File demo-hotfixes.diff of Package tud-l4env

Overview Repositories Revisions Requests Users Attributes Meta

File demo-hotfixes.diff of Package tud-l4env

Index: l4/pkg/lyon/include/lyon.h
===================================================================
--- l4/pkg/lyon/include/lyon.h	(revision 1811)
+++ l4/pkg/lyon/include/lyon.h	(working copy)
@@ -32,7 +32,7 @@
 /* ATTENTION: keep the #defines below in sync with values in lyon.idl */
 #define LYON_HASH_SIZE     TCG_HASH_SIZE
 #define LYON_ID_SIZE       TCG_HASH_SIZE
-#define LYON_MAX_BLOB_SIZE 8192
+#define LYON_MAX_BLOB_SIZE 0x2200
 
 #define LYON_RSA_KEY_BITS  1024
 #define LYON_RSA_KEY_BYTES (LYON_RSA_KEY_BITS / 8)
Index: l4/pkg/lyon/server/src/lyon.c
===================================================================
--- l4/pkg/lyon/server/src/lyon.c	(revision 1811)
+++ l4/pkg/lyon/server/src/lyon.c	(working copy)
@@ -330,21 +330,25 @@
     crypto_aes_ctx_t    aes_ctx;
     unsigned int        aes_flags = 0, size;
 
+    printf("%s:%d: srclen=%u\n", __FILE__, __LINE__, srclen);
     size = FIT_SIZE(DATA_ARRAY_OFFSET(s) + nlen + srclen);
 
     if (src == NULL || dst == NULL || (nonce == NULL && nlen > 0) || size > dstlen)
         return -L4_EINVAL;
 
+    printf("%s:%d\n", __FILE__, __LINE__);
     owner   = find_entry_by_id(id);
     creator = find_entry_by_task(client);
 
     if (owner == NULL || creator == NULL)
         return -L4_ENOTASK;
 
+    printf("%s:%d\n", __FILE__, __LINE__);
     s = (lyon_sealed_data_t *) malloc(size);
     if (s == NULL)
         return -L4_ENOMEM;
 
+    printf("%s:%d\n", __FILE__, __LINE__);
     /* we need to zero out at least the padding bytes at the end of the
      * buffer */
     memset(s, 0, size);
@@ -360,8 +364,10 @@
     s->info.version     = LYON_INVALID_VERSION;
     s->info.data_offset = nlen;
     s->info.data_len    = srclen;
+    printf("%s:%d\n", __FILE__, __LINE__);
     if (nonce)
         memcpy(&s->data[0], nonce, nlen);
+    printf("%s:%d\n", __FILE__, __LINE__);
     memcpy(&s->data[nlen], src, srclen);
 
     /* calculate sanity checksum */
@@ -373,6 +379,7 @@
                        (const char *) s, dst, null_iv, size);
     free(s);
 
+    printf("%s:%d: (output) size=%u\n", __FILE__, __LINE__, size);
     return size;
 }
 
@@ -390,14 +397,17 @@
     lyon_hash_t         real_checksum;
     unsigned int        aes_flags = 0, data_len;
 
+    printf("%s:%d\n", __FILE__, __LINE__);
     if (src == NULL || dst == NULL || srclen < sizeof(*s) ||
         srclen > dstlen || srclen % AES_BLOCK_SIZE != 0)
         return -L4_EINVAL;
 
+    printf("%s:%d\n", __FILE__, __LINE__);
     e = find_entry_by_task(client);
     if (e == NULL)
         return -L4_ENOTASK;
 
+    printf("%s:%d\n", __FILE__, __LINE__);
     /* decrypt data into output buffer */
     aes_cipher_set_key(&aes_ctx, lyon_aes_key, AES128_KEY_SIZE, &aes_flags);
     crypto_cbc_decrypt(aes_cipher_decrypt, &aes_ctx, AES_BLOCK_SIZE,
@@ -405,27 +415,34 @@
 
