mirror of https://github.com/wolfSSL/wolfTPM.git
Release fixes and cleanups. Fixes for init of `WOLFTPM2_HASH` in `wolfTPM2_HashStart`. Fix for for various build configurations (--disable-wrapper). Fix for Microchip "sign" bit on symmetric keys. Fix for scan-build warnings. Cleanup whitespace.
parent
b1a11c386a
commit
845b3d1da2
|
@ -1,6 +1,6 @@
|
|||
## Release Notes
|
||||
|
||||
### wolfTPM Release 2.0 (12/04/2020)
|
||||
### wolfTPM Release 2.0 (12/07/2020)
|
||||
|
||||
**Summary**
|
||||
|
||||
|
@ -8,7 +8,7 @@ Added AES CFB parameter encryption, HMAC sessions, TPM simulator, Windows TPM (T
|
|||
|
||||
**Detail**
|
||||
|
||||
* Refactor of the session authentication. New TPM2_AUTH_SESSION struct and wolfTPM2_SetAuth API's. (PR #129)
|
||||
* Refactor of the session authentication. New struct `TPM2_AUTH_SESSION` and `wolfTPM2_SetAuth_*` API's. (PR #129)
|
||||
* Added Windows TPM TBSI support (PR #127)
|
||||
* Added TPM simulator support using TPM TCP protocol (PR #121)
|
||||
* Added minGW support (PR #127)
|
||||
|
|
|
@ -91,7 +91,7 @@ TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e
|
|||
Mfg STM (2), Vendor , Fw 74.9 (1151341959), FIPS 140-2 1, CC-EAL4 0
|
||||
|
||||
Microchip ATTPM20
|
||||
TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1
|
||||
TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1
|
||||
Mfg MCHP (3), Vendor , Fw 512.20481 (0), FIPS 140-2 0, CC-EAL4 0
|
||||
|
||||
Nations Technologies Inc. TPM 2.0 module
|
||||
|
@ -432,7 +432,7 @@ ECDHE 256 agree 35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec
|
|||
```
|
||||
./examples/native/native_test
|
||||
TPM2 Demo using Native API's
|
||||
TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
|
||||
TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
|
||||
TPM2_Startup pass
|
||||
TPM2_SelfTest pass
|
||||
TPM2_GetTestResult: Size 12, Rc 0x0
|
||||
|
@ -578,7 +578,7 @@ CCqGSM49BAMCA0gAMEUCIQCR9cbyRt3cbEZUIOBa4GNSRTlgFdB3X1EOwm+cA5/k
|
|||
### TPM2 PKCS 7 Example
|
||||
|
||||
```
|
||||
./examples/pkcs7/pkcs7
|
||||
./examples/pkcs7/pkcs7
|
||||
TPM2 PKCS7 Example
|
||||
PKCS7 Signed Container 1625
|
||||
PKCS7 Container Verified (using TPM)
|
||||
|
|
|
@ -42,4 +42,4 @@ else
|
|||
WARNINGS="all"
|
||||
fi
|
||||
|
||||
autoreconf --install --force --verbose
|
||||
autoreconf --install --force --verbose
|
||||
|
|
|
@ -328,7 +328,7 @@ fi
|
|||
|
||||
# TIS / SPI Check Wait State support
|
||||
# Required for all but Infineon only
|
||||
if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno"
|
||||
if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno"
|
||||
then
|
||||
ENABLED_CHECKWAITSTATE=yes
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_CHECK_WAIT_STATE"
|
||||
|
|
|
@ -129,7 +129,7 @@ This example client connects to localhost on on port 11111 by default. These can
|
|||
|
||||
You can validate using the wolfSSL example server this like:
|
||||
`./examples/server/server -b -p 11111 -g -d -i -V`
|
||||
|
||||
|
||||
To validate client certificate use the following wolfSSL example server command:
|
||||
`./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-rsa-cert.pem -i -V`
|
||||
or
|
||||
|
|
|
@ -129,6 +129,7 @@ static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo,
|
|||
double start;
|
||||
WOLFTPM2_HASH hash;
|
||||
|
||||
XMEMSET(&hash, 0, sizeof(hash));
|
||||
bench_stats_start(&count, &start);
|
||||
do {
|
||||
rc = wolfTPM2_HashStart(dev, &hash, algo,
|
||||
|
@ -185,7 +186,7 @@ static void usage(void)
|
|||
{
|
||||
printf("Expected usage:\n");
|
||||
printf("./examples/bench/bench [-aes/xor]\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
printf("* -aes/xor: Use Parameter Encryption\n");
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
|
@ -257,7 +258,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[])
|
|||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
@ -494,6 +495,8 @@ int main(int argc, char *argv[])
|
|||
rc = TPM2_Wrapper_BenchArgs(NULL, argc, argv);
|
||||
#else
|
||||
printf("Wrapper code not compiled in\n");
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
#endif
|
||||
|
||||
return rc;
|
||||
|
|
|
@ -202,7 +202,7 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
|
|||
&storageKey,
|
||||
&eccKey,
|
||||
&wolfEccKey,
|
||||
tpmDevId,
|
||||
tpmDevId,
|
||||
(byte*)gKeyAuth, sizeof(gKeyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
|
||||
#include <stdio.h>
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN TPM Keygen Example -- */
|
||||
|
@ -117,7 +118,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
|
|||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
@ -139,7 +140,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
|
|||
/* set session for authorization key */
|
||||
auth.size = (int)sizeof(gAiKeyAuth)-1;
|
||||
XMEMCPY(auth.buffer, gAiKeyAuth, auth.size);
|
||||
|
||||
|
||||
}
|
||||
else {
|
||||
if (alg == TPM_ALG_RSA) {
|
||||
|
@ -208,16 +209,22 @@ exit:
|
|||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END TPM Timestamp Test -- */
|
||||
/* --- END TPM Keygen Example -- */
|
||||
/******************************************************************************/
|
||||
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
||||
#ifndef NO_MAIN_DRIVER
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
int rc = NOT_COMPILED_IN;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Keygen_Example(NULL, argc, argv);
|
||||
#else
|
||||
printf("KeyGen code not compiled in\n");
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
#endif
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -31,6 +31,8 @@
|
|||
#include <stdio.h>
|
||||
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN TPM Key Import / Blob Example -- */
|
||||
/******************************************************************************/
