WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix logic error with `--enable-wrapper`. Fix for RSA encrypt/decrypt with no (NULL) padding scheme. Added RSA wrapper test for no padding. Added wrapper function to get a devId based on did_vid. Added wrapper TPM device pointer to handle.

pull/12/head
David Garske 2018-05-18 06:41:34 -07:00
parent 9f574a89fb
commit 2d274f08b7
5 changed files with 60 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -110,7 +110,7 @@ AC_ARG_ENABLE([wrapper],
[ ENABLED_WRAPPER=yes ]
)
if test "$ENABLED_WRAPPER" = "yes"
if test "$ENABLED_WRAPPER" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM2_NO_WRAPPER"
fi

30
examples/wrap/wrap_test.c
View File

@ -160,28 +160,44 @@ int TPM2_Wrapper_Test(void* userCtx)
if (rc != 0) goto exit;
/* Perform RSA encrypt / decrypt */
/* Perform RSA encrypt / decrypt (no pad) */
message.size = 256; /* test message 0x11,0x11,etc */
XMEMSET(message.buffer, 0x11, message.size);
cipher.size = sizeof(cipher.buffer); /* encrypted data */
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_NULL,
message.buffer, message.size, cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
plain.size = sizeof(plain.buffer);
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_NULL,
cipher.buffer, cipher.size, plain.buffer, &plain.size);
if (rc != 0) goto exit;
/* Validate encrypt / decrypt */
if (message.size != plain.size ||
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
rc = TPM_RC_TESTING; goto exit;
}
printf("RSA Encrypt/Decrypt Test Passed\n");
/* Perform RSA encrypt / decrypt (OAEP pad) */
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
XMEMSET(message.buffer, 0x11, message.size);
cipher.size = sizeof(cipher.buffer); /* encrypted data */
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP,
message.buffer, message.size, cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
plain.size = sizeof(plain.buffer);
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP,
cipher.buffer, cipher.size, plain.buffer, &plain.size);
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
if (rc != 0) goto exit;
/* Validate encrypt / decrypt */
if (message.size != plain.size ||
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
rc = TPM_RC_TESTING; goto exit;
}
printf("RSA Encrypt Test Passed\n");
printf("RSA Encrypt/Decrypt OAEP Test Passed\n");
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
if (rc != 0) goto exit;
/* Create an ECC key for ECDSA */

6
src/tpm2.c
View File

@ -1380,7 +1380,8 @@ TPM_RC TPM2_RSA_Encrypt(RSA_Encrypt_In* in, RSA_Encrypt_Out* out)
TPM2_Packet_AppendBytes(&packet, in->message.buffer, in->message.size);
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg);
if (in->inScheme.scheme != TPM_ALG_NULL)
TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg);
TPM2_Packet_AppendU16(&packet, in->label.size);
TPM2_Packet_AppendBytes(&packet, in->label.buffer, in->label.size);
@ -1427,7 +1428,8 @@ TPM_RC TPM2_RSA_Decrypt(RSA_Decrypt_In* in, RSA_Decrypt_Out* out)
in->cipherText.size);
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg);
if (in->inScheme.scheme != TPM_ALG_NULL)
TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg);
TPM2_Packet_AppendU16(&packet, in->label.size);
TPM2_Packet_AppendBytes(&packet, in->label.buffer, in->label.size);

