mirror of https://github.com/wolfSSL/wolfTPM.git
Added parameter encryption support to more examples. Fix to not set "encrypt" or "decrypt" if command doesn't allow it. Updated documentation.
parent
4c2e8d3f43
commit
4b0b70861c
|
@ -38,7 +38,6 @@ examples/tls/tls_client
|
|||
examples/pkcs7/pkcs7
|
||||
examples/timestamp/signed_timestamp
|
||||
examples/pcr/quote
|
||||
examples/pcr/quote_paramenc
|
||||
examples/pcr/extend
|
||||
examples/pcr/reset
|
||||
examples/timestamp/clock_set
|
||||
|
@ -51,8 +50,6 @@ tests/unit.test
|
|||
examples/keygen/keyload
|
||||
examples/keygen/keygen
|
||||
examples/keygen/keyimport
|
||||
examples/keygen/keygen_paramenc
|
||||
examples/keygen/keyload_paramenc
|
||||
|
||||
# Generated Cert Files
|
||||
certs/ca-*.pem
|
||||
|
|
|
@ -24,6 +24,7 @@ Portable TPM 2.0 project designed for embedded use.
|
|||
* TLS Client
|
||||
* TLS Server
|
||||
* Benchmarking TPM algorithms and TLS
|
||||
* Parameter encryption support using AES-CFB or XOR. Supports salted unbound authenticated sessions.
|
||||
|
||||
Note: See [examples/README.md](examples/README.md) for details on using the examples.
|
||||
|
||||
|
@ -637,6 +638,10 @@ Connection: close
|
|||
## Todo
|
||||
|
||||
* Update to v1.59 of specification.
|
||||
* Add HMAC support for "authValue".
|
||||
* Add ECC encrypted salt.
|
||||
* Add bound auth session support.
|
||||
* Add multiple auth session (nonceTPMDecrypt and nonceTPMEncrypt) support.
|
||||
|
||||
## Support
|
||||
|
||||
|
|
|
@ -6,6 +6,8 @@ The examples create RSA and ECC keys in NV for testing using handles defined in
|
|||
|
||||
The PKCS #7 and TLS examples require generating CSR's and signing them using a test script. See CSR and Certificate Signing below.
|
||||
|
||||
To enable parameter encryption use `-aes` for AES-CFB mode or `-xor` for XOR mode. Only some TPM commands / responses support parameter encryption. If the TPM2_ API has .flags `CMD_FLAG_ENC2` or `CMD_FLAG_DEC2` set then the command will use parameter encryption / decryption.
|
||||
|
||||
## Native API Test
|
||||
|
||||
Demonstrates calling native TPM2_* API's.
|
||||
|
@ -110,8 +112,8 @@ To use symmetric AES/Hashing/HMAC with the TPM define `WOLFTPM_USE_SYMMETRIC`.
|
|||
Generation of the Client and Server Certificates requires running:
|
||||
|
||||
|
||||
1. `./examples/keygen/keygen rsa_test_blob.raw -RSA -T`
|
||||
2. `./examples/keygen/keygen ecc_test_blob.raw -ECC -T`
|
||||
1. `./examples/keygen/keygen rsa_test_blob.raw -rsa -t`
|
||||
2. `./examples/keygen/keygen ecc_test_blob.raw -ecc -t`
|
||||
3. `./examples/csr/csr`
|
||||
4. `./certs/certreq.sh`
|
||||
5. Copy the CA files from wolfTPM to wolfSSL certs directory.
|
||||
|
@ -134,9 +136,9 @@ or
|
|||
`./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-ecc-cert.pem -i -V`
|
||||
|
||||
Then run the wolfTPM TLS client example:
|
||||
`./examples/tls/tls_client RSA`
|
||||
`./examples/tls/tls_client -rsa`
|
||||
or
|
||||
`./examples/tls/tls_client ECC`
|
||||
`./examples/tls/tls_client -ecc`
|
||||
|
||||
|
||||
### TLS Server
|
||||
|
@ -146,9 +148,9 @@ This example shows using a TPM key and certificate for a TLS server.
|
|||
By default it listens on port 11111 and can be overridden at build-time using the `TLS_PORT` macro.
|
||||
|
||||
Run the wolfTPM TLS server example:
|
||||
`./examples/tls/tls_server RSA`
|
||||
`./examples/tls/tls_server -rsa`
|
||||
or
|
||||
`./examples/tls/tls_server ECC`
|
||||
`./examples/tls/tls_server -ecc`
|
||||
|
||||
Then run the wolfSSL example client this like:
|
||||
`./examples/client/client -h localhost -p 11111 -g -d`
|
||||
|
@ -194,7 +196,7 @@ Performance benchmarks.
|
|||
Examples for generating a TPM key blob and storing to disk, then loading from disk and loading into temporary TPM handle.
|
||||
|
||||
```
|
||||
$ ./examples/keygen/keygen keyblob.bin -RSA
|
||||
$ ./examples/keygen/keygen keyblob.bin -rsa
|
||||
TPM2.0 Key generation example
|
||||
Loading SRK: Storage 0x81000200 (282 bytes)
|
||||
Creating new RSA key...
|
||||
|
@ -208,7 +210,7 @@ Reading 840 bytes from keyblob.bin
|
|||
Loaded key to 0x80000001
|
||||
|
||||
|
||||
$ ./examples/keygen/keygen keyblob.bin -ECC
|
||||
$ ./examples/keygen/keygen keyblob.bin -ecc
|
||||
TPM2.0 Key generation example
|
||||
Loading SRK: Storage 0x81000200 (282 bytes)
|
||||
Creating new ECC key...
|
||||
|
@ -225,7 +227,7 @@ Loaded key to 0x80000001
|
|||
Example for importing a private key as TPM key blob and storing to disk, then loading from disk and loading into temporary TPM handle.
|
||||
|
||||
```
|
||||
$ ./examples/keygen/keyimport keyblob.bin -RSA
|
||||
$ ./examples/keygen/keyimport keyblob.bin -rsa
|
||||
TPM2.0 Key import example
|
||||
Loading SRK: Storage 0x81000200 (282 bytes)
|
||||
Imported key (pub 278, priv 222 bytes)
|
||||
|
@ -238,7 +240,7 @@ Reading 840 bytes from keyblob.bin
|
|||
Loaded key to 0x80000001
|
||||
|
||||
|
||||
$ ./examples/keygen/keyimport keyblob.bin -ECC
|
||||
$ ./examples/keygen/keyimport keyblob.bin -ecc
|
||||
TPM2.0 Key Import example
|
||||
Loading SRK: Storage 0x81000200 (282 bytes)
|
||||
Imported key (pub 86, priv 126 bytes)
|
||||
|
|
|
@ -181,11 +181,22 @@ exit:
|
|||
return rc;
|
||||
}
|
||||
|
||||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/bench/bench [-aes/xor]\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN Bench Wrapper -- */
|
||||
/******************************************************************************/
|
||||
int TPM2_Wrapper_Bench(void* userCtx)
|
||||
{
|
||||
return TPM2_Wrapper_BenchArgs(userCtx, 0, NULL);
|
||||
}
|
||||
|
||||
int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[])
|
||||
int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
|
@ -199,11 +210,35 @@ int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[])
|
|||
TPM2B_ECC_POINT pubPoint;
|
||||
double start;
|
||||
int count;
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
|
||||
if (argc >= 2) {
|
||||
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "--help", 6) == 0) {
|
||||
usage();
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
||||
XMEMSET(&storageKey, 0, sizeof(storageKey));
|
||||
XMEMSET(&eccKey, 0, sizeof(eccKey));
|
||||
XMEMSET(&rsaKey, 0, sizeof(rsaKey));
|
||||
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
|
||||
|
||||
|
||||
printf("TPM2 Benchmark using Wrapper API's\n");
|
||||
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
/* Init the TPM2 device */
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
|
@ -213,6 +248,20 @@ int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[])
|
|||
rc = getPrimaryStoragekey(&dev, &storageKey, TPM_ALG_RSA);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storageKey, NULL,
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
||||
/* RNG Benchmark */
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
|
@ -423,6 +472,7 @@ exit:
|
|||
|
||||
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
|
||||
|
||||
wolfTPM2_Cleanup(&dev);
|
||||
|
||||
|
@ -441,7 +491,7 @@ int main(int argc, char *argv[])
|
|||
int rc = -1;
|
||||
|
||||
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(NO_TPM_BENCH)
|
||||
rc = TPM2_Wrapper_Bench(NULL, argc, argv);
|
||||
rc = TPM2_Wrapper_BenchArgs(NULL, argc, argv);
|
||||
#else
|
||||
printf("Wrapper code not compiled in\n");
|
||||
#endif
|
||||
|
|
|
@ -26,7 +26,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
int TPM2_Wrapper_Bench(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Wrapper_Bench(void* userCtx);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -137,7 +137,11 @@ exit:
|
|||
return rc;
|
||||
}
|
||||
|
||||
int TPM2_CSR_Example(void* userCtx, int argc, char *argv[])
|
||||
int TPM2_CSR_Example(void* userCtx)
|
||||
{
|
||||
return TPM2_CSR_ExampleArgs(userCtx, 0, NULL);
|
||||
}
|
||||
int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
|
@ -243,7 +247,7 @@ int main(int argc, char *argv[])
|
|||
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
|
||||
defined(WOLFSSL_CERT_REQ) && \
|
||||
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
|
||||
rc = TPM2_CSR_Example(NULL, argc, argv);
|
||||
rc = TPM2_CSR_ExampleArgs(NULL, argc, argv);
|
||||
#else
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
|
|
|
@ -26,7 +26,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
int TPM2_CSR_Example(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_CSR_Example(void* userCtx);
|
||||
int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -37,9 +37,10 @@
|
|||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("keygen [keyblob.bin] [-ECC/-RSA] [-T] [-e]\n");
|
||||
printf("-T: Use default template (otherwise AIK)\n");
|
||||
printf("-e: Use Parameter Encryption\n");
|
||||
printf("./examples/keygen/keygen [keyblob.bin] [-ecc/-rsa] [-t] [-aes/xor]\n");
|
||||
printf("* -ecc: Use RSA or ECC for keys\n");
|
||||
printf("* -t: Use default template (otherwise AIK)\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
|
||||
|
@ -50,7 +51,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
|
|||
WOLFTPM2_KEYBLOB newKey;
|
||||
TPMT_PUBLIC publicTemplate;
|
||||
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */
|
||||
int useParamEnc = 0;
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
TPM2B_AUTH auth;
|
||||
int bAIK = 1;
|
||||
|
@ -71,14 +72,17 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
|
|||
outputFile = argv[1];
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-ECC", 4) == 0) {
|
||||
if (XSTRNCMP(argv[argc-1], "-ecc", 4) == 0) {
|
||||
alg = TPM_ALG_ECC;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-T", 2) == 0) {
|
||||
if (XSTRNCMP(argv[argc-1], "-t", 2) == 0) {
|
||||
bAIK = 0;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-e", 2) == 0) {
|
||||
useParamEnc = 1;
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
@ -92,7 +96,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
|
|||
printf("\tKey Blob: %s\n", outputFile);
|
||||
printf("\tAlgorithm: %s\n", TPM2_GetAlgName(alg));
|
||||
printf("\tTemplate: %s\n", bAIK ? "AIK" : "Default");
|
||||
printf("\tUse Parameter Encryption: %d\n", useParamEnc);
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
|
@ -104,10 +108,10 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
|
|||
rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_RSA);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
if (useParamEnc) {
|
||||
/* Start an authenticated session (salted / unbound with AES CFB parameter encryption) */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storage, NULL,
|