|
||||
|
@ -57,7 +59,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
|
|||
size_t fileSz = 0;
|
||||
#endif
|
||||
const char* outputFile = "keyblob.bin";
|
||||
|
||||
|
||||
if (argc >= 2) {
|
||||
if (XSTRNCMP(argv[1], "-?", 2) == 0 ||
|
||||
XSTRNCMP(argv[1], "-h", 2) == 0 ||
|
||||
|
@ -110,7 +112,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
|
|||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
@ -173,16 +175,23 @@ exit:
|
|||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END TPM Timestamp Test -- */
|
||||
/* --- END TPM Key Import / Blob Example -- */
|
||||
/******************************************************************************/
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
||||
|
||||
#ifndef NO_MAIN_DRIVER
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
int rc = NOT_COMPILED_IN;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Keyimport_Example(NULL, argc, argv);
|
||||
#else
|
||||
printf("KeyImport code not compiled in\n");
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
#endif
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -39,6 +39,7 @@
|
|||
#include <stdio.h>
|
||||
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN TPM Key Load Example -- */
|
||||
/******************************************************************************/
|
||||
|
@ -111,7 +112,7 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
|
|||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
@ -191,16 +192,22 @@ exit:
|
|||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END TPM Timestamp Test -- */
|
||||
/* --- END TPM Key Load Example -- */
|
||||
/******************************************************************************/
|
||||
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
||||
#ifndef NO_MAIN_DRIVER
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
int rc = NOT_COMPILED_IN;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Keyload_Example(NULL, argc, argv);
|
||||
#else
|
||||
printf("KeyImport code not compiled in\n");
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
#endif
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -30,7 +30,7 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h> /* atoi */
|
||||
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN TPM2.0 Flush tool -- */
|
||||
/******************************************************************************/
|
||||
|
@ -104,14 +104,20 @@ int TPM2_Flush_Tool(void* userCtx, int argc, char *argv[])
|
|||
/******************************************************************************/
|
||||
/* --- END TPM2.0 PCR Reset example tool -- */
|
||||
/******************************************************************************/
|
||||
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
||||
#ifndef NO_MAIN_DRIVER
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
int rc = NOT_COMPILED_IN;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Flush_Tool(NULL, argc, argv);
|
||||
#else
|
||||
printf("Flush tool not compiled in\n");
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
#endif
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
|
|
@ -486,7 +486,7 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
|
|||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
/* calculate session key */
|
||||
sessionAuth.size = TPM2_GetHashDigestSize(cmdIn.authSes.authHash);
|
||||
rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH",
|
||||
rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH",
|
||||
&cmdOut.authSes.nonceTPM, &cmdIn.authSes.nonceCaller,
|
||||
sessionAuth.buffer, sessionAuth.size);
|
||||
if (rc != sessionAuth.size) {
|
||||
|
@ -494,7 +494,6 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[])
|
|||
rc = TPM_RC_FAILURE;
|
||||
goto exit;
|
||||
}
|
||||
rc = TPM_RC_SUCCESS;
|
||||
#endif
|
||||
printf("TPM2_StartAuthSession: sessionHandle 0x%x\n", (word32)sessionHandle);
|
||||
|
||||
|
@ -1389,9 +1388,8 @@ exit:
|
|||
|
||||
/* Shutdown */
|
||||
cmdIn.shutdown.shutdownType = TPM_SU_CLEAR;
|
||||
rc = TPM2_Shutdown(&cmdIn.shutdown);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Shutdown failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
if (TPM2_Shutdown(&cmdIn.shutdown) != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Shutdown failed\n");
|
||||
}
|
||||
|
||||
TPM2_Cleanup(&tpm2Ctx);
|
||||
|
|
|
@ -162,7 +162,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[])
|
|||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
|
|
@ -329,7 +329,7 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[])
|
|||
#endif
|
||||
rc = wolfTPM2_SetCryptoDevCb(&dev, wolfTPM2_CryptoDevCb, &tpmCtx, &tpmDevId);
|
||||
if (rc < 0) goto exit;
|
||||
|
||||
|
||||
/* get SRK */
|
||||
rc = getPrimaryStoragekey(&dev, &storageKey, TPM_ALG_RSA);
|
||||
if (rc != 0) goto exit;
|
||||
|
|
|
@ -138,7 +138,7 @@ int TPM2_ClockSet_Test(void* userCtx, int argc, char *argv[])
|
|||
#endif
|
||||
newClock = cmdOut.readClock.currentTime.clockInfo.clock;
|
||||
|
||||
printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n",
|
||||
printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n",
|
||||
(long unsigned int)oldClock, (long unsigned int)newClock);
|
||||
|
||||
exit:
|
||||
|
|
|
@ -272,12 +272,14 @@ exit:
|
|||
#ifndef NO_MAIN_DRIVER
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int rc = -1;
|
||||
int rc = NOT_COMPILED_IN;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Timestamp_TestArgs(NULL, argc, argv);
|
||||
#else
|
||||
printf("Wrapper code not compiled in\n");
|
||||
(void)argc;
|
||||
(void)argv;
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
||||
return rc;
|
||||
|
|
|
@ -58,8 +58,8 @@
|
|||
*
|
||||
* This example client connects to localhost on on port 11111 by default.
