WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Cleanup of the examples to use the key templates. The PKCS7 example was failing because of a key mismatch between the TPM private key and the public key used in the certificate setup using the CSR and ./certs/certreq/sh`.

pull/136/head
David Garske 2020-12-16 16:26:48 -08:00
parent 48a3364c06
commit c0fa6423d5
10 changed files with 195 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
examples/csr/csr.c
View File

@ -156,6 +156,7 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
#endif #endif
TpmCryptoDevCtx tpmCtx; TpmCryptoDevCtx tpmCtx;
int tpmDevId; int tpmDevId;
TPMT_PUBLIC publicTemplate;
printf("TPM2 CSR Example\n"); printf("TPM2 CSR Example\n");
@ -169,10 +170,12 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
/* Setup the wolf crypto device callback */ /* Setup the wolf crypto device callback */
XMEMSET(&tpmCtx, 0, sizeof(tpmCtx)); XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
#ifndef NO_RSA #ifndef NO_RSA
XMEMSET(&rsaKey, 0, sizeof(rsaKey));
XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey)); XMEMSET(&wolfRsaKey, 0, sizeof(wolfRsaKey));
tpmCtx.rsaKey = &rsaKey; tpmCtx.rsaKey = &rsaKey;
#endif #endif
#ifdef HAVE_ECC #ifdef HAVE_ECC
XMEMSET(&eccKey, 0, sizeof(eccKey));
XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey)); XMEMSET(&wolfEccKey, 0, sizeof(wolfEccKey));
tpmCtx.eccKey = &eccKey; tpmCtx.eccKey = &eccKey;
#endif #endif
@ -184,12 +187,18 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
if (rc != 0) goto exit; if (rc != 0) goto exit;
#ifndef NO_RSA #ifndef NO_RSA
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = getRSAkey(&dev, rc = getRSAkey(&dev,
&storageKey, &storageKey,
&rsaKey, &rsaKey,
&wolfRsaKey, &wolfRsaKey,
tpmDevId, tpmDevId,
(byte*)gKeyAuth, sizeof(gKeyAuth)-1); (byte*)gKeyAuth, sizeof(gKeyAuth)-1,
&publicTemplate);
if (rc != 0) goto exit; if (rc != 0) goto exit;
rc = TPM2_CSR_Generate(&dev, RSA_TYPE, &wolfRsaKey, gClientCertRsaFile); rc = TPM2_CSR_Generate(&dev, RSA_TYPE, &wolfRsaKey, gClientCertRsaFile);
@ -198,12 +207,18 @@ int TPM2_CSR_ExampleArgs(void* userCtx, int argc, char *argv[])
#ifdef HAVE_ECC #ifdef HAVE_ECC
rc = getECCkey(&dev, rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
&storageKey, TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
&eccKey, TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
&wolfEccKey, TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
tpmDevId, if (rc != 0) goto exit;
(byte*)gKeyAuth, sizeof(gKeyAuth)-1); rc = getECCkey(&dev,
&storageKey,
&eccKey,
&wolfEccKey,
tpmDevId,
(byte*)gKeyAuth, sizeof(gKeyAuth)-1,
&publicTemplate);
if (rc != 0) goto exit; if (rc != 0) goto exit;
rc = TPM2_CSR_Generate(&dev, ECC_TYPE, &wolfEccKey, gClientCertEccFile); rc = TPM2_CSR_Generate(&dev, ECC_TYPE, &wolfEccKey, gClientCertEccFile);

13
examples/keygen/keygen.c
View File

@ -56,10 +56,6 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
WOLFTPM2_SESSION tpmSession; WOLFTPM2_SESSION tpmSession;
TPM2B_AUTH auth; TPM2B_AUTH auth;
int bAIK = 1; int bAIK = 1;
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
XFILE f;
size_t fileSz = 0;
#endif
const char* outputFile = "keyblob.bin"; const char* outputFile = "keyblob.bin";
if (argc >= 2) { if (argc >= 2) {
@ -178,14 +174,7 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
/* Save key as encrypted blob to the disk */ /* Save key as encrypted blob to the disk */
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM) #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
f = XFOPEN(outputFile, "wb"); rc = writeKeyBlob(outputFile, &newKey);
if (f != XBADFILE) {
newKey.pub.size = sizeof(newKey.pub);
fileSz += XFWRITE(&newKey.pub, 1, sizeof(newKey.pub), f);
fileSz += XFWRITE(&newKey.priv, 1, sizeof(UINT16) + newKey.priv.size, f);
XFCLOSE(f);
}
printf("Wrote %d bytes to %s\n", (int)fileSz, outputFile);
#else #else
printf("Key Public Blob %d\n", newKey.pub.size); printf("Key Public Blob %d\n", newKey.pub.size);
TPM2_PrintBin((const byte*)&newKey.pub.publicArea, newKey.pub.size); TPM2_PrintBin((const byte*)&newKey.pub.publicArea, newKey.pub.size);

