WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #224 from dgarske/csharp_exception 

CSharp support for handling TPM errors with exception
pull/225/head
Anthony Hu 2022-07-13 11:39:16 -04:00 committed by GitHub
parent 1a78e4f27f 1a76727edf
commit bbecd2bb45
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 518 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/tpm2.c
View File

@ -5485,10 +5485,11 @@ const char* TPM2_GetRCString(int rc)
#endif
#else
switch (rc) {
TPM_RC_STR(BAD_FUNC_ARG, "Bad function argument provided");
TPM_RC_STR(BUFFER_E, "Output buffer too small or input too large");
/* copy of the error code strings from wolfCrypt */
TPM_RC_STR(BAD_FUNC_ARG, "Bad function argument");
TPM_RC_STR(BUFFER_E, "Buffer error, output too small or input too big");
TPM_RC_STR(NOT_COMPILED_IN, "Feature not compiled in");
TPM_RC_STR(BAD_MUTEX_E, "Bad mutex operation");
TPM_RC_STR(BAD_MUTEX_E, "Bad mutex, operation failed");
TPM_RC_STR(WC_TIMEOUT_E, "Timeout error");
default:
break;

10
src/tpm2_wrap.c
View File

@ -510,6 +510,14 @@ int wolfTPM2_SelfTest(WOLFTPM2_DEV* dev)
XMEMSET(&selfTest, 0, sizeof(selfTest));
selfTest.fullTest = YES;
rc = TPM2_SelfTest(&selfTest);
#ifdef WOLFTPM_WINAPI
if (rc == TPM_E_COMMAND_BLOCKED) {
#ifdef DEBUG_WOLFTPM
printf("TPM2_SelfTest not allowed on Windows TBS (err 0x%x)\n", rc);
#endif
rc = TPM_RC_SUCCESS; /* report success */
}
#endif
if (rc != TPM_RC_SUCCESS) {
#ifdef DEBUG_WOLFTPM
printf("TPM2_SelfTest failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
@ -4985,7 +4993,7 @@ int wolfTPM2_CSR_SetCustomExt(WOLFTPM2_DEV* dev, WOLFTPM2_CSR* csr, int critical
(void)oid;
(void)der;
(void)derSz;
/* Requires:
/* Requires:
* ./configure --enable-wolftpm --enable-certgen --enable-asn=template \
CFLAGS="-DWOLFSSL_CUSTOM_OID -DHAVE_OID_ENCODING"
*/

254
wrapper/CSharp/wolfTPM-tests.cs
View File

@ -107,33 +107,33 @@ namespace tpm_csharp_test
private void GetSRK(Key srkKey, string auth)
{
int ret = device.CreateSRK(srkKey,
int rc = device.CreateSRK(srkKey,
(int)TPM2_Alg.RSA,
auth);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
private void GenerateKey(string algorithm)
{
int ret = (int)Status.TPM_RC_SUCCESS;
int rc = (int)Status.TPM_RC_SUCCESS;
KeyBlob blob = new KeyBlob();
Template template = new Template();
byte[] blob_buffer = new byte[Device.MAX_KEYBLOB_BYTES];
if (algorithm == "RSA")
{
ret = template.GetKeyTemplate_RSA((ulong)(
rc = template.GetKeyTemplate_RSA((ulong)(
TPM2_Object.sensitiveDataOrigin |
TPM2_Object.userWithAuth |
TPM2_Object.decrypt |
TPM2_Object.sign |
TPM2_Object.noDA));
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
else if (algorithm == "AES")
{
ret = template.GetKeyTemplate_Symmetric(256, TPM2_Alg.CTR, true, true);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = template.GetKeyTemplate_Symmetric(256, TPM2_Alg.CTR, true, true);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
else
{
@ -141,17 +141,17 @@ namespace tpm_csharp_test
Assert.Fail();
}
ret = device.CreateKey(blob, parent_key, template,
rc = device.CreateKey(blob, parent_key, template,
"ThisIsMyStorageKeyAuth");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.LoadKey(blob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.LoadKey(blob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = blob.GetKeyBlobAsBuffer(blob_buffer);
if (ret > 0)
rc = blob.GetKeyBlobAsBuffer(blob_buffer);
if (rc > 0)
{
Array.Resize(ref blob_buffer, ret);
Array.Resize(ref blob_buffer, rc);
if (algorithm == "RSA")
{
generatedRSA = blob_buffer;
@ -165,21 +165,21 @@ namespace tpm_csharp_test
Console.WriteLine("Unexpected algorithm name!");
return;
}
ret = (int)Status.TPM_RC_SUCCESS;
rc = (int)Status.TPM_RC_SUCCESS;
}
else
{
