From db49e917ac402e04106173ed11c15833cb7e40b3 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 1 May 2018 15:59:54 -0700 Subject: [PATCH] Split the native and wrapper test code into separate applications. Moved some of the utility wrapper functions into native area to support `WOLFTPM2_NO_WRAPPER`. Fix for storageKey auth in case when it used from NV. --- .gitignore | 7 +- configure.ac | 15 +- examples/include.am | 6 +- examples/native/include.am | 14 + .../{tpm/tpm2_demo.c => native/native_test.c} | 387 +++--------------- .../{tpm/tpm2_demo.h => native/native_test.h} | 11 +- examples/tpm/include.am | 13 - examples/tpm_io.c | 125 ++++++ examples/tpm_io.h | 32 ++ examples/wrap/include.am | 14 + examples/wrap/wrap_test.c | 201 +++++++++ examples/wrap/wrap_test.h | 28 ++ src/tpm2.c | 235 +++++++++++ src/tpm2_wrap.c | 292 ++----------- wolftpm/tpm2.h | 20 +- wolftpm/tpm2_wrap.h | 14 +- 16 files changed, 799 insertions(+), 615 deletions(-) mode change 100644 => 100755 examples/include.am create mode 100755 examples/native/include.am rename examples/{tpm/tpm2_demo.c => native/native_test.c} (78%) mode change 100644 => 100755 rename examples/{tpm/tpm2_demo.h => native/native_test.h} (84%) mode change 100644 => 100755 delete mode 100644 examples/tpm/include.am create mode 100755 examples/tpm_io.c create mode 100755 examples/tpm_io.h create mode 100755 examples/wrap/include.am create mode 100755 examples/wrap/wrap_test.c create mode 100755 examples/wrap/wrap_test.h diff --git a/.gitignore b/.gitignore index d210b9c..cc03661 100644 --- a/.gitignore +++ b/.gitignore @@ -22,7 +22,8 @@ test-suite.log src/.deps src/.libs RemoteSystemsTempFiles -examples/tpm/.deps *.o -examples/tpm/tpm2_demo -examples/tpm/.libs +*.deps +*.libs +examples/wrap/wrap_test +examples/native/native_test diff --git a/configure.ac b/configure.ac index d493d6a..39a8819 100644 --- a/configure.ac +++ b/configure.ac @@ -95,7 +95,8 @@ AM_CPPFLAGS="$AM_CPPFLAGS -DDHAVE_WOLFSSL_OPTIONS -DHAVE_CYASSL_OPTIONS" # Examples AC_ARG_ENABLE([examples], - [ --enable-examples Enable Examples (default: enabled)], + [AS_HELP_STRING([--enable-examples],[Enable Examples (default: enabled)])], + [ --enable-examples ], [ ENABLED_EXAMPLES=$enableval ], [ ENABLED_EXAMPLES=yes ] ) @@ -103,6 +104,16 @@ AC_ARG_ENABLE([examples], AM_CONDITIONAL([BUILD_EXAMPLES], [test "x$ENABLED_EXAMPLES" = "xyes"]) +# Examples +AC_ARG_ENABLE([wrapper], + [AS_HELP_STRING([--enable-wrapper],[Enable wrapper code (default: enabled)])], + [ ENABLED_WRAPPER=$enableval ], + [ ENABLED_WRAPPER=yes ] + ) + +AM_CONDITIONAL([BUILD_WRAPPER], [test "x$ENABLED_WRAPPER" = "xyes"]) + + # HARDEN FLAGS AX_HARDEN_CC_COMPILER_FLAGS @@ -139,5 +150,5 @@ echo " * CPP Flags: $CPPFLAGS" echo " * Linker Flags: $LDFLAGS" echo " * LIB Flags: $LIB" +echo " * Wrappers: $ENABLED_WRAPPER" echo " * Examples: $ENABLED_EXAMPLES" - diff --git a/examples/include.am b/examples/include.am old mode 100644 new mode 100755 index f861c16..478da39 --- a/examples/include.am +++ b/examples/include.am @@ -1,4 +1,8 @@ # vim:ft=automake # All paths should be given relative to the root -include examples/tpm/include.am +include examples/native/include.am +include examples/wrap/include.am + +dist_example_DATA+= examples/tpm_io.c \ + examples/tpm_io.h diff --git a/examples/native/include.am b/examples/native/include.am new file mode 100755 index 0000000..eb62901 --- /dev/null +++ b/examples/native/include.am @@ -0,0 +1,14 @@ +# vim:ft=automake +# All paths should be given relative to the root + +if BUILD_EXAMPLES +noinst_PROGRAMS += examples/native/native_test +noinst_HEADERS += examples/native/native_test.h +examples_native_native_test_SOURCES = examples/native/native_test.c \ + examples/tpm_io.c +examples_native_native_test_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) +examples_native_native_test_DEPENDENCIES = src/libwolftpm.la +endif + +dist_example_DATA+= examples/native/native_test.c +DISTCLEANFILES+= examples/native/.libs/native_test diff --git a/examples/tpm/tpm2_demo.c b/examples/native/native_test.c