2024-01-28 08:34:09 +01:00
|
|
|
#include "crypt.h"
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
#include "driver.h"
|
2024-01-29 17:31:12 +01:00
|
|
|
#include "imports.h"
|
2024-08-04 08:30:31 +02:00
|
|
|
#include "lib/stdlib.h"
|
2024-05-11 14:54:58 +02:00
|
|
|
#include "session.h"
|
2024-05-30 07:42:35 +02:00
|
|
|
#include "types/tpm20.h"
|
|
|
|
#include "types/tpmptp.h"
|
2024-08-04 08:30:31 +02:00
|
|
|
#include "util.h"
|
2024-07-22 12:43:09 +02:00
|
|
|
|
2024-01-31 08:32:13 +01:00
|
|
|
#include <bcrypt.h>
|
2024-08-01 06:21:53 +02:00
|
|
|
#include <immintrin.h>
|
2024-01-31 08:32:13 +01:00
|
|
|
|
2024-06-21 15:55:23 +02:00
|
|
|
FORCEINLINE
|
|
|
|
STATIC
|
|
|
|
UINT64
|
|
|
|
CryptGenerateRandomKey64(_In_ PUINT32 Seed)
|
|
|
|
{
|
|
|
|
return ((UINT64)RtlRandomEx(Seed) << 32 | RtlRandomEx(Seed));
|
|
|
|
}
|
2024-01-29 17:31:12 +01:00
|
|
|
|
|
|
|
STATIC
|
|
|
|
__m256i
|
2024-06-21 15:55:23 +02:00
|
|
|
CryptXorKeyGenerate_m256i()
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
UINT32 seed = (UINT32)__rdtsc();
|
2024-06-21 15:55:23 +02:00
|
|
|
UINT64 key_1 = CryptGenerateRandomKey64(&seed);
|
|
|
|
UINT64 key_2 = CryptGenerateRandomKey64(&seed);
|
|
|
|
UINT64 key_3 = CryptGenerateRandomKey64(&seed);
|
|
|
|
UINT64 key_4 = CryptGenerateRandomKey64(&seed);
|
|
|
|
|
|
|
|
return _mm256_set_epi64x(key_1, key_2, key_3, key_4);
|
|
|
|
}
|
|
|
|
|
|
|
|
UINT64
|
|
|
|
CryptXorKeyGenerate_uint64()
|
|
|
|
{
|
|
|
|
UINT32 seed = (UINT32)__rdtsc();
|
|
|
|
return CryptGenerateRandomKey64(&seed);
|
|
|
|
}
|
|
|
|
|
2024-01-28 08:34:09 +01:00
|
|
|
VOID
|
2024-01-29 17:31:12 +01:00
|
|
|
CryptEncryptImportsArray(_In_ PUINT64 Array, _In_ UINT32 Entries)
|
2024-01-28 08:34:09 +01:00
|
|
|
{
|
2024-06-21 15:55:23 +02:00
|
|
|
__m256i* imports_key = GetDriverImportsKey();
|
2024-08-01 06:21:53 +02:00
|
|
|
UINT32 block_size = sizeof(__m256i) / sizeof(UINT64);
|
|
|
|
UINT32 block_count = Entries / block_size;
|
2024-06-21 15:55:23 +02:00
|
|
|
|
|
|
|
*imports_key = CryptXorKeyGenerate_m256i();
|
2024-04-13 10:23:14 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Here we break down the import array into blocks of 32 bytes. Each
|
|
|
|
* block is loaded into an SSE register, xored with the key, and then
|
|
|
|
* copied back into the array.