Console.WriteLine("wolfTPM2_GetKeyBlobAsBuffer() failed.");
ret = -1;
rc = -1;
}
ret = device.UnloadHandle(blob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(blob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
private void LoadGeneratedKey(string algorithm)
{
int ret = (int)Status.TPM_RC_SUCCESS;
int rc = (int)Status.TPM_RC_SUCCESS;
KeyBlob blob = new KeyBlob();
byte[] blob_buffer;
@ -197,14 +197,14 @@ namespace tpm_csharp_test
return;
}
ret = blob.SetKeyBlobFromBuffer(blob_buffer);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = blob.SetKeyBlobFromBuffer(blob_buffer);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.LoadKey(blob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.LoadKey(blob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.UnloadHandle(blob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(blob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
@ -218,27 +218,26 @@ namespace tpm_csharp_test
[TearDown]
public void TestCleanup()
{
int ret = device.UnloadHandle(parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
int rc = device.UnloadHandle(parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TrySelfTest()
{
uint ret = (uint)device.SelfTest();
Assert.That(ret, Is.EqualTo((uint)Status.TPM_RC_SUCCESS) |
Is.EqualTo(0x80280400));
int rc = device.SelfTest();
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryFillBufferWithRandom()
{
int ret;
int rc;
const int bufSz = 256;
byte[] buf = new byte[bufSz];
ret = device.GetRandom(buf);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.GetRandom(buf);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
PrintByteArray(buf);
Assert.That(buf, Has.Some.GreaterThan(0));
@ -261,28 +260,28 @@ namespace tpm_csharp_test
[Test]
public void TryAuthSession()
{
int ret;
int rc;
Session tpmSession = new Session();
const int bufSz = 256;
byte[] buf = new byte[bufSz];
Console.WriteLine("Testing Parameter Encryption with AES CFB");
ret = tpmSession.StartAuth(device, parent_key, TPM2_Alg.CFB);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = tpmSession.StartAuth(device, parent_key, TPM2_Alg.CFB);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
/* Do sensitive operation */
ret = device.GetRandom(buf);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.GetRandom(buf);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = tpmSession.StopAuth(device);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = tpmSession.StopAuth(device);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryLoadRSAPublicKey()
{
int ret;
int rc;
Key pub_key;
int exp = 0x10001;
@ -290,17 +289,17 @@ namespace tpm_csharp_test
pub_key = new Key();
ret = device.LoadRsaPublicKey(pub_key, pub_buffer, exp);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.LoadRsaPublicKey(pub_key, pub_buffer, exp);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.UnloadHandle(pub_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(pub_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryLoadRSAPrivateKey()
{
int ret;
int rc;
Key priv_key;
int exp = 0x10001;
@ -309,19 +308,19 @@ namespace tpm_csharp_test
priv_key = new Key();
ret = device.LoadRsaPrivateKey(parent_key, priv_key,
rc = device.LoadRsaPrivateKey(parent_key, priv_key,
pub_buffer, exp,
priv_buffer);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.UnloadHandle(priv_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(priv_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryImportRSAPrivateKey()
{
int ret;
int rc;
KeyBlob blob;
int exp = 0x10001;
@ -331,64 +330,72 @@ namespace tpm_csharp_test
blob = new KeyBlob();
ret = device.ImportRsaPrivateKey(parent_key, blob,
rc = device.ImportRsaPrivateKey(parent_key, blob,
