WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Added build option to disable wolfCrypt dependency using `./configure --disable-wolfcrypt` or `#define WOLFTPM2_NO_WOLFCRYPT`. Moved types and configuration/port specific items into new `tpm2_types.h`. Removed execute bit on serveral files.

pull/24/head
David Garske 2018-08-12 15:25:35 -07:00
parent 5ad85065f2
commit d8174d4ef7
16 changed files with 427 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
configure.ac
View File

@ -94,9 +94,6 @@ else
fi
TAO_REQUIRE_LIBWOLFSSL
# Examples
AC_ARG_ENABLE([examples],
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
@ -122,6 +119,24 @@ fi
AM_CONDITIONAL([BUILD_WRAPPER], [test "x$ENABLED_WRAPPER" = "xyes"])
# wolfCrypt
AC_ARG_ENABLE([wolfcrypt],
[AS_HELP_STRING([--enable-wolfcrypt],[Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter encryption (default: enabled)])],
[ ENABLED_WOLFCRYPT=$enableval ],
[ ENABLED_WOLFCRYPT=yes ]
)
if test "x$ENABLED_WOLFCRYPT" = "xyes"
then
TAO_REQUIRE_LIBWOLFSSL
else
AM_CFLAGS="$AM_CFLAGS -DWOLFTPM2_NO_WOLFCRYPT"
fi
AM_CONDITIONAL([HAVE_LIBWOLFSSL], [test "x$ENABLED_WOLFCRYPT" = "xyes"])
# HARDEN FLAGS
AX_HARDEN_CC_COMPILER_FLAGS

4
examples/csr/csr.c
View File

@ -24,7 +24,7 @@
#include <wolftpm/tpm2_wrap.h>
#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLFSSL_CERT_REQ) && \
defined(WOLF_CRYPTO_DEV)
defined(WOLF_CRYPTO_DEV) && !defined(WOLFTPM2_NO_WOLFCRYPT)
#include <examples/tpm_io.h>
#include <examples/csr/csr.h>
@ -288,7 +288,7 @@ int main(void)
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLFSSL_CERT_REQ) && \
defined(WOLF_CRYPTO_DEV)
defined(WOLF_CRYPTO_DEV) && !defined(WOLFTPM2_NO_WOLFCRYPT)
rc = TPM2_CSR_Example(TPM2_IoGetUserCtx());
#else
printf("Wrapper/CertReq/CryptoDev code not compiled in\n");

11
examples/native/native_test.c
View File

@ -150,10 +150,12 @@ int TPM2_Native_Test(void* userCtx)
TPMI_RH_NV_INDEX nvIndex;
TPM2B_PUBLIC_KEY_RSA message;
#ifndef WOLFTPM2_NO_WOLFCRYPT
byte pcr[WC_SHA256_DIGEST_SIZE];
int pcr_len = WC_SHA256_DIGEST_SIZE;
byte hash[WC_SHA256_DIGEST_SIZE];
int hash_len = WC_SHA256_DIGEST_SIZE;
#endif
TpmRsaKey endorse;
TpmRsaKey storage;
@ -376,7 +378,7 @@ int TPM2_Native_Test(void* userCtx)
cmdIn.authSes.nonceCaller.size);
if (rc < 0) {
printf("wc_RNG_GenerateBlock failed 0x%x: %s\n", rc,
wc_GetErrorString(rc));
TPM2_GetRCString(rc));
goto exit;
}
rc = TPM2_StartAuthSession(&cmdIn.authSes, &cmdOut.authSes);
@ -420,10 +422,11 @@ int TPM2_Native_Test(void* userCtx)
TPM2_PrintBin(cmdOut.pcrRead.pcrValues.digests[0].buffer,
cmdOut.pcrRead.pcrValues.digests[0].size);
#ifndef WOLFTPM2_NO_WOLFCRYPT
/* Hash SHA256 PCR[0] */
rc = wc_Hash(WC_HASH_TYPE_SHA256, pcr, pcr_len, hash, hash_len);
if (rc < 0) {
printf("wc_Hash failed 0x%x: %s\n", rc, wc_GetErrorString(rc));
printf("wc_Hash failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("wc_Hash of PCR[0]: size %d\n", hash_len);
@ -443,7 +446,7 @@ int TPM2_Native_Test(void* userCtx)
//goto exit;
}
printf("TPM2_PolicyPCR: Updated\n");
#endif
/* Policy Restart (for session) */
XMEMSET(&cmdIn.policyRestart, 0, sizeof(cmdIn.policyRestart));
@ -712,7 +715,7 @@ int TPM2_Native_Test(void* userCtx)
cmdIn.objChgAuth.newAuth.size);
if (rc < 0) {
printf("wc_RNG_GenerateBlock failed 0x%x: %s\n", rc,
wc_GetErrorString(rc));
TPM2_GetRCString(rc));
goto exit;
}
rc = TPM2_ObjectChangeAuth(&cmdIn.objChgAuth, &cmdOut.objChgAuth);

