From b5533de7fb8bef89575a24a01378da6ad8d6d2b2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Sat, 24 Feb 2018 18:04:42 -0800 Subject: [PATCH] Working ECC and HMAC key gen. Working SHA256 example. FIxes for ECC public params. --- README.md | 713 +++++++++++++++++++++++++++++++++++---- examples/tpm/tpm2_demo.c | 194 +++++------ src/tpm2.c | 143 +++++--- 3 files changed, 853 insertions(+), 197 deletions(-) diff --git a/README.md b/README.md index 97a2b83..dda476e 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,11 @@ sudo make install ## Platform -This example was written for use on Raspberry Pi® 3 or the STM32 with the CubeMX HAL. This was tested using the Infineon OPTIGATM Trusted Platform Module 2.0 SLB 9670. +This example was written for use on Raspberry Pi® 3 or the STM32 with the CubeMX HAL. This was tested using the Infineon OPTIGA (TM) Trusted Platform Module 2.0 SLB 9670. + +The Raspberry 3 uses the native `spi_dev` interface and defaults to `/dev/spidev0.1`. If you are running the Infineon patches it overrides the kernel SPI interface with their `spi_tis_dev`, which currently causes this demo to fail. + +This has only been tested and confirmed working with Rasbian 4.4.x. To add additional SPI hardware support insert your own interface call in `tpm2_demo.c` for the `TPM2_IoCb` function. @@ -31,7 +35,6 @@ To add additional SPI hardware support insert your own interface call in `tpm2_d ``` ./examples/tpm/tpm_demo -TPM 2.0 Test TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10 TPM2_Startup pass TPM2_SelfTest pass @@ -40,31 +43,45 @@ TPM2_IncrementalSelfTest: Rc 0x0, Alg 0x1 (Todo 0) TPM2_GetCapability: Property FamilyIndicator 0x322e3000 TPM2_GetCapability: Property PCR Count 24 TPM2_GetRandom: Got 32 bytes -TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 1, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 2, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 3, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 4, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 5, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 6, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 7, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 8, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 9, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 10, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 11, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 12, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 13, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 14, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 15, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 16, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 17, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 18, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 19, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 20, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 21, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 22, Digest Sz 32, Update Counter 20 -TPM2_PCR_Read: Index 23, Digest Sz 32, Update Counter 20 -TPM 2.0 Test: Return code 0 +TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 1, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 2, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 3, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 4, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 5, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 6, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 7, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 8, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 9, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 10, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 11, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 12, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 13, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 14, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 15, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 16, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 17, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 18, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 19, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 20, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 21, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 22, Digest Sz 32, Update Counter 32 +TPM2_PCR_Read: Index 23, Digest Sz 32, Update Counter 32 +TPM2_PCR_Extend success +TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 33 +TPM2_StartAuthSession: sessionHandle 0x3000000 +TPM2_PolicyGetDigest: size 32 +wc_Hash of PCR[0]: size 32 +TPM2_PolicyPCR: Updated +TPM2_FlushContext: Closed sessionHandle 0x3000000 +TPM2_HashSequenceStart: sequenceHandle 0x80000000 +Hash SHA256 test success +TPM2_CreatePrimary: Endorsement 0x80000000 (314 bytes) +TPM2_CreatePrimary: Platform 0x80000001 (282 bytes) +Create HMAC-SHA256 Key success, public 48, Private 141 +TPM2_Load New HMAC Key Handle 0x80000002 +TPM2_Create: New ECC Key: pub 88, priv 126 +TPM2_Load New ECC Key Handle 0x80000002 ``` @@ -72,92 +89,668 @@ TPM 2.0 Test: Return code 0 ``` ./examples/tpm/tpm_demo -TPM 2.0 Test +wolfSSL Entering wolfCrypt_Init TPM2: Caps 0x30000697, Did 0x001b, Vid 0x15d1, Rid 0x10 +Command: 12 + 80 01 00 00 00 0c 00 00 01 44 00 00 | .........D.. +Response: 10 + 80 01 00 00 00 0a 00 00 01 00 | .......... TPM2_Startup pass +Command: 11 + 80 01 00 00 00 0b 00 00 01 43 01 | .........C. +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... TPM2_SelfTest pass +Command: 10 + 80 01 00 00 00 0a 00 00 01 7c | .........| +Response: 26 + 80 01 00 00 00 1a 00 00 00 00 00 0a 00 01 f9 db | ................ + 00 00 00 00 00 00 00 00 00 00 | .......... TPM2_GetTestResult: Size 10, Rc 0x0 00 01 f9 db 00 00 00 00 00 00 | .......... +Command: 16 + 80 01 00 00 00 10 00 00 01 42 00 00 00 01 00 01 | .........B...... +Response: 14 + 80 01 00 00 00 0e 00 00 00 00 00 00 00 00 | .............. TPM2_IncrementalSelfTest: Rc 0x0, Alg 0x1 (Todo 0) +Command: 22 + 80 01 00 00 00 16 00 00 01 7a 00 00 00 06 00 00 | .........z...... + 01 00 00 00 00 01 | ...... +Response: 27 + 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 | ................ + 00 00 01 00 00 01 00 32 2e 30 00 | .......2.0. TPM2_GetCapability: Property FamilyIndicator 0x322e3000 +Command: 22 + 80 01 00 00 00 16 00 00 01 7a 00 00 00 06 00 00 | .........z...... + 01 12 00 00 00 01 | ...... +Response: 27 + 80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 | ................ + 00 00 01 00 00 01 12 00 00 00 18 | ........... TPM2_GetCapability: Property PCR Count 24 +Command: 12 + 80 01 00 00 00 0c 00 00 01 7b 00 20 | .........