||||
TPM_SE_POLICY, TPM_ALG_CFB);
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
|
|
@ -29,8 +29,6 @@
|
|||
int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Keygen_ParamEnc_Example(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Keyload_ParamEnc_Example(void* userCtx, int argc, char *argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -38,11 +38,11 @@
|
|||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("keyimport [keyblob.bin] [-ECC/-RSA] [-e]\n");
|
||||
printf("-e: Use Parameter Encryption\n");
|
||||
printf("./examples/keygen/keyimport [keyblob.bin] [-ecc/-rsa] [-aes/xor]\n");
|
||||
printf("* -ecc: Use RSA or ECC for keys\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
|
||||
int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
|
@ -50,7 +50,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
|
|||
WOLFTPM2_KEY storage; /* SRK */
|
||||
WOLFTPM2_KEYBLOB impKey;
|
||||
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */
|
||||
int useParamEnc = 0;
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
|
||||
XFILE f;
|
||||
|
@ -70,11 +70,14 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
|
|||
outputFile = argv[1];
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-ECC", 4) == 0) {
|
||||
if (XSTRNCMP(argv[argc-1], "-ecc", 4) == 0) {
|
||||
alg = TPM_ALG_ECC;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-e", 2) == 0) {
|
||||
useParamEnc = 1;
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
@ -86,7 +89,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
|
|||
printf("TPM2.0 Key Import example\n");
|
||||
printf("\tKey Blob: %s\n", outputFile);
|
||||
printf("\tAlgorithm: %s\n", TPM2_GetAlgName(alg));
|
||||
printf("\tUse Parameter Encryption: %d\n", useParamEnc);
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
|
@ -98,10 +101,10 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
|
|||
rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_RSA);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
if (useParamEnc) {
|
||||
/* Start an authenticated session (salted / unbound with AES CFB parameter encryption) */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storage, NULL,
|
||||
TPM_SE_POLICY, TPM_ALG_CFB);
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
|
|
@ -46,8 +46,8 @@
|
|||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("keyload [keyblob.bin] [-e]\n");
|
||||
printf("-e: Use Parameter Encryption\n");
|
||||
printf("./examples/keygen/keyload [keyblob.bin] [-aes/xor]\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
|
||||
|
@ -56,7 +56,7 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
|
|||
WOLFTPM2_DEV dev;
|
||||
WOLFTPM2_KEY storage; /* SRK */
|
||||
WOLFTPM2_KEYBLOB newKey;
|
||||
int useParamEnc = 0;
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
|
||||
XFILE f;
|
||||
|
@ -75,8 +75,11 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
|
|||
inputFile = argv[1];
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-e", 2) == 0) {
|
||||
useParamEnc = 1;
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
@ -87,7 +90,7 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
|
|||
|
||||
printf("TPM2.0 Key load example\n");
|
||||
printf("\tKey Blob: %s\n", inputFile);
|
||||
printf("\tUse Parameter Encryption: %d\n", useParamEnc);
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
|
@ -99,10 +102,10 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
|
|||
rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_RSA);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
if (useParamEnc) {
|
||||
/* Start an authenticated session (salted / unbound with AES CFB parameter encryption) */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storage, NULL,
|
||||
TPM_SE_POLICY, TPM_ALG_CFB);
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
|
|
@ -53,7 +53,11 @@ typedef struct tmpHandle {
|
|||
} TpmHandle;
|
||||
|
||||
|
||||
int TPM2_Native_Test(void* userCtx, int argc, char *argv[])
|
||||
int TPM2_Native_Test(void* userCtx)
|
||||
{
|
||||
return TPM2_Native_TestArgs(userCtx, 0, NULL);
|
||||
}
|
||||
int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
TPM2_CTX tpm2Ctx;
|
||||
|
@ -377,7 +381,8 @@ int TPM2_Native_Test(void* userCtx, int argc, char *argv[])
|
|||
}
|
||||
|
||||
/* PCR Extend and Verify */
|
||||
pcrIndex = 16; /* Working with PCR16 because of next PCR Reset test */
|
||||
/* Working with PCR16 because of next PCR Reset test */
|
||||
pcrIndex = TPM2_TEST_PCR;
|
||||
XMEMSET(&cmdIn.pcrExtend, 0, sizeof(cmdIn.pcrExtend));
|
||||
cmdIn.pcrExtend.pcrHandle = pcrIndex;
|
||||
cmdIn.pcrExtend.digests.count = 1;
|
||||
|
@ -414,9 +419,9 @@ int TPM2_Native_Test(void* userCtx, int argc, char *argv[])
|
|||
|
||||
/* PCR Reset
|
||||
Only PCR16(DEBUG) and PCR23(Application specific) can be reset
|
||||
in locality 0. This is the only locality supoprted by wolfTPM.
|
||||
in locality 0. This is the only locality supported by wolfTPM.
|
||||
*/
|
||||
pcrIndex = 16;
|
||||
pcrIndex = TPM2_TEST_PCR;
|
||||
XMEMSET(&cmdIn.pcrReset, 0, sizeof(cmdIn.pcrReset));
|
||||
cmdIn.pcrReset.pcrHandle = pcrIndex;
|
||||
rc = TPM2_PCR_Reset(&cmdIn.pcrReset);
|
||||
|
@ -1373,7 +1378,7 @@ int main(int argc, char *argv[])
|
|||
{
|
||||
int rc;
|
||||
|
||||
rc = TPM2_Native_Test(NULL, argc, argv);
|
||||
rc = TPM2_Native_TestArgs(NULL, argc, argv);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -26,7 +26,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
int TPM2_Native_Test(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Native_Test(void* userCtx);
|
||||
int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -45,8 +45,8 @@ static void usage(void)
|
|||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/pcr/extend [pcr] [filename]\n");
|
||||
printf("* pcr is a PCR index between 0-23 (default %d)\n", TPM2_TEST_PCR);
|
||||
printf("* filename points to file(data) to measure\n");
|
||||
printf("* pcr: PCR index between 0-23 (default %d)\n", TPM2_TEST_PCR);
|
||||
printf("* filename: points to file(data) to measure\n");
|
||||
printf("\tIf wolfTPM is built with --disable-wolfcrypt the file\n"
|
||||
"\tmust contain SHA256 digest ready for extend operation.\n"
|
||||
"\tOtherwise, the extend tool computes the hash using wolfcrypt.\n");
|
||||
|
|
|
@ -41,13 +41,14 @@
|
|||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/pcr/quote [pcr] [filename] [-e]\n");
|
||||
printf("* pcr is a PCR index between 0-23 (default %d)\n", TPM2_TEST_PCR);
|
||||
printf("* filename for saving the TPMS_ATTEST structure to a file\n");
|
||||
printf("./examples/pcr/quote [pcr] [filename] [-ecc] [-aes/xor]\n");
|
||||
printf("* pcr: PCR index between 0-23 (default %d)\n", TPM2_TEST_PCR);
|
||||
printf("* filename: for saving the TPMS_ATTEST structure to a file\n");
|
||||
printf("* -ecc: Use RSA or ECC for EK/AIK\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
printf("Demo usage without parameters, generates quote over PCR%d and\n"
|
||||
"saves the output TPMS_ATTEST structure to \"quote.blob\" file.\n",
|
||||
TPM2_TEST_PCR);
|
||||
printf("-e: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
||||
|
@ -58,11 +59,10 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
int dataSz;
|
||||
WOLFTPM2_DEV dev;
|
||||
TPMS_ATTEST attestedData;
|
||||
|
||||
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */
|
||||
WOLFTPM2_KEY endorse; /* EK */
|
||||
WOLFTPM2_KEY storage; /* SRK */
|
||||
WOLFTPM2_KEY rsaKey; /* AIK */
|
||||
|
||||
WOLFTPM2_KEY aik; /* AIK */
|
||||
union {
|
||||
Quote_In quoteAsk;
|
||||
byte maxInput[MAX_COMMAND_SIZE];
|
||||
|
@ -71,12 +71,17 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
Quote_Out quoteResult;
|
||||
byte maxOutput[MAX_RESPONSE_SIZE];
|
||||
} cmdOut;
|
||||
int useParamEnc = 0;
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
|
||||
XFILE f;
|
||||
#endif
|
||||
|
||||
XMEMSET(&endorse, 0, sizeof(endorse));
|
||||
XMEMSET(&storage, 0, sizeof(storage));
|
||||
XMEMSET(&aik, 0, sizeof(aik));
|
||||
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
|
||||
|
||||
if (argc >= 2) {
|
||||
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
|
||||
|
@ -98,21 +103,23 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
outputFile = argv[2];
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-e", 2) == 0) {
|
||||
useParamEnc = 1;
|
||||
if (XSTRNCMP(argv[argc-1], "-ecc", 4) == 0) {
|
||||
alg = TPM_ALG_ECC;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
||||
XMEMSET(&endorse, 0, sizeof(endorse));
|
||||
XMEMSET(&storage, 0, sizeof(storage));
|
||||
XMEMSET(&rsaKey, 0, sizeof(rsaKey));
|
||||
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
|
||||
|
||||
printf("PCR Quote example - Demo of signed PCR measurement\n");
|
||||
printf("\tOutput file: %s\n", outputFile);
|
||||
printf("\tPCR Index: %d\n", pcrIndex);
|
||||
printf("\tUse Parameter Encryption: %d\n", useParamEnc);
|
||||
printf("\tUse %s SRK/AIK\n", TPM2_GetAlgName(alg));
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
|
@ -122,7 +129,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
printf("wolfTPM2_Init: success\n");
|
||||
|
||||
/* Create Endorsement Key, also called EK */
|
||||
rc = wolfTPM2_CreateEK(&dev, &endorse, TPM_ALG_RSA);
|
||||
rc = wolfTPM2_CreateEK(&dev, &endorse, alg);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("wolfTPM2_CreateEK: Endorsement failed 0x%x: %s\n",
|
||||
rc, TPM2_GetRCString(rc));
|
||||
|
@ -132,11 +139,11 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
(word32)endorse.handle.hndl, endorse.pub.size);
|
||||
|
||||
/* get SRK */
|
||||
rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_RSA);
|
||||
rc = getPrimaryStoragekey(&dev, &storage, alg);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Create an RSA key for Attestation purposes */
|
||||
rc = wolfTPM2_CreateAndLoadAIK(&dev, &rsaKey, TPM_ALG_RSA, &storage,
|
||||
/* Create key for Attestation purposes */
|
||||
rc = wolfTPM2_CreateAndLoadAIK(&dev, &aik, alg, &storage,
|
||||
(const byte*)gUsageAuth, sizeof(gUsageAuth)-1);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("wolfTPM2_CreateAndLoadAIK failed 0x%x: %s\n", rc,
|
||||
|
@ -144,12 +151,12 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
goto exit;
|
||||
}
|
||||
printf("wolfTPM2_CreateAndLoadAIK: AIK 0x%x (%d bytes)\n",
|
||||
(word32)rsaKey.handle.hndl, rsaKey.pub.size);
|
||||
(word32)aik.handle.hndl, aik.pub.size);
|
||||
|
||||
if (useParamEnc) {
|
||||
/* Start an authenticated session (salted / unbound with AES CFB parameter encryption) */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storage, NULL,