6
examples/tls/tls_client.c
View File

@ -23,7 +23,8 @@
#include <wolftpm/tpm2.h>
#include <wolftpm/tpm2_wrap.h>
#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV)
#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV) && \
!defined(WOLFTPM2_NO_WOLFCRYPT)
#include <examples/tpm_io.h>
#include <examples/tls/tls_client.h>
@ -509,7 +510,8 @@ int main(void)
{
int rc = -1;
#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV)
#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV) && \
!defined(WOLFTPM2_NO_WOLFCRYPT)
rc = TPM2_TLS_Client(TPM2_IoGetUserCtx());
#else
printf("Wrapper/CryptoDev code not compiled in\n");

15
examples/wrap/wrap_test.c
View File

@ -33,6 +33,7 @@
#define TPM2_DEMO_NV_TEST_INDEX 0x01800200
#define TPM2_DEMO_NV_TEST_SIZE 1024 /* max size on Infineon SLB9670 is 1664 */
#ifndef WOLFTPM2_NO_WOLFCRYPT
/* from wolfSSL ./certs/client-keyPub.der */
static const byte kRsaPubKeyRaw[] = {
0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86,
@ -80,7 +81,7 @@ static const byte kEccPubKeyYRaw[] = {
0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
0x7F, 0xB4
};
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
/******************************************************************************/
/* --- BEGIN Wrapper API Tests -- */
@ -101,7 +102,6 @@ int TPM2_Wrapper_Test(void* userCtx)
WOLFTPM2_KEY storageKey;
WOLFTPM2_KEY rsaKey;
WOLFTPM2_KEY eccKey;
WOLFTPM2_KEY publicKey;
WOLFTPM2_BUFFER message;
WOLFTPM2_BUFFER cipher;
WOLFTPM2_BUFFER plain;
@ -111,6 +111,9 @@ int TPM2_Wrapper_Test(void* userCtx)
#ifdef WOLF_CRYPTO_DEV
TpmCryptoDevCtx tpmCtx;
#endif
#ifndef WOLFTPM2_NO_WOLFCRYPT
WOLFTPM2_KEY publicKey;
int tpmDevId = INVALID_DEVID;
#ifndef NO_RSA
word32 idx = 0;
@ -130,6 +133,7 @@ int TPM2_Wrapper_Test(void* userCtx)
XMEMSET(&wolfEccPubKey, 0, sizeof(wolfEccPubKey));
XMEMSET(&wolfEccPrivKey, 0, sizeof(wolfEccPrivKey));
#endif
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
printf("TPM2 Demo for Wrapper API's\n");
@ -241,6 +245,7 @@ int TPM2_Wrapper_Test(void* userCtx)
printf("RSA Encrypt/Decrypt OAEP Test Passed\n");
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef NO_RSA
/* Demonstrate loading wolf keys */
/* setup wolf RSA key with TPM deviceID */
@ -266,7 +271,7 @@ int TPM2_Wrapper_Test(void* userCtx)
rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
if (rc != 0) goto exit;
#endif /* NO_RSA */
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
if (rc != 0) goto exit;
@ -318,6 +323,7 @@ int TPM2_Wrapper_Test(void* userCtx)
printf("ECC DH Generation Passed\n");
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifdef HAVE_ECC
/* Demonstrate loading wolf keys */
@ -345,6 +351,7 @@ int TPM2_Wrapper_Test(void* userCtx)
rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
if (rc != 0) goto exit;
#endif /* NO_RSA */
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
if (rc != 0) goto exit;
@ -388,6 +395,7 @@ exit:
printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
}
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef NO_RSA
wc_FreeRsaKey(&wolfRsaPubKey);
wc_FreeRsaKey(&wolfRsaPrivKey);
@ -396,6 +404,7 @@ exit:
wc_ecc_free(&wolfEccPubKey);
wc_ecc_free(&wolfEccPrivKey);
#endif
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);