{. +Response: 44 + 80 01 00 00 00 2c 00 00 00 00 00 20 49 f5 c5 a7 | .....,..... I... + 15 2c b1 df ec 04 ea 02 4a 4b 5d da c3 8b ef 43 | .,......JK]....C + 5d e0 3a 11 ca 0f be ef 68 4d c6 fd | ].:.....hM.. TPM2_GetRandom: Got 32 bytes - ab 37 21 9f 63 7b 16 3a 5f 99 c2 d3 3a 64 16 ea | .7!.c{.:_...:d.. - b4 e8 5f 9e 93 f6 63 3b af da c6 a7 8a df 78 b2 | .._...c;......x. -TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 20 + 49 f5 c5 a7 15 2c b1 df ec 04 ea 02 4a 4b 5d da | I....,......JK]. + c3 8b ef 43 5d e0 3a 11 ca 0f be ef 68 4d c6 fd | ...C].:.....hM.. +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 01 00 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 01 00 00 00 00 00 01 00 20 af 2d | ............. .- + 52 41 db 47 4d 14 3b 2e 13 e5 a5 56 dc 40 97 0c | RA.GM.;....V.@.. + 58 34 c0 54 f0 16 f2 a2 ff be fc a3 89 18 | X4.T.......... +TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 31 + af 2d 52 41 db 47 4d 14 3b 2e 13 e5 a5 56 dc 40 | .-RA.GM.;....V.@ + 97 0c 58 34 c0 54 f0 16 f2 a2 ff be fc a3 89 18 | ..X4.T.......... +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 02 00 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 02 00 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 1, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 1, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 04 00 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 04 00 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 2, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 2, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 08 00 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 08 00 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 3, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 3, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 10 00 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 10 00 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 4, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 4, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 20 00 00 | . .. +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 20 00 00 00 00 00 01 00 20 00 00 | ..... ....... .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 5, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 5, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 40 00 00 | .@.. +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 40 00 00 00 00 00 01 00 20 00 00 | .....@....... .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 6, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 6, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 80 00 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 80 00 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 7, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 7, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 01 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 01 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 8, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 8, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 02 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 02 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 9, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 9, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 04 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 04 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 10, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 10, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 08 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 08 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 11, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 11, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 10 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 10 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 12, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 12, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 20 00 | .. . +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 20 00 00 00 00 01 00 20 00 00 | ...... ...... .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 13, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 13, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 40 00 | ..@. +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 40 00 00 00 00 01 00 20 00 00 | ......@...... .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 14, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 14, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 80 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 80 00 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 15, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 15, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 01 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 01 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 16, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 16, Digest Sz 32, Update Counter 20 - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ - 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 17, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 02 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 02 00 00 00 01 00 20 ff ff | ............. .. + ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ + ff ff ff ff ff ff ff ff ff ff ff ff ff ff | .............. +TPM2_PCR_Read: Index 17, Digest Sz 32, Update Counter 31 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ -TPM2_PCR_Read: Index 18, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 04 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 04 00 00 00 01 00 20 ff ff | ............. .. + ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ + ff ff ff ff ff ff ff ff ff ff ff ff ff ff | .............. +TPM2_PCR_Read: Index 18, Digest Sz 32, Update Counter 31 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ -TPM2_PCR_Read: Index 19, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 08 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 08 00 00 00 01 00 20 ff ff | ............. .. + ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ + ff ff ff ff ff ff ff ff ff ff ff ff ff ff | .............. +TPM2_PCR_Read: Index 19, Digest Sz 32, Update Counter 31 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ -TPM2_PCR_Read: Index 20, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 10 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 10 00 00 00 01 00 20 ff ff | ............. .. + ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ + ff ff ff ff ff ff ff ff ff ff ff ff ff ff | .............. +TPM2_PCR_Read: Index 20, Digest Sz 32, Update Counter 31 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ -TPM2_PCR_Read: Index 21, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 20 | ... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 20 00 00 00 01 00 20 ff ff | ....... ..... .. + ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ + ff ff ff ff ff ff ff ff ff ff ff ff ff ff | .............. +TPM2_PCR_Read: Index 21, Digest Sz 32, Update Counter 31 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ -TPM2_PCR_Read: Index 22, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 40 | ...@ +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 40 00 00 00 01 00 20 ff ff | .......@..... .. + ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ + ff ff ff ff ff ff ff ff ff ff ff ff ff ff | .............. +TPM2_PCR_Read: Index 22, Digest Sz 32, Update Counter 31 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff | ................ -TPM2_PCR_Read: Index 23, Digest Sz 32, Update Counter 20 +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 00 00 80 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 1f 00 00 | .....>.......... + 00 01 00 0b 03 00 00 80 00 00 00 01 00 20 00 00 | ............. .. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | .............. +TPM2_PCR_Read: Index 23, Digest Sz 32, Update Counter 31 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ -TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 21 - bb 22 75 c4 9f 28 ad 52 ca e6 d5 5e 34 a9 74 a5 | ."u..(.R...^4.t. - 8c 7a 3b a2 6f 97 6e 8e cb be 7a 53 69 18 dc 73 | .z;.o.n...zSi..s -TPM 2.0 Test: Return code 0 +Command: 65 + 80 02 00 00 00 41 00 00 01 82 00 00 00 00 00 00 | .....A.......... + 00 09 40 00 00 09 00 00 01 00 00 00 00 00 01 00 | ..@............. + 0b 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e | ................ + 0f 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e | ................ + 1f | . +Response: 19 + 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 | ................ + 01 00 00 | ... +TPM2_PCR_Extend success +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 0b | .........~...... + 03 01 00 00 | .... +Response: 62 + 80 01 00 00 00 3e 00 00 00 00 00 00 00 20 00 00 | .....>....... .. + 00 01 00 0b 03 01 00 00 00 00 00 01 00 20 3f fd | ............. ?. + ef 5a fa 34 94 6a db d1 42 63 c3 61 37 f1 7e 0b | .Z.4.j..Bc.a7.~. + ac aa 2e de 59 be b5 33 f2 3a 3e d8 59 9f | ....Y..3.:>.Y. +TPM2_PCR_Read: Index 0, Digest Sz 32, Update Counter 32 + 3f fd ef 5a fa 34 94 6a db d1 42 63 c3 61 37 f1 | ?..Z.4.j..Bc.a7. + 7e 0b ac aa 2e de 59 be b5 33 f2 3a 3e d8 59 9f | ~.....Y..3.:>.Y. +Command: 59 + 80 01 00 00 00 3b 00 00 01 76 40 00 00 07 40 00 | .....;...v@...@. + 00 07 00 20 0b a3 95 cf 10 ae 5a e0 4e 49 ef 1a | ... ......Z.NI.. + f8 34 ca 6b 09 03 dd 5c ba 46 28 e6 95 ce aa 0e | .4.k...\.F(..... + 87 e2 20 22 00 00 01 00 10 00 0b | .. "....... +Response: 48 + 80 01 00 00 00 30 00 00 00 00 03 00 00 00 00 20 | .....0......... + 72 60 d3 03 04 7c f1 47 86 05 ca 2c fa 13 2e 4f | r`...|.G...,...O + 19 5b df a8 4a e7 19 0d fc 3e 24 bf 1c 30 ef 90 | .[..J....>$..0.. +TPM2_StartAuthSession: sessionHandle 0x3000000 +Command: 14 + 80 01 00 00 00 0e 00 00 01 89 03 00 00 00 | .............. +Response: 44 + 80 01 00 00 00 2c 00 00 00 00 00 20 00 00 00 00 | .....,..... .... + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 | ............ +TPM2_PolicyGetDigest: size 32 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ +Command: 20 + 80 01 00 00 00 14 00 00 01 7e 00 00 00 01 00 04 | .........~...... + 03 01 00 00 | .... +Response: 50 + 80 01 00 00 00 32 00 00 00 00 00 00 00 20 00 00 | .....2....... .. + 00 01 00 04 03 01 00 00 00 00 00 01 00 14 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 | .. +TPM2_PCR_Read: Index 0, Digest Sz 20, Update Counter 32 + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 | .... +wc_Hash of PCR[0]: size 32 + de 47 c9 b2 7e b8 d3 00 db b5 f2 c3 53 e6 32 c3 | .G..~.......S.2. + 93 26 2c f0 63 40 c4 fa 7f 1b 40 c4 cb d3 6f 90 | .&,.c@....@...o. +Command: 58 + 80 01 00 00 00 3a 00 00 01 7f 03 00 00 00 00 20 | .....:......... + de 47 c9 b2 7e b8 d3 00 db b5 f2 c3 53 e6 32 c3 | .G..~.......S.2. + 93 26 2c f0 63 40 c4 fa 7f 1b 40 c4 cb d3 6f 90 | .&,.c@....@...o. + 00 00 00 01 00 04 03 01 00 00 | .......... +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... +TPM2_PolicyPCR: Updated +Command: 14 + 80 01 00 00 00 0e 00 00 01 65 03 00 00 00 | .........e.... +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... +TPM2_FlushContext: Closed sessionHandle 0x3000000 +Command: 36 + 80 01 00 00 00 24 00 00 01 86 00 16 54 68 69 73 | .....$......This + 49 73 41 53 65 63 72 65 74 55 73 61 67 65 41 75 | IsASecretUsageAu + 74 68 00 0b | th.. +Response: 14 + 80 01 00 00 00 0e 00 00 00 00 80 00 00 00 | .............. +TPM2_HashSequenceStart: sequenceHandle 0x80000000 +Command: 107 + 80 02 00 00 00 6b 00 00 01 5c 80 00 00 00 00 00 | .....k...\...... + 00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI + 73 41 53 65 63 72 65 74 55 73 61 67 65 41 75 74 | sASecretUsageAut + 68 00 38 61 62 63 64 62 63 64 65 63 64 65 66 64 | h.8abcdbcdecdefd + 65 66 67 65 66 67 68 66 67 68 69 67 68 69 6a 68 | efgefghfghighijh + 69 6a 6b 69 6a 6b 6c 6a 6b 6c 6d 6b 6c 6d 6e 6c | ijkijkljklmklmnl + 6d 6e 6f 6d 6e 6f 70 6e 6f 70 71 | mnomnopnopq +Response: 19 + 80 02 00 00 00 13 00 00 00 00 00 00 00 00 00 00 | ................ + 01 00 00 | ... +Command: 55 + 80 02 00 00 00 37 00 00 01 3e 80 00 00 00 00 00 | .....7...>...... + 00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI + 73 41 53 65 63 72 65 74 55 73 61 67 65 41 75 74 | sASecretUsageAut + 68 00 00 40 00 00 07 | h..@... +Response: 61 + 80 02 00 00 00 3d 00 00 00 00 00 00 00 2a 00 20 | .....=.......*. + 24 8d 6a 61 d2 06 38 b8 e5 c0 26 93 0c 3e 60 39 | $.ja..8...&..>`9 + a3 3c e4 59 64 ff 21 67 f6 ec ed d4 19 db 06 c1 | .<.Yd.!g........ + 80 24 40 00 00 07 00 00 00 00 01 00 00 | .$@.......... +Hash SHA256 test success +Command: 355 + 80 02 00 00 01 63 00 00 01 31 40 00 00 0b 00 00 | .....c...1@..... + 00 09 40 00 00 09 00 00 01 00 00 00 04 00 00 00 | ..@............. + 00 01 3a 00 01 00 0b 00 03 00 b2 00 20 83 71 97 | ..:......... .q. + 67 44 84 b3 f8 1a 90 cc 8d 46 a5 d7 24 fd 52 d7 | gD.......F..$.R. + 6e 06 52 0b 64 f2 a1 da 1b 33 14 69 aa 00 06 00 | n.R.d....3.i.... + 80 00 43 00 10 08 00 00 00 00 00 01 00 00 00 00 | ..C............. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 | ... +Response: 506 + 80 02 00 00 01 fa 00 00 00 00 80 00 00 00 00 00 | ................ + 01 e3 01 3a 00 01 00 0b 00 03 00 b2 00 20 83 71 | ...:......... .q + 97 67 44 84 b3 f8 1a 90 cc 8d 46 a5 d7 24 fd 52 | .gD.......F..$.R + d7 6e 06 52 0b 64 f2 a1 da 1b 33 14 69 aa 00 06 | .n.R.d....3.i... + 00 80 00 43 00 10 08 00 00 00 00 00 01 00 b1 03 | ...C............ + a5 d0 6f 7d ed 90 50 a5 42 6c 8e aa 03 23 a8 8d | ..o}..P.Bl...