diff --git a/configure.ac b/configure.ac index 08450ab..a2895a7 100644 --- a/configure.ac +++ b/configure.ac @@ -110,7 +110,7 @@ AC_ARG_ENABLE([wrapper], [ ENABLED_WRAPPER=yes ] ) -if test "$ENABLED_WRAPPER" = "yes" +if test "$ENABLED_WRAPPER" = "no" then AM_CFLAGS="$AM_CFLAGS -DWOLFTPM2_NO_WRAPPER" fi diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c index 0abe595..2c71887 100755 --- a/examples/wrap/wrap_test.c +++ b/examples/wrap/wrap_test.c @@ -160,28 +160,44 @@ int TPM2_Wrapper_Test(void* userCtx) if (rc != 0) goto exit; - /* Perform RSA encrypt / decrypt */ + /* Perform RSA encrypt / decrypt (no pad) */ + message.size = 256; /* test message 0x11,0x11,etc */ + XMEMSET(message.buffer, 0x11, message.size); + cipher.size = sizeof(cipher.buffer); /* encrypted data */ + rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_NULL, + message.buffer, message.size, cipher.buffer, &cipher.size); + if (rc != 0) goto exit; + plain.size = sizeof(plain.buffer); + rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_NULL, + cipher.buffer, cipher.size, plain.buffer, &plain.size); + if (rc != 0) goto exit; + /* Validate encrypt / decrypt */ + if (message.size != plain.size || + XMEMCMP(message.buffer, plain.buffer, message.size) != 0) { + rc = TPM_RC_TESTING; goto exit; + } + printf("RSA Encrypt/Decrypt Test Passed\n"); + + /* Perform RSA encrypt / decrypt (OAEP pad) */ message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */ XMEMSET(message.buffer, 0x11, message.size); cipher.size = sizeof(cipher.buffer); /* encrypted data */ rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP, message.buffer, message.size, cipher.buffer, &cipher.size); if (rc != 0) goto exit; - plain.size = sizeof(plain.buffer); rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP, cipher.buffer, cipher.size, plain.buffer, &plain.size); if (rc != 0) goto exit; - - rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); - if (rc != 0) goto exit; - /* Validate encrypt / decrypt */ if (message.size != plain.size || XMEMCMP(message.buffer, plain.buffer, message.size) != 0) { rc = TPM_RC_TESTING; goto exit; } - printf("RSA Encrypt Test Passed\n"); + printf("RSA Encrypt/Decrypt OAEP Test Passed\n"); + + rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); + if (rc != 0) goto exit; /* Create an ECC key for ECDSA */ diff --git a/src/tpm2.c b/src/tpm2.c index 703d84c..498c94f 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -1380,7 +1380,8 @@ TPM_RC TPM2_RSA_Encrypt(RSA_Encrypt_In* in, RSA_Encrypt_Out* out) TPM2_Packet_AppendBytes(&packet, in->message.buffer, in->message.size); TPM2_Packet_AppendU16(&packet, in->inScheme.scheme); - TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg); + if (in->inScheme.scheme != TPM_ALG_NULL) + TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg); TPM2_Packet_AppendU16(&packet, in->label.size); TPM2_Packet_AppendBytes(&packet, in->label.buffer, in->label.size); @@ -1427,7 +1428,8 @@ TPM_RC TPM2_RSA_Decrypt(RSA_Decrypt_In* in, RSA_Decrypt_Out* out) in->cipherText.size); TPM2_Packet_AppendU16(&packet, in->inScheme.scheme); - TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg); + if (in->inScheme.scheme != TPM_ALG_NULL) + TPM2_Packet_AppendU16(&packet, in->inScheme.details.anySig.hashAlg); TPM2_Packet_AppendU16(&packet, in->label.size); TPM2_Packet_AppendBytes(&packet, in->label.buffer, in->label.size); diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 340f876..7743c86 100755 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -81,6 +81,15 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx) return TPM_RC_SUCCESS; } +int wolfTPM2_GetTpmDevId(WOLFTPM2_DEV* dev) +{ + if (dev == NULL) { + return BAD_FUNC_ARG; + } + + return dev->ctx.did_vid; /* not INVALID_DEVID */ +} + int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index, TPM_HANDLE sessionHandle, const byte* auth, int authSz) { @@ -158,6 +167,7 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session, return rc; } + session->handle.dev = dev; session->handle.hndl = authSesOut.sessionHandle; session->nonceTPM = authSesOut.nonceTPM; @@ -199,6 +209,7 @@ int wolfTPM2_CreatePrimaryKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, wolfTPM2_GetRCString(rc)); return rc; } + key->handle.dev = dev; key->handle.hndl = createPriOut.objectHandle; key->handle.auth = createPriIn.inSensitive.sensitive.userAuth; @@ -270,6 +281,7 @@ int wolfTPM2_CreateAndLoadKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, printf("TPM2_Load key failed %d: %s\n", rc, wolfTPM2_GetRCString(rc)); return rc; } + key->handle.dev = dev; key->handle.hndl = loadOut.objectHandle; key->handle.auth = createIn.inSensitive.sensitive.userAuth; @@ -300,6 +312,7 @@ int wolfTPM2_LoadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, wolfTPM2_GetRCString(rc)); return rc; } + key->handle.dev = dev; key->handle.hndl = loadExtOut.objectHandle; key->pub = loadExtIn.inPublic; @@ -382,6 +395,7 @@ int wolfTPM2_ReadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, return rc; } + key->handle.dev = dev; key->handle.hndl = readPubIn.objectHandle; key->pub = readPubOut.outPublic; @@ -665,8 +679,9 @@ int wolfTPM2_RsaEncrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, rsaEncIn.keyHandle = key->handle.hndl; rsaEncIn.message.size = msgSz; XMEMCPY(rsaEncIn.message.buffer, msg, msgSz); - rsaEncIn.inScheme.scheme = padScheme; /* TPM_ALG_OAEP or TPM_ALG_RSAPSS */ - rsaEncIn.inScheme.details.oaep.hashAlg = WOLFTPM2_WRAP_DIGEST; + /* TPM_ALG_NULL, TPM_ALG_OAEP, TPM_ALG_RSASSA or TPM_ALG_RSAPSS */ + rsaEncIn.inScheme.scheme = padScheme; + rsaEncIn.inScheme.details.anySig.hashAlg = WOLFTPM2_WRAP_DIGEST; #if 0 /* Optional label */ @@ -713,8 +728,9 @@ int wolfTPM2_RsaDecrypt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, rsaDecIn.keyHandle = key->handle.hndl; rsaDecIn.cipherText.size = inSz; XMEMCPY(rsaDecIn.cipherText.buffer, in, inSz); + /* TPM_ALG_NULL, TPM_ALG_OAEP, TPM_ALG_RSASSA or TPM_ALG_RSAPSS */ rsaDecIn.inScheme.scheme = padScheme; - rsaDecIn.inScheme.details.oaep.hashAlg = WOLFTPM2_WRAP_DIGEST; + rsaDecIn.inScheme.details.anySig.hashAlg = WOLFTPM2_WRAP_DIGEST; #if 0 /* Optional label */ diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h index 7b5de14..bbf62a2 100755 --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -25,7 +25,13 @@ #include +typedef struct WOLFTPM2_DEV { + TPM2_CTX ctx; + TPMS_AUTH_COMMAND session[MAX_SESSION_NUM]; +} WOLFTPM2_DEV; + typedef struct WOLFTPM2_HANDLE { + WOLFTPM2_DEV* dev; TPM_HANDLE hndl; TPM2B_AUTH auth; } WOLFTPM2_HANDLE; @@ -42,14 +48,14 @@ typedef struct WOLFTPM2_KEY { TPM2B_NAME name; } WOLFTPM2_KEY; -typedef struct WOLFTPM2_DEV { - TPM2_CTX ctx; - TPMS_AUTH_COMMAND session[MAX_SESSION_NUM]; -} WOLFTPM2_DEV; + +#ifndef WOLFTPM2_MAX_BUFFER + #define WOLFTPM2_MAX_BUFFER MAX_DIGEST_BUFFER +#endif typedef struct WOLFTPM2_BUFFER { int size; - byte buffer[MAX_DIGEST_BUFFER]; + byte buffer[WOLFTPM2_MAX_BUFFER]; } WOLFTPM2_BUFFER; @@ -58,6 +64,8 @@ typedef struct WOLFTPM2_BUFFER { WOLFTPM_API int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx); WOLFTPM_API int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev); +WOLFTPM_API int wolfTPM2_GetTpmDevId(WOLFTPM2_DEV* dev); + WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index, TPM_HANDLE sessionHandle, const byte* auth, int authSz);