40
src/tpm2.c
View File

@ -36,7 +36,7 @@ static TPM2_CTX* gActiveTPM;
/******************************************************************************/
static TPM_RC TPM2_AcquireLock(TPM2_CTX* ctx)
{
#ifdef SINGLE_THREADED
#if defined(WOLFTPM2_NO_WOLFCRYPT) || defined(SINGLE_THREADED)
(void)ctx;
#else
int ret = wc_LockMutex(&ctx->hwLock);
@ -48,7 +48,7 @@ static TPM_RC TPM2_AcquireLock(TPM2_CTX* ctx)
static void TPM2_ReleaseLock(TPM2_CTX* ctx)
{
#ifdef SINGLE_THREADED
#if defined(WOLFTPM2_NO_WOLFCRYPT) || defined(SINGLE_THREADED)
(void)ctx;
#else
wc_UnLockMutex(&ctx->hwLock);
@ -269,17 +269,17 @@ TPM_RC TPM2_Init(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx)
return TPM_RC_FAILURE;
}
XMEMSET(ctx, 0, sizeof(TPM2_CTX));
ctx->ioCb = ioCb;
ctx->userCtx = userCtx;
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifdef DEBUG_WOLFSSL
wolfSSL_Debugging_ON();
#endif
wolfCrypt_Init();
XMEMSET(ctx, 0, sizeof(TPM2_CTX));
ctx->ioCb = ioCb;
ctx->userCtx = userCtx;
rc = wc_InitRng(&ctx->rng);
if (rc < 0) {
#ifdef DEBUG_WOLFTPM
@ -294,6 +294,7 @@ TPM_RC TPM2_Init(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx)
return TPM_RC_FAILURE;
}
#endif
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
/* Startup TIS */
rc = TPM2_AcquireLock(ctx);
@ -338,12 +339,14 @@ TPM_RC TPM2_Cleanup(TPM2_CTX* ctx)
TPM2_ReleaseLock(ctx);
}
#ifndef WOLFTPM2_NO_WOLFCRYPT
wc_FreeRng(&ctx->rng);
#ifndef SINGLE_THREADED
wc_FreeMutex(&ctx->hwLock);
#endif
wolfCrypt_Cleanup();
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
return TPM_RC_SUCCESS;
}
@ -4518,11 +4521,34 @@ int TPM2_GetNonce(byte* nonceBuf, int nonceSz)
{
int rc;
TPM2_CTX* ctx = TPM2_GetActiveCtx();
#ifdef WOLFTPM2_NO_WOLFCRYPT
GetRandom_In in;
GetRandom_Out out;
int randSz = 0;
#endif
if (ctx == NULL || nonceBuf == NULL)
return BAD_FUNC_ARG;
#ifndef WOLFTPM2_NO_WOLFCRYPT
/* Use wolfCrypt */
rc = wc_RNG_GenerateBlock(&ctx->rng, nonceBuf, nonceSz);
#else
/* Use TPM GetRandom */
XMEMSET(&in, 0, sizeof(in));
while (randSz < nonceSz) {
in.bytesRequested = nonceSz - randSz;
if (in.bytesRequested > sizeof(out.randomBytes.buffer))
in.bytesRequested = sizeof(out.randomBytes.buffer);
rc = TPM2_GetRandom(&in, &out);
if (rc != TPM_RC_SUCCESS)
break;
XMEMCPY(&nonceBuf[randSz], out.randomBytes.buffer, out.randomBytes.size);
randSz += out.randomBytes.size;
}
#endif
return rc;
}
@ -4555,7 +4581,9 @@ const char* TPM2_GetRCString(int rc)
default:
break;
}
#ifndef WOLFTPM2_NO_WOLFCRYPT
return wc_GetErrorString(rc);
#endif
}
if (rc & RC_VER1) {