#.. + 53 7b 92 bb 8a 2f 82 68 43 5c f7 d3 1f bf 58 4a | S{.../.hC\....XJ + d8 58 c4 ca c2 d6 e7 dd 06 41 e5 b2 fa 05 18 40 | .X.......A.....@ + ce 76 e3 e9 0b b5 3a 51 38 8c 62 2b 20 9a 69 e0 | .v....:Q8.b+ .i. + 2e a2 c7 08 2a 6a 37 79 a2 55 4d b8 6e 4b b1 67 | ....*j7y.UM.nK.g + 91 5b e2 52 18 10 23 d4 a9 2b 5f a2 f1 46 99 51 | .[.R..#..+_..F.Q + 40 19 6b a4 27 f4 24 60 eb cc 0f 05 e6 d4 be c2 | @.k.'.$`........ + 92 07 50 2b 9c 53 5c 37 0c 98 9c 74 5a 6c 60 b3 | ..P+.S\7...tZl`. + 21 d9 6e d9 f3 14 83 64 68 6e 50 2d 3f c0 17 ee | !.n....dhnP-?... + 84 3c 59 5e 48 0a 99 18 bc cc 29 d5 1b 9c 68 5a | .'.(.QX^].f..! + 83 5e d6 01 27 ef fc 05 d4 80 21 40 00 00 0b 00 | .^..'.....!@.... + 20 b1 a1 dc 60 e2 43 da be b3 7d b7 ac 00 20 4e | ...`.C...}... N + c0 47 35 0c 37 f1 da 50 f2 2e e8 d3 98 c1 03 d7 | .G5.7..P........ + 9b 00 22 00 0b 9d e5 de 24 3a a7 c8 73 c5 aa af | ..".....$:..s... + 8d 7c af eb c5 17 f3 a6 bd f7 36 ca bd af 29 20 | .|........6...) + 91 5a 12 f6 7c 00 00 01 00 00 | .Z..|..... +TPM2_CreatePrimary: Endorsement 0x80000000 (314 bytes) +Command: 338 + 80 02 00 00 01 52 00 00 01 31 40 00 00 0b 00 00 | .....R...1@..... + 00 09 40 00 00 09 00 00 01 00 00 00 13 00 0f 57 | ..@............W + 6f 6c 66 54 50 4d 50 6c 61 74 50 73 77 64 00 00 | olfTPMPlatPswd.. + 01 1a 00 01 00 0b 00 03 04 72 00 00 00 06 00 80 | .........r...... + 00 43 00 10 08 00 00 00 00 00 01 00 00 00 00 00 | .C.............. + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ + 00 00 | .. +Response: 474 + 80 02 00 00 01 da 00 00 00 00 80 00 00 01 00 00 | ................ + 01 c3 01 1a 00 01 00 0b 00 03 04 72 00 00 00 06 | ...........r.... + 00 80 00 43 00 10 08 00 00 00 00 00 01 00 ac 83 | ...C............ + 2a 7a 3f 2c 43 f3 57 95 ec 89 d2 db 6f 7d a8 2c | *z?,C.W.....o}., + 0a 72 e7 36 0c a5 4b bf b4 a8 8e 99 d1 f1 e3 2a | .r.6..K........* + 2e 54 d9 93 e6 38 ae 0d c2 d5 7a 1b c1 41 29 20 | .T...8....z..A) + 01 0d a8 e9 71 f0 ab 8a d3 8e 7e 41 93 ea b1 bd | ....q.....~A.... + 69 10 37 cb 8f ca 17 c7 77 ad 28 df a4 22 b3 98 | i.7.....w.(..".. + 3b 32 83 46 a1 f1 5a d7 5c 10 1d 74 cb e4 4a 14 | ;2.F..Z.\..t..J. + c8 2d 25 e6 36 ca d2 cc 07 63 16 76 7c 0d 73 93 | .-%.6....c.v|.s. + 37 75 ea 96 5a dc bf 6c 20 ba 9f 08 b0 51 ba ef | 7u..Z..l ....Q.. + 84 63 e8 0a 1a 88 0a 85 02 ac 17 f3 ae dd 24 c0 | .c............$. + 04 3e 97 88 e1 91 c9 e4 6d 5a 8a c5 a8 df 67 f1 | .>......mZ....g. + 5b 65 61 02 72 4c 0b cc 3c 00 af 22 01 8a 21 ce | [ea.rL..<.."..!. + 23 7e 91 4c 32 99 cd 18 4b af d6 74 c6 ff 67 c6 | #~.L2...K..t..g. + f5 0f 90 a6 6b b9 6c 87 dd c4 a9 79 86 bc 89 ad | ....k.l....y.... + 7c a2 88 fc db 42 69 b6 6f 52 26 0e 0a c7 5e 09 | |....Bi.oR&...^. + 65 87 80 87 77 34 11 17 93 15 7b ad e4 1b 9a c9 | e...w4....{..... + ff 21 77 37 61 5e ee 09 6d 44 d2 d7 e1 e1 00 37 | .!w7a^..mD.....7 + 00 00 00 00 00 20 e3 b0 c4 42 98 fc 1c 14 9a fb | ..... ...B...... + f4 c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4 95 | ...o.$'.A.d..L.. + 99 1b 78 52 b8 55 01 00 10 00 04 40 00 00 0b 00 | ..xR.U.....@.... + 04 40 00 00 0b 00 00 00 20 28 d0 26 fa fd 74 91 | .@...... (.&..t. + 06 74 3e 27 c4 28 05 51 58 5e 5d 17 66 8e b5 21 | .t>'.(.QX^].f..! + 83 5e d6 01 27 ef fc 05 d4 80 21 40 00 00 0b 00 | .^..'.....!@.... + 20 b7 80 b6 86 9b 9d 00 fe 2d 08 0e 75 2d 34 a8 | ........-..u-4. + 67 e8 74 86 70 bc 5c 86 71 be 11 a4 0b e5 e0 cb | g.t.p.\.q....... + 00 00 22 00 0b c2 e3 0b b7 c0 e3 7c b2 5c c4 16 | .."........|.\.. + 0c f5 8c 1e c8 b8 dd 3d 4b e1 d5 d5 58 45 33 23 | .......=K...XE3# + 2b 74 22 18 04 00 00 01 00 00 | +t"....... +TPM2_CreatePrimary: Platform 0x80000001 (282 bytes) +Command: 109 + 80 02 00 00 00 6d 00 00 01 53 80 00 00 01 00 00 | .....m...S...... + 00 18 40 00 00 09 00 00 01 00 0f 57 6f 6c 66 54 | ..@........WolfT + 50 4d 50 6c 61 74 50 73 77 64 00 29 00 16 54 68 | PMPlatPswd.)..Th + 69 73 49 73 41 53 65 63 72 65 74 55 73 61 67 65 | isIsASecretUsage + 41 75 74 68 00 0f 54 68 69 73 49 73 4d 79 48 6d | Auth..ThisIsMyHm + 61 63 4b 65 79 00 10 00 08 00 0b 00 04 04 40 00 | acKey.........@. + 00 00 05 00 0b 00 00 00 00 00 00 00 00 | ............. +Response: 403 + 80 02 00 00 01 93 00 00 00 00 00 00 01 80 00 8d | ................ + 00 20 31 85 ab 37 a3 51 e4 f2 cc 50 d8 a1 b4 ac | . 1..7.Q...P.... + 64 12 ec 1b 3d 67 ff 7f 24 ba b8 f2 d5 a8 5a ce | d...=g..$.....Z. + 82 ed 00 10 68 6f 88 10 0f af f3 d9 f6 73 4f e1 | ....ho.......sO. + 00 29 a5 66 13 33 d4 58 a8 d9 0a 5c 28 a1 f9 91 | .).f.3.X...\(... + 00 e1 0d 0c 07 18 b6 16 28 a9 0c 00 53 30 59 bc | ........(...S0Y. + a6 23 52 d8 29 0c d7 e9 d2 4a ec 68 1b 11 fa be | .#R.)....J.h.... + cd 7e 16 12 a8 b7 58 64 36 5b d3 bb 0e df 1d d4 | .~....Xd6[...... + 50 62 92 c8 3f 48 c7 38 7d f9 a2 75 95 f7 56 f3 | Pb..?H.8}..u..V. + 5e c0 ee e1 fe a7 c2 ae 14 c5 2b 01 83 00 30 00 | ^.........+...0. + 08 00 0b 00 04 04 40 00 00 00 05 00 0b 00 20 ec | ......@....... . + 5d d8 39 19 c9 11 ec 34 43 29 e3 bd d8 78 43 7b | ].9....4C)...xC{ + a8 01 3f 68 df 24 9a 1a 74 6b f2 37 4b 70 2f 00 | ..?h.$..tk.7Kp/. + 73 00 00 00 00 00 20 e3 b0 c4 42 98 fc 1c 14 9a | s..... ...B..... + fb f4 c8 99 6f b9 24 27 ae 41 e4 64 9b 93 4c a4 | ....o.$'.A.d..L. + 95 99 1b 78 52 b8 55 01 00 0b 00 22 00 0b c2 e3 | ...xR.U....".... + 0b b7 c0 e3 7c b2 5c c4 16 0c f5 8c 1e c8 b8 dd | ....|.\......... + 3d 4b e1 d5 d5 58 45 33 23 2b 74 22 18 04 00 22 | =K...XE3#+t"..." + 00 0b 1d 80 aa de 66 1b ea 15 49 a1 da 87 32 b9 | ......f...I...2. + 03 98 ae e6 24 ad 63 7d f3 e1 a8 5f 84 ba 12 0a | ....$.c}..._.... + 79 6a 00 00 00 20 2e 01 54 ce 79 36 a0 30 53 a7 | yj... ..T.y6.0S. + 3a 0a e8 9f 9c 26 dd ec 52 00 0a 0b 8c 06 26 36 | :....&..R.....&6 + 54 0e f0 f7 39 e9 80 21 40 00 00 0b 00 20 95 7a | T...9..!@.... .z + c5 85 79 72 0e 35 14 2b 3d 0a 2f 72 c8 cf bf 1b | ..yr.5.+=./r.... + 93 43 a5 78 5c 2c 69 08 42 e3 92 7a 62 87 00 00 | .C.x\,i.B..zb... + 01 00 00 | ... +Create HMAC-SHA256 Key success, public 48, Private 141 +Command: 235 + 80 02 00 00 00 eb 00 00 01 57 80 00 00 01 00 00 | .........W...... + 00 18 40 00 00 09 00 00 01 00 0f 57 6f 6c 66 54 | ..@........WolfT + 50 4d 50 6c 61 74 50 73 77 64 00 8d 00 20 31 85 | PMPlatPswd... 1. + ab 37 a3 51 e4 f2 cc 50 d8 a1 b4 ac 64 12 ec 1b | .7.Q...P....d... + 3d 67 ff 7f 24 ba b8 f2 d5 a8 5a ce 82 ed 00 10 | =g..$.....Z..... + 68 6f 88 10 0f af f3 d9 f6 73 4f e1 00 29 a5 66 | ho.......sO..).f + 13 33 d4 58 a8 d9 0a 5c 28 a1 f9 91 00 e1 0d 0c | .3.X...\(....... + 07 18 b6 16 28 a9 0c 00 53 30 59 bc a6 23 52 d8 | ....(...S0Y..#R. + 29 0c d7 e9 d2 4a ec 68 1b 11 fa be cd 7e 16 12 | )....J.h.....~.. + a8 b7 58 64 36 5b d3 bb 0e df 1d d4 50 62 92 c8 | ..Xd6[......Pb.. + 3f 48 c7 38 7d f9 a2 75 95 f7 56 f3 5e c0 ee e1 | ?H.8}..u..V.^... + fe a7 c2 ae 14 c5 2b 01 83 00 30 00 08 00 0b 00 | ......