WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Release fixes and cleanups. Fixes for init of `WOLFTPM2_HASH` in `wolfTPM2_HashStart`. Fix for for various build configurations (--disable-wrapper). Fix for Microchip "sign" bit on symmetric keys. Fix for scan-build warnings. Cleanup whitespace.

pull/134/head
David Garske 2020-12-07 11:01:02 -08:00
parent b1a11c386a
commit 845b3d1da2
26 changed files with 149 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog.md
View File

@ -1,6 +1,6 @@
## Release Notes
### wolfTPM Release 2.0 (12/04/2020)
### wolfTPM Release 2.0 (12/07/2020)
**Summary**
@ -8,7 +8,7 @@ Added AES CFB parameter encryption, HMAC sessions, TPM simulator, Windows TPM (T
**Detail**
* Refactor of the session authentication. New TPM2_AUTH_SESSION struct and wolfTPM2_SetAuth API's. (PR #129)
* Refactor of the session authentication. New struct `TPM2_AUTH_SESSION` and `wolfTPM2_SetAuth_*` API's. (PR #129)
* Added Windows TPM TBSI support (PR #127)
* Added TPM simulator support using TPM TCP protocol (PR #121)
* Added minGW support (PR #127)

6
README.md
View File

@ -91,7 +91,7 @@ TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e
Mfg STM (2), Vendor , Fw 74.9 (1151341959), FIPS 140-2 1, CC-EAL4 0
Microchip ATTPM20
TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1
TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1
Mfg MCHP (3), Vendor , Fw 512.20481 (0), FIPS 140-2 0, CC-EAL4 0
Nations Technologies Inc. TPM 2.0 module
@ -432,7 +432,7 @@ ECDHE 256 agree 35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec
```
./examples/native/native_test
TPM2 Demo using Native API's
TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
TPM2_Startup pass
TPM2_SelfTest pass
TPM2_GetTestResult: Size 12, Rc 0x0
@ -578,7 +578,7 @@ CCqGSM49BAMCA0gAMEUCIQCR9cbyRt3cbEZUIOBa4GNSRTlgFdB3X1EOwm+cA5/k
### TPM2 PKCS 7 Example
```
./examples/pkcs7/pkcs7
./examples/pkcs7/pkcs7
TPM2 PKCS7 Example
PKCS7 Signed Container 1625
PKCS7 Container Verified (using TPM)

2
autogen.sh
View File

@ -42,4 +42,4 @@ else
WARNINGS="all"
fi
autoreconf --install --force --verbose
autoreconf --install --force --verbose

2
configure.ac
View File

@ -328,7 +328,7 @@ fi
# TIS / SPI Check Wait State support
# Required for all but Infineon only
if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno"
if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno"
then
ENABLED_CHECKWAITSTATE=yes
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_CHECK_WAIT_STATE"

2
examples/README.md
View File

@ -129,7 +129,7 @@ This example client connects to localhost on on port 11111 by default. These can
You can validate using the wolfSSL example server this like:
`./examples/server/server -b -p 11111 -g -d -i -V`
To validate client certificate use the following wolfSSL example server command:
`./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-rsa-cert.pem -i -V`
or

7
examples/bench/bench.c
View File

@ -129,6 +129,7 @@ static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo,
double start;
WOLFTPM2_HASH hash;
XMEMSET(&hash, 0, sizeof(hash));
bench_stats_start(&count, &start);
do {
rc = wolfTPM2_HashStart(dev, &hash, algo,
@ -185,7 +186,7 @@ static void usage(void)
{
printf("Expected usage:\n");
printf("./examples/bench/bench [-aes/xor]\n");
printf("* -aes/xor: Use Parameter Encryption\n");
printf("* -aes/xor: Use Parameter Encryption\n");
}
/******************************************************************************/
@ -257,7 +258,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
(word32)tpmSession.handle.hndl);
/* set session for authorization of the storage key */
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
if (rc != 0) goto exit;
}
@ -494,6 +495,8 @@ int main(int argc, char *argv[])
rc = TPM2_Wrapper_BenchArgs(NULL, argc, argv);
#else
printf("Wrapper code not compiled in\n");
(void)argc;
(void)argv;
#endif
return rc;