|
|
|
|
*/
|
|
|
|
for (UINT32 block_index = 0; block_index < block_count; block_index++) {
|
|
|
|
__m256i current_block = {0};
|
2024-08-01 06:21:53 +02:00
|
|
|
__m256i load_block = {0};
|
|
|
|
__m256i xored_block = {0};
|
2024-04-13 10:23:14 +02:00
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
IntCopyMemory(
|
|
|
|
¤t_block,
|
|
|
|
&Array[block_index * block_size],
|
|
|
|
sizeof(__m256i));
|
2024-04-13 10:23:14 +02:00
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
load_block = _mm256_loadu_si256(¤t_block);
|
2024-06-21 15:55:23 +02:00
|
|
|
xored_block = _mm256_xor_si256(load_block, *imports_key);
|
2024-04-13 10:23:14 +02:00
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
IntCopyMemory(
|
|
|
|
&Array[block_index * block_size],
|
|
|
|
&xored_block,
|
|
|
|
sizeof(__m256i));
|
2024-04-13 10:23:14 +02:00
|
|
|
}
|
2024-01-28 08:34:09 +01:00
|
|
|
}
|
|
|
|
|
2024-01-29 17:31:12 +01:00
|
|
|
STATIC
|
|
|
|
INLINE
|
|
|
|
__m256i
|
|
|
|
CryptDecryptImportBlock(_In_ PUINT64 Array, _In_ UINT32 BlockIndex)
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
__m256i load_block = {0};
|
2024-06-21 15:55:23 +02:00
|
|
|
__m256i* imports_key = GetDriverImportsKey();
|
2024-08-01 06:21:53 +02:00
|
|
|
UINT32 block_size = sizeof(__m256i) / sizeof(UINT64);
|
2024-01-29 17:31:12 +01:00
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
IntCopyMemory(
|
|
|
|
&load_block,
|
|
|
|
&Array[BlockIndex * block_size],
|
|
|
|
sizeof(__m256i));
|
2024-01-29 17:31:12 +01:00
|
|
|
|
2024-06-21 15:55:23 +02:00
|
|
|
return _mm256_xor_si256(load_block, *imports_key);
|
2024-01-29 17:31:12 +01:00
|
|
|
}
|
|
|
|
|
2024-05-11 14:54:58 +02:00
|
|
|
FORCEINLINE
|
2024-01-29 17:31:12 +01:00
|
|
|
INLINE
|
2024-01-28 08:34:09 +01:00
|
|
|
VOID
|
2024-08-01 06:21:53 +02:00
|
|
|
CryptFindContainingBlockForArrayIndex(
|
|
|
|
_In_ UINT32 EntryIndex,
|
|
|
|
_In_ UINT32 BlockSize,
|
|
|
|
_Out_ PUINT32 ContainingBlockIndex,
|
|
|
|
_Out_ PUINT32 BlockSubIndex)
|
2024-01-29 17:31:12 +01:00
|
|
|
{
|
2024-04-13 10:23:14 +02:00
|
|
|
UINT32 containing_block = EntryIndex;
|
2024-08-01 06:21:53 +02:00
|
|
|
UINT32 block_index = 0;
|
2024-04-13 10:23:14 +02:00
|
|
|
|
|
|
|
if (EntryIndex < BlockSize) {
|
|
|
|
*ContainingBlockIndex = 0;
|
2024-08-01 06:21:53 +02:00
|
|
|
*BlockSubIndex = EntryIndex;
|
2024-04-13 10:23:14 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (EntryIndex == BlockSize) {
|
|
|
|
*ContainingBlockIndex = 1;
|
2024-08-01 06:21:53 +02:00
|
|
|
*BlockSubIndex = 0;
|
2024-04-13 10:23:14 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (containing_block % BlockSize != 0) {
|
|
|
|
containing_block--;
|
|
|
|
block_index++;
|
|
|
|
}
|
|
|
|
|
|
|
|
*ContainingBlockIndex = containing_block / BlockSize;
|
2024-08-01 06:21:53 +02:00
|
|
|
*BlockSubIndex = block_index;
|
2024-01-29 17:31:12 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
UINT64
|
2024-08-01 06:21:53 +02:00
|
|
|
CryptDecryptImportsArrayEntry(
|
|
|
|
_In_ PUINT64 Array, _In_ UINT32 Entries, _In_ UINT32 EntryIndex)
|
2024-01-28 08:34:09 +01:00
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
__m256i original_block = {0};
|
|
|
|
__m128i original_half = {0};
|
|
|
|
UINT32 block_size = sizeof(__m256i) / sizeof(UINT64);
|
|
|
|
UINT32 containing_block_index = 0;
|
|
|
|
UINT32 block_sub_index = 0;
|
|
|
|
UINT64 pointer = 0;
|
|
|
|
|
|
|
|
CryptFindContainingBlockForArrayIndex(
|
|
|
|
EntryIndex,
|
|
|
|
block_size,
|
|
|
|
&containing_block_index,
|
|
|
|
&block_sub_index);
|
2024-04-13 10:23:14 +02:00
|
|
|
|
|
|
|
original_block = CryptDecryptImportBlock(Array, containing_block_index);