|
||||
TPM_SE_POLICY, TPM_ALG_CFB);
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
@ -161,14 +168,14 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
}
|
||||
|
||||
/* set auth for using the AIK */
|
||||
wolfTPM2_SetAuthHandle(&dev, 0, &rsaKey.handle);
|
||||
wolfTPM2_SetAuthHandle(&dev, 0, &aik.handle);
|
||||
|
||||
/* Prepare Quote request */
|
||||
XMEMSET(&cmdIn.quoteAsk, 0, sizeof(cmdIn.quoteAsk));
|
||||
XMEMSET(&cmdOut.quoteResult, 0, sizeof(cmdOut.quoteResult));
|
||||
cmdIn.quoteAsk.signHandle = rsaKey.handle.hndl;
|
||||
cmdIn.quoteAsk.inScheme.scheme = TPM_ALG_RSASSA;
|
||||
cmdIn.quoteAsk.inScheme.details.rsassa.hashAlg = TPM_ALG_SHA256;
|
||||
cmdIn.quoteAsk.signHandle = aik.handle.hndl;
|
||||
cmdIn.quoteAsk.inScheme.scheme = alg == TPM_ALG_RSA ? TPM_ALG_RSASSA : TPM_ALG_ECDSA;
|
||||
cmdIn.quoteAsk.inScheme.details.any.hashAlg = TPM_ALG_SHA256;
|
||||
cmdIn.quoteAsk.qualifyingData.size = 0; /* optional */
|
||||
/* Choose PCR for signing */
|
||||
TPM2_SetupPCRSel(&cmdIn.quoteAsk.PCRselect, TPM_ALG_SHA256, pcrIndex);
|
||||
|
@ -223,7 +230,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
exit:
|
||||
|
||||
/* Close key handles */
|
||||
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &aik.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &storage.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &endorse.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
|
||||
|
|
|
@ -292,8 +292,11 @@ exit:
|
|||
return rc;
|
||||
}
|
||||
|
||||
|
||||
int TPM2_PKCS7_Example(void* userCtx, int argc, char *argv[])
|
||||
int TPM2_PKCS7_Example(void* userCtx)
|
||||
{
|
||||
return TPM2_PKCS7_ExampleArgs(userCtx, 0, NULL);
|
||||
}
|
||||
int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
|
@ -409,7 +412,7 @@ int main(int argc, char *argv[])
|
|||
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
|
||||
defined(HAVE_PKCS7) && \
|
||||
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
|
||||
rc = TPM2_PKCS7_Example(NULL, argc, argv);
|
||||
rc = TPM2_PKCS7_ExampleArgs(NULL, argc, argv);
|
||||
#else
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
|
|
|
@ -26,7 +26,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
int TPM2_PKCS7_Example(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_PKCS7_Example(void* userCtx);
|
||||
int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -39,7 +39,7 @@
|
|||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/clock/clockSet [time]\n");
|
||||
printf("./examples/clock/clock_set [time]\n");
|
||||
printf("* time is a value in miliseconds used as increment (optional)\n");
|
||||
printf("* Default time value is 50000 ms (50 seconds)\n");
|
||||
printf("\tThe TPM clock can be set only forward.\n");
|
||||
|
|
|
@ -5,7 +5,8 @@ if BUILD_EXAMPLES
|
|||
noinst_PROGRAMS += examples/timestamp/signed_timestamp
|
||||
noinst_HEADERS += examples/timestamp/signed_timestamp.h
|
||||
examples_timestamp_signed_timestamp_SOURCES = examples/timestamp/signed_timestamp.c \
|
||||
examples/tpm_io.c
|
||||
examples/tpm_io.c \
|
||||
examples/tpm_test_keys.c
|
||||
examples_timestamp_signed_timestamp_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
|
||||
examples_timestamp_signed_timestamp_DEPENDENCIES = src/libwolftpm.la
|
||||
endif
|
||||
|
|
|
@ -29,6 +29,7 @@
|
|||
|
||||
#include <examples/tpm_io.h>
|
||||
#include <examples/tpm_test.h>
|
||||
#include <examples/tpm_test_keys.h>
|
||||
#include "signed_timestamp.h"
|
||||
|
||||
#include <stdio.h>
|
||||
|
@ -38,48 +39,72 @@
|
|||
/* --- BEGIN TPM Timestamp Test -- */
|
||||
/******************************************************************************/
|
||||
|
||||
int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
|
||||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/timestamp/signed_timestamp [-ecc] [-aes/xor]\n");
|
||||
printf("* -ecc: Use RSA or ECC for EK/AIK\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
int TPM2_Timestamp_Test(void* userCtx)
|
||||
{
|
||||
return TPM2_Timestamp_TestArgs(userCtx, 0, NULL);
|
||||
}
|
||||
int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
TPMS_ATTEST attestedData;
|
||||
#ifdef WOLFTPM_WINAPI
|
||||
int tryNVkey = 0;
|
||||
#else
|
||||
int tryNVkey = 1;
|
||||
#endif
|
||||
|
||||
union {
|
||||
/* For managing TPM session */
|
||||
StartAuthSession_In authSes;
|
||||
PolicySecret_In policySecret;
|
||||
/* For removing keys after use */
|
||||
FlushContext_In flushCtx;
|
||||
byte maxInput[MAX_COMMAND_SIZE];
|
||||
} cmdIn;
|
||||
union {
|
||||
ReadClock_Out readClock;
|
||||
GetTime_Out getTime;
|
||||
/* Output from session operations */
|
||||
StartAuthSession_Out authSes;
|
||||
PolicySecret_Out policySecret;
|
||||
byte maxOutput[MAX_RESPONSE_SIZE];
|
||||
} cmdOut;
|
||||
|
||||
TPM_HANDLE sessionHandle = TPM_RH_NULL;
|
||||
|
||||
WOLFTPM2_KEY endorse; /* EK */
|
||||
WOLFTPM2_KEY storage; /* SRK */
|
||||
WOLFTPM2_KEY rsaKey; /* AIK */
|
||||
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
WOLFTPM2_KEY aik; /* AIK */
|
||||
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
TPMA_SESSION sessionAttributes;
|
||||
|
||||
XMEMSET(&endorse, 0, sizeof(endorse));
|
||||
XMEMSET(&storage, 0, sizeof(storage));
|
||||
XMEMSET(&rsaKey, 0, sizeof(rsaKey));
|
||||
XMEMSET(&aik, 0, sizeof(aik));
|
||||
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
|
||||
|
||||
if (argc >= 2) {
|
||||
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "--help", 6) == 0) {
|
||||
usage();
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-ecc", 4) == 0) {
|
||||
alg = TPM_ALG_ECC;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
||||
printf("TPM2 Demo of generating signed timestamp from the TPM\n");
|
||||
printf("\tUse %s SRK/AIK\n", TPM2_GetAlgName(alg));
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("wolfTPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
|
@ -99,7 +124,7 @@ int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
|
|||
|
||||
|
||||
/* Create Endorsement Key, also called EK */
|
||||
rc = wolfTPM2_CreateEK(&dev, &endorse, TPM_ALG_RSA);
|
||||
rc = wolfTPM2_CreateEK(&dev, &endorse, alg);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("wolfTPM2_CreateEK: Endorsement failed 0x%x: %s\n",
|
||||
rc, TPM2_GetRCString(rc));
|
||||
|
@ -109,45 +134,8 @@ int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
|
|||
(word32)endorse.handle.hndl, endorse.pub.size);
|
||||
|
||||
|
||||
/* Create RSA Storage Key, also called SRK */
|
||||
/* See if SRK already exists */
|
||||
if (tryNVkey) {
|
||||
rc = wolfTPM2_ReadPublicKey(&dev, &storage, TPM2_DEMO_STORAGE_KEY_HANDLE);
|
||||
#ifdef TEST_WRAP_DELETE_KEY
|
||||
if (rc == 0) {
|
||||
storage.handle.hndl = TPM2_DEMO_STORAGE_KEY_HANDLE;
|
||||
rc = wolfTPM2_NVDeleteKey(&dev, TPM_RH_OWNER, &storage);
|
||||
if (rc != 0) goto exit;
|
||||
rc = TPM_RC_HANDLE; /* mark handle as missing */
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
if (!tryNVkey || (tryNVkey && rc != 0)) {
|
||||
/* Create primary storage key (RSA) */
|
||||
rc = wolfTPM2_CreateSRK(&dev, &storage, TPM_ALG_RSA,
|
||||
(byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
if (tryNVkey) {
|
||||
/* Move storage key into persistent NV */
|
||||
rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storage,
|
||||
TPM2_DEMO_STORAGE_KEY_HANDLE);
|
||||
if (rc != 0) {
|
||||
wolfTPM2_UnloadHandle(&dev, &storage.handle);
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
printf("Created new RSA Primary Storage Key at 0x%x\n",
|
||||
storage.handle.hndl);
|
||||
}
|
||||
else {
|
||||
/* specify auth password for storage key */
|
||||
storage.handle.auth.size = sizeof(gStorageKeyAuth)-1;
|
||||
XMEMCPY(storage.handle.auth.buffer, gStorageKeyAuth,
|
||||
storage.handle.auth.size);
|
||||
}
|
||||
/* Create Storage Key, also called SRK */
|
||||
rc = getPrimaryStoragekey(&dev, &storage, alg);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("wolfTPM2_CreateSRK: Storage failed 0x%x: %s\n", rc,
|
||||
TPM2_GetRCString(rc));
|
||||
|
@ -156,36 +144,21 @@ int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
|
|||
printf("wolfTPM2_CreateSRK: Storage 0x%x (%d bytes)\n",
|
||||
(word32)storage.handle.hndl, storage.pub.size);
|
||||
|
||||
/* Start an authenticated session (salted / unbound) */
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, NULL, NULL,
|
||||
TPM_SE_POLICY, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* Start Auth Session */
|
||||
XMEMSET(&cmdIn.authSes, 0, sizeof(cmdIn.authSes));
|
||||
cmdIn.authSes.sessionType = TPM_SE_POLICY;
|
||||
cmdIn.authSes.tpmKey = TPM_RH_NULL;
|
||||
cmdIn.authSes.bind = TPM_RH_NULL;
|
||||
cmdIn.authSes.symmetric.algorithm = TPM_ALG_NULL;
|
||||
cmdIn.authSes.authHash = TPM_ALG_SHA256;
|
||||
cmdIn.authSes.nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
|
||||
rc = TPM2_GetNonce(cmdIn.authSes.nonceCaller.buffer,
|
||||
cmdIn.authSes.nonceCaller.size);
|
||||
if (rc < 0) {
|
||||
printf("TPM2_GetNonce failed 0x%x: %s\n", rc,
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
rc = TPM2_StartAuthSession(&cmdIn.authSes, &cmdOut.authSes);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_StartAuthSession failed 0x%x: %s\n", rc,
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
sessionHandle = cmdOut.authSes.sessionHandle;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n", (word32)sessionHandle);
|
||||
|
||||
/* Set the endorsement password (blank) */
|
||||
rc = wolfTPM2_SetAuthPassword(&dev, 0, NULL);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Set PolicySecret for our session to enable use of the Endorsement Hierarchy */
|
||||
XMEMSET(&cmdIn.policySecret, 0, sizeof(cmdIn.policySecret));
|
||||
cmdIn.policySecret.authHandle = TPM_RH_ENDORSEMENT;
|
||||
cmdIn.policySecret.policySession = sessionHandle;
|
||||
cmdIn.policySecret.policySession = tpmSession.handle.hndl;
|
||||
rc = TPM2_PolicySecret(&cmdIn.policySecret, &cmdOut.policySecret);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("policySecret failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
|
@ -193,14 +166,13 @@ int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
|
|||
}
|
||||
printf("TPM2_policySecret success\n"); /* No use of the output */
|
||||
|
||||
|
||||
/* At this stage, the EK is created and NULL password has already been set
|
||||
* The EH is enabled through policySecret over the active TPM session and
|
||||
* the creation of Attestation Identity Key (AIK) under the EH can take place.