pub_buffer,
exp, priv_buffer,
(uint)TPM2_Alg.NULL, (uint)TPM2_Alg.NULL);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.UnloadHandle(blob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(blob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryCreatePrimaryKey()
{
int ret;
int rc;
Key key = new Key();
Template template = new Template();
/* Test creating the primary RSA endorsement key (EK) */
ret = template.GetKeyTemplate_RSA_EK();
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = template.GetKeyTemplate_RSA_EK();
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.CreatePrimaryKey(key, TPM_RH.ENDORSEMENT, template, null);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.CreatePrimaryKey(key, TPM_RH.ENDORSEMENT, template, null);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.UnloadHandle(key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryCreateCustomPrimaryKey()
{
int ret;
int rc;
Key key = new Key();
Template template = new Template();
/* Test creating custom SRK (different than one Windows uses) */
ret = template.GetKeyTemplate_RSA_SRK();
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = template.GetKeyTemplate_RSA_SRK();
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = template.SetKeyTemplate_Unique("myUniqueValue");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = template.SetKeyTemplate_Unique("myUniqueValue");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.CreatePrimaryKey(key, TPM_RH.OWNER, template, null);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.CreatePrimaryKey(key, TPM_RH.OWNER, template, null);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
/* use temporary handle (in memory), cannot store to
* Non-Volatile (NV) Memory on Windows */
Console.WriteLine("Primary Key Handle 0x{0}",
device.GetHandleValue(key.GetHandle()).ToString("X8"));
ret = device.UnloadHandle(key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryGetErrorString()
{
string err = device.GetErrorString(Status.BAD_FUNC_ARG);
if (!string.IsNullOrEmpty(err))
Assert.AreEqual(err, "Bad function argument");
}
[Test]
public void TryGenerateCSR()
{
int ret;
int rc;
KeyBlob keyBlob = new KeyBlob();
Template template = new Template();
byte[] output = new byte[Device.MAX_TPM_BUFFER];
@ -398,35 +405,75 @@ namespace tpm_csharp_test
"/emailAddress=info@wolfssl.com";
string keyUsage = "serverAuth,clientAuth,codeSigning";
ret = template.GetKeyTemplate_RSA((ulong)(
rc = template.GetKeyTemplate_RSA((ulong)(
TPM2_Object.sensitiveDataOrigin |
TPM2_Object.userWithAuth |
TPM2_Object.decrypt |
TPM2_Object.sign |
TPM2_Object.noDA));
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.CreateKey(keyBlob, parent_key, template,
rc = device.CreateKey(keyBlob, parent_key, template,
"ThisIsMyStorageKeyAuth");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.GenerateCSR(keyBlob, subject, keyUsage,
X509_Format.PEM, output, 0);
Assert.That(ret, Is.GreaterThan(0));
/* Generate a CSR (Certificate Signing Request) */
rc = device.GenerateCSR(keyBlob, subject, keyUsage,
X509_Format.PEM, output);
Assert.That(rc, Is.GreaterThan(0));
Console.WriteLine("CSR PEM {0} bytes", ret.ToString());
Console.WriteLine("CSR PEM {0} bytes", rc.ToString());
ret = device.UnloadHandle(keyBlob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(keyBlob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryGenerateCert()
{
int rc;
KeyBlob keyBlob = new KeyBlob();
Template template = new Template();
byte[] output = new byte[Device.MAX_TPM_BUFFER];
string subject = "/C=US/ST=Oregon/L=Portland/SN=Development" +
"/O=wolfSSL/OU=RSA/CN=www.wolfssl.com" +
"/emailAddress=info@wolfssl.com";
string keyUsage = "serverAuth,clientAuth,codeSigning";