     /* extract the total length of the data that has to be checksummed */
     data_len = s->info.data_offset + s->info.data_len;
+    printf("%s:%d: data_len=%u srclen=%u\n", __FILE__, __LINE__, data_len, srclen);
     if (data_len > srclen - sizeof(*s))
     {
+    printf("%s:%d\n", __FILE__, __LINE__);
         memset(dst, 0, srclen);
         return -L4_EINVAL;
     }
 
     /* calculate and verify sanity checksum */
+    printf("%s:%d\n", __FILE__, __LINE__);
     calc_check_sum(s, data_len, real_checksum);
     if (memcmp(real_checksum, s->checksum, sizeof(real_checksum)) != 0)
     {
+    printf("%s:%d\n", __FILE__, __LINE__);
         memset(dst, 0, srclen);
         return -L4_EINVAL;
     }
     
+    printf("%s:%d\n", __FILE__, __LINE__);
     /* finally, check owner permission */
     if ( !LYON_ID_EQUAL(e->data.id, s->info.owner))
     {
+    printf("%s:%d\n", __FILE__, __LINE__);
         memset(dst, 0, srclen);
         return -L4_EPERM;
     }
 
+    printf("%s:%d\n", __FILE__, __LINE__);
     return sizeof(*s) + s->info.data_offset + s->info.data_len;
 }
 
Index: l4/pkg/lyon/server/src/secrets.c
===================================================================
--- l4/pkg/lyon/server/src/secrets.c	(revision 1811)
+++ l4/pkg/lyon/server/src/secrets.c	(working copy)
@@ -29,6 +29,7 @@
 #include <l4/stpm/tcg/ord.h>
 #include <l4/stpm/tcg/basic.h>
 #include <l4/stpm/tcg/owner.h>
+#include <l4/stpm/tcg/pcrs.h>
 #include <l4/lyon/lyon.h>
 
 /* local includes */
@@ -157,8 +158,6 @@
     crypto_aes_ctx_t  aes_ctx;
     unsigned int      aes_flags = 0;
     int               ret;
-    //FIXME set pcrs
-    unsigned char const seal_pcr_map[3] = { 0xff, 0xff, 0xff};
 
     /* we put the secrets_stage2_t structure into a buffer whose size is a
      * multiple of the cipher block size, because it is to be used a input
@@ -179,12 +178,34 @@
     /* calculate plausibilty check sum */
     calc_check_sum(&s1, sealed_secrets_out->stage2_blob, s1.check_sum);
 
+#if 1
     /* now use the TPM to seal the secrets completely */
+    unsigned short select_count = 24 >> 3;
+    unsigned int pcrinfolen = 2 + select_count + 2 * TCG_HASH_SIZE;
+    unsigned char pcrinfo [pcrinfolen];
+    unsigned char pcrmap [select_count];
+
+    //we want all PCRs
+    memset(pcrmap, 0xFF, select_count);
+
+    //reads all PCRs
+    if (STPM_GenPCRInfo(select_count, pcrmap, pcrinfo, &pcrinfolen))
+        return -2;
+
+    ret = TPM_Seal(SRK_HANDLE, pcrinfo, /*pcrinfolen*/ 0, srk_auth, secrets_auth,
+                   (unsigned char *) &s1, sizeof(s1),
+                   (unsigned char *) sealed_secrets_out->stage1_blob,
+                   &sealed_secrets_out->stage1_blob_size);
+#else
+    //FIXME set pcrs
+    unsigned char const seal_pcr_map[3] = { 0xff, 0xff, 0xff};
+
     ret = TPM_Seal_CurrPCR(SRK_HANDLE, sizeof(seal_pcr_map), seal_pcr_map,
                            (unsigned char *) srk_auth, (unsigned char *) secrets_auth,
                            (unsigned char *) &s1, sizeof(s1),
                            (unsigned char *) sealed_secrets_out->stage1_blob,
                            &sealed_secrets_out->stage1_blob_size);
+#endif
     
