diff --git a/configure.ac b/configure.ac index 03d9a3e..1fb3995 100644 --- a/configure.ac +++ b/configure.ac @@ -94,9 +94,6 @@ else fi -TAO_REQUIRE_LIBWOLFSSL - - # Examples AC_ARG_ENABLE([examples], [AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])], @@ -122,6 +119,24 @@ fi AM_CONDITIONAL([BUILD_WRAPPER], [test "x$ENABLED_WRAPPER" = "xyes"]) +# wolfCrypt +AC_ARG_ENABLE([wolfcrypt], + [AS_HELP_STRING([--enable-wolfcrypt],[Enable wolfCrypt hooks for RNG, Auth Sessions and Parameter encryption (default: enabled)])], + [ ENABLED_WOLFCRYPT=$enableval ], + [ ENABLED_WOLFCRYPT=yes ] + ) + +if test "x$ENABLED_WOLFCRYPT" = "xyes" +then + TAO_REQUIRE_LIBWOLFSSL +else + AM_CFLAGS="$AM_CFLAGS -DWOLFTPM2_NO_WOLFCRYPT" +fi +AM_CONDITIONAL([HAVE_LIBWOLFSSL], [test "x$ENABLED_WOLFCRYPT" = "xyes"]) + + + + # HARDEN FLAGS AX_HARDEN_CC_COMPILER_FLAGS diff --git a/examples/csr/csr.c b/examples/csr/csr.c index 0b2936b..39a2d1a 100644 --- a/examples/csr/csr.c +++ b/examples/csr/csr.c @@ -24,7 +24,7 @@ #include #if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLFSSL_CERT_REQ) && \ - defined(WOLF_CRYPTO_DEV) + defined(WOLF_CRYPTO_DEV) && !defined(WOLFTPM2_NO_WOLFCRYPT) #include #include @@ -288,7 +288,7 @@ int main(void) int rc = -1; #if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLFSSL_CERT_REQ) && \ - defined(WOLF_CRYPTO_DEV) + defined(WOLF_CRYPTO_DEV) && !defined(WOLFTPM2_NO_WOLFCRYPT) rc = TPM2_CSR_Example(TPM2_IoGetUserCtx()); #else printf("Wrapper/CertReq/CryptoDev code not compiled in\n"); diff --git a/examples/native/native_test.c b/examples/native/native_test.c index aae5784..fab46bf 100644 --- a/examples/native/native_test.c +++ b/examples/native/native_test.c @@ -150,10 +150,12 @@ int TPM2_Native_Test(void* userCtx) TPMI_RH_NV_INDEX nvIndex; TPM2B_PUBLIC_KEY_RSA message; +#ifndef WOLFTPM2_NO_WOLFCRYPT byte pcr[WC_SHA256_DIGEST_SIZE]; int pcr_len = WC_SHA256_DIGEST_SIZE; byte hash[WC_SHA256_DIGEST_SIZE]; int hash_len = WC_SHA256_DIGEST_SIZE; +#endif TpmRsaKey endorse; TpmRsaKey storage; @@ -376,7 +378,7 @@ int TPM2_Native_Test(void* userCtx) cmdIn.authSes.nonceCaller.size); if (rc < 0) { printf("wc_RNG_GenerateBlock failed 0x%x: %s\n", rc, - wc_GetErrorString(rc)); + TPM2_GetRCString(rc)); goto exit; } rc = TPM2_StartAuthSession(&cmdIn.authSes, &cmdOut.authSes); @@ -420,10 +422,11 @@ int TPM2_Native_Test(void* userCtx) TPM2_PrintBin(cmdOut.pcrRead.pcrValues.digests[0].buffer, cmdOut.pcrRead.pcrValues.digests[0].size); +#ifndef WOLFTPM2_NO_WOLFCRYPT /* Hash SHA256 PCR[0] */ rc = wc_Hash(WC_HASH_TYPE_SHA256, pcr, pcr_len, hash, hash_len); if (rc < 0) { - printf("wc_Hash failed 0x%x: %s\n", rc, wc_GetErrorString(rc)); + printf("wc_Hash failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } printf("wc_Hash of PCR[0]: size %d\n", hash_len); @@ -443,7 +446,7 @@ int TPM2_Native_Test(void* userCtx) //goto exit; } printf("TPM2_PolicyPCR: Updated\n"); - +#endif /* Policy Restart (for session) */ XMEMSET(&cmdIn.policyRestart, 0, sizeof(cmdIn.policyRestart)); @@ -712,7 +715,7 @@ int TPM2_Native_Test(void* userCtx) cmdIn.objChgAuth.newAuth.size); if (rc < 0) { printf("wc_RNG_GenerateBlock failed 0x%x: %s\n", rc, - wc_GetErrorString(rc)); + TPM2_GetRCString(rc)); goto exit; } rc = TPM2_ObjectChangeAuth(&cmdIn.objChgAuth, &cmdOut.objChgAuth); diff --git a/examples/tls/tls_client.c