WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

New nonceTPM solution needed, restoring TPMS_AUTH_COMMAND to its TCG spec form 

Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
pull/129/head
Dimitar Tomov 2020-11-18 20:30:06 +02:00
parent 701359a7dc
commit 72e365329c
6 changed files with 27 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
examples/keygen/keygen_paramenc.c
View File

@ -136,16 +136,13 @@ int TPM2_Keygen_ParamEnc_Example(void* userCtx, int argc, char *argv[])
session[1].symmetric.keyBits.aes = 128;
#endif
session[1].authHash = TPM_ALG_SHA256;
session[1].nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
rc = TPM2_GetNonce(session[1].nonceCaller.buffer,
session[1].nonceCaller.size);
session[1].nonce.size = TPM_SHA256_DIGEST_SIZE;
rc = TPM2_GetNonce(session[1].nonce.buffer,
session[1].nonce.size);
if (rc < 0) {
printf("TPM2_GetNonce failed\n");
goto exit;
}
session[1].nonceTPM.size = session[1].nonceCaller.size;
XMEMCPY(session[1].nonceTPM.buffer, tpmSession.nonceTPM.buffer,
session[1].nonceTPM.size);
/* Create new key */
if (alg == TPM_ALG_RSA) {

9
examples/keygen/keyload_paramenc.c
View File

@ -107,16 +107,13 @@ int TPM2_Keyload_ParamEnc_Example(void* userCtx, int argc, char *argv[])
session[1].symmetric.keyBits.aes = 128;
#endif
session[1].authHash = TPM_ALG_SHA256;
session[1].nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
rc = TPM2_GetNonce(session[1].nonceCaller.buffer,
session[1].nonceCaller.size);
session[1].nonce.size = TPM_SHA256_DIGEST_SIZE;
rc = TPM2_GetNonce(session[1].nonce.buffer,
session[1].nonce.size);
if (rc < 0) {
printf("TPM2_GetNonce failed\n");
goto exit;
}
session[1].nonceTPM.size = session[1].nonceCaller.size;
XMEMCPY(session[1].nonceTPM.buffer, tpmSession.nonceTPM.buffer,
session[1].nonceTPM.size);
/* Load encrypted key from the disk */
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)

6
examples/pcr/quote_paramenc.c
View File

@ -200,9 +200,9 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
session[1].authHash = TPM_ALG_SHA256;
session[1].auth.size = sizeof(gXorAuth)-1;
XMEMCPY(session[1].auth.buffer, gXorAuth, session[1].auth.size);
session[1].nonceCaller.size = TPM_SHA256_DIGEST_SIZE;
rc = TPM2_GetNonce(session[1].nonceCaller.buffer,
session[1].nonceCaller.size);
session[1].nonce.size = TPM_SHA256_DIGEST_SIZE;
rc = TPM2_GetNonce(session[1].nonce.buffer,
session[1].nonce.size);
if (rc < 0) {
printf("TPM2_GetNonce failed\n");
goto exit;

4
src/tpm2_packet.c
View File

@ -343,8 +343,8 @@ void TPM2_Packet_AppendAuth(TPM2_Packet* packet, TPM2_CTX* ctx)
auth[i].sessionAttributes |= TPMA_SESSION_continueSession;
}
TPM2_Packet_AppendU32(packet, auth[i].sessionHandle);
TPM2_Packet_AppendU16(packet, auth[i].nonceCaller.size);
TPM2_Packet_AppendBytes(packet, auth[i].nonceCaller.buffer, auth[i].nonceCaller.size);
TPM2_Packet_AppendU16(packet, auth[i].nonce.size);
TPM2_Packet_AppendBytes(packet, auth[i].nonce.buffer, auth[i].nonce.size);
TPM2_Packet_AppendU8(packet, auth[i].sessionAttributes);
TPM2_Packet_AppendU16(packet, auth[i].auth.size);
TPM2_Packet_AppendBytes(packet, auth[i].auth.buffer, auth[i].auth.size);

26
src/tpm2_param_enc.c
View File

@ -373,20 +373,23 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPMS_AUTH_COMMAND *session,
const BYTE *paramData, UINT32 paramSz)
{
TPM_RC rc = TPM_RC_FAILURE;
/* TODO: second nonce should be nonceTPM from StartAuthSession
* make a new design choice how to pass that nonce
* - using active context
* - using WOLFTPM2_SESSION
* - other?
*/
if (session->symmetric.algorithm == TPM_ALG_XOR) {
rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonceCaller,
&session->nonceTPM, encryptedParameter, paramData, paramSz);
rc = TPM2_ParamEnc_XOR(session, &session->auth, &session->nonce,
&session->nonce, encryptedParameter, paramData, paramSz);
}
#ifdef WOLFSSL_AES_CFB
else if (session->symmetric.algorithm == TPM_ALG_CFB) {
rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonceCaller,
&session->nonceTPM, encryptedParameter, paramData, paramSz);
rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonce,
&session->nonce, encryptedParameter, paramData, paramSz);
}
#endif
/* TODO: generate new nonce? Copy old nonce? */
//TPM2_GetNonce(session->nonceCaller.buffer, session->nonceCaller.size);
return rc;
}
@ -396,14 +399,15 @@ TPM_RC TPM2_ParamDec_CmdResponse(TPMS_AUTH_COMMAND *session,
{
TPM_RC rc = TPM_RC_FAILURE;
/* TODO: second nonce should be nonceTPM from StartAuthSession response */
if (session->symmetric.algorithm == TPM_ALG_XOR) {
rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonceCaller,
&session->nonceTPM, decryptedParameter, paramData, paramSz);
rc = TPM2_ParamDec_XOR(session, &session->auth, &session->nonce,
&session->nonce, decryptedParameter, paramData, paramSz);
}
#ifdef WOLFSSL_AES_CFB
else if (session->symmetric.algorithm == TPM_ALG_CFB) {
rc = TPM2_ParamDec_AESCFB(session, &session->auth, &session->nonceCaller,
&session->nonceTPM, decryptedParameter, paramData, paramSz);
rc = TPM2_ParamDec_AESCFB(session, &session->auth, &session->nonce,
&session->nonce, decryptedParameter, paramData, paramSz);
}
#endif

3
wolftpm/tpm2.h
View File

@ -1568,8 +1568,7 @@ typedef struct TPM2B_CREATION_DATA {
typedef struct TPMS_AUTH_COMMAND {
TPMI_SH_AUTH_SESSION sessionHandle;
TPM2B_NONCE nonceCaller;
TPM2B_NONCE nonceTPM;
TPM2B_NONCE nonce;
TPMA_SESSION sessionAttributes;
TPM2B_AUTH auth; /* TCG Spec Part 2 calls this field hmac */
/* TPM2B_AUTH can be an HMAC, a password or an Empty Auth */