (estimated) | CentOS 7 base | https://github.com/git/git |
| Dependency | Version used | Minimum required | Repository | Project repository |
| ----------------- | ------------ | ------------------ | --------------------- | -------------------------------------- |
| cppcheck | 1.80 | 1.72 | CentOS 7 epel-release | http://cppcheck.sourceforge.net/ |
| doxygen | 1.8.13 | 1.8.0 (estimated) | CentOS 7 base | https://github.com/doxygen/doxygen |
| graphviz | 2.30.1 | 2.28.0 (estimated) | CentOS 7 base | https://gitlab.com/graphviz/graphviz |
| gcc-c++ | 4.8.5 | 4.8.5 | CentOS 7 base | https://gcc.gnu.org/ |
| libcurl-devel | 7.29.0 | 7.0.0 (estimated) | CentOS 7 base | https://github.com/curl/curl |
| libssh2-devel | 1.4.3 | 1.4.3 (estimated) | CentOS 7 base | https://github.com/libssh2/libssh2 |
| log4cplus-devel | 1.1.3 | 1.1.2 | CentOS 7 epel-release | https://github.com/log4cplus/log4cplus |
| openssl-devel | 1.0.2k | 1.0.2g (estimated) | CentOS 7 base | https://github.com/openssl/openssl |
| protobuf-compiler | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
| protobuf-devel | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
| re2-devel | 20160401 | 20160201 | CentOS 7 epel-release | https://github.com/google/re2 |
| tpm2-tss-devel | 1.2.0 | 1.0.0 | CentOS 7 base | https://github.com/intel/tpm2-tss |
| tpm2-abrmd-devel | 1.1.0 | 1.1.0 | CentOS 7 base | https://github.com/tpm2-software/tpm2-abrmd |
| cmake | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
| cpack | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
| git | 1.8.3.1 | 1.6.0 (estimated) | CentOS 7 base | https://github.com/git/git |

30
HIRS_ProvisionerTPM2/docs/developer-dependencies-debian.md
View File

@ -7,17 +7,19 @@ Please look up their respective names in the appropriate repositories.
If no available repository for the development environment contains the dependencies at an acceptable version level, it is expected that the packages be retrieved and built from their respective source repositories.
| Dependency | Version used | Minimum required | Repository | Project repository |
| -------------------- | ------------ | ------------------ | --------------------- | -------------------------------------- |
| cppcheck | 1.82 | 1.72 | Ubuntu 18.04 base | http://cppcheck.sourceforge.net/ |
| doxygen | 1.8.13 | 1.8.0 (estimated) | Ubuntu 18.04 base | https://github.com/doxygen/doxygen |
| graphviz | 2.40.1 | 2.28.0 (estimated) | Ubuntu 18.04 base | https://gitlab.com/graphviz/graphviz |
| libcurl4-openssl-dev | 7.47.0 | 7.0.0 (estimated) | Ubuntu 18.04 base | https://github.com/curl/curl |
| liblog4cplus-dev | 1.1.2 | 1.1.2 | Ubuntu 18.04 base | https://github.com/log4cplus/log4cplus |
| libssl-dev | 1.1.0g | 1.0.2g (estimated) | Ubuntu 18.04 base | https://github.com/openssl/openssl |
| protobuf-compiler | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
| libprotobuf-dev | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
| libre2-dev | 20180201 | 20160201 | Ubuntu 18.04 base | https://github.com/google/re2 |
| libsapi-dev | 1.0.0 | 1.0.0 | Ubuntu 18.04 base | https://github.com/intel/tpm2-tss |