|
||||
* These can be overriden using `TLS_HOST` and `TLS_PORT`.
|
||||
*
|
||||
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
|
||||
*
|
||||
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
|
||||
* or the TLS_USE_ECC build option is used.
|
||||
*
|
||||
* You can validate using the wolfSSL example server this like:
|
||||
|
@ -198,7 +198,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
|
|||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
@ -295,7 +295,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
|
|||
rc = -1;
|
||||
goto exit;
|
||||
#endif /* !NO_RSA */
|
||||
}
|
||||
}
|
||||
else {
|
||||
#ifdef HAVE_ECC
|
||||
if (wolfSSL_CTX_load_verify_locations(ctx, "./certs/ca-ecc-cert.pem",
|
||||
|
@ -317,7 +317,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
|
|||
#endif /* !NO_FILESYSTEM */
|
||||
|
||||
/* Client Key (Mutual Authentication) */
|
||||
/* Note: Client will not send a client certificate unless a private key is
|
||||
/* Note: Client will not send a client certificate unless a private key is
|
||||
* set, so we use a fake "DUMMY" key tell wolfSSL to send certificate.
|
||||
* The crypto callback will detect use of the dummy key using myTpmCheckKey
|
||||
*/
|
||||
|
|
|
@ -50,12 +50,12 @@
|
|||
* Run ./certs/certreq.sh
|
||||
* Result is: ./certs/server-rsa-cert.pem and ./certs/server-ecc-cert.pem
|
||||
*
|
||||
* This example server listens on port 11111 by default, but can be set at
|
||||
* This example server listens on port 11111 by default, but can be set at
|
||||
* build-time using `TLS_PORT`.
|
||||
*
|
||||
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
|
||||
* By default this example will loads RSA keys unless RSA is disabled (NO_RSA)
|
||||
* or the TLS_USE_ECC build option is used.
|
||||
*
|
||||
*
|
||||
* You can validate using the wolfSSL example client this like:
|
||||
* ./examples/client/client -h localhost -p 11111 -g -d
|
||||
*
|
||||
|
@ -210,10 +210,10 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
|
|||
(word32)tpmSession.handle.hndl);
|
||||
|
||||
/* set session for authorization of the storage key */
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession,
|
||||
(TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession));
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
if (!useECC) {
|
||||
|
|
|
@ -561,7 +561,7 @@
|
|||
#define XSpiPs_RecvByte(BaseAddress) \
|
||||
XSpiPs_In32((u32)((BaseAddress) + (u32)XSPIPS_RXD_OFFSET))
|
||||
|
||||
/* Modified version of XSpiPs_PolledTransfer that allows enable and CS to
|
||||
/* Modified version of XSpiPs_PolledTransfer that allows enable and CS to
|
||||
* be used across multiple transfers */
|
||||
static s32 TPM2_IoCb_Xilinx_SPITransfer(XSpiPs *InstancePtr, u8 *SendBufPtr,
|
||||
u8 *RecvBufPtr, u32 ByteCount)
|
||||
|
@ -585,10 +585,10 @@
|
|||
|
||||
/* Fill the TXFIFO with as many bytes as it will take (or as
|
||||
* many as we have to send). */
|
||||
while ((InstancePtr->RemainingBytes > (u32)0U) &&
|
||||
while ((InstancePtr->RemainingBytes > (u32)0U) &&
|
||||
((u32)TransCount < (u32)XSPIPS_FIFO_DEPTH))
|
||||
{
|
||||
XSpiPs_SendByte(InstancePtr->Config.BaseAddress,
|
||||
XSpiPs_SendByte(InstancePtr->Config.BaseAddress,
|
||||
*InstancePtr->SendBufferPtr);
|
||||
InstancePtr->SendBufferPtr += 1;
|
||||
InstancePtr->RemainingBytes--;
|
||||
|
@ -597,24 +597,24 @@
|
|||
|
||||
/* If master mode and manual start mode, issue manual start
|
||||
* command to start the transfer. */
|
||||
if ((XSpiPs_IsManualStart(InstancePtr) == TRUE) &&
|
||||
if ((XSpiPs_IsManualStart(InstancePtr) == TRUE) &&
|
||||
(XSpiPs_IsMaster(InstancePtr) == TRUE))
|
||||
{
|
||||
ConfigReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
|
||||
ConfigReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
|
||||
XSPIPS_CR_OFFSET);
|
||||
ConfigReg |= XSPIPS_CR_MANSTRT_MASK;
|
||||
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
|
||||
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
|
||||
XSPIPS_CR_OFFSET, ConfigReg);
|
||||
}
|
||||
|
||||
/* Wait for the transfer to finish by polling Tx fifo status. */
|
||||
CheckTransfer = (u32)0U;
|
||||
while (CheckTransfer == 0U) {
|
||||
StatusReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
|
||||
StatusReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress,
|
||||
XSPIPS_SR_OFFSET);
|
||||
if ((StatusReg & XSPIPS_IXR_MODF_MASK) != 0U) {
|
||||
/* Clear the mode fail bit */
|
||||
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
|
||||
XSpiPs_WriteReg(InstancePtr->Config.BaseAddress,
|
||||
XSPIPS_SR_OFFSET, XSPIPS_IXR_MODF_MASK);
|
||||
return (s32)XST_SEND_ERROR;
|
||||
}
|
||||
|
@ -661,14 +661,14 @@
|
|||
if (SpiConfig == NULL) {
|
||||
return TPM_RC_FAILURE;
|
||||
}
|
||||
status = XSpiPs_CfgInitialize(&SpiInstance, SpiConfig,
|
||||
status = XSpiPs_CfgInitialize(&SpiInstance, SpiConfig,
|
||||
SpiConfig->BaseAddress);
|
||||
if (status != XST_SUCCESS) {
|
||||
return TPM_RC_FAILURE;
|
||||
}
|
||||
|
||||
/* Set the SPI device as a master */
|
||||
XSpiPs_SetOptions(&SpiInstance, XSPIPS_MASTER_OPTION |
|
||||
XSpiPs_SetOptions(&SpiInstance, XSPIPS_MASTER_OPTION |
|
||||
XSPIPS_FORCE_SSELECT_OPTION | XSPIPS_MANUAL_START_OPTION);
|
||||
XSpiPs_SetClkPrescaler(&SpiInstance, XSPIPS_CLK_PRESCALE_8);
|
||||
|
||||
|
@ -680,7 +680,7 @@
|
|||
|
||||
#ifdef WOLFTPM_CHECK_WAIT_STATE
|
||||
/* Send Header */
|
||||
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
|
||||
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
|
||||
(byte*)txBuf, rxBuf, TPM_TIS_HEADER_SZ);
|
||||
if (status != XST_SUCCESS) {
|
||||
XSpiPs_SetSlaveSelect(&SpiInstance, 0xF); /* deselect CS (set high) */
|
||||
|
@ -692,7 +692,7 @@
|
|||
if ((rxBuf[TPM_TIS_HEADER_SZ-1] & TPM_TIS_READY_MASK) == 0) {
|
||||
do {
|
||||
/* Check for SPI ready */
|
||||
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
|
||||
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
|
||||
(byte*)txBuf, rxBuf, 1);
|
||||
if (status == XST_SUCCESS && rxBuf[0] & TPM_TIS_READY_MASK)
|
||||
break;
|
||||
|
@ -714,7 +714,7 @@
|
|||
xferSz - TPM_TIS_HEADER_SZ);
|
||||
#else
|
||||
/* Send Entire Message - no wait states */
|
||||
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
|
||||
status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance,
|
||||
(byte*)txBuf, rxBuf, xferSz);
|
||||
#endif /* WOLFTPM_CHECK_WAIT_STATE */
|
||||
if (status == XST_SUCCESS) {
|
||||
|
|
|
@ -33,6 +33,8 @@
|
|||
#define RSA_FILENAME "rsa_test_blob.raw"
|
||||
#define ECC_FILENAME "ecc_test_blob.raw"
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
|
||||
#if 0
|
||||
static int writeKeyBlob(const char* filename,
|
||||
WOLFTPM2_KEYBLOB* key)
|
||||
|
@ -150,7 +152,6 @@ static int readAndLoadKey(WOLFTPM2_DEV* pDev,
|
|||
return rc;
|
||||
}
|
||||
|
||||
#if !defined(WOLFTPM2_NO_WRAPPER)
|
||||
int getPrimaryStoragekey(WOLFTPM2_DEV* pDev,
|
||||
WOLFTPM2_KEY* pStorageKey,
|
||||
TPM_ALG_ID alg)
|
||||
|
@ -161,7 +162,7 @@ int getPrimaryStoragekey(WOLFTPM2_DEV* pDev,
|
|||
rc = wolfTPM2_ReadPublicKey(pDev, pStorageKey, TPM2_DEMO_STORAGE_KEY_HANDLE);
|
||||
if (rc != 0) {
|
||||
/* Create primary storage key */
|
||||
rc = wolfTPM2_CreateSRK(pDev, pStorageKey, alg,
|
||||
rc = wolfTPM2_CreateSRK(pDev, pStorageKey, alg,
|
||||
(byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1);
|
||||
#ifndef WOLFTPM_WINAPI
|
||||
if (rc == TPM_RC_SUCCESS) {
|
||||
|
@ -262,4 +263,4 @@ int getECCkey(WOLFTPM2_DEV* pDev,
|
|||
return rc;
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
#endif /* !defined(WOLFTPM2_NO_WRAPPER) */
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
#ifndef _TPM_TEST_KEYS_H_
|
||||
#define _TPM_TEST_KEYS_H_
|
||||
|
||||
#if !defined(WOLFTPM2_NO_WRAPPER)
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
#include <wolftpm/tpm2.h>
|
||||
#include <wolftpm/tpm2_wrap.h>
|
||||
|
||||
|
|
30
src/tpm2.c
30
src/tpm2.c
|
@ -117,7 +117,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
TPM2_Packet_ParseU32(packet, &authSz);
|
||||
authPos = packet->pos; /* mark position for start of auth */
|
||||
packet->pos += authSz;
|
||||
|
||||
|
||||
/* Mark parameter data */
|
||||
param = &packet->buf[packet->pos];
|
||||
paramSz = cmdSz - packet->pos;
|
||||
|
@ -137,7 +137,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
|
||||
#ifdef WOLFTPM_DEBUG_VERBOSE
|
||||