rc = template.GetKeyTemplate_RSA((ulong)(
TPM2_Object.sensitiveDataOrigin |
TPM2_Object.userWithAuth |
TPM2_Object.decrypt |
TPM2_Object.sign |
TPM2_Object.noDA));
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = device.CreateKey(keyBlob, parent_key, template,
"ThisIsMyStorageKeyAuth");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
rc = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
/* Generate a self signed certificate */
rc = device.GenerateCSR(keyBlob, subject, keyUsage,
X509_Format.PEM, output, 0, 1);
Assert.That(rc, Is.GreaterThan(0));
Console.WriteLine("Cert PEM {0} bytes", rc.ToString());
rc = device.UnloadHandle(keyBlob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
[Test]
public void TryGenerateCSRCustomOID()
{
int ret;
int rc;
KeyBlob keyBlob = new KeyBlob();
Template template = new Template();
Csr csr = new Csr();
@ -440,43 +487,42 @@ namespace tpm_csharp_test
string custOid = "1.2.3.4.5";
string custOidVal = "This is NOT a critical extension";
ret = template.GetKeyTemplate_RSA((ulong)(
rc = template.GetKeyTemplate_RSA((ulong)(
TPM2_Object.sensitiveDataOrigin |
TPM2_Object.userWithAuth |
TPM2_Object.decrypt |
TPM2_Object.sign |
TPM2_Object.noDA));
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.CreateKey(keyBlob, parent_key, template,
rc = device.CreateKey(keyBlob, parent_key, template,
"ThisIsMyStorageKeyAuth");
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.LoadKey(keyBlob, parent_key);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = csr.SetSubject(subject);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = csr.SetSubject(subject);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = csr.SetKeyUsage(keyUsage);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = csr.SetKeyUsage(keyUsage);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = csr.SetCustomExtension(custOid, custOidVal, 0);
rc = csr.SetCustomExtension(custOid, custOidVal, 0);
/* if custom OID support is not compiled in then test is
* inconclusive */
if (ret == (int)Status.NOT_COMPILED_IN)
if (rc == (int)Status.NOT_COMPILED_IN)
Assert.Inconclusive();
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
ret = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output);
Assert.That(ret, Is.GreaterThan(0));
rc = csr.MakeAndSign(device, keyBlob, X509_Format.PEM, output);
Assert.That(rc, Is.GreaterThan(0));
Console.WriteLine("CSR PEM {0} bytes", ret.ToString());
Console.WriteLine("CSR PEM {0} bytes", rc.ToString());
ret = device.UnloadHandle(keyBlob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, ret);
rc = device.UnloadHandle(keyBlob);
Assert.AreEqual((int)Status.TPM_RC_SUCCESS, rc);
}
}
}

455
wrapper/CSharp/wolfTPM.cs
View File

@ -25,6 +25,42 @@ using System.Runtime.InteropServices;
namespace wolfTPM
{
[Serializable]
public class WolfTpm2Exception : Exception
{
const string DLLNAME = "wolftpm";
private string _Message;
public int ErrorCode { get; }
public override string Message
{
get { return _Message; }
}
[DllImport(DLLNAME, EntryPoint = "TPM2_GetRCString")]
private static extern IntPtr TPM2_GetRCString(int rc);
public string GetErrorString(int rc)
{
IntPtr err = TPM2_GetRCString(rc);
return Marshal.PtrToStringAnsi(err);
}
public WolfTpm2Exception() { }
public WolfTpm2Exception(string message)
: base(message) { }
public WolfTpm2Exception(string message, Exception inner)
: base(message, inner) { }
public WolfTpm2Exception(string message, int errorCode)
: this(message)
{
ErrorCode = errorCode;
_Message = message + " failure 0x" + errorCode.ToString("X8") +
" (" + GetErrorString(errorCode) + ")";
}
}
public enum Status : int
{
@ -180,19 +216,32 @@ namespace wolfTPM
{
if (keyblob != IntPtr.Zero)
{
// TODO: check return value?