0
src/tpm2_packet.c 100755 → 100644
View File

0
src/tpm2_tis.c 100755 → 100644
View File

4
src/tpm2_wrap.c 100755 → 100644
View File

@ -425,6 +425,7 @@ int wolfTPM2_ReadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
return rc;
}
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef NO_RSA
int wolfTPM2_RsaKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
RsaKey* wolfKey)
@ -589,6 +590,7 @@ int wolfTPM2_EccKey_WolfToTpm(WOLFTPM2_DEV* dev, ecc_key* wolfKey,
return rc;
}
#endif /* HAVE_ECC */
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
/* primaryHandle must be owner or platform hierarchy */
/* Owner Persistent Handle Range: 0x81000000 to 0x817FFFFF */
@ -1218,12 +1220,14 @@ int wolfTPM2_NVDelete(WOLFTPM2_DEV* dev, TPM_HANDLE authHandle,
return rc;
}
#ifndef WOLFTPM2_NO_WOLFCRYPT
WC_RNG* wolfTPM2_GetRng(WOLFTPM2_DEV* dev)
{
if (dev)
return &dev->ctx.rng;
return NULL;
}
#endif
int wolfTPM2_Clear(WOLFTPM2_DEV* dev)
{

1
wolftpm/include.am
View File

@ -6,6 +6,7 @@ nobase_include_HEADERS+= \
wolftpm/tpm2.h \
wolftpm/tpm2_packet.h \
wolftpm/tpm2_tis.h \
wolftpm/tpm2_types.h \
wolftpm/tpm2_wrap.h \
wolftpm/version.h \
wolftpm/visibility.h \