22
src/tpm2_wrap.c
View File

@ -81,6 +81,15 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx)
return TPM_RC_SUCCESS;
}
int wolfTPM2_GetTpmDevId(WOLFTPM2_DEV* dev)
{
if (dev == NULL) {
return BAD_FUNC_ARG;
}
return dev->ctx.did_vid; /* not INVALID_DEVID */
}
int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
TPM_HANDLE sessionHandle, const byte* auth, int authSz)
{
@ -158,6 +167,7 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
return rc;
}
session->handle.dev = dev;
session->handle.hndl = authSesOut.sessionHandle;
session->nonceTPM = authSesOut.nonceTPM;
@ -199,6 +209,7 @@ int wolfTPM2_CreatePrimaryKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
wolfTPM2_GetRCString(rc));
return rc;
}
key->handle.dev = dev;
key->handle.hndl = createPriOut.objectHandle;
key->handle.auth = createPriIn.inSensitive.sensitive.userAuth;
@ -270,6 +281,7 @@ int wolfTPM2_CreateAndLoadKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
printf("TPM2_Load key failed %d: %s\n", rc, wolfTPM2_GetRCString(rc));
return rc;
}
key->handle.dev = dev;
key->handle.hndl = loadOut.objectHandle;
key->handle.auth = createIn.inSensitive.sensitive.userAuth;
@ -300,6 +312,7 @@ int wolfTPM2_LoadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
wolfTPM2_GetRCString(rc));
return rc;
}
key->handle.dev = dev;
key->handle.hndl = loadExtOut.objectHandle;
key->pub = loadExtIn.inPublic;
@ -382,6 +395,7 @@ int wolfTPM2_ReadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
return rc;
}
key->handle.dev = dev;
key->handle.hndl = readPubIn.objectHandle;
key->pub = readPubOut.outPublic;
@ -665,8 +679,9 @@ int wolfTPM2_RsaEncrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
rsaEncIn.keyHandle = key->handle.hndl;
rsaEncIn.message.size = msgSz;
XMEMCPY(rsaEncIn.message.buffer, msg, msgSz);
rsaEncIn.inScheme.scheme = padScheme; /* TPM_ALG_OAEP or TPM_ALG_RSAPSS */
rsaEncIn.inScheme.details.oaep.hashAlg = WOLFTPM2_WRAP_DIGEST;
/* TPM_ALG_NULL, TPM_ALG_OAEP, TPM_ALG_RSASSA or TPM_ALG_RSAPSS */
rsaEncIn.inScheme.scheme = padScheme;
rsaEncIn.inScheme.details.anySig.hashAlg = WOLFTPM2_WRAP_DIGEST;
#if 0
/* Optional label */
@ -713,8 +728,9 @@ int wolfTPM2_RsaDecrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
rsaDecIn.keyHandle = key->handle.hndl;
rsaDecIn.cipherText.size = inSz;
XMEMCPY(rsaDecIn.cipherText.buffer, in, inSz);
/* TPM_ALG_NULL, TPM_ALG_OAEP, TPM_ALG_RSASSA or TPM_ALG_RSAPSS */
rsaDecIn.inScheme.scheme = padScheme;
rsaDecIn.inScheme.details.oaep.hashAlg = WOLFTPM2_WRAP_DIGEST;
rsaDecIn.inScheme.details.anySig.hashAlg = WOLFTPM2_WRAP_DIGEST;
#if 0
/* Optional label */

18
wolftpm/tpm2_wrap.h
View File

@ -25,7 +25,13 @@
#include <wolftpm/tpm2.h>
typedef struct WOLFTPM2_DEV {
TPM2_CTX ctx;
TPMS_AUTH_COMMAND session[MAX_SESSION_NUM];
} WOLFTPM2_DEV;
typedef struct WOLFTPM2_HANDLE {
WOLFTPM2_DEV* dev;
TPM_HANDLE hndl;
TPM2B_AUTH auth;
} WOLFTPM2_HANDLE;
@ -42,14 +48,14 @@ typedef struct WOLFTPM2_KEY {
TPM2B_NAME name;
} WOLFTPM2_KEY;
typedef struct WOLFTPM2_DEV {
TPM2_CTX ctx;
TPMS_AUTH_COMMAND session[MAX_SESSION_NUM];
} WOLFTPM2_DEV;
#ifndef WOLFTPM2_MAX_BUFFER
#define WOLFTPM2_MAX_BUFFER MAX_DIGEST_BUFFER
#endif
typedef struct WOLFTPM2_BUFFER {
int size;
byte buffer[MAX_DIGEST_BUFFER];
byte buffer[WOLFTPM2_MAX_BUFFER];
} WOLFTPM2_BUFFER;
@ -58,6 +64,8 @@ typedef struct WOLFTPM2_BUFFER {
WOLFTPM_API int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx);
WOLFTPM_API int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev);
WOLFTPM_API int wolfTPM2_GetTpmDevId(WOLFTPM2_DEV* dev);
WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
TPM_HANDLE sessionHandle, const byte* auth, int authSz);