From 6bbc176f6e21cd882df4b318b79c8ead3a3a91dd Mon Sep 17 00:00:00 2001 From: Mingjie Wang Date: Tue, 17 Aug 2021 21:43:00 +0800 Subject: [PATCH] Fixed broken build. Problem was because TpmAtt.h was redefining a number of structs from the SDK's wbcl.h, so they have been removed. TpmAtt.h also declared 3 functions that are already declared in wbcl.h, but we cannot remove them because TpmAtt dll is exporting these functions and thus they must be declared with the __declspec(dllexport) storage class (which wbcl.h doesn't). TpmAtt is defining and exporting these functions because the repo does not have tpmapi.lib to link against. So no choice but to rename them. An alternative solution may be to use a .def file to export the functions (thereby avoiding the need to redeclare the functions with __declspec(dllexport)). This will allow us to keep the original function name. --- PCPTool.v11/dll/AttestationApi.cpp | 52 ++++----- PCPTool.v11/dll/PCPWbcl.cpp | 22 ++-- PCPTool.v11/exe/Support.cpp | 10 +- PCPTool.v11/inc/TpmAtt.h | 163 +---------------------------- 4 files changed, 47 insertions(+), 200 deletions(-) diff --git a/PCPTool.v11/dll/AttestationApi.cpp b/PCPTool.v11/dll/AttestationApi.cpp index ba621b17..a4641816 100644 --- a/PCPTool.v11/dll/AttestationApi.cpp +++ b/PCPTool.v11/dll/AttestationApi.cpp @@ -424,9 +424,9 @@ TpmAttiComputeSoftPCRs( goto Cleanup; } - if (FAILED(hr = WbclApiInitIterator(pbEventLog, - cbEventLog, - &wbclIterator))) + if (FAILED(hr = MyWbclApiInitIterator(pbEventLog, + cbEventLog, + &wbclIterator))) { goto Cleanup; } @@ -453,9 +453,9 @@ TpmAttiComputeSoftPCRs( } for (; hr == S_OK; - hr = WbclApiMoveToNextElement(&wbclIterator)) + hr = MyWbclApiMoveToNextElement(&wbclIterator)) { - hr = WbclApiGetCurrentElement( + hr = MyWbclApiGetCurrentElement( &wbclIterator, &PcrIndex, &EventType, @@ -632,9 +632,9 @@ TpmAttiFilterLog( // Make OACR happy *pcbResult = 0; - if (FAILED(hr = WbclApiInitIterator(pbEventLog, - cbEventLog, - &wbclIterator))) + if (FAILED(hr = MyWbclApiInitIterator(pbEventLog, + cbEventLog, + &wbclIterator))) { goto Cleanup; } @@ -650,9 +650,9 @@ TpmAttiFilterLog( // 1st pass to find out how much space we will need for (; hr == S_OK; - hr = WbclApiMoveToNextElement(&wbclIterator)) + hr = MyWbclApiMoveToNextElement(&wbclIterator)) { - hr = WbclApiGetCurrentElement( + hr = MyWbclApiGetCurrentElement( &wbclIterator, &pcrIndex, &eventType, @@ -694,9 +694,9 @@ TpmAttiFilterLog( goto Cleanup; } - if (FAILED(hr = WbclApiInitIterator(pbEventLog, - cbEventLog, - &wbclIterator))) + if (FAILED(hr = MyWbclApiInitIterator(pbEventLog, + cbEventLog, + &wbclIterator))) { goto Cleanup; } @@ -723,9 +723,9 @@ TpmAttiFilterLog( // 2nd pass to copy the entries for (; hr == S_OK; - hr = WbclApiMoveToNextElement(&wbclIterator)) + hr = MyWbclApiMoveToNextElement(&wbclIterator)) { - hr = WbclApiGetCurrentElement( + hr = MyWbclApiGetCurrentElement( &wbclIterator, &pcrIndex, &eventType, @@ -1119,7 +1119,7 @@ TpmAttGeneratePlatformAttestation( goto Cleanup; } - if (FAILED(hr = WbclApiInitIterator(pbLog, cbLog, &wbclIterator))) + if (FAILED(hr = MyWbclApiInitIterator(pbLog, cbLog, &wbclIterator))) { goto Cleanup; } @@ -2039,18 +2039,18 @@ TpmAttCreateAttestationfromLog( goto Cleanup; } - if (FAILED(hr = WbclApiInitIterator(pbLog, - cbLog, - &wbclIterator))) + if (FAILED(hr = MyWbclApiInitIterator(pbLog, + cbLog, + &wbclIterator))) { goto Cleanup; } // parse the log for (; hr == S_OK; - hr = WbclApiMoveToNextElement(&wbclIterator)) + hr = MyWbclApiMoveToNextElement(&wbclIterator)) { - hr = WbclApiGetCurrentElement( + hr = MyWbclApiGetCurrentElement( &wbclIterator, &pcrIndex, &eventType, @@ -2399,9 +2399,9 @@ TpmAttGetPlatformAttestationProperties( pAttestation->cbSignature]; cbPlatformLog = pAttestation->cbLog; - if (FAILED(hr = WbclApiInitIterator(pbPlatformLog, - cbPlatformLog, - &wbclIterator))) + if (FAILED(hr = MyWbclApiInitIterator(pbPlatformLog, + cbPlatformLog, + &wbclIterator))) { goto Cleanup; } @@ -2417,9 +2417,9 @@ TpmAttGetPlatformAttestationProperties( // 2nd pass to copy the entries for (; hr == S_OK; - hr = WbclApiMoveToNextElement(&wbclIterator)) + hr = MyWbclApiMoveToNextElement(&wbclIterator)) { - hr = WbclApiGetCurrentElement( + hr = MyWbclApiGetCurrentElement( &wbclIterator, &pcrIndex, &eventType, diff --git a/PCPTool.v11/dll/PCPWbcl.cpp b/PCPTool.v11/dll/PCPWbcl.cpp index 5acc37e2..8e929d66 100644 --- a/PCPTool.v11/dll/PCPWbcl.cpp +++ b/PCPTool.v11/dll/PCPWbcl.cpp @@ -511,7 +511,7 @@ Return value: // HRESULT -WbclApiInitIterator( +MyWbclApiInitIterator( _In_bytecount_(logSize) PVOID pLogBuffer, _In_ UINT32 logSize, _Out_ WBCL_Iterator* pWbclIterator @@ -589,12 +589,12 @@ Return value: // // Extract information for the first event in the log. // - hr = WbclApiGetCurrentElement(pWbclIterator, - &pcrIndex, - &eventType, - NULL, - &firstElementDataSize, - NULL); + hr = MyWbclApiGetCurrentElement(pWbclIterator, + &pcrIndex, + &eventType, + NULL, + &firstElementDataSize, + NULL); if (hr != S_OK) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); @@ -694,9 +694,9 @@ Return value: // // Move to the first log entry after the descriptor. - // WbclApiMoveToNextElement() does boundary checks. + // MyWbclApiMoveToNextElement() does boundary checks. // - hr = WbclApiMoveToNextElement(pWbclIterator); + hr = MyWbclApiMoveToNextElement(pWbclIterator); if (hr != S_OK) { hr = HRESULT_FROM_WIN32(ERROR_INVALID_DATA); @@ -710,7 +710,7 @@ Return value: } HRESULT -WbclApiGetCurrentElement( +MyWbclApiGetCurrentElement( _In_ WBCL_Iterator* pWbclIterator, _Out_ UINT32* pcrIndex, _Out_ UINT32* eventType, @@ -787,7 +787,7 @@ Return value: } HRESULT -WbclApiMoveToNextElement( +MyWbclApiMoveToNextElement( _In_ WBCL_Iterator* pWbclIterator) /*++ diff --git a/PCPTool.v11/exe/Support.cpp b/PCPTool.v11/exe/Support.cpp index 9e5d4b8b..5499ca50 100644 --- a/PCPTool.v11/exe/Support.cpp +++ b/PCPTool.v11/exe/Support.cpp @@ -850,9 +850,9 @@ PcpToolDisplayLog( PcpToolLevelPrefix(level + 1); wprintf(L"\n", cbWBCL); - if (FAILED(hr = WbclApiInitIterator(pbWBCL, - cbWBCL, - &wbclIterator))) + if (FAILED(hr = MyWbclApiInitIterator(pbWBCL, + cbWBCL, + &wbclIterator))) { goto Cleanup; } @@ -862,7 +862,7 @@ PcpToolDisplayLog( } for (; hr == S_OK; - hr = WbclApiMoveToNextElement(&wbclIterator)) + hr = MyWbclApiMoveToNextElement(&wbclIterator)) { BYTE eventDataDigest[MAX_DIGEST_SIZE] = { 0 }; UINT32 PcrIndex; @@ -871,7 +871,7 @@ PcpToolDisplayLog( PBYTE pbEventData; PBYTE pbDigest; - hr = WbclApiGetCurrentElement( + hr = MyWbclApiGetCurrentElement( &wbclIterator, &PcrIndex, &EventType, diff --git a/PCPTool.v11/inc/TpmAtt.h b/PCPTool.v11/inc/TpmAtt.h index 6d6f5e46..acd68162 100644 --- a/PCPTool.v11/inc/TpmAtt.h +++ b/PCPTool.v11/inc/TpmAtt.h @@ -170,128 +170,6 @@ typedef struct _PCP_KEY_ATTESTATION_BLOB { #define TPM_STATIC_CONFIG_KEYATTEST_KEYS L"SYSTEM\\CurrentControlSet\\Services\\Tpm\\KeyAttestationKeys" #define TPM_VOLATILE_CONFIG_DATA L"System\\CurrentControlSet\\Control\\IntegrityServices" -// SIPA event structures - -// -// Describes the VSM/SMART identity public key. -// -typedef struct tag_SIPAEVENT_VSM_IDK_RSA_INFO -{ - // - // Length of the RSA IDK modulus in bits. - // - ULONG32 KeyBitLength; - - // - // Length of the RSA IDK public exponent in bytes. - // - ULONG32 PublicExpLengthBytes; - - // - // Length of the modulus field in bytes. - // - ULONG32 ModulusSizeBytes; - - // - // The layout of the PublicKeyData field is as follows: - // PublicExponent[PublicExpLengthBytes] in Big-endian. - // Modulus[ModulusSizeBytes] in Big-endian. - // - BYTE PublicKeyData[ANYSIZE_ARRAY]; - -} SIPAEVENT_VSM_IDK_RSA_INFO, *PSIPAEVENT_VSM_IDK_RSA_INFO; - -// -// Payload structure for the SIPAEVENT_VSM_IDK_INFO event. -// -typedef struct tag_SIPAEVENT_VSM_IDK_INFO_PAYLOAD -{ - // - // Specifies the algorithm used for IDK. Should be one of VSM_IDK_ALG_ID values. - // - ULONG32 KeyAlgID; - - // - // Algorithm-specific description of the public key. - // - union - { - // - // Description of the RSA public key. - // - SIPAEVENT_VSM_IDK_RSA_INFO RsaKeyInfo; - } DUMMYUNIONNAME; - -} SIPAEVENT_VSM_IDK_INFO_PAYLOAD, *PSIPAEVENT_VSM_IDK_INFO_PAYLOAD; - -// -// Payload structure used to carry information about any policy blob. -// -typedef struct tag_SIPAEVENT_SI_POLICY_PAYLOAD -{ - // - // Policy version - // - ULONGLONG PolicyVersion; - - // - // Indicates the length (in bytes) of the policy name stored as part of VarLengthData. - // - UINT16 PolicyNameLength; - - // - // Indicates hash algorithm ID used to produce policy digest. - // Contains one of the TPM_ALG_ID values, typically the TPM_ALG_SHA256. - // - UINT16 HashAlgID; - - // - // Indicates the hash digest length (in bytes). Digest is stored as part of VarLengthData. - // - UINT32 DigestLength; - - // - // VarLengthData layout is: - // - // (Policy name is stored