|
|
|
|
|
|
|
|
if (block_sub_index < 2) {
|
|
|
|
original_half = _mm256_extracti128_si256(original_block, 0);
|
|
|
|
|
|
|
|
if (block_sub_index < 1)
|
|
|
|
pointer = _mm_extract_epi64(original_half, 0);
|
|
|
|
else
|
|
|
|
pointer = _mm_extract_epi64(original_half, 1);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
original_half = _mm256_extracti128_si256(original_block, 1);
|
|
|
|
|
|
|
|
if (block_sub_index == 2)
|
|
|
|
pointer = _mm_extract_epi64(original_half, 0);
|
|
|
|
else
|
|
|
|
pointer = _mm_extract_epi64(original_half, 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
return pointer;
|
2024-01-31 08:32:13 +01:00
|
|
|
}
|
|
|
|
|
2024-05-11 14:54:58 +02:00
|
|
|
STATIC
|
|
|
|
PBCRYPT_KEY_DATA_BLOB_HEADER
|
|
|
|
CryptBuildBlobForKeyImport(_In_ PACTIVE_SESSION Session)
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
PBCRYPT_KEY_DATA_BLOB_HEADER blob = ExAllocatePool2(
|
|
|
|
POOL_FLAG_NON_PAGED,
|
|
|
|
sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + AES_256_KEY_SIZE,
|
|
|
|
POOL_TAG_CRYPT);
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
if (!blob)
|
|
|
|
return NULL;
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
blob->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC;
|
2024-05-11 14:54:58 +02:00
|
|
|
blob->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1;
|
|
|
|
blob->cbKeyData = AES_256_KEY_SIZE;
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
IntCopyMemory(
|
|
|
|
(UINT64)blob + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER),
|
|
|
|
Session->aes_key,
|
|
|
|
AES_256_KEY_SIZE);
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
return blob;
|
|
|
|
}
|
|
|
|
|
|
|
|
#define AES_256_BLOCK_SIZE 16
|
|
|
|
|
|
|
|
UINT32
|
|
|
|
CryptRequestRequiredBufferLength(_In_ UINT32 BufferLength)
|
|
|
|
{
|
|
|
|
// status = BCryptEncrypt(session->key_handle,
|
|
|
|
// lol,
|
|
|
|
// BufferLength,
|
|
|
|
// NULL,
|
|
|
|
// session->iv,
|
|
|
|
// sizeof(session->iv),
|
|
|
|
// NULL,
|
|
|
|
// 0,
|
|
|
|
// RequiredLength,
|
|
|
|
// 0);
|
|
|
|
|
|
|
|
// if (!NT_SUCCESS(status))
|
|
|
|
// DEBUG_ERROR("CryptRequestRequiredBufferLength -> BCryptEncrypt: %x",
|
|
|
|
// status);
|
|
|
|
|
|
|
|
return (BufferLength + AES_256_BLOCK_SIZE - 1) / AES_256_BLOCK_SIZE *
|
|
|
|
AES_256_BLOCK_SIZE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Encrypts in place! */
|
|
|
|
NTSTATUS
|
|
|
|
CryptEncryptBuffer(_In_ PVOID Buffer, _In_ UINT32 BufferLength)
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
|
|
|
UINT32 data_copied = 0;
|
|
|
|
PACTIVE_SESSION session = GetActiveSession();
|
|
|
|
UCHAR local_iv[sizeof(session->iv)] = {0};
|
|
|
|
UINT64 buffer = (UINT64)Buffer;
|
|
|
|
UINT32 length = BufferLength;
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
/* The IV is consumed during every encrypt / decrypt procedure, so to ensure
|
|
|
|
* we have access to the iv we need to create a local copy.*/
|
2024-07-22 12:43:09 +02:00
|
|
|
IntCopyMemory(local_iv, session->iv, sizeof(session->iv));
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
/* We arent encrypting the first 16 bytes */
|
|
|
|
buffer = buffer + AES_256_BLOCK_SIZE;
|
|
|
|
length = length - AES_256_BLOCK_SIZE;
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
status = BCryptEncrypt(
|
|
|
|
session->key_handle,
|
|
|
|
buffer,
|
|
|
|
length,
|
|
|
|
NULL,
|
|
|
|
local_iv,
|
|
|
|
sizeof(local_iv),
|
|
|
|
buffer,
|
|
|
|
length,
|
|
|
|
&data_copied,
|
|
|
|
0);
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status))
|
|
|
|
DEBUG_ERROR("CryptEncryptBuffer -> BCryptEncrypt: %x", status);