| cmake | 3.10.2 | 2.6.0 (estimated) | Ubuntu 18.04 base | https://cmake.org/ |
| git | 2.17.1 | 1.6.0 (estimated) | Ubuntu 18.04 base | https://github.com/git/git |
| Dependency | Version used | Minimum required | Repository | Project repository |
| -------------------- | ------------ | ------------------ | --------------------- | --------------------------------------------- |
| cppcheck | 1.82 | 1.72 | Ubuntu 18.04 base | http://cppcheck.sourceforge.net/ |
| doxygen | 1.8.13 | 1.8.0 (estimated) | Ubuntu 18.04 base | https://github.com/doxygen/doxygen |
| graphviz | 2.40.1 | 2.28.0 (estimated) | Ubuntu 18.04 base | https://gitlab.com/graphviz/graphviz |
| libcurl4-openssl-dev | 7.47.0 | 7.0.0 (estimated) | Ubuntu 18.04 base | https://github.com/curl/curl |
| liblog4cplus-dev | 1.1.2 | 1.1.2 | Ubuntu 18.04 base | https://github.com/log4cplus/log4cplus |
| libssl-dev | 1.1.0g | 1.0.2g (estimated) | Ubuntu 18.04 base | https://github.com/openssl/openssl |
| protobuf-compiler | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
| libprotobuf-dev | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
| libre2-dev | 20180201 | 20160201 | Ubuntu 18.04 base | https://github.com/google/re2 |
| libsapi-dev | 1.0.0 | 1.0.0 | Ubuntu 18.04 base | https://github.com/intel/tpm2-tss |
| tpm2-tss | 1.3.0 | 1.3.0 | Source Code | https://github.com/tpm2-software/tpm2-tss |
| tpm2-abrmd | 1.3.1 | 1.3.1 | Source Code | https://github.com/tpm2-software/tpm2-abrmd |
| cmake | 3.10.2 | 2.6.0 (estimated) | Ubuntu 18.04 base | https://cmake.org/ |
| git | 2.17.1 | 1.6.0 (estimated) | Ubuntu 18.04 base | https://github.com/git/git |

185
HIRS_ProvisionerTPM2/src/tpm_version.cpp
View File

@ -1,11 +1,188 @@
#include <sapi/tpm20.h>
#include <tcti/tcti-tabrmd.h>
#include <algorithm>
#include <cstring>
#include <iostream>
#include <memory>
#include <string>
using std::cout;
using std::endl;
using std::shared_ptr;
using std::string;
int main(void) {
cout << "Chip Version: 2.0.0.0" << endl;
cout << "TPM Vendor ID: UNKN" << endl;
return 0;
/**
* SapiContext is a class to encapsulate the TSS2_SYS_CONTEXT and its
* creation.
*/
class SapiContext {
/**
* The TCTI Context.
*/
TSS2_TCTI_CONTEXT *tctiContext = nullptr;
/**
* The SAPI Context.
*/
TSS2_SYS_CONTEXT *sapiContext = nullptr;
/**
* Private Constructor
*
* The constructor is private because the goal of the class is to manage
* the memory of the TSS2_TCTI_CONTEXT and TSS2_SYS_CONTEXT that are
* allocated, which are forced to be done through the static create()
* function. Since create() returns a shared_ptr<SapiContext>, there is no
* way to leak memory by forgetting to free anything created by this class.
* @param tcti_ctx the TCTI Context needed for creating the SAPI Context
* @param sapi_ctx the SAPI Context needed to interact with the TSS
*/
SapiContext(TSS2_TCTI_CONTEXT* tcti_ctx, TSS2_SYS_CONTEXT* sapi_ctx)
: tctiContext(tcti_ctx), sapiContext(sapi_ctx) {}
public:
/**
* Destructor.
*/
~SapiContext() {free(sapiContext); free(tctiContext);}
/**
* Factory function for creating SapiContext objects and guaranteeing
* that their memory will be freed by placing them into shared_ptr objects.