254
wolftpm/tpm2.h
View File

@ -22,254 +22,11 @@
#ifndef __TPM2_H__
#define __TPM2_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolftpm/tpm2_types.h>
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#else
#include <wolfssl/wolfcrypt/settings.h>
#endif
#include <wolftpm/visibility.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/ecc.h>
#ifdef WOLF_CRYPTO_DEV
#include <wolfssl/wolfcrypt/cryptodev.h>
#endif
/* Reconfigurable Elements */
#ifndef MAX_SPI_FRAMESIZE
#define MAX_SPI_FRAMESIZE 64
#endif
#ifndef TPM_TIMEOUT_TRIES
#define TPM_TIMEOUT_TRIES 100000
#endif
#ifndef MAX_SYM_BLOCK_SIZE
#define MAX_SYM_BLOCK_SIZE 20
#endif
#ifndef MAX_SYM_KEY_BYTES
#define MAX_SYM_KEY_BYTES 256
#endif
#ifndef LABEL_MAX_BUFFER
#define LABEL_MAX_BUFFER 128
#endif
#ifndef MAX_RSA_KEY_BITS
#define MAX_RSA_KEY_BITS 2048
#endif
#ifndef MAX_RSA_KEY_BYTES
#define MAX_RSA_KEY_BYTES ((MAX_RSA_KEY_BITS/8)*2)
#endif
#ifndef MAX_ECC_KEY_BYTES
#define MAX_ECC_KEY_BYTES (MAX_ECC_BYTES*2)
#endif
/* Implementation Specific Values */
#ifndef BUFFER_ALIGNMENT
#define BUFFER_ALIGNMENT 4
#endif
#ifndef IMPLEMENTATION_PCR
#define IMPLEMENTATION_PCR 24
#endif
#ifndef PLATFORM_PCR
#define PLATFORM_PCR 24
#endif
#ifndef DRTM_PCR
#define DRTM_PCR 17
#endif
#ifndef HCRTM_PCR
#define HCRTM_PCR 0
#endif
#ifndef NUM_LOCALITIES
#define NUM_LOCALITIES 1
#endif
#ifndef MAX_HANDLE_NUM
#define MAX_HANDLE_NUM 3
#endif
#ifndef MAX_ACTIVE_SESSIONS
#define MAX_ACTIVE_SESSIONS 64
#endif
#ifndef MAX_LOADED_SESSIONS
#define MAX_LOADED_SESSIONS 3
#endif
#ifndef MAX_SESSION_NUM
#define MAX_SESSION_NUM 3
#endif
#ifndef MAX_LOADED_OBJECTS
#define MAX_LOADED_OBJECTS 3
#endif
#ifndef MIN_EVICT_OBJECTS
#define MIN_EVICT_OBJECTS 2
#endif
#ifndef PCR_SELECT_MIN
#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8)
#endif
#ifndef PCR_SELECT_MAX
#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8)
#endif
#ifndef MAX_CONTEXT_SIZE
#define MAX_CONTEXT_SIZE 2048
#endif
#ifndef MAX_DIGEST_BUFFER
#define MAX_DIGEST_BUFFER 1024
#endif
#ifndef MAX_NV_INDEX_SIZE
#define MAX_NV_INDEX_SIZE 2048
#endif
#ifndef MAX_NV_BUFFER_SIZE
#define MAX_NV_BUFFER_SIZE 768
#endif
#ifndef MAX_CAP_BUFFER
#define MAX_CAP_BUFFER 1024
#endif
#ifndef NV_MEMORY_SIZE
#define NV_MEMORY_SIZE 16384
#endif
#ifndef NUM_STATIC_PCR
#define NUM_STATIC_PCR 16
#endif
#ifndef MAX_ALG_LIST_SIZE
#define MAX_ALG_LIST_SIZE 64
#endif
#ifndef TIMER_PRESCALE
#define TIMER_PRESCALE 100000
#endif
#ifndef PRIMARY_SEED_SIZE
#define PRIMARY_SEED_SIZE 32
#endif
#ifndef CONTEXT_ENCRYPT_ALG
#define CONTEXT_ENCRYPT_ALG TPM_ALG_AES
#endif
#ifndef CONTEXT_ENCRYPT_KEY_BITS
#define CONTEXT_ENCRYPT_KEY_BITS MAX_SYM_KEY_BITS
#endif
#ifndef CONTEXT_ENCRYPT_KEY_BYTES
#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7 )/8)
#endif
#ifndef CONTEXT_INTEGRITY_HASH_ALG
#define CONTEXT_INTEGRITY_HASH_ALG TPM_ALG_SHA256
#endif
#ifndef CONTEXT_INTEGRITY_HASH_SIZE
#define CONTEXT_INTEGRITY_HASH_SIZE SHA256_DIGEST_SIZE
#endif
#ifndef PROOF_SIZE
#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE
#endif
#ifndef NV_CLOCK_UPDATE_INTERVAL
#define NV_CLOCK_UPDATE_INTERVAL 12
#endif
#ifndef NUM_POLICY_PCR
#define NUM_POLICY_PCR 1
#endif
#ifndef MAX_COMMAND_SIZE
#define MAX_COMMAND_SIZE 4096
#endif
#ifndef MAX_RESPONSE_SIZE
#define MAX_RESPONSE_SIZE 4096
#endif
#ifndef ORDERLY_BITS
#define ORDERLY_BITS 8
#endif
#ifndef MAX_ORDERLY_COUNT
#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1)
#endif
#ifndef ALG_ID_FIRST
#define ALG_ID_FIRST TPM_ALG_FIRST
#endif
#ifndef ALG_ID_LAST
#define ALG_ID_LAST TPM_ALG_LAST
#endif
#ifndef MAX_SYM_DATA
#define MAX_SYM_DATA 128
#endif
#ifndef MAX_RNG_ENTROPY_SIZE
#define MAX_RNG_ENTROPY_SIZE 64
#endif
#ifndef RAM_INDEX_SPACE
#define RAM_INDEX_SPACE 512
#endif
#ifndef RSA_DEFAULT_PUBLIC_EXPONENT
#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001
#endif
#ifndef ENABLE_PCR_NO_INCREMENT
#define ENABLE_PCR_NO_INCREMENT 1
#endif
#ifndef CRT_FORMAT_RSA
#define CRT_FORMAT_RSA 1
#endif
#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES
#define PRIVATE_VENDOR_SPECIFIC_BYTES ((MAX_RSA_KEY_BYTES/2) * (3 + CRT_FORMAT_RSA * 2))
#endif
#ifndef MAX_CAP_CC
#define MAX_CAP_CC ((TPM_CC_LAST - TPM_CC_FIRST) + 1)
#endif
#ifndef MAX_CAP_DATA
#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP) - sizeof(UINT32))
#endif
#ifndef MAX_CAP_HANDLES
#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE))
#endif
#ifndef HASH_COUNT
#define HASH_COUNT (2) /* SHA1 and SHA256 */
#endif
#ifndef MAX_CAP_ALGS
#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY))
#endif
#ifndef MAX_TPM_PROPERTIES
#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY))
#endif
#ifndef MAX_PCR_PROPERTIES
#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT))
#endif
#ifndef MAX_ECC_CURVES
#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE))
#endif
#ifndef MAX_TAGGED_POLICIES
#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY))
#endif
/* Types */
#include <stdint.h>
typedef uint8_t UINT8;
typedef uint8_t BYTE;
typedef int8_t INT8;
typedef int BOOL;
typedef uint16_t UINT16;
typedef int16_t INT16;
typedef uint32_t UINT32;
typedef int32_t INT32;
typedef uint64_t UINT64;
typedef int64_t INT64;
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#ifndef YES
#define YES 1
#endif
#ifndef NO
#define NO 0
#endif
#ifndef SET
#define SET 1
#endif
#ifndef CLEAR
#define CLEAR 0
#endif
/* ---------------------------------------------------------------------------*/
/* TYPES */
/* ---------------------------------------------------------------------------*/
typedef UINT32 TPM_ALGORITHM_ID;
typedef UINT32 TPM_MODIFIER_INDICATOR;
@ -279,7 +36,6 @@ typedef UINT16 TPM_KEY_SIZE;
typedef UINT16 TPM_KEY_BITS;
typedef UINT32 TPM_GENERATED;
/* ---------------------------------------------------------------------------*/
/* ENUMERATIONS */
/* ---------------------------------------------------------------------------*/
@ -1851,10 +1607,12 @@ typedef int (*TPM2HalIoCb)(struct TPM2_CTX*, const BYTE*, BYTE*, UINT16 size,
typedef struct TPM2_CTX {
TPM2HalIoCb ioCb;
void* userCtx;
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef SINGLE_THREADED
wolfSSL_Mutex hwLock;
#endif
WC_RNG rng;
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
/* TPM TIS Info */
int locality;