2
examples/csr/csr.c
View File

@ -202,7 +202,7 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
&storageKey,
&eccKey,
&wolfEccKey,
tpmDevId,
tpmDevId,
(byte*)gKeyAuth, sizeof(gKeyAuth)-1);
if (rc != 0) goto exit;

17
examples/keygen/keygen.c
View File

@ -30,6 +30,7 @@
#include <stdio.h>
#ifndef WOLFTPM2_NO_WRAPPER
/******************************************************************************/
/* --- BEGIN TPM Keygen Example -- */
@ -117,7 +118,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
(word32)tpmSession.handle.hndl);
/* set session for authorization of the storage key */
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
if (rc != 0) goto exit;
}
@ -139,7 +140,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
/* set session for authorization key */
auth.size = (int)sizeof(gAiKeyAuth)-1;
XMEMCPY(auth.buffer, gAiKeyAuth, auth.size);
}
else {
if (alg == TPM_ALG_RSA) {
@ -208,16 +209,22 @@ exit:
}
/******************************************************************************/
/* --- END TPM Timestamp Test -- */
/* --- END TPM Keygen Example -- */
/******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */
#ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[])
{
int rc;
int rc = NOT_COMPILED_IN;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Keygen_Example(NULL, argc, argv);
#else
printf("KeyGen code not compiled in\n");
(void)argc;
(void)argv;
#endif
return rc;
}

17
examples/keygen/keyimport.c
View File

@ -31,6 +31,8 @@
#include <stdio.h>
#ifndef WOLFTPM2_NO_WRAPPER
/******************************************************************************/
/* --- BEGIN TPM Key Import / Blob Example -- */
/******************************************************************************/
@ -57,7 +59,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
size_t fileSz = 0;
#endif
const char* outputFile = "keyblob.bin";
if (argc >= 2) {
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
@ -110,7 +112,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
(word32)tpmSession.handle.hndl);
/* set session for authorization of the storage key */
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
if (rc != 0) goto exit;
}
@ -173,16 +175,23 @@ exit:
}
/******************************************************************************/
/* --- END TPM Timestamp Test -- */
/* --- END TPM Key Import / Blob Example -- */
/******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */
#ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[])
{
int rc;
int rc = NOT_COMPILED_IN;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Keyimport_Example(NULL, argc, argv);
#else
printf("KeyImport code not compiled in\n");
(void)argc;
(void)argv;
#endif
return rc;
}

15
examples/keygen/keyload.c
View File

@ -39,6 +39,7 @@
#include <stdio.h>
#ifndef WOLFTPM2_NO_WRAPPER
/******************************************************************************/
/* --- BEGIN TPM Key Load Example -- */
/******************************************************************************/
@ -111,7 +112,7 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
(word32)tpmSession.handle.hndl);
/* set session for authorization of the storage key */
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
if (rc != 0) goto exit;
}
@ -191,16 +192,22 @@ exit:
}
/******************************************************************************/
/* --- END TPM Timestamp Test -- */
/* --- END TPM Key Load Example -- */
/******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */
#ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[])
{
int rc;
int rc = NOT_COMPILED_IN;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Keyload_Example(NULL, argc, argv);
#else
printf("KeyImport code not compiled in\n");
(void)argc;
(void)argv;
#endif
return rc;
}

12
examples/management/flush.c
View File

@ -30,7 +30,7 @@
#include <stdio.h>
#include <stdlib.h> /* atoi */
#ifndef WOLFTPM2_NO_WRAPPER
/******************************************************************************/
/* --- BEGIN TPM2.0 Flush tool -- */
/******************************************************************************/
@ -104,14 +104,20 @@ int TPM2_Flush_Tool(void* userCtx, int argc, char *argv[])
/******************************************************************************/
/* --- END TPM2.0 PCR Reset example tool -- */
/******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */
#ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[])
{
int rc;
int rc = NOT_COMPILED_IN;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Flush_Tool(NULL, argc, argv);
#else
printf("Flush tool not compiled in\n");
(void)argc;
(void)argv;
#endif
return rc;
}