b/examples/tls/tls_client.c index dcd3ff1..b892ff4 100644 --- a/examples/tls/tls_client.c +++ b/examples/tls/tls_client.c @@ -23,7 +23,8 @@ #include #include -#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV) +#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV) && \ + !defined(WOLFTPM2_NO_WOLFCRYPT) #include #include @@ -509,7 +510,8 @@ int main(void) { int rc = -1; -#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV) +#if !defined(WOLFTPM2_NO_WRAPPER) && defined(WOLF_CRYPTO_DEV) && \ + !defined(WOLFTPM2_NO_WOLFCRYPT) rc = TPM2_TLS_Client(TPM2_IoGetUserCtx()); #else printf("Wrapper/CryptoDev code not compiled in\n"); diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c index 15047c5..0fa4f5f 100644 --- a/examples/wrap/wrap_test.c +++ b/examples/wrap/wrap_test.c @@ -33,6 +33,7 @@ #define TPM2_DEMO_NV_TEST_INDEX 0x01800200 #define TPM2_DEMO_NV_TEST_SIZE 1024 /* max size on Infineon SLB9670 is 1664 */ +#ifndef WOLFTPM2_NO_WOLFCRYPT /* from wolfSSL ./certs/client-keyPub.der */ static const byte kRsaPubKeyRaw[] = { 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, @@ -80,7 +81,7 @@ static const byte kEccPubKeyYRaw[] = { 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4 }; - +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ /******************************************************************************/ /* --- BEGIN Wrapper API Tests -- */ @@ -101,7 +102,6 @@ int TPM2_Wrapper_Test(void* userCtx) WOLFTPM2_KEY storageKey; WOLFTPM2_KEY rsaKey; WOLFTPM2_KEY eccKey; - WOLFTPM2_KEY publicKey; WOLFTPM2_BUFFER message; WOLFTPM2_BUFFER cipher; WOLFTPM2_BUFFER plain; @@ -111,6 +111,9 @@ int TPM2_Wrapper_Test(void* userCtx) #ifdef WOLF_CRYPTO_DEV TpmCryptoDevCtx tpmCtx; #endif + +#ifndef WOLFTPM2_NO_WOLFCRYPT + WOLFTPM2_KEY publicKey; int tpmDevId = INVALID_DEVID; #ifndef NO_RSA word32 idx = 0; @@ -130,6 +133,7 @@ int TPM2_Wrapper_Test(void* userCtx) XMEMSET(&wolfEccPubKey, 0, sizeof(wolfEccPubKey)); XMEMSET(&wolfEccPrivKey, 0, sizeof(wolfEccPrivKey)); #endif +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ printf("TPM2 Demo for Wrapper API's\n"); @@ -241,6 +245,7 @@ int TPM2_Wrapper_Test(void* userCtx) printf("RSA Encrypt/Decrypt OAEP Test Passed\n"); +#ifndef WOLFTPM2_NO_WOLFCRYPT #ifndef NO_RSA /* Demonstrate loading wolf keys */ /* setup wolf RSA key with TPM deviceID */ @@ -266,7 +271,7 @@ int TPM2_Wrapper_Test(void* userCtx) rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle); if (rc != 0) goto exit; #endif /* NO_RSA */ - +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); if (rc != 0) goto exit; @@ -318,6 +323,7 @@ int TPM2_Wrapper_Test(void* userCtx) printf("ECC DH Generation Passed\n"); +#ifndef WOLFTPM2_NO_WOLFCRYPT #ifdef HAVE_ECC /* Demonstrate loading wolf keys */ @@ -345,6 +351,7 @@ int TPM2_Wrapper_Test(void* userCtx) rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle); if (rc != 0) goto exit; #endif /* NO_RSA */ +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); if (rc != 0) goto exit; @@ -388,6 +395,7 @@ exit: printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); } +#ifndef WOLFTPM2_NO_WOLFCRYPT #ifndef NO_RSA wc_FreeRsaKey(&wolfRsaPubKey); wc_FreeRsaKey(&wolfRsaPrivKey); @@ -396,6 +404,7 @@ exit: wc_ecc_free(&wolfEccPubKey); wc_ecc_free(&wolfEccPrivKey); #endif +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); wolfTPM2_UnloadHandle(&dev, &eccKey.handle); diff --git a/src/tpm2.c b/src/tpm2.c index edd2250..75f3c7d 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -36,7 +36,7 @@ static TPM2_CTX* gActiveTPM; /******************************************************************************/ static TPM_RC TPM2_AcquireLock(TPM2_CTX* ctx) { -#ifdef SINGLE_THREADED +#if defined(WOLFTPM2_NO_WOLFCRYPT) || defined(SINGLE_THREADED) (void)ctx; #else int ret = wc_LockMutex(&ctx->hwLock); @@ -48,7 +48,7 @@ static TPM_RC TPM2_AcquireLock(TPM2_CTX* ctx) static void TPM2_ReleaseLock(TPM2_CTX* ctx) { -#ifdef SINGLE_THREADED +#if defined(WOLFTPM2_NO_WOLFCRYPT) || defined(SINGLE_THREADED) (void)ctx; #else wc_UnLockMutex(&ctx->hwLock); @@ -269,17 +269,17 @@ TPM_RC TPM2_Init(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx) return TPM_RC_FAILURE; } + XMEMSET(ctx, 0, sizeof(TPM2_CTX)); + ctx->ioCb = ioCb; + ctx->userCtx = userCtx; +#ifndef WOLFTPM2_NO_WOLFCRYPT #ifdef DEBUG_WOLFSSL wolfSSL_Debugging_ON(); #endif wolfCrypt_Init(); - XMEMSET(ctx, 0, sizeof(TPM2_CTX)); - ctx->ioCb = ioCb; - ctx->userCtx = userCtx; - rc = wc_InitRng(&ctx->rng); if (rc < 0) { #ifdef DEBUG_WOLFTPM @@ -294,6 +294,7 @@ TPM_RC TPM2_Init(TPM2_CTX* ctx, TPM2HalIoCb ioCb, void* userCtx) return TPM_RC_FAILURE; } #endif +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ /* Startup TIS */ rc = TPM2_AcquireLock(ctx); @@ -338,12 +339,14 @@ TPM_RC TPM2_Cleanup(TPM2_CTX* ctx) TPM2_ReleaseLock(ctx); } +#ifndef WOLFTPM2_NO_WOLFCRYPT wc_FreeRng(&ctx->rng); #ifndef SINGLE_THREADED wc_FreeMutex(&ctx->hwLock); #endif wolfCrypt_Cleanup(); +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ return TPM_RC_SUCCESS; } @@ -4518,11 +4521,34 @@ int TPM2_GetNonce(byte* nonceBuf, int nonceSz) { int rc; TPM2_CTX* ctx = TPM2_GetActiveCtx(); +#ifdef WOLFTPM2_NO_WOLFCRYPT + GetRandom_In in; + GetRandom_Out out; + int randSz = 0; +#endif if (ctx == NULL || nonceBuf == NULL) return BAD_FUNC_ARG; +#ifndef WOLFTPM2_NO_WOLFCRYPT + /* Use wolfCrypt */ rc = wc_RNG_GenerateBlock(&ctx->rng, nonceBuf, nonceSz); +#else + /* Use TPM GetRandom */ + XMEMSET(&in, 0, sizeof(in)); + while (randSz < nonceSz) { + in.bytesRequested = nonceSz - randSz; + if (in.bytesRequested > sizeof(out.randomBytes.buffer)) + in.bytesRequested = sizeof(out.randomBytes.buffer); + + rc = TPM2_GetRandom(&in, &out); + if (rc != TPM_RC_SUCCESS) + break; + + XMEMCPY(&nonceBuf[randSz], out.randomBytes.buffer, out.randomBytes.size); + randSz += out.randomBytes.size; + } +#endif return rc; } @@ -4555,7 +4581,9 @@ const char* TPM2_GetRCString(int rc) default: break; } + #ifndef WOLFTPM2_NO_WOLFCRYPT return wc_GetErrorString(rc); + #endif } if (rc & RC_VER1) { diff --git a/src/tpm2_packet.c b/src/tpm2_packet.c old mode 100755 new mode 100644 diff --git a/src/tpm2_tis.c b/src/tpm2_tis.c old mode 100755 new mode 100644 diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c old mode 100755 new mode 100644 index 5e1ee24..7992543 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -425,6 +425,7 @@ int wolfTPM2_ReadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, return rc; } +#ifndef WOLFTPM2_NO_WOLFCRYPT #ifndef NO_RSA int wolfTPM2_RsaKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey, RsaKey* wolfKey) @@ -589,6 +590,7 @@ int wolfTPM2_EccKey_WolfToTpm(WOLFTPM2_DEV* dev, ecc_key* wolfKey, return