     LOG("TPM_Seal_CurrPCR(): ret=%d", ret);
     if (ret != 0)
@@ -223,8 +244,8 @@
         return -1; /* illegal data length */
 
     ret = TPM_Unseal(SRK_HANDLE, (unsigned char *) srk_auth, (unsigned char *) secrets_auth,
-                     (unsigned char *) sealed_secrets->stage1_blob, sealed_secrets->stage1_blob_size,
-                     (unsigned char *) s1_buf, &stage1_size);
+                      (unsigned char *) sealed_secrets->stage1_blob, sealed_secrets->stage1_blob_size,
+                      (unsigned char *) s1_buf, &stage1_size);
     LOG("TPM_Unseal(): ret=%d", ret);
     if (ret != 0)
         return ret;
Index: l4/pkg/stpm/server/tpmemu/glue.c
===================================================================
--- l4/pkg/stpm/server/tpmemu/glue.c	(revision 1811)
+++ l4/pkg/stpm/server/tpmemu/glue.c	(working copy)
@@ -125,7 +125,7 @@
   int namesize = strlen(slocal->vtpm_name);
   char * fname;
  
-  if (!names_waitfor_name(slocal->fprov_name, &fprov_id, 5000))
+  if (!names_waitfor_name(slocal->fprov_name, &fprov_id, 300000))
     {
       LOG("Fileprovider %s not found", slocal->fprov_name);
       return -1;
@@ -151,7 +151,8 @@
   size = data_length + 2048;
   if (size % 4096 != 0)
     size = ((size >> 12) + 1) << 12;
-    
+   
+  LOG("data_length=%zu", data_length);
   if (!(addr = l4dm_mem_ds_allocate_named(size, flags, fname, &ds)))
     {
       LOG("Allocating dataspace of size %d failed", size);
@@ -194,7 +195,7 @@
       return -3;
     }
 
-  LOG("File %s was written.", fname);
+  LOG("File %s with %zu bytes was written.", fname, size);
   free(fname);
 
   return 0;
@@ -221,7 +222,7 @@
       return -L4_ENODM;
     }
 
-  if (!names_waitfor_name(slocal->fprov_name, &fprov_id, 3000))
+  if (!names_waitfor_name(slocal->fprov_name, &fprov_id, 300000))
     {
       LOG("Failed to lookup specified file provider.");
       return -1;
@@ -277,7 +278,7 @@
 
   l4rm_detach(addr);
   l4dm_close(&ds);
-  LOG("File %s was loaded.", fname);
+  LOG("File %s was loaded (%zu bytes sealed, %zu unsealed).", fname, size, *data_length);
   free(fname);
 
   return 0;
Index: l4/pkg/stpm/server/tpmemu/link_him.cc
===================================================================
--- l4/pkg/stpm/server/tpmemu/link_him.cc	(revision 1811)
+++ l4/pkg/stpm/server/tpmemu/link_him.cc	(working copy)
@@ -9,6 +9,7 @@
  * the  terms  of the  GNU General Public Licence 2.  Please see the
  * COPYING file for details.
  */
+#include <stdio.h>
 #include <l4/crypto/aes.h> //aes
 #include <l4/crypto/cbc.h> // cbc_encrypt
 #include <tcg/basic.h> //TCG_HASH_SIZE
@@ -40,11 +41,12 @@
   ByteArray dataBlob(indata, indatalen);
   ret = u.HIM_Store(stUUIDbyHIM, dataBlob, rEnCrData);
   err = ret || rEnCrData.data.length() == 0 || rEnCrData.data.blob() == 0;
-//  printf("%s- store    : ret %d, encrypted data len 0x%lx at %p\n",
-//         (err ? "failure " : "success "), ret, rEnCrData.data.length(),
-//         rEnCrData.data.blob());
+  printf("%s- store    : ret %d, encrypted data len 0x%lx at %p\n",
+         (err ? "failure " : "success "), ret, rEnCrData.data.length(),
+         rEnCrData.data.blob());
 
