WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixes for response decryption. Nonce from TPM captured correctly now. Added support for args to all examples.

pull/129/head
David Garske 2020-11-24 16:44:20 -08:00
parent 1c5e0ea95a
commit 409fd96502
20 changed files with 131 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
examples/bench/bench.c
View File

@ -185,7 +185,7 @@ exit:
/* --- BEGIN Bench Wrapper -- */
/******************************************************************************/
int TPM2_Wrapper_Bench(void* userCtx)
int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[])
{
int rc;
WOLFTPM2_DEV dev;
@ -202,6 +202,8 @@ int TPM2_Wrapper_Bench(void* userCtx)
printf("TPM2 Benchmark using Wrapper API's\n");
(void)argc;
(void)argv;
/* Init the TPM2 device */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
@ -434,12 +436,12 @@ exit:
#endif /* !WOLFTPM2_NO_WRAPPER && !NO_TPM_BENCH */
#ifndef NO_MAIN_DRIVER
int main(void)
int main(int argc, char *argv[])
{
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(NO_TPM_BENCH)
rc = TPM2_Wrapper_Bench(NULL);
rc = TPM2_Wrapper_Bench(NULL, argc, argv);
#else
printf("Wrapper code not compiled in\n");
#endif

2
examples/bench/bench.h
View File

@ -26,7 +26,7 @@
extern "C" {
#endif
int TPM2_Wrapper_Bench(void* userCtx);
int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */

9
examples/csr/csr.c
View File

@ -137,7 +137,7 @@ exit:
return rc;
}
int TPM2_CSR_Example(void* userCtx)
int TPM2_CSR_Example(void* userCtx, int argc, char *argv[])
{
int rc;
WOLFTPM2_DEV dev;
@ -155,6 +155,9 @@ int TPM2_CSR_Example(void* userCtx)
printf("TPM2 CSR Example\n");
(void)argc;
(void)argv;
/* Init the TPM2 device */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
if (rc != 0) return rc;
@ -233,14 +236,14 @@ exit:
#endif /* !WOLFTPM2_NO_WRAPPER && WOLFSSL_CERT_REQ && WOLF_CRYPTO_DEV */
#ifndef NO_MAIN_DRIVER
int main(void)
int main(int argc, char *argv[])
{
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
defined(WOLFSSL_CERT_REQ) && \
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
rc = TPM2_CSR_Example(NULL);
rc = TPM2_CSR_Example(NULL, argc, argv);
#else
printf("Wrapper/CertReq/CryptoDev code not compiled in\n");
printf("Build wolfssl with ./configure --enable-certgen --enable-certreq --enable-certext --enable-cryptocb\n");

2
examples/csr/csr.h
View File

@ -26,7 +26,7 @@
extern "C" {
#endif
int TPM2_CSR_Example(void* userCtx);
int TPM2_CSR_Example(void* userCtx, int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */

8
examples/native/native_test.c
View File

@ -53,7 +53,7 @@ typedef struct tmpHandle {
} TpmHandle;
int TPM2_Native_Test(void* userCtx)
int TPM2_Native_Test(void* userCtx, int argc, char *argv[])
{
int rc;
TPM2_CTX tpm2Ctx;
@ -175,6 +175,8 @@ int TPM2_Native_Test(void* userCtx)
TPMS_AUTH_COMMAND session[MAX_SESSION_NUM];
(void)argc;
(void)argv;
printf("TPM2 Demo using Native API's\n");
@ -1367,11 +1369,11 @@ exit:
#ifndef NO_MAIN_DRIVER
int main(void)
int main(int argc, char *argv[])
{
int rc;
rc = TPM2_Native_Test(NULL);
rc = TPM2_Native_Test(NULL, argc, argv);
return rc;
}

2
examples/native/native_test.h
View File

@ -26,7 +26,7 @@
extern "C" {
#endif
int TPM2_Native_Test(void* userCtx);
int TPM2_Native_Test(void* userCtx, int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */

2
examples/pcr/quote.c
View File

@ -161,7 +161,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
}
/* set auth for using the AIK */
wolfTPM2_SetAuthPassword(&dev, 0, &rsaKey.handle.auth);
wolfTPM2_SetAuthHandle(&dev, 0, &rsaKey.handle);
/* Prepare Quote request */
XMEMSET(&cmdIn.quoteAsk, 0, sizeof(cmdIn.quoteAsk));

