From 32d423cf719e8d8a596a2beba9d5c6426e4c64a9 Mon Sep 17 00:00:00 2001 From: Dimitar Tomov Date: Wed, 2 Sep 2020 02:19:41 +0300 Subject: [PATCH] Add TPM clock increment example Signed-off-by: Dimitar Tomov --- .gitignore | 1 + examples/clock/clockSet.c | 146 ++++++++++++++++++++++++++++++++++++++ examples/clock/clockSet.h | 35 +++++++++ examples/clock/include.am | 14 ++++ examples/include.am | 1 + 5 files changed, 197 insertions(+) create mode 100644 examples/clock/clockSet.c create mode 100644 examples/clock/clockSet.h create mode 100644 examples/clock/include.am diff --git a/.gitignore b/.gitignore index 2cf0713..b232249 100644 --- a/.gitignore +++ b/.gitignore @@ -37,6 +37,7 @@ examples/timestamp/signed_timestamp examples/pcr/quote examples/pcr/extend examples/pcr/reset +examples/clock/clockSet pkcs7tpmsigned.p7s pkcs7tpmsignedex.p7s examples/tls/tls_server diff --git a/examples/clock/clockSet.c b/examples/clock/clockSet.c new file mode 100644 index 0000000..3c4a1a9 --- /dev/null +++ b/examples/clock/clockSet.c @@ -0,0 +1,146 @@ +/* clockSet.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfTPM. + * + * wolfTPM is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfTPM is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This example shows how to increment the TPM2 clock */ + +#include + +#ifndef WOLFTPM2_NO_WRAPPER + +#include +#include +#include + +#include + + +/******************************************************************************/ +/* --- BEGIN TPM clockSet Test -- */ +/******************************************************************************/ + +int TPM2_ClockSet_Test(void* userCtx) +{ + int rc; + WOLFTPM2_DEV dev; + + union { + ClockSet_In clockSet; + byte maxInput[MAX_COMMAND_SIZE]; + } cmdIn; + union { + ReadClock_Out readClock; + byte maxOutput[MAX_RESPONSE_SIZE]; + } cmdOut; + + TPMS_AUTH_COMMAND session[MAX_SESSION_NUM]; + + UINT64 oldClock, newClock; + + printf("TPM2 Demo of setting the TPM clock forward\n"); + rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); + if (rc != TPM_RC_SUCCESS) { + printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); + goto exit; + } + printf("wolfTPM2_Init: success\n"); + + + /* Define the default session auth that has NULL password */ + XMEMSET(session, 0, sizeof(session)); + session[0].sessionHandle = TPM_RS_PW; + session[0].auth.size = 0; /* NULL Password */ + TPM2_SetSessionAuth(session); + + + /* ReadClock the current TPM uptime */ + XMEMSET(&cmdOut.readClock, 0, sizeof(cmdOut.readClock)); + rc = TPM2_ReadClock(&cmdOut.readClock); + if (rc != TPM_RC_SUCCESS) { + printf("TPM2_ReadClock failed 0x%x: %s\n", rc, + TPM2_GetRCString(rc)); + goto exit; + } + printf("TPM2_ReadClock: success\n"); + printf("TPM2_ReadClock: (total) time=%lu\n", + cmdOut.readClock.currentTime.time); + printf("TPM2_ReadClock: (uptime) clock=%lu\n", + cmdOut.readClock.currentTime.clockInfo.clock); + oldClock = cmdOut.readClock.currentTime.clockInfo.clock; + + /* Set Clock forward by 50 seconds */ + cmdIn.clockSet.auth = TPM_RH_OWNER; + cmdIn.clockSet.newTime = oldClock + 50000; + rc = TPM2_ClockSet(&cmdIn.clockSet); + if (rc != TPM_RC_SUCCESS) { + printf("TPM2_clockSet failed 0x%x: %s\n", rc, + TPM2_GetRCString(rc)); + goto exit; + } + printf("TPM2_clockSet: success\n"); + + /* ReadClock to check the new clock time is set */ + XMEMSET(&cmdOut.readClock, 0, sizeof(cmdOut.readClock)); + rc = TPM2_ReadClock(&cmdOut.readClock); + if (rc != TPM_RC_SUCCESS) { + printf("TPM2_ReadClock failed 0x%x: %s\n", rc, + TPM2_GetRCString(rc)); + goto exit; + } + printf("TPM2_ReadClock: success\n"); + printf("TPM2_ReadClock: (total) time=%lu\n", + cmdOut.readClock.currentTime.time); + printf("TPM2_ReadClock: (uptime) clock=%lu\n", + cmdOut.readClock.currentTime.clockInfo.clock); + newClock = cmdOut.readClock.currentTime.clockInfo.clock; + + printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n", oldClock, newClock); + +exit: + + if (rc != 0) { + printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + } + + wolfTPM2_Cleanup(&dev); + return rc; +} + +/******************************************************************************/ +/* --- END TPM Timestamp Test -- */ +/******************************************************************************/ + +#endif /* !WOLFTPM2_NO_WRAPPER */ + + +#ifndef NO_MAIN_DRIVER +int main(void) +{ + int rc = -1; + +#ifndef WOLFTPM2_NO_WRAPPER + rc = TPM2_ClockSet_Test(NULL); +#else + printf("Wrapper code not compiled in\n"); +#endif /* !WOLFTPM2_NO_WRAPPER */ + + return rc; +} +#endif diff --git a/examples/clock/clockSet.h b/examples/clock/clockSet.h new file mode 100644 index 0000000..5b5a354 --- /dev/null +++ b/examples/clock/clockSet.h @@ -0,0 +1,35 @@ +/* clockSet.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfTPM. + * + * wolfTPM is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfTPM is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef _CLOCK_SET_H_ +#define _CLOCK_SET_H_ + +#ifdef __cplusplus + extern "C" { +#endif + +int TPM2_ClockSet_Test(void* userCtx); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* _CLOCK_SET_H_ */ diff --git a/examples/clock/include.am b/examples/clock/include.am new file mode 100644 index 0000000..ed9dfc4 --- /dev/null +++ b/examples/clock/include.am @@ -0,0 +1,14 @@ +# vim:ft=automake +# All paths should be given relative to the root + +if BUILD_EXAMPLES +noinst_PROGRAMS += examples/clock/clockSet +noinst_HEADERS += examples/clock/clockSet.h +examples_clock_clockSet_SOURCES = examples/clock/clockSet.c \ + examples/tpm_io.c +examples_clock_clockSet_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) +examples_clock_clockSet_DEPENDENCIES = src/libwolftpm.la +endif + +dist_example_DATA+= examples/clock/clockSet.c +DISTCLEANFILES+= examples/clock/.libs/clockSet diff --git a/examples/include.am b/examples/include.am index 2deb448..92a0940 100644 --- a/examples/include.am +++ b/examples/include.am @@ -9,6 +9,7 @@ include examples/csr/include.am include examples/pkcs7/include.am include examples/timestamp/include.am include examples/pcr/include.am +include examples/clock/include.am dist_example_DATA+= examples/README.md \ examples/tpm_io.c \