13
examples/keygen/keyimport.c
View File

@ -54,10 +54,6 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */ TPMI_ALG_PUBLIC alg = TPM_ALG_RSA; /* TPM_ALG_ECC */
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL; TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
WOLFTPM2_SESSION tpmSession; WOLFTPM2_SESSION tpmSession;
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
XFILE f;
size_t fileSz = 0;
#endif
const char* outputFile = "keyblob.bin"; const char* outputFile = "keyblob.bin";
if (argc >= 2) { if (argc >= 2) {
@ -144,14 +140,7 @@ int TPM2_Keyimport_Example(void* userCtx, int argc, char *argv[])
/* Save key as encrypted blob to the disk */ /* Save key as encrypted blob to the disk */
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM) #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
f = XFOPEN(outputFile, "wb"); rc = writeKeyBlob(outputFile, &impKey);
if (f != XBADFILE) {
impKey.pub.size = sizeof(impKey.pub);
fileSz += XFWRITE(&impKey.pub, 1, sizeof(impKey.pub), f);
fileSz += XFWRITE(&impKey.priv, 1, sizeof(UINT16) + impKey.priv.size, f);
XFCLOSE(f);
}
printf("Wrote %d bytes to %s\n", (int)fileSz, outputFile);
#else #else
printf("Key Public Blob %d\n", impKey.pub.size); printf("Key Public Blob %d\n", impKey.pub.size);
TPM2_PrintBin((const byte*)&impKey.pub.publicArea, impKey.pub.size); TPM2_PrintBin((const byte*)&impKey.pub.publicArea, impKey.pub.size);

49
examples/keygen/keyload.c
View File

@ -59,9 +59,6 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
WOLFTPM2_KEYBLOB newKey; WOLFTPM2_KEYBLOB newKey;
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL; TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
WOLFTPM2_SESSION tpmSession; WOLFTPM2_SESSION tpmSession;
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
XFILE f;
#endif
const char* inputFile = "keyblob.bin"; const char* inputFile = "keyblob.bin";
if (argc >= 2) { if (argc >= 2) {
@ -119,50 +116,8 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
/* Load encrypted key from the disk */ /* Load encrypted key from the disk */
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM) #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
f = XFOPEN(inputFile, "rb"); rc = readKeyBlob(inputFile, &newKey);
if (f != XBADFILE) { if (rc != 0) goto exit;
size_t fileSz;
size_t bytes_read;
XFSEEK(f, 0, XSEEK_END);
fileSz = XFTELL(f);
XREWIND(f);
if (fileSz > sizeof(newKey.priv) + sizeof(newKey.pub)) {
printf("File size check failed\n");
rc = BUFFER_E; goto exit;
}
printf("Reading %d bytes from %s\n", (int)fileSz, inputFile);
bytes_read = XFREAD(&newKey.pub, 1, sizeof(newKey.pub), f);
if (bytes_read != sizeof(newKey.pub)) {
printf("Read %zu, expected public blob %zu bytes\n", bytes_read, sizeof(newKey.pub));
rc = BUFFER_E;
XFCLOSE(f);
goto exit;
}
if (fileSz > sizeof(newKey.pub)) {
fileSz -= sizeof(newKey.pub);
bytes_read = XFREAD(&newKey.priv, 1, fileSz, f);
if (bytes_read != fileSz) {
rc = BUFFER_E;
XFCLOSE(f);
goto exit;
}
}
XFCLOSE(f);
/* sanity check the sizes */
if (newKey.pub.size != sizeof(newKey.pub) || newKey.priv.size > sizeof(newKey.priv.buffer)) {
printf("Struct size check failed (pub %d, priv %d)\n", newKey.pub.size, newKey.priv.size);
rc = BUFFER_E; goto exit;
}
}
else {
rc = BUFFER_E;
printf("File %s not found!\n", inputFile);
goto exit;
}
#else #else
/* TODO: Option to load hex blob */ /* TODO: Option to load hex blob */
printf("Loading blob from disk not supported\n"); printf("Loading blob from disk not supported\n");