0
wolftpm/tpm2_packet.h 100755 → 100644
View File

0
wolftpm/tpm2_tis.h 100755 → 100644
View File

336
wolftpm/tpm2_types.h 100644
View File

@ -0,0 +1,336 @@
/* tpm2_types.h
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfTPM.
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef __TPM2_TYPES_H__
#define __TPM2_TYPES_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <wolftpm/visibility.h>
#include <stdint.h>
/* ---------------------------------------------------------------------------*/
/* TYPES */
/* ---------------------------------------------------------------------------*/
typedef uint8_t UINT8;
typedef uint8_t BYTE;
typedef int8_t INT8;
typedef int BOOL;
typedef uint16_t UINT16;
typedef int16_t INT16;
typedef uint32_t UINT32;
typedef int32_t INT32;
typedef uint64_t UINT64;
typedef int64_t INT64;
#ifndef TRUE
#define TRUE 1
#endif
#ifndef FALSE
#define FALSE 0
#endif
#ifndef YES
#define YES 1
#endif
#ifndef NO
#define NO 0
#endif
#ifndef SET
#define SET 1
#endif
#ifndef CLEAR
#define CLEAR 0
#endif
/* ---------------------------------------------------------------------------*/
/* WOLFCRYPT */
/* ---------------------------------------------------------------------------*/
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#else
#include <wolfssl/wolfcrypt/settings.h>
#endif
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/hash.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/ecc.h>
#ifdef WOLF_CRYPTO_DEV
#include <wolfssl/wolfcrypt/cryptodev.h>
#endif
#else
#include <stdio.h>
#include <string.h>
typedef uint8_t byte;
typedef uint16_t word16;
typedef uint32_t word32;
typedef uint64_t word64;
#define MAX_ECC_KEY_BYTES 66
#define WC_MAX_BLOCK_SIZE 128
#define WC_MD5_DIGEST_SIZE 16
#define WC_SHA_DIGEST_SIZE 20
#define WC_SHA256_DIGEST_SIZE 32
#define WC_SHA384_DIGEST_SIZE 48
#define WC_SHA512_DIGEST_SIZE 64
#define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE
#define BAD_FUNC_ARG -173 /* Bad function argument provided */
#define BUFFER_E -132 /* output buffer too small or input too large */
#define NOT_COMPILED_IN -174 /* Feature not compiled in */
#define XMEMCPY(d,s,l) memcpy((d),(s),(l))
#define XMEMSET(b,c,l) memset((b),(c),(l))
#define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n))
#define XSTRLEN(s1) strlen((s1))
/* Endianess */
#ifndef BIG_ENDIAN_ORDER
#define LITTLE_ENDIAN_ORDER
#endif
#if defined(__GNUC__)
#define WOLFSSL_PACK __attribute__ ((packed))
#else
#define WOLFSSL_PACK
#endif
#ifndef __GNUC_PREREQ
#if defined(__GNUC__) && defined(__GNUC_MINOR__)
#define __GNUC_PREREQ(maj, min) \
((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min))
#else
#define __GNUC_PREREQ(maj, min) (0) /* not GNUC */
#endif
#endif
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
/* ---------------------------------------------------------------------------*/
/* CONFIGURABLE LIMITS */
/* ---------------------------------------------------------------------------*/
#ifndef MAX_SPI_FRAMESIZE
#define MAX_SPI_FRAMESIZE 64
#endif
#ifndef TPM_TIMEOUT_TRIES
#define TPM_TIMEOUT_TRIES 100000
#endif
#ifndef MAX_SYM_BLOCK_SIZE
#define MAX_SYM_BLOCK_SIZE 20
#endif
#ifndef MAX_SYM_KEY_BYTES
#define MAX_SYM_KEY_BYTES 256
#endif
#ifndef LABEL_MAX_BUFFER
#define LABEL_MAX_BUFFER 128
#endif
#ifndef MAX_RSA_KEY_BITS
#define MAX_RSA_KEY_BITS 2048
#endif
#ifndef MAX_RSA_KEY_BYTES
#define MAX_RSA_KEY_BYTES ((MAX_RSA_KEY_BITS/8)*2)
#endif
#ifndef MAX_ECC_KEY_BYTES
#define MAX_ECC_KEY_BYTES (MAX_ECC_BYTES*2)
#endif
/* ---------------------------------------------------------------------------*/
/* IMPLEMENTATION SPECIFIC VALUES */
/* ---------------------------------------------------------------------------*/
#ifndef BUFFER_ALIGNMENT
#define BUFFER_ALIGNMENT 4
#endif
#ifndef IMPLEMENTATION_PCR
#define IMPLEMENTATION_PCR 24