+...0..... + 04 04 40 00 00 00 05 00 0b 00 20 ec 5d d8 39 19 | ..@....... .].9. + c9 11 ec 34 43 29 e3 bd d8 78 43 7b a8 01 3f 68 | ...4C)...xC{..?h + df 24 9a 1a 74 6b f2 37 4b 70 2f | .$..tk.7Kp/ +Response: 59 + 80 02 00 00 00 3b 00 00 00 00 80 00 00 02 00 00 | .....;.......... + 00 24 00 22 00 0b 2d 82 bb 02 84 3b 20 10 7d 31 | .$."..-....; .}1 + 43 72 55 21 4e 70 17 52 39 5f 2f eb c8 82 54 45 | CrU!Np.R9_/...TE + bb 23 2e 59 a4 3f 00 00 01 00 00 | .#.Y.?..... +TPM2_Load New HMAC Key Handle 0x80000002 +Command: 14 + 80 01 00 00 00 0e 00 00 01 65 80 00 00 02 | .........e.... +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... +TPM2_FlushContext: Closed handle 0x80000002 +Command: 102 + 80 02 00 00 00 66 00 00 01 53 80 00 00 01 00 00 | .....f...S...... + 00 18 40 00 00 09 00 00 01 00 0f 57 6f 6c 66 54 | ..@........WolfT + 50 4d 50 6c 61 74 50 73 77 64 00 1a 00 16 54 68 | PMPlatPswd....Th + 69 73 49 73 41 53 65 63 72 65 74 55 73 61 67 65 | isIsASecretUsage + 41 75 74 68 00 00 00 18 00 23 00 0b 00 04 04 60 | Auth.....#.....` + 00 00 00 10 00 18 00 0b 00 03 00 10 00 00 00 00 | ................ + 00 00 00 00 00 00 | ...... +Response: 428 + 80 02 00 00 01 ac 00 00 00 00 00 00 01 99 00 7e | ...............~ + 00 20 bd 65 f8 41 1c 8c ab b2 7a 07 c3 0e 96 e2 | . .e.A....z..... + 5c 7c 4a a5 a2 4e b5 b1 a7 94 12 eb a8 f7 37 db | \|J..N........7. + e1 f8 00 10 7a d6 38 20 97 63 70 12 87 1a f6 77 | ....z.8 .cp....w + c2 52 7d 06 42 f1 fc f2 aa 27 e6 a2 f1 78 62 c6 | .R}.B....'...xb. + d8 9e ac 43 2f 66 60 1f 68 40 32 33 df 46 9a 11 | ...C/f`.h@23.F.. + f6 1f f1 2a 58 01 1d df 48 4f 2d 26 1c 82 5a ac | ...*X...HO-&..Z. + ac 30 2b a6 5e 01 62 50 79 c0 9c cb ea a1 03 cd | .0+.^.bPy....... + ee a4 50 65 8b 3c eb 0e 18 31 01 52 14 60 00 58 | ..Pe.<...1.R.`.X + 00 23 00 0b 00 04 04 60 00 00 00 10 00 18 00 0b | .#.....`........ + 00 03 00 10 00 20 16 63 a0 55 8f 6a af 93 a3 39 | ..... .c.U.j...9 + 61 32 ce 84 c9 69 91 c2 1b 78 71 ba d6 fb 8e 68 | a2...i...xq....h + 10 c8 60 b4 70 87 00 20 94 44 9e cf 19 a8 5d 18 | ..`.p.. .D....]. + c0 3c 08 59 15 fb 4f f5 22 c7 c7 14 dc 38 61 62 | .<.Y..O."....8ab + fe 0e 81 a6 45 71 dc 5c 00 73 00 00 00 00 00 20 | ....Eq.\.s..... + e3 b0 c4 42 98 fc 1c 14 9a fb f4 c8 99 6f b9 24 | ...B.........o.$ + 27 ae 41 e4 64 9b 93 4c a4 95 99 1b 78 52 b8 55 | '.A.d..L....xR.U + 01 00 0b 00 22 00 0b c2 e3 0b b7 c0 e3 7c b2 5c | ...."........|.\ + c4 16 0c f5 8c 1e c8 b8 dd 3d 4b e1 d5 d5 58 45 | .........=K...XE + 33 23 2b 74 22 18 04 00 22 00 0b 1d 80 aa de 66 | 3#+t"..."......f + 1b ea 15 49 a1 da 87 32 b9 03 98 ae e6 24 ad 63 | ...I...2.....$.c + 7d f3 e1 a8 5f 84 ba 12 0a 79 6a 00 00 00 20 2e | }..._....yj... . + 01 54 ce 79 36 a0 30 53 a7 3a 0a e8 9f 9c 26 dd | .T.y6.0S.:....&. + ec 52 00 0a 0b 8c 06 26 36 54 0e f0 f7 39 e9 80 | .R.....&6T...9.. + 21 40 00 00 0b 00 20 bf 2c 93 aa b2 ef 2d 30 e9 | !@.... .,....-0. + 30 b7 60 8c 7a 92 32 12 52 11 eb a3 93 14 b5 e0 | 0.`.z.2.R....... + 4f c3 2e 1b a5 d6 65 00 00 01 00 00 | O.....e..... +TPM2_Create: New ECC Key: pub 88, priv 126 +Command: 260 + 80 02 00 00 01 04 00 00 01 57 80 00 00 01 00 00 | .........W...... + 00 18 40 00 00 09 00 00 01 00 0f 57 6f 6c 66 54 | ..@........WolfT + 50 4d 50 6c 61 74 50 73 77 64 00 7e 00 20 bd 65 | PMPlatPswd.~. .e + f8 41 1c 8c ab b2 7a 07 c3 0e 96 e2 5c 7c 4a a5 | .A....z.....\|J. + a2 4e b5 b1 a7 94 12 eb a8 f7 37 db e1 f8 00 10 | .N........7..... + 7a d6 38 20 97 63 70 12 87 1a f6 77 c2 52 7d 06 | z.8 .cp....w.R}. + 42 f1 fc f2 aa 27 e6 a2 f1 78 62 c6 d8 9e ac 43 | B....'...xb....C + 2f 66 60 1f 68 40 32 33 df 46 9a 11 f6 1f f1 2a | /f`.h@23.F.....* + 58 01 1d df 48 4f 2d 26 1c 82 5a ac ac 30 2b a6 | X...HO-&..Z..0+. + 5e 01 62 50 79 c0 9c cb ea a1 03 cd ee a4 50 65 | ^.bPy.........Pe + 8b 3c eb 0e 18 31 01 52 14 60 00 58 00 23 00 0b | .<...1.R.`.X.#.. + 00 04 04 60 00 00 00 10 00 18 00 0b 00 03 00 10 | ...`............ + 00 20 16 63 a0 55 8f 6a af 93 a3 39 61 32 ce 84 | . .c.U.j...9a2.. + c9 69 91 c2 1b 78 71 ba d6 fb 8e 68 10 c8 60 b4 | .i...xq....h..`. + 70 87 00 20 94 44 9e cf 19 a8 5d 18 c0 3c 08 59 | p.. .D....]..<.Y + 15 fb 4f f5 22 c7 c7 14 dc 38 61 62 fe 0e 81 a6 | ..O."....8ab.... + 45 71 dc 5c | Eq.\ +Response: 59 + 80 02 00 00 00 3b 00 00 00 00 80 00 00 02 00 00 | .....;.......... + 00 24 00 22 00 0b 7b fc d8 0e 1d 14 26 d2 0c ad | .$."..{.....&... + c3 e5 6d 07 dd 7e 05 4f 18 02 7c 32 c6 1f 03 28 | ..m..~.O..|2...( + 44 9c ac 2a f9 e3 00 00 01 00 00 | D..*....... +TPM2_Load New ECC Key Handle 0x80000002 +Command: 14 + 80 01 00 00 00 0e 00 00 01 65 80 00 00 02 | .........e.... +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... +TPM2_FlushContext: Closed handle 0x80000002 +Command: 14 + 80 01 00 00 00 0e 00 00 01 65 80 00 00 00 | .........e.... +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... +TPM2_FlushContext: Closed handle 0x80000000 +Command: 14 + 80 01 00 00 00 0e 00 00 01 65 80 00 00 01 | .........e.... +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... +TPM2_FlushContext: Closed handle 0x80000001 +Command: 12 + 80 01 00 00 00 0c 00 00 01 45 00 00 | .........E.. +Response: 10 + 80 01 00 00 00 0a 00 00 00 00 | .......... +wolfSSL Entering wolfCrypt_Cleanup ``` diff --git a/examples/tpm/tpm2_demo.c b/examples/tpm/tpm2_demo.c index a38b61f..1412671 100644 --- a/examples/tpm/tpm2_demo.c +++ b/examples/tpm/tpm2_demo.c @@ -199,7 +199,7 @@ int TPM2_Demo(void* userCtx) TpmEccKey eccKey; TpmRsaKey endorse; - TpmRsaKey plat; + TpmRsaKey storage; TpmHmacKey hmacKey; const char platformPwd[] = "WolfTPMPlatPswd"; @@ -366,78 +366,6 @@ int TPM2_Demo(void* userCtx) cmdOut.pcrRead.pcrValues.digests[0].size); -#if 0 - /* Clear Owner */ - cmdIn.clear.authHandle = TPM_RH_PLATFORM; - rc = TPM2_Clear(&cmdIn.clear); - if (rc != TPM_RC_SUCCESS) { - printf("TPM2_Clear failed %d: %s\n", rc, TPM2_GetRCString(rc)); - goto exit; - } - printf("TPM2_Clear Owner\n"); -#endif - - - /* Create Primary (Platform/Storage) */ - XMEMSET(&cmdIn.createPri, 0, sizeof(cmdIn.createPri)); - cmdIn.createPri.primaryHandle = TPM_RH_PLATFORM; - cmdIn.createPri.inSensitive.sensitive.userAuth.size = sizeof(platformPwd)-1; - XMEMCPY(cmdIn.createPri.inSensitive.sensitive.userAuth.buffer, - platformPwd, cmdIn.createPri.inSensitive.sensitive.userAuth.size); - cmdIn.createPri.inPublic.publicArea.type = TPM_ALG_RSA; - cmdIn.createPri.inPublic.publicArea.unique.rsa.size = MAX_RSA_KEY_BITS / 8; - cmdIn.createPri.inPublic.publicArea.nameAlg = TPM_ALG_SHA256; - cmdIn.createPri.inPublic.publicArea.objectAttributes = ( - TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent | - TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | - TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA); - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.keyBits = MAX_RSA_KEY_BITS; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.exponent = 0; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; - rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri); - if (rc != TPM_RC_SUCCESS) { - printf("TPM2_CreatePrimary: Platform failed %d: %s\n", rc, TPM2_GetRCString(rc)); - goto exit; - } - plat.handle = cmdOut.createPri.objectHandle; - printf("TPM2_CreatePrimary: Platform 0x%x\n", plat.handle); - plat.public = cmdOut.createPri.outPublic; - - - /* Create Primary (Endorsement) */ - XMEMSET(&cmdIn.createPri, 0, sizeof(cmdIn.createPri)); - cmdIn.createPri.primaryHandle = TPM_RH_ENDORSEMENT; - cmdIn.createPri.inPublic.publicArea.authPolicy.size = - sizeof(TPM_20_EK_AUTH_POLICY); - XMEMCPY(cmdIn.createPri.inPublic.publicArea.authPolicy.buffer, - TPM_20_EK_AUTH_POLICY, - cmdIn.createPri.inPublic.publicArea.authPolicy.size); - cmdIn.createPri.inPublic.publicArea.type = TPM_ALG_RSA; - cmdIn.createPri.inPublic.publicArea.unique.rsa.size = MAX_RSA_KEY_BITS / 8; - cmdIn.createPri.inPublic.publicArea.nameAlg = TPM_ALG_SHA256; - cmdIn.createPri.inPublic.publicArea.objectAttributes = ( - TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent | - TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_adminWithPolicy | - TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt); - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.keyBits = MAX_RSA_KEY_BITS; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.exponent = 0; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128; - cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; - rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri); - if (rc != TPM_RC_SUCCESS) { - printf("TPM2_CreatePrimary: Endorsement failed %d: %s\n", rc, TPM2_GetRCString(rc)); - goto exit; - } - endorse.handle = cmdOut.createPri.objectHandle; - printf("TPM2_CreatePrimary: Endorsement 0x%x\n", endorse.handle); - endorse.public = cmdOut.createPri.outPublic; - - /* Start Auth Session */ XMEMSET(&cmdIn.authSes, 0, sizeof(cmdIn.authSes)); @@ -536,6 +464,7 @@ int TPM2_Demo(void* userCtx) session.auth.size = sizeof(usageAuth)-1; XMEMCPY(session.auth.buffer, usageAuth, session.auth.size); + XMEMSET(&cmdIn.seqUpdate, 0, sizeof(cmdIn.seqUpdate)); cmdIn.seqUpdate.sequenceHandle = handle; cmdIn.seqUpdate.buffer.size = XSTRLEN(hashTestData); @@ -560,18 +489,97 @@ int TPM2_Demo(void* userCtx) //goto exit; } printf("Hash SHA256 test success\n"); - wolfTPM_UnloadHandle(&handle); + /* clear session auth */ session.auth.size = 0; XMEMSET(session.auth.buffer, 0, sizeof(session.auth.buffer)); - /* Create an HMAC-SHA256 Key */ + +#if 0 + /* Clear Owner */ + cmdIn.clear.authHandle = TPM_RH_PLATFORM; + rc = TPM2_Clear(&cmdIn.clear); + if (rc != TPM_RC_SUCCESS) { + printf("TPM2_Clear failed %d: %s\n", rc, TPM2_GetRCString(rc)); + goto exit; + } + printf("TPM2_Clear Owner\n"); +#endif + + + /* Create Primary (Endorsement) */ + XMEMSET(&cmdIn.createPri, 0, sizeof(cmdIn.createPri)); + cmdIn.createPri.primaryHandle = TPM_RH_ENDORSEMENT; + cmdIn.createPri.inPublic.publicArea.authPolicy.size = + sizeof(TPM_20_EK_AUTH_POLICY); + XMEMCPY(cmdIn.createPri.inPublic.publicArea.authPolicy.buffer, + TPM_20_EK_AUTH_POLICY, + cmdIn.createPri.inPublic.publicArea.authPolicy.size); + cmdIn.createPri.inPublic.publicArea.type = TPM_ALG_RSA; + cmdIn.createPri.inPublic.publicArea.unique.rsa.size = MAX_RSA_KEY_BITS / 8; + cmdIn.createPri.inPublic.publicArea.nameAlg = TPM_ALG_SHA256; + cmdIn.createPri.inPublic.publicArea.objectAttributes = ( + TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent | + TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_adminWithPolicy | + TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt); + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.keyBits = MAX_RSA_KEY_BITS; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.exponent = 0; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; + rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri); + if (rc != TPM_RC_SUCCESS) { + printf("TPM2_CreatePrimary: Endorsement failed %d: %s\n", rc, TPM2_GetRCString(rc)); + goto exit; + } + endorse.handle = cmdOut.createPri.objectHandle; + endorse.public = cmdOut.createPri.outPublic; + printf("TPM2_CreatePrimary: Endorsement 0x%x (%d bytes)\n", + endorse.handle, endorse.public.size); + + + /* Create (Storage) */ + XMEMSET(&cmdIn.createPri, 0, sizeof(cmdIn.createPri)); + cmdIn.createPri.primaryHandle = TPM_RH_ENDORSEMENT; + cmdIn.createPri.inSensitive.sensitive.userAuth.size = sizeof(platformPwd)-1; + XMEMCPY(cmdIn.createPri.inSensitive.sensitive.userAuth.buffer, + platformPwd, cmdIn.createPri.inSensitive.sensitive.userAuth.size); + cmdIn.createPri.inPublic.publicArea.type = TPM_ALG_RSA; + cmdIn.createPri.inPublic.publicArea.unique.rsa.size = MAX_RSA_KEY_BITS / 8; + cmdIn.createPri.inPublic.publicArea.nameAlg = TPM_ALG_SHA256; + cmdIn.createPri.inPublic.publicArea.objectAttributes = ( + TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent | + TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | + TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA); + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.keyBits = MAX_RSA_KEY_BITS; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.exponent = 0; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128; + cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; + rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri); + if (rc != TPM_RC_SUCCESS) { + printf("TPM2_CreatePrimary: Platform failed %d: %s\n", rc, TPM2_GetRCString(rc)); + goto exit; + } + storage.handle = cmdOut.createPri.objectHandle; + storage.public = cmdOut.createPri.outPublic; + printf("TPM2_CreatePrimary: Platform 0x%x (%d bytes)\n", + storage.handle, storage.public.size); + + /* Move new primary key into NV to persist */ + //rc = TPM2_EvictControl(&cmdIn.evict); + + /* Setup auth session for parent handle */ session.auth.size = sizeof(platformPwd)-1; XMEMCPY(session.auth.buffer, platformPwd, session.auth.size); + + /* Create an HMAC-SHA256 Key */ XMEMSET(&cmdIn.create, 0, sizeof(cmdIn.create)); - cmdIn.create.parentHandle = plat.handle; + cmdIn.create.parentHandle = storage.handle; cmdIn.create.inSensitive.sensitive.userAuth.size = sizeof(usageAuth)-1; XMEMCPY(cmdIn.create.inSensitive.sensitive.userAuth.buffer, usageAuth, cmdIn.create.inSensitive.sensitive.userAuth.size); @@ -587,18 +595,16 @@ int TPM2_Demo(void* userCtx) cmdIn.create.inPublic.