11
examples/pkcs7/pkcs7.c
View File

@ -293,7 +293,7 @@ exit:
}
int TPM2_PKCS7_Example(void* userCtx)
int TPM2_PKCS7_Example(void* userCtx, int argc, char *argv[])
{
int rc;
WOLFTPM2_DEV dev;
@ -307,6 +307,9 @@ int TPM2_PKCS7_Example(void* userCtx)
FILE* derFile;
#endif
(void)argc;
(void)argv;
printf("TPM2 PKCS7 Example\n");
XMEMSET(&der, 0, sizeof(der));
@ -348,7 +351,7 @@ int TPM2_PKCS7_Example(void* userCtx)
rsaKey.handle.auth.size = sizeof(gKeyAuth)-1;
XMEMCPY(rsaKey.handle.auth.buffer, gKeyAuth, rsaKey.handle.auth.size);
}
wolfTPM2_SetAuthPassword(&dev, 0, &rsaKey.handle.auth);
wolfTPM2_SetAuthHandle(&dev, 0, &rsaKey.handle);
/* load DER certificate for TPM key (obtained by running
@ -398,14 +401,14 @@ exit:
#endif /* !WOLFTPM2_NO_WRAPPER && HAVE_PKCS7 && WOLF_CRYPTO_DEV */
#ifndef NO_MAIN_DRIVER
int main(void)
int main(int argc, char *argv[])
{
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
defined(HAVE_PKCS7) && \
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
rc = TPM2_PKCS7_Example(NULL);
rc = TPM2_PKCS7_Example(NULL, argc, argv);
#else
printf("Wrapper/PKCS7/CryptoDev code not compiled in\n");
printf("Build wolfssl with ./configure --enable-pkcs7 --enable-cryptocb\n");

2
examples/pkcs7/pkcs7.h
View File

@ -26,7 +26,7 @@
extern "C" {
#endif
int TPM2_PKCS7_Example(void* userCtx);
int TPM2_PKCS7_Example(void* userCtx, int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */

13
examples/timestamp/signed_timestamp.c
View File

@ -38,13 +38,11 @@
/* --- BEGIN TPM Timestamp Test -- */
/******************************************************************************/
int TPM2_Timestamp_Test(void* userCtx)
int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
{
int rc;
WOLFTPM2_DEV dev;
TPMS_ATTEST attestedData;
#ifdef WOLFTPM_WINAPI
int tryNVkey = 0;
#else
@ -74,6 +72,9 @@ int TPM2_Timestamp_Test(void* userCtx)
WOLFTPM2_KEY storage; /* SRK */
WOLFTPM2_KEY rsaKey; /* AIK */
(void)argc;
(void)argv;
XMEMSET(&endorse, 0, sizeof(endorse));
XMEMSET(&storage, 0, sizeof(storage));
XMEMSET(&rsaKey, 0, sizeof(rsaKey));
@ -214,7 +215,7 @@ int TPM2_Timestamp_Test(void* userCtx)
wolfTPM2_SetAuthPassword(&dev, 0, NULL);
/* set auth for using the AIK */
wolfTPM2_SetAuthPassword(&dev, 1, &rsaKey.handle.auth);
wolfTPM2_SetAuthHandle(&dev, 1, &rsaKey.handle);
/* At this stage: The EK is created, AIK is created and loaded,
* Endorsement Hierarchy is enabled through policySecret,
@ -294,12 +295,12 @@ exit:
#ifndef NO_MAIN_DRIVER
int main(void)
int main(int argc, char *argv[])
{
int rc = -1;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Timestamp_Test(NULL);
rc = TPM2_Timestamp_Test(NULL, argc, argv);
#else
printf("Wrapper code not compiled in\n");
#endif /* !WOLFTPM2_NO_WRAPPER */

2
examples/timestamp/signed_timestamp.h
View File

@ -26,7 +26,7 @@
extern "C" {
#endif
int TPM2_Timestamp_Test(void* userCtx);
int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */

20
examples/tls/tls_client.c
View File

@ -73,12 +73,11 @@
* "-l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem"
*/
static int useECC = 0;
/******************************************************************************/
/* --- BEGIN TPM TLS Client Example -- */
/******************************************************************************/
int TPM2_TLS_Client(void* userCtx)
int TPM2_TLS_Client(void* userCtx, int argc, char *argv[])
{
int rc;
WOLFTPM2_DEV dev;
@ -108,6 +107,7 @@ int TPM2_TLS_Client(void* userCtx)
int total_size;
int i;
#endif
int useECC = 0;
/* initialize variables */
XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx));
@ -115,6 +115,12 @@ int TPM2_TLS_Client(void* userCtx)
printf("TPM2 TLS Client Example\n");
if (argc > 1) {
if (XSTRNCMP(argv[1], "ECC", 3) == 0) {
useECC = 1;
}
}
/* Init the TPM2 device */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
if (rc != 0) {
@ -484,20 +490,14 @@ exit:
#endif /* !WOLFTPM2_NO_WRAPPER && WOLF_CRYPTO_DEV */
#ifndef NO_MAIN_DRIVER
int main(int argc, const char* argv[])
int main(int argc, char* argv[])
{
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
!defined(NO_WOLFSSL_CLIENT) && \
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
if (argc > 1) {
if (XSTRNCMP(argv[1], "ECC", 3) == 0) {
useECC = 1;
}
}
rc = TPM2_TLS_Client(NULL);
rc = TPM2_TLS_Client(NULL, argc, argv);
#else
(void)argc;
(void)argv;