8
examples/native/native_test.c
View File

@ -486,7 +486,7 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
#ifndef WOLFTPM2_NO_WOLFCRYPT
/* calculate session key */
sessionAuth.size = TPM2_GetHashDigestSize(cmdIn.authSes.authHash);
rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH",
rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH",
&cmdOut.authSes.nonceTPM, &cmdIn.authSes.nonceCaller,
sessionAuth.buffer, sessionAuth.size);
if (rc != sessionAuth.size) {
@ -494,7 +494,6 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
rc = TPM_RC_FAILURE;
goto exit;
}
rc = TPM_RC_SUCCESS;
#endif
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n", (word32)sessionHandle);
@ -1389,9 +1388,8 @@ exit:
/* Shutdown */
cmdIn.shutdown.shutdownType = TPM_SU_CLEAR;
rc = TPM2_Shutdown(&cmdIn.shutdown);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Shutdown failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
if (TPM2_Shutdown(&cmdIn.shutdown) != TPM_RC_SUCCESS) {
printf("TPM2_Shutdown failed\n");
}
TPM2_Cleanup(&tpm2Ctx);

2
examples/pcr/quote.c
View File

@ -162,7 +162,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
(word32)tpmSession.handle.hndl);
/* set session for authorization of the storage key */
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
if (rc != 0) goto exit;
}

2
examples/pkcs7/pkcs7.c
View File

@ -329,7 +329,7 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[])
#endif
rc = wolfTPM2_SetCryptoDevCb(&dev, wolfTPM2_CryptoDevCb, &tpmCtx, &tpmDevId);
if (rc < 0) goto exit;
/* get SRK */
rc = getPrimaryStoragekey(&dev, &storageKey, TPM_ALG_RSA);
if (rc != 0) goto exit;

2
examples/timestamp/clock_set.c
View File

@ -138,7 +138,7 @@ int TPM2_ClockSet_Test(void* userCtx, int argc, char *argv[])
#endif
newClock = cmdOut.readClock.currentTime.clockInfo.clock;
printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n",
printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n",
(long unsigned int)oldClock, (long unsigned int)newClock);
exit:

4
examples/timestamp/signed_timestamp.c
View File

@ -272,12 +272,14 @@ exit:
#ifndef NO_MAIN_DRIVER
int main(int argc, char *argv[])
{
int rc = -1;
int rc = NOT_COMPILED_IN;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Timestamp_TestArgs(NULL, argc, argv);
#else
printf("Wrapper code not compiled in\n");
(void)argc;
(void)argv;
#endif /* !WOLFTPM2_NO_WRAPPER */
return rc;

10
examples/tls/tls_client.c
View File

@ -58,8 +58,8 @@
*
* This example client connects to localhost on on port 11111 by default.
* These can be overriden using `TLS_HOST` and `TLS_PORT`.
*
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
*
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
* or the TLS_USE_ECC build option is used.
*
* You can validate using the wolfSSL example server this like:
@ -198,7 +198,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
(word32)tpmSession.handle.hndl);
/* set session for authorization of the storage key */
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
if (rc != 0) goto exit;
}
@ -295,7 +295,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
rc = -1;
goto exit;
#endif /* !NO_RSA */
}
}
else {
#ifdef HAVE_ECC
if (wolfSSL_CTX_load_verify_locations(ctx, "./certs/ca-ecc-cert.pem",
@ -317,7 +317,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
#endif /* !NO_FILESYSTEM */
/* Client Key (Mutual Authentication) */
/* Note: Client will not send a client certificate unless a private key is
/* Note: Client will not send a client certificate unless a private key is
* set, so we use a fake "DUMMY" key tell wolfSSL to send certificate.
* The crypto callback will detect use of the dummy key using myTpmCheckKey
*/

10
examples/tls/tls_server.c
View File

@ -50,12 +50,12 @@
* Run ./certs/certreq.sh
* Result is: ./certs/server-rsa-cert.pem and ./certs/server-ecc-cert.pem
*
* This example server listens on port 11111 by default, but can be set at
* This example server listens on port 11111 by default, but can be set at
* build-time using `TLS_PORT`.
*
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
* or the TLS_USE_ECC build option is used.
*
*
* You can validate using the wolfSSL example client this like:
* ./examples/client/client -h localhost -p 11111 -g -d
*
@ -210,10 +210,10 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
(word32)tpmSession.handle.hndl);
/* set session for authorization of the storage key */
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
if (rc != 0) goto exit;
}
}
#ifndef NO_RSA
if (!useECC) {