printf("CommandProcess: Handles (Auth %d, In %d), CmdSz %d, AuthSz %d, ParamSz %d, EncSz %d\n",
|
||||
printf("CommandProcess: Handles (Auth %d, In %d), CmdSz %d, AuthSz %d, ParamSz %d, EncSz %d\n",
|
||||
info->authCnt, info->inHandleCnt, cmdSz, authSz, paramSz, encParamSz);
|
||||
#else
|
||||
(void)paramSz;
|
||||
|
@ -149,7 +149,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
|
||||
if (session->sessionHandle != TPM_RS_PW) {
|
||||
/* Generate fresh nonce */
|
||||
rc = TPM2_GetNonce(session->nonceCaller.buffer,
|
||||
rc = TPM2_GetNonce(session->nonceCaller.buffer,
|
||||
session->nonceCaller.size);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
return rc;
|
||||
|
@ -198,7 +198,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
|
||||
/* calculate "cpHash" hash for command code, names and parameters */
|
||||
rc = TPM2_CalcCpHash(session->authHash, cmdCode, &name1,
|
||||
rc = TPM2_CalcCpHash(session->authHash, cmdCode, &name1,
|
||||
&name2, &name3, param, paramSz, &hash);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
|
@ -208,8 +208,8 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
/* Calculate HMAC for policy, hmac or salted sessions */
|
||||
/* this is done after encryption */
|
||||
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
|
||||
&session->nonceCaller, &session->nonceTPM,
|
||||
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
|
||||
&session->nonceCaller, &session->nonceTPM,
|
||||
authCmd.sessionAttributes, &authCmd.hmac);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
|
@ -229,14 +229,14 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
return rc;
|
||||
}
|
||||
|
||||
static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
||||
static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
||||
CmdInfo_t* info, TPM_CC cmdCode, UINT32 respSz)
|
||||
{
|
||||
int rc = TPM_RC_SUCCESS;
|
||||
BYTE *param, *decParam = NULL;
|
||||
UINT32 paramSz, decParamSz = 0, authPos;
|
||||
int i;
|
||||
|
||||
|
||||
/* Skip the header output handles */
|
||||
packet->pos = TPM2_HEADER_SIZE + (info->outHandleCnt * sizeof(TPM_HANDLE));
|
||||
|
||||
|
@ -280,7 +280,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
/* update nonceTPM */
|
||||
if (authRsp.nonce.size > 0) {
|
||||
session->nonceTPM.size = authRsp.nonce.size;
|
||||
XMEMCPY(session->nonceTPM.buffer, authRsp.nonce.buffer,
|
||||
XMEMCPY(session->nonceTPM.buffer, authRsp.nonce.buffer,
|
||||
authRsp.nonce.size);
|
||||
}
|
||||
|
||||
|
@ -300,8 +300,8 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
|
||||
/* Calculate HMAC prior to decryption */
|
||||
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
|
||||
&session->nonceTPM, &session->nonceCaller,
|
||||
rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash,
|
||||
&session->nonceTPM, &session->nonceCaller,
|
||||
authRsp.sessionAttributes, &hmac);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
|
@ -311,7 +311,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
}
|
||||
|
||||
/* Verify HMAC */
|
||||
if (hmac.size != authRsp.hmac.size ||
|
||||
if (hmac.size != authRsp.hmac.size ||
|
||||
XMEMCMP(hmac.buffer, authRsp.hmac.buffer, hmac.size) != 0) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
printf("Response HMAC verification failed!\n");
|
||||
|
@ -339,7 +339,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
return rc;
|
||||
}
|
||||
|
||||
static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet,
|
||||
static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet,
|
||||
CmdInfo_t* info)
|
||||
{
|
||||
TPM_RC rc = TPM_RC_FAILURE;
|
||||
|
@ -370,7 +370,7 @@ static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet,
|
|||
#ifdef WOLFTPM_DEBUG_VERBOSE
|
||||
printf("Found %d auth sessions\n", info->authCnt);
|
||||
#endif
|
||||
|
||||
|
||||
rc = TPM2_CommandProcess(ctx, packet, info, cmdCode, cmdSz);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
|
@ -2001,7 +2001,7 @@ TPM_RC TPM2_ZGen_2Phase(ZGen_2Phase_In* in, ZGen_2Phase_Out* out)
|
|||
return rc;
|
||||
}
|
||||
|
||||
/* Deprecated version, use TPM2_EncryptDecrypt2 because it allows
|
||||
/* Deprecated version, use TPM2_EncryptDecrypt2 because it allows
|
||||