rc; } #endif /* HAVE_ECC */ +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ /* primaryHandle must be owner or platform hierarchy */ /* Owner Persistent Handle Range: 0x81000000 to 0x817FFFFF */ @@ -1218,12 +1220,14 @@ int wolfTPM2_NVDelete(WOLFTPM2_DEV* dev, TPM_HANDLE authHandle, return rc; } +#ifndef WOLFTPM2_NO_WOLFCRYPT WC_RNG* wolfTPM2_GetRng(WOLFTPM2_DEV* dev) { if (dev) return &dev->ctx.rng; return NULL; } +#endif int wolfTPM2_Clear(WOLFTPM2_DEV* dev) { diff --git a/wolftpm/include.am b/wolftpm/include.am index 64db084..f8b0dd7 100644 --- a/wolftpm/include.am +++ b/wolftpm/include.am @@ -6,6 +6,7 @@ nobase_include_HEADERS+= \ wolftpm/tpm2.h \ wolftpm/tpm2_packet.h \ wolftpm/tpm2_tis.h \ + wolftpm/tpm2_types.h \ wolftpm/tpm2_wrap.h \ wolftpm/version.h \ wolftpm/visibility.h \ diff --git a/wolftpm/tpm2.h b/wolftpm/tpm2.h index 4ae6eec..9d7441f 100644 --- a/wolftpm/tpm2.h +++ b/wolftpm/tpm2.h @@ -22,254 +22,11 @@ #ifndef __TPM2_H__ #define __TPM2_H__ -#ifdef HAVE_CONFIG_H - #include -#endif +#include -#ifndef WOLFSSL_USER_SETTINGS - #include -#else - #include -#endif - -#include - -#include -#include -#include -#include -#include -#include -#ifdef WOLF_CRYPTO_DEV - #include -#endif - - -/* Reconfigurable Elements */ - -#ifndef MAX_SPI_FRAMESIZE -#define MAX_SPI_FRAMESIZE 64 -#endif - -#ifndef TPM_TIMEOUT_TRIES -#define TPM_TIMEOUT_TRIES 100000 -#endif - -#ifndef MAX_SYM_BLOCK_SIZE -#define MAX_SYM_BLOCK_SIZE 20 -#endif -#ifndef MAX_SYM_KEY_BYTES -#define MAX_SYM_KEY_BYTES 256 -#endif -#ifndef LABEL_MAX_BUFFER -#define LABEL_MAX_BUFFER 128 -#endif -#ifndef MAX_RSA_KEY_BITS -#define MAX_RSA_KEY_BITS 2048 -#endif -#ifndef MAX_RSA_KEY_BYTES -#define MAX_RSA_KEY_BYTES ((MAX_RSA_KEY_BITS/8)*2) -#endif -#ifndef MAX_ECC_KEY_BYTES -#define MAX_ECC_KEY_BYTES (MAX_ECC_BYTES*2) -#endif - -/* Implementation Specific Values */ -#ifndef BUFFER_ALIGNMENT -#define BUFFER_ALIGNMENT 4 -#endif -#ifndef IMPLEMENTATION_PCR -#define IMPLEMENTATION_PCR 24 -#endif -#ifndef PLATFORM_PCR -#define PLATFORM_PCR 24 -#endif -#ifndef DRTM_PCR -#define DRTM_PCR 17 -#endif -#ifndef HCRTM_PCR -#define HCRTM_PCR 0 -#endif -#ifndef NUM_LOCALITIES -#define NUM_LOCALITIES 1 -#endif -#ifndef MAX_HANDLE_NUM -#define MAX_HANDLE_NUM 3 -#endif -#ifndef MAX_ACTIVE_SESSIONS -#define MAX_ACTIVE_SESSIONS 64 -#endif -#ifndef MAX_LOADED_SESSIONS -#define MAX_LOADED_SESSIONS 3 -#endif -#ifndef MAX_SESSION_NUM -#define MAX_SESSION_NUM 3 -#endif -#ifndef MAX_LOADED_OBJECTS -#define MAX_LOADED_OBJECTS 3 -#endif -#ifndef MIN_EVICT_OBJECTS -#define MIN_EVICT_OBJECTS 2 -#endif -#ifndef PCR_SELECT_MIN -#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) -#endif -#ifndef PCR_SELECT_MAX -#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) -#endif -#ifndef MAX_CONTEXT_SIZE -#define MAX_CONTEXT_SIZE 2048 -#endif -#ifndef MAX_DIGEST_BUFFER -#define MAX_DIGEST_BUFFER 1024 -#endif -#ifndef MAX_NV_INDEX_SIZE -#define MAX_NV_INDEX_SIZE 2048 -#endif -#ifndef MAX_NV_BUFFER_SIZE -#define MAX_NV_BUFFER_SIZE 768 -#endif -#ifndef MAX_CAP_BUFFER -#define MAX_CAP_BUFFER 1024 -#endif -#ifndef NV_MEMORY_SIZE -#define NV_MEMORY_SIZE 16384 -#endif -#ifndef NUM_STATIC_PCR -#define NUM_STATIC_PCR 16 -#endif -#ifndef MAX_ALG_LIST_SIZE -#define MAX_ALG_LIST_SIZE 64 -#endif -#ifndef TIMER_PRESCALE -#define TIMER_PRESCALE 100000 -#endif -#ifndef