4
examples/tls/tls_client.h
View File

@ -26,8 +26,8 @@
extern "C" {
#endif
int TPM2_TLS_Client(void* userCtx);
int TLS_Client(void);
int TPM2_TLS_Client(void* userCtx, int argc, char *argv[]);
int TLS_Client(int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */

13
examples/tls/tls_client_notpm.c
View File

@ -62,7 +62,7 @@
/******************************************************************************/
/* --- BEGIN TLS Client Example -- */
/******************************************************************************/
int TLS_Client(void)
int TLS_Client(int argc, char *argv[])
{
int rc = 0;
SockIoCbCtx sockIoCtx;
@ -77,6 +77,7 @@ int TLS_Client(void)
int total_size;
int i;
#endif
int useECC = 0;
/* initialize variables */
XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx));
@ -84,6 +85,12 @@ int TLS_Client(void)
printf("TLS Client Example\n");
if (argc > 1) {
if (XSTRNCMP(argv[1], "ECC", 3) == 0) {
useECC = 1;
}
}
wolfSSL_Debugging_ON();
wolfSSL_Init();
@ -283,13 +290,13 @@ exit:
#ifndef NO_MAIN_DRIVER
int main(void)
int main(int argc, char *argv[])
{
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
!defined(NO_WOLFSSL_CLIENT)
rc = TLS_Client();
rc = TLS_Client(argc, argv);
#else
printf("WolfSSL Client code not compiled in\n");
#endif

21
examples/tls/tls_server.c
View File

@ -71,12 +71,10 @@
* With most browsers you can bypass the certificate warning.
*/
static int useECC = 0;
/******************************************************************************/
/* --- BEGIN TLS SERVER Example -- */
/******************************************************************************/
int TPM2_TLS_Server(void* userCtx)
int TPM2_TLS_Server(void* userCtx, int argc, char *argv[])
{
int rc;
WOLFTPM2_DEV dev;
@ -117,6 +115,7 @@ int TPM2_TLS_Server(void* userCtx)
#ifdef TLS_BENCH_MODE
int total_size;
#endif
int useECC = 0;
/* initialize variables */
XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx));
@ -124,6 +123,12 @@ int TPM2_TLS_Server(void* userCtx)
printf("TPM2 TLS Server Example\n");
if (argc > 1) {
if (XSTRNCMP(argv[1], "ECC", 3) == 0) {
useECC = 1;
}
}
/* Init the TPM2 device */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
if (rc != 0) {
@ -454,20 +459,14 @@ exit:
#endif /* !WOLFTPM2_NO_WRAPPER && WOLF_CRYPTO_DEV */
#ifndef NO_MAIN_DRIVER
int main(int argc, const char* argv[])
int main(int argc, char* argv[])
{
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
!defined(NO_WOLFSSL_SERVER) && \
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
if (argc > 1) {
if (XSTRNCMP(argv[1], "ECC", 3) == 0) {
useECC = 1;
}
}
rc = TPM2_TLS_Server(NULL);
rc = TPM2_TLS_Server(NULL, argc, argv);
#else
(void)argc;
(void)argv;

2
examples/tls/tls_server.h
View File

@ -26,7 +26,7 @@
extern "C" {
#endif
int TPM2_TLS_Server(void* userCtx);
int TPM2_TLS_Server(void* userCtx, int argc, char* argv[]);
#ifdef __cplusplus
} /* extern "C" */

8
examples/wrap/wrap_test.c
View File

@ -49,7 +49,7 @@ void TPM2_Wrapper_SetReset(int reset)
resetTPM = reset;
}
int TPM2_Wrapper_Test(void* userCtx)
int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
{
int rc, i;
WOLFTPM2_DEV dev;
@ -105,6 +105,10 @@ int TPM2_Wrapper_Test(void* userCtx)
ecc_key wolfEccPubKey;
ecc_key wolfEccPrivKey;
#endif
(void)argc;
(void)argv;
#ifndef NO_RSA
XMEMSET(&wolfRsaPubKey, 0, sizeof(wolfRsaPubKey));
XMEMSET(&wolfRsaPrivKey, 0, sizeof(wolfRsaPrivKey));
@ -862,7 +866,7 @@ int main(int argc, char *argv[])
(void)argv;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Wrapper_Test(NULL);
rc = TPM2_Wrapper_Test(NULL, argc, argv);
#else
printf("Wrapper code not compiled in\n");
#endif