as a WCHAR string with a terminating zero). - // BYTE PolicyName[PolicyNameLength]. - // - // BYTE Digest[DigestLength] - // - _Field_size_bytes_(PolicyNameLength + DigestLength) - BYTE VarLengthData[ANYSIZE_ARRAY]; - -} SIPAEVENT_SI_POLICY_PAYLOAD, *PSIPAEVENT_SI_POLICY_PAYLOAD; - -// -// Payload structure used to carry information about revocation lists. -// -typedef struct tag_SIPAEVENT_REVOCATION_LIST_PAYLOAD -{ - // - // Creation time. - // - LONGLONG CreationTime; - - // - // Indicates the hash digest length (in bytes). - // - UINT32 DigestLength; - - // - // Indicates hash algorithm ID used to produce the revocation list digest. - // Contains one of the TPM_ALG_ID values, typically the TPM_ALG_SHA256. - // - UINT16 HashAlgID; - - // - // Hash digest of the revocation list. - // - _Field_size_bytes_(DigestLength) - BYTE Digest[ANYSIZE_ARRAY]; - -} SIPAEVENT_REVOCATION_LIST_PAYLOAD, *PSIPAEVENT_REVOCATION_LIST_PAYLOAD; - // WBCL parser APIs #pragma pack(push,1) @@ -315,52 +193,21 @@ typedef UINT16 WBCL_DIGEST_ALG_ID; #define WBCL_DIGEST_ALG_BITMAP_SHA_2_384 0x00000004 #define WBCL_DIGEST_ALG_BITMAP_SHA_2_512 0x00000008 -// -// An iterator object for WBCL log. -// -typedef struct _WBCL_Iterator -{ - // Pointer to the first element of the log. - PVOID firstElementPtr; - - // Log size in bytes. - UINT32 logSize; - - // Pointer to the current element of the log. - PVOID currentElementPtr; - - // Size of the current log entry pointed to by currentElementPtr. - UINT32 currentElementSize; - - // Size of the digest field of event log entries. - UINT16 digestSize; - - // Indicates the log format. - UINT16 logFormat; - - // number of algorithms stored in the following digest table. - UINT32 numberOfDigests; - - // points to the table in the header that contains the mapping of algorithm ids to digest sizes. - PVOID digestSizes; - - // Hash algorithm ID used for the log. The value corresponds to one of the TPM 2.0 ALG_ID values. - WBCL_DIGEST_ALG_ID hashAlgorithm; -} WBCL_Iterator, *PWBCL_Iterator; #pragma pack(pop) #if defined(__cplusplus) extern "C" { #endif -// WBCL parser functions (wbcl.h) +// Our own implementation of the WBCL parser functions (wbcl.h) +// We're implementing them ourselves because this repo does not have tpmapi.lib to link against. -DllExport HRESULT WbclApiInitIterator( +DllExport HRESULT MyWbclApiInitIterator( _In_ PVOID pLogBuffer, _In_ UINT32 logSize, _Out_ WBCL_Iterator* pWbclIterator); -DllExport HRESULT WbclApiGetCurrentElement( +DllExport HRESULT MyWbclApiGetCurrentElement( _In_ WBCL_Iterator* pWbclIterator, _Out_ UINT32* pcrIndex, _Out_ UINT32* eventType, @@ -369,7 +216,7 @@ DllExport HRESULT WbclApiGetCurrentElement( _Outptr_opt_result_bytebuffer_(*pcbElementDataSize) BYTE** ppbElementData ); -DllExport HRESULT WbclApiMoveToNextElement( +DllExport HRESULT MyWbclApiMoveToNextElement( _In_ WBCL_Iterator* pWbclIterator); #ifndef NCRYPT_PCP_PLATFORM_BINDING_PCRALGID_PROPERTY