31
examples/pkcs7/pkcs7.c
View File

@ -335,26 +335,19 @@ int TPM2_PKCS7_ExampleArgs(void* userCtx, int argc, char *argv[])
if (rc != 0) goto exit; if (rc != 0) goto exit;
/* Create/Load RSA key for PKCS7 signing */ /* Create/Load RSA key for PKCS7 signing */
rc = wolfTPM2_ReadPublicKey(&dev, &rsaKey, TPM2_DEMO_RSA_KEY_HANDLE); rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
if (rc != 0) { TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate, TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | if (rc != 0) goto exit;
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle,
&publicTemplate, (byte*)gKeyAuth, sizeof(gKeyAuth)-1);
if (rc != 0) goto exit;
/* Move this key into persistent storage */ rc = getRSAkey(&dev,
rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &rsaKey, &storageKey,
TPM2_DEMO_RSA_KEY_HANDLE); &rsaKey,
if (rc != 0) goto exit; NULL,
} tpmDevId,
else { (byte*)gKeyAuth, sizeof(gKeyAuth)-1,
/* specify auth password for rsa key */ &publicTemplate);
rsaKey.handle.auth.size = sizeof(gKeyAuth)-1; if (rc != 0) goto exit;
XMEMCPY(rsaKey.handle.auth.buffer, gKeyAuth, rsaKey.handle.auth.size);
}
wolfTPM2_SetAuthHandle(&dev, 0, &rsaKey.handle); wolfTPM2_SetAuthHandle(&dev, 0, &rsaKey.handle);

16
examples/tls/tls_client.c
View File

@ -123,6 +123,7 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
int useECC = 0; int useECC = 0;
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL; TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
WOLFTPM2_SESSION tpmSession; WOLFTPM2_SESSION tpmSession;
TPMT_PUBLIC publicTemplate;
/* initialize variables */ /* initialize variables */
XMEMSET(&storageKey, 0, sizeof(storageKey)); XMEMSET(&storageKey, 0, sizeof(storageKey));
@ -206,12 +207,17 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
#ifndef NO_RSA #ifndef NO_RSA
if (!useECC) { if (!useECC) {
/* Create/Load RSA key for TLS authentication */ /* Create/Load RSA key for TLS authentication */
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = getRSAkey(&dev, rc = getRSAkey(&dev,
&storageKey, &storageKey,
&rsaKey, &rsaKey,
&wolfRsaKey, &wolfRsaKey,
tpmDevId, tpmDevId,
(byte*)gKeyAuth, sizeof(gKeyAuth)-1); (byte*)gKeyAuth, sizeof(gKeyAuth)-1,
&publicTemplate);
if (rc != 0) goto exit; if (rc != 0) goto exit;
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@ -219,12 +225,18 @@ int TPM2_TLS_ClientArgs(void* userCtx, int argc, char *argv[])
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (useECC) { if (useECC) {
/* Create/Load ECC key for TLS authentication */ /* Create/Load ECC key for TLS authentication */
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
if (rc != 0) goto exit;
rc = getECCkey(&dev, rc = getECCkey(&dev,
&storageKey, &storageKey,
&eccKey, &eccKey,
&wolfEccKey, &wolfEccKey,
tpmDevId, tpmDevId,
(byte*)gKeyAuth, sizeof(gKeyAuth)-1); (byte*)gKeyAuth, sizeof(gKeyAuth)-1,
&publicTemplate);
if (rc != 0) goto exit; if (rc != 0) goto exit;
} }