2
examples/wrap/wrap_test.h
View File

@ -27,7 +27,7 @@
#endif
void TPM2_Wrapper_SetReset(int reset);
int TPM2_Wrapper_Test(void* userCtx);
int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[]);
#ifdef __cplusplus
} /* extern "C" */

45
src/tpm2.c
View File

@ -397,15 +397,21 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
{
int rc = TPM_RC_SUCCESS;
BYTE *param, *decParam = NULL;
UINT32 paramSz, decParamSz = 0;
UINT32 respSz, respCode, paramSz, decParamSz = 0, authPos;
int i;
/* Skip the header and output handles */
packet->pos = TPM2_HEADER_SIZE + (info->outHandleCnt * sizeof(TPM_HANDLE));
/* Parse header */
packet->pos = sizeof(UINT16); /* Skip tag */
TPM2_Packet_ParseU32(packet, &respSz); /* Extract Response Size - total size including header */
TPM2_Packet_ParseU32(packet, &respCode); /* Extract TPM Response Code */
/* Skip the header output handles */
packet->pos += (info->outHandleCnt * sizeof(TPM_HANDLE));
/* Mark parameter data */
param = &packet->buf[packet->pos];
paramSz = packet->size - packet->pos;
/* Response Parameter Size */
TPM2_Packet_ParseU32(packet, &paramSz);
param = &packet->buf[packet->pos]; /* Mark parameter data */
authPos = packet->pos + paramSz;
/* Mark "first" decryption parameter */
if (info->flags & CMD_FLAG_DEC2) {
@ -422,13 +428,36 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
}
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("ResponseProcess: Out %d, Total %d, Params %d\n",
info->outHandleCnt, packet->size, paramSz);
printf("ResponseProcess: Out %d, Total %d, Params %d, Dec %d\n",
info->outHandleCnt, packet->size, paramSz, decParamSz);
#endif
for (i=0; i<info->authCnt; i++) {
TPMS_AUTH_COMMAND* authCmd = &ctx->authCmd[i];
TPMS_AUTH_RESPONSE authRsp;
XMEMSET(&authRsp, 0, sizeof(authRsp));
/* Parse Auth - if exists */
if (respSz > authPos) {
packet->pos = authPos;
TPM2_Packet_ParseAuth(packet, &authRsp);
authPos = packet->pos;
}
if (authCmd->sessionHandle != TPM_RS_PW) {
#ifndef WOLFTPM2_NO_WOLFCRYPT
if (authRsp.auth.size > 0) {
/* TODO: Verify HMAC */
//rc = TPM2_CalcHmac(ctx, info, &authRsp, param, paramSz);
}
#endif
/* update nonceTPM */
if (authRsp.nonce.size > 0) {
authCmd->nonceTPM.size = authRsp.nonce.size;
XMEMCPY(authCmd->nonceTPM.buffer, authRsp.nonce.buffer, authRsp.nonce.size);
}
/* Handle session request for decryption */
/* If the response supports decryption */
if (decParam && authCmd->sessionAttributes & TPMA_SESSION_encrypt) {

18
src/tpm2_param_enc.c
View File

@ -349,6 +349,15 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPMS_AUTH_COMMAND *session,
{
TPM_RC rc = TPM_RC_FAILURE;
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("CmdEnc Session Key %d\n", session->auth.size);
TPM2_PrintBin(session->auth.buffer, session->auth.size);
printf("CmdEnc Nonce caller %d\n", session->nonce.size);
TPM2_PrintBin(session->nonce.buffer, session->nonce.size);
printf("CmdEnc Nonce TPM %d\n", session->nonceTPM.size);
TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size);
#endif
if (session->symmetric.algorithm == TPM_ALG_XOR) {
rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonce,
&session->nonceTPM, encryptedParameter, paramData, paramSz);
@ -370,6 +379,15 @@ TPM_RC TPM2_ParamDec_CmdResponse(TPMS_AUTH_COMMAND *session,
{
TPM_RC rc = TPM_RC_FAILURE;
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("RspDec Session Key %d\n", session->auth.size);
TPM2_PrintBin(session->auth.buffer, session->auth.size);
printf("RspDec Nonce caller %d\n", session->nonce.size);
TPM2_PrintBin(session->nonce.buffer, session->nonce.size);
printf("RspDec Nonce TPM %d\n", session->nonceTPM.size);
TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size);
#endif
if (session->symmetric.algorithm == TPM_ALG_XOR) {
rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonce,
&session->nonceTPM, decryptedParameter, paramData, paramSz);