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_SHA256; rc = TPM2_Create(&cmdIn.create, &cmdOut.create); if (rc != TPM_RC_SUCCESS) { - printf("TPM2_Create failed %d: %s\n", rc, TPM2_GetRCString(rc)); + printf("TPM2_Create HMAC failed %d: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } hmacKey.public = cmdOut.create.outPublic; hmacKey.private = cmdOut.create.outPrivate; - printf("Create HMAC-SHA256 Key success\n"); - - session.auth.size = 0; - XMEMSET(session.auth.buffer, 0, sizeof(session.auth.buffer)); + printf("Create HMAC-SHA256 Key success, public %d, Private %d\n", + hmacKey.public.size, hmacKey.private.size); XMEMSET(&cmdIn.load, 0, sizeof(cmdIn.load)); - cmdIn.load.parentHandle = plat.handle; + cmdIn.load.parentHandle = storage.handle; cmdIn.load.inPrivate = hmacKey.private; cmdIn.load.inPublic = hmacKey.public; rc = TPM2_Load(&cmdIn.load, &cmdOut.load); @@ -609,30 +615,29 @@ int TPM2_Demo(void* userCtx) hmacKey.handle = cmdOut.load.objectHandle; printf("TPM2_Load New HMAC Key Handle 0x%x\n", hmacKey.handle); + wolfTPM_UnloadHandle(&hmacKey.handle); + + /* Create an ECC key */ - session.auth.size = sizeof(platformPwd)-1; - XMEMCPY(session.auth.buffer, platformPwd, session.auth.size); - XMEMSET(&cmdIn.create, 0, sizeof(cmdIn.create)); - cmdIn.create.parentHandle = plat.handle; + cmdIn.create.parentHandle = storage.handle; cmdIn.create.inSensitive.sensitive.userAuth.size = sizeof(usageAuth)-1; XMEMCPY(cmdIn.create.inSensitive.sensitive.userAuth.buffer, usageAuth, cmdIn.create.inSensitive.sensitive.userAuth.size); cmdIn.create.inPublic.publicArea.type = TPM_ALG_ECC; cmdIn.create.inPublic.publicArea.nameAlg = TPM_ALG_SHA256; cmdIn.create.inPublic.publicArea.objectAttributes = ( - TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent | TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | - TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA); + TPMA_OBJECT_sign | TPMA_OBJECT_noDA); cmdIn.create.inPublic.publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; - cmdIn.create.inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + cmdIn.create.inPublic.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; cmdIn.create.inPublic.publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = TPM_ALG_SHA256; cmdIn.create.inPublic.publicArea.parameters.eccDetail.curveID = TPM_ECC_NIST_P256; cmdIn.create.inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; rc = TPM2_Create(&cmdIn.create, &cmdOut.create); if (rc != TPM_RC_SUCCESS) { - printf("TPM2_Create failed %d: %s\n", rc, TPM2_GetRCString(rc)); + printf("TPM2_Create ECC failed %d: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } printf("TPM2_Create: New ECC Key: pub %d, priv %d\n", cmdOut.create.outPublic.size, @@ -642,7 +647,7 @@ int TPM2_Demo(void* userCtx) /* Load new key */ XMEMSET(&cmdIn.load, 0, sizeof(cmdIn.load)); - cmdIn.load.parentHandle = plat.handle; + cmdIn.load.parentHandle = storage.handle; cmdIn.load.inPrivate = eccKey.private; cmdIn.load.inPublic = eccKey.public; rc = TPM2_Load(&cmdIn.load, &cmdOut.load); @@ -655,19 +660,18 @@ int TPM2_Demo(void* userCtx) wolfTPM_UnloadHandle(&eccKey.handle); + + /* Clear auth buffer */ session.auth.size = 0; XMEMSET(session.auth.buffer, 0, sizeof(session.auth.buffer)); - - - exit: /* Cleanup key objects */ wolfTPM_UnloadHandle(&endorse.handle); - wolfTPM_UnloadHandle(&plat.handle); + wolfTPM_UnloadHandle(&storage.handle); if (handle != TPM_RH_NULL) wolfTPM_UnloadHandle(&handle); diff --git a/src/tpm2.c b/src/tpm2.c index ac5cfc5..6f6d892 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -628,19 +628,16 @@ static void TPM2_Packet_AppendAuth(TPM2_Packet* packet, TPMS_AUTH_COMMAND* auth) } static void TPM2_Packet_ParseAuth(TPM2_Packet* packet, TPMS_AUTH_RESPONSE* auth) { - word32 sz; + TPMS_AUTH_RESPONSE auth_lcl; if (auth == NULL) - return; + auth = &auth_lcl; /* use local tmp and discard */ - TPM2_Packet_ParseU32(packet, &sz); - if (sz > 0) { - TPM2_Packet_ParseU16(packet, &auth->nonce.size); - TPM2_Packet_AppendBytes(packet, auth->nonce.buffer, auth->nonce.size); - TPM2_Packet_ParseU8(packet, &auth->sessionAttributes); - TPM2_Packet_ParseU16(packet, &auth->auth.size); - TPM2_Packet_AppendBytes(packet, auth->auth.buffer, auth->auth.size); - } + TPM2_Packet_ParseU16(packet, &auth->nonce.size); + TPM2_Packet_ParseBytes(packet, auth->nonce.buffer, auth->nonce.size); + TPM2_Packet_ParseU8(packet, &auth->sessionAttributes); + TPM2_Packet_ParseU16(packet, &auth->auth.size); + TPM2_Packet_ParseBytes(packet, auth->auth.buffer, auth->auth.size); } static void TPM2_Packet_AppendPCR(TPM2_Packet* packet, TPML_PCR_SELECTION* pcr) { @@ -692,7 +689,7 @@ static void TPM2_Packet_ParseSymmetric(TPM2_Packet* packet, static void TPM2_Packet_AppendSigScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme) { TPM2_Packet_AppendU16(packet, scheme->scheme); - //if (scheme->scheme != TPM_ALG_NULL) + if (scheme->scheme != TPM_ALG_NULL) TPM2_Packet_AppendU16(packet, scheme->details.any.hashAlg); } static void TPM2_Packet_ParseSigScheme(TPM2_Packet* packet, TPMT_SIG_SCHEME* scheme) @@ -731,7 +728,7 @@ static void TPM2_Packet_ParseKeyedHashScheme(TPM2_Packet* packet, TPMT_KEYEDHASH static void TPM2_Packet_AppendKdfScheme(TPM2_Packet* packet, TPMT_KDF_SCHEME* scheme) { TPM2_Packet_AppendU16(packet, scheme->scheme); - //if (scheme->scheme != TPM_ALG_NULL) + if (scheme->scheme != TPM_ALG_NULL) TPM2_Packet_AppendU16(packet, scheme->details.any.hashAlg); } static void TPM2_Packet_ParseKdfScheme(TPM2_Packet* packet, TPMT_KDF_SCHEME* scheme) @@ -754,6 +751,29 @@ static void TPM2_Packet_ParseAsymScheme(TPM2_Packet* packet, TPMT_ASYM_SCHEME* s TPM2_Packet_ParseU16(packet, &scheme->details.anySig.hashAlg); } +static void TPM2_Packet_AppendEccPoint(TPM2_Packet* packet, TPMS_ECC_POINT* point) { + TPM2_Packet_AppendU16(packet, point->x.size); + TPM2_Packet_AppendBytes(packet, point->x.buffer, point->x.size); + TPM2_Packet_AppendU16(packet, point->y.size); + TPM2_Packet_AppendBytes(packet, point->y.buffer, point->y.size); +} +static void TPM2_Packet_ParseEccPoint(TPM2_Packet* packet, TPMS_ECC_POINT* point) { + TPM2_Packet_ParseU16(packet, &point->x.size); + TPM2_Packet_ParseBytes(packet, point->x.buffer, point->x.size); + TPM2_Packet_ParseU16(packet, &point->y.size); + TPM2_Packet_ParseBytes(packet, point->y.buffer, point->y.size); +} + +static void TPM2_Packet_AppendPoint(TPM2_Packet* packet, TPM2B_ECC_POINT* point) { + int sz = point->point.x.size + point->point.y.size; + TPM2_Packet_AppendU16(packet, sz); + TPM2_Packet_AppendEccPoint(packet, &point->point); +} +static void TPM2_Packet_ParsePoint(TPM2_Packet* packet, TPM2B_ECC_POINT* point) { + TPM2_Packet_ParseU16(packet, &point->size); + TPM2_Packet_ParseEccPoint(packet, &point->point); +} + static void TPM2_Packet_AppendSensitive(TPM2_Packet* packet, TPM2B_SENSITIVE_CREATE* sensitive) { UINT16 sz = 2 + sensitive->sensitive.userAuth.size + 2 + sensitive->sensitive.data.size; @@ -846,9 +866,29 @@ static void