From 845b3d1da2c15ff825182b5490bb64a50ab8e350 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 7 Dec 2020 11:01:02 -0800 Subject: [PATCH] Release fixes and cleanups. Fixes for init of `WOLFTPM2_HASH` in `wolfTPM2_HashStart`. Fix for for various build configurations (--disable-wrapper). Fix for Microchip "sign" bit on symmetric keys. Fix for scan-build warnings. Cleanup whitespace. --- ChangeLog.md | 4 +-- README.md | 6 ++--- autogen.sh | 2 +- configure.ac | 2 +- examples/README.md | 2 +- examples/bench/bench.c | 7 +++-- examples/csr/csr.c | 2 +- examples/keygen/keygen.c | 17 ++++++++---- examples/keygen/keyimport.c | 17 +++++++++--- examples/keygen/keyload.c | 15 ++++++++--- examples/management/flush.c | 12 ++++++--- examples/native/native_test.c | 8 +++--- examples/pcr/quote.c | 2 +- examples/pkcs7/pkcs7.c | 2 +- examples/timestamp/clock_set.c | 2 +- examples/timestamp/signed_timestamp.c | 4 ++- examples/tls/tls_client.c | 10 ++++---- examples/tls/tls_server.c | 10 ++++---- examples/tpm_io.c | 26 +++++++++---------- examples/tpm_test_keys.c | 7 ++--- examples/tpm_test_keys.h | 2 +- src/tpm2.c | 30 +++++++++++----------- src/tpm2_param_enc.c | 22 ++++++++-------- src/tpm2_wrap.c | 37 +++++++++++++++------------ wolftpm/tpm2_param_enc.h | 8 +++--- wolftpm/tpm2_wrap.h | 4 +-- 26 files changed, 149 insertions(+), 111 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index 96678ac..1cf95e5 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,6 +1,6 @@ ## Release Notes -### wolfTPM Release 2.0 (12/04/2020) +### wolfTPM Release 2.0 (12/07/2020) **Summary** @@ -8,7 +8,7 @@ Added AES CFB parameter encryption, HMAC sessions, TPM simulator, Windows TPM (T **Detail** -* Refactor of the session authentication. New TPM2_AUTH_SESSION struct and wolfTPM2_SetAuth API's. (PR #129) +* Refactor of the session authentication. New struct `TPM2_AUTH_SESSION` and `wolfTPM2_SetAuth_*` API's. (PR #129) * Added Windows TPM TBSI support (PR #127) * Added TPM simulator support using TPM TCP protocol (PR #121) * Added minGW support (PR #127) diff --git a/README.md b/README.md index 59d688f..047c6d7 100644 --- a/README.md +++ b/README.md @@ -91,7 +91,7 @@ TPM2: Caps 0x1a7e2882, Did 0x0000, Vid 0x104a, Rid 0x4e Mfg STM (2), Vendor , Fw 74.9 (1151341959), FIPS 140-2 1, CC-EAL4 0 Microchip ATTPM20 -TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1 +TPM2: Caps 0x30000695, Did 0x3205, Vid 0x1114, Rid 0x 1 Mfg MCHP (3), Vendor , Fw 512.20481 (0), FIPS 140-2 0, CC-EAL4 0 Nations Technologies Inc. TPM 2.0 module @@ -432,7 +432,7 @@ ECDHE 256 agree 35 ops took 1.029 sec, avg 29.402 ms, 34.011 ops/sec ``` ./examples/native/native_test TPM2 Demo using Native API's -TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e +TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e TPM2_Startup pass TPM2_SelfTest pass TPM2_GetTestResult: Size 12, Rc 0x0 @@ -578,7 +578,7 @@ CCqGSM49BAMCA0gAMEUCIQCR9cbyRt3cbEZUIOBa4GNSRTlgFdB3X1EOwm+cA5/k ### TPM2 PKCS 7 Example ``` -./examples/pkcs7/pkcs7 +./examples/pkcs7/pkcs7 TPM2 PKCS7 Example PKCS7 Signed Container 1625 PKCS7 Container Verified (using TPM) diff --git a/autogen.sh b/autogen.sh index e82b4f6..2ba18ae 100755 --- a/autogen.sh +++ b/autogen.sh @@ -42,4 +42,4 @@ else WARNINGS="all" fi -autoreconf --install --force --verbose +autoreconf --install --force --verbose diff --git a/configure.ac b/configure.ac index ce586b6..e179b98 100644 --- a/configure.ac +++ b/configure.ac @@ -328,7 +328,7 @@ fi # TIS / SPI Check Wait State support # Required for all but Infineon only -if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno" +if test "x$ENABLED_CHECKWAITSTATE" = "xyes" || test "x$ENABLED_AUTODETECT" = "xyes" || test "x$ENABLED_INFINEON" = "xno" then ENABLED_CHECKWAITSTATE=yes AM_CFLAGS="$AM_CFLAGS -DWOLFTPM_CHECK_WAIT_STATE" diff --git a/examples/README.md b/examples/README.md index 548c23c..b3abfbf 100644 --- a/examples/README.md +++ b/examples/README.md @@ -129,7 +129,7 @@ This example client connects to localhost on on port 11111 by default. These can You can validate using the wolfSSL example server this like: `./examples/server/server -b -p 11111 -g -d -i -V` - + To validate client certificate use the following wolfSSL example server command: `./examples/server/server -b -p 11111 -g -A ./certs/tpm-ca-rsa-cert.pem -i -V` or diff --git a/examples/bench/bench.c b/examples/bench/bench.c index de52ecd..f8f8c9f 100644 --- a/examples/bench/bench.c +++ b/examples/bench/bench.c @@ -129,6 +129,7 @@ static int bench_sym_hash(WOLFTPM2_DEV* dev, const char* desc, int algo, double start; WOLFTPM2_HASH hash; + XMEMSET(&hash, 0, sizeof(hash)); bench_stats_start(&count, &start); do { rc = wolfTPM2_HashStart(dev, &hash, algo, @@ -185,7 +186,7 @@ static void usage(void) { printf("Expected usage:\n"); printf("./examples/bench/bench [-aes/xor]\n"); - printf("* -aes/xor: Use Parameter Encryption\n"); + printf("* -aes/xor: Use Parameter Encryption\n"); } /******************************************************************************/ @@ -257,7 +258,7 @@ int TPM2_Wrapper_BenchArgs(void* userCtx, int argc, char *argv[]) (word32)tpmSession.handle.hndl); /* set session for authorization of the storage key */ - rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, + rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; } @@ -494,6 +495,8 @@ int main(int argc, char *argv[]) rc = TPM2_Wrapper_BenchArgs(NULL, argc, argv); #else printf("Wrapper code not compiled in\n"); + (void)argc; + (void)argv; #endif return rc; diff --git a/examples/csr/csr.c b/examples/csr/csr.c index 2ac8865..8fce7d9 100644 --- a/examples/csr/csr.c +++ b/examples/csr/csr.c @@ -202,7 +202,7 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[]) &storageKey, &eccKey, &wolfEccKey, - tpmDevId, + tpmDevId, (byte*)gKeyAuth, sizeof(gKeyAuth)-1); if (rc != 0) goto exit; diff --git a/examples/keygen/keygen.c b/examples/keygen/keygen.c index d7ea1fd..9c9043d 100644 --- a/examples/keygen/keygen.c +++ b/examples/keygen/keygen.c @@ -30,6 +30,7 @@ #include +#ifndef WOLFTPM2_NO_WRAPPER /******************************************************************************/ /* --- BEGIN TPM Keygen Example -- */ @@ -117,7 +118,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[]) (word32)tpmSession.handle.hndl); /* set session for authorization of the storage key */ - rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, + rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; } @@ -139,7 +140,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[]) /* set session for authorization key */ auth.size = (int)sizeof(gAiKeyAuth)-1; XMEMCPY(auth.buffer, gAiKeyAuth, auth.size); - + } else { if (alg == TPM_ALG_RSA) { @@ -208,16 +209,22 @@ exit: } /******************************************************************************/ -/* --- END TPM Timestamp Test -- */ +/* --- END TPM Keygen Example -- */ /******************************************************************************/ - +#endif /* !WOLFTPM2_NO_WRAPPER */ #ifndef NO_MAIN_DRIVER int main(int argc, char *argv[]) { - int rc; + int rc = NOT_COMPILED_IN; +#ifndef WOLFTPM2_NO_WRAPPER rc = TPM2_Keygen_Example(NULL, argc, argv); +#else + printf("KeyGen code not compiled in\n"); + (void)argc; + (void)argv; +#endif return rc; } diff --git a/examples/keygen/keyimport.c b/examples/keygen/keyimport.c index b922afa..b6af55c 100644 --- a/examples/keygen/keyimport.c +++ b/examples/keygen/keyimport.c @@ -31,6 +31,8 @@ #include +#ifndef WOLFTPM2_NO_WRAPPER + /******************************************************************************/ /* --- BEGIN TPM Key Import / Blob Example -- */ /******************************************************************************/ @@ -57,7 +59,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[]) size_t fileSz = 0; #endif const char* outputFile = "keyblob.bin"; - + if (argc >= 2) { if (XSTRNCMP(argv[1], "-?", 2) == 0 || XSTRNCMP(argv[1], "-h", 2) == 0 || @@ -110,7 +112,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[]) (word32)tpmSession.handle.hndl); /* set session for authorization of the storage key */ - rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, + rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; } @@ -173,16 +175,23 @@ exit: } /******************************************************************************/ -/* --- END TPM Timestamp Test -- */ +/* --- END TPM Key Import / Blob Example -- */ /******************************************************************************/ +#endif /* !WOLFTPM2_NO_WRAPPER */ #ifndef NO_MAIN_DRIVER int main(int argc, char *argv[]) { - int rc; + int rc = NOT_COMPILED_IN; +#ifndef WOLFTPM2_NO_WRAPPER rc = TPM2_Keyimport_Example(NULL, argc, argv); +#else + printf("KeyImport code not compiled in\n"); + (void)argc; + (void)argv; +#endif return rc; } diff --git a/examples/keygen/keyload.c b/examples/keygen/keyload.c index 42d05f4..43bd1c5 100644 --- a/examples/keygen/keyload.c +++ b/examples/keygen/keyload.c @@ -39,6 +39,7 @@ #include +#ifndef WOLFTPM2_NO_WRAPPER /******************************************************************************/ /* --- BEGIN TPM Key Load Example -- */ /******************************************************************************/ @@ -111,7 +112,7 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[]) (word32)tpmSession.handle.hndl); /* set session for authorization of the storage key */ - rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, + rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; } @@ -191,16 +192,22 @@ exit: } /******************************************************************************/ -/* --- END TPM Timestamp Test -- */ +/* --- END TPM Key Load Example -- */ /******************************************************************************/ - +#endif /* !WOLFTPM2_NO_WRAPPER */ #ifndef NO_MAIN_DRIVER int main(int argc, char *argv[]) { - int rc; + int rc = NOT_COMPILED_IN; +#ifndef WOLFTPM2_NO_WRAPPER rc = TPM2_Keyload_Example(NULL, argc, argv); +#else + printf("KeyImport code not compiled in\n"); + (void)argc; + (void)argv; +#endif return rc; } diff --git a/examples/management/flush.c b/examples/management/flush.c index cb92873..5fe1c8c 100644 --- a/examples/management/flush.c +++ b/examples/management/flush.c @@ -30,7 +30,7 @@ #include #include /* atoi */ - +#ifndef WOLFTPM2_NO_WRAPPER /******************************************************************************/ /* --- BEGIN TPM2.0 Flush tool -- */ /******************************************************************************/ @@ -104,14 +104,20 @@ int TPM2_Flush_Tool(void* userCtx, int argc, char *argv[]) /******************************************************************************/ /* --- END TPM2.0 PCR Reset example tool -- */ /******************************************************************************/ - +#endif /* !WOLFTPM2_NO_WRAPPER */ #ifndef NO_MAIN_DRIVER int main(int argc, char *argv[]) { - int rc; + int rc = NOT_COMPILED_IN; +#ifndef WOLFTPM2_NO_WRAPPER rc = TPM2_Flush_Tool(NULL, argc, argv); +#else + printf("Flush tool not compiled in\n"); + (void)argc; + (void)argv; +#endif return rc; } diff --git a/examples/native/native_test.c b/examples/native/native_test.c index 1409f91..09e4ff4 100644 --- a/examples/native/native_test.c +++ b/examples/native/native_test.c @@ -486,7 +486,7 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[]) #ifndef WOLFTPM2_NO_WOLFCRYPT /* calculate session key */ sessionAuth.size = TPM2_GetHashDigestSize(cmdIn.authSes.authHash); - rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH", + rc = TPM2_KDFa(cmdIn.authSes.authHash, NULL, "ATH", &cmdOut.authSes.nonceTPM, &cmdIn.authSes.nonceCaller, sessionAuth.buffer, sessionAuth.size); if (rc != sessionAuth.size) { @@ -494,7 +494,6 @@ int TPM2_Native_TestArgs(void* userCtx, int argc, char *argv[]) rc = TPM_RC_FAILURE; goto exit; } - rc = TPM_RC_SUCCESS; #endif printf("TPM2_StartAuthSession: sessionHandle 0x%x\n", (word32)sessionHandle); @@ -1389,9 +1388,8 @@ exit: /* Shutdown */ cmdIn.shutdown.shutdownType = TPM_SU_CLEAR; - rc = TPM2_Shutdown(&cmdIn.shutdown); - if (rc != TPM_RC_SUCCESS) { - printf("TPM2_Shutdown failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); + if (TPM2_Shutdown(&cmdIn.shutdown) != TPM_RC_SUCCESS) { + printf("TPM2_Shutdown failed\n"); } TPM2_Cleanup(&tpm2Ctx); diff --git a/examples/pcr/quote.c b/examples/pcr/quote.c index 7a92ca2..ef0438b 100644 --- a/examples/pcr/quote.c +++ b/examples/pcr/quote.c @@ -162,7 +162,7 @@ int TPM2_Quote_Test(void* userCtx, int argc, char *argv[]) (word32)tpmSession.handle.hndl); /* set session for authorization of the storage key */ - rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, + rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; } diff --git a/examples/pkcs7/pkcs7.c b/examples/pkcs7/pkcs7.c index 0760499..7f313e6 100644 --- a/examples/pkcs7/pkcs7.c +++ b/examples/pkcs7/pkcs7.c @@ -329,7 +329,7 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[]) #endif rc = wolfTPM2_SetCryptoDevCb(&dev, wolfTPM2_CryptoDevCb, &tpmCtx, &tpmDevId); if (rc < 0) goto exit; - + /* get SRK */ rc = getPrimaryStoragekey(&dev, &storageKey, TPM_ALG_RSA); if (rc != 0) goto exit; diff --git a/examples/timestamp/clock_set.c b/examples/timestamp/clock_set.c index aad6c60..336e170 100644 --- a/examples/timestamp/clock_set.c +++ b/examples/timestamp/clock_set.c @@ -138,7 +138,7 @@ int TPM2_ClockSet_Test(void* userCtx, int argc, char *argv[]) #endif newClock = cmdOut.readClock.currentTime.clockInfo.clock; - printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n", + printf("\n\t oldClock=%lu \n\t newClock=%lu \n\n", (long unsigned int)oldClock, (long unsigned int)newClock); exit: diff --git a/examples/timestamp/signed_timestamp.c b/examples/timestamp/signed_timestamp.c index 2168d3b..447eff6 100644 --- a/examples/timestamp/signed_timestamp.c +++ b/examples/timestamp/signed_timestamp.c @@ -272,12 +272,14 @@ exit: #ifndef NO_MAIN_DRIVER int main(int argc, char *argv[]) { - int rc = -1; + int rc = NOT_COMPILED_IN; #ifndef WOLFTPM2_NO_WRAPPER rc = TPM2_Timestamp_TestArgs(NULL, argc, argv); #else printf("Wrapper code not compiled