tpm_parser/command_structures.py at main · OPPIDA/tpm_parser · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
"""
Definition of TPM 1.2 packets and commands, as additional structures.

All structures are defined as a construct.Struct instance.

A packet is a TPM_PACKET. It can either be a request (RQU) or a response (RSP).

Its `body` is either a `_TPM_RQU_BODY` or `_TPM_RSP_BODY`, identified by its `tag`.

The `body` of a `_TPM_RQU_BODY` is a `_<cmd>_RQU_BODY`, identified by its `ordinal`.

The `body` of a `_TPM_RSP_BODY` is a `_<cmd>_RSP_BODY`, identified by the `lastCommand` in-scope variable at parsing.

`body` fields are not real fields but are exposed to provide easier access and pretty-printing.
"""

# TPM Main Part 3 TPM Commands
# Level 2 Version 1.2, Revision 116
# https://trustedcomputinggroup.org/wp-content/uploads/TPM-Main-Part-3-Commands_v1.2_rev116_01032011.pdf

from construct import (
    Byte, Bytes,
    Const,
    Enum,
    FixedSized,
    GreedyRange,
    IfThenElse,
    Int16ub, Int32ub,
    Probe,
    Struct,
    Switch,
    this,
)

from structures import (
    TPM_AUTHDATA,
    TPM_AUTHHANDLE,
    TPM_COMMAND_CODE,
    TPM_DIGEST,
    TPM_KEY_HANDLE,
    TPM_NONCE,
    TPM_PAYLOAD_TYPE,
    TPM_PCR_INFO,
    TPM_PCR_SELECTION,
    TPM_RESULT,
    TPM_SEALED_DATA,
    TPM_SECRET,
    TPM_STORED_DATA,
    TPM_TAG,
)

###################################################################################################
######### Commands' RQU and RSP bodies
###################################################################################################

_TPM_Unseal_RQU_BODY = Struct(
    "parentHandle" / TPM_KEY_HANDLE,
    "inData" / TPM_STORED_DATA,
    "authHandle" / TPM_AUTHHANDLE,
    "nonceOdd" / TPM_NONCE,
    "continueAuthSession" / Byte, # Boolean
    "parentAuth" / TPM_AUTHDATA,
    "dataAuthHandle" / TPM_AUTHHANDLE,
    "datanonceOdd" / TPM_NONCE,
    "continueDataSession" / Byte, # Boolean
    "dataAuth" / TPM_AUTHDATA,
)

_TPM_Unseal_RSP_BODY = Struct(
    "sealedDataSize" / Int32ub,
    "secret" / Bytes(this.sealedDataSize),
    "nonceEven" / TPM_NONCE,
    "continueAuthSession" / Byte, # Boolean
    "resAuth" / TPM_AUTHDATA,
    "dataNonceEven" / TPM_NONCE,
    "continueDataSession" / Byte, # Boolean
    "dataAuth" / TPM_AUTHDATA,
)

###################################################################################################
######### RQU, RSP, TPM_PACKET(S)
###################################################################################################

# hack: global variable + hook to inform of packet size for parsing of unsupported ordinal
#
# TODO: remove once 100% ordinal support is implemented
currentParamSize = None

def param_hook(obj, ctx):
    global currentParamSize

    # breakpoint()

    # paramSize in a packet is the full size of the packet
    # we need the remaining number of bytes in the packet, after
    #     - tag
    #     - paramSize
    #     - ordinal or responseCode
    # n.b. sizeof(TPM_COMMAND_CODE) == sizeof(TPM_RESULT) == 4
    currentParamSize = ctx._.paramSize - TPM_TAG.sizeof() - Int32ub.sizeof() - TPM_RESULT.sizeof()

_TPM_RQU_BODY = Struct(
    "ordinal" / TPM_COMMAND_CODE * param_hook,
    "body" / Switch(this.ordinal,
    {
        TPM_COMMAND_CODE.TPM_Unseal: _TPM_Unseal_RQU_BODY,
        # TODO: Everything else
    },
    default=Bytes(lambda _: currentParamSize),
    )
)

# hack: global variable to inform of last ordinal for RSP parsing
#
# TODO: find a way without polluting global namespace (ugly packet constructor?)
lastCommand = None

_TPM_RSP_BODY = Struct(
    "responseCode" / TPM_RESULT * param_hook,
    "body" / Switch(lambda _: lastCommand, # hack for context-based ordinal inference
    {
        TPM_COMMAND_CODE.TPM_Unseal: _TPM_Unseal_RSP_BODY,
        # TODO: Everything else
    },
    default=Bytes(lambda _: currentParamSize),
    )
)

TPM_PACKET = Struct(
    "tag" / TPM_TAG,
    "paramSize" / Int32ub,
    "body" / IfThenElse(lambda ctx: ctx.tag.startswith('TPM_TAG_RQU'),
        _TPM_RQU_BODY,
        _TPM_RSP_BODY,
    ),
)

def command_hook(obj, ctx):
    global lastCommand

    if obj.tag.startswith('TPM_TAG_RQU'):
        lastCommand = obj.body.ordinal
    else:
        lastCommand = None

TPM_PACKETS = GreedyRange(
    TPM_PACKET * command_hook,
)