#endif
#ifndef PLATFORM_PCR
#define PLATFORM_PCR 24
#endif
#ifndef DRTM_PCR
#define DRTM_PCR 17
#endif
#ifndef HCRTM_PCR
#define HCRTM_PCR 0
#endif
#ifndef NUM_LOCALITIES
#define NUM_LOCALITIES 1
#endif
#ifndef MAX_HANDLE_NUM
#define MAX_HANDLE_NUM 3
#endif
#ifndef MAX_ACTIVE_SESSIONS
#define MAX_ACTIVE_SESSIONS 64
#endif
#ifndef MAX_LOADED_SESSIONS
#define MAX_LOADED_SESSIONS 3
#endif
#ifndef MAX_SESSION_NUM
#define MAX_SESSION_NUM 3
#endif
#ifndef MAX_LOADED_OBJECTS
#define MAX_LOADED_OBJECTS 3
#endif
#ifndef MIN_EVICT_OBJECTS
#define MIN_EVICT_OBJECTS 2
#endif
#ifndef PCR_SELECT_MIN
#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8)
#endif
#ifndef PCR_SELECT_MAX
#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8)
#endif
#ifndef MAX_CONTEXT_SIZE
#define MAX_CONTEXT_SIZE 2048
#endif
#ifndef MAX_DIGEST_BUFFER
#define MAX_DIGEST_BUFFER 1024
#endif
#ifndef MAX_NV_INDEX_SIZE
#define MAX_NV_INDEX_SIZE 2048
#endif
#ifndef MAX_NV_BUFFER_SIZE
#define MAX_NV_BUFFER_SIZE 768
#endif
#ifndef MAX_CAP_BUFFER
#define MAX_CAP_BUFFER 1024
#endif
#ifndef NV_MEMORY_SIZE
#define NV_MEMORY_SIZE 16384
#endif
#ifndef NUM_STATIC_PCR
#define NUM_STATIC_PCR 16
#endif
#ifndef MAX_ALG_LIST_SIZE
#define MAX_ALG_LIST_SIZE 64
#endif
#ifndef TIMER_PRESCALE
#define TIMER_PRESCALE 100000
#endif
#ifndef PRIMARY_SEED_SIZE
#define PRIMARY_SEED_SIZE 32
#endif
#ifndef CONTEXT_ENCRYPT_ALG
#define CONTEXT_ENCRYPT_ALG TPM_ALG_AES
#endif
#ifndef CONTEXT_ENCRYPT_KEY_BITS
#define CONTEXT_ENCRYPT_KEY_BITS MAX_SYM_KEY_BITS
#endif
#ifndef CONTEXT_ENCRYPT_KEY_BYTES
#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7 )/8)
#endif
#ifndef CONTEXT_INTEGRITY_HASH_ALG
#define CONTEXT_INTEGRITY_HASH_ALG TPM_ALG_SHA256
#endif
#ifndef CONTEXT_INTEGRITY_HASH_SIZE
#define CONTEXT_INTEGRITY_HASH_SIZE SHA256_DIGEST_SIZE
#endif
#ifndef PROOF_SIZE
#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE
#endif
#ifndef NV_CLOCK_UPDATE_INTERVAL
#define NV_CLOCK_UPDATE_INTERVAL 12
#endif
#ifndef NUM_POLICY_PCR
#define NUM_POLICY_PCR 1
#endif
#ifndef MAX_COMMAND_SIZE
#define MAX_COMMAND_SIZE 4096
#endif
#ifndef MAX_RESPONSE_SIZE
#define MAX_RESPONSE_SIZE 4096
#endif
#ifndef ORDERLY_BITS
#define ORDERLY_BITS 8
#endif
#ifndef MAX_ORDERLY_COUNT
#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1)
#endif
#ifndef ALG_ID_FIRST
#define ALG_ID_FIRST TPM_ALG_FIRST
#endif
#ifndef ALG_ID_LAST
#define ALG_ID_LAST TPM_ALG_LAST
#endif
#ifndef MAX_SYM_DATA
#define MAX_SYM_DATA 128
#endif
#ifndef MAX_RNG_ENTROPY_SIZE
#define MAX_RNG_ENTROPY_SIZE 64
#endif
#ifndef RAM_INDEX_SPACE
#define RAM_INDEX_SPACE 512
#endif
#ifndef RSA_DEFAULT_PUBLIC_EXPONENT
#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001
#endif
#ifndef ENABLE_PCR_NO_INCREMENT
#define ENABLE_PCR_NO_INCREMENT 1
#endif
#ifndef CRT_FORMAT_RSA
#define CRT_FORMAT_RSA 1
#endif
#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES
#define PRIVATE_VENDOR_SPECIFIC_BYTES ((MAX_RSA_KEY_BYTES/2) * (3 + CRT_FORMAT_RSA * 2))
#endif
#ifndef MAX_CAP_CC
#define MAX_CAP_CC ((TPM_CC_LAST - TPM_CC_FIRST) + 1)
#endif
#ifndef MAX_CAP_DATA
#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP) - sizeof(UINT32))
#endif
#ifndef MAX_CAP_HANDLES
#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE))
#endif
#ifndef HASH_COUNT
#define HASH_COUNT (2) /* SHA1 and SHA256 */
#endif
#ifndef MAX_CAP_ALGS
#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY))
#endif
#ifndef MAX_TPM_PROPERTIES
#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY))
#endif
#ifndef MAX_PCR_PROPERTIES
#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT))
#endif
#ifndef MAX_ECC_CURVES
#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE))
#endif
#ifndef MAX_TAGGED_POLICIES
#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY))
#endif
#endif /* __TPM2_TYPES_H__ */