encryption of the input data */
|
||||
TPM_RC TPM2_EncryptDecrypt(EncryptDecrypt_In* in, EncryptDecrypt_Out* out)
|
||||
{
|
||||
|
|
|
@ -192,7 +192,7 @@ exit:
|
|||
|
||||
/* Perform XOR encryption over the first parameter of a TPM packet */
|
||||
static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
UINT32 paramSz)
|
||||
{
|
||||
int rc = TPM_RC_FAILURE;
|
||||
|
@ -227,7 +227,7 @@ static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
|||
|
||||
/* Perform XOR decryption over the first parameter of a TPM packet */
|
||||
static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
UINT32 paramSz)
|
||||
{
|
||||
int rc = TPM_RC_FAILURE;
|
||||
|
@ -240,7 +240,7 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
|||
|
||||
/* Generate XOR Mask stream matching paramater size */
|
||||
XMEMSET(mask.buffer, 0, sizeof(mask.buffer));
|
||||
rc = TPM2_KDFa(session->authHash, (TPM2B_DATA*)keyIn, "XOR",
|
||||
rc = TPM2_KDFa(session->authHash, (TPM2B_DATA*)keyIn, "XOR",
|
||||
nonceTPM, nonceCaller, mask.buffer, paramSz);
|
||||
if ((UINT32)rc != paramSz) {
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
|
@ -262,7 +262,7 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
|||
#ifdef WOLFSSL_AES_CFB
|
||||
/* Perform AES CFB encryption over the first parameter of a TPM packet */
|
||||
static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
UINT32 paramSz)
|
||||
{
|
||||
int rc = TPM_RC_FAILURE;
|
||||
|
@ -307,7 +307,7 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
|||
|
||||
/* Perform AES CFB decryption over the first parameter of a TPM packet */
|
||||
static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData,
|
||||
UINT32 paramSz)
|
||||
{
|
||||
int rc = TPM_RC_FAILURE;
|
||||
|
@ -358,7 +358,7 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
|
|||
#ifndef WOLFTPM2_NO_WOLFCRYPT
|
||||
/* Compute the command parameter hash */
|
||||
/* TCG TPM 2.0 Part 1 - 18.7 Command Parameter Hash cpHash */
|
||||
int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
|
||||
int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
|
||||
TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3,
|
||||
BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash)
|
||||
{
|
||||
|
@ -408,7 +408,7 @@ int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
|
|||
|
||||
/* Compute the response parameter hash */
|
||||
/* TCG TPM 2.0 Part 1 - 18.8 Response Parameter Hash rpHash */
|
||||
int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
||||
int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
||||
TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash)
|
||||
{
|
||||
int rc;
|
||||
|
@ -430,7 +430,7 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
|||
/* Hash Response Code - HMAC only calculated with success - always 0 */
|
||||
ccSwap = 0;
|
||||
rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap));
|
||||
|
||||
|
||||
/* Hash Command Code */
|
||||
if (rc == 0) {
|
||||
ccSwap = TPM2_Packet_SwapU32(cmdCode);
|
||||
|
@ -457,8 +457,8 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
|||
|
||||
/* Compute the HMAC using cpHash, nonces and session attributes */
|
||||
/* TCG TPM 2.0 Part 1 - 19.6.5 - HMAC Computation */
|
||||
int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
|
||||
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
|
||||
int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
|
||||
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
|
||||
const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes,
|
||||
TPM2B_AUTH* hmac)
|
||||
{
|
||||
|
@ -544,7 +544,7 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session,
|
|||
&session->nonceTPM, paramData, paramSz);
|
||||
}
|
||||
#ifdef WOLFSSL_AES_CFB
|
||||
else if (session->symmetric.algorithm == TPM_ALG_AES &&
|
||||
else if (session->symmetric.algorithm == TPM_ALG_AES &&
|
||||
session->symmetric.mode.aes == TPM_ALG_CFB) {
|
||||
rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonceCaller,
|
||||
&session->nonceTPM, paramData, paramSz);
|
||||
|
|
|
@ -370,7 +370,7 @@ int wolfTPM2_GetCapabilities(WOLFTPM2_DEV* dev, WOLFTPM2_CAPS* cap)
|
|||
}
|
||||
|
||||