   if (!err) {
+    printf("%s:%d\n", __FILE__, __LINE__);
     //check buffer size, return error when not enough space available
     if (*outdatalen < rEnCrData.data.length())
       return -1;
@@ -52,7 +54,9 @@
     //all fine, copy data
     memcpy(outdata, rEnCrData.data.blob(), rEnCrData.data.length());
     *outdatalen = rEnCrData.data.length();
-  }
+    printf("%s:%d\n", __FILE__, __LINE__);
+  } else
+    printf("%s:%d\n", __FILE__, __LINE__);
 
   return err;
 }
@@ -75,11 +79,13 @@
   //restore data, all done by HIM
   ret = u.HIM_Retrieve(stUUIDbyHIM, sBlob, rDeCrData);
   err = ret || rDeCrData.data.length() == 0 || rDeCrData.data.blob() == 0;
-//  printf("%s- retrieve : ret %d, encrypted data len 0x%lx at %p\n",
-//         (err ? "failure " : "success "), ret, rDeCrData.data.length(),
-//         rDeCrData.data.blob());
+  printf("%s- retrieve : ret %d, encrypted data len 0x%lx at %p\n",
+         (err ? "failure " : "success "), ret, rDeCrData.data.length(),
+         rDeCrData.data.blob());
 
+  printf("%s:%d\n", __FILE__, __LINE__);
   if (!err) {
+    printf("%s:%d\n", __FILE__, __LINE__);
     *unsealedlen  = rDeCrData.data.length();
     *unsealedblob = (unsigned char *)tpm_malloc(rDeCrData.data.length());
     memcpy(*unsealedblob, rDeCrData.data.blob(), rDeCrData.data.length());
Index: l4/pkg/loader/server/src/main.c
===================================================================
--- l4/pkg/loader/server/src/main.c	(revision 1811)
+++ l4/pkg/loader/server/src/main.c	(working copy)
@@ -39,7 +39,7 @@
 const int l4thread_max_threads = 5;	     /**< limit number of threads */
 #endif
 //const l4_size_t l4thread_stack_size = 16384; /**< limit stack size */
-const l4_size_t l4thread_stack_size = 0x10000; /**< limit stack size */
+const l4_size_t l4thread_stack_size = 0x14000; /**< limit stack size */
 
 int use_events;
 int use_l4io;
Index: l4/pkg/libmlrpc/contrib/mlrpc-l4.h
===================================================================
--- l4/pkg/libmlrpc/contrib/mlrpc-l4.h	(revision 1811)
+++ l4/pkg/libmlrpc/contrib/mlrpc-l4.h	(working copy)
@@ -23,7 +23,7 @@
  * ***************************************************************************
  */
     
-#define L4_MLRPC_MAX_TRANSMIT_BUFFER_SIZE 8192
+#define L4_MLRPC_MAX_TRANSMIT_BUFFER_SIZE 0x2200
 
 /*
  * ***************************************************************************
Index: l4/pkg/libmlrpc/lib/src/service-l4.c
===================================================================
--- l4/pkg/libmlrpc/lib/src/service-l4.c	(revision 1811)
+++ l4/pkg/libmlrpc/lib/src/service-l4.c	(working copy)
@@ -58,7 +58,7 @@
 
 int mlrpc_transmit_component(CORBA_Object _dice_corba_obj,
                              unsigned int *size /* in, out */,
-                             char msg[8192] /* in, out */,
+                             char msg[0x2200] /* in, out */,
                              CORBA_Server_Environment *_dice_corba_env) {
 
     mlrpc_message_t *request = (mlrpc_message_t *) msg;
Index: l4/pkg/libmlrpc/idl/mlrpc.idl
===================================================================
--- l4/pkg/libmlrpc/idl/mlrpc.idl	(revision 1811)
+++ l4/pkg/libmlrpc/idl/mlrpc.idl	(working copy)
@@ -19,7 +19,7 @@
  * with mlrpcd. If not, see <http://www.gnu.org/licenses/>.
  */
 