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Lock is held */
|
2024-01-31 08:32:13 +01:00
|
|
|
VOID
|
2024-05-11 14:54:58 +02:00
|
|
|
CryptCloseSessionCryptObjects()
|
2024-01-31 08:32:13 +01:00
|
|
|
{
|
2024-05-11 14:54:58 +02:00
|
|
|
PACTIVE_SESSION session = GetActiveSession();
|
|
|
|
|
|
|
|
if (session->key_handle) {
|
|
|
|
BCryptDestroyKey(session->key_handle);
|
|
|
|
session->key_handle = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (session->key_object) {
|
|
|
|
ExFreePoolWithTag(session->key_object, POOL_TAG_CRYPT);
|
|
|
|
session->key_object = NULL;
|
2024-04-13 10:23:14 +02:00
|
|
|
}
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
session->key_object_length = 0;
|
2024-01-31 08:32:13 +01:00
|
|
|
}
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
CryptInitialiseSessionCryptObjects()
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
|
|
|
UINT32 data_copied = 0;
|
|
|
|
PACTIVE_SESSION session = GetActiveSession();
|
|
|
|
PBCRYPT_KEY_DATA_BLOB_HEADER blob = NULL;
|
|
|
|
BCRYPT_ALG_HANDLE* handle = GetCryptHandle_AES();
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
blob = CryptBuildBlobForKeyImport(session);
|
|
|
|
|
|
|
|
if (!blob)
|
|
|
|
return STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
status = BCryptGetProperty(
|
|
|
|
*handle,
|
|
|
|
BCRYPT_OBJECT_LENGTH,
|
|
|
|
&session->key_object_length,
|
|
|
|
sizeof(UINT32),
|
|
|
|
&data_copied,
|
|
|
|
0);
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("BCryptGetProperty: %x", status);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
session->key_object = ExAllocatePool2(
|
|
|
|
POOL_FLAG_NON_PAGED,
|
|
|
|
session->key_object_length,
|
|
|
|
POOL_TAG_CRYPT);
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
if (!session->key_object) {
|
|
|
|
status = STATUS_INSUFFICIENT_RESOURCES;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
DEBUG_INFO(
|
|
|
|
"key object: %llx, key_object_length: %lx",
|
|
|
|
session->key_object,
|
|
|
|
session->key_object_length);
|
|
|
|
|
|
|
|
status = BCryptImportKey(
|
|
|
|
*handle,
|
|
|
|
NULL,
|
|
|
|
BCRYPT_KEY_DATA_BLOB,
|
|
|
|
&session->key_handle,
|
|
|
|
session->key_object,
|
|
|
|
session->key_object_length,
|
|
|
|
blob,
|
|
|
|
sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + AES_256_KEY_SIZE,
|
|
|
|
0);
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("BCryptImportKey: %x", status);
|
|
|
|
ExFreePoolWithTag(session->key_object, POOL_TAG_CRYPT);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
end:
|
|
|
|
if (blob)
|
|
|
|
ExFreePoolWithTag(blob, POOL_TAG_CRYPT);
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
CryptInitialiseProvider()
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
2024-06-09 09:22:22 +02:00
|
|
|
BCRYPT_ALG_HANDLE* handle = GetCryptHandle_AES();
|
2024-05-11 14:54:58 +02:00
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
status = BCryptOpenAlgorithmProvider(
|
|
|
|
handle,
|
|
|
|
BCRYPT_AES_ALGORITHM,
|
|
|
|
NULL,
|
|
|
|
BCRYPT_PROV_DISPATCH);
|
2024-05-11 14:54:58 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status))
|
|
|
|
DEBUG_ERROR("BCryptOpenAlgorithmProvider: %x", status);
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
VOID
|
|
|
|
CryptCloseProvider()
|
|
|
|
{
|
2024-06-09 09:22:22 +02:00
|
|
|
BCRYPT_ALG_HANDLE* handle = GetCryptHandle_AES();
|
2024-05-11 14:54:58 +02:00
|
|
|
BCryptCloseAlgorithmProvider(*handle, 0);
|
2024-05-30 07:42:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Basic TPM EK Extraction implementation. Various sources were used alongside
|
|
|
|
* the various TPM specification manuals.