/* ignore return code */
wolfTPM2_FreeKeyBlob(keyblob);
}
}
public int GetKeyBlobAsBuffer(byte[] buffer)
{
return wolfTPM2_GetKeyBlobAsBuffer(buffer, buffer.Length, keyblob);
int rc = wolfTPM2_GetKeyBlobAsBuffer(buffer, buffer.Length,
keyblob);
/* positive return code is length of buffer filled */
if (rc < 0) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyBlobAsBuffer", rc);
}
return rc;
}
public int SetKeyBlobFromBuffer(byte[] buffer)
{
return wolfTPM2_SetKeyBlobFromBuffer(keyblob, buffer, buffer.Length);
int rc = wolfTPM2_SetKeyBlobFromBuffer(keyblob,
buffer, buffer.Length);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_SetKeyBlobFromBuffer", rc);
}
return rc;
}
public IntPtr GetHandle()
@ -235,7 +284,7 @@ namespace wolfTPM
{
if (key != IntPtr.Zero)
{
// TODO: check return value
/* ignore return code */
wolfTPM2_FreeKey(key);
}
}
@ -253,9 +302,14 @@ namespace wolfTPM
public int SetKeyAuthPassword(string auth)
{
return wolfTPM2_SetKeyAuthPassword(key,
auth,
auth.Length);
int rc = wolfTPM2_SetKeyAuthPassword(key,
auth,
auth.Length);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_SetKeyAuthPassword", rc);
}
return rc;
}
}
@ -287,8 +341,13 @@ namespace wolfTPM
ulong objectAttributes);
public int GetKeyTemplate_RSA(ulong objectAttributes)
{
return wolfTPM2_GetKeyTemplate_RSA(template,
objectAttributes);
int rc = wolfTPM2_GetKeyTemplate_RSA(template,
objectAttributes);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_RSA", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_ECC")]
@ -299,8 +358,15 @@ namespace wolfTPM
public int GetKeyTemplate_ECC(ulong objectAttributes, TPM2_ECC curve,
TPM2_Alg sigScheme)
{
return wolfTPM2_GetKeyTemplate_ECC(template, objectAttributes,
(uint)curve, (uint)sigScheme);
int rc = wolfTPM2_GetKeyTemplate_ECC(template,
objectAttributes,
(uint)curve,
(uint)sigScheme);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_ECC", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_Symmetric")]
@ -312,60 +378,101 @@ namespace wolfTPM
bool isSign,
bool isDecrypt)
{
return wolfTPM2_GetKeyTemplate_Symmetric(template,
keyBits,
(uint)algMode,
isSign ? 1 : 0,
isDecrypt ? 1 : 0);
int rc = wolfTPM2_GetKeyTemplate_Symmetric(template,
keyBits,
(uint)algMode,
isSign ? 1 : 0,
isDecrypt ? 1 : 0);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_Symmetric", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_RSA_EK")]
private static extern int wolfTPM2_GetKeyTemplate_RSA_EK(IntPtr publicTemplate);
public int GetKeyTemplate_RSA_EK()
{
return wolfTPM2_GetKeyTemplate_RSA_EK(template);
int rc = wolfTPM2_GetKeyTemplate_RSA_EK(template);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_RSA_EK", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_ECC_EK")]
private static extern int wolfTPM2_GetKeyTemplate_ECC_EK(IntPtr publicTemplate);
public int GetKeyTemplate_ECC_EK()
{
return wolfTPM2_GetKeyTemplate_ECC_EK(template);
int rc = wolfTPM2_GetKeyTemplate_ECC_EK(template);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_ECC_EK", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_RSA_SRK")]
private static extern int wolfTPM2_GetKeyTemplate_RSA_SRK(IntPtr publicTemplate);
public int GetKeyTemplate_RSA_SRK()
{
return wolfTPM2_GetKeyTemplate_RSA_SRK(template);
int rc = wolfTPM2_GetKeyTemplate_RSA_SRK(template);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_RSA_SRK", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_ECC_SRK")]
private static extern int wolfTPM2_GetKeyTemplate_ECC_SRK(IntPtr publicTemplate);
public int GetKeyTemplate_ECC_SRK()
{
return wolfTPM2_GetKeyTemplate_ECC_SRK(template);
int rc = wolfTPM2_GetKeyTemplate_ECC_SRK(template);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_ECC_SRK", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_RSA_AIK")]
private static extern int wolfTPM2_GetKeyTemplate_RSA_AIK(IntPtr publicTemplate);
public int GetKeyTemplate_RSA_AIK()
{
return wolfTPM2_GetKeyTemplate_RSA_AIK(template);
int rc = wolfTPM2_GetKeyTemplate_RSA_AIK(template);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_RSA_AIK", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetKeyTemplate_ECC_AIK")]
private static extern int wolfTPM2_GetKeyTemplate_ECC_AIK(IntPtr publicTemplate);
public int GetKeyTemplate_ECC_AIK()
{
return wolfTPM2_GetKeyTemplate_ECC_AIK(template);
int rc = wolfTPM2_GetKeyTemplate_ECC_AIK(template);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_ECC_AIK", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_SetKeyTemplate_Unique")]
private static extern int wolfTPM2_SetKeyTemplate_Unique(IntPtr publicTemplate, string unique, int uniqueSz);
public int SetKeyTemplate_Unique(string unique)
{
return wolfTPM2_SetKeyTemplate_Unique(template, unique, unique.Length);
int rc = wolfTPM2_SetKeyTemplate_Unique(template,
unique, unique.Length);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetKeyTemplate_ECC_AIK", rc);
}
return rc;
}
}
@ -412,7 +519,7 @@ namespace wolfTPM
public int StartAuth(Device device, Key parentKey, TPM2_Alg algMode)
{
int ret;
int rc;
/* Algorithm modes: With parameter encryption use CFB or XOR.
