diff --git a/examples/bench/bench.c b/examples/bench/bench.c index 1c24cfa..d449b4f 100644 --- a/examples/bench/bench.c +++ b/examples/bench/bench.c @@ -185,7 +185,7 @@ exit: /* --- BEGIN Bench Wrapper -- */ /******************************************************************************/ -int TPM2_Wrapper_Bench(void* userCtx) +int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[]) { int rc; WOLFTPM2_DEV dev; @@ -202,6 +202,8 @@ int TPM2_Wrapper_Bench(void* userCtx) printf("TPM2 Benchmark using Wrapper API's\n"); + (void)argc; + (void)argv; /* Init the TPM2 device */ rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); @@ -434,12 +436,12 @@ exit: #endif /* !WOLFTPM2_NO_WRAPPER && !NO_TPM_BENCH */ #ifndef NO_MAIN_DRIVER -int main(void) +int main(int argc, char *argv[]) { int rc = -1; #if !defined(WOLFTPM2_NO_WRAPPER) && !defined(NO_TPM_BENCH) - rc = TPM2_Wrapper_Bench(NULL); + rc = TPM2_Wrapper_Bench(NULL, argc, argv); #else printf("Wrapper code not compiled in\n"); #endif diff --git a/examples/bench/bench.h b/examples/bench/bench.h index ba24a86..ab04f8a 100644 --- a/examples/bench/bench.h +++ b/examples/bench/bench.h @@ -26,7 +26,7 @@ extern "C" { #endif -int TPM2_Wrapper_Bench(void* userCtx); +int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/examples/csr/csr.c b/examples/csr/csr.c index ec3ac94..7ddf37c 100644 --- a/examples/csr/csr.c +++ b/examples/csr/csr.c @@ -137,7 +137,7 @@ exit: return rc; } -int TPM2_CSR_Example(void* userCtx) +int TPM2_CSR_Example(void* userCtx, int argc, char *argv[]) { int rc; WOLFTPM2_DEV dev; @@ -155,6 +155,9 @@ int TPM2_CSR_Example(void* userCtx) printf("TPM2 CSR Example\n"); + (void)argc; + (void)argv; + /* Init the TPM2 device */ rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); if (rc != 0) return rc; @@ -233,14 +236,14 @@ exit: #endif /* !WOLFTPM2_NO_WRAPPER && WOLFSSL_CERT_REQ && WOLF_CRYPTO_DEV */ #ifndef NO_MAIN_DRIVER -int main(void) +int main(int argc, char *argv[]) { int rc = -1; #if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \ defined(WOLFSSL_CERT_REQ) && \ (defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB)) - rc = TPM2_CSR_Example(NULL); + rc = TPM2_CSR_Example(NULL, argc, argv); #else printf("Wrapper/CertReq/CryptoDev code not compiled in\n"); printf("Build wolfssl with ./configure --enable-certgen --enable-certreq --enable-certext --enable-cryptocb\n"); diff --git a/examples/csr/csr.h b/examples/csr/csr.h index bcd3822..84a1883 100644 --- a/examples/csr/csr.h +++ b/examples/csr/csr.h @@ -26,7 +26,7 @@ extern "C" { #endif -int TPM2_CSR_Example(void* userCtx); +int TPM2_CSR_Example(void* userCtx, int argc, char *argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/examples/native/native_test.c b/examples/native/native_test.c index 1810fe5..960caf6 100644 --- a/examples/native/native_test.c +++ b/examples/native/native_test.c @@ -53,7 +53,7 @@ typedef struct tmpHandle { } TpmHandle; -int TPM2_Native_Test(void* userCtx) +int TPM2_Native_Test(void* userCtx, int argc, char *argv[]) { int rc; TPM2_CTX tpm2Ctx; @@ -175,6 +175,8 @@ int TPM2_Native_Test(void* userCtx) TPMS_AUTH_COMMAND session[MAX_SESSION_NUM]; + (void)argc; + (void)argv; printf("TPM2 Demo using Native API's\n"); @@ -1367,11 +1369,11 @@ exit: #ifndef NO_MAIN_DRIVER -int main(void) +int main(int argc, char *argv[]) { int rc; - rc = TPM2_Native_Test(NULL); + rc = TPM2_Native_Test(NULL, argc, argv); return rc; } diff --git a/examples/native/native_test.h b/examples/native/native_test.h index dd2ec6a..9bd4c4c 100644 --- a/examples/native/native_test.h +++ b/examples/native/native_test.h @@ -26,7 +26,7 @@ extern "C" { #endif -int TPM2_Native_Test(void* userCtx); +int TPM2_Native_Test(void* userCtx, int argc, char *argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/examples/pcr/quote.c b/examples/pcr/quote.c index e2ca0a1..6cffdac 100644 --- a/examples/pcr/quote.c +++ b/examples/pcr/quote.c @@ -161,7 +161,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[]) } /* set auth for using the AIK */ - wolfTPM2_SetAuthPassword(&dev, 0, &rsaKey.handle.auth); + wolfTPM2_SetAuthHandle(&dev, 0, &rsaKey.handle); /* Prepare Quote request */ XMEMSET(&cmdIn.quoteAsk, 0, sizeof(cmdIn.quoteAsk)); diff --git a/examples/pkcs7/pkcs7.c b/examples/pkcs7/pkcs7.c index baacefc..7416d7d 100644 --- a/examples/pkcs7/pkcs7.c +++ b/examples/pkcs7/pkcs7.c @@ -293,7 +293,7 @@ exit: } -int TPM2_PKCS7_Example(void* userCtx) +int TPM2_PKCS7_Example(void* userCtx, int argc, char *argv[]) { int rc; WOLFTPM2_DEV dev; @@ -307,6 +307,9 @@ int TPM2_PKCS7_Example(void* userCtx) FILE* derFile; #endif + (void)argc; + (void)argv; + printf("TPM2 PKCS7 Example\n"); XMEMSET(&der, 0, sizeof(der)); @@ -348,7 +351,7 @@ int TPM2_PKCS7_Example(void* userCtx) rsaKey.handle.auth.size = sizeof(gKeyAuth)-1; XMEMCPY(rsaKey.handle.auth.buffer, gKeyAuth, rsaKey.handle.auth.size); } - wolfTPM2_SetAuthPassword(&dev, 0, &rsaKey.handle.auth); + wolfTPM2_SetAuthHandle(&dev, 0, &rsaKey.handle); /* load DER certificate for TPM key (obtained by running @@ -398,14 +401,14 @@ exit: #endif /* !WOLFTPM2_NO_WRAPPER && HAVE_PKCS7 && WOLF_CRYPTO_DEV */ #ifndef NO_MAIN_DRIVER -int main(void) +int main(int argc, char *argv[]) { int rc = -1; #if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \ defined(HAVE_PKCS7) && \ (defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB)) - rc = TPM2_PKCS7_Example(NULL); + rc = TPM2_PKCS7_Example(NULL, argc, argv); #else printf("Wrapper/PKCS7/CryptoDev code not compiled in\n"); printf("Build wolfssl with ./configure --enable-pkcs7 --enable-cryptocb\n"); diff --git a/examples/pkcs7/pkcs7.h b/examples/pkcs7/pkcs7.h index 9ed3a82..dcb07da 100644 --- a/examples/pkcs7/pkcs7.h +++ b/examples/pkcs7/pkcs7.h @@ -26,7 +26,7 @@ extern "C" { #endif -int TPM2_PKCS7_Example(void* userCtx); +int TPM2_PKCS7_Example(void* userCtx, int argc, char *argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/examples/timestamp/signed_timestamp.c b/examples/timestamp/signed_timestamp.c index cb316d9..db48d2c 100644 --- a/examples/timestamp/signed_timestamp.c +++ b/examples/timestamp/signed_timestamp.c @@ -38,13 +38,11 @@ /* --- BEGIN TPM Timestamp Test -- */ /******************************************************************************/ -int TPM2_Timestamp_Test(void* userCtx) +int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[]) { int rc; WOLFTPM2_DEV dev; TPMS_ATTEST attestedData; - - #ifdef WOLFTPM_WINAPI int tryNVkey = 0; #else @@ -74,6 +72,9 @@ int TPM2_Timestamp_Test(void* userCtx) WOLFTPM2_KEY storage; /* SRK */ WOLFTPM2_KEY rsaKey; /* AIK */ + (void)argc; + (void)argv; + XMEMSET(&endorse, 0, sizeof(endorse)); XMEMSET(&storage, 0, sizeof(storage)); XMEMSET(&rsaKey, 0, sizeof(rsaKey)); @@ -214,7 +215,7 @@ int TPM2_Timestamp_Test(void* userCtx) wolfTPM2_SetAuthPassword(&dev, 0, NULL); /* set auth for using the AIK */ - wolfTPM2_SetAuthPassword(&dev, 1, &rsaKey.handle.auth); + wolfTPM2_SetAuthHandle(&dev, 1, &rsaKey.handle); /* At this stage: The EK is created, AIK is created and loaded, * Endorsement Hierarchy is enabled through policySecret, @@ -294,12 +295,12 @@ exit: #ifndef NO_MAIN_DRIVER -int main(void) +int main(int