WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added wrapper for changing a key's authentication `wolfTPM2_ChangeAuthKey`.

pull/77/head
David Garske 2019-08-08 18:12:14 -07:00
parent 27eea15e5d
commit 78be5098cc
4 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
examples/tpm_test.h
View File

@ -40,6 +40,7 @@
static const char gStorageKeyAuth[] = "ThisIsMyStorageKeyAuth";
static const char gKeyAuth[] = "ThisIsMyKeyAuth";
static const char gKeyAuthAlt[] = "ThisIsMyKeyAltAuth";
static const char gUsageAuth[] = "ThisIsASecretUsageAuth";
#ifndef WOLFTPM_ST33

5
examples/wrap/wrap_test.c
View File

@ -353,6 +353,11 @@ int TPM2_Wrapper_Test(void* userCtx)
&publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
if (rc != 0) goto exit;
/* Test changing auth for a key */
rc = wolfTPM2_ChangeAuthKey(&dev, &eccKey, &storageKey.handle,
(byte*)gKeyAuthAlt, sizeof(gKeyAuthAlt)-1);
if (rc != 0) goto exit;
/* Perform sign / verify */
message.size = TPM_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
XMEMSET(message.buffer, 0x11, message.size);

63
src/tpm2_wrap.c
View File

@ -512,6 +512,69 @@ int wolfTPM2_CreatePrimaryKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
return rc;
}
int wolfTPM2_ChangeAuthKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
WOLFTPM2_HANDLE* parent, const byte* auth, int authSz)
{
int rc;
ObjectChangeAuth_In changeIn;
ObjectChangeAuth_Out changeOut;
Load_In loadIn;
Load_Out loadOut;
if (dev == NULL || key == NULL || parent == NULL)
return BAD_FUNC_ARG;
/* set session auth for key */
dev->session[0].auth = key->handle.auth;
XMEMSET(&changeIn, 0, sizeof(changeIn));
changeIn.objectHandle = key->handle.hndl;
changeIn.parentHandle = parent->hndl;
if (auth) {
if (authSz > (int)sizeof(changeIn.newAuth.buffer))
authSz = (int)sizeof(changeIn.newAuth.buffer);
changeIn.newAuth.size = authSz;
XMEMCPY(changeIn.newAuth.buffer, auth, changeIn.newAuth.size);
}
rc = TPM2_ObjectChangeAuth(&changeIn, &changeOut);
if (rc != TPM_RC_SUCCESS) {
#ifdef DEBUG_WOLFTPM
printf("TPM2_ObjectChangeAuth failed %d: %s\n", rc,
wolfTPM2_GetRCString(rc));
#endif
return rc;
}
/* unload old key */
wolfTPM2_UnloadHandle(dev, &key->handle);
/* set session auth for parent key */
dev->session[0].auth = parent->auth;
/* Load new key */
XMEMSET(&loadIn, 0, sizeof(loadIn));
loadIn.parentHandle = parent->hndl;
loadIn.inPrivate = changeOut.outPrivate;
loadIn.inPublic = key->pub;
rc = TPM2_Load(&loadIn, &loadOut);
if (rc != TPM_RC_SUCCESS) {
#ifdef DEBUG_WOLFTPM
printf("TPM2_Load key failed %d: %s\n", rc, wolfTPM2_GetRCString(rc));
#endif
return rc;
}
key->handle.dev = dev;
key->handle.hndl = loadOut.objectHandle;
key->handle.auth = changeIn.newAuth;
#ifdef DEBUG_WOLFTPM
printf("wolfTPM2_ChangeAuthKey: Key Handle 0x%x\n", (word32)key->handle.hndl);
#endif
return rc;
}
int wolfTPM2_CreateAndLoadKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
WOLFTPM2_HANDLE* parent, TPMT_PUBLIC* publicTemplate,
const byte* auth, int authSz)

2
wolftpm/tpm2_wrap.h
View File

@ -119,6 +119,8 @@ WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev,
WOLFTPM_API int wolfTPM2_CreatePrimaryKey(WOLFTPM2_DEV* dev,
WOLFTPM2_KEY* key, TPM_HANDLE primaryHandle, TPMT_PUBLIC* publicTemplate,
const byte* auth, int authSz);
WOLFTPM_API int wolfTPM2_ChangeAuthKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
WOLFTPM2_HANDLE* parent, const byte* auth, int authSz);
WOLFTPM_API int wolfTPM2_CreateAndLoadKey(WOLFTPM2_DEV* dev,
WOLFTPM2_KEY* key, WOLFTPM2_HANDLE* parent, TPMT_PUBLIC* publicTemplate,
const byte* auth, int authSz);