*
* @return a shared_ptr to a new SapiContext object
*/
static shared_ptr<SapiContext> create() {
size_t size;
TSS2_RC rc = tss2_tcti_tabrmd_init(nullptr, &size);
if (rc != TSS2_RC_SUCCESS) {
return nullptr;
}
TSS2_TCTI_CONTEXT *tContext
= reinterpret_cast<TSS2_TCTI_CONTEXT*>(calloc(1, size));
if (tContext == nullptr) {
return nullptr;
}
rc = tss2_tcti_tabrmd_init(tContext, &size);
if (rc != TSS2_RC_SUCCESS) {
free(tContext);
return nullptr;
}
size = Tss2_Sys_GetContextSize(0);
TSS2_SYS_CONTEXT *sContext
= reinterpret_cast<TSS2_SYS_CONTEXT*>(calloc(1, size));
if (sContext == nullptr) {
free(tContext);
return nullptr;
}
TSS2_ABI_VERSION abi_version = {
.tssCreator = TSSWG_INTEROP,
.tssFamily = TSS_SAPI_FIRST_FAMILY,
.tssLevel = TSS_SAPI_FIRST_LEVEL,
.tssVersion = TSS_SAPI_FIRST_VERSION,
};
rc = Tss2_Sys_Initialize(sContext, size, tContext, &abi_version);
if (rc != TSS2_RC_SUCCESS) {
free(sContext);
free(tContext);
return nullptr;
}
// To make sure the memory is not leaked, store the SapiContext in a
// shared_ptr to make sure the destructor gets called and no copies
// are made.
return shared_ptr<SapiContext>(
new SapiContext(tContext, sContext));
}
TSS2_SYS_CONTEXT * getPointer() {return sapiContext;}
};
/**
* Returns the 4-byte string represented by the bytes of value.
*
* Assumes the bytes of value are reversed.
* @param value the 4 bytes to be reversed and placed in the returned string
* @return the string represented by value
*/
string reversedStringValue(UINT32 value) {
string stringValue(sizeof value, 0);
std::memcpy(&stringValue[0], &value, stringValue.size()); // copy bytes in
std::reverse(stringValue.begin(), stringValue.end()); // reverse the bytes
return stringValue;
}
/**
* The tpm_version application prints two lines to the terminal:
* 1.) The TPM Chip Version, and
* 2.) The TPM Manufacturer (4 character abbreviation)
*
* @return 0 if successful; 1 if not
*/
int main(void) {
TPMS_CAPABILITY_DATA capability_data;
TPMI_YES_NO more_data;
shared_ptr<SapiContext> sapiContext = SapiContext::create();
TSS2_RC rc;
do {
// The return code will be 4 bytes. The most significant byte
// tells what software layer is reposible for a non-successful
// attempt at executing the call. The other bytes provide the error
// type. If we get a retry warning, we don't care which layer is
// responsible, so we mask the lower 3 bytes and compare it to
// TSS2_RC_RETRY to see if we need to try again.
rc = Tss2_Sys_GetCapability(sapiContext->getPointer(), nullptr,
TPM_CAP_TPM_PROPERTIES,
PT_FIXED,
MAX_TPM_PROPERTIES,
&more_data,
&capability_data,
nullptr);
} while ((rc & 0xfff) == TPM_RC_RETRY);
// There is nothing we can do if an error occurred. The HIRS Client will
// know how to respond if this happens. No need to log anything.
if (rc != TSS2_RC_SUCCESS) {
return 1;
}
// We only need to collect the following data from the TPM.
string manufacturer;
string majorVersion;
float minorVersion;
for (size_t i = 0; i < capability_data.data.tpmProperties.count; ++i) {
TPMS_TAGGED_PROPERTY & p
= capability_data.data.tpmProperties.tpmProperty[i];
TPM_PT property = p.property;
// All data is in the form of a UINT32, even if it represents a string.
// For strings, the bytes are in the wrong endianness and are not
// null-terminated.
UINT32 value = p.value;
switch (property) {
case TPM_PT_FAMILY_INDICATOR:
majorVersion = reversedStringValue(value);
break;
case TPM_PT_REVISION:
// The minor version has two decimal places, but since it is
// stored as an integer, it is stored as 100 times its value.
minorVersion = value / 100.0f;
break;
case TPM_PT_MANUFACTURER:
manufacturer = reversedStringValue(value);
break;
}
}
cout << "Chip Version: " << majorVersion << "." << minorVersion << endl;
cout << "TPM Vendor ID: " << manufacturer << endl;
return 0;
}