WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Split the native and wrapper test code into separate applications. Moved some of the utility wrapper functions into native area to support `WOLFTPM2_NO_WRAPPER`. Fix for storageKey auth in case when it used from NV.

pull/12/head
David Garske 2018-05-01 15:59:54 -07:00
parent c81fb24cd6
commit db49e917ac
16 changed files with 799 additions and 615 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@ -22,7 +22,8 @@ test-suite.log
src/.deps
src/.libs
RemoteSystemsTempFiles
examples/tpm/.deps
*.o
examples/tpm/tpm2_demo
examples/tpm/.libs
*.deps
*.libs
examples/wrap/wrap_test
examples/native/native_test

15
configure.ac
View File

@ -95,7 +95,8 @@ AM_CPPFLAGS="$AM_CPPFLAGS -DDHAVE_WOLFSSL_OPTIONS -DHAVE_CYASSL_OPTIONS"
# Examples
AC_ARG_ENABLE([examples],
[ --enable-examples Enable Examples (default: enabled)],
[AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])],
[ --enable-examples ],
[ ENABLED_EXAMPLES=$enableval ],
[ ENABLED_EXAMPLES=yes ]
)
@ -103,6 +104,16 @@ AC_ARG_ENABLE([examples],
AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"])
# Examples
AC_ARG_ENABLE([wrapper],
[AS_HELP_STRING([--enable-wrapper],[Enable wrapper code (default: enabled)])],
[ ENABLED_WRAPPER=$enableval ],
[ ENABLED_WRAPPER=yes ]
)
AM_CONDITIONAL([BUILD_WRAPPER], [test "x$ENABLED_WRAPPER" = "xyes"])
# HARDEN FLAGS
AX_HARDEN_CC_COMPILER_FLAGS
@ -139,5 +150,5 @@ echo " * CPP Flags: $CPPFLAGS"
echo " * Linker Flags: $LDFLAGS"
echo " * LIB Flags: $LIB"
echo " * Wrappers: $ENABLED_WRAPPER"
echo " * Examples: $ENABLED_EXAMPLES"

6
examples/include.am 100644 → 100755
View File

@ -1,4 +1,8 @@
# vim:ft=automake
# All paths should be given relative to the root
include examples/tpm/include.am
include examples/native/include.am
include examples/wrap/include.am
dist_example_DATA+= examples/tpm_io.c \
examples/tpm_io.h

14
examples/native/include.am 100755
View File

@ -0,0 +1,14 @@
# vim:ft=automake
# All paths should be given relative to the root
if BUILD_EXAMPLES
noinst_PROGRAMS += examples/native/native_test
noinst_HEADERS += examples/native/native_test.h
examples_native_native_test_SOURCES = examples/native/native_test.c \
examples/tpm_io.c
examples_native_native_test_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_native_native_test_DEPENDENCIES = src/libwolftpm.la
endif
dist_example_DATA+= examples/native/native_test.c
DISTCLEANFILES+= examples/native/.libs/native_test

387
examples/tpm/tpm2_demo.c → examples/native/native_test.c 100644 → 100755
View File

@ -1,4 +1,4 @@
/* tpm2_demo.c
/* native_test.c
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
@ -19,279 +19,16 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* This demo shows using the TPM2_ specification API's in TPM2_Demo() and
the TPM2 wrapper API's in TPM2_Wrapper_Demo() below. */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef WOLFSSL_USER_SETTINGS
#include <wolfssl/options.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/hash.h>
/* This example shows using the TPM2_ specification API's in TPM2_Native_Test() */
#include <wolftpm/tpm2.h>
#include <wolftpm/tpm2_wrap.h>
#include <examples/tpm/tpm2_demo.h>
#include <examples/native/native_test.h>
#include <examples/tpm_io.h>
/******************************************************************************/
/* --- BEGIN IO Callback Logic -- */
/******************************************************************************/
/* Configuration for the SPI interface */
#ifdef WOLFSSL_STM32_CUBEMX
extern SPI_HandleTypeDef hspi1;
#define TPM2_USER_CTX &hspi1
#elif defined(__linux__)
#include <sys/ioctl.h>
#include <linux/spi/spidev.h>
#include <fcntl.h>
#define TPM2_SPI_DEV "/dev/spidev0.1"
static int gSpiDev = -1;
#define TPM2_USER_CTX &gSpiDev
#else
/* TODO: Add your platform here for HW interface */
#define TPM2_USER_CTX NULL
#endif
#define TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE 0x81000200
/* IO Callback */
static int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
word16 xferSz, void* userCtx)
{
int ret = TPM_RC_FAILURE;
#ifdef WOLFSSL_STM32_CUBEMX
/* STM32 CubeMX Hal */
SPI_HandleTypeDef* hspi = (SPI_HandleTypeDef*)userCtx;
HAL_StatusTypeDef status;
__HAL_SPI_ENABLE(hspi);
status = HAL_SPI_TransmitReceive(hspi, (byte*)txBuf, rxBuf, xferSz, 5000);
__HAL_SPI_DISABLE(hspi);
if (status == HAL_OK)
ret = TPM_RC_SUCCESS;
#elif defined(__linux__)
/* Use Linux SPI synchronous access */
int* spiDev = (int*)userCtx;
if (*spiDev == -1) {
/* 33Mhz - PI has issue with 5-10Mhz on packets sized over 130 */
unsigned int maxSpeed = 33000000;
int mode = 0; /* mode 0 */
int bits_per_word = 0; /* 8-bits */
*spiDev = open(TPM2_SPI_DEV, O_RDWR);
if (*spiDev >= 0) {
ioctl(*spiDev, SPI_IOC_WR_MODE, &mode);
ioctl(*spiDev, SPI_IOC_RD_MAX_SPEED_HZ, &maxSpeed);
ioctl(*spiDev, SPI_IOC_WR_BITS_PER_WORD, &bits_per_word);
}
}
if (*spiDev >= 0) {
struct spi_ioc_transfer spi;
size_t size;
XMEMSET(&spi, 0, sizeof(spi));
spi.tx_buf = (unsigned long)txBuf;
spi.rx_buf = (unsigned long)rxBuf;
spi.len = xferSz;
spi.cs_change= 1; /* strobe CS between transfers */
size = ioctl(*spiDev, SPI_IOC_MESSAGE(1), &spi);
if (size == xferSz)
ret = TPM_RC_SUCCESS;
}
#else
/* TODO: Add your platform here for HW interface */
(void)txBuf;
(void)rxBuf;
(void)xferSz;
(void)userCtx;
#endif
#ifdef DEBUG_WOLFTPM
//printf("TPM2_IoCb: %d\n", xferSz);
//TPM2_PrintBin(txBuf, xferSz);
//TPM2_PrintBin(rxBuf, xferSz);
#endif
(void)ctx;
return ret;
}
/******************************************************************************/
/* --- END IO Callback Logic -- */
/******************************************************************************/
/******************************************************************************/
/* --- BEGIN Wrapper API Demo -- */
/******************************************************************************/
#ifndef WOLFTPM2_NO_WRAPPER
int TPM2_Wrapper_Demo(void* userCtx)
{
int rc;
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storageKey;
WOLFTPM2_KEY rsaKey;
WOLFTPM2_KEY eccKey;
WOLFTPM2_BUFFER message;
WOLFTPM2_BUFFER cipher;
WOLFTPM2_BUFFER plain;
TPMT_PUBLIC publicTemplate;
TPM2B_ECC_POINT pubPoint;
const char storageKeyAuth[] = "ThisIsMyStorageKeyAuth";
const char keyAuth[] = "ThisIsMyKeyAuth";
printf("TPM2 Demo for Wrapper API's\n");
/* Init the TPM2 device */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
if (rc != 0) return rc;
/* See if primary storage key already exists */
rc = wolfTPM2_ReadPublicKey(&dev, &storageKey, TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
if (rc != 0) {
/* Create primary storage key */
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER,
&publicTemplate, (byte*)storageKeyAuth, sizeof(storageKeyAuth)-1);
if (rc != 0) goto exit;
/* Move this key into peristent storage */
rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey,
TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
if (rc != 0) goto exit;
}
/* Create RSA key for encrypt/decrypt */
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle,
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
if (rc != 0) goto exit;
/* Perform RSA encrypt / decrypt */
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
XMEMSET(message.buffer, 0x11, message.size);
cipher.size = sizeof(cipher.buffer); /* encrypted data */
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP,
message.buffer, message.size, cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
plain.size = sizeof(plain.buffer);
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP,
cipher.buffer, cipher.size, plain.buffer, &plain.size);
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
if (rc != 0) goto exit;
/* Validate encrypt / decrypt */
if (message.size != plain.size ||
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
rc = TPM_RC_TESTING; goto exit;
}
printf("RSA Encrypt Test Passed\n");
/* Create an ECC key for ECDSA */
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
if (rc != 0) goto exit;
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
if (rc != 0) goto exit;
/* Perform sign / verify */
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
XMEMSET(message.buffer, 0x11, message.size);
cipher.size = sizeof(cipher.buffer); /* signature */
rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size,
cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size,
message.buffer, message.size);
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
if (rc != 0) goto exit;
printf("ECC Sign/Verify Passed\n");
/* Create an ECC key for DH */
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA,
TPM_ECC_NIST_P256, TPM_ALG_ECDH);
if (rc != 0) goto exit;
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
if (rc != 0) goto exit;
/* Create ephemeral ECC key and generate a shared secret */
cipher.size = sizeof(cipher.buffer);
rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint,
cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
if (rc != 0) goto exit;
printf("ECC DH Generation Passed\n");
exit:
if (rc != 0) {
printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
}
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
wolfTPM2_Cleanup(&dev);
return rc;
}
#endif /* !WOLFTPM2_NO_WRAPPER */
/******************************************************************************/
/* --- END Wrapper API Demo -- */
/******************************************************************************/
/******************************************************************************/
/* --- BEGIN TPM Native API Demo -- */
/* --- BEGIN TPM Native API Tests -- */
/******************************************************************************/
@ -325,7 +62,7 @@ typedef struct tmpHandle {
} TpmHandle;
int TPM2_Demo(void* userCtx)
int TPM2_Native_Test(void* userCtx)
{
int rc;
TPM2_CTX tpm2Ctx;
@ -453,7 +190,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_Init(&tpm2Ctx, TPM2_IoCb, userCtx);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Init failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
@ -473,7 +210,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_Startup(&cmdIn.startup);
if (rc != TPM_RC_SUCCESS &&
rc != TPM_RC_INITIALIZE /* TPM_RC_INITIALIZE = Already started */ ) {
printf("TPM2_Startup failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Startup failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_Startup pass\n");
@ -484,7 +221,7 @@ int TPM2_Demo(void* userCtx)
cmdIn.selfTest.fullTest = YES;
rc = TPM2_SelfTest(&cmdIn.selfTest);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_SelfTest failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_SelfTest failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_SelfTest pass\n");
@ -493,7 +230,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_GetTestResult(&cmdOut.tr);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_GetTestResult failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_GetTestResult: Size %d, Rc 0x%x\n", cmdOut.tr.outData.size,
@ -518,7 +255,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_GetCapability(&cmdIn.cap, &cmdOut.cap);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_GetCapability failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
tpmProp = &cmdOut.cap.capabilityData.data.tpmProperties;
@ -531,7 +268,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_GetCapability(&cmdIn.cap, &cmdOut.cap);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_GetCapability failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
tpmProp = &cmdOut.cap.capabilityData.data.tpmProperties;
@ -545,7 +282,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_GetRandom(&cmdIn.getRand, &cmdOut.getRand);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_GetRandom failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
if (cmdOut.getRand.randomBytes.size != WC_SHA256_DIGEST_SIZE) {
@ -566,7 +303,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_StirRandom(&cmdIn.stirRand);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_StirRandom failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_StirRandom: success\n");
@ -576,12 +313,12 @@ int TPM2_Demo(void* userCtx)
for (i=0; i<pcrCount; i++) {
pcrIndex = i;
XMEMSET(&cmdIn.pcrRead, 0, sizeof(cmdIn.pcrRead));
wolfTPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
TPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
TPM_ALG_SHA256, pcrIndex);
rc = TPM2_PCR_Read(&cmdIn.pcrRead, &cmdOut.pcrRead);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_PCR_Read: Index %d, Digest Sz %d, Update Counter %d\n",
@ -604,17 +341,17 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_PCR_Extend(&cmdIn.pcrExtend);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PCR_Extend failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_PCR_Extend success\n");
XMEMSET(&cmdIn.pcrRead, 0, sizeof(cmdIn.pcrRead));
wolfTPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
TPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn,
TPM_ALG_SHA256, pcrIndex);
rc = TPM2_PCR_Read(&cmdIn.pcrRead, &cmdOut.pcrRead);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_PCR_Read: Index %d, Digest Sz %d, Update Counter %d\n",
@ -644,7 +381,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_StartAuthSession(&cmdIn.authSes, &cmdOut.authSes);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_StartAuthSession failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
sessionHandle = cmdOut.authSes.sessionHandle;
@ -657,7 +394,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_PolicyGetDigest(&cmdIn.policyGetDigest, &cmdOut.policyGetDigest);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PolicyGetDigest failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_PolicyGetDigest: size %d\n",
@ -668,11 +405,11 @@ int TPM2_Demo(void* userCtx)
/* Read PCR[0] SHA1 */
pcrIndex = 0;
XMEMSET(&cmdIn.pcrRead, 0, sizeof(cmdIn.pcrRead));
wolfTPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn, TPM_ALG_SHA1, pcrIndex);
TPM2_SetupPCRSel(&cmdIn.pcrRead.pcrSelectionIn, TPM_ALG_SHA1, pcrIndex);
rc = TPM2_PCR_Read(&cmdIn.pcrRead, &cmdOut.pcrRead);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PCR_Read failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_PCR_Read: Index %d, Digest Sz %d, Update Counter %d\n",
@ -697,11 +434,11 @@ int TPM2_Demo(void* userCtx)
cmdIn.policyPCR.policySession = sessionHandle;
cmdIn.policyPCR.pcrDigest.size = hash_len;
XMEMCPY(cmdIn.policyPCR.pcrDigest.buffer, hash, hash_len);
wolfTPM2_SetupPCRSel(&cmdIn.policyPCR.pcrs, TPM_ALG_SHA1, pcrIndex);
TPM2_SetupPCRSel(&cmdIn.policyPCR.pcrs, TPM_ALG_SHA1, pcrIndex);
rc = TPM2_PolicyPCR(&cmdIn.policyPCR);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PolicyPCR failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
//goto exit;
}
printf("TPM2_PolicyPCR: Updated\n");
@ -713,7 +450,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_PolicyRestart(&cmdIn.policyRestart);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PolicyRestart failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_PolicyRestart: Done\n");
@ -728,7 +465,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_HashSequenceStart(&cmdIn.hashSeqStart, &cmdOut.hashSeqStart);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_HashSequenceStart failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
handle = cmdOut.hashSeqStart.sequenceHandle;
@ -745,7 +482,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_SequenceUpdate(&cmdIn.seqUpdate);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_SequenceUpdate failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
@ -755,7 +492,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_SequenceComplete(&cmdIn.seqComp, &cmdOut.seqComp);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_SequenceComplete failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
if (cmdOut.seqComp.result.size != WC_SHA256_DIGEST_SIZE &&
@ -777,7 +514,7 @@ int TPM2_Demo(void* userCtx)
cmdIn.clear.authHandle = TPM_RH_PLATFORM;
rc = TPM2_Clear(&cmdIn.clear);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Clear failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Clear failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_Clear Owner\n");
@ -807,7 +544,7 @@ int TPM2_Demo(void* userCtx)
cmdIn.createPri.inPublic.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB;
rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_CreatePrimary: Endorsement failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_CreatePrimary: Endorsement failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
endorse.handle = cmdOut.createPri.objectHandle;
@ -841,7 +578,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_CreatePrimary(&cmdIn.createPri, &cmdOut.createPri);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_CreatePrimary: Storage failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
storage.handle = cmdOut.createPri.objectHandle;
@ -871,7 +608,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_LoadExternal(&cmdIn.loadExt, &cmdOut.loadExt);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_LoadExternal: failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
handle = cmdOut.loadExt.objectHandle;
@ -887,7 +624,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_MakeCredential(&cmdIn.makeCred, &cmdOut.makeCred);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_MakeCredential: failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_MakeCredential: credentialBlob %d, secret %d\n",
@ -901,7 +638,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_ReadPublic(&cmdIn.readPub, &cmdOut.readPub);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_ReadPublic failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_ReadPublic Handle 0x%x: pub %d, name %d, qualifiedName %d\n",
@ -931,7 +668,7 @@ int TPM2_Demo(void* userCtx)
cmdIn.create.inPublic.publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM_ALG_SHA256;
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Create HMAC failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Create HMAC failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
hmacKey.pub = cmdOut.create.outPublic;
@ -945,7 +682,7 @@ int TPM2_Demo(void* userCtx)
cmdIn.load.inPublic = hmacKey.pub;
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Load failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Load failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
hmacKey.handle = cmdOut.load.objectHandle;
@ -960,7 +697,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_PolicyCommandCode(&cmdIn.policyCC);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_PolicyCommandCode failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_PolicyCommandCode: success\n");
@ -980,7 +717,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_ObjectChangeAuth(&cmdIn.objChgAuth, &cmdOut.objChgAuth);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_ObjectChangeAuth failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
//goto exit;
}
hmacKey.priv = cmdOut.objChgAuth.outPrivate;
@ -997,7 +734,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_ECC_Parameters(&cmdIn.eccParam, &cmdOut.eccParam);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_ECC_Parameters failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_ECC_Parameters: CurveID %d, sz %d, p %d, a %d, b %d, "
@ -1032,7 +769,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Create ECDSA failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_Create: New ECDSA Key: pub %d, priv %d\n",
@ -1049,7 +786,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Load ECDSA failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
eccKey.handle = cmdOut.load.objectHandle;
@ -1070,7 +807,7 @@ int TPM2_Demo(void* userCtx)
cmdIn.sign.validation.hierarchy = TPM_RH_NULL;
rc = TPM2_Sign(&cmdIn.sign, &cmdOut.sign);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Sign failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Sign failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_Sign: ECC S %d, R %d\n",
@ -1086,7 +823,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_VerifySignature(&cmdIn.verifySign, &cmdOut.verifySign);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_VerifySignature failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_VerifySignature: Tag %d\n", cmdOut.verifySign.validation.tag);
@ -1117,7 +854,7 @@ int TPM2_Demo(void* userCtx)
cmdIn.create.inPublic.publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL;
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Create ECDH failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Create ECDH failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_Create: New ECDH Key: pub %d, priv %d\n",
@ -1134,7 +871,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Load ECDH key failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
eccKey.handle = cmdOut.load.objectHandle;
@ -1150,7 +887,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_ECDH_KeyGen(&cmdIn.ecdh, &cmdOut.ecdh);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_ECDH_KeyGen failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_ECDH_KeyGen: zPt %d, pubPt %d\n",
@ -1165,7 +902,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_ECDH_ZGen(&cmdIn.ecdhZ, &cmdOut.ecdhZ);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_ECDH_KeyGen failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_ECDH_KeyGen: zPt %d\n",
@ -1203,7 +940,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_Create(&cmdIn.create, &cmdOut.create);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Create RSA failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_Create: New RSA Key: pub %d, priv %d\n",
@ -1220,7 +957,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Load RSA key failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
rsaKey.handle = cmdOut.load.objectHandle;
@ -1242,7 +979,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_RSA_Encrypt(&cmdIn.rsaEnc, &cmdOut.rsaEnc);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_RSA_Encrypt failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_RSA_Encrypt: %d\n", cmdOut.rsaEnc.outData.size);
@ -1258,7 +995,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_RSA_Decrypt(&cmdIn.rsaDec, &cmdOut.rsaDec);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_RSA_Decrypt failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_RSA_Decrypt: %d\n", cmdOut.rsaDec.message.size);
@ -1289,7 +1026,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_NV_ReadPublic(&cmdIn.nvReadPub, &cmdOut.nvReadPub);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_NV_ReadPublic failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
//goto exit;
}
else if (cmdOut.nvReadPub.nvPublic.size > 0) {
@ -1319,7 +1056,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_NV_DefineSpace(&cmdIn.nvDefine);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_NV_DefineSpace failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
printf("TPM2_NV_DefineSpace: 0x%x\n", nvIndex);
@ -1330,7 +1067,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_NV_ReadPublic(&cmdIn.nvReadPub, &cmdOut.nvReadPub);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_NV_ReadPublic failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
//goto exit;
}
printf("TPM2_NV_ReadPublic: Sz %d, Idx 0x%x, nameAlg %d, Attr 0x%x, "
@ -1350,7 +1087,7 @@ int TPM2_Demo(void* userCtx)
rc = TPM2_NV_UndefineSpace(&cmdIn.nvUndefine);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_NV_UndefineSpace failed 0x%x: %s\n", rc,
wolfTPM2_GetRCString(rc));
TPM2_GetRCString(rc));
goto exit;
}
@ -1390,7 +1127,7 @@ exit:
cmdIn.shutdown.shutdownType = TPM_SU_CLEAR;
rc = TPM2_Shutdown(&cmdIn.shutdown);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Shutdown failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
printf("TPM2_Shutdown failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
@ -1406,7 +1143,7 @@ exit:
}
/******************************************************************************/
/* --- BEGIN TPM Native API Demo -- */
/* --- BEGIN TPM Native API Tests -- */
/******************************************************************************/
@ -1415,13 +1152,7 @@ int main(void)
{
int rc;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Wrapper_Demo(TPM2_USER_CTX);
if (rc != 0)
return rc;
#endif
rc = TPM2_Demo(TPM2_USER_CTX);
rc = TPM2_Native_Test(TPM2_IoGetUserCtx());
return rc;
}

11
examples/tpm/tpm2_demo.h → examples/native/native_test.h 100644 → 100755
View File

@ -1,4 +1,4 @@
/* tpm2_demo.h
/* native_test.h
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
@ -19,11 +19,10 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef _TPM2_DEMO_H_
#define _TPM2_DEMO_H_
#ifndef _NATIVE_TEST_H_
#define _NATIVE_TEST_H_
int TPM2_Demo(void* userCtx);
int TPM2_Wrapper_Demo(void* userCtx);
int TPM2_Native_Test(void* userCtx);
#endif /* _TPM2_DEMO_H_ */
#endif /* _NATIVE_TEST_H_ */

13
examples/tpm/include.am
View File

@ -1,13 +0,0 @@
# vim:ft=automake
# All paths should be given relative to the root
if BUILD_EXAMPLES
noinst_PROGRAMS += examples/tpm/tpm2_demo
noinst_HEADERS += examples/tpm/tpm2_demo.h
examples_tpm_tpm2_demo_SOURCES = examples/tpm/tpm2_demo.c
examples_tpm_tpm2_demo_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_tpm_tpm2_demo_DEPENDENCIES = src/libwolftpm.la
endif
dist_example_DATA+= examples/tpm/tpm2_demo.c
DISTCLEANFILES+= examples/tpm/.libs/tpm_demo

125
examples/tpm_io.c 100755
View File

@ -0,0 +1,125 @@
/* tpm_io.c
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* This example shows IO interfaces for Linux Kernel or STM32 CubeMX HAL */
#include <wolftpm/tpm2.h>
#include <examples/tpm_io.h>
/******************************************************************************/
/* --- BEGIN IO Callback Logic -- */
/******************************************************************************/
/* Configuration for the SPI interface */
#ifdef WOLFSSL_STM32_CUBEMX
extern SPI_HandleTypeDef hspi1;
#define TPM2_USER_CTX &hspi1
#elif defined(__linux__)
#include <sys/ioctl.h>
#include <linux/spi/spidev.h>
#include <fcntl.h>
#define TPM2_SPI_DEV "/dev/spidev0.1"
static int gSpiDev = -1;
#define TPM2_USER_CTX &gSpiDev
#else
/* TODO: Add your platform here for HW interface */
#define TPM2_USER_CTX NULL
#endif
void* TPM2_IoGetUserCtx(void)
{
return TPM2_USER_CTX;
}
/* IO Callback */
int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
word16 xferSz, void* userCtx)
{
int ret = TPM_RC_FAILURE;
#ifdef WOLFSSL_STM32_CUBEMX
/* STM32 CubeMX Hal */
SPI_HandleTypeDef* hspi = (SPI_HandleTypeDef*)userCtx;
HAL_StatusTypeDef status;
__HAL_SPI_ENABLE(hspi);
status = HAL_SPI_TransmitReceive(hspi, (byte*)txBuf, rxBuf, xferSz, 5000);
__HAL_SPI_DISABLE(hspi);
if (status == HAL_OK)
ret = TPM_RC_SUCCESS;
#elif defined(__linux__)
/* Use Linux SPI synchronous access */
int* spiDev = (int*)userCtx;
if (*spiDev == -1) {
/* 33Mhz - PI has issue with 5-10Mhz on packets sized over 130 */
unsigned int maxSpeed = 33000000;
int mode = 0; /* mode 0 */
int bits_per_word = 0; /* 8-bits */
*spiDev = open(TPM2_SPI_DEV, O_RDWR);
if (*spiDev >= 0) {
ioctl(*spiDev, SPI_IOC_WR_MODE, &mode);
ioctl(*spiDev, SPI_IOC_RD_MAX_SPEED_HZ, &maxSpeed);
ioctl(*spiDev, SPI_IOC_WR_BITS_PER_WORD, &bits_per_word);
}
}
if (*spiDev >= 0) {
struct spi_ioc_transfer spi;
size_t size;
XMEMSET(&spi, 0, sizeof(spi));
spi.tx_buf = (unsigned long)txBuf;
spi.rx_buf = (unsigned long)rxBuf;
spi.len = xferSz;
spi.cs_change= 1; /* strobe CS between transfers */
size = ioctl(*spiDev, SPI_IOC_MESSAGE(1), &spi);
if (size == xferSz)
ret = TPM_RC_SUCCESS;
}
#else
/* TODO: Add your platform here for HW interface */
#error Add your platform here for HW interface
(void)txBuf;
(void)rxBuf;
(void)xferSz;
(void)userCtx;
#endif
#ifdef DEBUG_WOLFTPM
//printf("TPM2_IoCb: %d\n", xferSz);
//TPM2_PrintBin(txBuf, xferSz);
//TPM2_PrintBin(rxBuf, xferSz);
#endif
(void)ctx;
return ret;
}
/******************************************************************************/
/* --- END IO Callback Logic -- */
/******************************************************************************/

32
examples/tpm_io.h 100755
View File

@ -0,0 +1,32 @@
/* tpm_io.h
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef _TPM_IO_H_
#define _TPM_IO_H_
#include <wolftpm/tpm2.h>
void* TPM2_IoGetUserCtx(void);
int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf,
word16 xferSz, void* userCtx);
#endif /* _TPM_IO_H_ */

14
examples/wrap/include.am 100755
View File

@ -0,0 +1,14 @@
# vim:ft=automake
# All paths should be given relative to the root
if BUILD_EXAMPLES
noinst_PROGRAMS += examples/wrap/wrap_test
noinst_HEADERS += examples/wrap/wrap_test.h
examples_wrap_wrap_test_SOURCES = examples/wrap/wrap_test.c \
examples/tpm_io.c
examples_wrap_wrap_test_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD)
examples_wrap_wrap_test_DEPENDENCIES = src/libwolftpm.la
endif
dist_example_DATA+= examples/wrap/wrap_test.c
DISTCLEANFILES+= examples/wrap/.libs/wrap_test

201
examples/wrap/wrap_test.c 100755
View File

@ -0,0 +1,201 @@
/* wrap_test.c
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
/* This example shows using the TPM2 wrapper API's in TPM2_Wrapper_Test() below. */
#include <wolftpm/tpm2.h>
#include <wolftpm/tpm2_wrap.h>
#ifndef WOLFTPM2_NO_WRAPPER
#include <examples/tpm_io.h>
#include <examples/wrap/wrap_test.h>
#define TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE 0x81000200
/******************************************************************************/
/* --- BEGIN Wrapper API Tests -- */
/******************************************************************************/
int TPM2_Wrapper_Test(void* userCtx)
{
int rc;
WOLFTPM2_DEV dev;
WOLFTPM2_KEY storageKey;
WOLFTPM2_KEY rsaKey;
WOLFTPM2_KEY eccKey;
WOLFTPM2_BUFFER message;
WOLFTPM2_BUFFER cipher;
WOLFTPM2_BUFFER plain;
TPMT_PUBLIC publicTemplate;
TPM2B_ECC_POINT pubPoint;
const char storageKeyAuth[] = "ThisIsMyStorageKeyAuth";
const char keyAuth[] = "ThisIsMyKeyAuth";
printf("TPM2 Demo for Wrapper API's\n");
/* Init the TPM2 device */
rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx);
if (rc != 0) return rc;
/* See if primary storage key already exists */
rc = wolfTPM2_ReadPublicKey(&dev, &storageKey, TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
if (rc != 0) {
/* Create primary storage key */
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER,
&publicTemplate, (byte*)storageKeyAuth, sizeof(storageKeyAuth)-1);
if (rc != 0) goto exit;
/* Move this key into peristent storage */
rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey,
TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE);
if (rc != 0) goto exit;
}
else {
/* specify auth password for storage key */
storageKey.handle.auth.size = sizeof(storageKeyAuth)-1;
XMEMCPY(storageKey.handle.auth.buffer, storageKeyAuth,
storageKey.handle.auth.size);
}
/* Create RSA key for encrypt/decrypt */
rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA);
if (rc != 0) goto exit;
rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle,
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
if (rc != 0) goto exit;
/* Perform RSA encrypt / decrypt */
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
XMEMSET(message.buffer, 0x11, message.size);
cipher.size = sizeof(cipher.buffer); /* encrypted data */
rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP,
message.buffer, message.size, cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
plain.size = sizeof(plain.buffer);
rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP,
cipher.buffer, cipher.size, plain.buffer, &plain.size);
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
if (rc != 0) goto exit;
/* Validate encrypt / decrypt */
if (message.size != plain.size ||
XMEMCMP(message.buffer, plain.buffer, message.size) != 0) {
rc = TPM_RC_TESTING; goto exit;
}
printf("RSA Encrypt Test Passed\n");
/* Create an ECC key for ECDSA */
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
TPM_ECC_NIST_P256, TPM_ALG_ECDSA);
if (rc != 0) goto exit;
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
if (rc != 0) goto exit;
/* Perform sign / verify */
message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */
XMEMSET(message.buffer, 0x11, message.size);
cipher.size = sizeof(cipher.buffer); /* signature */
rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size,
cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size,
message.buffer, message.size);
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
if (rc != 0) goto exit;
printf("ECC Sign/Verify Passed\n");
/* Create an ECC key for DH */
rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA,
TPM_ECC_NIST_P256, TPM_ALG_ECDH);
if (rc != 0) goto exit;
rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle,
&publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1);
if (rc != 0) goto exit;
/* Create ephemeral ECC key and generate a shared secret */
cipher.size = sizeof(cipher.buffer);
rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint,
cipher.buffer, &cipher.size);
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
if (rc != 0) goto exit;
printf("ECC DH Generation Passed\n");
exit:
if (rc != 0) {
printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
}
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
wolfTPM2_UnloadHandle(&dev, &storageKey.handle);
wolfTPM2_Cleanup(&dev);
return rc;
}
/******************************************************************************/
/* --- END Wrapper API Tests -- */
/******************************************************************************/
#endif /* !WOLFTPM2_NO_WRAPPER */
#ifndef NO_MAIN_DRIVER
int main(void)
{
int rc = -1;
#ifndef WOLFTPM2_NO_WRAPPER
rc = TPM2_Wrapper_Test(TPM2_IoGetUserCtx());
#else
printf("Wrapper code not compiled in\n");
#endif
return rc;
}
#endif /* !NO_MAIN_DRIVER */

28
examples/wrap/wrap_test.h 100755
View File

@ -0,0 +1,28 @@
/* wrap_test.h
*
* Copyright (C) 2006-2018 wolfSSL Inc.
*
* This file is part of wolfSSL. (formerly known as CyaSSL)
*
* wolfTPM is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfTPM is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef _WRAP_TEST_H_
#define _WRAP_TEST_H_
int TPM2_Wrapper_Test(void* userCtx);
#endif /* _WRAP_TEST_H_ */

235
src/tpm2.c
View File

@ -4526,6 +4526,241 @@ int TPM2_GetNonce(byte* nonceBuf, int nonceSz)
return rc;
}
void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex)
{
if (pcr) {
pcr->count = 1;
pcr->pcrSelections[0].hash = alg;
pcr->pcrSelections[0].sizeofSelect = PCR_SELECT_MIN;
XMEMSET(pcr->pcrSelections[0].pcrSelect, 0, PCR_SELECT_MIN);
pcr->pcrSelections[0].pcrSelect[pcrIndex >> 3] = (1 << (pcrIndex & 0x7));
}
}
#define TPM_RC_STRINGIFY(rc) #rc
#ifdef DEBUG_WOLFTPM
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) ": " desc
#else
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc)
#endif
const char* TPM2_GetRCString(int rc)
{
/* for negative return codes use wolfCrypt */
if (rc < 0) {
return wc_GetErrorString(rc);
}
if (rc & RC_VER1) {
int rc_fm0 = rc & RC_MAX_FM0;
switch (rc_fm0) {
TPM_RC_STR(TPM_RC_SUCCESS, "Success");
TPM_RC_STR(TPM_RC_BAD_TAG, "Bad Tag");
TPM_RC_STR(TPM_RC_INITIALIZE, "TPM not initialized by TPM2_Startup or already initialized");
TPM_RC_STR(TPM_RC_FAILURE, "Commands not being accepted because of a TPM failure");
TPM_RC_STR(TPM_RC_SEQUENCE, "Improper use of a sequence handle");
TPM_RC_STR(TPM_RC_DISABLED, "The command is disabled");
TPM_RC_STR(TPM_RC_EXCLUSIVE, "Command failed because audit sequence required exclusivity");
TPM_RC_STR(TPM_RC_AUTH_TYPE, "Authorization handle is not correct for command");
TPM_RC_STR(TPM_RC_AUTH_MISSING, "Command requires an authorization session for handle and it is not present");
TPM_RC_STR(TPM_RC_POLICY, "Policy failure in math operation or an invalid authPolicy value");
TPM_RC_STR(TPM_RC_PCR, "PCR check fail");
TPM_RC_STR(TPM_RC_PCR_CHANGED, "PCR have changed since checked");
TPM_RC_STR(TPM_RC_UPGRADE, "Indicates that the TPM is in field upgrade mode");
TPM_RC_STR(TPM_RC_TOO_MANY_CONTEXTS, "Context ID counter is at maximum");
TPM_RC_STR(TPM_RC_AUTH_UNAVAILABLE, "The authValue or authPolicy is not available for selected entity");
TPM_RC_STR(TPM_RC_REBOOT, "A _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation");
TPM_RC_STR(TPM_RC_UNBALANCED, "The protection algorithms (hash and symmetric) are not reasonably balanced");
TPM_RC_STR(TPM_RC_COMMAND_SIZE, "Command commandSize value is inconsistent with contents of the command buffer");
TPM_RC_STR(TPM_RC_COMMAND_CODE, "Command code not supported");
TPM_RC_STR(TPM_RC_AUTHSIZE, "The value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required");
TPM_RC_STR(TPM_RC_AUTH_CONTEXT, "Use of an authorization session with a context command or another command that cannot have an authorization session");
TPM_RC_STR(TPM_RC_NV_RANGE, "NV offset+size is out of range");
TPM_RC_STR(TPM_RC_NV_SIZE, "Requested allocation size is larger than allowed");
TPM_RC_STR(TPM_RC_NV_LOCKED, "NV access locked");
TPM_RC_STR(TPM_RC_NV_AUTHORIZATION, "NV access authorization fails in command actions");
TPM_RC_STR(TPM_RC_NV_UNINITIALIZED, "An NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored");
TPM_RC_STR(TPM_RC_NV_SPACE, "Insufficient space for NV allocation");
TPM_RC_STR(TPM_RC_NV_DEFINED, "NV Index or persistent object already defined");
TPM_RC_STR(TPM_RC_BAD_CONTEXT, "Context in TPM2_ContextLoad() is not valid");
TPM_RC_STR(TPM_RC_CPHASH, "The cpHash value already set or not correct for use");
TPM_RC_STR(TPM_RC_PARENT, "Handle for parent is not a valid parent");
TPM_RC_STR(TPM_RC_NEEDS_TEST, "Some function needs testing");
TPM_RC_STR(TPM_RC_NO_RESULT, "Cannot process a request due to an unspecified problem");
TPM_RC_STR(TPM_RC_SENSITIVE, "The sensitive area did not unmarshal correctly after decryption");
default:
break;
}
}
if (rc & RC_FMT1) {
int rc_fmt1 = rc & RC_MAX_FMT1;
switch (rc_fmt1) {
TPM_RC_STR(TPM_RC_ASYMMETRIC, "Asymmetric algorithm not supported or not correct");
TPM_RC_STR(TPM_RC_ATTRIBUTES, "Inconsistent attributes");
TPM_RC_STR(TPM_RC_HASH, "Hash algorithm not supported or not appropriate");
TPM_RC_STR(TPM_RC_VALUE, "Value is out of range or is not correct for the context");
TPM_RC_STR(TPM_RC_HIERARCHY, "Hierarchy is not enabled or is not correct for the use");
TPM_RC_STR(TPM_RC_KEY_SIZE, "Key size is not supported");
TPM_RC_STR(TPM_RC_MGF, "Mask generation function not supported");
TPM_RC_STR(TPM_RC_MODE, "Mode of operation not supported");
TPM_RC_STR(TPM_RC_TYPE, "The type of the value is not appropriate for the use");
TPM_RC_STR(TPM_RC_HANDLE, "The handle is not correct for the use");
TPM_RC_STR(TPM_RC_KDF, "Unsupported key derivation function or function not appropriate for use");
TPM_RC_STR(TPM_RC_RANGE, "Value was out of allowed range");
TPM_RC_STR(TPM_RC_AUTH_FAIL, "The authorization HMAC check failed and DA counter incremented");
TPM_RC_STR(TPM_RC_NONCE, "Invalid nonce size or nonce value mismatch");
TPM_RC_STR(TPM_RC_PP, "Authorization requires assertion of PP");
TPM_RC_STR(TPM_RC_SCHEME, "Unsupported or incompatible scheme");
TPM_RC_STR(TPM_RC_SIZE, "Structure is the wrong size");
TPM_RC_STR(TPM_RC_SYMMETRIC, "Unsupported symmetric algorithm or key size, or not appropriate for instance");
TPM_RC_STR(TPM_RC_TAG, "Incorrect structure tag");
TPM_RC_STR(TPM_RC_SELECTOR, "Union selector is incorrect");
TPM_RC_STR(TPM_RC_INSUFFICIENT, "The TPM was unable to unmarshal a value because there were not enough octets in the input buffer");
TPM_RC_STR(TPM_RC_SIGNATURE, "The signature is not valid");
TPM_RC_STR(TPM_RC_KEY, "Key fields are not compatible with the selected use");
TPM_RC_STR(TPM_RC_POLICY_FAIL, "A policy check failed");
TPM_RC_STR(TPM_RC_INTEGRITY, "Integrity check failed");
TPM_RC_STR(TPM_RC_TICKET, "Invalid ticket");
TPM_RC_STR(TPM_RC_RESERVED_BITS, "Reserved bits not set to zero as required");
TPM_RC_STR(TPM_RC_BAD_AUTH, "Authorization failure without DA implications");
TPM_RC_STR(TPM_RC_EXPIRED, "The policy has expired");
TPM_RC_STR(TPM_RC_POLICY_CC, "The commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented");
TPM_RC_STR(TPM_RC_BINDING, "Public and sensitive portions of an object are not cryptographically bound");
TPM_RC_STR(TPM_RC_CURVE, "Curve not supported");
TPM_RC_STR(TPM_RC_ECC_POINT, "Point is not on the required curve");
default:
break;
}
}
if (rc & RC_WARN) {
int rc_warn = rc & RC_MAX_WARN;
switch (rc_warn) {
TPM_RC_STR(TPM_RC_CONTEXT_GAP, "Gap for context ID is too large");
TPM_RC_STR(TPM_RC_OBJECT_MEMORY, "Out of memory for object contexts");
TPM_RC_STR(TPM_RC_SESSION_MEMORY, "Out of memory for session contexts");
TPM_RC_STR(TPM_RC_MEMORY, "Out of shared object/session memory or need space for internal operations");
TPM_RC_STR(TPM_RC_SESSION_HANDLES, "Out of session handles; a session must be flushed before a new session may be created");
TPM_RC_STR(TPM_RC_OBJECT_HANDLES, "Out of object handles");
TPM_RC_STR(TPM_RC_LOCALITY, "Bad locality");
TPM_RC_STR(TPM_RC_YIELDED, "The TPM has suspended operation on the command");
TPM_RC_STR(TPM_RC_CANCELED, "The command was canceled");
TPM_RC_STR(TPM_RC_TESTING, "TPM is performing self-tests");
TPM_RC_STR(TPM_RC_NV_RATE, "The TPM is rate-limiting accesses to prevent wearout of NV");
TPM_RC_STR(TPM_RC_LOCKOUT, "Authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode");
TPM_RC_STR(TPM_RC_RETRY, "The TPM was not able to start the command");
TPM_RC_STR(TPM_RC_NV_UNAVAILABLE, "The command may require writing of NV and NV is not current accessible");
TPM_RC_STR(TPM_RC_NOT_USED, "This value is reserved and shall not be returned by the TPM");
default:
break;
}
}
return "Unknown";
}
const char* TPM2_GetAlgName(TPM_ALG_ID alg)
{
switch (alg) {
case TPM_ALG_RSA:
return "RSA";
case TPM_ALG_SHA1:
return "SHA1";
case TPM_ALG_HMAC:
return "HMAC";
case TPM_ALG_AES:
return "AES";
case TPM_ALG_MGF1:
return "MGF1";
case TPM_ALG_KEYEDHASH:
return "KEYEDHASH";
case TPM_ALG_XOR:
return "XOR";
case TPM_ALG_SHA256:
return "SHA256";
case TPM_ALG_SHA384:
return "SHA384";
case TPM_ALG_SHA512:
return "SHA512";
case TPM_ALG_NULL:
return "NULL";
case TPM_ALG_SM3_256:
return "SM3_256";
case TPM_ALG_SM4:
return "SM4";
case TPM_ALG_RSASSA:
return "RSASSA";
case TPM_ALG_RSAES:
return "RSAES";
case TPM_ALG_RSAPSS:
return "RSAPSS";
case TPM_ALG_OAEP:
return "OAEP";
case TPM_ALG_ECDSA:
return "ECDSA";
case TPM_ALG_ECDH:
return "ECDH";
case TPM_ALG_ECDAA:
return "ECDAA";
case TPM_ALG_SM2:
return "SM2";
case TPM_ALG_ECSCHNORR:
return "ECSCHNORR";
case TPM_ALG_ECMQV:
return "ECMQV";
case TPM_ALG_KDF1_SP800_56A:
return "KDF1_SP800_56A";
case TPM_ALG_KDF2:
return "KDF2";
case TPM_ALG_KDF1_SP800_108:
return "KDF1_SP800_108";
case TPM_ALG_ECC:
return "ECC";
case TPM_ALG_SYMCIPHER:
return "SYMCIPHER";
case TPM_ALG_CTR:
return "CTR";
case TPM_ALG_OFB:
return "OFB";
case TPM_ALG_CBC:
return "CBC";
case TPM_ALG_CFB:
return "CFB";
case TPM_ALG_ECB:
return "ECB";
default:
break;
}
return "Unknown";
}
int TPM2_GetCurveSize(TPM_ECC_CURVE curveID)
{
switch (curveID) {
case TPM_ECC_NIST_P192:
return 24;
case TPM_ECC_NIST_P224:
return 28;
case TPM_ECC_NIST_P256:
case TPM_ECC_BN_P256:
case TPM_ECC_SM2_P256:
return 32;
case TPM_ECC_NIST_P384:
return 48;
case TPM_ECC_NIST_P521:
return 66;
case TPM_ECC_BN_P638:
return 80;
}
return 0;
}
#ifdef DEBUG_WOLFTPM
#define LINE_LEN 16

292
src/tpm2_wrap.c
View File

@ -62,9 +62,9 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx)
/* define the default session auth */
XMEMSET(dev->session, 0, sizeof(dev->session));
dev->session[0].sessionHandle = TPM_RS_PW; /* default */
TPM2_SetSessionAuth(dev->session);
wolfTPM2_SetAuth(dev, 0, TPM_RS_PW, NULL, 0);
/* startup */
XMEMSET(&startupIn, 0, sizeof(Startup_In));
startupIn.startupType = TPM_SU_CLEAR;
rc = TPM2_Startup(&startupIn);
@ -80,6 +80,24 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx)
return TPM_RC_SUCCESS;
}
int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
TPM_HANDLE sessionHandle, const byte* auth, int authSz)
{
if (dev == NULL || index >= MAX_SESSION_NUM) {
return BAD_FUNC_ARG;
}
/* define the default session auth */
dev->session[index].sessionHandle = sessionHandle;
dev->session[index].auth.size = authSz;
if (auth && authSz > 0)
XMEMCPY(dev->session[index].auth.buffer, auth, authSz);
TPM2_SetSessionAuth(dev->session);
return 0;
}
int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev)
{
int rc;
@ -373,7 +391,7 @@ int wolfTPM2_NVDeleteKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle, WOLFTPM2_K
}
/* if key is not persistent then just return success */
if (key->handle.hndl < PERMANENT_FIRST || key->handle.hndl > PERMANENT_LAST)
if (key->handle.hndl < PERSISTENT_FIRST || key->handle.hndl > PERSISTENT_LAST)
return TPM_RC_SUCCESS;
/* Move key into NV to persist */
@ -690,27 +708,32 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int alg, byte* digest,
int wolfTPM2_UnloadHandle(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* handle)
{
int rc;
FlushContext_In flushCtxIn;
FlushContext_In in;
if (dev == NULL || handle == NULL)
return BAD_FUNC_ARG;
if (handle->hndl != 0 && handle->hndl != TPM_RH_NULL) {
flushCtxIn.flushHandle = handle->hndl;
rc = TPM2_FlushContext(&flushCtxIn);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_FlushContext failed %d: %s\n", rc,
wolfTPM2_GetRCString(rc));
return rc;
}
#ifdef DEBUG_WOLFTPM
printf("TPM2_FlushContext: Closed handle 0x%x\n", handle->hndl);
#endif
handle->hndl = TPM_RH_NULL;
/* don't try and unload null or persistent handles */
if (handle->hndl == 0 || handle->hndl == TPM_RH_NULL ||
(handle->hndl >= PERSISTENT_FIRST && handle->hndl <= PERSISTENT_LAST)) {
return TPM_RC_SUCCESS;
}
XMEMSET(&in, 0, sizeof(in));
in.flushHandle = handle->hndl;
rc = TPM2_FlushContext(&in);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_FlushContext failed %d: %s\n", rc,
wolfTPM2_GetRCString(rc));
return rc;
}
#ifdef DEBUG_WOLFTPM
printf("TPM2_FlushContext: Closed handle 0x%x\n", handle->hndl);
#endif
handle->hndl = TPM_RH_NULL;
return TPM_RC_SUCCESS;
}
@ -809,239 +832,6 @@ int wolfTPM2_GetKeyTemplate_ECC(TPMT_PUBLIC* publicTemplate,
return 0;
}
const char* wolfTPM2_GetAlgName(TPM_ALG_ID alg)
{
switch (alg) {
case TPM_ALG_RSA:
return "RSA";
case TPM_ALG_SHA1:
return "SHA1";
case TPM_ALG_HMAC:
return "HMAC";
case TPM_ALG_AES:
return "AES";
case TPM_ALG_MGF1:
return "MGF1";
case TPM_ALG_KEYEDHASH:
return "KEYEDHASH";
case TPM_ALG_XOR:
return "XOR";
case TPM_ALG_SHA256:
return "SHA256";
case TPM_ALG_SHA384:
return "SHA384";
case TPM_ALG_SHA512:
return "SHA512";
case TPM_ALG_NULL:
return "NULL";
case TPM_ALG_SM3_256:
return "SM3_256";
case TPM_ALG_SM4:
return "SM4";
case TPM_ALG_RSASSA:
return "RSASSA";
case TPM_ALG_RSAES:
return "RSAES";
case TPM_ALG_RSAPSS:
return "RSAPSS";
case TPM_ALG_OAEP:
return "OAEP";
case TPM_ALG_ECDSA:
return "ECDSA";
case TPM_ALG_ECDH:
return "ECDH";
case TPM_ALG_ECDAA:
return "ECDAA";
case TPM_ALG_SM2:
return "SM2";
case TPM_ALG_ECSCHNORR:
return "ECSCHNORR";
case TPM_ALG_ECMQV:
return "ECMQV";
case TPM_ALG_KDF1_SP800_56A:
return "KDF1_SP800_56A";
case TPM_ALG_KDF2:
return "KDF2";
case TPM_ALG_KDF1_SP800_108:
return "KDF1_SP800_108";
case TPM_ALG_ECC:
return "ECC";
case TPM_ALG_SYMCIPHER:
return "SYMCIPHER";
case TPM_ALG_CTR:
return "CTR";
case TPM_ALG_OFB:
return "OFB";
case TPM_ALG_CBC:
return "CBC";
case TPM_ALG_CFB:
return "CFB";
case TPM_ALG_ECB:
return "ECB";
default:
break;
}
return "Unknown";
}
#define TPM_RC_STRINGIFY(rc) #rc
#ifdef DEBUG_WOLFTPM
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) ": " desc
#else
#define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc)
#endif
const char* wolfTPM2_GetRCString(int rc)
{
/* for negative return codes use wolfCrypt */
if (rc < 0) {
return wc_GetErrorString(rc);
}
if (rc & RC_VER1) {
int rc_fm0 = rc & RC_MAX_FM0;
switch (rc_fm0) {
TPM_RC_STR(TPM_RC_SUCCESS, "Success");
TPM_RC_STR(TPM_RC_BAD_TAG, "Bad Tag");
TPM_RC_STR(TPM_RC_INITIALIZE, "TPM not initialized by TPM2_Startup or already initialized");
TPM_RC_STR(TPM_RC_FAILURE, "Commands not being accepted because of a TPM failure");
TPM_RC_STR(TPM_RC_SEQUENCE, "Improper use of a sequence handle");
TPM_RC_STR(TPM_RC_DISABLED, "The command is disabled");
TPM_RC_STR(TPM_RC_EXCLUSIVE, "Command failed because audit sequence required exclusivity");
TPM_RC_STR(TPM_RC_AUTH_TYPE, "Authorization handle is not correct for command");
TPM_RC_STR(TPM_RC_AUTH_MISSING, "Command requires an authorization session for handle and it is not present");
TPM_RC_STR(TPM_RC_POLICY, "Policy failure in math operation or an invalid authPolicy value");
TPM_RC_STR(TPM_RC_PCR, "PCR check fail");
TPM_RC_STR(TPM_RC_PCR_CHANGED, "PCR have changed since checked");
TPM_RC_STR(TPM_RC_UPGRADE, "Indicates that the TPM is in field upgrade mode");
TPM_RC_STR(TPM_RC_TOO_MANY_CONTEXTS, "Context ID counter is at maximum");
TPM_RC_STR(TPM_RC_AUTH_UNAVAILABLE, "The authValue or authPolicy is not available for selected entity");
TPM_RC_STR(TPM_RC_REBOOT, "A _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation");
TPM_RC_STR(TPM_RC_UNBALANCED, "The protection algorithms (hash and symmetric) are not reasonably balanced");
TPM_RC_STR(TPM_RC_COMMAND_SIZE, "Command commandSize value is inconsistent with contents of the command buffer");
TPM_RC_STR(TPM_RC_COMMAND_CODE, "Command code not supported");
TPM_RC_STR(TPM_RC_AUTHSIZE, "The value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required");
TPM_RC_STR(TPM_RC_AUTH_CONTEXT, "Use of an authorization session with a context command or another command that cannot have an authorization session");
TPM_RC_STR(TPM_RC_NV_RANGE, "NV offset+size is out of range");
TPM_RC_STR(TPM_RC_NV_SIZE, "Requested allocation size is larger than allowed");
TPM_RC_STR(TPM_RC_NV_LOCKED, "NV access locked");
TPM_RC_STR(TPM_RC_NV_AUTHORIZATION, "NV access authorization fails in command actions");
TPM_RC_STR(TPM_RC_NV_UNINITIALIZED, "An NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored");
TPM_RC_STR(TPM_RC_NV_SPACE, "Insufficient space for NV allocation");
TPM_RC_STR(TPM_RC_NV_DEFINED, "NV Index or persistent object already defined");
TPM_RC_STR(TPM_RC_BAD_CONTEXT, "Context in TPM2_ContextLoad() is not valid");
TPM_RC_STR(TPM_RC_CPHASH, "The cpHash value already set or not correct for use");
TPM_RC_STR(TPM_RC_PARENT, "Handle for parent is not a valid parent");
TPM_RC_STR(TPM_RC_NEEDS_TEST, "Some function needs testing");
TPM_RC_STR(TPM_RC_NO_RESULT, "Cannot process a request due to an unspecified problem");
TPM_RC_STR(TPM_RC_SENSITIVE, "The sensitive area did not unmarshal correctly after decryption");
default:
break;
}
}
if (rc & RC_FMT1) {
int rc_fmt1 = rc & RC_MAX_FMT1;
switch (rc_fmt1) {
TPM_RC_STR(TPM_RC_ASYMMETRIC, "Asymmetric algorithm not supported or not correct");
TPM_RC_STR(TPM_RC_ATTRIBUTES, "Inconsistent attributes");
TPM_RC_STR(TPM_RC_HASH, "Hash algorithm not supported or not appropriate");
TPM_RC_STR(TPM_RC_VALUE, "Value is out of range or is not correct for the context");
TPM_RC_STR(TPM_RC_HIERARCHY, "Hierarchy is not enabled or is not correct for the use");
TPM_RC_STR(TPM_RC_KEY_SIZE, "Key size is not supported");
TPM_RC_STR(TPM_RC_MGF, "Mask generation function not supported");
TPM_RC_STR(TPM_RC_MODE, "Mode of operation not supported");
TPM_RC_STR(TPM_RC_TYPE, "The type of the value is not appropriate for the use");
TPM_RC_STR(TPM_RC_HANDLE, "The handle is not correct for the use");
TPM_RC_STR(TPM_RC_KDF, "Unsupported key derivation function or function not appropriate for use");
TPM_RC_STR(TPM_RC_RANGE, "Value was out of allowed range");
TPM_RC_STR(TPM_RC_AUTH_FAIL, "The authorization HMAC check failed and DA counter incremented");
TPM_RC_STR(TPM_RC_NONCE, "Invalid nonce size or nonce value mismatch");
TPM_RC_STR(TPM_RC_PP, "Authorization requires assertion of PP");
TPM_RC_STR(TPM_RC_SCHEME, "Unsupported or incompatible scheme");
TPM_RC_STR(TPM_RC_SIZE, "Structure is the wrong size");
TPM_RC_STR(TPM_RC_SYMMETRIC, "Unsupported symmetric algorithm or key size, or not appropriate for instance");
TPM_RC_STR(TPM_RC_TAG, "Incorrect structure tag");
TPM_RC_STR(TPM_RC_SELECTOR, "Union selector is incorrect");
TPM_RC_STR(TPM_RC_INSUFFICIENT, "The TPM was unable to unmarshal a value because there were not enough octets in the input buffer");
TPM_RC_STR(TPM_RC_SIGNATURE, "The signature is not valid");
TPM_RC_STR(TPM_RC_KEY, "Key fields are not compatible with the selected use");
TPM_RC_STR(TPM_RC_POLICY_FAIL, "A policy check failed");
TPM_RC_STR(TPM_RC_INTEGRITY, "Integrity check failed");
TPM_RC_STR(TPM_RC_TICKET, "Invalid ticket");
TPM_RC_STR(TPM_RC_RESERVED_BITS, "Reserved bits not set to zero as required");
TPM_RC_STR(TPM_RC_BAD_AUTH, "Authorization failure without DA implications");
TPM_RC_STR(TPM_RC_EXPIRED, "The policy has expired");
TPM_RC_STR(TPM_RC_POLICY_CC, "The commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented");
TPM_RC_STR(TPM_RC_BINDING, "Public and sensitive portions of an object are not cryptographically bound");
TPM_RC_STR(TPM_RC_CURVE, "Curve not supported");
TPM_RC_STR(TPM_RC_ECC_POINT, "Point is not on the required curve");
default:
break;
}
}
if (rc & RC_WARN) {
int rc_warn = rc & RC_MAX_WARN;
switch (rc_warn) {
TPM_RC_STR(TPM_RC_CONTEXT_GAP, "Gap for context ID is too large");
TPM_RC_STR(TPM_RC_OBJECT_MEMORY, "Out of memory for object contexts");
TPM_RC_STR(TPM_RC_SESSION_MEMORY, "Out of memory for session contexts");
TPM_RC_STR(TPM_RC_MEMORY, "Out of shared object/session memory or need space for internal operations");
TPM_RC_STR(TPM_RC_SESSION_HANDLES, "Out of session handles; a session must be flushed before a new session may be created");
TPM_RC_STR(TPM_RC_OBJECT_HANDLES, "Out of object handles");
TPM_RC_STR(TPM_RC_LOCALITY, "Bad locality");
TPM_RC_STR(TPM_RC_YIELDED, "The TPM has suspended operation on the command");
TPM_RC_STR(TPM_RC_CANCELED, "The command was canceled");
TPM_RC_STR(TPM_RC_TESTING, "TPM is performing self-tests");
TPM_RC_STR(TPM_RC_NV_RATE, "The TPM is rate-limiting accesses to prevent wearout of NV");
TPM_RC_STR(TPM_RC_LOCKOUT, "Authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode");
TPM_RC_STR(TPM_RC_RETRY, "The TPM was not able to start the command");
TPM_RC_STR(TPM_RC_NV_UNAVAILABLE, "The command may require writing of NV and NV is not current accessible");
TPM_RC_STR(TPM_RC_NOT_USED, "This value is reserved and shall not be returned by the TPM");
default:
break;
}
}
return "Unknown";
}
void wolfTPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex)
{
if (pcr) {
pcr->count = 1;
pcr->pcrSelections[0].hash = alg;
pcr->pcrSelections[0].sizeofSelect = PCR_SELECT_MIN;
XMEMSET(pcr->pcrSelections[0].pcrSelect, 0, PCR_SELECT_MIN);
pcr->pcrSelections[0].pcrSelect[pcrIndex >> 3] = (1 << (pcrIndex & 0x7));
}
}
int wolfTPM2_GetCurveSize(TPM_ECC_CURVE curveID)
{
switch (curveID) {
case TPM_ECC_NIST_P192:
return 24;
case TPM_ECC_NIST_P224:
return 28;
case TPM_ECC_NIST_P256:
case TPM_ECC_BN_P256:
case TPM_ECC_SM2_P256:
return 32;
case TPM_ECC_NIST_P384:
return 48;
case TPM_ECC_NIST_P521:
return 66;
case TPM_ECC_BN_P638:
return 80;
}
return 0;
}
/******************************************************************************/
/* --- END Utility Functions -- */
/******************************************************************************/