in\n"); + (void)argc; + (void)argv; #endif /* !WOLFTPM2_NO_WRAPPER */ return rc; diff --git a/examples/tls/tls_client.c b/examples/tls/tls_client.c index 3f26011..4f1658b 100644 --- a/examples/tls/tls_client.c +++ b/examples/tls/tls_client.c @@ -58,8 +58,8 @@ * * This example client connects to localhost on on port 11111 by default. * These can be overriden using `TLS_HOST` and `TLS_PORT`. - * - * By default this example will loads RSA keys unless RSA is disabled (NO_RSA) + * + * By default this example will loads RSA keys unless RSA is disabled (NO_RSA) * or the TLS_USE_ECC build option is used. * * You can validate using the wolfSSL example server this like: @@ -198,7 +198,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) (word32)tpmSession.handle.hndl); /* set session for authorization of the storage key */ - rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, + rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; } @@ -295,7 +295,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) rc = -1; goto exit; #endif /* !NO_RSA */ - } + } else { #ifdef HAVE_ECC if (wolfSSL_CTX_load_verify_locations(ctx, "./certs/ca-ecc-cert.pem", @@ -317,7 +317,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[]) #endif /* !NO_FILESYSTEM */ /* Client Key (Mutual Authentication) */ - /* Note: Client will not send a client certificate unless a private key is + /* Note: Client will not send a client certificate unless a private key is * set, so we use a fake "DUMMY" key tell wolfSSL to send certificate. * The crypto callback will detect use of the dummy key using myTpmCheckKey */ diff --git a/examples/tls/tls_server.c b/examples/tls/tls_server.c index a083c9e..57bd78b 100644 --- a/examples/tls/tls_server.c +++ b/examples/tls/tls_server.c @@ -50,12 +50,12 @@ * Run ./certs/certreq.sh * Result is: ./certs/server-rsa-cert.pem and ./certs/server-ecc-cert.pem * - * This example server listens on port 11111 by default, but can be set at + * This example server listens on port 11111 by default, but can be set at * build-time using `TLS_PORT`. * - * By default this example will loads RSA keys unless RSA is disabled (NO_RSA) + * By default this example will loads RSA keys unless RSA is disabled (NO_RSA) * or the TLS_USE_ECC build option is used. - * + * * You can validate using the wolfSSL example client this like: * ./examples/client/client -h localhost -p 11111 -g -d * @@ -210,10 +210,10 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[]) (word32)tpmSession.handle.hndl); /* set session for authorization of the storage key */ - rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, + rc = wolfTPM2_SetAuthSession(&dev, 1, &tpmSession, (TPMA_SESSION_decrypt | TPMA_SESSION_encrypt | TPMA_SESSION_continueSession)); if (rc != 0) goto exit; - } + } #ifndef NO_RSA if (!useECC) { diff --git a/examples/tpm_io.c b/examples/tpm_io.c index 2b0224d..afe2858 100644 --- a/examples/tpm_io.c +++ b/examples/tpm_io.c @@ -561,7 +561,7 @@ #define XSpiPs_RecvByte(BaseAddress) \ XSpiPs_In32((u32)((BaseAddress) + (u32)XSPIPS_RXD_OFFSET)) - /* Modified version of XSpiPs_PolledTransfer that allows enable and CS to + /* Modified version of XSpiPs_PolledTransfer that allows enable and CS to * be used across multiple transfers */ static s32 TPM2_IoCb_Xilinx_SPITransfer(XSpiPs *InstancePtr, u8 *SendBufPtr, u8 *RecvBufPtr, u32 ByteCount) @@ -585,10 +585,10 @@ /* Fill the TXFIFO with as many bytes as it will take (or as * many as we have to send). */ - while ((InstancePtr->RemainingBytes > (u32)0U) && + while ((InstancePtr->RemainingBytes > (u32)0U) && ((u32)TransCount < (u32)XSPIPS_FIFO_DEPTH)) { - XSpiPs_SendByte(InstancePtr->Config.BaseAddress, + XSpiPs_SendByte(InstancePtr->Config.BaseAddress, *InstancePtr->SendBufferPtr); InstancePtr->SendBufferPtr += 1; InstancePtr->RemainingBytes--; @@ -597,24 +597,24 @@ /* If master mode and manual start mode, issue manual start * command to start the transfer. */ - if ((XSpiPs_IsManualStart(InstancePtr) == TRUE) && + if ((XSpiPs_IsManualStart(InstancePtr) == TRUE) && (XSpiPs_IsMaster(InstancePtr) == TRUE)) { - ConfigReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress, + ConfigReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress, XSPIPS_CR_OFFSET); ConfigReg |= XSPIPS_CR_MANSTRT_MASK; - XSpiPs_WriteReg(InstancePtr->Config.BaseAddress, + XSpiPs_WriteReg(InstancePtr->Config.BaseAddress, XSPIPS_CR_OFFSET, ConfigReg); } /* Wait for the transfer to finish by polling Tx fifo status. */ CheckTransfer = (u32)0U; while (CheckTransfer == 0U) { - StatusReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress, + StatusReg = XSpiPs_ReadReg(InstancePtr->Config.BaseAddress, XSPIPS_SR_OFFSET); if ((StatusReg & XSPIPS_IXR_MODF_MASK) != 