4
wolftpm/tpm2_wrap.h 100755 → 100644
View File

@ -89,6 +89,7 @@ WOLFTPM_API int wolfTPM2_LoadEccPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
WOLFTPM_API int wolfTPM2_ReadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
const TPM_HANDLE handle);
#ifndef WOLFTPM2_NO_WOLFCRYPT
#ifndef NO_RSA
WOLFTPM_API int wolfTPM2_RsaKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey,
RsaKey* wolfKey);
@ -101,6 +102,7 @@ WOLFTPM_API int wolfTPM2_EccKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKe
WOLFTPM_API int wolfTPM2_EccKey_WolfToTpm(WOLFTPM2_DEV* dev, ecc_key* wolfKey,
WOLFTPM2_KEY* tpmKey);
#endif
#endif
WOLFTPM_API int wolfTPM2_SignHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
const byte* digest, int digestSz, byte* sig, int* sigSz);
@ -133,7 +135,7 @@ WOLFTPM_API int wolfTPM2_NVStoreKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle,
WOLFTPM_API int wolfTPM2_NVDeleteKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle,
WOLFTPM2_KEY* key);
WOLFTPM_API WC_RNG* wolfTPM2_GetRng(WOLFTPM2_DEV* dev);
WOLFTPM_API struct WC_RNG* wolfTPM2_GetRng(WOLFTPM2_DEV* dev);
WOLFTPM_API int wolfTPM2_UnloadHandle(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* handle);

0
wolftpm/visibility.h 100755 → 100644
View File