* For HMAC only (no parameter encryption) use NULL. */
@ -424,29 +531,28 @@ namespace wolfTPM
/* Start an authenticated session (salted / unbound) with
* parameter encryption */
ret = device.StartSession(this, parentKey, IntPtr.Zero,
rc = device.StartSession(this, parentKey, IntPtr.Zero,
(byte)SE.HMAC, (int)algMode);
if (ret == (int)Status.TPM_RC_SUCCESS) {
if (rc == (int)Status.TPM_RC_SUCCESS) {
/* Set session for authorization of the primary key */
ret = device.SetAuthSession(this, this.sessionIdx,
rc = device.SetAuthSession(this, this.sessionIdx,
(byte)(SESSION_mask.decrypt | SESSION_mask.encrypt |
SESSION_mask.continueSession));
}
return ret;
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception("StartAuth", rc);
}
return rc;
}
public int StopAuth(Device device)
{
int ret;
/* Clear the auth index, since the auth session is ending */
device.ClearAuthSession(this, this.sessionIdx);
/* Unload session */
ret = device.UnloadHandle(this);
return ret;
return device.UnloadHandle(this);
}
}
@ -485,8 +591,14 @@ namespace wolfTPM
public int SetCustomExtension(string oid, string der, int critical)
{
byte[] derBuf = Encoding.ASCII.GetBytes(der);
return wolfTPM2_CSR_SetCustomExt(IntPtr.Zero, csr, critical,
oid, derBuf, (uint)der.Length);
int rc = wolfTPM2_CSR_SetCustomExt(IntPtr.Zero, csr, critical,
oid, derBuf, (uint)der.Length);
if (rc != (int)Status.TPM_RC_SUCCESS &&
rc != (int)Status.NOT_COMPILED_IN) {
throw new WolfTpm2Exception(
"wolfTPM2_CSR_SetCustomExt", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CSR_SetKeyUsage")]
@ -495,7 +607,12 @@ namespace wolfTPM
string keyUsage);
public int SetKeyUsage(string keyUsage)
{
return wolfTPM2_CSR_SetKeyUsage(IntPtr.Zero, csr, keyUsage);
int rc = wolfTPM2_CSR_SetKeyUsage(IntPtr.Zero, csr, keyUsage);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_CSR_SetKeyUsage", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CSR_SetSubject")]
@ -504,7 +621,12 @@ namespace wolfTPM
string subject);
public int SetSubject(string subject)
{
return wolfTPM2_CSR_SetSubject(IntPtr.Zero, csr, subject);
int rc = wolfTPM2_CSR_SetSubject(IntPtr.Zero, csr, subject);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_CSR_SetSubject", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CSR_MakeAndSign")]
@ -519,8 +641,14 @@ namespace wolfTPM
X509_Format outputFormat,
byte[] output)
{
return wolfTPM2_CSR_MakeAndSign(device.Ref, csr,
int rc = wolfTPM2_CSR_MakeAndSign(device.Ref, csr,
keyBlob.keyblob, (int)outputFormat, output, output.Length);
/* positive return code is length of resulting output */
if (rc < 0) {
throw new WolfTpm2Exception(
"wolfTPM2_CSR_MakeAndSign", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CSR_MakeAndSign_ex")]
@ -540,9 +668,14 @@ namespace wolfTPM
int sigType,
int selfSign)
{
return wolfTPM2_CSR_MakeAndSign_ex(device.Ref, csr,
int rc = wolfTPM2_CSR_MakeAndSign_ex(device.Ref, csr,
keyBlob.keyblob, (int)outputFormat, output, output.Length,
sigType, selfSign, Device.INVALID_DEVID);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_CSR_MakeAndSign_ex", rc);
}
return rc;
}
}
@ -597,7 +730,12 @@ namespace wolfTPM
private static extern int wolfTPM2_SelfTest(IntPtr dev);
public int SelfTest()
{
return wolfTPM2_SelfTest(device);
int rc = wolfTPM2_SelfTest(device);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_SelfTest", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_GetRandom")]