PRIMARY_SEED_SIZE -#define PRIMARY_SEED_SIZE 32 -#endif -#ifndef CONTEXT_ENCRYPT_ALG -#define CONTEXT_ENCRYPT_ALG TPM_ALG_AES -#endif -#ifndef CONTEXT_ENCRYPT_KEY_BITS -#define CONTEXT_ENCRYPT_KEY_BITS MAX_SYM_KEY_BITS -#endif -#ifndef CONTEXT_ENCRYPT_KEY_BYTES -#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7 )/8) -#endif -#ifndef CONTEXT_INTEGRITY_HASH_ALG -#define CONTEXT_INTEGRITY_HASH_ALG TPM_ALG_SHA256 -#endif -#ifndef CONTEXT_INTEGRITY_HASH_SIZE -#define CONTEXT_INTEGRITY_HASH_SIZE SHA256_DIGEST_SIZE -#endif -#ifndef PROOF_SIZE -#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE -#endif -#ifndef NV_CLOCK_UPDATE_INTERVAL -#define NV_CLOCK_UPDATE_INTERVAL 12 -#endif -#ifndef NUM_POLICY_PCR -#define NUM_POLICY_PCR 1 -#endif -#ifndef MAX_COMMAND_SIZE -#define MAX_COMMAND_SIZE 4096 -#endif -#ifndef MAX_RESPONSE_SIZE -#define MAX_RESPONSE_SIZE 4096 -#endif -#ifndef ORDERLY_BITS -#define ORDERLY_BITS 8 -#endif -#ifndef MAX_ORDERLY_COUNT -#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) -#endif -#ifndef ALG_ID_FIRST -#define ALG_ID_FIRST TPM_ALG_FIRST -#endif -#ifndef ALG_ID_LAST -#define ALG_ID_LAST TPM_ALG_LAST -#endif -#ifndef MAX_SYM_DATA -#define MAX_SYM_DATA 128 -#endif -#ifndef MAX_RNG_ENTROPY_SIZE -#define MAX_RNG_ENTROPY_SIZE 64 -#endif -#ifndef RAM_INDEX_SPACE -#define RAM_INDEX_SPACE 512 -#endif -#ifndef RSA_DEFAULT_PUBLIC_EXPONENT -#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 -#endif -#ifndef ENABLE_PCR_NO_INCREMENT -#define ENABLE_PCR_NO_INCREMENT 1 -#endif -#ifndef CRT_FORMAT_RSA -#define CRT_FORMAT_RSA 1 -#endif -#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES -#define PRIVATE_VENDOR_SPECIFIC_BYTES ((MAX_RSA_KEY_BYTES/2) * (3 + CRT_FORMAT_RSA * 2)) -#endif -#ifndef MAX_CAP_CC -#define MAX_CAP_CC ((TPM_CC_LAST - TPM_CC_FIRST) + 1) -#endif -#ifndef MAX_CAP_DATA -#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP) - sizeof(UINT32)) -#endif -#ifndef MAX_CAP_HANDLES -#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) -#endif -#ifndef HASH_COUNT -#define HASH_COUNT (2) /* SHA1 and SHA256 */ -#endif -#ifndef MAX_CAP_ALGS -#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) -#endif -#ifndef MAX_TPM_PROPERTIES -#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) -#endif -#ifndef MAX_PCR_PROPERTIES -#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) -#endif -#ifndef MAX_ECC_CURVES -#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) -#endif -#ifndef MAX_TAGGED_POLICIES -#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) -#endif - - -/* Types */ -#include -typedef uint8_t UINT8; -typedef uint8_t BYTE; -typedef int8_t INT8; -typedef int BOOL; -typedef uint16_t UINT16; -typedef int16_t INT16; -typedef uint32_t UINT32; -typedef int32_t INT32; -typedef uint64_t UINT64; -typedef int64_t INT64; - -#ifndef TRUE -#define TRUE 1 -#endif -#ifndef FALSE -#define FALSE 0 -#endif -#ifndef YES -#define YES 1 -#endif -#ifndef NO -#define NO 0 -#endif -#ifndef SET -#define SET 1 -#endif -#ifndef CLEAR -#define CLEAR 0 -#endif +/* ---------------------------------------------------------------------------*/ +/* TYPES */ +/* ---------------------------------------------------------------------------*/ typedef UINT32 TPM_ALGORITHM_ID; typedef UINT32 TPM_MODIFIER_INDICATOR; @@ -279,7 +36,6 @@ typedef UINT16 TPM_KEY_SIZE; typedef UINT16 