|
||||
*/
|
||||
|
||||
/* Create an Attestation RSA key (AIK) */
|
||||
rc = wolfTPM2_CreateAndLoadAIK(&dev, &rsaKey, TPM_ALG_RSA, &storage,
|
||||
/* Create an Attestation key (AIK) */
|
||||
rc = wolfTPM2_CreateAndLoadAIK(&dev, &aik, alg, &storage,
|
||||
(const byte*)gAiKeyAuth, sizeof(gAiKeyAuth)-1);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("wolfTPM2_CreateAndLoadAIK failed 0x%x: %s\n", rc,
|
||||
|
@ -208,14 +180,27 @@ int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
|
|||
goto exit;
|
||||
}
|
||||
printf("wolfTPM2_CreateAndLoadAIK: AIK 0x%x (%d bytes)\n",
|
||||
(word32)rsaKey.handle.hndl, rsaKey.pub.size);
|
||||
(word32)aik.handle.hndl, aik.pub.size);
|
||||
|
||||
|
||||
/* set NULL password auth for using EK */
|
||||
wolfTPM2_SetAuthPassword(&dev, 0, NULL);
|
||||
|
||||
/* set auth for using the AIK */
|
||||
wolfTPM2_SetAuthHandle(&dev, 1, &rsaKey.handle);
|
||||
wolfTPM2_SetAuthHandle(&dev, 1, &aik.handle);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
sessionAttributes = TPMA_SESSION_continueSession;
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
sessionAttributes |= (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt);
|
||||
}
|
||||
#if 0
|
||||
/* TODO: Investigate param enc with signed timestamp */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 2, &tpmSession, sessionAttributes);
|
||||
if (rc != 0) goto exit;
|
||||
#else
|
||||
(void)sessionAttributes;
|
||||
#endif
|
||||
|
||||
/* At this stage: The EK is created, AIK is created and loaded,
|
||||
* Endorsement Hierarchy is enabled through policySecret,
|
||||
|
@ -224,7 +209,7 @@ int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[])
|
|||
*/
|
||||
|
||||
/* Get signed by the TPM timestamp using the AIK key */
|
||||
rc = wolfTPM2_GetTime(&rsaKey, &cmdOut.getTime);
|
||||
rc = wolfTPM2_GetTime(&aik, &cmdOut.getTime);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("wolfTPM2_GetTime failed 0x%x: %s\n", rc,
|
||||
TPM2_GetRCString(rc));
|
||||
|
@ -269,19 +254,9 @@ exit:
|
|||
printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
}
|
||||
|
||||
/* Close session */
|
||||
if (sessionHandle != TPM_RH_NULL) {
|
||||
cmdIn.flushCtx.flushHandle = sessionHandle;
|
||||
TPM2_FlushContext(&cmdIn.flushCtx);
|
||||
}
|
||||
|
||||
/* Close key handles */
|
||||
if (!tryNVkey) {
|
||||
wolfTPM2_UnloadHandle(&dev, &storage.handle);
|
||||
}
|
||||
|
||||
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &aik.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &endorse.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
|
||||
|
||||
wolfTPM2_Cleanup(&dev);
|
||||
return rc;
|
||||
|
@ -300,7 +275,7 @@ int main(int argc, char *argv[])
|
|||
int rc = -1;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Timestamp_Test(NULL, argc, argv);
|
||||
rc = TPM2_Timestamp_TestArgs(NULL, argc, argv);
|
||||
#else
|
||||
printf("Wrapper code not compiled in\n");
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
|
|
@ -26,7 +26,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
int TPM2_Timestamp_Test(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Timestamp_Test(void* userCtx);
|
||||
int TPM2_Timestamp_TestArgs(void* userCtx, int argc, char *argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -77,7 +77,20 @@
|
|||
/******************************************************************************/
|
||||
/* --- BEGIN TPM TLS Client Example -- */
|
||||
/******************************************************************************/
|
||||
int TPM2_TLS_Client(void* userCtx, int argc, char *argv[])
|
||||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/tls/tls_client [-ecc] [-aes/xor]\n");
|
||||
printf("* -ecc: Use RSA or ECC key\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
int TPM2_TLS_Client(void* userCtx)
|
||||
{
|
||||
return TPM2_TLS_ClientArgs(userCtx, 0, NULL);
|
||||
}
|
||||
|
||||
int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
|
@ -108,18 +121,46 @@ int TPM2_TLS_Client(void* userCtx, int argc, char *argv[])
|
|||
int i;
|
||||
#endif
|
||||
int useECC = 0;
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
|
||||
/* initialize variables */
|
||||
XMEMSET(&storageKey, 0, sizeof(storageKey));
|
||||
XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx));
|
||||
sockIoCtx.fd = -1;
|
||||
XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
|
||||
#ifndef NO_RSA
|
||||
XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey));
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey));
|
||||
#endif
|
||||
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
|
||||
|
||||
printf("TPM2 TLS Client Example\n");
|
||||
|
||||
if (argc > 1) {
|
||||
if (XSTRNCMP(argv[1], "ECC", 3) == 0) {
|
||||
useECC = 1;
|
||||
if (argc >= 2) {
|
||||
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "--help", 6) == 0) {
|
||||
usage();
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-ecc", 4) == 0) {
|
||||
useECC = 1;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
||||
printf("TPM2 TLS Client Example\n");
|
||||
printf("\tUse %s keys\n", useECC ? "ECC" : "RSA");
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
/* Init the TPM2 device */
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
|
@ -129,13 +170,10 @@ int TPM2_TLS_Client(void* userCtx, int argc, char *argv[])
|
|||
}
|
||||
|
||||
/* Setup the wolf crypto device callback */
|
||||
XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
|
||||
#ifndef NO_RSA
|
||||
XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey));
|
||||
tpmCtx.rsaKey = &rsaKey;
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey));
|
||||
tpmCtx.eccKey = &eccKey;
|
||||
#endif
|
||||
tpmCtx.checkKeyCb = myTpmCheckKey; /* detects if using "dummy" key */
|
||||
|
@ -149,6 +187,20 @@ int TPM2_TLS_Client(void* userCtx, int argc, char *argv[])
|
|||
rc = getPrimaryStoragekey(&dev, &storageKey, TPM_ALG_RSA);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storageKey, NULL,
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (!useECC) {
|
||||
/* Create/Load RSA key for TLS authentication */
|
||||
|
@ -497,7 +549,7 @@ int main(int argc, char* argv[])
|
|||
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
|
||||
!defined(NO_WOLFSSL_CLIENT) && \
|
||||
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
|
||||
rc = TPM2_TLS_Client(NULL, argc, argv);
|
||||
rc = TPM2_TLS_ClientArgs(NULL, argc, argv);
|
||||
#else
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
|
|
|
@ -26,8 +26,10 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
int TPM2_TLS_Client(void* userCtx, int argc, char *argv[]);
|
||||
int TLS_Client(int argc, char *argv[]);
|
||||
int TPM2_TLS_Client(void* userCtx);
|
||||
int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]);
|
||||
int TLS_Client(void);
|
||||
int TLS_ClientArgs(int argc, char *argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -62,7 +62,11 @@
|
|||
/******************************************************************************/
|
||||
/* --- BEGIN TLS Client Example -- */
|
||||
/******************************************************************************/
|
||||
int TLS_Client(int argc, char *argv[])
|
||||
int TLS_Client(void)
|
||||
{
|
||||
return TLS_ClientArgs(0, NULL);
|
||||
}
|
||||
int TLS_ClientArgs(int argc, char *argv[])
|
||||
{
|
||||
int rc = 0;
|
||||
SockIoCbCtx sockIoCtx;
|
||||
|
@ -302,7 +306,7 @@ int main(int argc, char *argv[])
|
|||
|
||||
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
|
||||
!defined(NO_WOLFSSL_CLIENT)
|
||||
rc = TLS_Client(argc, argv);
|
||||
rc = TLS_ClientArgs(argc, argv);
|
||||
#else
|
||||
printf("WolfSSL Client code not compiled in\n");
|
||||
(void)argc;
|
||||
|
|
|
@ -60,7 +60,7 @@
|
|||
/* force use of a TLS cipher suite */
|
||||
#if 0
|
||||
#ifndef TLS_CIPHER_SUITE
|
||||
#define TLS_CIPHER_SUITE "ECDHE-RSA-AES128-SHA256"
|
||||
#define TLS_CIPHER_SUITE "ECDHE-rsa-AES128-SHA256"
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
|
|
@ -74,7 +74,19 @@
|
|||
/******************************************************************************/
|
||||
/* --- BEGIN TLS SERVER Example -- */
|
||||
/******************************************************************************/
|
||||
int TPM2_TLS_Server(void* userCtx, int argc, char *argv[])
|
||||
static void usage(void)
|
||||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/tls/tls_server [-ecc] [-aes/xor]\n");
|
||||
printf("* -ecc: Use RSA or ECC key\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
int TPM2_TLS_Server(void* userCtx)
|
||||
{
|
||||
return TPM2_TLS_ServerArgs(userCtx, 0, NULL);
|
||||
}
|
||||
int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
|
@ -116,18 +128,46 @@ int TPM2_TLS_Server(void* userCtx, int argc, char *argv[])
|
|||
int total_size;
|
||||
#endif
|
||||
int useECC = 0;
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
|
||||
/* initialize variables */
|
||||
XMEMSET(&storageKey, 0, sizeof(storageKey));
|
||||
XMEMSET(&sockIoCtx, 0, sizeof(sockIoCtx));
|
||||
sockIoCtx.fd = -1;
|
||||
XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
|
||||
#ifndef NO_RSA
|
||||
XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey));
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey));
|
||||
#endif
|
||||
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
|
||||
|
||||
printf("TPM2 TLS Server Example\n");
|
||||
|
||||
if (argc > 1) {
|
||||
if (XSTRNCMP(argv[1], "ECC", 3) == 0) {
|
||||
useECC = 1;
|
||||
if (argc >= 2) {
|
||||
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "--help", 6) == 0) {
|
||||
usage();
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-ecc", 4) == 0) {
|
||||
useECC = 1;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
||||
printf("TPM2 TLS Server Example\n");
|
||||
printf("\tUse %s keys\n", useECC ? "ECC" : "RSA");
|
||||
printf("\tUse Parameter Encryption: %s\n", TPM2_GetAlgName(paramEncAlg));
|
||||
|
||||
/* Init the TPM2 device */
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
|
@ -137,13 +177,10 @@ int TPM2_TLS_Server(void* userCtx, int argc, char *argv[])
|
|||
}
|
||||
|
||||
/* Setup the wolf crypto device callback */
|
||||
XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
|
||||
#ifndef NO_RSA
|
||||
XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey));
|
||||
tpmCtx.rsaKey = &rsaKey;
|
||||
#endif
|
||||
#ifdef HAVE_ECC
|
||||
XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey));
|
||||
tpmCtx.eccKey = &eccKey;
|
||||
#endif
|
||||
tpmCtx.checkKeyCb = myTpmCheckKey; /* detects if using "dummy" key */
|
||||
|
@ -158,6 +195,20 @@ int TPM2_TLS_Server(void* userCtx, int argc, char *argv[])
|
|||
rc = getPrimaryStoragekey(&dev, &storageKey, TPM_ALG_RSA);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storageKey, NULL,
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (!useECC) {
|
||||
/* Create/Load RSA key for TLS authentication */
|
||||
|
@ -323,7 +374,7 @@ int TPM2_TLS_Server(void* userCtx, int argc, char *argv[])
|
|||
|
||||
#if 0
|
||||
/* Optionally choose the cipher suite */
|
||||
rc = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256");
|
||||
rc = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-rsa-AES128-GCM-SHA256");
|
||||
if (rc != WOLFSSL_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
@ -466,7 +517,7 @@ int main(int argc, char* argv[])
|
|||
#if !defined(WOLFTPM2_NO_WRAPPER) && !defined(WOLFTPM2_NO_WOLFCRYPT) && \
|
||||
!defined(NO_WOLFSSL_SERVER) && \
|
||||
(defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB))
|
||||
rc = TPM2_TLS_Server(NULL, argc, argv);
|
||||
rc = TPM2_TLS_ServerArgs(NULL, argc, argv);
|
||||
#else
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
|
|
|
@ -26,7 +26,8 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
int TPM2_TLS_Server(void* userCtx, int argc, char* argv[]);
|
||||
int TPM2_TLS_Server(void* userCtx);
|
||||
int TPM2_TLS_ServerArgs(void* userCtx, int argc, char* argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -104,8 +104,8 @@ static int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
|
|||
rc = BUFFER_E;
|
||||
printf("File %s not found!\n", filename);
|
||||
printf("Keys can be generated by running:\n"
|
||||
" ./examples/keygen/keygen rsa_test_blob.raw -RSA -T\n"
|
||||
" ./examples/keygen/keygen ecc_test_blob.raw -ECC -T\n");
|
||||
" ./examples/keygen/keygen rsa_test_blob.raw -rsa -t\n"
|
||||
" ./examples/keygen/keygen ecc_test_blob.raw -ecc -t\n");
|
||||
}
|
||||
|
||||
exit:
|
||||
|
|
|
@ -49,7 +49,19 @@ void TPM2_Wrapper_SetReset(int reset)
|
|||
resetTPM = reset;
|
||||
}
|
||||
|
||||
int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
|
||||
static void usage(void)
|
||||
{
|
||||
printf("Expected Usage:\n");
|
||||
printf("./examples/wrap/wrap_test [-aes/xor]\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
|
||||
}
|
||||
|
||||
int TPM2_Wrapper_Test(void* userCtx)
|
||||
{
|
||||
return TPM2_Wrapper_TestArgs(userCtx, 0, NULL);
|
||||
}
|
||||
int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
|
||||
{
|
||||
int rc, i;
|
||||
WOLFTPM2_DEV dev;
|
||||
|
@ -105,6 +117,8 @@ int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
|
|||
ecc_key wolfEccPubKey;
|
||||
ecc_key wolfEccPrivKey;
|
||||
#endif
|
||||
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
|
||||
WOLFTPM2_SESSION tpmSession;
|
||||
|
||||
#ifndef NO_RSA
|
||||
XMEMSET(&wolfRsaPubKey, 0, sizeof(wolfRsaPubKey));
|
||||
|
@ -114,13 +128,30 @@ int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
|
|||
XMEMSET(&wolfEccPubKey, 0, sizeof(wolfEccPubKey));
|
||||
XMEMSET(&wolfEccPrivKey, 0, sizeof(wolfEccPrivKey));
|
||||
#endif
|
||||
XMEMSET(&tpmSession, 0, sizeof(tpmSession));
|
||||
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
|
||||
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
if (argc >= 2) {
|
||||
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "--help", 6) == 0) {
|
||||
usage();
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
while (argc > 1) {
|
||||
if (XSTRNCMP(argv[argc-1], "-aes", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_CFB;
|
||||
}
|
||||
if (XSTRNCMP(argv[argc-1], "-xor", 4) == 0) {
|
||||
paramEncAlg = TPM_ALG_XOR;
|
||||
}
|
||||
argc--;
|
||||
}
|
||||
|
||||
printf("TPM2 Demo for Wrapper API's\n");
|
||||
|
||||
|
||||
/* Init the TPM2 device */
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != 0) return rc;
|
||||
|
@ -205,6 +236,19 @@ int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
|
|||
storageKey.handle.auth.size);
|
||||
}
|
||||
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storageKey, NULL,
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
||||
/* Create RSA key for sign/verify */
|
||||
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
|
||||
|
@ -367,6 +411,9 @@ int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
|
|||
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Close TPM session based on RSA storage key */
|
||||
wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
|
||||
|
||||
|
||||
/*------------------------------------------------------------------------*/
|
||||
/* ECC TESTS */
|
||||
|
@ -413,6 +460,19 @@ int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
|
|||
storageKey.handle.auth.size);
|
||||
}
|
||||
|
||||
/* Start an authenticated session (salted / unbound) with parameter encryption */
|
||||
if (paramEncAlg != TPM_ALG_NULL) {
|
||||
rc = wolfTPM2_StartSession(&dev, &tpmSession, &storageKey, NULL,
|
||||
TPM_SE_HMAC, paramEncAlg);
|
||||
if (rc != 0) goto exit;
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n",
|
||||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
||||
/* Create an ECC key for ECDSA */
|
||||
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
|
||||
|
@ -568,6 +628,9 @@ int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[])
|
|||
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Close TPM session based on ECC storage key */
|
||||
wolfTPM2_UnloadHandle(&dev, &tpmSession.handle);
|
||||
|
||||
|
||||
/*------------------------------------------------------------------------*/
|
||||
/* NV TESTS */
|
||||
|
@ -866,7 +929,7 @@ int main(int argc, char *argv[])
|
|||
(void)argv;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Wrapper_Test(NULL, argc, argv);
|
||||
rc = TPM2_Wrapper_TestArgs(NULL, argc, argv);
|
||||
#else
|
||||
printf("Wrapper code not compiled in\n");
|
||||
#endif
|
||||
|
|
|
@ -27,7 +27,8 @@
|
|||
#endif
|
||||
|
||||
void TPM2_Wrapper_SetReset(int reset);
|
||||
int TPM2_Wrapper_Test(void* userCtx, int argc, char *argv[]);
|
||||
int TPM2_Wrapper_Test(void* userCtx);
|
||||
int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[]);
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
# Generate keyblobs and certs needed for TLS examples
|
||||
#
|
||||
|
||||
./examples/keygen/keygen rsa_test_blob.raw -RSA -T
|
||||
./examples/keygen/keygen ecc_test_blob.raw -ECC -T
|
||||
./examples/keygen/keygen rsa_test_blob.raw -rsa -t
|
||||
./examples/keygen/keygen ecc_test_blob.raw -ecc -t
|
||||
./examples/csr/csr
|
||||
./certs/certreq.sh
|
||||
|
||||
|
|
357
src/tpm2.c
357
src/tpm2.c
|
@ -88,191 +88,20 @@ static void TPM2_ReleaseLock(TPM2_CTX* ctx)
|
|||
/* Send Command Wrapper */
|
||||
typedef enum CmdFlags {
|
||||
CMD_FLAG_NONE = 0x00,
|
||||
CMD_FLAG_ENC2 = 0x01, /* size of first command parameter */
|
||||
CMD_FLAG_ENC4 = 0x02,
|
||||
CMD_FLAG_DEC2 = 0x04, /* size of first response parameter */
|
||||
CMD_FLAG_DEC4 = 0x08,
|
||||
CMD_FLAG_ENC2 = 0x01, /* 16-bit size of first command parameter */
|
||||
CMD_FLAG_ENC4 = 0x02, /* 32-bit size (not used) */
|
||||
CMD_FLAG_DEC2 = 0x04, /* 16-bit size of first response parameter */
|
||||
CMD_FLAG_DEC4 = 0x08, /* 32-bit size (not used) */
|
||||
} CmdFlags_t;
|
||||
|
||||
/* Command Details */
|
||||
typedef struct {
|
||||
int authCnt;
|
||||
int inHandleCnt;
|
||||
int outHandleCnt;
|
||||
int flags;
|
||||
int authCnt; /* number of authentication handles - determined at run-time */
|
||||
int inHandleCnt; /* number of input handles - fixed */
|
||||
int outHandleCnt; /* number of output handles - fixed */
|
||||
int flags; /* If command allows param enc or dec - fixed */
|
||||
} CmdInfo_t;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
/* Get name for object/handle */
|
||||
static int TPM2_GetName(TPM2_CTX* ctx, int handleCnt, int idx, TPM2B_NAME* name)
|
||||
{
|
||||
TPM2_AUTH_SESSION* session;
|
||||
|
||||
XMEMSET(name, 0, sizeof(TPM2B_NAME));
|
||||
|
||||
if (idx >= handleCnt)
|
||||
return TPM_RC_SUCCESS;
|
||||
|
||||
session = &ctx->session[idx];
|
||||
if (session->name.size > 0) {
|
||||
name->size = session->name.size;
|
||||
XMEMCPY(name->name, session->name.name, name->size);
|
||||
}
|
||||
return TPM_RC_SUCCESS;
|
||||
}
|
||||
|
||||
/* Compute the command parameter hash */
|
||||
/* TCG TPM 2.0 Part 1 - 18.7 Command Parameter Hash cpHash */
|
||||
static int TPM2_CalcCpHash(TPM2_CTX* ctx, CmdInfo_t* info,
|
||||
TPMI_ALG_HASH authHash, TPM_CC cmdCode, BYTE* param, UINT32 paramSz,
|
||||
TPM2B_DIGEST* hash)
|
||||
{
|
||||
int rc;
|
||||
wc_HashAlg hash_ctx;
|
||||
enum wc_HashType hashType;
|
||||
TPM2B_NAME name1, name2, name3;
|
||||
|
||||
rc = TPM2_GetName(ctx, info->inHandleCnt, 0, &name1);
|
||||
rc |= TPM2_GetName(ctx, info->inHandleCnt, 1, &name2);
|
||||
rc |= TPM2_GetName(ctx, info->inHandleCnt, 2, &name3);
|
||||
if (rc != TPM_RC_SUCCESS)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
rc = TPM2_GetHashType(authHash);
|
||||
hashType = (enum wc_HashType)rc;
|
||||
rc = wc_HashGetDigestSize(hashType);
|
||||
if (rc < 0)
|
||||
return rc;
|
||||
hash->size = rc;
|
||||
|
||||
/* Hash of data (name) goes into remainder */
|
||||
rc = wc_HashInit(&hash_ctx, hashType);
|
||||
if (rc == 0) {
|
||||
/* Hash Command Code */
|
||||
UINT32 ccSwap = TPM2_Packet_SwapU32(cmdCode);
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
|
||||
|
||||
/* For Command's only hash each session name */
|
||||
if (rc == 0 && name1.size > 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, name1.name, name1.size);
|
||||
if (rc == 0 && name2.size > 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, name2.name, name2.size);
|
||||
if (rc == 0 && name3.size > 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, name3.name, name3.size);
|
||||
|
||||
/* Hash Remainder of parameters - after handles and auth */
|
||||
if (rc == 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, param, paramSz);
|
||||
|
||||
if (rc == 0)
|
||||
rc = wc_HashFinal(&hash_ctx, hashType, hash->buffer);
|
||||
|
||||
wc_HashFree(&hash_ctx, hashType);
|
||||
}
|
||||
(void)ctx;
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Compute the response parameter hash */
|
||||
/* TCG TPM 2.0 Part 1 - 18.8 Response Parameter Hash rpHash */
|
||||
static int TPM2_CalcRpHash(TPM2_CTX* ctx, TPMI_ALG_HASH authHash,
|
||||
TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash)
|
||||
{
|
||||
int rc;
|
||||
wc_HashAlg hash_ctx;
|
||||
enum wc_HashType hashType;
|
||||
|
||||
rc = TPM2_GetHashType(authHash);
|
||||
hashType = (enum wc_HashType)rc;
|
||||
rc = wc_HashGetDigestSize(hashType);
|
||||
if (rc < 0)
|
||||
return rc;
|
||||
hash->size = rc;
|
||||
|
||||
/* Hash of data (name) goes into remainder */
|
||||
rc = wc_HashInit(&hash_ctx, hashType);
|
||||
if (rc == 0) {
|
||||
UINT32 ccSwap;
|
||||
|
||||
/* Hash Response Code - HMAC only calculated with success - always 0 */
|
||||
ccSwap = 0;
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
|
||||
|
||||
/* Hash Command Code */
|
||||
if (rc == 0) {
|
||||
ccSwap = TPM2_Packet_SwapU32(cmdCode);
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
|
||||
}
|
||||
|
||||
/* Hash Remainder of parameters - after handles */
|
||||
if (rc == 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, param, paramSz);
|
||||
|
||||
if (rc == 0)
|
||||
rc = wc_HashFinal(&hash_ctx, hashType, hash->buffer);
|
||||
|
||||
wc_HashFree(&hash_ctx, hashType);
|
||||
}
|
||||
(void)ctx;
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Compute the HMAC using cpHash, nonces and session attributes */
|
||||
/* TCG TPM 2.0 Part 1 - 19.6.5 - HMAC Computation */
|
||||
static int TPM2_CalcHmac(TPM2_CTX* ctx, TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
|
||||
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
|
||||
const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes,
|
||||
TPM2B_AUTH* hmac)
|
||||
{
|
||||
int rc;
|
||||
Hmac hmac_ctx;
|
||||
enum wc_HashType hashType;
|
||||
|
||||
/* use authHash for hmac hash algorithm */
|
||||
rc = TPM2_GetHashType(authHash);
|
||||
hashType = (enum wc_HashType)rc;
|
||||
hmac->size = TPM2_GetHashDigestSize(authHash);
|
||||
if (hmac->size <= 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* setup HMAC */
|
||||
rc = wc_HmacInit(&hmac_ctx, NULL, INVALID_DEVID);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
/* start HMAC - sessionKey || authValue */
|
||||
rc = wc_HmacSetKey(&hmac_ctx, hashType, auth->buffer, auth->size);
|
||||
|
||||
/* pHash - hash of command code and parameters */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, hash->buffer, hash->size);
|
||||
|
||||
/* nonce new (on cmd caller, on resp tpm) */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, nonceNew->buffer, nonceNew->size);
|
||||
|
||||
/* nonce old (on cmd TPM, on resp caller) */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, nonceOld->buffer, nonceOld->size);
|
||||
|
||||
/* TODO: nonceTPMDecrypt */
|
||||
/* TODO: nonceTPMEncrypt */
|
||||
|
||||
/* sessionAttributes */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, &sessionAttributes, 1);
|
||||
|
||||
/* finalize return into hmac buffer */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacFinal(&hmac_ctx, hmac->buffer);
|
||||
wc_HmacFree(&hmac_ctx);
|
||||
|
||||
(void)ctx;
|
||||
|
||||
return rc;
|
||||
}
|
||||
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
|
||||
|
||||
static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
||||
CmdInfo_t* info, TPM_CC cmdCode, UINT32 cmdSz)
|
||||
{
|
||||
|
@ -330,9 +159,19 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
|
||||
if (session->sessionHandle != TPM_RS_PW) {
|
||||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
TPM2B_NAME name1, name2, name3;
|
||||
TPM2B_DIGEST hash;
|
||||
#endif
|
||||
|
||||
/* if param enc is not supported for this command then clear flag */
|
||||
/* session attribute flags are from TPM perspective */
|
||||
if ((info->flags & (CMD_FLAG_ENC2 | CMD_FLAG_ENC4)) == 0) {
|
||||
authCmd.sessionAttributes &= ~TPMA_SESSION_decrypt;
|
||||
}
|
||||
if ((info->flags & (CMD_FLAG_DEC2 | CMD_FLAG_DEC4)) == 0) {
|
||||
authCmd.sessionAttributes &= ~TPMA_SESSION_encrypt;
|
||||
}
|
||||
|
||||
/* Handle session request for encryption */
|
||||
if (encParam && session->sessionAttributes & TPMA_SESSION_decrypt) {
|
||||
/* Encrypt the first command parameter */
|
||||
|
@ -346,9 +185,19 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
|
||||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
rc = TPM2_GetName(ctx, info->inHandleCnt, 0, &name1);
|
||||
rc |= TPM2_GetName(ctx, info->inHandleCnt, 1, &name2);
|
||||
rc |= TPM2_GetName(ctx, info->inHandleCnt, 2, &name3);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
printf("Error getting names for cpHash!\n");
|
||||
#endif
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* calculate "cpHash" hash for command code, names and parameters */
|
||||
rc = TPM2_CalcCpHash(ctx, info, session->authHash, cmdCode,
|
||||
param, paramSz, &hash);
|
||||
rc = TPM2_CalcCpHash(session->authHash, cmdCode, &name1,
|
||||
&name2, &name3, param, paramSz, &hash);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
printf("Error calculating cpHash!\n");
|
||||
|
@ -357,7 +206,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
/* Calculate HMAC for policy, hmac or salted sessions */
|
||||
/* this is done after encryption */
|
||||
rc = TPM2_CalcHmac(ctx, session->authHash, &session->auth, &hash,
|
||||
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
|
||||
&session->nonceCaller, &session->nonceTPM,
|
||||
session->sessionAttributes, &authCmd.hmac);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
|
@ -439,8 +288,8 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
TPM2B_AUTH hmac;
|
||||
|
||||
/* calculate "rpHash" hash for command code and parameters */
|
||||
rc = TPM2_CalcRpHash(ctx, session->authHash, cmdCode,
|
||||
param, paramSz, &hash);
|
||||
rc = TPM2_CalcRpHash(session->authHash, cmdCode, param, paramSz,
|
||||
&hash);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
printf("Error calculating rpHash!\n");
|
||||
|
@ -449,7 +298,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
|
||||
/* Calculate HMAC prior to decryption */
|
||||
rc = TPM2_CalcHmac(ctx, session->authHash, &session->auth, &hash,
|
||||
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
|
||||
&session->nonceTPM, &session->nonceCaller,
|
||||