16
examples/tls/tls_server.c
View File

@ -130,6 +130,7 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
int useECC = 0; int useECC = 0;
TPM_ALG_ID paramEncAlg = TPM_ALG_NULL; TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
WOLFTPM2_SESSION tpmSession; WOLFTPM2_SESSION tpmSession;
TPMT_PUBLIC publicTemplate;
/* initialize variables */ /* initialize variables */
XMEMSET(&storageKey, 0, sizeof(storageKey)); XMEMSET(&storageKey, 0, sizeof(storageKey));
@ -218,12 +219,17 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
#ifndef NO_RSA #ifndef NO_RSA
if (!useECC) { if (!useECC) {
/* Create/Load RSA key for TLS authentication */ /* Create/Load RSA key for TLS authentication */
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = getRSAkey(&dev, rc = getRSAkey(&dev,
&storageKey, &storageKey,
&rsaKey, &rsaKey,
&wolfRsaKey, &wolfRsaKey,
tpmDevId, tpmDevId,
(byte*)gKeyAuth, sizeof(gKeyAuth)-1); (byte*)gKeyAuth, sizeof(gKeyAuth)-1,
&publicTemplate);
if (rc != 0) goto exit; if (rc != 0) goto exit;
} }
#endif /* !NO_RSA */ #endif /* !NO_RSA */
@ -231,12 +237,18 @@ int TPM2_TLS_ServerArgs(void* userCtx, int argc, char *argv[])
#ifdef HAVE_ECC #ifdef HAVE_ECC
if (useECC) { if (useECC) {
/* Create/Load ECC key for TLS authentication */ /* Create/Load ECC key for TLS authentication */
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
if (rc != 0) goto exit;
rc = getECCkey(&dev, rc = getECCkey(&dev,
&storageKey, &storageKey,
&eccKey, &eccKey,
&wolfEccKey, &wolfEccKey,
tpmDevId, tpmDevId,
(byte*)gKeyAuth, sizeof(gKeyAuth)-1); (byte*)gKeyAuth, sizeof(gKeyAuth)-1,
&publicTemplate);
if (rc != 0) goto exit; if (rc != 0) goto exit;
} }