26
examples/tpm_io.c
View File

@ -561,7 +561,7 @@
#define XSpiPs_RecvByte(BaseAddress) \
XSpiPs_In32((u32)((BaseAddress) + (u32)XSPIPS_RXD_OFFSET))
/* Modified version of XSpiPs_PolledTransfer that allows enable and CS to
/* Modified version of XSpiPs_PolledTransfer that allows enable and CS to
* be used across multiple transfers */
static s32 TPM2_IoCb_Xilinx_SPITransfer(XSpiPs *InstancePtr, u8 *SendBufPtr,
u8 *RecvBufPtr, u32 ByteCount)
@ -585,10 +585,10 @@
/* Fill the TXFIFO with as many bytes as it will take (or as
* many as we have to send). */
while ((InstancePtr->RemainingBytes > (u32)0U) &&
while ((InstancePtr->RemainingBytes > (u32)0U) &&
((u32)TransCount < (u32)XSPIPS_FIFO_DEPTH))
{
XSpiPs_SendByte(InstancePtr->Config.BaseAddress,
XSpiPs_SendByte(InstancePtr->Config.BaseAddress,
*InstancePtr->SendBufferPtr);
InstancePtr->SendBufferPtr += 1;
InstancePtr->RemainingBytes--;
@ -597,24 +597,24 @@
/* If master mode and manual start mode, issue manual start
* command to start the transfer. */
if ((XSpiPs_IsManualStart(InstancePtr) == TRUE) &&
if ((XSpiPs_IsManualStart(InstancePtr) == TRUE) &&
(XSpiPs_IsMaster(InstancePtr) == TRUE))
{
ConfigReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
ConfigReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
XSPIPS_CR_OFFSET);
ConfigReg |= XSPIPS_CR_MANSTRT_MASK;
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
XSPIPS_CR_OFFSET, ConfigReg);
}
/* Wait for the transfer to finish by polling Tx fifo status. */
CheckTransfer = (u32)0U;
while (CheckTransfer == 0U) {
StatusReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
StatusReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
XSPIPS_SR_OFFSET);
if ((StatusReg & XSPIPS_IXR_MODF_MASK) != 0U) {
/* Clear the mode fail bit */
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
XSPIPS_SR_OFFSET, XSPIPS_IXR_MODF_MASK);
return (s32)XST_SEND_ERROR;
}
@ -661,14 +661,14 @@
if (SpiConfig == NULL) {
return TPM_RC_FAILURE;
}
status = XSpiPs_CfgInitialize(&SpiInstance, SpiConfig,
status = XSpiPs_CfgInitialize(&SpiInstance, SpiConfig,
SpiConfig->BaseAddress);
if (status != XST_SUCCESS) {
return TPM_RC_FAILURE;
}
/* Set the SPI device as a master */
XSpiPs_SetOptions(&SpiInstance, XSPIPS_MASTER_OPTION |
XSpiPs_SetOptions(&SpiInstance, XSPIPS_MASTER_OPTION |
XSPIPS_FORCE_SSELECT_OPTION | XSPIPS_MANUAL_START_OPTION);
XSpiPs_SetClkPrescaler(&SpiInstance, XSPIPS_CLK_PRESCALE_8);
@ -680,7 +680,7 @@
#ifdef WOLFTPM_CHECK_WAIT_STATE
/* Send Header */
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
(byte*)txBuf, rxBuf, TPM_TIS_HEADER_SZ);
if (status != XST_SUCCESS) {
XSpiPs_SetSlaveSelect(&SpiInstance, 0xF); /* deselect CS (set high) */
@ -692,7 +692,7 @@
if ((rxBuf[TPM_TIS_HEADER_SZ-1] & TPM_TIS_READY_MASK) == 0) {
do {
/* Check for SPI ready */
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
(byte*)txBuf, rxBuf, 1);
if (status == XST_SUCCESS && rxBuf[0] & TPM_TIS_READY_MASK)
break;
@ -714,7 +714,7 @@
xferSz - TPM_TIS_HEADER_SZ);
#else
/* Send Entire Message - no wait states */
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
(byte*)txBuf, rxBuf, xferSz);
#endif /* WOLFTPM_CHECK_WAIT_STATE */
if (status == XST_SUCCESS) {

7
examples/tpm_test_keys.c
View File

@ -33,6 +33,8 @@
#define RSA_FILENAME "rsa_test_blob.raw"
#define ECC_FILENAME "ecc_test_blob.raw"
#ifndef WOLFTPM2_NO_WRAPPER
#if 0
static int writeKeyBlob(const char* filename,
WOLFTPM2_KEYBLOB* key)
@ -150,7 +152,6 @@ static int readAndLoadKey(WOLFTPM2_DEV* pDev,
return rc;
}
#if !defined(WOLFTPM2_NO_WRAPPER)
int getPrimaryStoragekey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey,
TPM_ALG_ID alg)
@ -161,7 +162,7 @@ int getPrimaryStoragekey(WOLFTPM2_DEV* pDev,
rc = wolfTPM2_ReadPublicKey(pDev, pStorageKey, TPM2_DEMO_STORAGE_KEY_HANDLE);
if (rc != 0) {
/* Create primary storage key */
rc = wolfTPM2_CreateSRK(pDev, pStorageKey, alg,
rc = wolfTPM2_CreateSRK(pDev, pStorageKey, alg,
(byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
#ifndef WOLFTPM_WINAPI
if (rc == TPM_RC_SUCCESS) {
@ -262,4 +263,4 @@ int getECCkey(WOLFTPM2_DEV* pDev,
return rc;
}
#endif /* HAVE_ECC */
#endif /* !defined(WOLFTPM2_NO_WRAPPER) */
#endif /* !WOLFTPM2_NO_WRAPPER */

2
examples/tpm_test_keys.h
View File

@ -22,7 +22,7 @@
#ifndef _TPM_TEST_KEYS_H_
#define _TPM_TEST_KEYS_H_
#if !defined(WOLFTPM2_NO_WRAPPER)
#ifndef WOLFTPM2_NO_WRAPPER
#include <wolftpm/tpm2.h>
#include <wolftpm/tpm2_wrap.h>

30
src/tpm2.c
View File

@ -117,7 +117,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
TPM2_Packet_ParseU32(packet, &authSz);
authPos = packet->pos; /* mark position for start of auth */
packet->pos += authSz;
/* Mark parameter data */
param = &packet->buf[packet->pos];
paramSz = cmdSz - packet->pos;
@ -137,7 +137,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
}
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("CommandProcess: Handles (Auth %d, In %d), CmdSz %d, AuthSz %d, ParamSz %d, EncSz %d\n",
printf("CommandProcess: Handles (Auth %d, In %d), CmdSz %d, AuthSz %d, ParamSz %d, EncSz %d\n",
info->authCnt, info->inHandleCnt, cmdSz, authSz, paramSz, encParamSz);
#else
(void)paramSz;
@ -149,7 +149,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
if (session->sessionHandle != TPM_RS_PW) {
/* Generate fresh nonce */
rc = TPM2_GetNonce(session->nonceCaller.buffer,
rc = TPM2_GetNonce(session->nonceCaller.buffer,
session->nonceCaller.size);
if (rc != TPM_RC_SUCCESS) {
return rc;
@ -198,7 +198,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
}
/* calculate "cpHash" hash for command code, names and parameters */
rc = TPM2_CalcCpHash(session->authHash, cmdCode, &name1,
rc = TPM2_CalcCpHash(session->authHash, cmdCode, &name1,
&name2, &name3, param, paramSz, &hash);
if (rc != TPM_RC_SUCCESS) {
#ifdef DEBUG_WOLFTPM
@ -208,8 +208,8 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
}
/* Calculate HMAC for policy, hmac or salted sessions */
/* this is done after encryption */
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
&session->nonceCaller, &session->nonceTPM,
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
&session->nonceCaller, &session->nonceTPM,
authCmd.sessionAttributes, &authCmd.hmac);
if (rc != TPM_RC_SUCCESS) {
#ifdef DEBUG_WOLFTPM
@ -229,14 +229,14 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
return rc;
}
static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
CmdInfo_t* info, TPM_CC cmdCode, UINT32 respSz)
{
int rc = TPM_RC_SUCCESS;
BYTE *param, *decParam = NULL;
UINT32 paramSz, decParamSz = 0, authPos;
int i;
/* Skip the header output handles */
packet->pos = TPM2_HEADER_SIZE + (info->outHandleCnt * sizeof(TPM_HANDLE));
@ -280,7 +280,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
/* update nonceTPM */
if (authRsp.nonce.size > 0) {
session->nonceTPM.size = authRsp.nonce.size;
XMEMCPY(session->nonceTPM.buffer, authRsp.nonce.buffer,
XMEMCPY(session->nonceTPM.buffer, authRsp.nonce.buffer,
authRsp.nonce.size);
}
@ -300,8 +300,8 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
}
/* Calculate HMAC prior to decryption */
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
&session->nonceTPM, &session->nonceCaller,
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
&session->nonceTPM, &session->nonceCaller,
authRsp.sessionAttributes, &hmac);
if (rc != TPM_RC_SUCCESS) {
#ifdef DEBUG_WOLFTPM
@ -311,7 +311,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
}
/* Verify HMAC */
if (hmac.size != authRsp.hmac.size ||
if (hmac.size != authRsp.hmac.size ||
XMEMCMP(hmac.buffer, authRsp.hmac.buffer, hmac.size) != 0) {
#ifdef DEBUG_WOLFTPM
printf("Response HMAC verification failed!\n");
@ -339,7 +339,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
return rc;
}
static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet,
static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet,
CmdInfo_t* info)
{
TPM_RC rc = TPM_RC_FAILURE;
@ -370,7 +370,7 @@ static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet,
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("Found %d auth sessions\n", info->authCnt);
#endif
rc = TPM2_CommandProcess(ctx, packet, info, cmdCode, cmdSz);
if (rc != 0)
return rc;
@ -2001,7 +2001,7 @@ TPM_RC TPM2_ZGen_2Phase(ZGen_2Phase_In* in, ZGen_2Phase_Out* out)
return rc;
}
/* Deprecated version, use TPM2_EncryptDecrypt2 because it allows
/* Deprecated version, use TPM2_EncryptDecrypt2 because it allows
encryption of the input data */
TPM_RC TPM2_EncryptDecrypt(EncryptDecrypt_In* in, EncryptDecrypt_Out* out)
{

22
src/tpm2_param_enc.c
View File

@ -192,7 +192,7 @@ exit:
/* Perform XOR encryption over the first parameter of a TPM packet */
static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
UINT32 paramSz)
{
int rc = TPM_RC_FAILURE;
@ -227,7 +227,7 @@ static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
/* Perform XOR decryption over the first parameter of a TPM packet */
static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
UINT32 paramSz)
{
int rc = TPM_RC_FAILURE;
@ -240,7 +240,7 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
/* Generate XOR Mask stream matching paramater size */
XMEMSET(mask.buffer, 0, sizeof(mask.buffer));
rc = TPM2_KDFa(session->authHash, (TPM2B_DATA*)keyIn, "XOR",
rc = TPM2_KDFa(session->authHash, (TPM2B_DATA*)keyIn, "XOR",
nonceTPM, nonceCaller, mask.buffer, paramSz);
if ((UINT32)rc != paramSz) {
#ifdef DEBUG_WOLFTPM
@ -262,7 +262,7 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
#ifdef WOLFSSL_AES_CFB
/* Perform AES CFB encryption over the first parameter of a TPM packet */
static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
UINT32 paramSz)
{
int rc = TPM_RC_FAILURE;
@ -307,7 +307,7 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
/* Perform AES CFB decryption over the first parameter of a TPM packet */
static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
UINT32 paramSz)
{
int rc = TPM_RC_FAILURE;
@ -358,7 +358,7 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
#ifndef WOLFTPM2_NO_WOLFCRYPT
/* Compute the command parameter hash */
/* TCG TPM 2.0 Part 1 - 18.7 Command Parameter Hash cpHash */
int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3,
BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash)
{
@ -408,7 +408,7 @@ int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
/* Compute the response parameter hash */
/* TCG TPM 2.0 Part 1 - 18.8 Response Parameter Hash rpHash */
int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash)
{
int rc;
@ -430,7 +430,7 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
/* Hash Response Code - HMAC only calculated with success - always 0 */
ccSwap = 0;
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
/* Hash Command Code */
if (rc == 0) {
ccSwap = TPM2_Packet_SwapU32(cmdCode);
@ -457,8 +457,8 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
/* Compute the HMAC using cpHash, nonces and session attributes */
/* TCG TPM 2.0 Part 1 - 19.6.5 - HMAC Computation */
int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes,
TPM2B_AUTH* hmac)
{
@ -544,7 +544,7 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session,
&session->nonceTPM, paramData, paramSz);
}
#ifdef WOLFSSL_AES_CFB
else if (session->symmetric.algorithm == TPM_ALG_AES &&
else if (session->symmetric.algorithm == TPM_ALG_AES &&
session->symmetric.mode.aes == TPM_ALG_CFB) {
rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonceCaller,
&session->nonceTPM, paramData, paramSz);

37
src/tpm2_wrap.c
View File

@ -370,7 +370,7 @@ int wolfTPM2_GetCapabilities(WOLFTPM2_DEV* dev, WOLFTPM2_CAPS* cap)
}
int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
TPM_HANDLE sessionHandle, const TPM2B_AUTH* auth,
TPM_HANDLE sessionHandle, const TPM2B_AUTH* auth,
TPMA_SESSION sessionAttributes, const TPM2B_NAME* name)
{
TPM2_AUTH_SESSION* session;
@ -397,13 +397,13 @@ int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
return TPM_RC_SUCCESS;
}
int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index,
int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index,
const TPM2B_AUTH* auth)
{
return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, NULL);
}
int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
const WOLFTPM2_HANDLE* handle)
{
const TPM2B_AUTH* auth = NULL;
@ -415,7 +415,7 @@ int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, name);
}
int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes)
{
int rc;
@ -444,7 +444,7 @@ int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
/* Capture TPM provided nonce */
session->nonceTPM.size = tpmSession->nonceTPM.size;
XMEMCPY(session->nonceTPM.buffer, tpmSession->nonceTPM.buffer,
XMEMCPY(session->nonceTPM.buffer, tpmSession->nonceTPM.buffer,
session->nonceTPM.size);
}
return rc;
@ -657,7 +657,7 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
authSesIn.symmetric.keyBits.aes = 128;
authSesIn.symmetric.mode.aes = TPM_ALG_CFB;
}
else
else
#endif
if (encDecAlg == TPM_ALG_XOR) {
authSesIn.symmetric.algorithm = TPM_ALG_XOR;
@ -708,10 +708,10 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
XMEMCPY(&keyIn.buffer[keyIn.size], session->salt.buffer, session->salt.size);
keyIn.size += session->salt.size;
}
if (keyIn.size > 0) {
session->handle.auth.size = hashDigestSz;
rc = TPM2_KDFa(authSesIn.authHash, &keyIn, "ATH",
rc = TPM2_KDFa(authSesIn.authHash, &keyIn, "ATH",
&authSesOut.nonceTPM, &authSesIn.nonceCaller,
session->handle.auth.buffer, session->handle.auth.size);
if (rc != hashDigestSz) {
@ -845,7 +845,7 @@ int wolfTPM2_ChangeAuthKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
/* set session auth for parent key */
wolfTPM2_SetAuthHandle(dev, 0, parent);
/* Load new key */
XMEMSET(&loadIn, 0, sizeof(loadIn));
loadIn.parentHandle = parent->hndl;
@ -910,7 +910,7 @@ int wolfTPM2_CreateKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEYBLOB* keyBlob,
}
#ifdef DEBUG_WOLFTPM
printf("TPM2_Create key: pub %d, priv %d\n",
printf("TPM2_Create key: pub %d, priv %d\n",
createOut.outPublic.size, createOut.outPrivate.size);
TPM2_PrintBin(createOut.outPrivate.buffer, createOut.outPrivate.size);
#endif
@ -1215,7 +1215,7 @@ int wolfTPM2_SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
}
/* Import external private key */
int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey,
int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey,
WOLFTPM2_KEYBLOB* keyBlob, const TPM2B_PUBLIC* pub, TPM2B_SENSITIVE* sens)
{
int rc;
@ -1530,12 +1530,12 @@ int wolfTPM2_LoadEccPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey,
}
XMEMCPY(&keyBlob, key, sizeof(WOLFTPM2_KEY));
rc = wolfTPM2_ImportEccPrivateKey(dev, parentKey, &keyBlob, curveId,
rc = wolfTPM2_ImportEccPrivateKey(dev, parentKey, &keyBlob, curveId,
eccPubX, eccPubXSz, eccPubY, eccPubYSz, eccPriv, eccPrivSz);
if (rc == 0) {
rc = wolfTPM2_LoadKey(dev, &keyBlob, (WOLFTPM2_HANDLE*)&parentKey->handle);
}
/* return loaded key */
XMEMCPY(key, &keyBlob, sizeof(WOLFTPM2_KEY));
@ -2422,7 +2422,7 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int hashAlg, byte* digest,
if (dev == NULL)
return BAD_FUNC_ARG;
/* set session auth to blank */
if (dev->ctx.session) {
wolfTPM2_SetAuthPassword(dev, 0, NULL);
@ -2599,7 +2599,7 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
if (dev == NULL || nv == NULL)
return BAD_FUNC_ARG;
/* set session auth for key */
if (dev->ctx.session) {
wolfTPM2_SetAuthHandle(dev, 0, &nv->handle);
@ -2659,7 +2659,7 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
if (dev == NULL || nv == NULL || pDataSz == NULL)
return BAD_FUNC_ARG;
/* set session auth for key */
if (dev->ctx.session) {
wolfTPM2_SetAuthHandle(dev, 0, &nv->handle);
@ -2903,6 +2903,7 @@ int wolfTPM2_HashStart(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash,
/* Capture usage auth */
if (usageAuthSz > sizeof(hash->handle.auth.buffer))
usageAuthSz = sizeof(hash->handle.auth.buffer);
XMEMSET(hash, 0, sizeof(WOLFTPM2_HASH));
hash->handle.auth.size = usageAuthSz;
XMEMCPY(hash->handle.auth.buffer, usageAuth, usageAuthSz);
@ -3632,6 +3633,10 @@ int wolfTPM2_GetKeyTemplate_Symmetric(TPMT_PUBLIC* publicTemplate, int keyBits,
if (publicTemplate == NULL)
return BAD_FUNC_ARG;
#ifdef WOLFTPM_MCHP
isSign = 0; /* Microchip TPM does not like "sign" set for symmetric keys */
#endif
XMEMSET(publicTemplate, 0, sizeof(TPMT_PUBLIC));
publicTemplate->type = TPM_ALG_SYMCIPHER;
publicTemplate->nameAlg = WOLFTPM2_WRAP_DIGEST;

8
wolftpm/tpm2_param_enc.h
View File

@ -35,13 +35,13 @@ WOLFTPM_API int TPM2_KDFa(
BYTE *key, UINT32 keySz
);
WOLFTPM_LOCAL int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
WOLFTPM_LOCAL int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes,
TPM2B_AUTH* hmac);
WOLFTPM_LOCAL int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
WOLFTPM_LOCAL int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash);
WOLFTPM_LOCAL int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
WOLFTPM_LOCAL int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3,
BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash);

4
wolftpm/tpm2_wrap.h
View File

@ -136,7 +136,7 @@ WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
const TPM2B_NAME* name);
WOLFTPM_API int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index, const TPM2B_AUTH* auth);
WOLFTPM_API int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle);
WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes);
WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev,
@ -167,7 +167,7 @@ WOLFTPM_API int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev,
WOLFTPM_API int wolfTPM2_LoadRsaPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
const byte* rsaPub, word32 rsaPubSz, word32 exponent);
WOLFTPM_API int wolfTPM2_LoadRsaPublicKey_ex(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
const byte* rsaPub, word32 rsaPubSz, word32 exponent,
const byte* rsaPub, word32 rsaPubSz, word32 exponent,
TPMI_ALG_RSA_SCHEME scheme, TPMI_ALG_HASH hashAlg);
WOLFTPM_API int wolfTPM2_ImportRsaPrivateKey(WOLFTPM2_DEV* dev,
const WOLFTPM2_KEY* parentKey, WOLFTPM2_KEYBLOB* keyBlob,