session->sessionAttributes, &hmac);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
|
@ -570,8 +419,11 @@ static TPM_RC TPM2_SendCommand(TPM2_CTX* ctx, TPM2_Packet* packet)
|
|||
static TPM_ST TPM2_GetTag(TPM2_CTX* ctx)
|
||||
{
|
||||
TPM_ST st = TPM_ST_NO_SESSIONS;
|
||||
if (ctx && ctx->session && TPM2_GetSessionAuthCount(ctx) > 0) {
|
||||
st = TPM_ST_SESSIONS;
|
||||
if (ctx && ctx->session) {
|
||||
int authCount = TPM2_GetSessionAuthCount(ctx);
|
||||
if (authCount == 1 && ctx->session[0].sessionHandle != TPM_RS_PW) {
|
||||
st = TPM_ST_SESSIONS;
|
||||
}
|
||||
}
|
||||
return st;
|
||||
}
|
||||
|
@ -594,6 +446,61 @@ static inline void TPM2_WolfCrypt_Init(void)
|
|||
/******************************************************************************/
|
||||
/* --- Public Functions -- */
|
||||
/******************************************************************************/
|
||||
TPM2_CTX* TPM2_GetActiveCtx(void)
|
||||
{
|
||||
return gActiveTPM;
|
||||
}
|
||||
|
||||
void TPM2_SetActiveCtx(TPM2_CTX* ctx)
|
||||
{
|
||||
gActiveTPM = ctx;
|
||||
}
|
||||
|
||||
TPM_RC TPM2_SetSessionAuth(TPM2_AUTH_SESSION* session)
|
||||
{
|
||||
TPM_RC rc;
|
||||
TPM2_CTX* ctx = TPM2_GetActiveCtx();
|
||||
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
rc = TPM2_AcquireLock(ctx);
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
ctx->session = session;
|
||||
|
||||
TPM2_ReleaseLock(ctx);
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Finds the number of active Auth Session in the given TPM2 context */
|
||||
int TPM2_GetSessionAuthCount(TPM2_CTX* ctx)
|
||||
{
|
||||
int sessionCount, sessionHandle;
|
||||
|
||||
if (ctx == NULL || ctx->session == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
for (sessionCount = 0; sessionCount < MAX_SESSION_NUM; sessionCount++) {
|
||||
sessionHandle = ctx->session[sessionCount].sessionHandle;
|
||||
/* According to the TCG Spec, Part 1, Chapter 15.4
|
||||
* Session Handles have most significant octet at
|
||||
* 0x02 for HMAC sessions
|
||||
* 0x03 for Policy sessions
|
||||
* Password sessions use predefined value of TPM_RS_PW
|
||||
* Trial sessions are not of interest
|
||||
*/
|
||||
if (sessionHandle != TPM_RS_PW) {
|
||||
/* Not a password session, mask the most significant octet(MSO) */
|
||||
sessionHandle &= 0xFF000000;
|
||||
/* Check MSO for an HMAC or Policy session, otherwise invalid */
|
||||
if ((sessionHandle ^ 0x02000000) && (sessionHandle ^ 0x03000000))
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return sessionCount;
|
||||
}
|
||||
|
||||
TPM_RC TPM2_ChipStartup(TPM2_CTX* ctx, int timeoutTries)
|
||||
{
|
||||
|
@ -5316,62 +5223,6 @@ int TPM2_GetHashType(TPMI_ALG_HASH hashAlg)
|
|||
return 0;
|
||||
}
|
||||
|
||||
TPM2_CTX* TPM2_GetActiveCtx(void)
|
||||
{
|
||||
return gActiveTPM;
|
||||
}
|
||||
|
||||
void TPM2_SetActiveCtx(TPM2_CTX* ctx)
|
||||
{
|
||||
gActiveTPM = ctx;
|
||||
}
|
||||
|
||||
TPM_RC TPM2_SetSessionAuth(TPM2_AUTH_SESSION* session)
|
||||
{
|
||||
TPM_RC rc;
|
||||
TPM2_CTX* ctx = TPM2_GetActiveCtx();
|
||||
|
||||
if (ctx == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
rc = TPM2_AcquireLock(ctx);
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
ctx->session = session;
|
||||
|
||||
TPM2_ReleaseLock(ctx);
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Finds the number of active Auth Session in the given TPM2 context */
|
||||
int TPM2_GetSessionAuthCount(TPM2_CTX* ctx)
|
||||
{
|
||||
int sessionCount, sessionHandle;
|
||||
|
||||
if (ctx == NULL || ctx->session == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
for (sessionCount = 0; sessionCount < MAX_SESSION_NUM; sessionCount++) {
|
||||
sessionHandle = ctx->session[sessionCount].sessionHandle;
|
||||
/* According to the TCG Spec, Part 1, Chapter 15.4
|
||||
* Session Handles have most significant octet at
|
||||
* 0x02 for HMAC sessions
|
||||
* 0x03 for Policy sessions
|
||||
* Password sessions use predefined value of TPM_RS_PW
|
||||
* Trial sessions are not of interest
|
||||
*/
|
||||
if (sessionHandle != TPM_RS_PW) {
|
||||
/* Not a password session, mask the most significant octet(MSO) */
|
||||
sessionHandle &= 0xFF000000;
|
||||
/* Check MSO for an HMAC or Policy session, otherwise invalid */
|
||||
if ((sessionHandle ^ 0x02000000) && (sessionHandle ^ 0x03000000))
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return sessionCount;
|
||||
}
|
||||
|
||||
/* Can optionally define WOLFTPM2_USE_HW_RNG to force using TPM hardware for RNG source */
|
||||
int TPM2_GetNonce(byte* nonceBuf, int nonceSz)
|
||||
{
|
||||
|
@ -5414,6 +5265,24 @@ int TPM2_GetNonce(byte* nonceBuf, int nonceSz)
|
|||
return rc;
|
||||
}
|
||||
|
||||
/* Get name for object/handle */
|
||||
int TPM2_GetName(TPM2_CTX* ctx, int handleCnt, int idx, TPM2B_NAME* name)
|
||||
{
|
||||
TPM2_AUTH_SESSION* session;
|
||||
|
||||
XMEMSET(name, 0, sizeof(TPM2B_NAME));
|
||||
|
||||
if (idx >= handleCnt)
|
||||
return TPM_RC_SUCCESS;
|
||||
|
||||
session = &ctx->session[idx];
|
||||
if (session->name.size > 0) {
|
||||
name->size = session->name.size;
|
||||
XMEMCPY(name->name, session->name.name, name->size);
|
||||
}
|
||||
return TPM_RC_SUCCESS;
|
||||
}
|
||||
|
||||
void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex)
|
||||
{
|
||||
if (pcr) {
|
||||
|
|
|
@ -338,6 +338,150 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
|||
/* --- Public Functions -- */
|
||||
/******************************************************************************/
|
||||
|
||||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
/* Compute the command parameter hash */
|
||||
/* TCG TPM 2.0 Part 1 - 18.7 Command Parameter Hash cpHash */
|
||||
int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
|
||||
TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3,
|
||||
BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash)
|
||||
{
|
||||
int rc;
|
||||
wc_HashAlg hash_ctx;
|
||||
enum wc_HashType hashType;
|
||||
|
||||
rc = TPM2_GetHashType(authHash);
|
||||
hashType = (enum wc_HashType)rc;
|
||||
rc = wc_HashGetDigestSize(hashType);
|
||||
if (rc < 0)
|
||||
return rc;
|
||||
hash->size = rc;
|
||||
|
||||
/* Hash of data (name) goes into remainder */
|
||||
rc = wc_HashInit(&hash_ctx, hashType);
|
||||
if (rc == 0) {
|
||||
/* Hash Command Code */
|
||||
UINT32 ccSwap = TPM2_Packet_SwapU32(cmdCode);
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
|
||||
|
||||
/* For Command's only hash each session name */
|
||||
if (rc == 0 && name1 && name1->size > 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, name1->name, name1->size);
|
||||
if (rc == 0 && name2 && name2->size > 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, name2->name, name2->size);
|
||||
if (rc == 0 && name3 && name3->size > 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, name3->name, name3->size);
|
||||
|
||||
/* Hash Remainder of parameters - after handles and auth */
|
||||
if (rc == 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, param, paramSz);
|
||||
|
||||
if (rc == 0)
|
||||
rc = wc_HashFinal(&hash_ctx, hashType, hash->buffer);
|
||||
|
||||
wc_HashFree(&hash_ctx, hashType);
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Compute the response parameter hash */
|
||||
/* TCG TPM 2.0 Part 1 - 18.8 Response Parameter Hash rpHash */
|
||||
int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
||||
TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash)
|
||||
{
|
||||
int rc;
|
||||
wc_HashAlg hash_ctx;
|
||||
enum wc_HashType hashType;
|
||||
|
||||
rc = TPM2_GetHashType(authHash);
|
||||
hashType = (enum wc_HashType)rc;
|
||||
rc = wc_HashGetDigestSize(hashType);
|
||||
if (rc < 0)
|
||||
return rc;
|
||||
hash->size = rc;
|
||||
|
||||
/* Hash of data (name) goes into remainder */
|
||||
rc = wc_HashInit(&hash_ctx, hashType);
|
||||
if (rc == 0) {
|
||||
UINT32 ccSwap;
|
||||
|
||||
/* Hash Response Code - HMAC only calculated with success - always 0 */
|
||||
ccSwap = 0;
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
|
||||
|
||||
/* Hash Command Code */
|
||||
if (rc == 0) {
|
||||
ccSwap = TPM2_Packet_SwapU32(cmdCode);
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
|
||||
}
|
||||
|
||||
/* Hash Remainder of parameters - after handles */
|
||||
if (rc == 0)
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, param, paramSz);
|
||||
|
||||
if (rc == 0)
|
||||
rc = wc_HashFinal(&hash_ctx, hashType, hash->buffer);
|
||||
|
||||
wc_HashFree(&hash_ctx, hashType);
|
||||
}
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/* Compute the HMAC using cpHash, nonces and session attributes */
|
||||
/* TCG TPM 2.0 Part 1 - 19.6.5 - HMAC Computation */
|
||||
int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
|
||||
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
|
||||
const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes,
|
||||
TPM2B_AUTH* hmac)
|
||||
{
|
||||
int rc;
|
||||
Hmac hmac_ctx;
|
||||
enum wc_HashType hashType;
|
||||
|
||||
/* use authHash for hmac hash algorithm */
|
||||