int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
|
||||
TPM_HANDLE sessionHandle, const TPM2B_AUTH* auth,
|
||||
TPM_HANDLE sessionHandle, const TPM2B_AUTH* auth,
|
||||
TPMA_SESSION sessionAttributes, const TPM2B_NAME* name)
|
||||
{
|
||||
TPM2_AUTH_SESSION* session;
|
||||
|
@ -397,13 +397,13 @@ int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
|
|||
return TPM_RC_SUCCESS;
|
||||
}
|
||||
|
||||
int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index,
|
||||
int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index,
|
||||
const TPM2B_AUTH* auth)
|
||||
{
|
||||
return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, NULL);
|
||||
}
|
||||
|
||||
int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
|
||||
int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
|
||||
const WOLFTPM2_HANDLE* handle)
|
||||
{
|
||||
const TPM2B_AUTH* auth = NULL;
|
||||
|
@ -415,7 +415,7 @@ int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index,
|
|||
return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, name);
|
||||
}
|
||||
|
||||
int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
|
||||
int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
|
||||
const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes)
|
||||
{
|
||||
int rc;
|
||||
|
@ -444,7 +444,7 @@ int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
|
|||
|
||||
/* Capture TPM provided nonce */
|
||||
session->nonceTPM.size = tpmSession->nonceTPM.size;
|
||||
XMEMCPY(session->nonceTPM.buffer, tpmSession->nonceTPM.buffer,
|
||||
XMEMCPY(session->nonceTPM.buffer, tpmSession->nonceTPM.buffer,
|
||||
session->nonceTPM.size);
|
||||
}
|
||||
return rc;
|
||||
|
@ -657,7 +657,7 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
|
|||
authSesIn.symmetric.keyBits.aes = 128;
|
||||
authSesIn.symmetric.mode.aes = TPM_ALG_CFB;
|
||||
}
|
||||
else
|
||||
else
|
||||
#endif
|
||||
if (encDecAlg == TPM_ALG_XOR) {
|
||||
authSesIn.symmetric.algorithm = TPM_ALG_XOR;
|
||||
|
@ -708,10 +708,10 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session,
|
|||
XMEMCPY(&keyIn.buffer[keyIn.size], session->salt.buffer, session->salt.size);
|
||||
keyIn.size += session->salt.size;
|
||||
}
|
||||
|
||||
|
||||
if (keyIn.size > 0) {
|
||||
session->handle.auth.size = hashDigestSz;
|
||||
rc = TPM2_KDFa(authSesIn.authHash, &keyIn, "ATH",
|
||||
rc = TPM2_KDFa(authSesIn.authHash, &keyIn, "ATH",
|
||||
&authSesOut.nonceTPM, &authSesIn.nonceCaller,
|
||||
session->handle.auth.buffer, session->handle.auth.size);
|
||||
if (rc != hashDigestSz) {
|
||||
|
@ -845,7 +845,7 @@ int wolfTPM2_ChangeAuthKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
|
|||
|
||||
/* set session auth for parent key */
|
||||
wolfTPM2_SetAuthHandle(dev, 0, parent);
|
||||
|
||||
|
||||
/* Load new key */
|
||||
XMEMSET(&loadIn, 0, sizeof(loadIn));
|
||||
loadIn.parentHandle = parent->hndl;
|
||||
|
@ -910,7 +910,7 @@ int wolfTPM2_CreateKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEYBLOB* keyBlob,
|
|||
}
|
||||
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
printf("TPM2_Create key: pub %d, priv %d\n",
|
||||
printf("TPM2_Create key: pub %d, priv %d\n",
|
||||
createOut.outPublic.size, createOut.outPrivate.size);
|
||||
TPM2_PrintBin(createOut.outPrivate.buffer, createOut.outPrivate.size);
|
||||
#endif
|
||||
|
@ -1215,7 +1215,7 @@ int wolfTPM2_SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
|
|||
}
|
||||
|
||||
/* Import external private key */
|
||||
int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey,
|
||||
int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey,
|
||||
WOLFTPM2_KEYBLOB* keyBlob, const TPM2B_PUBLIC* pub, TPM2B_SENSITIVE* sens)
|
||||
{
|
||||
int rc;
|
||||
|
@ -1530,12 +1530,12 @@ int wolfTPM2_LoadEccPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey,
|
|||
}
|
||||
|
||||
XMEMCPY(&keyBlob, key, sizeof(WOLFTPM2_KEY));
|
||||
rc = wolfTPM2_ImportEccPrivateKey(dev, parentKey, &keyBlob, curveId,
|
||||
rc = wolfTPM2_ImportEccPrivateKey(dev, parentKey, &keyBlob, curveId,
|
||||
eccPubX, eccPubXSz, eccPubY, eccPubYSz, eccPriv, eccPrivSz);
|
||||
if (rc == 0) {
|
||||
rc = wolfTPM2_LoadKey(dev, &keyBlob, (WOLFTPM2_HANDLE*)&parentKey->handle);