149
examples/tpm_test_keys.c
View File

@ -35,8 +35,7 @@
#ifndef WOLFTPM2_NO_WRAPPER #ifndef WOLFTPM2_NO_WRAPPER
#if 0 int writeKeyBlob(const char* filename,
static int writeKeyBlob(const char* filename,
WOLFTPM2_KEYBLOB* key) WOLFTPM2_KEYBLOB* key)
{ {
int rc = 0; int rc = 0;
@ -58,9 +57,8 @@ static int writeKeyBlob(const char* filename,
#endif /* !NO_FILESYSTEM && !NO_WRITE_TEMP_FILES */ #endif /* !NO_FILESYSTEM && !NO_WRITE_TEMP_FILES */
return rc; return rc;
} }
#endif
static int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key) int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
{ {
int rc = 0; int rc = 0;
#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
@ -93,6 +91,7 @@ static int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key)
printf("Read %zu, expected private blob %zu bytes\n", bytes_read, fileSz); printf("Read %zu, expected private blob %zu bytes\n", bytes_read, fileSz);
goto exit; goto exit;
} }
rc = 0; /* success */
} }
/* sanity check the sizes */ /* sanity check the sizes */
@ -120,7 +119,65 @@ exit:
return rc; return rc;
} }
static int readAndLoadKey(WOLFTPM2_DEV* pDev, int createAndLoadKey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* key,
WOLFTPM2_HANDLE* parent,
const char* filename,
const byte* auth,
int authSz,
TPMT_PUBLIC* publicTemplate)
{
int rc;
WOLFTPM2_KEYBLOB keyblob;
rc = readAndLoadKey(pDev, key, parent, filename, auth, authSz);
if (rc == 0) {
return rc;
}
/* read failed, so let's create a new key */
/* if a public template was not provided we cannot create */
if (publicTemplate == NULL) {
return BUFFER_E;
}
XMEMSET(&keyblob, 0, sizeof(keyblob));
rc = wolfTPM2_CreateKey(pDev, &keyblob, parent,
publicTemplate, auth, authSz);
if (rc != TPM_RC_SUCCESS) {
printf("wolfTPM2_CreateKey failed\n");
return rc;
}
printf("Created new key (pub %d, priv %d bytes)\n",
keyblob.pub.size, keyblob.priv.size);
/* Save key as encrypted blob to the disk */
#if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_FILESYSTEM)
rc = writeKeyBlob(filename, &keyblob);
if (rc != 0) {
return rc;
}
#endif
/* Load Key */
rc = wolfTPM2_LoadKey(pDev, &keyblob, parent);
if (rc != TPM_RC_SUCCESS) {
printf("wolfTPM2_LoadKey failed\n");
return rc;
}
printf("Loaded key to 0x%x\n",
(word32)keyblob.handle.hndl);
key->handle = keyblob.handle;
key->pub = keyblob.pub;
key->handle.auth.size = authSz;
XMEMCPY(key->handle.auth.buffer, auth, authSz);
return rc;
}
int readAndLoadKey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* key, WOLFTPM2_KEY* key,
WOLFTPM2_HANDLE* parent, WOLFTPM2_HANDLE* parent,
const char* filename, const char* filename,
@ -134,7 +191,11 @@ static int readAndLoadKey(WOLFTPM2_DEV* pDev,
XMEMSET(key, 0, sizeof(WOLFTPM2_KEY)); XMEMSET(key, 0, sizeof(WOLFTPM2_KEY));
rc = readKeyBlob(filename, &keyblob); rc = readKeyBlob(filename, &keyblob);
if (rc != 0) return rc; if (rc != 0) {
/* if does not exist - create */
return rc;
}
rc = wolfTPM2_LoadKey(pDev, &keyblob, parent); rc = wolfTPM2_LoadKey(pDev, &keyblob, parent);
if (rc != TPM_RC_SUCCESS) { if (rc != TPM_RC_SUCCESS) {
@ -188,79 +249,71 @@ int getPrimaryStoragekey(WOLFTPM2_DEV* pDev,
return rc; return rc;
} }
#ifndef NO_RSA
#ifdef WOLFTPM2_NO_WOLFCRYPT
int getRSAkey(WOLFTPM2_DEV* pDev, int getRSAkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey, WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key, WOLFTPM2_KEY* key,
const byte* auth, int authSz) void* pWolfRsaKey,
#else
int getRSAkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key,
RsaKey* pWolfRsaKey,
int tpmDevId, int tpmDevId,
const byte* auth, int authSz) const byte* auth, int authSz,
#endif /* WOLFTPM2_NO_WOLFCRYPT */ TPMT_PUBLIC* publicTemplate)
{ {
int rc = 0; int rc = 0;
rc = readAndLoadKey(pDev, key, &pStorageKey->handle, /* Create/Load RSA key */
rc = createAndLoadKey(pDev, key, &pStorageKey->handle,
RSA_FILENAME, RSA_FILENAME,
auth, authSz); auth, authSz, publicTemplate);
if (rc != 0) { if (rc != 0) {
return rc; return rc;
} }
#if !defined(WOLFTPM2_NO_WOLFCRYPT) #if !defined(WOLFTPM2_NO_WOLFCRYPT) && !defined(NO_RSA)
/* setup wolf RSA key with TPM deviceID, so crypto callbacks are used */ if (pWolfRsaKey) {
rc = wc_InitRsaKey_ex(pWolfRsaKey, NULL, tpmDevId); /* setup wolf RSA key with TPM deviceID, so crypto callbacks are used */
if (rc != 0) return rc; rc = wc_InitRsaKey_ex(pWolfRsaKey, NULL, tpmDevId);
if (rc != 0) return rc;
/* load public portion of key into wolf RSA Key */ /* load public portion of key into wolf RSA Key */
rc = wolfTPM2_RsaKey_TpmToWolf(pDev, key, pWolfRsaKey); rc = wolfTPM2_RsaKey_TpmToWolf(pDev, key, (RsaKey*)pWolfRsaKey);
#endif /* !defined(WOLFTPM2_NO_WOLFCRYPT) */ }
#else
(void)pWolfRsaKey;
#endif /* !WOLFTPM2_NO_WOLFCRYPT && !NO_RSA */
return rc; return rc;
} }
#endif /* !NO_RSA */
#ifdef HAVE_ECC
#ifdef WOLFTPM2_NO_WOLFCRYPT
int getECCkey(WOLFTPM2_DEV* pDev, int getECCkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey, WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key, WOLFTPM2_KEY* key,
const byte* auth, int authSz) void* pWolfEccKey,
#else
int getECCkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key,
ecc_key* pWolfEccKey,
int tpmDevId, int tpmDevId,
const byte* auth, int authSz) const byte* auth, int authSz,
#endif TPMT_PUBLIC* publicTemplate)
{ {
int rc = 0; int rc = 0;
/* Create/Load ECC key */ /* Create/Load ECC key */
rc = readAndLoadKey(pDev, key, &pStorageKey->handle, rc = createAndLoadKey(pDev, key, &pStorageKey->handle,
ECC_FILENAME, ECC_FILENAME,
auth, authSz); auth, authSz, publicTemplate);
if (rc != 0) { if (rc != 0) {
return rc; return rc;
} }
#if !defined(WOLFTPM2_NO_WOLFCRYPT) #if !defined(WOLFTPM2_NO_WOLFCRYPT) && defined(HAVE_ECC)
/* setup wolf ECC key with TPM deviceID, so crypto callbacks are used */ if (pWolfEccKey) {
rc = wc_ecc_init_ex(pWolfEccKey, NULL, tpmDevId); /* setup wolf ECC key with TPM deviceID, so crypto callbacks are used */
if (rc != 0) return rc; rc = wc_ecc_init_ex(pWolfEccKey, NULL, tpmDevId);
if (rc != 0) return rc;
/* load public portion of key into wolf ECC Key */ /* load public portion of key into wolf ECC Key */
rc = wolfTPM2_EccKey_TpmToWolf(pDev, key, pWolfEccKey); rc = wolfTPM2_EccKey_TpmToWolf(pDev, key, (ecc_key*)pWolfEccKey);
#endif /* !defined(WOLFTPM2_NO_WOLFCRYPT) */ }
#else
(void)pWolfEccKey;
#endif /* !WOLFTPM2_NO_WRAPPER && HAVE_ECC */
return rc; return rc;
} }
#endif /* HAVE_ECC */
#endif /* !WOLFTPM2_NO_WRAPPER */ #endif /* !WOLFTPM2_NO_WRAPPER */