TPM_KEY_BITS; typedef UINT32 TPM_GENERATED; - /* ---------------------------------------------------------------------------*/ /* ENUMERATIONS */ /* ---------------------------------------------------------------------------*/ @@ -1851,10 +1607,12 @@ typedef int (*TPM2HalIoCb)(struct TPM2_CTX*, const BYTE*, BYTE*, UINT16 size, typedef struct TPM2_CTX { TPM2HalIoCb ioCb; void* userCtx; +#ifndef WOLFTPM2_NO_WOLFCRYPT #ifndef SINGLE_THREADED wolfSSL_Mutex hwLock; #endif WC_RNG rng; +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ /* TPM TIS Info */ int locality; diff --git a/wolftpm/tpm2_packet.h b/wolftpm/tpm2_packet.h old mode 100755 new mode 100644 diff --git a/wolftpm/tpm2_tis.h b/wolftpm/tpm2_tis.h old mode 100755 new mode 100644 diff --git a/wolftpm/tpm2_types.h b/wolftpm/tpm2_types.h new file mode 100644 index 0000000..fe52cc2 --- /dev/null +++ b/wolftpm/tpm2_types.h @@ -0,0 +1,336 @@ +/* tpm2_types.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfTPM. + * + * wolfTPM is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfTPM is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef __TPM2_TYPES_H__ +#define __TPM2_TYPES_H__ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include +#include + +/* ---------------------------------------------------------------------------*/ +/* TYPES */ +/* ---------------------------------------------------------------------------*/ + +typedef uint8_t UINT8; +typedef uint8_t BYTE; +typedef int8_t INT8; +typedef int BOOL; +typedef uint16_t UINT16; +typedef int16_t INT16; +typedef uint32_t UINT32; +typedef int32_t INT32; +typedef uint64_t UINT64; +typedef int64_t INT64; + +#ifndef TRUE +#define TRUE 1 +#endif +#ifndef FALSE +#define FALSE 0 +#endif +#ifndef YES +#define YES 1 +#endif +#ifndef NO +#define NO 0 +#endif +#ifndef SET +#define SET 1 +#endif +#ifndef CLEAR +#define CLEAR 0 +#endif + +/* ---------------------------------------------------------------------------*/ +/* WOLFCRYPT */ +/* ---------------------------------------------------------------------------*/ + +#ifndef WOLFTPM2_NO_WOLFCRYPT + #ifndef WOLFSSL_USER_SETTINGS + #include + #else + #include + #endif + + #include + #include + #include + #include + #include + #include + #ifdef WOLF_CRYPTO_DEV + #include + #endif +#else + + #include + #include + + typedef uint8_t byte; + typedef uint16_t word16; + typedef uint32_t word32; + typedef uint64_t word64; + + #define MAX_ECC_KEY_BYTES 66 + #define WC_MAX_BLOCK_SIZE 128 + #define WC_MD5_DIGEST_SIZE 16 + #define WC_SHA_DIGEST_SIZE 20 + #define WC_SHA256_DIGEST_SIZE 32 + #define WC_SHA384_DIGEST_SIZE 48 + #define WC_SHA512_DIGEST_SIZE 64 + #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE + + #define BAD_FUNC_ARG -173 /* Bad function argument provided */ + #define BUFFER_E -132 /* output buffer too small or input too large */ + #define NOT_COMPILED_IN -174 /* Feature not compiled in */ + + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XSTRLEN(s1) strlen((s1)) + + /* Endianess */ + #ifndef BIG_ENDIAN_ORDER + #define LITTLE_ENDIAN_ORDER + #endif + + #if defined(__GNUC__) + #define WOLFSSL_PACK __attribute__ ((packed)) + #else + #define WOLFSSL_PACK + #endif + + #ifndef __GNUC_PREREQ + #if defined(__GNUC__) && defined(__GNUC_MINOR__) + #define __GNUC_PREREQ(maj, min) \ + ((__GNUC__ << 16) + __GNUC_MINOR__ >= ((maj) << 