|
|
|
|
*
|
|
|
|
* https://github.com/tianocore/edk2
|
|
|
|
* https://github.com/microsoft/ms-tpm-20-ref
|
|
|
|
* https://github.com/SyncUD/tpm-mmio
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define TPM20_INTEL_BASE_PHYSICAL 0xfed40000
|
|
|
|
#define TPM20_OBJECT_HANDLE_EK 0x81010001
|
|
|
|
#define TPM20_PTP_NO_VALID_CHIP 0xFF
|
|
|
|
|
|
|
|
STATIC
|
|
|
|
BOOLEAN
|
|
|
|
TpmIsPlatformSupported()
|
|
|
|
{
|
|
|
|
PSYSTEM_INFORMATION system = GetDriverConfigSystemInformation();
|
|
|
|
|
|
|
|
if (system->processor == AuthenticAmd) {
|
|
|
|
DEBUG_ERROR(
|
|
|
|
"TpmPlatformSuport unavailable on process type: AuthenticAmd");
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (system->processor == GenuineIntel)
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
return FALSE;
|
|
|
|
}
|
|
|
|
|
|
|
|
STATIC
|
|
|
|
NTSTATUS
|
|
|
|
TpmCheckPtpRegisterPresence(_In_ PVOID Register, _Out_ PUINT32 Result)
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
UINT8 value = 0;
|
2024-05-30 07:42:35 +02:00
|
|
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
|
|
|
|
|
|
|
*Result = FALSE;
|
|
|
|
|
|
|
|
status = MapAndReadPhysical(Register, sizeof(value), &value, sizeof(value));
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("MapAndReadPhysical: %x", status);
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (value != TPM20_PTP_NO_VALID_CHIP)
|
|
|
|
*Result = TRUE;
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
FORCEINLINE
|
|
|
|
STATIC
|
|
|
|
TPM2_PTP_INTERFACE_TYPE
|
|
|
|
TpmExtractInterfaceTypeFromCapabilityAndId(
|
2024-08-01 06:21:53 +02:00
|
|
|
_In_ PTP_CRB_INTERFACE_IDENTIFIER* Identifier,
|
2024-05-30 07:42:35 +02:00
|
|
|
_In_ PTP_FIFO_INTERFACE_CAPABILITY* Capability)
|
|
|
|
{
|
|
|
|
if ((Identifier->Bits.InterfaceType ==
|
|
|
|
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_CRB) &&
|
|
|
|
(Identifier->Bits.InterfaceVersion ==
|
|
|
|
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_CRB) &&
|
|
|
|
(Identifier->Bits.CapCRB != 0)) {
|
|
|
|
return Tpm2PtpInterfaceCrb;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((Identifier->Bits.InterfaceType ==
|
|
|
|
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_FIFO) &&
|
|
|
|
(Identifier->Bits.InterfaceVersion ==
|
|
|
|
PTP_INTERFACE_IDENTIFIER_INTERFACE_VERSION_FIFO) &&
|
|
|
|
(Identifier->Bits.CapFIFO != 0) &&
|
|
|
|
(Capability->Bits.InterfaceVersion ==
|
|
|
|
INTERFACE_CAPABILITY_INTERFACE_VERSION_PTP)) {
|
|
|
|
return Tpm2PtpInterfaceFifo;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (Identifier->Bits.InterfaceType ==
|
|
|
|
PTP_INTERFACE_IDENTIFIER_INTERFACE_TYPE_TIS) {
|
|
|
|
return Tpm2PtpInterfaceTis;
|
|
|
|
}
|
|
|
|
|
|
|
|
return Tpm2PtpInterfaceMax;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Assumes the presence of the register has already been confirmed via
|
|
|
|
* TpmCheckPtpRegisterPresence.