0U) { /* Clear the mode fail bit */ - XSpiPs_WriteReg(InstancePtr->Config.BaseAddress, + XSpiPs_WriteReg(InstancePtr->Config.BaseAddress, XSPIPS_SR_OFFSET, XSPIPS_IXR_MODF_MASK); return (s32)XST_SEND_ERROR; } @@ -661,14 +661,14 @@ if (SpiConfig == NULL) { return TPM_RC_FAILURE; } - status = XSpiPs_CfgInitialize(&SpiInstance, SpiConfig, + status = XSpiPs_CfgInitialize(&SpiInstance, SpiConfig, SpiConfig->BaseAddress); if (status != XST_SUCCESS) { return TPM_RC_FAILURE; } /* Set the SPI device as a master */ - XSpiPs_SetOptions(&SpiInstance, XSPIPS_MASTER_OPTION | + XSpiPs_SetOptions(&SpiInstance, XSPIPS_MASTER_OPTION | XSPIPS_FORCE_SSELECT_OPTION | XSPIPS_MANUAL_START_OPTION); XSpiPs_SetClkPrescaler(&SpiInstance, XSPIPS_CLK_PRESCALE_8); @@ -680,7 +680,7 @@ #ifdef WOLFTPM_CHECK_WAIT_STATE /* Send Header */ - status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance, + status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance, (byte*)txBuf, rxBuf, TPM_TIS_HEADER_SZ); if (status != XST_SUCCESS) { XSpiPs_SetSlaveSelect(&SpiInstance, 0xF); /* deselect CS (set high) */ @@ -692,7 +692,7 @@ if ((rxBuf[TPM_TIS_HEADER_SZ-1] & TPM_TIS_READY_MASK) == 0) { do { /* Check for SPI ready */ - status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance, + status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance, (byte*)txBuf, rxBuf, 1); if (status == XST_SUCCESS && rxBuf[0] & TPM_TIS_READY_MASK) break; @@ -714,7 +714,7 @@ xferSz - TPM_TIS_HEADER_SZ); #else /* Send Entire Message - no wait states */ - status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance, + status = TPM2_IoCb_Xilinx_SPITransfer(&SpiInstance, (byte*)txBuf, rxBuf, xferSz); #endif /* WOLFTPM_CHECK_WAIT_STATE */ if (status == XST_SUCCESS) { diff --git a/examples/tpm_test_keys.c b/examples/tpm_test_keys.c index 5f39562..1dcf732 100644 --- a/examples/tpm_test_keys.c +++ b/examples/tpm_test_keys.c @@ -33,6 +33,8 @@ #define RSA_FILENAME "rsa_test_blob.raw" #define ECC_FILENAME "ecc_test_blob.raw" +#ifndef WOLFTPM2_NO_WRAPPER + #if 0 static int writeKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key) @@ -150,7 +152,6 @@ static int readAndLoadKey(WOLFTPM2_DEV* pDev, return rc; } -#if !defined(WOLFTPM2_NO_WRAPPER) int getPrimaryStoragekey(WOLFTPM2_DEV* pDev, WOLFTPM2_KEY* pStorageKey, TPM_ALG_ID alg) @@ -161,7 +162,7 @@ int getPrimaryStoragekey(WOLFTPM2_DEV* pDev, rc = wolfTPM2_ReadPublicKey(pDev, pStorageKey, TPM2_DEMO_STORAGE_KEY_HANDLE); if (rc != 0) { /* Create primary storage key */ - rc = wolfTPM2_CreateSRK(pDev, pStorageKey, alg, + rc = wolfTPM2_CreateSRK(pDev, pStorageKey, alg, (byte*)gStorageKeyAuth, sizeof(gStorageKeyAuth)-1); #ifndef WOLFTPM_WINAPI if (rc == TPM_RC_SUCCESS) { @@ -262,4 +263,4 @@ int getECCkey(WOLFTPM2_DEV* pDev, return rc; } #endif /* HAVE_ECC */ -#endif /* !defined(WOLFTPM2_NO_WRAPPER) */ +#endif /* !WOLFTPM2_NO_WRAPPER */ diff --git a/examples/tpm_test_keys.h b/examples/tpm_test_keys.h index 8a51e1e..e0544a4 100644 --- a/examples/tpm_test_keys.h +++ b/examples/tpm_test_keys.h @@ -22,7 +22,7 @@ #ifndef _TPM_TEST_KEYS_H_ #define _TPM_TEST_KEYS_H_ -#if !defined(WOLFTPM2_NO_WRAPPER) +#ifndef WOLFTPM2_NO_WRAPPER #include #include diff --git a/src/tpm2.c b/src/tpm2.c index 574d1cd..27fe2a1 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -117,7 +117,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, TPM2_Packet_ParseU32(packet, &authSz); authPos = packet->pos; /* mark position for start of auth */ packet->pos += authSz; - + /* Mark parameter data */ param = &packet->buf[packet->pos]; paramSz = cmdSz - packet->pos; @@ -137,7 +137,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, } #ifdef WOLFTPM_DEBUG_VERBOSE - printf("CommandProcess: Handles (Auth %d, In %d), CmdSz %d, AuthSz %d, ParamSz %d, EncSz %d\n", + printf("CommandProcess: Handles (Auth %d, In %d), CmdSz %d, AuthSz %d, ParamSz %d, EncSz %d\n", info->authCnt, info->inHandleCnt, cmdSz, authSz, paramSz, encParamSz); #else (void)paramSz; @@ -149,7 +149,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, if (session->sessionHandle != TPM_RS_PW) { /* Generate fresh nonce */ - rc = TPM2_GetNonce(session->nonceCaller.buffer, + rc = TPM2_GetNonce(session->nonceCaller.buffer, session->nonceCaller.size); if (rc != TPM_RC_SUCCESS) { return rc; @@ -198,7 +198,7 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, } /* calculate "cpHash" hash for command code, names and parameters */ - rc = TPM2_CalcCpHash(session->authHash, cmdCode, &name1, + rc = TPM2_CalcCpHash(session->authHash, cmdCode, &name1, &name2, &name3, param, paramSz, &hash); if (rc != TPM_RC_SUCCESS) { #ifdef DEBUG_WOLFTPM @@ -208,8 +208,8 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, } /* Calculate