49
examples/tpm_test_keys.h
View File

@ -26,41 +26,46 @@
#include <wolftpm/tpm2.h> #include <wolftpm/tpm2.h>
#include <wolftpm/tpm2_wrap.h> #include <wolftpm/tpm2_wrap.h>
WOLFTPM_LOCAL int readKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key);
WOLFTPM_LOCAL int writeKeyBlob(const char* filename, WOLFTPM2_KEYBLOB* key);
WOLFTPM_LOCAL int readAndLoadKey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* key,
WOLFTPM2_HANDLE* parent,
const char* filename,
const byte* auth,
int authSz);
WOLFTPM_LOCAL int createAndLoadKey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* key,
WOLFTPM2_HANDLE* parent,
const char* filename,
const byte* auth,
int authSz,
TPMT_PUBLIC* publicTemplate);
WOLFTPM_LOCAL int getPrimaryStoragekey(WOLFTPM2_DEV* pDev, WOLFTPM_LOCAL int getPrimaryStoragekey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey, WOLFTPM2_KEY* pStorageKey,
TPM_ALG_ID alg); TPM_ALG_ID alg);
#ifndef NO_RSA
#ifdef WOLFTPM2_NO_WOLFCRYPT
WOLFTPM_LOCAL int getRSAkey(WOLFTPM2_DEV* pDev, WOLFTPM_LOCAL int getRSAkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey, WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key, WOLFTPM2_KEY* key,
const byte* auth, int authSz); void* pWolfRsaKey,
#else
WOLFTPM_LOCAL int getRSAkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key,
RsaKey* pWolfRsaKey,
int tpmDevId, int tpmDevId,
const byte* auth, int authSz); const byte* auth, int authSz,
#endif /* WOLFTPM2_NO_WOLFCRYPT */ TPMT_PUBLIC* publicTemplate);
#endif
#ifdef HAVE_ECC
#ifdef WOLFTPM2_NO_WOLFCRYPT
WOLFTPM_LOCAL int getECCkey(WOLFTPM2_DEV* pDev, WOLFTPM_LOCAL int getECCkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey, WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key, WOLFTPM2_KEY* key,
const byte* auth, int authSz); void* pWolfEccKey,
#else
WOLFTPM_LOCAL int getECCkey(WOLFTPM2_DEV* pDev,
WOLFTPM2_KEY* pStorageKey,
WOLFTPM2_KEY* key,
ecc_key* pWolfEccKey,
int tpmDevId, int tpmDevId,
const byte* auth, int authSz); const byte* auth, int authSz,
#endif TPMT_PUBLIC* publicTemplate);
#endif
#endif /* !WOLFTPM2_NO_WRAPPER */ #endif /* !WOLFTPM2_NO_WRAPPER */
#endif /* _TPM_TEST_KEYS_H_ */ #endif /* _TPM_TEST_KEYS_H_ */

1
src/tpm2_packet.c
View File

@ -410,6 +410,7 @@ void TPM2_Packet_AppendSymmetric(TPM2_Packet* packet, TPMT_SYM_DEF* symmetric)
} }
void TPM2_Packet_ParseSymmetric(TPM2_Packet* packet, TPMT_SYM_DEF* symmetric) void TPM2_Packet_ParseSymmetric(TPM2_Packet* packet, TPMT_SYM_DEF* symmetric)
{ {
XMEMSET(symmetric, 0, sizeof(TPMT_SYM_DEF));
TPM2_Packet_ParseU16(packet, &symmetric->algorithm); TPM2_Packet_ParseU16(packet, &symmetric->algorithm);
switch (symmetric->algorithm) { switch (symmetric->algorithm) {
case TPM_ALG_XOR: case TPM_ALG_XOR: