mirror of https://github.com/wolfSSL/wolfTPM.git
Split the native and wrapper test code into separate applications. Moved some of the utility wrapper functions into native area to support `WOLFTPM2_NO_WRAPPER`. Fix for storageKey auth in case when it used from NV.
parent
c81fb24cd6
commit
db49e917ac
|
@ -22,7 +22,8 @@ test-suite.log
|
|||
src/.deps
|
||||
src/.libs
|
||||
RemoteSystemsTempFiles
|
||||
examples/tpm/.deps
|
||||
*.o
|
||||
examples/tpm/tpm2_demo
|
||||
examples/tpm/.libs
|
||||
*.deps
|
||||
*.libs
|
||||
examples/wrap/wrap_test
|
||||
examples/native/native_test
|
||||
|
|
15
configure.ac
15
configure.ac
|
@ -95,7 +95,8 @@ AM_CPPFLAGS="$AM_CPPFLAGS -DDHAVE_WOLFSSL_OPTIONS -DHAVE_CYASSL_OPTIONS"
|
|||
|
||||
# Examples
|
||||
AC_ARG_ENABLE([examples],
|
||||
[ --enable-examples Enable Examples (default: enabled)],
|
||||
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
|
||||
[ --enable-examples ],
|
||||
[ ENABLED_EXAMPLES=$enableval ],
|
||||
[ ENABLED_EXAMPLES=yes ]
|
||||
)
|
||||
|
@ -103,6 +104,16 @@ AC_ARG_ENABLE([examples],
|
|||
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
|
||||
|
||||
|
||||
# Examples
|
||||
AC_ARG_ENABLE([wrapper],
|
||||
[AS_HELP_STRING([--enable-wrapper],[Enable wrapper code (default: enabled)])],
|
||||
[ ENABLED_WRAPPER=$enableval ],
|
||||
[ ENABLED_WRAPPER=yes ]
|
||||
)
|
||||
|
||||
AM_CONDITIONAL([BUILD_WRAPPER], [test "x$ENABLED_WRAPPER" = "xyes"])
|
||||
|
||||
|
||||
# HARDEN FLAGS
|
||||
AX_HARDEN_CC_COMPILER_FLAGS
|
||||
|
||||
|
@ -139,5 +150,5 @@ echo " * CPP Flags: $CPPFLAGS"
|
|||
echo " * Linker Flags: $LDFLAGS"
|
||||
echo " * LIB Flags: $LIB"
|
||||
|
||||
echo " * Wrappers: $ENABLED_WRAPPER"
|
||||
echo " * Examples: $ENABLED_EXAMPLES"
|
||||
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
|
||||
include examples/tpm/include.am
|
||||
include examples/native/include.am
|
||||
include examples/wrap/include.am
|
||||
|
||||
dist_example_DATA+= examples/tpm_io.c \
|
||||
examples/tpm_io.h
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
|
||||
if BUILD_EXAMPLES
|
||||
noinst_PROGRAMS += examples/native/native_test
|
||||
noinst_HEADERS += examples/native/native_test.h
|
||||
examples_native_native_test_SOURCES = examples/native/native_test.c \
|
||||
examples/tpm_io.c
|
||||
examples_native_native_test_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
|
||||
examples_native_native_test_DEPENDENCIES = src/libwolftpm.la
|
||||
endif
|
||||
|
||||
dist_example_DATA+= examples/native/native_test.c
|
||||
DISTCLEANFILES+= examples/native/.libs/native_test
|
|
@ -1,4 +1,4 @@
|
|||
/* tpm2_demo.c
|
||||
/* native_test.c
|
||||
*
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
|
@ -19,279 +19,16 @@
|
|||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
/* This demo shows using the TPM2_ specification API's in TPM2_Demo() and
|
||||
the TPM2 wrapper API's in TPM2_Wrapper_Demo() below. */
|
||||
|
||||
#ifdef HAVE_CONFIG_H
|
||||
#include <config.h>
|
||||
#endif
|
||||
|
||||
#ifndef WOLFSSL_USER_SETTINGS
|
||||
#include <wolfssl/options.h>
|
||||
#endif
|
||||
#include <wolfssl/wolfcrypt/settings.h>
|
||||
#include <wolfssl/wolfcrypt/logging.h>
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
#include <wolfssl/wolfcrypt/error-crypt.h>
|
||||
#include <wolfssl/wolfcrypt/hash.h>
|
||||
/* This example shows using the TPM2_ specification API's in TPM2_Native_Test() */
|
||||
|
||||
#include <wolftpm/tpm2.h>
|
||||
#include <wolftpm/tpm2_wrap.h>
|
||||
|
||||
#include <examples/tpm/tpm2_demo.h>
|
||||
#include <examples/native/native_test.h>
|
||||
#include <examples/tpm_io.h>
|
||||
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN IO Callback Logic -- */
|
||||
/******************************************************************************/
|
||||
|
||||
/* Configuration for the SPI interface */
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
extern SPI_HandleTypeDef hspi1;
|
||||
#define TPM2_USER_CTX &hspi1
|
||||
#elif defined(__linux__)
|
||||
#include <sys/ioctl.h>
|
||||
#include <linux/spi/spidev.h>
|
||||
#include <fcntl.h>
|
||||
#define TPM2_SPI_DEV "/dev/spidev0.1"
|
||||
|
||||
static int gSpiDev = -1;
|
||||
#define TPM2_USER_CTX &gSpiDev
|
||||
#else
|
||||
/* TODO: Add your platform here for HW interface */
|
||||
#define TPM2_USER_CTX NULL
|
||||
#endif
|
||||
|
||||
|
||||
#define TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE 0x81000200
|
||||
|
||||
|
||||
/* IO Callback */
|
||||
static int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
|
||||
word16 xferSz, void* userCtx)
|
||||
{
|
||||
int ret = TPM_RC_FAILURE;
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
/* STM32 CubeMX Hal */
|
||||
SPI_HandleTypeDef* hspi = (SPI_HandleTypeDef*)userCtx;
|
||||
HAL_StatusTypeDef status;
|
||||
|
||||
__HAL_SPI_ENABLE(hspi);
|
||||
status = HAL_SPI_TransmitReceive(hspi, (byte*)txBuf, rxBuf, xferSz, 5000);
|
||||
__HAL_SPI_DISABLE(hspi);
|
||||
if (status == HAL_OK)
|
||||
ret = TPM_RC_SUCCESS;
|
||||
|
||||
#elif defined(__linux__)
|
||||
/* Use Linux SPI synchronous access */
|
||||
int* spiDev = (int*)userCtx;
|
||||
|
||||
if (*spiDev == -1) {
|
||||
/* 33Mhz - PI has issue with 5-10Mhz on packets sized over 130 */
|
||||
unsigned int maxSpeed = 33000000;
|
||||
int mode = 0; /* mode 0 */
|
||||
int bits_per_word = 0; /* 8-bits */
|
||||
|
||||
*spiDev = open(TPM2_SPI_DEV, O_RDWR);
|
||||
if (*spiDev >= 0) {
|
||||
ioctl(*spiDev, SPI_IOC_WR_MODE, &mode);
|
||||
ioctl(*spiDev, SPI_IOC_RD_MAX_SPEED_HZ, &maxSpeed);
|
||||
ioctl(*spiDev, SPI_IOC_WR_BITS_PER_WORD, &bits_per_word);
|
||||
}
|
||||
}
|
||||
|
||||
if (*spiDev >= 0) {
|
||||
struct spi_ioc_transfer spi;
|
||||
size_t size;
|
||||
|
||||
XMEMSET(&spi, 0, sizeof(spi));
|
||||
spi.tx_buf = (unsigned long)txBuf;
|
||||
spi.rx_buf = (unsigned long)rxBuf;
|
||||
spi.len = xferSz;
|
||||
spi.cs_change= 1; /* strobe CS between transfers */
|
||||
|
||||
size = ioctl(*spiDev, SPI_IOC_MESSAGE(1), &spi);
|
||||
if (size == xferSz)
|
||||
ret = TPM_RC_SUCCESS;
|
||||
}
|
||||
#else
|
||||
/* TODO: Add your platform here for HW interface */
|
||||
(void)txBuf;
|
||||
(void)rxBuf;
|
||||
(void)xferSz;
|
||||
(void)userCtx;
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
//printf("TPM2_IoCb: %d\n", xferSz);
|
||||
//TPM2_PrintBin(txBuf, xferSz);
|
||||
//TPM2_PrintBin(rxBuf, xferSz);
|
||||
#endif
|
||||
|
||||
(void)ctx;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END IO Callback Logic -- */
|
||||
/******************************************************************************/
|
||||
|
||||
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN Wrapper API Demo -- */
|
||||
/******************************************************************************/
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
int TPM2_Wrapper_Demo(void* userCtx)
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
WOLFTPM2_KEY storageKey;
|
||||
WOLFTPM2_KEY rsaKey;
|
||||
WOLFTPM2_KEY eccKey;
|
||||
WOLFTPM2_BUFFER message;
|
||||
WOLFTPM2_BUFFER cipher;
|
||||
WOLFTPM2_BUFFER plain;
|
||||
TPMT_PUBLIC publicTemplate;
|
||||
TPM2B_ECC_POINT pubPoint;
|
||||
const char storageKeyAuth[] = "ThisIsMyStorageKeyAuth";
|
||||
const char keyAuth[] = "ThisIsMyKeyAuth";
|
||||
|
||||
printf("TPM2 Demo for Wrapper API's\n");
|
||||
|
||||
|
||||
/* Init the TPM2 device */
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != 0) return rc;
|
||||
|
||||
/* See if primary storage key already exists */
|
||||
rc = wolfTPM2_ReadPublicKey(&dev, &storageKey, TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
|
||||
if (rc != 0) {
|
||||
/* Create primary storage key */
|
||||
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
|
||||
TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER,
|
||||
&publicTemplate, (byte*)storageKeyAuth, sizeof(storageKeyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Move this key into peristent storage */
|
||||
rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey,
|
||||
TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
|
||||
/* Create RSA key for encrypt/decrypt */
|
||||
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle,
|
||||
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Perform RSA encrypt / decrypt */
|
||||
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
|
||||
XMEMSET(message.buffer, 0x11, message.size);
|
||||
cipher.size = sizeof(cipher.buffer); /* encrypted data */
|
||||
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP,
|
||||
message.buffer, message.size, cipher.buffer, &cipher.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
plain.size = sizeof(plain.buffer);
|
||||
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP,
|
||||
cipher.buffer, cipher.size, plain.buffer, &plain.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Validate encrypt / decrypt */
|
||||
if (message.size != plain.size ||
|
||||
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
|
||||
rc = TPM_RC_TESTING; goto exit;
|
||||
}
|
||||
printf("RSA Encrypt Test Passed\n");
|
||||
|
||||
|
||||
/* Create an ECC key for ECDSA */
|
||||
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
|
||||
TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
|
||||
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Perform sign / verify */
|
||||
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
|
||||
XMEMSET(message.buffer, 0x11, message.size);
|
||||
cipher.size = sizeof(cipher.buffer); /* signature */
|
||||
rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size,
|
||||
cipher.buffer, &cipher.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size,
|
||||
message.buffer, message.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
printf("ECC Sign/Verify Passed\n");
|
||||
|
||||
|
||||
/* Create an ECC key for DH */
|
||||
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA,
|
||||
TPM_ECC_NIST_P256, TPM_ALG_ECDH);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
|
||||
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Create ephemeral ECC key and generate a shared secret */
|
||||
cipher.size = sizeof(cipher.buffer);
|
||||
rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint,
|
||||
cipher.buffer, &cipher.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
printf("ECC DH Generation Passed\n");
|
||||
|
||||
|
||||
exit:
|
||||
|
||||
if (rc != 0) {
|
||||
printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
}
|
||||
|
||||
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
|
||||
wolfTPM2_Cleanup(&dev);
|
||||
|
||||
return rc;
|
||||
}
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END Wrapper API Demo -- */
|
||||
/******************************************************************************/
|
||||
|
||||
|
||||
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN TPM Native API Demo -- */
|
||||
/* --- BEGIN TPM Native API Tests -- */
|
||||
/******************************************************************************/
|
||||
|
||||
|
||||
|
@ -325,7 +62,7 @@ typedef struct tmpHandle {
|
|||
} TpmHandle;
|
||||
|
||||
|
||||
int TPM2_Demo(void* userCtx)
|
||||
int TPM2_Native_Test(void* userCtx)
|
||||
{
|
||||
int rc;
|
||||
TPM2_CTX tpm2Ctx;
|
||||
|
@ -453,7 +190,7 @@ int TPM2_Demo(void* userCtx)
|
|||
|
||||
rc = TPM2_Init(&tpm2Ctx, TPM2_IoCb, userCtx);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Init failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -473,7 +210,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_Startup(&cmdIn.startup);
|
||||
if (rc != TPM_RC_SUCCESS &&
|
||||
rc != TPM_RC_INITIALIZE /* TPM_RC_INITIALIZE = Already started */ ) {
|
||||
printf("TPM2_Startup failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Startup failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_Startup pass\n");
|
||||
|
@ -484,7 +221,7 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.selfTest.fullTest = YES;
|
||||
rc = TPM2_SelfTest(&cmdIn.selfTest);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_SelfTest failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_SelfTest failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_SelfTest pass\n");
|
||||
|
@ -493,7 +230,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_GetTestResult(&cmdOut.tr);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_GetTestResult failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_GetTestResult: Size %d, Rc 0x%x\n", cmdOut.tr.outData.size,
|
||||
|
@ -518,7 +255,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_GetCapability(&cmdIn.cap, &cmdOut.cap);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_GetCapability failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
tpmProp = &cmdOut.cap.capabilityData.data.tpmProperties;
|
||||
|
@ -531,7 +268,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_GetCapability(&cmdIn.cap, &cmdOut.cap);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_GetCapability failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
tpmProp = &cmdOut.cap.capabilityData.data.tpmProperties;
|
||||
|
@ -545,7 +282,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_GetRandom(&cmdIn.getRand, &cmdOut.getRand);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_GetRandom failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
if (cmdOut.getRand.randomBytes.size != WC_SHA256_DIGEST_SIZE) {
|
||||
|
@ -566,7 +303,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_StirRandom(&cmdIn.stirRand);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_StirRandom failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_StirRandom: success\n");
|
||||
|
@ -576,12 +313,12 @@ int TPM2_Demo(void* userCtx)
|
|||
for (i=0; i<pcrCount; i++) {
|
||||
pcrIndex = i;
|
||||
XMEMSET(&cmdIn.pcrRead, 0, sizeof(cmdIn.pcrRead));
|
||||
wolfTPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
|
||||
TPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
|
||||
TPM_ALG_SHA256, pcrIndex);
|
||||
rc = TPM2_PCR_Read(&cmdIn.pcrRead, &cmdOut.pcrRead);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_PCR_Read: Index %d, Digest Sz %d, Update Counter %d\n",
|
||||
|
@ -604,17 +341,17 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_PCR_Extend(&cmdIn.pcrExtend);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PCR_Extend failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_PCR_Extend success\n");
|
||||
|
||||
XMEMSET(&cmdIn.pcrRead, 0, sizeof(cmdIn.pcrRead));
|
||||
wolfTPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
|
||||
TPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
|
||||
TPM_ALG_SHA256, pcrIndex);
|
||||
rc = TPM2_PCR_Read(&cmdIn.pcrRead, &cmdOut.pcrRead);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_PCR_Read: Index %d, Digest Sz %d, Update Counter %d\n",
|
||||
|
@ -644,7 +381,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_StartAuthSession(&cmdIn.authSes, &cmdOut.authSes);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_StartAuthSession failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
sessionHandle = cmdOut.authSes.sessionHandle;
|
||||
|
@ -657,7 +394,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_PolicyGetDigest(&cmdIn.policyGetDigest, &cmdOut.policyGetDigest);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PolicyGetDigest failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_PolicyGetDigest: size %d\n",
|
||||
|
@ -668,11 +405,11 @@ int TPM2_Demo(void* userCtx)
|
|||
/* Read PCR[0] SHA1 */
|
||||
pcrIndex = 0;
|
||||
XMEMSET(&cmdIn.pcrRead, 0, sizeof(cmdIn.pcrRead));
|
||||
wolfTPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn, TPM_ALG_SHA1, pcrIndex);
|
||||
TPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn, TPM_ALG_SHA1, pcrIndex);
|
||||
rc = TPM2_PCR_Read(&cmdIn.pcrRead, &cmdOut.pcrRead);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_PCR_Read: Index %d, Digest Sz %d, Update Counter %d\n",
|
||||
|
@ -697,11 +434,11 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.policyPCR.policySession = sessionHandle;
|
||||
cmdIn.policyPCR.pcrDigest.size = hash_len;
|
||||
XMEMCPY(cmdIn.policyPCR.pcrDigest.buffer, hash, hash_len);
|
||||
wolfTPM2_SetupPCRSel(&cmdIn.policyPCR.pcrs, TPM_ALG_SHA1, pcrIndex);
|
||||
TPM2_SetupPCRSel(&cmdIn.policyPCR.pcrs, TPM_ALG_SHA1, pcrIndex);
|
||||
rc = TPM2_PolicyPCR(&cmdIn.policyPCR);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PolicyPCR failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
//goto exit;
|
||||
}
|
||||
printf("TPM2_PolicyPCR: Updated\n");
|
||||
|
@ -713,7 +450,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_PolicyRestart(&cmdIn.policyRestart);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PolicyRestart failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_PolicyRestart: Done\n");
|
||||
|
@ -728,7 +465,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_HashSequenceStart(&cmdIn.hashSeqStart, &cmdOut.hashSeqStart);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_HashSequenceStart failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
handle = cmdOut.hashSeqStart.sequenceHandle;
|
||||
|
@ -745,7 +482,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_SequenceUpdate(&cmdIn.seqUpdate);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_SequenceUpdate failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -755,7 +492,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_SequenceComplete(&cmdIn.seqComp, &cmdOut.seqComp);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_SequenceComplete failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
if (cmdOut.seqComp.result.size != WC_SHA256_DIGEST_SIZE &&
|
||||
|
@ -777,7 +514,7 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.clear.authHandle = TPM_RH_PLATFORM;
|
||||
rc = TPM2_Clear(&cmdIn.clear);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Clear failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Clear failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_Clear Owner\n");
|
||||
|
@ -807,7 +544,7 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
|
||||
rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_CreatePrimary: Endorsement failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_CreatePrimary: Endorsement failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
endorse.handle = cmdOut.createPri.objectHandle;
|
||||
|
@ -841,7 +578,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_CreatePrimary: Storage failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
storage.handle = cmdOut.createPri.objectHandle;
|
||||
|
@ -871,7 +608,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_LoadExternal(&cmdIn.loadExt, &cmdOut.loadExt);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_LoadExternal: failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
handle = cmdOut.loadExt.objectHandle;
|
||||
|
@ -887,7 +624,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_MakeCredential(&cmdIn.makeCred, &cmdOut.makeCred);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_MakeCredential: failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_MakeCredential: credentialBlob %d, secret %d\n",
|
||||
|
@ -901,7 +638,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_ReadPublic(&cmdIn.readPub, &cmdOut.readPub);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_ReadPublic failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_ReadPublic Handle 0x%x: pub %d, name %d, qualifiedName %d\n",
|
||||
|
@ -931,7 +668,7 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.create.inPublic.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_SHA256;
|
||||
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Create HMAC failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Create HMAC failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
hmacKey.pub = cmdOut.create.outPublic;
|
||||
|
@ -945,7 +682,7 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.load.inPublic = hmacKey.pub;
|
||||
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Load failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Load failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
hmacKey.handle = cmdOut.load.objectHandle;
|
||||
|
@ -960,7 +697,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_PolicyCommandCode(&cmdIn.policyCC);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_PolicyCommandCode failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_PolicyCommandCode: success\n");
|
||||
|
@ -980,7 +717,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_ObjectChangeAuth(&cmdIn.objChgAuth, &cmdOut.objChgAuth);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_ObjectChangeAuth failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
//goto exit;
|
||||
}
|
||||
hmacKey.priv = cmdOut.objChgAuth.outPrivate;
|
||||
|
@ -997,7 +734,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_ECC_Parameters(&cmdIn.eccParam, &cmdOut.eccParam);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_ECC_Parameters failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_ECC_Parameters: CurveID %d, sz %d, p %d, a %d, b %d, "
|
||||
|
@ -1032,7 +769,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Create ECDSA failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_Create: New ECDSA Key: pub %d, priv %d\n",
|
||||
|
@ -1049,7 +786,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Load ECDSA failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
eccKey.handle = cmdOut.load.objectHandle;
|
||||
|
@ -1070,7 +807,7 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.sign.validation.hierarchy = TPM_RH_NULL;
|
||||
rc = TPM2_Sign(&cmdIn.sign, &cmdOut.sign);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Sign failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Sign failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_Sign: ECC S %d, R %d\n",
|
||||
|
@ -1086,7 +823,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_VerifySignature(&cmdIn.verifySign, &cmdOut.verifySign);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_VerifySignature failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_VerifySignature: Tag %d\n", cmdOut.verifySign.validation.tag);
|
||||
|
@ -1117,7 +854,7 @@ int TPM2_Demo(void* userCtx)
|
|||
cmdIn.create.inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
|
||||
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Create ECDH failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Create ECDH failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_Create: New ECDH Key: pub %d, priv %d\n",
|
||||
|
@ -1134,7 +871,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Load ECDH key failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
eccKey.handle = cmdOut.load.objectHandle;
|
||||
|
@ -1150,7 +887,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_ECDH_KeyGen(&cmdIn.ecdh, &cmdOut.ecdh);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_ECDH_KeyGen failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_ECDH_KeyGen: zPt %d, pubPt %d\n",
|
||||
|
@ -1165,7 +902,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_ECDH_ZGen(&cmdIn.ecdhZ, &cmdOut.ecdhZ);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_ECDH_KeyGen failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_ECDH_KeyGen: zPt %d\n",
|
||||
|
@ -1203,7 +940,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Create RSA failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_Create: New RSA Key: pub %d, priv %d\n",
|
||||
|
@ -1220,7 +957,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Load RSA key failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
rsaKey.handle = cmdOut.load.objectHandle;
|
||||
|
@ -1242,7 +979,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_RSA_Encrypt(&cmdIn.rsaEnc, &cmdOut.rsaEnc);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_RSA_Encrypt failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_RSA_Encrypt: %d\n", cmdOut.rsaEnc.outData.size);
|
||||
|
@ -1258,7 +995,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_RSA_Decrypt(&cmdIn.rsaDec, &cmdOut.rsaDec);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_RSA_Decrypt failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_RSA_Decrypt: %d\n", cmdOut.rsaDec.message.size);
|
||||
|
@ -1289,7 +1026,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_NV_ReadPublic(&cmdIn.nvReadPub, &cmdOut.nvReadPub);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_NV_ReadPublic failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
//goto exit;
|
||||
}
|
||||
else if (cmdOut.nvReadPub.nvPublic.size > 0) {
|
||||
|
@ -1319,7 +1056,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_NV_DefineSpace(&cmdIn.nvDefine);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_NV_DefineSpace failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
printf("TPM2_NV_DefineSpace: 0x%x\n", nvIndex);
|
||||
|
@ -1330,7 +1067,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_NV_ReadPublic(&cmdIn.nvReadPub, &cmdOut.nvReadPub);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_NV_ReadPublic failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
//goto exit;
|
||||
}
|
||||
printf("TPM2_NV_ReadPublic: Sz %d, Idx 0x%x, nameAlg %d, Attr 0x%x, "
|
||||
|
@ -1350,7 +1087,7 @@ int TPM2_Demo(void* userCtx)
|
|||
rc = TPM2_NV_UndefineSpace(&cmdIn.nvUndefine);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_NV_UndefineSpace failed 0x%x: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -1390,7 +1127,7 @@ exit:
|
|||
cmdIn.shutdown.shutdownType = TPM_SU_CLEAR;
|
||||
rc = TPM2_Shutdown(&cmdIn.shutdown);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_Shutdown failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
printf("TPM2_Shutdown failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -1406,7 +1143,7 @@ exit:
|
|||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN TPM Native API Demo -- */
|
||||
/* --- BEGIN TPM Native API Tests -- */
|
||||
/******************************************************************************/
|
||||
|
||||
|
||||
|
@ -1415,13 +1152,7 @@ int main(void)
|
|||
{
|
||||
int rc;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Wrapper_Demo(TPM2_USER_CTX);
|
||||
if (rc != 0)
|
||||
return rc;
|
||||
#endif
|
||||
|
||||
rc = TPM2_Demo(TPM2_USER_CTX);
|
||||
rc = TPM2_Native_Test(TPM2_IoGetUserCtx());
|
||||
|
||||
return rc;
|
||||
}
|
|
@ -1,4 +1,4 @@
|
|||
/* tpm2_demo.h
|
||||
/* native_test.h
|
||||
*
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
|
@ -19,11 +19,10 @@
|
|||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
#ifndef _TPM2_DEMO_H_
|
||||
#define _TPM2_DEMO_H_
|
||||
#ifndef _NATIVE_TEST_H_
|
||||
#define _NATIVE_TEST_H_
|
||||
|
||||
|
||||
int TPM2_Demo(void* userCtx);
|
||||
int TPM2_Wrapper_Demo(void* userCtx);
|
||||
int TPM2_Native_Test(void* userCtx);
|
||||
|
||||
#endif /* _TPM2_DEMO_H_ */
|
||||
#endif /* _NATIVE_TEST_H_ */
|
|
@ -1,13 +0,0 @@
|
|||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
|
||||
if BUILD_EXAMPLES
|
||||
noinst_PROGRAMS += examples/tpm/tpm2_demo
|
||||
noinst_HEADERS += examples/tpm/tpm2_demo.h
|
||||
examples_tpm_tpm2_demo_SOURCES = examples/tpm/tpm2_demo.c
|
||||
examples_tpm_tpm2_demo_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
|
||||
examples_tpm_tpm2_demo_DEPENDENCIES = src/libwolftpm.la
|
||||
endif
|
||||
|
||||
dist_example_DATA+= examples/tpm/tpm2_demo.c
|
||||
DISTCLEANFILES+= examples/tpm/.libs/tpm_demo
|
|
@ -0,0 +1,125 @@
|
|||
/* tpm_io.c
|
||||
*
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* wolfTPM is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfTPM is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
/* This example shows IO interfaces for Linux Kernel or STM32 CubeMX HAL */
|
||||
|
||||
|
||||
#include <wolftpm/tpm2.h>
|
||||
#include <examples/tpm_io.h>
|
||||
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN IO Callback Logic -- */
|
||||
/******************************************************************************/
|
||||
|
||||
/* Configuration for the SPI interface */
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
extern SPI_HandleTypeDef hspi1;
|
||||
#define TPM2_USER_CTX &hspi1
|
||||
#elif defined(__linux__)
|
||||
#include <sys/ioctl.h>
|
||||
#include <linux/spi/spidev.h>
|
||||
#include <fcntl.h>
|
||||
#define TPM2_SPI_DEV "/dev/spidev0.1"
|
||||
|
||||
static int gSpiDev = -1;
|
||||
#define TPM2_USER_CTX &gSpiDev
|
||||
#else
|
||||
/* TODO: Add your platform here for HW interface */
|
||||
#define TPM2_USER_CTX NULL
|
||||
#endif
|
||||
|
||||
void* TPM2_IoGetUserCtx(void)
|
||||
{
|
||||
return TPM2_USER_CTX;
|
||||
}
|
||||
|
||||
/* IO Callback */
|
||||
int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
|
||||
word16 xferSz, void* userCtx)
|
||||
{
|
||||
int ret = TPM_RC_FAILURE;
|
||||
#ifdef WOLFSSL_STM32_CUBEMX
|
||||
/* STM32 CubeMX Hal */
|
||||
SPI_HandleTypeDef* hspi = (SPI_HandleTypeDef*)userCtx;
|
||||
HAL_StatusTypeDef status;
|
||||
|
||||
__HAL_SPI_ENABLE(hspi);
|
||||
status = HAL_SPI_TransmitReceive(hspi, (byte*)txBuf, rxBuf, xferSz, 5000);
|
||||
__HAL_SPI_DISABLE(hspi);
|
||||
if (status == HAL_OK)
|
||||
ret = TPM_RC_SUCCESS;
|
||||
|
||||
#elif defined(__linux__)
|
||||
/* Use Linux SPI synchronous access */
|
||||
int* spiDev = (int*)userCtx;
|
||||
|
||||
if (*spiDev == -1) {
|
||||
/* 33Mhz - PI has issue with 5-10Mhz on packets sized over 130 */
|
||||
unsigned int maxSpeed = 33000000;
|
||||
int mode = 0; /* mode 0 */
|
||||
int bits_per_word = 0; /* 8-bits */
|
||||
|
||||
*spiDev = open(TPM2_SPI_DEV, O_RDWR);
|
||||
if (*spiDev >= 0) {
|
||||
ioctl(*spiDev, SPI_IOC_WR_MODE, &mode);
|
||||
ioctl(*spiDev, SPI_IOC_RD_MAX_SPEED_HZ, &maxSpeed);
|
||||
ioctl(*spiDev, SPI_IOC_WR_BITS_PER_WORD, &bits_per_word);
|
||||
}
|
||||
}
|
||||
|
||||
if (*spiDev >= 0) {
|
||||
struct spi_ioc_transfer spi;
|
||||
size_t size;
|
||||
|
||||
XMEMSET(&spi, 0, sizeof(spi));
|
||||
spi.tx_buf = (unsigned long)txBuf;
|
||||
spi.rx_buf = (unsigned long)rxBuf;
|
||||
spi.len = xferSz;
|
||||
spi.cs_change= 1; /* strobe CS between transfers */
|
||||
|
||||
size = ioctl(*spiDev, SPI_IOC_MESSAGE(1), &spi);
|
||||
if (size == xferSz)
|
||||
ret = TPM_RC_SUCCESS;
|
||||
}
|
||||
#else
|
||||
/* TODO: Add your platform here for HW interface */
|
||||
#error Add your platform here for HW interface
|
||||
(void)txBuf;
|
||||
(void)rxBuf;
|
||||
(void)xferSz;
|
||||
(void)userCtx;
|
||||
#endif
|
||||
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
//printf("TPM2_IoCb: %d\n", xferSz);
|
||||
//TPM2_PrintBin(txBuf, xferSz);
|
||||
//TPM2_PrintBin(rxBuf, xferSz);
|
||||
#endif
|
||||
|
||||
(void)ctx;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END IO Callback Logic -- */
|
||||
/******************************************************************************/
|
|
@ -0,0 +1,32 @@
|
|||
/* tpm_io.h
|
||||
*
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* wolfTPM is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfTPM is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
#ifndef _TPM_IO_H_
|
||||
#define _TPM_IO_H_
|
||||
|
||||
#include <wolftpm/tpm2.h>
|
||||
|
||||
void* TPM2_IoGetUserCtx(void);
|
||||
int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
|
||||
word16 xferSz, void* userCtx);
|
||||
|
||||
|
||||
#endif /* _TPM_IO_H_ */
|
|
@ -0,0 +1,14 @@
|
|||
# vim:ft=automake
|
||||
# All paths should be given relative to the root
|
||||
|
||||
if BUILD_EXAMPLES
|
||||
noinst_PROGRAMS += examples/wrap/wrap_test
|
||||
noinst_HEADERS += examples/wrap/wrap_test.h
|
||||
examples_wrap_wrap_test_SOURCES = examples/wrap/wrap_test.c \
|
||||
examples/tpm_io.c
|
||||
examples_wrap_wrap_test_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
|
||||
examples_wrap_wrap_test_DEPENDENCIES = src/libwolftpm.la
|
||||
endif
|
||||
|
||||
dist_example_DATA+= examples/wrap/wrap_test.c
|
||||
DISTCLEANFILES+= examples/wrap/.libs/wrap_test
|
|
@ -0,0 +1,201 @@
|
|||
/* wrap_test.c
|
||||
*
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* wolfTPM is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfTPM is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
/* This example shows using the TPM2 wrapper API's in TPM2_Wrapper_Test() below. */
|
||||
|
||||
#include <wolftpm/tpm2.h>
|
||||
#include <wolftpm/tpm2_wrap.h>
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
|
||||
#include <examples/tpm_io.h>
|
||||
#include <examples/wrap/wrap_test.h>
|
||||
|
||||
#define TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE 0x81000200
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- BEGIN Wrapper API Tests -- */
|
||||
/******************************************************************************/
|
||||
|
||||
int TPM2_Wrapper_Test(void* userCtx)
|
||||
{
|
||||
int rc;
|
||||
WOLFTPM2_DEV dev;
|
||||
WOLFTPM2_KEY storageKey;
|
||||
WOLFTPM2_KEY rsaKey;
|
||||
WOLFTPM2_KEY eccKey;
|
||||
WOLFTPM2_BUFFER message;
|
||||
WOLFTPM2_BUFFER cipher;
|
||||
WOLFTPM2_BUFFER plain;
|
||||
TPMT_PUBLIC publicTemplate;
|
||||
TPM2B_ECC_POINT pubPoint;
|
||||
const char storageKeyAuth[] = "ThisIsMyStorageKeyAuth";
|
||||
const char keyAuth[] = "ThisIsMyKeyAuth";
|
||||
|
||||
printf("TPM2 Demo for Wrapper API's\n");
|
||||
|
||||
|
||||
/* Init the TPM2 device */
|
||||
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
|
||||
if (rc != 0) return rc;
|
||||
|
||||
/* See if primary storage key already exists */
|
||||
rc = wolfTPM2_ReadPublicKey(&dev, &storageKey, TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
|
||||
if (rc != 0) {
|
||||
/* Create primary storage key */
|
||||
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
|
||||
TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER,
|
||||
&publicTemplate, (byte*)storageKeyAuth, sizeof(storageKeyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Move this key into peristent storage */
|
||||
rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey,
|
||||
TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
|
||||
if (rc != 0) goto exit;
|
||||
}
|
||||
else {
|
||||
/* specify auth password for storage key */
|
||||
storageKey.handle.auth.size = sizeof(storageKeyAuth)-1;
|
||||
XMEMCPY(storageKey.handle.auth.buffer, storageKeyAuth,
|
||||
storageKey.handle.auth.size);
|
||||
}
|
||||
|
||||
/* Create RSA key for encrypt/decrypt */
|
||||
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle,
|
||||
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Perform RSA encrypt / decrypt */
|
||||
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
|
||||
XMEMSET(message.buffer, 0x11, message.size);
|
||||
cipher.size = sizeof(cipher.buffer); /* encrypted data */
|
||||
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP,
|
||||
message.buffer, message.size, cipher.buffer, &cipher.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
plain.size = sizeof(plain.buffer);
|
||||
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP,
|
||||
cipher.buffer, cipher.size, plain.buffer, &plain.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Validate encrypt / decrypt */
|
||||
if (message.size != plain.size ||
|
||||
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
|
||||
rc = TPM_RC_TESTING; goto exit;
|
||||
}
|
||||
printf("RSA Encrypt Test Passed\n");
|
||||
|
||||
|
||||
/* Create an ECC key for ECDSA */
|
||||
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
|
||||
TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
|
||||
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Perform sign / verify */
|
||||
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
|
||||
XMEMSET(message.buffer, 0x11, message.size);
|
||||
cipher.size = sizeof(cipher.buffer); /* signature */
|
||||
rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size,
|
||||
cipher.buffer, &cipher.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size,
|
||||
message.buffer, message.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
printf("ECC Sign/Verify Passed\n");
|
||||
|
||||
|
||||
/* Create an ECC key for DH */
|
||||
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
|
||||
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
|
||||
TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA,
|
||||
TPM_ECC_NIST_P256, TPM_ALG_ECDH);
|
||||
if (rc != 0) goto exit;
|
||||
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
|
||||
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
/* Create ephemeral ECC key and generate a shared secret */
|
||||
cipher.size = sizeof(cipher.buffer);
|
||||
rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint,
|
||||
cipher.buffer, &cipher.size);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
if (rc != 0) goto exit;
|
||||
|
||||
printf("ECC DH Generation Passed\n");
|
||||
|
||||
|
||||
exit:
|
||||
|
||||
if (rc != 0) {
|
||||
printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
|
||||
}
|
||||
|
||||
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
|
||||
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
|
||||
wolfTPM2_Cleanup(&dev);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END Wrapper API Tests -- */
|
||||
/******************************************************************************/
|
||||
|
||||
#endif /* !WOLFTPM2_NO_WRAPPER */
|
||||
|
||||
#ifndef NO_MAIN_DRIVER
|
||||
int main(void)
|
||||
{
|
||||
int rc = -1;
|
||||
|
||||
#ifndef WOLFTPM2_NO_WRAPPER
|
||||
rc = TPM2_Wrapper_Test(TPM2_IoGetUserCtx());
|
||||
#else
|
||||
printf("Wrapper code not compiled in\n");
|
||||
#endif
|
||||
|
||||
return rc;
|
||||
}
|
||||
#endif /* !NO_MAIN_DRIVER */
|
|
@ -0,0 +1,28 @@
|
|||
/* wrap_test.h
|
||||
*
|
||||
* Copyright (C) 2006-2018 wolfSSL Inc.
|
||||
*
|
||||
* This file is part of wolfSSL. (formerly known as CyaSSL)
|
||||
*
|
||||
* wolfTPM is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* wolfTPM is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
|
||||
*/
|
||||
|
||||
#ifndef _WRAP_TEST_H_
|
||||
#define _WRAP_TEST_H_
|
||||
|
||||
|
||||
int TPM2_Wrapper_Test(void* userCtx);
|
||||
|
||||
#endif /* _WRAP_TEST_H_ */
|
235
src/tpm2.c
235
src/tpm2.c
|
@ -4526,6 +4526,241 @@ int TPM2_GetNonce(byte* nonceBuf, int nonceSz)
|
|||
return rc;
|
||||
}
|
||||
|
||||
void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex)
|
||||
{
|
||||
if (pcr) {
|
||||
pcr->count = 1;
|
||||
pcr->pcrSelections[0].hash = alg;
|
||||
pcr->pcrSelections[0].sizeofSelect = PCR_SELECT_MIN;
|
||||
XMEMSET(pcr->pcrSelections[0].pcrSelect, 0, PCR_SELECT_MIN);
|
||||
pcr->pcrSelections[0].pcrSelect[pcrIndex >> 3] = (1 << (pcrIndex & 0x7));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#define TPM_RC_STRINGIFY(rc) #rc
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) ": " desc
|
||||
#else
|
||||
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc)
|
||||
#endif
|
||||
|
||||
const char* TPM2_GetRCString(int rc)
|
||||
{
|
||||
/* for negative return codes use wolfCrypt */
|
||||
if (rc < 0) {
|
||||
return wc_GetErrorString(rc);
|
||||
}
|
||||
|
||||
if (rc & RC_VER1) {
|
||||
int rc_fm0 = rc & RC_MAX_FM0;
|
||||
|
||||
switch (rc_fm0) {
|
||||
TPM_RC_STR(TPM_RC_SUCCESS, "Success");
|
||||
TPM_RC_STR(TPM_RC_BAD_TAG, "Bad Tag");
|
||||
TPM_RC_STR(TPM_RC_INITIALIZE, "TPM not initialized by TPM2_Startup or already initialized");
|
||||
TPM_RC_STR(TPM_RC_FAILURE, "Commands not being accepted because of a TPM failure");
|
||||
TPM_RC_STR(TPM_RC_SEQUENCE, "Improper use of a sequence handle");
|
||||
TPM_RC_STR(TPM_RC_DISABLED, "The command is disabled");
|
||||
TPM_RC_STR(TPM_RC_EXCLUSIVE, "Command failed because audit sequence required exclusivity");
|
||||
TPM_RC_STR(TPM_RC_AUTH_TYPE, "Authorization handle is not correct for command");
|
||||
TPM_RC_STR(TPM_RC_AUTH_MISSING, "Command requires an authorization session for handle and it is not present");
|
||||
TPM_RC_STR(TPM_RC_POLICY, "Policy failure in math operation or an invalid authPolicy value");
|
||||
TPM_RC_STR(TPM_RC_PCR, "PCR check fail");
|
||||
TPM_RC_STR(TPM_RC_PCR_CHANGED, "PCR have changed since checked");
|
||||
TPM_RC_STR(TPM_RC_UPGRADE, "Indicates that the TPM is in field upgrade mode");
|
||||
TPM_RC_STR(TPM_RC_TOO_MANY_CONTEXTS, "Context ID counter is at maximum");
|
||||
TPM_RC_STR(TPM_RC_AUTH_UNAVAILABLE, "The authValue or authPolicy is not available for selected entity");
|
||||
TPM_RC_STR(TPM_RC_REBOOT, "A _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation");
|
||||
TPM_RC_STR(TPM_RC_UNBALANCED, "The protection algorithms (hash and symmetric) are not reasonably balanced");
|
||||
TPM_RC_STR(TPM_RC_COMMAND_SIZE, "Command commandSize value is inconsistent with contents of the command buffer");
|
||||
TPM_RC_STR(TPM_RC_COMMAND_CODE, "Command code not supported");
|
||||
TPM_RC_STR(TPM_RC_AUTHSIZE, "The value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required");
|
||||
TPM_RC_STR(TPM_RC_AUTH_CONTEXT, "Use of an authorization session with a context command or another command that cannot have an authorization session");
|
||||
TPM_RC_STR(TPM_RC_NV_RANGE, "NV offset+size is out of range");
|
||||
TPM_RC_STR(TPM_RC_NV_SIZE, "Requested allocation size is larger than allowed");
|
||||
TPM_RC_STR(TPM_RC_NV_LOCKED, "NV access locked");
|
||||
TPM_RC_STR(TPM_RC_NV_AUTHORIZATION, "NV access authorization fails in command actions");
|
||||
TPM_RC_STR(TPM_RC_NV_UNINITIALIZED, "An NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored");
|
||||
TPM_RC_STR(TPM_RC_NV_SPACE, "Insufficient space for NV allocation");
|
||||
TPM_RC_STR(TPM_RC_NV_DEFINED, "NV Index or persistent object already defined");
|
||||
TPM_RC_STR(TPM_RC_BAD_CONTEXT, "Context in TPM2_ContextLoad() is not valid");
|
||||
TPM_RC_STR(TPM_RC_CPHASH, "The cpHash value already set or not correct for use");
|
||||
TPM_RC_STR(TPM_RC_PARENT, "Handle for parent is not a valid parent");
|
||||
TPM_RC_STR(TPM_RC_NEEDS_TEST, "Some function needs testing");
|
||||
TPM_RC_STR(TPM_RC_NO_RESULT, "Cannot process a request due to an unspecified problem");
|
||||
TPM_RC_STR(TPM_RC_SENSITIVE, "The sensitive area did not unmarshal correctly after decryption");
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (rc & RC_FMT1) {
|
||||
int rc_fmt1 = rc & RC_MAX_FMT1;
|
||||
|
||||
switch (rc_fmt1) {
|
||||
TPM_RC_STR(TPM_RC_ASYMMETRIC, "Asymmetric algorithm not supported or not correct");
|
||||
TPM_RC_STR(TPM_RC_ATTRIBUTES, "Inconsistent attributes");
|
||||
TPM_RC_STR(TPM_RC_HASH, "Hash algorithm not supported or not appropriate");
|
||||
TPM_RC_STR(TPM_RC_VALUE, "Value is out of range or is not correct for the context");
|
||||
TPM_RC_STR(TPM_RC_HIERARCHY, "Hierarchy is not enabled or is not correct for the use");
|
||||
TPM_RC_STR(TPM_RC_KEY_SIZE, "Key size is not supported");
|
||||
TPM_RC_STR(TPM_RC_MGF, "Mask generation function not supported");
|
||||
TPM_RC_STR(TPM_RC_MODE, "Mode of operation not supported");
|
||||
TPM_RC_STR(TPM_RC_TYPE, "The type of the value is not appropriate for the use");
|
||||
TPM_RC_STR(TPM_RC_HANDLE, "The handle is not correct for the use");
|
||||
TPM_RC_STR(TPM_RC_KDF, "Unsupported key derivation function or function not appropriate for use");
|
||||
TPM_RC_STR(TPM_RC_RANGE, "Value was out of allowed range");
|
||||
TPM_RC_STR(TPM_RC_AUTH_FAIL, "The authorization HMAC check failed and DA counter incremented");
|
||||
TPM_RC_STR(TPM_RC_NONCE, "Invalid nonce size or nonce value mismatch");
|
||||
TPM_RC_STR(TPM_RC_PP, "Authorization requires assertion of PP");
|
||||
TPM_RC_STR(TPM_RC_SCHEME, "Unsupported or incompatible scheme");
|
||||
TPM_RC_STR(TPM_RC_SIZE, "Structure is the wrong size");
|
||||
TPM_RC_STR(TPM_RC_SYMMETRIC, "Unsupported symmetric algorithm or key size, or not appropriate for instance");
|
||||
TPM_RC_STR(TPM_RC_TAG, "Incorrect structure tag");
|
||||
TPM_RC_STR(TPM_RC_SELECTOR, "Union selector is incorrect");
|
||||
TPM_RC_STR(TPM_RC_INSUFFICIENT, "The TPM was unable to unmarshal a value because there were not enough octets in the input buffer");
|
||||
TPM_RC_STR(TPM_RC_SIGNATURE, "The signature is not valid");
|
||||
TPM_RC_STR(TPM_RC_KEY, "Key fields are not compatible with the selected use");
|
||||
TPM_RC_STR(TPM_RC_POLICY_FAIL, "A policy check failed");
|
||||
TPM_RC_STR(TPM_RC_INTEGRITY, "Integrity check failed");
|
||||
TPM_RC_STR(TPM_RC_TICKET, "Invalid ticket");
|
||||
TPM_RC_STR(TPM_RC_RESERVED_BITS, "Reserved bits not set to zero as required");
|
||||
TPM_RC_STR(TPM_RC_BAD_AUTH, "Authorization failure without DA implications");
|
||||
TPM_RC_STR(TPM_RC_EXPIRED, "The policy has expired");
|
||||
TPM_RC_STR(TPM_RC_POLICY_CC, "The commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented");
|
||||
TPM_RC_STR(TPM_RC_BINDING, "Public and sensitive portions of an object are not cryptographically bound");
|
||||
TPM_RC_STR(TPM_RC_CURVE, "Curve not supported");
|
||||
TPM_RC_STR(TPM_RC_ECC_POINT, "Point is not on the required curve");
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (rc & RC_WARN) {
|
||||
int rc_warn = rc & RC_MAX_WARN;
|
||||
|
||||
switch (rc_warn) {
|
||||
TPM_RC_STR(TPM_RC_CONTEXT_GAP, "Gap for context ID is too large");
|
||||
TPM_RC_STR(TPM_RC_OBJECT_MEMORY, "Out of memory for object contexts");
|
||||
TPM_RC_STR(TPM_RC_SESSION_MEMORY, "Out of memory for session contexts");
|
||||
TPM_RC_STR(TPM_RC_MEMORY, "Out of shared object/session memory or need space for internal operations");
|
||||
TPM_RC_STR(TPM_RC_SESSION_HANDLES, "Out of session handles; a session must be flushed before a new session may be created");
|
||||
TPM_RC_STR(TPM_RC_OBJECT_HANDLES, "Out of object handles");
|
||||
TPM_RC_STR(TPM_RC_LOCALITY, "Bad locality");
|
||||
TPM_RC_STR(TPM_RC_YIELDED, "The TPM has suspended operation on the command");
|
||||
TPM_RC_STR(TPM_RC_CANCELED, "The command was canceled");
|
||||
TPM_RC_STR(TPM_RC_TESTING, "TPM is performing self-tests");
|
||||
TPM_RC_STR(TPM_RC_NV_RATE, "The TPM is rate-limiting accesses to prevent wearout of NV");
|
||||
TPM_RC_STR(TPM_RC_LOCKOUT, "Authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode");
|
||||
TPM_RC_STR(TPM_RC_RETRY, "The TPM was not able to start the command");
|
||||
TPM_RC_STR(TPM_RC_NV_UNAVAILABLE, "The command may require writing of NV and NV is not current accessible");
|
||||
TPM_RC_STR(TPM_RC_NOT_USED, "This value is reserved and shall not be returned by the TPM");
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return "Unknown";
|
||||
}
|
||||
|
||||
const char* TPM2_GetAlgName(TPM_ALG_ID alg)
|
||||
{
|
||||
switch (alg) {
|
||||
case TPM_ALG_RSA:
|
||||
return "RSA";
|
||||
case TPM_ALG_SHA1:
|
||||
return "SHA1";
|
||||
case TPM_ALG_HMAC:
|
||||
return "HMAC";
|
||||
case TPM_ALG_AES:
|
||||
return "AES";
|
||||
case TPM_ALG_MGF1:
|
||||
return "MGF1";
|
||||
case TPM_ALG_KEYEDHASH:
|
||||
return "KEYEDHASH";
|
||||
case TPM_ALG_XOR:
|
||||
return "XOR";
|
||||
case TPM_ALG_SHA256:
|
||||
return "SHA256";
|
||||
case TPM_ALG_SHA384:
|
||||
return "SHA384";
|
||||
case TPM_ALG_SHA512:
|
||||
return "SHA512";
|
||||
case TPM_ALG_NULL:
|
||||
return "NULL";
|
||||
case TPM_ALG_SM3_256:
|
||||
return "SM3_256";
|
||||
case TPM_ALG_SM4:
|
||||
return "SM4";
|
||||
case TPM_ALG_RSASSA:
|
||||
return "RSASSA";
|
||||
case TPM_ALG_RSAES:
|
||||
return "RSAES";
|
||||
case TPM_ALG_RSAPSS:
|
||||
return "RSAPSS";
|
||||
case TPM_ALG_OAEP:
|
||||
return "OAEP";
|
||||
case TPM_ALG_ECDSA:
|
||||
return "ECDSA";
|
||||
case TPM_ALG_ECDH:
|
||||
return "ECDH";
|
||||
case TPM_ALG_ECDAA:
|
||||
return "ECDAA";
|
||||
case TPM_ALG_SM2:
|
||||
return "SM2";
|
||||
case TPM_ALG_ECSCHNORR:
|
||||
return "ECSCHNORR";
|
||||
case TPM_ALG_ECMQV:
|
||||
return "ECMQV";
|
||||
case TPM_ALG_KDF1_SP800_56A:
|
||||
return "KDF1_SP800_56A";
|
||||
case TPM_ALG_KDF2:
|
||||
return "KDF2";
|
||||
case TPM_ALG_KDF1_SP800_108:
|
||||
return "KDF1_SP800_108";
|
||||
case TPM_ALG_ECC:
|
||||
return "ECC";
|
||||
case TPM_ALG_SYMCIPHER:
|
||||
return "SYMCIPHER";
|
||||
case TPM_ALG_CTR:
|
||||
return "CTR";
|
||||
case TPM_ALG_OFB:
|
||||
return "OFB";
|
||||
case TPM_ALG_CBC:
|
||||
return "CBC";
|
||||
case TPM_ALG_CFB:
|
||||
return "CFB";
|
||||
case TPM_ALG_ECB:
|
||||
return "ECB";
|
||||
default:
|
||||
break;
|
||||
}
|
||||
return "Unknown";
|
||||
}
|
||||
|
||||
int TPM2_GetCurveSize(TPM_ECC_CURVE curveID)
|
||||
{
|
||||
switch (curveID) {
|
||||
case TPM_ECC_NIST_P192:
|
||||
return 24;
|
||||
case TPM_ECC_NIST_P224:
|
||||
return 28;
|
||||
case TPM_ECC_NIST_P256:
|
||||
case TPM_ECC_BN_P256:
|
||||
case TPM_ECC_SM2_P256:
|
||||
return 32;
|
||||
case TPM_ECC_NIST_P384:
|
||||
return 48;
|
||||
case TPM_ECC_NIST_P521:
|
||||
return 66;
|
||||
case TPM_ECC_BN_P638:
|
||||
return 80;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
#define LINE_LEN 16
|
||||
|
|
292
src/tpm2_wrap.c
292
src/tpm2_wrap.c
|
@ -62,9 +62,9 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx)
|
|||
|
||||
/* define the default session auth */
|
||||
XMEMSET(dev->session, 0, sizeof(dev->session));
|
||||
dev->session[0].sessionHandle = TPM_RS_PW; /* default */
|
||||
TPM2_SetSessionAuth(dev->session);
|
||||
wolfTPM2_SetAuth(dev, 0, TPM_RS_PW, NULL, 0);
|
||||
|
||||
/* startup */
|
||||
XMEMSET(&startupIn, 0, sizeof(Startup_In));
|
||||
startupIn.startupType = TPM_SU_CLEAR;
|
||||
rc = TPM2_Startup(&startupIn);
|
||||
|
@ -80,6 +80,24 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx)
|
|||
return TPM_RC_SUCCESS;
|
||||
}
|
||||
|
||||
int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
|
||||
TPM_HANDLE sessionHandle, const byte* auth, int authSz)
|
||||
{
|
||||
if (dev == NULL || index >= MAX_SESSION_NUM) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* define the default session auth */
|
||||
dev->session[index].sessionHandle = sessionHandle;
|
||||
dev->session[index].auth.size = authSz;
|
||||
if (auth && authSz > 0)
|
||||
XMEMCPY(dev->session[index].auth.buffer, auth, authSz);
|
||||
|
||||
TPM2_SetSessionAuth(dev->session);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev)
|
||||
{
|
||||
int rc;
|
||||
|
@ -373,7 +391,7 @@ int wolfTPM2_NVDeleteKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle, WOLFTPM2_K
|
|||
}
|
||||
|
||||
/* if key is not persistent then just return success */
|
||||
if (key->handle.hndl < PERMANENT_FIRST || key->handle.hndl > PERMANENT_LAST)
|
||||
if (key->handle.hndl < PERSISTENT_FIRST || key->handle.hndl > PERSISTENT_LAST)
|
||||
return TPM_RC_SUCCESS;
|
||||
|
||||
/* Move key into NV to persist */
|
||||
|
@ -690,27 +708,32 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int alg, byte* digest,
|
|||
int wolfTPM2_UnloadHandle(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* handle)
|
||||
{
|
||||
int rc;
|
||||
FlushContext_In flushCtxIn;
|
||||
FlushContext_In in;
|
||||
|
||||
if (dev == NULL || handle == NULL)
|
||||
return BAD_FUNC_ARG;
|
||||
|
||||
if (handle->hndl != 0 && handle->hndl != TPM_RH_NULL) {
|
||||
flushCtxIn.flushHandle = handle->hndl;
|
||||
rc = TPM2_FlushContext(&flushCtxIn);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_FlushContext failed %d: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
return rc;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
printf("TPM2_FlushContext: Closed handle 0x%x\n", handle->hndl);
|
||||
#endif
|
||||
|
||||
handle->hndl = TPM_RH_NULL;
|
||||
/* don't try and unload null or persistent handles */
|
||||
if (handle->hndl == 0 || handle->hndl == TPM_RH_NULL ||
|
||||
(handle->hndl >= PERSISTENT_FIRST && handle->hndl <= PERSISTENT_LAST)) {
|
||||
return TPM_RC_SUCCESS;
|
||||
}
|
||||
|
||||
XMEMSET(&in, 0, sizeof(in));
|
||||
in.flushHandle = handle->hndl;
|
||||
rc = TPM2_FlushContext(&in);
|
||||
if (rc != TPM_RC_SUCCESS) {
|
||||
printf("TPM2_FlushContext failed %d: %s\n", rc,
|
||||
wolfTPM2_GetRCString(rc));
|
||||
return rc;
|
||||
}
|
||||
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
printf("TPM2_FlushContext: Closed handle 0x%x\n", handle->hndl);
|
||||
#endif
|
||||
|
||||
handle->hndl = TPM_RH_NULL;
|
||||
|
||||
return TPM_RC_SUCCESS;
|
||||
}
|
||||
|
||||
|
@ -809,239 +832,6 @@ int wolfTPM2_GetKeyTemplate_ECC(TPMT_PUBLIC* publicTemplate,
|
|||
return 0;
|
||||
}
|
||||
|
||||
const char* wolfTPM2_GetAlgName(TPM_ALG_ID alg)
|
||||
{
|
||||
switch (alg) {
|
||||
case TPM_ALG_RSA:
|
||||
return "RSA";
|
||||
case TPM_ALG_SHA1:
|
||||
return "SHA1";
|
||||
case TPM_ALG_HMAC:
|
||||
return "HMAC";
|
||||
case TPM_ALG_AES:
|
||||
return "AES";
|
||||
case TPM_ALG_MGF1:
|
||||
return "MGF1";
|
||||
case TPM_ALG_KEYEDHASH:
|
||||
return "KEYEDHASH";
|
||||
case TPM_ALG_XOR:
|
||||
return "XOR";
|
||||
case TPM_ALG_SHA256:
|
||||
return "SHA256";
|
||||
case TPM_ALG_SHA384:
|
||||
return "SHA384";
|
||||
case TPM_ALG_SHA512:
|
||||
return "SHA512";
|
||||
case TPM_ALG_NULL:
|
||||
return "NULL";
|
||||
case TPM_ALG_SM3_256:
|
||||
return "SM3_256";
|
||||
case TPM_ALG_SM4:
|
||||
return "SM4";
|
||||
case TPM_ALG_RSASSA:
|
||||
return "RSASSA";
|
||||
case TPM_ALG_RSAES:
|
||||
return "RSAES";
|
||||
case TPM_ALG_RSAPSS:
|
||||
return "RSAPSS";
|
||||
case TPM_ALG_OAEP:
|
||||
return "OAEP";
|
||||
case TPM_ALG_ECDSA:
|
||||
return "ECDSA";
|
||||
case TPM_ALG_ECDH:
|
||||
return "ECDH";
|
||||
case TPM_ALG_ECDAA:
|
||||
return "ECDAA";
|
||||
case TPM_ALG_SM2:
|
||||
return "SM2";
|
||||
case TPM_ALG_ECSCHNORR:
|
||||
return "ECSCHNORR";
|
||||
case TPM_ALG_ECMQV:
|
||||
return "ECMQV";
|
||||
case TPM_ALG_KDF1_SP800_56A:
|
||||
return "KDF1_SP800_56A";
|
||||
case TPM_ALG_KDF2:
|
||||
return "KDF2";
|
||||
case TPM_ALG_KDF1_SP800_108:
|
||||
return "KDF1_SP800_108";
|
||||
case TPM_ALG_ECC:
|
||||
return "ECC";
|
||||
case TPM_ALG_SYMCIPHER:
|
||||
return "SYMCIPHER";
|
||||
case TPM_ALG_CTR:
|
||||
return "CTR";
|
||||
case TPM_ALG_OFB:
|
||||
return "OFB";
|
||||
case TPM_ALG_CBC:
|
||||
return "CBC";
|
||||
case TPM_ALG_CFB:
|
||||
return "CFB";
|
||||
case TPM_ALG_ECB:
|
||||
return "ECB";
|
||||
default:
|
||||
break;
|
||||
}
|
||||
return "Unknown";
|
||||
}
|
||||
|
||||
#define TPM_RC_STRINGIFY(rc) #rc
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) ": " desc
|
||||
#else
|
||||
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc)
|
||||
#endif
|
||||
|
||||
const char* wolfTPM2_GetRCString(int rc)
|
||||
{
|
||||
/* for negative return codes use wolfCrypt */
|
||||
if (rc < 0) {
|
||||
return wc_GetErrorString(rc);
|
||||
}
|
||||
|
||||
if (rc & RC_VER1) {
|
||||
int rc_fm0 = rc & RC_MAX_FM0;
|
||||
|
||||
switch (rc_fm0) {
|
||||
TPM_RC_STR(TPM_RC_SUCCESS, "Success");
|
||||
TPM_RC_STR(TPM_RC_BAD_TAG, "Bad Tag");
|
||||
TPM_RC_STR(TPM_RC_INITIALIZE, "TPM not initialized by TPM2_Startup or already initialized");
|
||||
TPM_RC_STR(TPM_RC_FAILURE, "Commands not being accepted because of a TPM failure");
|
||||
TPM_RC_STR(TPM_RC_SEQUENCE, "Improper use of a sequence handle");
|
||||
TPM_RC_STR(TPM_RC_DISABLED, "The command is disabled");
|
||||
TPM_RC_STR(TPM_RC_EXCLUSIVE, "Command failed because audit sequence required exclusivity");
|
||||
TPM_RC_STR(TPM_RC_AUTH_TYPE, "Authorization handle is not correct for command");
|
||||
TPM_RC_STR(TPM_RC_AUTH_MISSING, "Command requires an authorization session for handle and it is not present");
|
||||
TPM_RC_STR(TPM_RC_POLICY, "Policy failure in math operation or an invalid authPolicy value");
|
||||
TPM_RC_STR(TPM_RC_PCR, "PCR check fail");
|
||||
TPM_RC_STR(TPM_RC_PCR_CHANGED, "PCR have changed since checked");
|
||||
TPM_RC_STR(TPM_RC_UPGRADE, "Indicates that the TPM is in field upgrade mode");
|
||||
TPM_RC_STR(TPM_RC_TOO_MANY_CONTEXTS, "Context ID counter is at maximum");
|
||||
TPM_RC_STR(TPM_RC_AUTH_UNAVAILABLE, "The authValue or authPolicy is not available for selected entity");
|
||||
TPM_RC_STR(TPM_RC_REBOOT, "A _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation");
|
||||
TPM_RC_STR(TPM_RC_UNBALANCED, "The protection algorithms (hash and symmetric) are not reasonably balanced");
|
||||
TPM_RC_STR(TPM_RC_COMMAND_SIZE, "Command commandSize value is inconsistent with contents of the command buffer");
|
||||
TPM_RC_STR(TPM_RC_COMMAND_CODE, "Command code not supported");
|
||||
TPM_RC_STR(TPM_RC_AUTHSIZE, "The value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required");
|
||||
TPM_RC_STR(TPM_RC_AUTH_CONTEXT, "Use of an authorization session with a context command or another command that cannot have an authorization session");
|
||||
TPM_RC_STR(TPM_RC_NV_RANGE, "NV offset+size is out of range");
|
||||
TPM_RC_STR(TPM_RC_NV_SIZE, "Requested allocation size is larger than allowed");
|
||||
TPM_RC_STR(TPM_RC_NV_LOCKED, "NV access locked");
|
||||
TPM_RC_STR(TPM_RC_NV_AUTHORIZATION, "NV access authorization fails in command actions");
|
||||
TPM_RC_STR(TPM_RC_NV_UNINITIALIZED, "An NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored");
|
||||
TPM_RC_STR(TPM_RC_NV_SPACE, "Insufficient space for NV allocation");
|
||||
TPM_RC_STR(TPM_RC_NV_DEFINED, "NV Index or persistent object already defined");
|
||||
TPM_RC_STR(TPM_RC_BAD_CONTEXT, "Context in TPM2_ContextLoad() is not valid");
|
||||
TPM_RC_STR(TPM_RC_CPHASH, "The cpHash value already set or not correct for use");
|
||||
TPM_RC_STR(TPM_RC_PARENT, "Handle for parent is not a valid parent");
|
||||
TPM_RC_STR(TPM_RC_NEEDS_TEST, "Some function needs testing");
|
||||
TPM_RC_STR(TPM_RC_NO_RESULT, "Cannot process a request due to an unspecified problem");
|
||||
TPM_RC_STR(TPM_RC_SENSITIVE, "The sensitive area did not unmarshal correctly after decryption");
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (rc & RC_FMT1) {
|
||||
int rc_fmt1 = rc & RC_MAX_FMT1;
|
||||
|
||||
switch (rc_fmt1) {
|
||||
TPM_RC_STR(TPM_RC_ASYMMETRIC, "Asymmetric algorithm not supported or not correct");
|
||||
TPM_RC_STR(TPM_RC_ATTRIBUTES, "Inconsistent attributes");
|
||||
TPM_RC_STR(TPM_RC_HASH, "Hash algorithm not supported or not appropriate");
|
||||
TPM_RC_STR(TPM_RC_VALUE, "Value is out of range or is not correct for the context");
|
||||
TPM_RC_STR(TPM_RC_HIERARCHY, "Hierarchy is not enabled or is not correct for the use");
|
||||
TPM_RC_STR(TPM_RC_KEY_SIZE, "Key size is not supported");
|
||||
TPM_RC_STR(TPM_RC_MGF, "Mask generation function not supported");
|
||||
TPM_RC_STR(TPM_RC_MODE, "Mode of operation not supported");
|
||||
TPM_RC_STR(TPM_RC_TYPE, "The type of the value is not appropriate for the use");
|
||||
TPM_RC_STR(TPM_RC_HANDLE, "The handle is not correct for the use");
|
||||
TPM_RC_STR(TPM_RC_KDF, "Unsupported key derivation function or function not appropriate for use");
|
||||
TPM_RC_STR(TPM_RC_RANGE, "Value was out of allowed range");
|
||||
TPM_RC_STR(TPM_RC_AUTH_FAIL, "The authorization HMAC check failed and DA counter incremented");
|
||||
TPM_RC_STR(TPM_RC_NONCE, "Invalid nonce size or nonce value mismatch");
|
||||
TPM_RC_STR(TPM_RC_PP, "Authorization requires assertion of PP");
|
||||
TPM_RC_STR(TPM_RC_SCHEME, "Unsupported or incompatible scheme");
|
||||
TPM_RC_STR(TPM_RC_SIZE, "Structure is the wrong size");
|
||||
TPM_RC_STR(TPM_RC_SYMMETRIC, "Unsupported symmetric algorithm or key size, or not appropriate for instance");
|
||||
TPM_RC_STR(TPM_RC_TAG, "Incorrect structure tag");
|
||||
TPM_RC_STR(TPM_RC_SELECTOR, "Union selector is incorrect");
|
||||
TPM_RC_STR(TPM_RC_INSUFFICIENT, "The TPM was unable to unmarshal a value because there were not enough octets in the input buffer");
|
||||
TPM_RC_STR(TPM_RC_SIGNATURE, "The signature is not valid");
|
||||
TPM_RC_STR(TPM_RC_KEY, "Key fields are not compatible with the selected use");
|
||||
TPM_RC_STR(TPM_RC_POLICY_FAIL, "A policy check failed");
|
||||
TPM_RC_STR(TPM_RC_INTEGRITY, "Integrity check failed");
|
||||
TPM_RC_STR(TPM_RC_TICKET, "Invalid ticket");
|
||||
TPM_RC_STR(TPM_RC_RESERVED_BITS, "Reserved bits not set to zero as required");
|
||||
TPM_RC_STR(TPM_RC_BAD_AUTH, "Authorization failure without DA implications");
|
||||
TPM_RC_STR(TPM_RC_EXPIRED, "The policy has expired");
|
||||
TPM_RC_STR(TPM_RC_POLICY_CC, "The commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented");
|
||||
TPM_RC_STR(TPM_RC_BINDING, "Public and sensitive portions of an object are not cryptographically bound");
|
||||
TPM_RC_STR(TPM_RC_CURVE, "Curve not supported");
|
||||
TPM_RC_STR(TPM_RC_ECC_POINT, "Point is not on the required curve");
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (rc & RC_WARN) {
|
||||
int rc_warn = rc & RC_MAX_WARN;
|
||||
|
||||
switch (rc_warn) {
|
||||
TPM_RC_STR(TPM_RC_CONTEXT_GAP, "Gap for context ID is too large");
|
||||
TPM_RC_STR(TPM_RC_OBJECT_MEMORY, "Out of memory for object contexts");
|
||||
TPM_RC_STR(TPM_RC_SESSION_MEMORY, "Out of memory for session contexts");
|
||||
TPM_RC_STR(TPM_RC_MEMORY, "Out of shared object/session memory or need space for internal operations");
|
||||
TPM_RC_STR(TPM_RC_SESSION_HANDLES, "Out of session handles; a session must be flushed before a new session may be created");
|
||||
TPM_RC_STR(TPM_RC_OBJECT_HANDLES, "Out of object handles");
|
||||
TPM_RC_STR(TPM_RC_LOCALITY, "Bad locality");
|
||||
TPM_RC_STR(TPM_RC_YIELDED, "The TPM has suspended operation on the command");
|
||||
TPM_RC_STR(TPM_RC_CANCELED, "The command was canceled");
|
||||
TPM_RC_STR(TPM_RC_TESTING, "TPM is performing self-tests");
|
||||
TPM_RC_STR(TPM_RC_NV_RATE, "The TPM is rate-limiting accesses to prevent wearout of NV");
|
||||
TPM_RC_STR(TPM_RC_LOCKOUT, "Authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode");
|
||||
TPM_RC_STR(TPM_RC_RETRY, "The TPM was not able to start the command");
|
||||
TPM_RC_STR(TPM_RC_NV_UNAVAILABLE, "The command may require writing of NV and NV is not current accessible");
|
||||
TPM_RC_STR(TPM_RC_NOT_USED, "This value is reserved and shall not be returned by the TPM");
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return "Unknown";
|
||||
}
|
||||
|
||||
void wolfTPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex)
|
||||
{
|
||||
if (pcr) {
|
||||
pcr->count = 1;
|
||||
pcr->pcrSelections[0].hash = alg;
|
||||
pcr->pcrSelections[0].sizeofSelect = PCR_SELECT_MIN;
|
||||
XMEMSET(pcr->pcrSelections[0].pcrSelect, 0, PCR_SELECT_MIN);
|
||||
pcr->pcrSelections[0].pcrSelect[pcrIndex >> 3] = (1 << (pcrIndex & 0x7));
|
||||
}
|
||||
}
|
||||
|
||||
int wolfTPM2_GetCurveSize(TPM_ECC_CURVE curveID)
|
||||
{
|
||||
switch (curveID) {
|
||||
case TPM_ECC_NIST_P192:
|
||||
return 24;
|
||||
case TPM_ECC_NIST_P224:
|
||||
return 28;
|
||||
case TPM_ECC_NIST_P256:
|
||||
case TPM_ECC_BN_P256:
|
||||
case TPM_ECC_SM2_P256:
|
||||
return 32;
|
||||
case TPM_ECC_NIST_P384:
|
||||
return 48;
|
||||
case TPM_ECC_NIST_P521:
|
||||
return 66;
|
||||
case TPM_ECC_BN_P638:
|
||||
return 80;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* --- END Utility Functions -- */
|
||||
/******************************************************************************/
|
||||
|
|
|
@ -849,13 +849,13 @@ typedef enum {
|
|||
HR_HANDLE_MASK = 0x00FFFFFF,
|
||||
HR_RANGE_MASK = 0xFF000000,
|
||||
HR_SHIFT = 24,
|
||||
HR_PCR = (TPM_HT_PCR << HR_SHIFT),
|
||||
HR_HMAC_SESSION = (TPM_HT_HMAC_SESSION << HR_SHIFT),
|
||||
HR_POLICY_SESSION = (TPM_HT_POLICY_SESSION << HR_SHIFT),
|
||||
HR_TRANSIENT = (TPM_HT_TRANSIENT << HR_SHIFT),
|
||||
HR_PERSISTENT = (TPM_HT_PERSISTENT << HR_SHIFT),
|
||||
HR_NV_INDEX = (TPM_HT_NV_INDEX << HR_SHIFT),
|
||||
HR_PERMANENT = (TPM_HT_PERMANENT << HR_SHIFT),
|
||||
HR_PCR = ((UINT32)TPM_HT_PCR << HR_SHIFT),
|
||||
HR_HMAC_SESSION = ((UINT32)TPM_HT_HMAC_SESSION << HR_SHIFT),
|
||||
HR_POLICY_SESSION = ((UINT32)TPM_HT_POLICY_SESSION << HR_SHIFT),
|
||||
HR_TRANSIENT = ((UINT32)TPM_HT_TRANSIENT << HR_SHIFT),
|
||||
HR_PERSISTENT = ((UINT32)TPM_HT_PERSISTENT << HR_SHIFT),
|
||||
HR_NV_INDEX = ((UINT32)TPM_HT_NV_INDEX << HR_SHIFT),
|
||||
HR_PERMANENT = ((UINT32)TPM_HT_PERMANENT << HR_SHIFT),
|
||||
PCR_FIRST = (HR_PCR + 0),
|
||||
PCR_LAST = (PCR_FIRST + IMPLEMENTATION_PCR-1),
|
||||
HMAC_SESSION_FIRST = (HR_HMAC_SESSION + 0),
|
||||
|
@ -2912,6 +2912,12 @@ WOLFTPM_API TPM2_CTX* TPM2_GetActiveCtx(void);
|
|||
WOLFTPM_API int TPM2_GetHashDigestSize(TPMI_ALG_HASH hashAlg);
|
||||
WOLFTPM_API int TPM2_GetNonce(byte* nonceBuf, int nonceSz);
|
||||
|
||||
WOLFTPM_API void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg,
|
||||
int pcrIndex);
|
||||
WOLFTPM_API const char* TPM2_GetRCString(int rc);
|
||||
WOLFTPM_API const char* TPM2_GetAlgName(TPM_ALG_ID alg);
|
||||
WOLFTPM_API int TPM2_GetCurveSize(TPM_ECC_CURVE curveID);
|
||||
|
||||
#ifdef DEBUG_WOLFTPM
|
||||
WOLFTPM_API void TPM2_PrintBin(const byte* buffer, word32 length);
|
||||
|
||||
|
|
|
@ -59,6 +59,9 @@ typedef struct WOLFTPM2_BUFFER {
|
|||
WOLFTPM_API int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx);
|
||||
WOLFTPM_API int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev);
|
||||
|
||||
WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
|
||||
TPM_HANDLE sessionHandle, const byte* auth, int authSz);
|
||||
|
||||
WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev,
|
||||
WOLFTPM2_SESSION* session, WOLFTPM2_KEY* tpmKey,
|
||||
WOLFTPM2_HANDLE* bind, TPM_SE sesType, int useEncrypDecrypt);
|
||||
|
@ -103,9 +106,12 @@ WOLFTPM_API int wolfTPM2_GetKeyTemplate_RSA(TPMT_PUBLIC* publicTemplate,
|
|||
TPMA_OBJECT objectAttributes);
|
||||
WOLFTPM_API int wolfTPM2_GetKeyTemplate_ECC(TPMT_PUBLIC* publicTemplate,
|
||||
TPMA_OBJECT objectAttributes, TPM_ECC_CURVE curve, TPM_ALG_ID sigScheme);
|
||||
WOLFTPM_API void wolfTPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex);
|
||||
WOLFTPM_API const char* wolfTPM2_GetAlgName(TPM_ALG_ID alg);
|
||||
WOLFTPM_API const char* wolfTPM2_GetRCString(TPM_RC rc);
|
||||
WOLFTPM_API int wolfTPM2_GetCurveSize(TPM_ECC_CURVE curveID);
|
||||
|
||||
/* moved to tpm.h native code. macros here for backwards compatibility */
|
||||
#define wolfTPM2_SetupPCRSel TPM2_SetupPCRSel
|
||||
#define wolfTPM2_GetAlgName TPM2_GetAlgName
|
||||
#define wolfTPM2_GetRCString TPM2_GetRCString
|
||||
#define wolfTPM2_GetCurveSize TPM2_GetCurveSize
|
||||
|
||||
|
||||
#endif /* __TPM2_WRAP_H__ */
|
||||
|
|
Loading…
Reference in New Issue