@ -606,7 +744,12 @@ namespace wolfTPM
int len);
public int GetRandom(byte[] buf)
{
return wolfTPM2_GetRandom(device, buf, buf.Length);
int rc = wolfTPM2_GetRandom(device, buf, buf.Length);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_GetRandom", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CreateSRK")]
@ -619,11 +762,16 @@ namespace wolfTPM
int alg,
string auth)
{
return wolfTPM2_CreateSRK(device,
srkKey.key,
alg,
auth,
auth.Length);
int rc = wolfTPM2_CreateSRK(device,
srkKey.key,
alg,
auth,
auth.Length);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_CreateSRK", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_StartSession")]
@ -639,12 +787,17 @@ namespace wolfTPM
byte sesType,
int encDecAlg)
{
return wolfTPM2_StartSession(device,
tpmSession.session,
tmpKey.key,
bind,
sesType,
encDecAlg);
int rc = wolfTPM2_StartSession(device,
tpmSession.session,
tmpKey.key,
bind,
sesType,
encDecAlg);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_StartSession", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_SetAuthSession")]
@ -659,19 +812,29 @@ namespace wolfTPM
/* For sessionAttributes suggest using:
* (byte)(SESSION_mask.decrypt | SESSION_mask.encrypt | SESSION_mask.continueSession)
*/
return wolfTPM2_SetAuthSession(device,
index,
tpmSession.session,
sessionAttributes);
int rc = wolfTPM2_SetAuthSession(device,
index,
tpmSession.session,
sessionAttributes);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_SetAuthSession", rc);
}
return rc;
}
public int ClearAuthSession(Session tpmSession,
int index)
{
return wolfTPM2_SetAuthSession(device,
index,
IntPtr.Zero,
0);
int rc = wolfTPM2_SetAuthSession(device,
index,
IntPtr.Zero,
0);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_SetAuthSession clear", rc);
}
return rc;
}
@ -682,9 +845,14 @@ namespace wolfTPM
public int ReadPublicKey(Key key,
ulong handle)
{
return wolfTPM2_ReadPublicKey(device,
key.key,
handle);
int rc = wolfTPM2_ReadPublicKey(device,
key.key,
handle);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_ReadPublicKey", rc);
}
return rc;
}
@ -701,12 +869,17 @@ namespace wolfTPM
Template publicTemplate,
string auth)
{
return wolfTPM2_CreateKey(device,
keyBlob.keyblob,
parent.GetHandle(),
publicTemplate.template,
auth,
auth.Length);
int rc = wolfTPM2_CreateKey(device,
keyBlob.keyblob,
parent.GetHandle(),
publicTemplate.template,
auth,
auth.Length);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_CreateKey", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_LoadKey")]
@ -717,7 +890,13 @@ namespace wolfTPM
public int LoadKey(KeyBlob keyBlob,
Key parent)
{
return wolfTPM2_LoadKey(device, keyBlob.keyblob, parent.GetHandle());
int rc = wolfTPM2_LoadKey(device, keyBlob.keyblob,
parent.GetHandle());
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_LoadKey", rc);
}
return rc;
}
@ -726,8 +905,13 @@ namespace wolfTPM
IntPtr primaryHandle, IntPtr key, IntPtr persistentHandle);
public int StoreKey(Key key, IntPtr primaryHandle, IntPtr persistentHandle)
{
return wolfTPM2_NVStoreKey(device, primaryHandle, key.GetHandle(),
persistentHandle);
int rc = wolfTPM2_NVStoreKey(device, primaryHandle, key.GetHandle(),
persistentHandle);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_NVStoreKey", rc);
}
return rc;
}
@ -753,16 +937,21 @@ namespace wolfTPM
uint scheme,
uint hashAlg)
{
return wolfTPM2_ImportRsaPrivateKey(device,
parentKey.key,
keyBlob.keyblob,