16) + (min)) + #else + #define __GNUC_PREREQ(maj, min) (0) /* not GNUC */ + #endif + #endif +#endif /* !WOLFTPM2_NO_WOLFCRYPT */ + + +/* ---------------------------------------------------------------------------*/ +/* CONFIGURABLE LIMITS */ +/* ---------------------------------------------------------------------------*/ + +#ifndef MAX_SPI_FRAMESIZE +#define MAX_SPI_FRAMESIZE 64 +#endif + +#ifndef TPM_TIMEOUT_TRIES +#define TPM_TIMEOUT_TRIES 100000 +#endif + +#ifndef MAX_SYM_BLOCK_SIZE +#define MAX_SYM_BLOCK_SIZE 20 +#endif +#ifndef MAX_SYM_KEY_BYTES +#define MAX_SYM_KEY_BYTES 256 +#endif +#ifndef LABEL_MAX_BUFFER +#define LABEL_MAX_BUFFER 128 +#endif +#ifndef MAX_RSA_KEY_BITS +#define MAX_RSA_KEY_BITS 2048 +#endif +#ifndef MAX_RSA_KEY_BYTES +#define MAX_RSA_KEY_BYTES ((MAX_RSA_KEY_BITS/8)*2) +#endif +#ifndef MAX_ECC_KEY_BYTES +#define MAX_ECC_KEY_BYTES (MAX_ECC_BYTES*2) +#endif + + +/* ---------------------------------------------------------------------------*/ +/* IMPLEMENTATION SPECIFIC VALUES */ +/* ---------------------------------------------------------------------------*/ + +#ifndef BUFFER_ALIGNMENT +#define BUFFER_ALIGNMENT 4 +#endif +#ifndef IMPLEMENTATION_PCR +#define IMPLEMENTATION_PCR 24 +#endif +#ifndef PLATFORM_PCR +#define PLATFORM_PCR 24 +#endif +#ifndef DRTM_PCR +#define DRTM_PCR 17 +#endif +#ifndef HCRTM_PCR +#define HCRTM_PCR 0 +#endif +#ifndef NUM_LOCALITIES +#define NUM_LOCALITIES 1 +#endif +#ifndef MAX_HANDLE_NUM +#define MAX_HANDLE_NUM 3 +#endif +#ifndef MAX_ACTIVE_SESSIONS +#define MAX_ACTIVE_SESSIONS 64 +#endif +#ifndef MAX_LOADED_SESSIONS +#define MAX_LOADED_SESSIONS 3 +#endif +#ifndef MAX_SESSION_NUM +#define MAX_SESSION_NUM 3 +#endif +#ifndef MAX_LOADED_OBJECTS +#define MAX_LOADED_OBJECTS 3 +#endif +#ifndef MIN_EVICT_OBJECTS +#define MIN_EVICT_OBJECTS 2 +#endif +#ifndef PCR_SELECT_MIN +#define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) +#endif +#ifndef PCR_SELECT_MAX +#define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) +#endif +#ifndef MAX_CONTEXT_SIZE +#define MAX_CONTEXT_SIZE 2048 +#endif +#ifndef MAX_DIGEST_BUFFER +#define MAX_DIGEST_BUFFER 1024 +#endif +#ifndef MAX_NV_INDEX_SIZE +#define MAX_NV_INDEX_SIZE 2048 +#endif +#ifndef MAX_NV_BUFFER_SIZE +#define MAX_NV_BUFFER_SIZE 768 +#endif +#ifndef MAX_CAP_BUFFER +#define MAX_CAP_BUFFER 1024 +#endif +#ifndef NV_MEMORY_SIZE +#define NV_MEMORY_SIZE 16384 +#endif +#ifndef NUM_STATIC_PCR +#define NUM_STATIC_PCR 16 +#endif +#ifndef MAX_ALG_LIST_SIZE +#define MAX_ALG_LIST_SIZE 64 +#endif +#ifndef TIMER_PRESCALE +#define TIMER_PRESCALE 100000 +#endif +#ifndef PRIMARY_SEED_SIZE +#define PRIMARY_SEED_SIZE 32 +#endif +#ifndef CONTEXT_ENCRYPT_ALG +#define CONTEXT_ENCRYPT_ALG TPM_ALG_AES +#endif +#ifndef CONTEXT_ENCRYPT_KEY_BITS +#define CONTEXT_ENCRYPT_KEY_BITS MAX_SYM_KEY_BITS +#endif +#ifndef CONTEXT_ENCRYPT_KEY_BYTES +#define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7 )/8) +#endif +#ifndef CONTEXT_INTEGRITY_HASH_ALG +#define CONTEXT_INTEGRITY_HASH_ALG TPM_ALG_SHA256 +#endif +#ifndef CONTEXT_INTEGRITY_HASH_SIZE +#define CONTEXT_INTEGRITY_HASH_SIZE SHA256_DIGEST_SIZE +#endif +#ifndef PROOF_SIZE +#define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE +#endif +#ifndef NV_CLOCK_UPDATE_INTERVAL +#define NV_CLOCK_UPDATE_INTERVAL 12 +#endif +#ifndef NUM_POLICY_PCR +#define NUM_POLICY_PCR 