|
|
|
|
*/
|
|
|
|
STATIC
|
|
|
|
NTSTATUS
|
2024-08-01 06:21:53 +02:00
|
|
|
TpmGetPtpInterfaceType(
|
|
|
|
_In_ PVOID Register, _Out_ TPM2_PTP_INTERFACE_TYPE* InterfaceType)
|
2024-05-30 07:42:35 +02:00
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
|
|
|
PTP_CRB_INTERFACE_IDENTIFIER identifier = {0};
|
2024-05-30 07:42:35 +02:00
|
|
|
PTP_FIFO_INTERFACE_CAPABILITY capability = {0};
|
|
|
|
|
|
|
|
*InterfaceType = 0;
|
|
|
|
|
|
|
|
status = MapAndReadPhysical(
|
|
|
|
(UINT64)(&((PTP_CRB_REGISTERS*)Register)->InterfaceId),
|
|
|
|
sizeof(PTP_CRB_INTERFACE_IDENTIFIER),
|
|
|
|
&identifier,
|
|
|
|
sizeof(PTP_CRB_INTERFACE_IDENTIFIER));
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("MapAndReadPhysical: %x", status);
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
status = MapAndReadPhysical(
|
|
|
|
(UINT64) & ((PTP_FIFO_REGISTERS*)Register)->InterfaceCapability,
|
|
|
|
sizeof(PTP_FIFO_INTERFACE_CAPABILITY),
|
|
|
|
&capability,
|
|
|
|
sizeof(PTP_FIFO_INTERFACE_CAPABILITY));
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("MapAndReadPhysical: %x", status);
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
*InterfaceType =
|
|
|
|
TpmExtractInterfaceTypeFromCapabilityAndId(&identifier, &capability);
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
|
|
|
TpmExtractEndorsementKey()
|
|
|
|
{
|
2024-08-01 06:21:53 +02:00
|
|
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
|
|
|
BOOLEAN presence = FALSE;
|
|
|
|
TPM2_PTP_INTERFACE_TYPE type = {0};
|
2024-05-30 07:42:35 +02:00
|
|
|
|
|
|
|
if (!TpmIsPlatformSupported())
|
|
|
|
return STATUS_NOT_SUPPORTED;
|
|
|
|
|
|
|
|
status = TpmCheckPtpRegisterPresence(TPM20_INTEL_BASE_PHYSICAL, &presence);
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("TpmCheckPtpRegisterPresence: %x", status);
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!presence) {
|
|
|
|
DEBUG_INFO("TPM2.0 PTP Presence not detected.");
|
|
|
|
return STATUS_UNSUCCESSFUL;
|
|
|
|
}
|
|
|
|
|
|
|
|
status = TpmGetPtpInterfaceType(TPM20_INTEL_BASE_PHYSICAL, &type);
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("TpmGetPtpInterfaceType: %x", status);
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
|
|
|
DEBUG_INFO("TPM2.0 PTP Interface Type: %x", (UINT32)type);
|
|
|
|
return status;
|
2024-07-19 16:27:50 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
NTSTATUS
|
2024-08-01 06:21:53 +02:00
|
|
|
CryptHashBuffer_sha256(
|
|
|
|
_In_ PVOID Buffer,
|
|
|
|
_In_ ULONG BufferSize,
|
|
|
|
_Out_ PVOID* HashResult,
|
|
|
|
_Out_ PULONG HashResultSize)
|
2024-07-19 16:27:50 +02:00
|
|
|
{
|
|
|
|
PAGED_CODE();
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
NTSTATUS status = STATUS_UNSUCCESSFUL;
|
|
|
|
BCRYPT_ALG_HANDLE* algo_handle = GetCryptHandle_Sha256();
|
|
|
|
BCRYPT_HASH_HANDLE hash_handle = NULL;
|
|
|
|
ULONG bytes_copied = 0;
|
|
|
|
ULONG resulting_hash_size = 0;
|
|
|
|
ULONG hash_object_size = 0;
|
|
|
|
PCHAR hash_object = NULL;
|
|
|
|
PCHAR resulting_hash = NULL;
|
|
|
|
|
|
|
|
*HashResult = NULL;
|
2024-07-19 16:27:50 +02:00
|
|
|
*HashResultSize = 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Request the size of the hash object buffer, this is different then
|
|
|
|
* the buffer that will store the resulting hash, instead this will be
|
|
|
|
* used to store the hash object used to create the hash.