HMAC for policy, hmac or salted sessions */ /* this is done after encryption */ - rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, - &session->nonceCaller, &session->nonceTPM, + rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, + &session->nonceCaller, &session->nonceTPM, authCmd.sessionAttributes, &authCmd.hmac); if (rc != TPM_RC_SUCCESS) { #ifdef DEBUG_WOLFTPM @@ -229,14 +229,14 @@ static int TPM2_CommandProcess(TPM2_CTX* ctx, TPM2_Packet* packet, return rc; } -static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, +static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, CmdInfo_t* info, TPM_CC cmdCode, UINT32 respSz) { int rc = TPM_RC_SUCCESS; BYTE *param, *decParam = NULL; UINT32 paramSz, decParamSz = 0, authPos; int i; - + /* Skip the header output handles */ packet->pos = TPM2_HEADER_SIZE + (info->outHandleCnt * sizeof(TPM_HANDLE)); @@ -280,7 +280,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, /* update nonceTPM */ if (authRsp.nonce.size > 0) { session->nonceTPM.size = authRsp.nonce.size; - XMEMCPY(session->nonceTPM.buffer, authRsp.nonce.buffer, + XMEMCPY(session->nonceTPM.buffer, authRsp.nonce.buffer, authRsp.nonce.size); } @@ -300,8 +300,8 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, } /* Calculate HMAC prior to decryption */ - rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, - &session->nonceTPM, &session->nonceCaller, + rc = TPM2_CalcHmac(session->authHash, &session->auth, &hash, + &session->nonceTPM, &session->nonceCaller, authRsp.sessionAttributes, &hmac); if (rc != TPM_RC_SUCCESS) { #ifdef DEBUG_WOLFTPM @@ -311,7 +311,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, } /* Verify HMAC */ - if (hmac.size != authRsp.hmac.size || + if (hmac.size != authRsp.hmac.size || XMEMCMP(hmac.buffer, authRsp.hmac.buffer, hmac.size) != 0) { #ifdef DEBUG_WOLFTPM printf("Response HMAC verification failed!\n"); @@ -339,7 +339,7 @@ static int TPM2_ResponseProcess(TPM2_CTX* ctx, TPM2_Packet* packet, return rc; } -static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet, +static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet, CmdInfo_t* info) { TPM_RC rc = TPM_RC_FAILURE; @@ -370,7 +370,7 @@ static TPM_RC TPM2_SendCommandAuth(TPM2_CTX* ctx, TPM2_Packet* packet, #ifdef WOLFTPM_DEBUG_VERBOSE printf("Found %d auth sessions\n", info->authCnt); #endif - + rc = TPM2_CommandProcess(ctx, packet, info, cmdCode, cmdSz); if (rc != 0) return rc; @@ -2001,7 +2001,7 @@ TPM_RC TPM2_ZGen_2Phase(ZGen_2Phase_In* in, ZGen_2Phase_Out* out) return rc; } -/* Deprecated version, use TPM2_EncryptDecrypt2 because it allows +/* Deprecated version, use TPM2_EncryptDecrypt2 because it allows encryption of the input data */ TPM_RC TPM2_EncryptDecrypt(EncryptDecrypt_In* in, EncryptDecrypt_Out* out) { diff --git a/src/tpm2_param_enc.c b/src/tpm2_param_enc.c index 3114453..66375c5 100644 --- a/src/tpm2_param_enc.c +++ b/src/tpm2_param_enc.c @@ -192,7 +192,7 @@ exit: /* Perform XOR encryption over the first parameter of a TPM packet */ static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, - TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, + TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, UINT32 paramSz) { int rc = TPM_RC_FAILURE; @@ -227,7 +227,7 @@ static int TPM2_ParamEnc_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, /* Perform XOR decryption over the first parameter of a TPM packet */ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, - TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, + TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, UINT32 paramSz) { int rc = TPM_RC_FAILURE; @@ -240,7 +240,7 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, /* Generate XOR Mask stream matching paramater size */ XMEMSET(mask.buffer, 0, sizeof(mask.buffer)); - rc = TPM2_KDFa(session->authHash, (TPM2B_DATA*)keyIn, "XOR", + rc = TPM2_KDFa(session->authHash, (TPM2B_DATA*)keyIn, "XOR", nonceTPM, nonceCaller, mask.buffer, paramSz); if ((UINT32)rc != paramSz) { #ifdef DEBUG_WOLFTPM @@ -262,7 +262,7 @@ static int TPM2_ParamDec_XOR(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, #ifdef WOLFSSL_AES_CFB /* Perform AES CFB encryption over the first parameter of a TPM packet */ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, - TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, + TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, UINT32 paramSz) { int rc = TPM_RC_FAILURE; @@ -307,7 +307,7 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, /* Perform AES CFB decryption over the first parameter of a TPM packet */ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, - TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, + TPM2B_NONCE* nonceCaller, TPM2B_NONCE* nonceTPM, BYTE *paramData, UINT32 paramSz) { int rc = TPM_RC_FAILURE; @@ -358,7 +358,7 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn, #ifndef WOLFTPM2_NO_WOLFCRYPT /* Compute the command parameter hash */ /* TCG TPM 2.0 Part 1 - 18.7 Command Parameter Hash cpHash */ -int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, +int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash) { @@ -408,7 +408,7 @@ int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, /* Compute the response parameter hash */ /* TCG TPM 2.0 Part 1 - 18.8 Response Parameter Hash rpHash */ -int TPM2_CalcRpHash(TPMI_ALG_HASH authHash, +int TPM2_CalcRpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash) { int rc; @@ -430,7 +430,7 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash, /* Hash Response Code - HMAC only calculated with success - always 0 */ ccSwap = 0; rc = wc_HashUpdate(&hash_ctx, hashType, (byte*)&ccSwap, sizeof(ccSwap)); - + /* Hash Command Code */ if (rc == 0) { ccSwap = TPM2_Packet_SwapU32(cmdCode); @@ -457,8 +457,8 @@ int TPM2_CalcRpHash(TPMI_ALG_HASH authHash, /* Compute the HMAC using cpHash, nonces and session attributes */ /* TCG TPM 2.0 Part 1 - 19.6.5 - HMAC Computation */ -int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth, - const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew, +int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth, + const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew, const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes, TPM2B_AUTH* hmac) { @@ -544,7 +544,7 @@ TPM_RC TPM2_ParamEnc_CmdRequest(TPM2_AUTH_SESSION *session, &session->nonceTPM, paramData, paramSz); } #ifdef WOLFSSL_AES_CFB - else if (session->symmetric.algorithm == TPM_ALG_AES && + else if (session->symmetric.algorithm == TPM_ALG_AES && session->symmetric.mode.aes == TPM_ALG_CFB) { rc = TPM2_ParamEnc_AESCFB(session, &session->auth, &session->nonceCaller, &session->nonceTPM, paramData, paramSz); diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index a9c05db..af20660 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -370,7 +370,7 @@ int wolfTPM2_GetCapabilities(WOLFTPM2_DEV* dev, WOLFTPM2_CAPS* cap) } int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index, - TPM_HANDLE sessionHandle, const TPM2B_AUTH* auth, + TPM_HANDLE sessionHandle, const TPM2B_AUTH* auth, TPMA_SESSION sessionAttributes, const TPM2B_NAME* name) { TPM2_AUTH_SESSION* session; @@ -397,13 +397,13 @@ int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index, return TPM_RC_SUCCESS; } -int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index, +int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index, const TPM2B_AUTH* auth) { return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, NULL); } -int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, +int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle) { const TPM2B_AUTH* auth = NULL; @@ -415,7 +415,7 @@ int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, name); } -int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index, +int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes) { int rc; @@ -444,7 +444,7 @@ int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index, /* Capture TPM provided nonce */ session->nonceTPM.size = tpmSession->nonceTPM.size; - XMEMCPY(session->nonceTPM.buffer, tpmSession->nonceTPM.buffer, + XMEMCPY(session->nonceTPM.buffer, tpmSession->nonceTPM.buffer, session->nonceTPM.size); } return rc; @@ -657,7 +657,7 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session, authSesIn.symmetric.keyBits.aes = 128; authSesIn.symmetric.mode.aes = TPM_ALG_CFB; } - else + else #endif if (encDecAlg == TPM_ALG_XOR) { authSesIn.symmetric.algorithm = TPM_ALG_XOR; @@ -708,10 +708,10 @@ int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session, XMEMCPY(&keyIn.buffer[keyIn.size], session->salt.buffer, session->salt.size); keyIn.size += session->salt.size; } - + if (keyIn.size > 0) { session->handle.auth.size = hashDigestSz; - rc = TPM2_KDFa(authSesIn.authHash, &keyIn, "ATH", + rc = TPM2_KDFa(authSesIn.authHash, &keyIn, "ATH", &authSesOut.nonceTPM, &authSesIn.nonceCaller, session->handle.auth.buffer, session->handle.auth.size); if (rc != hashDigestSz) { @@ -845,7 +845,7 @@ int wolfTPM2_ChangeAuthKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, /* set session auth for parent key */ wolfTPM2_SetAuthHandle(dev, 0, parent); - + /* Load new key */ XMEMSET(&loadIn, 0, sizeof(loadIn)); loadIn.parentHandle = parent->hndl; @@ -910,7 +910,7 @@ int wolfTPM2_CreateKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEYBLOB* keyBlob, } #ifdef DEBUG_WOLFTPM - printf("TPM2_Create key: pub %d, priv %d\n", + printf("TPM2_Create key: pub %d, priv %d\n", createOut.outPublic.size, createOut.outPrivate.size); TPM2_PrintBin(createOut.outPrivate.buffer, createOut.outPrivate.size); #endif @@ -1215,7 +1215,7 @@ int wolfTPM2_SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv, } /* Import external private key */ -int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey, +int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey, WOLFTPM2_KEYBLOB* keyBlob, const TPM2B_PUBLIC* pub, TPM2B_SENSITIVE* sens) { int rc; @@ -1530,12 +1530,12 @@ int wolfTPM2_LoadEccPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey, } XMEMCPY(&keyBlob, key, sizeof(WOLFTPM2_KEY)); - rc = wolfTPM2_ImportEccPrivateKey(dev, parentKey, &keyBlob, curveId, + rc = wolfTPM2_ImportEccPrivateKey(dev, parentKey, &keyBlob, curveId, eccPubX, eccPubXSz, eccPubY, eccPubYSz, eccPriv, eccPrivSz); if (rc == 0) { rc = wolfTPM2_LoadKey(dev, &keyBlob, (WOLFTPM2_HANDLE*)&parentKey->handle); } - + /* return loaded key */ XMEMCPY(key, &keyBlob, sizeof(WOLFTPM2_KEY)); @@ -2422,7 +2422,7 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int hashAlg, byte* digest, if (dev == NULL) return BAD_FUNC_ARG; - + /* set session auth to blank */ if (dev->ctx.session) { wolfTPM2_SetAuthPassword(dev, 0, NULL); @@ -2599,7 +2599,7 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv, if (dev == NULL || nv == NULL) return BAD_FUNC_ARG; - + /* set session auth for key */ if (dev->ctx.session) { wolfTPM2_SetAuthHandle(dev, 0, &nv->handle); @@ -2659,7 +2659,7 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv, if (dev == NULL || nv == NULL || pDataSz == NULL) return BAD_FUNC_ARG; - + /* set session auth for key */ if (dev->ctx.session) { wolfTPM2_SetAuthHandle(dev, 0, &nv->handle); @@ -2903,6 +2903,7 @@ int wolfTPM2_HashStart(WOLFTPM2_DEV* dev, WOLFTPM2_HASH* hash, /* Capture usage auth */ if (usageAuthSz > sizeof(hash->handle.auth.buffer)) usageAuthSz = sizeof(hash->handle.auth.buffer); + XMEMSET(hash, 0, sizeof(WOLFTPM2_HASH)); hash->handle.auth.size = usageAuthSz; XMEMCPY(hash->handle.auth.buffer, usageAuth, usageAuthSz); @@ -3632,6 +3633,10 @@ int wolfTPM2_GetKeyTemplate_Symmetric(TPMT_PUBLIC* publicTemplate, int keyBits, if (publicTemplate == NULL) return BAD_FUNC_ARG; +#ifdef WOLFTPM_MCHP + isSign = 0; /* Microchip TPM does not like "sign" set for symmetric keys */ +#endif + XMEMSET(publicTemplate, 0, sizeof(TPMT_PUBLIC)); publicTemplate->type = TPM_ALG_SYMCIPHER; publicTemplate->nameAlg = WOLFTPM2_WRAP_DIGEST; diff --git a/wolftpm/tpm2_param_enc.h b/wolftpm/tpm2_param_enc.h index 1573ba5..7966636 100644 --- a/wolftpm/tpm2_param_enc.h +++ b/wolftpm/tpm2_param_enc.h @@ -35,13 +35,13 @@ WOLFTPM_API int TPM2_KDFa( BYTE *key, UINT32 keySz ); -WOLFTPM_LOCAL int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth, - const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew, +WOLFTPM_LOCAL int TPM2_CalcHmac(TPMI_ALG_HASH authHash, TPM2B_AUTH* auth, + const TPM2B_DIGEST* hash, const TPM2B_NONCE* nonceNew, const TPM2B_NONCE* nonceOld, TPMA_SESSION sessionAttributes, TPM2B_AUTH* hmac); -WOLFTPM_LOCAL int TPM2_CalcRpHash(TPMI_ALG_HASH authHash, +WOLFTPM_LOCAL int TPM2_CalcRpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash); -WOLFTPM_LOCAL int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, +WOLFTPM_LOCAL int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode, TPM2B_NAME* name1, TPM2B_NAME* name2, TPM2B_NAME* name3, BYTE* param, UINT32 paramSz, TPM2B_DIGEST* hash); diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h index d7d3891..ff8af90 100644 --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -136,7 +136,7 @@ WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index, const TPM2B_NAME* name); WOLFTPM_API int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index, const TPM2B_AUTH* auth); WOLFTPM_API int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle); -WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index, +WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes); WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, @@ -167,7 +167,7 @@ WOLFTPM_API int wolfTPM2_ImportPrivateKey(WOLFTPM2_DEV* dev, WOLFTPM_API int wolfTPM2_LoadRsaPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, const byte* rsaPub, word32 rsaPubSz, word32 exponent); WOLFTPM_API int wolfTPM2_LoadRsaPublicKey_ex(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, - const byte* rsaPub, word32 rsaPubSz, word32 exponent, + const byte* rsaPub, word32 rsaPubSz, word32 exponent, TPMI_ALG_RSA_SCHEME scheme, TPMI_ALG_HASH hashAlg); WOLFTPM_API int wolfTPM2_ImportRsaPrivateKey(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* parentKey, WOLFTPM2_KEYBLOB* keyBlob,