rsaPub,
rsaPub.Length,
exponent,
rsaPriv,
rsaPriv.Length,
scheme,
hashAlg);
int rc = wolfTPM2_ImportRsaPrivateKey(device,
parentKey.key,
keyBlob.keyblob,
rsaPub,
rsaPub.Length,
exponent,
rsaPriv,
rsaPriv.Length,
scheme,
hashAlg);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_ImportRsaPrivateKey", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_LoadRsaPublicKey")]
@ -776,11 +965,16 @@ namespace wolfTPM
byte[] rsaPub,
int exponent)
{
return wolfTPM2_LoadRsaPublicKey(device,
key.key,
rsaPub,
rsaPub.Length,
exponent);
int rc = wolfTPM2_LoadRsaPublicKey(device,
key.key,
rsaPub,
rsaPub.Length,
exponent);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_LoadRsaPublicKey", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_LoadRsaPrivateKey")]
@ -800,7 +994,7 @@ namespace wolfTPM
int exponent,
byte[] rsaPriv)
{
return wolfTPM2_LoadRsaPrivateKey(
int rc = wolfTPM2_LoadRsaPrivateKey(
device,
parentKey.key,
key.key,
@ -809,6 +1003,11 @@ namespace wolfTPM
exponent,
rsaPriv,
rsaPriv.Length);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_LoadRsaPrivateKey", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CreatePrimaryKey")]
@ -825,13 +1024,57 @@ namespace wolfTPM
Template publicTemplate,
string auth)
{
return wolfTPM2_CreatePrimaryKey(
int rc = wolfTPM2_CreatePrimaryKey(
device,
key.key,
(ulong)primaryHandle,
publicTemplate.template,
auth,
!string.IsNullOrEmpty(auth) ? auth.Length : 0);
if (rc != (int)Status.TPM_RC_SUCCESS) {
throw new WolfTpm2Exception(
"wolfTPM2_CreatePrimaryKey", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CSR_Generate_ex")]
private static extern int wolfTPM2_CSR_Generate_ex(
IntPtr dev,
IntPtr key,
string subject,
string keyUsage,
int outFormat,
byte[] output,
int outputSz,
int sigType,
int selfSignCert,
int devId);
public int GenerateCSR(
KeyBlob keyBlob,
string subject,
string keyUsage,
X509_Format outputFormat,
byte[] output,
int sigType,
int selfSignCert)
{
int rc = wolfTPM2_CSR_Generate_ex(
device,
keyBlob.keyblob,
subject,
keyUsage,
(int)outputFormat,
output, output.Length,
sigType,
selfSignCert,
Device.INVALID_DEVID);
/* positive return code is length of resulting output */
if (rc < 0) {
throw new WolfTpm2Exception(
"wolfTPM2_CSR_Generate_ex", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_CSR_Generate")]
@ -842,28 +1085,27 @@ namespace wolfTPM
string keyUsage,
int outFormat,
byte[] output,
int outputSz,
int sigType,
int devId,
int selfSign);
int outputSz);
public int GenerateCSR(
KeyBlob keyBlob,
string subject,
string keyUsage,
X509_Format outputFormat,
byte[] output,
int sigType)
byte[] output)
{
return wolfTPM2_CSR_Generate(
int rc = wolfTPM2_CSR_Generate(
device,
keyBlob.keyblob,
subject,
keyUsage,
(int)outputFormat,
output, output.Length,
sigType,
Device.INVALID_DEVID,
0);
output, output.Length);
/* positive return code is length of resulting output */
if (rc < 0) {
throw new WolfTpm2Exception(
"wolfTPM2_CSR_Generate", rc);
}
return rc;
}
[DllImport(DLLNAME, EntryPoint = "wolfTPM2_UnloadHandle")]
@ -888,5 +1130,18 @@ namespace wolfTPM
return wolfTPM2_GetHandleValue(handle);
}
[DllImport(DLLNAME, EntryPoint = "TPM2_GetRCString")]
private static extern IntPtr TPM2_GetRCString(int rc);
public string GetErrorString(int rc)
{
IntPtr err = TPM2_GetRCString(rc);
return Marshal.PtrToStringAnsi(err);
}
public string GetErrorString(Status rc)
{
return GetErrorString((int)rc);
}
}
}