TPM2_Packet_AppendPublic(TPM2_Packet* packet, TPM2B_PUBLIC* public) TPM2_Packet_AppendPublicParms(packet, public->publicArea.type, &public->publicArea.parameters); - TPM2_Packet_AppendU16(packet, public->publicArea.unique.keyedHash.size); - TPM2_Packet_AppendBytes(packet, public->publicArea.unique.keyedHash.buffer, - public->publicArea.unique.keyedHash.size); + switch (public->publicArea.type) { + case TPM_ALG_KEYEDHASH: + TPM2_Packet_AppendU16(packet, public->publicArea.unique.keyedHash.size); + TPM2_Packet_AppendBytes(packet, public->publicArea.unique.keyedHash.buffer, + public->publicArea.unique.keyedHash.size); + break; + case TPM_ALG_SYMCIPHER: + TPM2_Packet_AppendU16(packet, public->publicArea.unique.sym.size); + TPM2_Packet_AppendBytes(packet, public->publicArea.unique.sym.buffer, + public->publicArea.unique.sym.size); + break; + case TPM_ALG_RSA: + TPM2_Packet_AppendU16(packet, public->publicArea.unique.rsa.size); + TPM2_Packet_AppendBytes(packet, public->publicArea.unique.rsa.buffer, + public->publicArea.unique.rsa.size); + break; + case TPM_ALG_ECC: + TPM2_Packet_AppendEccPoint(packet, &public->publicArea.unique.ecc); + break; + default: + /* TPMS_DERIVE derive; ? */ + break; + } /* update with actual size */ sz = packet->pos - sz; @@ -856,10 +896,8 @@ static void TPM2_Packet_AppendPublic(TPM2_Packet* packet, TPM2B_PUBLIC* public) } static void TPM2_Packet_ParsePublic(TPM2_Packet* packet, TPM2B_PUBLIC* public) { - UINT16 sz; - - TPM2_Packet_ParseU16(packet, &sz); - if (sz > 0) { + TPM2_Packet_ParseU16(packet, &public->size); + if (public->size > 0) { TPM2_Packet_ParseU16(packet, &public->publicArea.type); TPM2_Packet_ParseU16(packet, &public->publicArea.nameAlg); TPM2_Packet_ParseU32(packet, &public->publicArea.objectAttributes); @@ -869,28 +907,32 @@ static void TPM2_Packet_ParsePublic(TPM2_Packet* packet, TPM2B_PUBLIC* public) TPM2_Packet_ParsePublicParms(packet, public->publicArea.type, &public->publicArea.parameters); - TPM2_Packet_ParseU16(packet, &public->publicArea.unique.keyedHash.size); - TPM2_Packet_ParseBytes(packet, public->publicArea.unique.keyedHash.buffer, - public->publicArea.unique.keyedHash.size); + switch (public->publicArea.type) { + case TPM_ALG_KEYEDHASH: + TPM2_Packet_ParseU16(packet, &public->publicArea.unique.keyedHash.size); + TPM2_Packet_ParseBytes(packet, public->publicArea.unique.keyedHash.buffer, + public->publicArea.unique.keyedHash.size); + break; + case TPM_ALG_SYMCIPHER: + TPM2_Packet_ParseU16(packet, &public->publicArea.unique.sym.size); + TPM2_Packet_ParseBytes(packet, public->publicArea.unique.sym.buffer, + public->publicArea.unique.sym.size); + break; + case TPM_ALG_RSA: + TPM2_Packet_ParseU16(packet, &public->publicArea.unique.rsa.size); + TPM2_Packet_ParseBytes(packet, public->publicArea.unique.rsa.buffer, + public->publicArea.unique.rsa.size); + break; + case TPM_ALG_ECC: + TPM2_Packet_ParseEccPoint(packet, &public->publicArea.unique.ecc); + break; + default: + /* TPMS_DERIVE derive; ? */ + break; + } } } -static void TPM2_Packet_AppendPoint(TPM2_Packet* packet, TPM2B_ECC_POINT* point) { - int sz = point->point.x.size + point->point.y.size; - TPM2_Packet_AppendU16(packet, sz); - TPM2_Packet_AppendU16(packet, point->point.x.size); - TPM2_Packet_AppendBytes(packet, point->point.x.buffer, point->point.x.size); - TPM2_Packet_AppendU16(packet, point->point.y.size); - TPM2_Packet_AppendBytes(packet, point->point.y.buffer, point->point.y.size); -} -static void TPM2_Packet_ParsePoint(TPM2_Packet* packet, TPM2B_ECC_POINT* point) { - TPM2_Packet_ParseU16(packet, &point->size); - TPM2_Packet_ParseU16(packet, &point->point.x.size); - TPM2_Packet_ParseBytes(packet, point->point.x.buffer, point->point.x.size); - TPM2_Packet_ParseU16(packet, &point->point.y.size); - TPM2_Packet_ParseBytes(packet, point->point.y.buffer, point->point.y.size); -} - static TPM_RC TPM2_Packet_Parse(TPM_RC rc, TPM2_Packet* packet) { if (rc == TPM_RC_SUCCESS && packet) { @@ -1330,10 +1372,11 @@ TPM_RC TPM2_Create(Create_In* in, Create_Out* out) rc = TPM2_SendCommand(ctx, &packet); if (rc == TPM_RC_SUCCESS) { TPMS_AUTH_RESPONSE respAuth; + UINT32 paramSz = 0; rc = TPM2_Packet_Parse(rc, &packet); - TPM2_Packet_ParseAuth(&packet, &respAuth); + TPM2_Packet_ParseU32(&packet, ¶mSz); TPM2_Packet_ParseU16(&packet, &out->outPrivate.size); TPM2_Packet_ParseBytes(&packet, out->outPrivate.buffer, out->outPrivate.size); @@ -1372,6 +1415,8 @@ TPM_RC TPM2_Create(Create_In* in, Create_Out* out) TPM2_Packet_ParseBytes(&packet, out->creationTicket.digest.buffer, out->creationTicket.digest.size); + + TPM2_Packet_ParseAuth(&packet, &respAuth); } TPM2_ReleaseLock(ctx); @@ -1481,11 +1526,15 @@ TPM_RC TPM2_Load(Load_In* in, Load_Out* out) /* send command */ rc = TPM2_SendCommand(ctx, &packet); if (rc == TPM_RC_SUCCESS) { - rc = TPM2_Packet_Parse(rc, &packet); + TPMS_AUTH_RESPONSE respAuth; + UINT32 paramSz = 0; + rc = TPM2_Packet_Parse(rc, &packet); TPM2_Packet_ParseU32(&packet, &out->objectHandle); + TPM2_Packet_ParseU32(&packet, ¶mSz); TPM2_Packet_ParseU16(&packet, &out->name.size); TPM2_Packet_ParseBytes(&packet, out->name.name, out->name.size); + TPM2_Packet_ParseAuth(&packet, &respAuth); } TPM2_ReleaseLock(ctx); @@ -2416,7 +2465,11 @@ TPM_RC TPM2_SequenceUpdate(SequenceUpdate_In* in) /* send command */ rc = TPM2_SendCommand(ctx, &packet); if (rc == TPM_RC_SUCCESS) { + TPMS_AUTH_RESPONSE respAuth; + UINT32 paramSz = 0; rc = TPM2_Packet_Parse(rc, &packet); + TPM2_Packet_ParseU32(&packet, ¶mSz); + TPM2_Packet_ParseAuth(&packet, &respAuth); } TPM2_ReleaseLock(ctx); @@ -2449,8 +2502,12 @@ TPM_RC TPM2_SequenceComplete(SequenceComplete_In* in, SequenceComplete_Out* out) /* send command */ rc = TPM2_SendCommand(ctx, &packet); if (rc == TPM_RC_SUCCESS) { + TPMS_AUTH_RESPONSE respAuth; + UINT32 paramSz = 0; rc = TPM2_Packet_Parse(rc, &packet); + TPM2_Packet_ParseU32(&packet, ¶mSz); + TPM2_Packet_ParseU16(&packet, &out->result.size); TPM2_Packet_ParseBytes(&packet, out->result.buffer, out->result.size); @@ -2459,6 +2516,8 @@ TPM_RC TPM2_SequenceComplete(SequenceComplete_In* in, SequenceComplete_Out* out) TPM2_Packet_ParseU16(&packet, &out->validation.digest.size); TPM2_Packet_ParseBytes(&packet, out->validation.digest.buffer, out->validation.digest.size); + + TPM2_Packet_ParseAuth(&packet, &respAuth); } TPM2_ReleaseLock(ctx); @@ -4263,8 +4322,8 @@ TPM_RC TPM2_EvictControl(EvictControl_In* in) TPM2_Packet_AppendU32(&packet, in->auth); TPM2_Packet_AppendU32(&packet, in->objectHandle); TPM2_Packet_AppendU32(&packet, in->persistentHandle); - - TPM2_Packet_Finalize(&packet, TPM_ST_NO_SESSIONS, TPM_CC_EvictControl); + TPM2_Packet_AppendAuth(&packet, ctx->auth); + TPM2_Packet_Finalize(&packet, TPM_ST_SESSIONS, TPM_CC_EvictControl); /* send command */ rc = TPM2_SendCommand(ctx, &packet);