|
||||
}
|
||||
|
||||
|
||||
/* return loaded key */
|
||||
XMEMCPY(key, &keyBlob, sizeof(WOLFTPM2_KEY));
|
||||
|
||||
|
@ -2422,7 +2422,7 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int hashAlg, byte* digest,
|
|||
|
||||
if (dev == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
|
||||
/* set session auth to blank */
|
||||
if (dev->ctx.session) {
|
||||
wolfTPM2_SetAuthPassword(dev, 0, NULL);
|
||||
|
@ -2599,7 +2599,7 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
|
|||
|
||||
if (dev == NULL || nv == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
|
||||
/* set session auth for key */
|
||||
if (dev->ctx.session) {
|
||||
wolfTPM2_SetAuthHandle(dev, 0, &nv->handle);
|
||||
|
@ -2659,7 +2659,7 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv,
|
|||
|
||||
if (dev == NULL || nv == NULL || pDataSz == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
|
||||
/* set session auth for key */
|
||||
if (dev->ctx.session) {
|
||||
wolfTPM2_SetAuthHandle(dev, 0, &nv->handle);
|
||||
|
@ -2903,6 +2903,7 @@ int wolfTPM2_HashStart(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash,
|
|||
/* Capture usage auth */
|
||||
if (usageAuthSz > sizeof(hash->handle.auth.buffer))
|
||||
usageAuthSz = sizeof(hash->handle.auth.buffer);
|
||||
XMEMSET(hash, 0, sizeof(WOLFTPM2_HASH));
|
||||
hash->handle.auth.size = usageAuthSz;
|
||||
XMEMCPY(hash->handle.auth.buffer, usageAuth, usageAuthSz);
|
||||
|
||||
|
@ -3632,6 +3633,10 @@ int wolfTPM2_GetKeyTemplate_Symmetric(TPMT_PUBLIC* publicTemplate, int keyBits,
|
|||
if (publicTemplate == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
#ifdef WOLFTPM_MCHP
|
||||
isSign = 0; /* Microchip TPM does not like "sign" set for symmetric keys */
|
||||
#endif
|
||||
|
||||
XMEMSET(publicTemplate, 0, sizeof(TPMT_PUBLIC));
|
||||
publicTemplate->type = TPM_ALG_SYMCIPHER;
|
||||
publicTemplate->nameAlg = WOLFTPM2_WRAP_DIGEST;
|
||||
|
|
|
@ -35,13 +35,13 @@ WOLFTPM_API int TPM2_KDFa(
|
|||
BYTE *key, UINT32 keySz
|
||||
);
|
||||
|
||||
WOLFTPM_LOCAL int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
|
||||
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
|
||||
WOLFTPM_LOCAL int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth,
|
||||
const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew,
|
||||
const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes,
|
||||
TPM2B_AUTH* hmac);
|
||||
WOLFTPM_LOCAL int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
||||
WOLFTPM_LOCAL int TPM2_CalcRpHash(TPMI_ALG_HASH authHash,
|
||||
TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash);
|
||||
WOLFTPM_LOCAL int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
|
||||
WOLFTPM_LOCAL int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
|
||||
TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3,
|
||||
BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash);
|
||||
|
||||
|
|
|
@ -136,7 +136,7 @@ WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
|
|||
const TPM2B_NAME* name);
|
||||
WOLFTPM_API int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index, const TPM2B_AUTH* auth);
|
||||
WOLFTPM_API int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle);
|
||||
WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
|
||||
WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
|
||||
const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes);
|
||||
|
||||
WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev,
|
||||
|
@ -167,7 +167,7 @@ WOLFTPM_API int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev,
|
|||
WOLFTPM_API int wolfTPM2_LoadRsaPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
|
||||
const byte* rsaPub, word32 rsaPubSz, word32 exponent);
|
||||
WOLFTPM_API int wolfTPM2_LoadRsaPublicKey_ex(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
|
||||
const byte* rsaPub, word32 rsaPubSz, word32 exponent,
|
||||
const byte* rsaPub, word32 rsaPubSz, word32 exponent,
|
||||
TPMI_ALG_RSA_SCHEME scheme, TPMI_ALG_HASH hashAlg);
|
||||
WOLFTPM_API int wolfTPM2_ImportRsaPrivateKey(WOLFTPM2_DEV* dev,
|
||||
const WOLFTPM2_KEY* parentKey, WOLFTPM2_KEYBLOB* keyBlob,
|
||||
|
|
Loading…
Reference in New Issue