-#define MLRPC_MAX_TRANSMIT_BUFFER_SIZE 8192
+#define MLRPC_MAX_TRANSMIT_BUFFER_SIZE 0x2200
 
 interface mlrpc {
         /* Component management interface */
Index: l4/pkg/him/server/src/TPMService_L4.cc
===================================================================
--- l4/pkg/him/server/src/TPMService_L4.cc	(revision 1811)
+++ l4/pkg/him/server/src/TPMService_L4.cc	(working copy)
@@ -100,13 +100,16 @@
     
     BMSI_getIntegrityInterface(&i);
     
+    printf("%s:%d: sealedBlob.len=%lu\n", __FILE__, __LINE__, sealedBlob.length());
     res = IntegrityInterface_unseal(i, sealedBlob.length(), (const byte *) sealedBlob.blob(), &blobLength, &blob);
     if (res != 0)
         throw HIMException(HIMException::TPMSERVICEERROR);
+    printf("%s:%d\n", __FILE__, __LINE__);
     
     UnsealedBlob plainBlob(blob, blobLength);
     
     IntegrityInterface_free(i);
     
+    printf("%s:%d\n", __FILE__, __LINE__);
     return plainBlob;
 }
Index: l4/pkg/him/contrib/src/IntegrityService.cpp
===================================================================
--- l4/pkg/him/contrib/src/IntegrityService.cpp	(revision 1811)
+++ l4/pkg/him/contrib/src/IntegrityService.cpp	(working copy)
@@ -175,6 +175,7 @@
 
     /* steps #0-#3: collect measurements of all dependencies */
     createConfigHash(UUID, 0, currentConfig);
+    printf("%s:%d UUID=%s\n", __FILE__, __LINE__, UUID.c_str());
 
     try {
         /* step #4: record current state */
@@ -182,6 +183,7 @@
         allData.append(data);
         /* step #5: seal using BMSI */
         encryptedData = HIMService::Instance()->getTPMService().TPMService_Seal(allData);
+        printf("%s:%d encryptedData.len=%lu\n", __FILE__, __LINE__, encryptedData.length());
     } catch (TPMServiceException e) {
         Utilities::HIM_LOG(e.getExceptionCode(), e.what(), false, true);
         throw HIMException(HIMException::TPMSERVICEERROR);
@@ -199,25 +201,32 @@
     createConfigHash(UUID, 0, currentConfig);
     
     try {
+    printf("%s:%d UUID=%s\n", __FILE__, __LINE__, UUID.c_str());
         decryptedData = HIMService::Instance()->getTPMService().TPMService_Unseal(sealedBlob);
         if (decryptedData.length() < sizeof(currentConfig))
             throw HIMException(HIMException::TPMSERVICEERROR);
         
+    printf("%s:%d\n", __FILE__, __LINE__);
         const HIMHashData *expectedConfig = (HIMHashData *) decryptedData.blob();
         if (memcmp(expectedConfig->bundledMeasurement, currentConfig.bundledMeasurement,
                    sizeof(expectedConfig->bundledMeasurement)) == 0) {
+    printf("%s:%d\n", __FILE__, __LINE__);
             // allowed, return playload only
             return SealedBlob(decryptedData.blob() + sizeof(*expectedConfig),
                               decryptedData.length() - sizeof(*expectedConfig));
         } else {
+    printf("%s:%d\n", __FILE__, __LINE__);
             // not allowed
             return SealedBlob(0, 0);
         }
+    printf("%s:%d\n", __FILE__, __LINE__);
         
     } catch (TPMServiceException e) {
+    printf("%s:%d\n", __FILE__, __LINE__);
         Utilities::HIM_LOG(e.getExceptionCode(), e.what(), false, true);
         throw HIMException(HIMException::TPMSERVICEERROR);
     }
+    printf("%s:%d\n", __FILE__, __LINE__);
 }
 
 HIMMeasurementReport IntegrityService::retrieveCCRs(string UUID) const {

Places

File demo-hotfixes.diff of Package tud-l4env

Places