20
wolftpm/tpm2.h
View File

@ -849,13 +849,13 @@ typedef enum {
HR_HANDLE_MASK = 0x00FFFFFF,
HR_RANGE_MASK = 0xFF000000,
HR_SHIFT = 24,
HR_PCR = (TPM_HT_PCR << HR_SHIFT),
HR_HMAC_SESSION = (TPM_HT_HMAC_SESSION << HR_SHIFT),
HR_POLICY_SESSION = (TPM_HT_POLICY_SESSION << HR_SHIFT),
HR_TRANSIENT = (TPM_HT_TRANSIENT << HR_SHIFT),
HR_PERSISTENT = (TPM_HT_PERSISTENT << HR_SHIFT),
HR_NV_INDEX = (TPM_HT_NV_INDEX << HR_SHIFT),
HR_PERMANENT = (TPM_HT_PERMANENT << HR_SHIFT),
HR_PCR = ((UINT32)TPM_HT_PCR << HR_SHIFT),
HR_HMAC_SESSION = ((UINT32)TPM_HT_HMAC_SESSION << HR_SHIFT),
HR_POLICY_SESSION = ((UINT32)TPM_HT_POLICY_SESSION << HR_SHIFT),
HR_TRANSIENT = ((UINT32)TPM_HT_TRANSIENT << HR_SHIFT),
HR_PERSISTENT = ((UINT32)TPM_HT_PERSISTENT << HR_SHIFT),
HR_NV_INDEX = ((UINT32)TPM_HT_NV_INDEX << HR_SHIFT),
HR_PERMANENT = ((UINT32)TPM_HT_PERMANENT << HR_SHIFT),
PCR_FIRST = (HR_PCR + 0),
PCR_LAST = (PCR_FIRST + IMPLEMENTATION_PCR-1),
HMAC_SESSION_FIRST = (HR_HMAC_SESSION + 0),
@ -2912,6 +2912,12 @@ WOLFTPM_API TPM2_CTX* TPM2_GetActiveCtx(void);
WOLFTPM_API int TPM2_GetHashDigestSize(TPMI_ALG_HASH hashAlg);
WOLFTPM_API int TPM2_GetNonce(byte* nonceBuf, int nonceSz);
WOLFTPM_API void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg,
int pcrIndex);
WOLFTPM_API const char* TPM2_GetRCString(int rc);
WOLFTPM_API const char* TPM2_GetAlgName(TPM_ALG_ID alg);
WOLFTPM_API int TPM2_GetCurveSize(TPM_ECC_CURVE curveID);
#ifdef DEBUG_WOLFTPM
WOLFTPM_API void TPM2_PrintBin(const byte* buffer, word32 length);

14
wolftpm/tpm2_wrap.h
View File

@ -59,6 +59,9 @@ typedef struct WOLFTPM2_BUFFER {
WOLFTPM_API int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx);
WOLFTPM_API int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev);
WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index,
TPM_HANDLE sessionHandle, const byte* auth, int authSz);
WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev,
WOLFTPM2_SESSION* session, WOLFTPM2_KEY* tpmKey,
WOLFTPM2_HANDLE* bind, TPM_SE sesType, int useEncrypDecrypt);
@ -103,9 +106,12 @@ WOLFTPM_API int wolfTPM2_GetKeyTemplate_RSA(TPMT_PUBLIC* publicTemplate,
TPMA_OBJECT objectAttributes);
WOLFTPM_API int wolfTPM2_GetKeyTemplate_ECC(TPMT_PUBLIC* publicTemplate,
TPMA_OBJECT objectAttributes, TPM_ECC_CURVE curve, TPM_ALG_ID sigScheme);
WOLFTPM_API void wolfTPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex);
WOLFTPM_API const char* wolfTPM2_GetAlgName(TPM_ALG_ID alg);
WOLFTPM_API const char* wolfTPM2_GetRCString(TPM_RC rc);
WOLFTPM_API int wolfTPM2_GetCurveSize(TPM_ECC_CURVE curveID);
/* moved to tpm.h native code. macros here for backwards compatibility */
#define wolfTPM2_SetupPCRSel TPM2_SetupPCRSel
#define wolfTPM2_GetAlgName TPM2_GetAlgName
#define wolfTPM2_GetRCString TPM2_GetRCString
#define wolfTPM2_GetCurveSize TPM2_GetCurveSize
#endif /* __TPM2_WRAP_H__ */