|
|
|
|
*/
|
2024-08-01 06:21:53 +02:00
|
|
|
status = BCryptGetProperty(
|
|
|
|
*algo_handle,
|
|
|
|
BCRYPT_OBJECT_LENGTH,
|
|
|
|
(PCHAR)&hash_object_size,
|
|
|
|
sizeof(ULONG),
|
|
|
|
&bytes_copied,
|
|
|
|
NULL);
|
2024-07-19 16:27:50 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("BCryptGetProperty failed with status %x", status);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
hash_object = ImpExAllocatePool2(
|
|
|
|
POOL_FLAG_NON_PAGED,
|
|
|
|
hash_object_size,
|
|
|
|
POOL_TAG_INTEGRITY);
|
2024-07-19 16:27:50 +02:00
|
|
|
|
|
|
|
if (!hash_object) {
|
|
|
|
status = STATUS_MEMORY_NOT_ALLOCATED;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This call gets the size of the resulting hash, which we will use to
|
|
|
|
* allocate the resulting hash buffer.
|
|
|
|
*/
|
2024-08-01 06:21:53 +02:00
|
|
|
status = BCryptGetProperty(
|
|
|
|
*algo_handle,
|
|
|
|
BCRYPT_HASH_LENGTH,
|
|
|
|
(PCHAR)&resulting_hash_size,
|
|
|
|
sizeof(ULONG),
|
|
|
|
&bytes_copied,
|
|
|
|
NULL);
|
2024-07-19 16:27:50 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("BCryptGetProperty failed with status %x", status);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
resulting_hash = ImpExAllocatePool2(
|
|
|
|
POOL_FLAG_NON_PAGED,
|
|
|
|
resulting_hash_size,
|
|
|
|
POOL_TAG_INTEGRITY);
|
2024-07-19 16:27:50 +02:00
|
|
|
|
|
|
|
if (!resulting_hash) {
|
|
|
|
status = STATUS_MEMORY_NOT_ALLOCATED;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Here we create our hash object and store it in the hash_object
|
|
|
|
* buffer.
|
|
|
|
*/
|
2024-08-01 06:21:53 +02:00
|
|
|
status = BCryptCreateHash(
|
|
|
|
*algo_handle,
|
|
|
|
&hash_handle,
|
|
|
|
hash_object,
|
|
|
|
hash_object_size,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
NULL);
|
2024-07-19 16:27:50 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("BCryptCreateHash failed with status %x", status);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This function hashes the buffer, but does NOT store it in our
|
|
|
|
* resulting buffer yet, we need to call BCryptFinishHash to retrieve
|
|
|
|
* the final hash.
|
|
|
|
*/
|
|
|
|
status = BCryptHashData(hash_handle, Buffer, BufferSize, NULL);
|
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("BCryptHashData failed with status %x", status);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* As said in the previous comment, this is where we retrieve the final
|
|
|
|
* hash and store it in our output buffer.
|
|
|
|
*/
|
2024-08-01 06:21:53 +02:00
|
|
|
status = BCryptFinishHash(
|
|
|
|
hash_handle,
|
|
|
|
resulting_hash,
|
|
|
|
resulting_hash_size,
|
|
|
|
NULL);
|
2024-07-19 16:27:50 +02:00
|
|
|
|
|
|
|
if (!NT_SUCCESS(status)) {
|
|
|
|
DEBUG_ERROR("BCryptFinishHash failed with status %x", status);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2024-08-01 06:21:53 +02:00
|
|
|
*HashResult = resulting_hash;
|
2024-07-19 16:27:50 +02:00
|
|
|
*HashResultSize = resulting_hash_size;
|
|
|
|
|
|
|
|
end:
|
|
|
|
|
|
|
|
if (hash_handle)
|
|
|
|
BCryptDestroyHash(hash_handle);
|
|
|
|
|
|
|
|
if (hash_object)
|
|
|
|
ImpExFreePoolWithTag(hash_object, POOL_TAG_INTEGRITY);
|
|
|
|
|
|
|
|
return status;
|
2024-05-11 14:54:58 +02:00
|
|
|
}
|