rc = TPM2_GetHashType(authHash);
|
||||
hashType = (enum wc_HashType)rc;
|
||||
hmac->size = TPM2_GetHashDigestSize(authHash);
|
||||
if (hmac->size <= 0)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
/* setup HMAC */
|
||||
rc = wc_HmacInit(&hmac_ctx, NULL, INVALID_DEVID);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
/* start HMAC - sessionKey || authValue */
|
||||
/* TODO: Handle "authValue" case "a value that is found in the sensitive area of an entity" */
|
||||
rc = wc_HmacSetKey(&hmac_ctx, hashType, auth->buffer, auth->size);
|
||||
|
||||
/* pHash - hash of command code and parameters */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, hash->buffer, hash->size);
|
||||
|
||||
/* nonce new (on cmd caller, on resp tpm) */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, nonceNew->buffer, nonceNew->size);
|
||||
|
||||
/* nonce old (on cmd TPM, on resp caller) */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, nonceOld->buffer, nonceOld->size);
|
||||
|
||||
/* TODO: nonceTPMDecrypt */
|
||||
/* TODO: nonceTPMEncrypt */
|
||||
|
||||
/* sessionAttributes */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacUpdate(&hmac_ctx, &sessionAttributes, 1);
|
||||
|
||||
/* finalize return into hmac buffer */
|
||||
if (rc == 0)
|
||||
rc = wc_HmacFinal(&hmac_ctx, hmac->buffer);
|
||||
wc_HmacFree(&hmac_ctx);
|
||||
|
||||
return rc;
|
||||
}
|
||||
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
|
||||
|
||||
TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session,
|
||||
BYTE *paramData, UINT32 paramSz)
|
||||
{
|
||||
|
|
|
@ -21,10 +21,6 @@
|
|||
|
||||
#include <wolftpm/tpm2_wrap.h>
|
||||
#include <wolftpm/tpm2_param_enc.h>
|
||||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
#endif
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
|
||||
|
@ -398,7 +394,7 @@ int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
|
|||
|
||||
TPM2_SetSessionAuth(dev->session);
|
||||
|
||||
return 0;
|
||||
return TPM_RC_SUCCESS;
|
||||
}
|
||||
|
||||
int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index,
|
||||
|
@ -410,31 +406,27 @@ int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index,
|
|||
int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
|
||||
const WOLFTPM2_HANDLE* handle)
|
||||
{
|
||||
return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, &handle->auth, 0, &handle->name);
|
||||
const TPM2B_AUTH* auth = NULL;
|
||||
const TPM2B_NAME* name = NULL;
|
||||
if (handle) {
|
||||
auth = &handle->auth;
|
||||
name = &handle->name;
|
||||
}
|
||||
return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, name);
|
||||
}
|
||||
|
||||
int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
|
||||
const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes)
|
||||
{
|
||||
int rc;
|
||||
TPM2B_AUTH* auth = NULL;
|
||||
|
||||
if (dev == NULL || index >= MAX_SESSION_NUM) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
/* use auth from earlier session */
|
||||
if (index > 1) {
|
||||
auth = &dev->session[index-1].auth;
|
||||
}
|
||||
|
||||
/* TODO: Make use of auth for an earlier session? */
|
||||
/* If the encrypt session is associated with a handle, the authValue of the
|
||||
handle will be concatenated with sessionKey to generate encryption key */
|
||||
(void)auth;
|
||||
|
||||
rc = wolfTPM2_SetAuth(dev, index, tpmSession->handle.hndl,
|
||||
&tpmSession->handle.auth, sessionAttributes, NULL);
|
||||
if (rc == 0) {
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
TPM2_AUTH_SESSION* session = &dev->session[index];
|
||||
|
||||
/* define the symmetric algorithm */
|
||||
|
@ -497,7 +489,7 @@ int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev)
|
|||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
#ifndef NO_RSA
|
||||
/* returns both the plaintext and encrypted salt, based on the salt key bPublic. */
|
||||
static int wolfTPM2_RSA_Salt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
|
||||
int wolfTPM2_RSA_Salt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
|
||||
TPM2B_DIGEST *salt, TPM2B_ENCRYPTED_SECRET *encSalt, TPMT_PUBLIC *publicArea)
|
||||
{
|
||||
int rc;
|
||||
|
@ -563,7 +555,7 @@ static int wolfTPM2_RSA_Salt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
|
|||
}
|
||||
#endif /* !NO_RSA */
|
||||
|
||||
static int wolfTPM2_EncryptSalt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
|
||||
int wolfTPM2_EncryptSalt(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
|
||||
StartAuthSession_In* in, TPM2B_AUTH* bindAuth, TPM2B_DIGEST* salt)
|
||||
{
|
||||
int rc;
|
||||
|
@ -632,10 +624,15 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
|
|||
}
|
||||
|
||||
/* set session auth for key */
|
||||
wolfTPM2_SetAuthHandle(dev, 0, &tpmKey->handle);
|
||||
|
||||
authSesIn.tpmKey = tpmKey ? tpmKey->handle.hndl :
|
||||
(TPMI_DH_OBJECT)TPM_RH_NULL;
|
||||
if (tpmKey) {
|
||||
wolfTPM2_SetAuthHandle(dev, 0, &tpmKey->handle);
|
||||
authSesIn.tpmKey = tpmKey->handle.hndl;
|
||||
}
|
||||
else {
|
||||
wolfTPM2_SetAuthPassword(dev, 0, NULL);
|
||||
authSesIn.tpmKey = (TPMI_DH_OBJECT)TPM_RH_NULL;
|
||||
}
|
||||
/* setup bind key */
|
||||
authSesIn.bind = (TPMI_DH_ENTITY)TPM_RH_NULL;
|
||||
if (bind) {
|
||||
authSesIn.bind = bind->hndl;
|
||||
|
@ -716,6 +713,7 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
|
|||
}
|
||||
|
||||
/* return session */
|
||||
session->type = authSesIn.sessionType;
|
||||
session->authHash = authSesIn.authHash;
|
||||
session->handle.hndl = authSesOut.sessionHandle;
|
||||
session->handle.symmetric = authSesIn.symmetric;
|
||||
|
|
|
@ -1679,10 +1679,10 @@ typedef struct TPM2_CTX {
|
|||
/* Pointer to current TPM auth sessions */
|
||||
TPM2_AUTH_SESSION* session;
|
||||
|
||||
/* Command Buffer */
|
||||
/* Command / Response Buffer */
|
||||
byte cmdBuf[MAX_COMMAND_SIZE];
|
||||
|
||||
/* Informational Bits */
|
||||
/* Informational Bits - use unsigned int for best compiler compatibility */
|
||||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
#ifndef SINGLE_THREADED
|
||||
unsigned int hwLockInit:1;
|
||||
|
@ -2762,8 +2762,8 @@ WOLFTPM_API int TPM2_SetMode(SetMode_In* in);
|
|||
|
||||
/* Non-standard API's */
|
||||
#define _TPM_Init TPM2_Init
|
||||
/* In when using devtpm or swtpm, the ioCb and userCtx are not used
|
||||
* and must be set to NULL. TPM2_Init_minimal() call TPM2_Init_ex()
|
||||
/* When using devtpm or swtpm, the ioCb and userCtx are not used
|
||||
* and should be NULL. TPM2_Init_minimal() calls TPM2_Init_ex()
|
||||
* with them set to NULL.
|
||||
*
|
||||
* In other modes, the ioCb shall be set in order to use TIS.
|
||||
|
@ -2800,6 +2800,7 @@ WOLFTPM_API int TPM2_GetTpmCurve(int curveID);
|
|||
WOLFTPM_API int TPM2_GetWolfCurve(int curve_id);
|
||||
|
||||
WOLFTPM_API int TPM2_ParseAttest(const TPM2B_ATTEST* in, TPMS_ATTEST* out);
|
||||
WOLFTPM_LOCAL int TPM2_GetName(TPM2_CTX* ctx, int handleCnt, int idx, TPM2B_NAME* name);
|
||||
|
||||
#ifdef WOLFTPM2_USE_WOLF_RNG
|
||||
WOLFTPM_API int TPM2_GetWolfRng(WC_RNG** rng);
|
||||
|
|
|
@ -35,6 +35,16 @@ WOLFTPM_API int TPM2_KDFa(
|
|||
BYTE *key, UINT32 keySz
|
||||
);
|
||||
|
||||
WOLFTPM_LOCAL int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
|
||||
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
|
||||
const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes,
|
||||
TPM2B_AUTH* hmac);
|
||||
WOLFTPM_LOCAL int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
||||
TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash);
|
||||
WOLFTPM_LOCAL int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
|
||||
TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3,
|
||||
BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash);
|
||||
|
||||
/* Perform encryption over the first parameter of a TPM packet */
|
||||
WOLFTPM_LOCAL TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session,
|
||||
BYTE *paramData, UINT32 paramSz);
|
||||
|
|
|
@ -81,6 +81,7 @@ typedef int64_t INT64;
|
|||
#include <wolfssl/wolfcrypt/ecc.h>
|
||||
#include <wolfssl/wolfcrypt/asn_public.h>
|
||||
#include <wolfssl/wolfcrypt/hmac.h>
|
||||
#include <wolfssl/wolfcrypt/aes.h>
|
||||
#ifdef WOLF_CRYPTO_CB
|
||||
#include <wolfssl/wolfcrypt/cryptocb.h>
|
||||
#elif defined(WOLF_CRYPTO_DEV)
|
||||
|
|
|
@ -366,6 +366,11 @@ WOLFTPM_API int wolfTPM2_GetTime(WOLFTPM2_KEY* aikKey, GetTime_Out* getTimeOut);
|
|||
#define wolfTPM2_GetRCString TPM2_GetRCString
|
||||
#define wolfTPM2_GetCurveSize TPM2_GetCurveSize
|
||||
|
||||
/* for salted auth sessions */
|
||||
WOLFTPM_LOCAL int wolfTPM2_RSA_Salt(struct WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
|
||||
TPM2B_DIGEST *salt, TPM2B_ENCRYPTED_SECRET *encSalt, TPMT_PUBLIC *publicArea);
|
||||
WOLFTPM_LOCAL int wolfTPM2_EncryptSalt(struct WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
|
||||
StartAuthSession_In* in, TPM2B_AUTH* bindAuth, TPM2B_DIGEST* salt);
|
||||
|
||||
|
||||
#if defined(WOLF_CRYPTO_DEV) || defined(WOLF_CRYPTO_CB)
|
||||
|
|
Loading…
Reference in New Issue