argc, char *argv[]) { int rc = -1; #ifndef WOLFTPM2_NO_WRAPPER - rc = TPM2_Timestamp_Test(NULL); + rc = TPM2_Timestamp_Test(NULL, argc, argv); #else printf("Wrapper code not compiled in\n"); #endif /* !WOLFTPM2_NO_WRAPPER */ diff --git a/examples/timestamp/signed_timestamp.h b/examples/timestamp/signed_timestamp.h index 67f578f..a7f3a20 100644 --- a/examples/timestamp/signed_timestamp.h +++ b/examples/timestamp/signed_timestamp.h @@ -26,7 +26,7 @@ extern "C" { #endif -int TPM2_Timestamp_Test(void* userCtx); +int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/examples/tls/tls_client.c b/examples/tls/tls_client.c index 6399d1e..530c2df 100644 --- a/examples/tls/tls_client.c +++ b/examples/tls/tls_client.c @@ -73,12 +73,11 @@ * "-l ECDHE-ECDSA-AES128-SHA -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem" */ -static int useECC = 0; /******************************************************************************/ /* --- BEGIN TPM TLS Client Example -- */ /******************************************************************************/ -int TPM2_TLS_Client(void* userCtx) +int TPM2_TLS_Client(void* userCtx, int argc, char *argv[]) { int rc; WOLFTPM2_DEV dev; @@ -108,6 +107,7 @@ int TPM2_TLS_Client(void* userCtx) int total_size; int i; #endif + int useECC = 0; /* initialize variables */ XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx)); @@ -115,6 +115,12 @@ int TPM2_TLS_Client(void* userCtx) printf("TPM2 TLS Client Example\n"); + if (argc > 1) { + if (XSTRNCMP(argv[1], "ECC", 3) == 0) { + useECC = 1; + } + } + /* Init the TPM2 device */ rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); if (rc != 0) { @@ -484,20 +490,14 @@ exit: #endif /* !WOLFTPM2_NO_WRAPPER && WOLF_CRYPTO_DEV */ #ifndef NO_MAIN_DRIVER -int main(int argc, const char* argv[]) +int main(int argc, char* argv[]) { int rc = -1; #if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \ !defined(NO_WOLFSSL_CLIENT) && \ (defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB)) - if (argc > 1) { - if (XSTRNCMP(argv[1], "ECC", 3) == 0) { - useECC = 1; - } - } - - rc = TPM2_TLS_Client(NULL); + rc = TPM2_TLS_Client(NULL, argc, argv); #else (void)argc; (void)argv; diff --git a/examples/tls/tls_client.h b/examples/tls/tls_client.h index 5346d6a..230c8e9 100644 --- a/examples/tls/tls_client.h +++ b/examples/tls/tls_client.h @@ -26,8 +26,8 @@ extern "C" { #endif -int TPM2_TLS_Client(void* userCtx); -int TLS_Client(void); +int TPM2_TLS_Client(void* userCtx, int argc, char *argv[]); +int TLS_Client(int argc, char *argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/examples/tls/tls_client_notpm.c b/examples/tls/tls_client_notpm.c index 523e956..7c3c7c4 100644 --- a/examples/tls/tls_client_notpm.c +++ b/examples/tls/tls_client_notpm.c @@ -62,7 +62,7 @@ /******************************************************************************/ /* --- BEGIN TLS Client Example -- */ /******************************************************************************/ -int TLS_Client(void) +int TLS_Client(int argc, char *argv[]) { int rc = 0; SockIoCbCtx sockIoCtx; @@ -77,6 +77,7 @@ int TLS_Client(void) int total_size; int i; #endif + int useECC = 0; /* initialize variables */ XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx)); @@ -84,6 +85,12 @@ int TLS_Client(void) printf("TLS Client Example\n"); + if (argc > 1) { + if (XSTRNCMP(argv[1], "ECC", 3) == 0) { + useECC = 1; + } + } + wolfSSL_Debugging_ON(); wolfSSL_Init(); @@ -283,13 +290,13 @@ exit: #ifndef NO_MAIN_DRIVER -int main(void) +int main(int argc, char *argv[]) { int rc = -1; #if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \ !defined(NO_WOLFSSL_CLIENT) - rc = TLS_Client(); + rc = TLS_Client(argc, argv); #else printf("WolfSSL Client code not compiled in\n"); #endif diff --git a/examples/tls/tls_server.c b/examples/tls/tls_server.c index 542cd51..c9fcbb7 100644 --- a/examples/tls/tls_server.c +++ b/examples/tls/tls_server.c @@ -71,12 +71,10 @@ * With most browsers you can bypass the certificate warning. */ -static int useECC = 0; - /******************************************************************************/ /* --- BEGIN TLS SERVER Example -- */ /******************************************************************************/ -int TPM2_TLS_Server(void* userCtx) +int TPM2_TLS_Server(void* userCtx, int argc, char *argv[]) { int rc; WOLFTPM2_DEV dev; @@ -117,6 +115,7 @@ int TPM2_TLS_Server(void* userCtx) #ifdef TLS_BENCH_MODE int total_size; #endif + int useECC = 0; /* initialize variables */ XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx)); @@ -124,6 +123,12 @@ int TPM2_TLS_Server(void* userCtx) printf("TPM2 TLS Server Example\n"); + if (argc > 1) { + if (XSTRNCMP(argv[1], "ECC", 3) == 0) { + useECC = 1; + } + } + /* Init the TPM2 device */ rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); if (rc != 0) { @@ -454,20 +459,14 @@ exit: #endif /* !WOLFTPM2_NO_WRAPPER && WOLF_CRYPTO_DEV */ #ifndef NO_MAIN_DRIVER -int main(int argc, const char* argv[]) +int main(int argc, char* argv[]) { int rc = -1; #if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \ !defined(NO_WOLFSSL_SERVER) && \ (defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB)) - if (argc > 1) { - if (XSTRNCMP(argv[1], "ECC", 3) == 0) { - useECC = 1; - } - } - - rc = TPM2_TLS_Server(NULL); + rc = TPM2_TLS_Server(NULL, argc, argv); #else (void)argc; (void)argv; diff --git a/examples/tls/tls_server.h b/examples/tls/tls_server.h index 318cbad..0626386 100644 --- a/examples/tls/tls_server.h +++ b/examples/tls/tls_server.h @@ -26,7 +26,7 @@ extern "C" { #endif -int TPM2_TLS_Server(void* userCtx); +int TPM2_TLS_Server(void* userCtx, int argc, char* argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c index 135c68d..349ccf4 100644 --- a/examples/wrap/wrap_test.c +++ b/examples/wrap/wrap_test.c @@ -49,7 +49,7 @@ void TPM2_Wrapper_SetReset(int reset) resetTPM = reset; } -int TPM2_Wrapper_Test(void* userCtx) +int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[]) { int rc, i; WOLFTPM2_DEV dev; @@ -105,6 +105,10 @@ int TPM2_Wrapper_Test(void* userCtx) ecc_key wolfEccPubKey; ecc_key wolfEccPrivKey; #endif + + (void)argc; + (void)argv; + #ifndef NO_RSA XMEMSET(&wolfRsaPubKey, 0, sizeof(wolfRsaPubKey)); XMEMSET(&wolfRsaPrivKey, 0, sizeof(wolfRsaPrivKey)); @@ -862,7 +866,7 @@ int main(int argc, char *argv[]) (void)argv; #ifndef WOLFTPM2_NO_WRAPPER - rc = TPM2_Wrapper_Test(NULL); + rc = TPM2_Wrapper_Test(NULL, argc, argv); #else printf("Wrapper code not compiled in\n"); #endif diff --git a/examples/wrap/wrap_test.h b/examples/wrap/wrap_test.h index 0ba37bc..6c18490 100644 --- a/examples/wrap/wrap_test.h +++ b/examples/wrap/wrap_test.h @@ -27,7 +27,7 @@ #endif void TPM2_Wrapper_SetReset(int reset); -int TPM2_Wrapper_Test(void* userCtx); +int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[]); #ifdef __cplusplus } /* extern "C" */ diff --git a/src/tpm2.c b/src/tpm2.c index dc1ec0b..5287a0d 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -397,15 +397,21 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, { int rc = TPM_RC_SUCCESS; BYTE *param, *decParam = NULL; - UINT32 paramSz, decParamSz = 0; + UINT32 respSz, respCode, paramSz, decParamSz = 0, authPos; int i; - /* Skip the header and output handles */ - packet->pos = TPM2_HEADER_SIZE + (info->outHandleCnt * sizeof(TPM_HANDLE)); + /* Parse header */ + packet->pos = sizeof(UINT16); /* Skip tag */ + TPM2_Packet_ParseU32(packet, &respSz); /* Extract Response Size - total size including header */ + TPM2_Packet_ParseU32(packet, &respCode); /* Extract TPM Response Code */ + + /* Skip the header output handles */ + packet->pos += (info->outHandleCnt * sizeof(TPM_HANDLE)); - /* Mark parameter data */ - param = &packet->buf[packet->pos]; - paramSz = packet->size - packet->pos; + /* Response Parameter Size */ + TPM2_Packet_ParseU32(packet, ¶mSz); + param = &packet->buf[packet->pos]; /* Mark parameter data */ + authPos = packet->pos + paramSz; /* Mark "first" decryption parameter */ if (info->flags & CMD_FLAG_DEC2) { @@ -422,13 +428,36 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, } #ifdef WOLFTPM_DEBUG_VERBOSE - printf("ResponseProcess: Out %d, Total %d, Params %d\n", - info->outHandleCnt, packet->size, paramSz); + printf("ResponseProcess: Out %d, Total %d, Params %d, Dec %d\n", + info->outHandleCnt, packet->size, paramSz, decParamSz); #endif for (i=0; iauthCnt; i++) { TPMS_AUTH_COMMAND* authCmd = &ctx->authCmd[i]; + TPMS_AUTH_RESPONSE authRsp; + XMEMSET(&authRsp, 0, sizeof(authRsp)); + + /* Parse Auth - if exists */ + if (respSz > authPos) { + packet->pos = authPos; + TPM2_Packet_ParseAuth(packet, &authRsp); + authPos = packet->pos; + } + if (authCmd->sessionHandle != TPM_RS_PW) { + #ifndef WOLFTPM2_NO_WOLFCRYPT + if (authRsp.auth.size > 0) { + /* TODO: Verify HMAC */ + //rc = TPM2_CalcHmac(ctx, info, &authRsp, param, paramSz); + } + #endif + + /* update nonceTPM */ + if (authRsp.nonce.size > 0) { + authCmd->nonceTPM.size = authRsp.nonce.size; + XMEMCPY(authCmd->nonceTPM.buffer, authRsp.nonce.buffer, authRsp.nonce.size); + } + /* Handle session request for decryption */ /* If the response supports decryption */ if (decParam && authCmd->sessionAttributes & TPMA_SESSION_encrypt) { diff --git a/src/tpm2_param_enc.c b/src/tpm2_param_enc.c index 884908d..f950337 100644 --- a/src/tpm2_param_enc.c +++ b/src/tpm2_param_enc.c @@ -349,6 +349,15 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPMS_AUTH_COMMAND *session, { TPM_RC rc = TPM_RC_FAILURE; +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("CmdEnc Session Key %d\n", session->auth.size); + TPM2_PrintBin(session->auth.buffer, session->auth.size); + printf("CmdEnc Nonce caller %d\n", session->nonce.size); + TPM2_PrintBin(session->nonce.buffer, session->nonce.size); + printf("CmdEnc Nonce TPM %d\n", session->nonceTPM.size); + TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size); +#endif + if (session->symmetric.algorithm == TPM_ALG_XOR) { rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonce, &session->nonceTPM, encryptedParameter, paramData, paramSz); @@ -370,6 +379,15 @@ TPM_RC TPM2_ParamDec_CmdResponse(TPMS_AUTH_COMMAND *session, { TPM_RC rc = TPM_RC_FAILURE; +#ifdef WOLFTPM_DEBUG_VERBOSE + printf("RspDec Session Key %d\n", session->auth.size); + TPM2_PrintBin(session->auth.buffer, session->auth.size); + printf("RspDec Nonce caller %d\n", session->nonce.size); + TPM2_PrintBin(session->nonce.buffer, session->nonce.size); + printf("RspDec Nonce TPM %d\n", session->nonceTPM.size); + TPM2_PrintBin(session->nonceTPM.buffer, session->nonceTPM.size); +#endif + if (session->symmetric.algorithm == TPM_ALG_XOR) { rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonce, &session->nonceTPM, decryptedParameter, paramData, paramSz);