1 +#endif +#ifndef MAX_COMMAND_SIZE +#define MAX_COMMAND_SIZE 4096 +#endif +#ifndef MAX_RESPONSE_SIZE +#define MAX_RESPONSE_SIZE 4096 +#endif +#ifndef ORDERLY_BITS +#define ORDERLY_BITS 8 +#endif +#ifndef MAX_ORDERLY_COUNT +#define MAX_ORDERLY_COUNT ((1 << ORDERLY_BITS) - 1) +#endif +#ifndef ALG_ID_FIRST +#define ALG_ID_FIRST TPM_ALG_FIRST +#endif +#ifndef ALG_ID_LAST +#define ALG_ID_LAST TPM_ALG_LAST +#endif +#ifndef MAX_SYM_DATA +#define MAX_SYM_DATA 128 +#endif +#ifndef MAX_RNG_ENTROPY_SIZE +#define MAX_RNG_ENTROPY_SIZE 64 +#endif +#ifndef RAM_INDEX_SPACE +#define RAM_INDEX_SPACE 512 +#endif +#ifndef RSA_DEFAULT_PUBLIC_EXPONENT +#define RSA_DEFAULT_PUBLIC_EXPONENT 0x00010001 +#endif +#ifndef ENABLE_PCR_NO_INCREMENT +#define ENABLE_PCR_NO_INCREMENT 1 +#endif +#ifndef CRT_FORMAT_RSA +#define CRT_FORMAT_RSA 1 +#endif +#ifndef PRIVATE_VENDOR_SPECIFIC_BYTES +#define PRIVATE_VENDOR_SPECIFIC_BYTES ((MAX_RSA_KEY_BYTES/2) * (3 + CRT_FORMAT_RSA * 2)) +#endif +#ifndef MAX_CAP_CC +#define MAX_CAP_CC ((TPM_CC_LAST - TPM_CC_FIRST) + 1) +#endif +#ifndef MAX_CAP_DATA +#define MAX_CAP_DATA (MAX_CAP_BUFFER - sizeof(TPM_CAP) - sizeof(UINT32)) +#endif +#ifndef MAX_CAP_HANDLES +#define MAX_CAP_HANDLES (MAX_CAP_DATA / sizeof(TPM_HANDLE)) +#endif +#ifndef HASH_COUNT +#define HASH_COUNT (2) /* SHA1 and SHA256 */ +#endif +#ifndef MAX_CAP_ALGS +#define MAX_CAP_ALGS (MAX_CAP_DATA / sizeof(TPMS_ALG_PROPERTY)) +#endif +#ifndef MAX_TPM_PROPERTIES +#define MAX_TPM_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PROPERTY)) +#endif +#ifndef MAX_PCR_PROPERTIES +#define MAX_PCR_PROPERTIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_PCR_SELECT)) +#endif +#ifndef MAX_ECC_CURVES +#define MAX_ECC_CURVES (MAX_CAP_DATA / sizeof(TPM_ECC_CURVE)) +#endif +#ifndef MAX_TAGGED_POLICIES +#define MAX_TAGGED_POLICIES (MAX_CAP_DATA / sizeof(TPMS_TAGGED_POLICY)) +#endif + + +#endif /* __TPM2_TYPES_H__ */ diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h old mode 100755 new mode 100644 index 4b1e514..e797e1e --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -89,6 +89,7 @@ WOLFTPM_API int wolfTPM2_LoadEccPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, WOLFTPM_API int wolfTPM2_ReadPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, const TPM_HANDLE handle); +#ifndef WOLFTPM2_NO_WOLFCRYPT #ifndef NO_RSA WOLFTPM_API int wolfTPM2_RsaKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKey, RsaKey* wolfKey); @@ -101,6 +102,7 @@ WOLFTPM_API int wolfTPM2_EccKey_TpmToWolf(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* tpmKe WOLFTPM_API int wolfTPM2_EccKey_WolfToTpm(WOLFTPM2_DEV* dev, ecc_key* wolfKey, WOLFTPM2_KEY* tpmKey); #endif +#endif WOLFTPM_API int wolfTPM2_SignHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, const byte* digest, int digestSz, byte* sig, int* sigSz); @@ -133,7 +135,7 @@ WOLFTPM_API int wolfTPM2_NVStoreKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle, WOLFTPM_API int wolfTPM2_NVDeleteKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle, WOLFTPM2_KEY* key); -WOLFTPM_API WC_RNG* wolfTPM2_GetRng(WOLFTPM2_DEV* dev); +WOLFTPM_API struct WC_RNG* wolfTPM2_GetRng(WOLFTPM2_DEV* dev); WOLFTPM_API int wolfTPM2_UnloadHandle(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* handle); diff --git a/wolftpm/visibility.h b/wolftpm/visibility.h old mode 100755 new mode 100644