old mode 100644 new mode 100755 similarity index 78% rename from examples/tpm/tpm2_demo.c rename to examples/native/native_test.c index fa578da..dd26da3 --- a/examples/tpm/tpm2_demo.c +++ b/examples/native/native_test.c @@ -1,4 +1,4 @@ -/* tpm2_demo.c +/* native_test.c * * Copyright (C) 2006-2018 wolfSSL Inc. * @@ -19,279 +19,16 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -/* This demo shows using the TPM2_ specification API's in TPM2_Demo() and - the TPM2 wrapper API's in TPM2_Wrapper_Demo() below. */ - -#ifdef HAVE_CONFIG_H - #include -#endif - -#ifndef WOLFSSL_USER_SETTINGS - #include -#endif -#include -#include -#include -#include -#include +/* This example shows using the TPM2_ specification API's in TPM2_Native_Test() */ #include -#include -#include +#include +#include /******************************************************************************/ -/* --- BEGIN IO Callback Logic -- */ -/******************************************************************************/ - -/* Configuration for the SPI interface */ -#ifdef WOLFSSL_STM32_CUBEMX - extern SPI_HandleTypeDef hspi1; - #define TPM2_USER_CTX &hspi1 -#elif defined(__linux__) - #include - #include - #include - #define TPM2_SPI_DEV "/dev/spidev0.1" - - static int gSpiDev = -1; - #define TPM2_USER_CTX &gSpiDev -#else - /* TODO: Add your platform here for HW interface */ - #define TPM2_USER_CTX NULL -#endif - - -#define TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE 0x81000200 - - -/* IO Callback */ -static int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf, - word16 xferSz, void* userCtx) -{ - int ret = TPM_RC_FAILURE; -#ifdef WOLFSSL_STM32_CUBEMX - /* STM32 CubeMX Hal */ - SPI_HandleTypeDef* hspi = (SPI_HandleTypeDef*)userCtx; - HAL_StatusTypeDef status; - - __HAL_SPI_ENABLE(hspi); - status = HAL_SPI_TransmitReceive(hspi, (byte*)txBuf, rxBuf, xferSz, 5000); - __HAL_SPI_DISABLE(hspi); - if (status == HAL_OK) - ret = TPM_RC_SUCCESS; - -#elif defined(__linux__) - /* Use Linux SPI synchronous access */ - int* spiDev = (int*)userCtx; - - if (*spiDev == -1) { - /* 33Mhz - PI has issue with 5-10Mhz on packets sized over 130 */ - unsigned int maxSpeed = 33000000; - int mode = 0; /* mode 0 */ - int bits_per_word = 0; /* 8-bits */ - - *spiDev = open(TPM2_SPI_DEV, O_RDWR); - if (*spiDev >= 0) { - ioctl(*spiDev, SPI_IOC_WR_MODE, &mode); - ioctl(*spiDev, SPI_IOC_RD_MAX_SPEED_HZ, &maxSpeed); - ioctl(*spiDev, SPI_IOC_WR_BITS_PER_WORD, &bits_per_word); - } - } - - if (*spiDev >= 0) { - struct spi_ioc_transfer spi; - size_t size; - - XMEMSET(&spi, 0, sizeof(spi)); - spi.tx_buf = (unsigned long)txBuf; - spi.rx_buf = (unsigned long)rxBuf; - spi.len = xferSz; - spi.cs_change= 1; /* strobe CS between transfers */ - - size = ioctl(*spiDev, SPI_IOC_MESSAGE(1), &spi); - if (size == xferSz) - ret = TPM_RC_SUCCESS; - } -#else - /* TODO: Add your platform here for HW interface */ - (void)txBuf; - (void)rxBuf; - (void)xferSz; - (void)userCtx; -#endif - -#ifdef DEBUG_WOLFTPM - //printf("TPM2_IoCb: %d\n", xferSz); - //TPM2_PrintBin(txBuf, xferSz); - //TPM2_PrintBin(rxBuf, xferSz); -#endif - - (void)ctx; - - return ret; -} - -/******************************************************************************/ -/* --- END IO Callback Logic -- */ -/******************************************************************************/ - - - -/******************************************************************************/ -/* --- BEGIN Wrapper API Demo -- */ -/******************************************************************************/ - -#ifndef WOLFTPM2_NO_WRAPPER -int TPM2_Wrapper_Demo(void* userCtx) -{ - int rc; - WOLFTPM2_DEV dev; - WOLFTPM2_KEY storageKey; - WOLFTPM2_KEY rsaKey; - WOLFTPM2_KEY eccKey; - WOLFTPM2_BUFFER message; - WOLFTPM2_BUFFER cipher; - WOLFTPM2_BUFFER plain; - TPMT_PUBLIC publicTemplate; - TPM2B_ECC_POINT pubPoint; - const char storageKeyAuth[] = "ThisIsMyStorageKeyAuth"; - const char keyAuth[] = "ThisIsMyKeyAuth"; - - printf("TPM2 Demo for Wrapper API's\n"); - - - /* Init the TPM2 device */ - rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); - if (rc != 0) return rc; - - /* See if primary storage key already exists */ - rc = wolfTPM2_ReadPublicKey(&dev, &storageKey, TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE); - if (rc != 0) { - /* Create primary storage key */ - rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate, - TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent | - TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | - TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA); - if (rc != 0) goto exit; - rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER, - &publicTemplate, (byte*)storageKeyAuth, sizeof(storageKeyAuth)-1); - if (rc != 0) goto exit; - - /* Move this key into peristent storage */ - rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey, - TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE); - if (rc != 0) goto exit; - } - - /* Create RSA key for encrypt/decrypt */ - rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate, - TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | - TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA); - if (rc != 0) goto exit; - rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle, - &publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1); - if (rc != 0) goto exit; - - /* Perform RSA encrypt / decrypt */ - message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */ - XMEMSET(message.buffer, 0x11, message.size); - cipher.size = sizeof(cipher.buffer); /* encrypted data */ - rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP, - message.buffer, message.size, cipher.buffer, &cipher.size); - if (rc != 0) goto exit; - - plain.size = sizeof(plain.buffer); - rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP, - cipher.buffer, cipher.size, plain.buffer, &plain.size); - if (rc != 0) goto exit; - - rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); - if (rc != 0) goto exit; - - /* Validate encrypt / decrypt */ - if (message.size != plain.size || - XMEMCMP(message.buffer, plain.buffer, message.size) != 0) { - rc = TPM_RC_TESTING; goto exit; - } - printf("RSA Encrypt Test Passed\n"); - - - /* Create an ECC key for ECDSA */ - rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate, - TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | - TPMA_OBJECT_sign | TPMA_OBJECT_noDA, - TPM_ECC_NIST_P256, TPM_ALG_ECDSA); - if (rc != 0) goto exit; - rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle, - &publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1); - if (rc != 0) goto exit; - - /* Perform sign / verify */ - message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */ - XMEMSET(message.buffer, 0x11, message.size); - cipher.size = sizeof(cipher.buffer); /* signature */ - rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size, - cipher.buffer, &cipher.size); - if (rc != 0) goto exit; - - rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size, - message.buffer, message.size); - if (rc != 0) goto exit; - - rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); - if (rc != 0) goto exit; - - printf("ECC Sign/Verify Passed\n"); - - - /* Create an ECC key for DH */ - rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate, - TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | - TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA, - TPM_ECC_NIST_P256, TPM_ALG_ECDH); - if (rc != 0) goto exit; - rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle, - &publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1); - if (rc != 0) goto exit; - - /* Create ephemeral ECC key and generate a shared secret */ - cipher.size = sizeof(cipher.buffer); - rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint, - cipher.buffer, &cipher.size); - if (rc != 0) goto exit; - - rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); - if (rc != 0) goto exit; - - printf("ECC DH Generation Passed\n"); - - -exit: - - if (rc != 0) { - printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); - } - - wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); - wolfTPM2_UnloadHandle(&dev, &eccKey.handle); - wolfTPM2_UnloadHandle(&dev, &storageKey.handle); - wolfTPM2_Cleanup(&dev); - - return rc; -} -#endif /* !WOLFTPM2_NO_WRAPPER */ - -/******************************************************************************/ -/* --- END Wrapper API Demo -- */ -/******************************************************************************/ - - - - -/******************************************************************************/ -/* --- BEGIN TPM Native API Demo -- */ +/* --- BEGIN TPM Native API Tests -- */ /******************************************************************************/ @@ -325,7 +62,7 @@ typedef struct tmpHandle { } TpmHandle; -int TPM2_Demo(void* userCtx) +int TPM2_Native_Test(void* userCtx) { int rc; TPM2_CTX tpm2Ctx; @@ -453,7 +190,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_Init(&tpm2Ctx, TPM2_IoCb, userCtx); if (rc != TPM_RC_SUCCESS) { - printf("TPM2_Init failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + printf("TPM2_Init failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } @@ -473,7 +210,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_Startup(&cmdIn.startup); if (rc != TPM_RC_SUCCESS && rc != TPM_RC_INITIALIZE /* TPM_RC_INITIALIZE = Already started */ ) { - printf("TPM2_Startup failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + printf("TPM2_Startup failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } printf("TPM2_Startup pass\n"); @@ -484,7 +221,7 @@ int TPM2_Demo(void* userCtx) cmdIn.selfTest.fullTest = YES; rc = TPM2_SelfTest(&cmdIn.selfTest); if (rc != TPM_RC_SUCCESS) { - printf("TPM2_SelfTest failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + printf("TPM2_SelfTest failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } printf("TPM2_SelfTest pass\n"); @@ -493,7 +230,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_GetTestResult(&cmdOut.tr); if (rc != TPM_RC_SUCCESS) { printf("TPM2_GetTestResult failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); goto exit; } printf("TPM2_GetTestResult: Size %d, Rc 0x%x\n", cmdOut.tr.outData.size, @@ -518,7 +255,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_GetCapability(&cmdIn.cap, &cmdOut.cap); if (rc != TPM_RC_SUCCESS) { printf("TPM2_GetCapability failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); goto exit; } tpmProp = &cmdOut.cap.capabilityData.data.tpmProperties; @@ -531,7 +268,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_GetCapability(&cmdIn.cap, &cmdOut.cap); if (rc != TPM_RC_SUCCESS) { printf("TPM2_GetCapability failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); goto exit; } tpmProp = &cmdOut.cap.capabilityData.data.tpmProperties; @@ -545,7 +282,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_GetRandom(&cmdIn.getRand, &cmdOut.getRand); if (rc != TPM_RC_SUCCESS) { printf("TPM2_GetRandom failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); goto exit; } if (cmdOut.getRand.randomBytes.size != WC_SHA256_DIGEST_SIZE) { @@ -566,7 +303,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_StirRandom(&cmdIn.stirRand); if (rc != TPM_RC_SUCCESS) { printf("TPM2_StirRandom failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); goto exit; } printf("TPM2_StirRandom: success\n"); @@ -576,12 +313,12 @@ int TPM2_Demo(void* userCtx) for (i=0; i 0) { @@ -1319,7 +1056,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_NV_DefineSpace(&cmdIn.nvDefine); if (rc != TPM_RC_SUCCESS) { printf("TPM2_NV_DefineSpace failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); goto exit; } printf("TPM2_NV_DefineSpace: 0x%x\n", nvIndex); @@ -1330,7 +1067,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_NV_ReadPublic(&cmdIn.nvReadPub, &cmdOut.nvReadPub); if (rc != TPM_RC_SUCCESS) { printf("TPM2_NV_ReadPublic failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); //goto exit; } printf("TPM2_NV_ReadPublic: Sz %d, Idx 0x%x, nameAlg %d, Attr 0x%x, " @@ -1350,7 +1087,7 @@ int TPM2_Demo(void* userCtx) rc = TPM2_NV_UndefineSpace(&cmdIn.nvUndefine); if (rc != TPM_RC_SUCCESS) { printf("TPM2_NV_UndefineSpace failed 0x%x: %s\n", rc, - wolfTPM2_GetRCString(rc)); + TPM2_GetRCString(rc)); goto exit; } @@ -1390,7 +1127,7 @@ exit: cmdIn.shutdown.shutdownType = TPM_SU_CLEAR; rc = TPM2_Shutdown(&cmdIn.shutdown); if (rc != TPM_RC_SUCCESS) { - printf("TPM2_Shutdown failed 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + printf("TPM2_Shutdown failed 0x%x: %s\n", rc, TPM2_GetRCString(rc)); goto exit; } @@ -1406,7 +1143,7 @@ exit: } /******************************************************************************/ -/* --- BEGIN TPM Native API Demo -- */ +/* --- BEGIN TPM Native API Tests -- */ /******************************************************************************/ @@ -1415,13 +1152,7 @@ int main(void) { int rc; -#ifndef WOLFTPM2_NO_WRAPPER - rc = TPM2_Wrapper_Demo(TPM2_USER_CTX); - if (rc != 0) - return rc; -#endif - - rc = TPM2_Demo(TPM2_USER_CTX); + rc = TPM2_Native_Test(TPM2_IoGetUserCtx()); return rc; } diff --git a/examples/tpm/tpm2_demo.h b/examples/native/native_test.h old mode 100644 new mode 100755 similarity index 84% rename from examples/tpm/tpm2_demo.h rename to examples/native/native_test.h index 743494f..dc9843d --- a/examples/tpm/tpm2_demo.h +++ b/examples/native/native_test.h @@ -1,4 +1,4 @@ -/* tpm2_demo.h +/* native_test.h * * Copyright (C) 2006-2018 wolfSSL Inc. * @@ -19,11 +19,10 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA */ -#ifndef _TPM2_DEMO_H_ -#define _TPM2_DEMO_H_ +#ifndef _NATIVE_TEST_H_ +#define _NATIVE_TEST_H_ -int TPM2_Demo(void* userCtx); -int TPM2_Wrapper_Demo(void* userCtx); +int TPM2_Native_Test(void* userCtx); -#endif /* _TPM2_DEMO_H_ */ +#endif /* _NATIVE_TEST_H_ */ diff --git a/examples/tpm/include.am b/examples/tpm/include.am deleted file mode 100644 index 64666bf..0000000 --- a/examples/tpm/include.am +++ /dev/null @@ -1,13 +0,0 @@ -# vim:ft=automake -# All paths should be given relative to the root - -if BUILD_EXAMPLES -noinst_PROGRAMS += examples/tpm/tpm2_demo -noinst_HEADERS += examples/tpm/tpm2_demo.h -examples_tpm_tpm2_demo_SOURCES = examples/tpm/tpm2_demo.c -examples_tpm_tpm2_demo_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) -examples_tpm_tpm2_demo_DEPENDENCIES = src/libwolftpm.la -endif - -dist_example_DATA+= examples/tpm/tpm2_demo.c -DISTCLEANFILES+= examples/tpm/.libs/tpm_demo diff --git a/examples/tpm_io.c b/examples/tpm_io.c new file mode 100755 index 0000000..e65474a --- /dev/null +++ b/examples/tpm_io.c @@ -0,0 +1,125 @@ +/* tpm_io.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfTPM is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfTPM is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This example shows IO interfaces for Linux Kernel or STM32 CubeMX HAL */ + + +#include +#include + + +/******************************************************************************/ +/* --- BEGIN IO Callback Logic -- */ +/******************************************************************************/ + +/* Configuration for the SPI interface */ +#ifdef WOLFSSL_STM32_CUBEMX + extern SPI_HandleTypeDef hspi1; + #define TPM2_USER_CTX &hspi1 +#elif defined(__linux__) + #include + #include + #include + #define TPM2_SPI_DEV "/dev/spidev0.1" + + static int gSpiDev = -1; + #define TPM2_USER_CTX &gSpiDev +#else + /* TODO: Add your platform here for HW interface */ + #define TPM2_USER_CTX NULL +#endif + +void* TPM2_IoGetUserCtx(void) +{ + return TPM2_USER_CTX; +} + +/* IO Callback */ +int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf, + word16 xferSz, void* userCtx) +{ + int ret = TPM_RC_FAILURE; +#ifdef WOLFSSL_STM32_CUBEMX + /* STM32 CubeMX Hal */ + SPI_HandleTypeDef* hspi = (SPI_HandleTypeDef*)userCtx; + HAL_StatusTypeDef status; + + __HAL_SPI_ENABLE(hspi); + status = HAL_SPI_TransmitReceive(hspi, (byte*)txBuf, rxBuf, xferSz, 5000); + __HAL_SPI_DISABLE(hspi); + if (status == HAL_OK) + ret = TPM_RC_SUCCESS; + +#elif defined(__linux__) + /* Use Linux SPI synchronous access */ + int* spiDev = (int*)userCtx; + + if (*spiDev == -1) { + /* 33Mhz - PI has issue with 5-10Mhz on packets sized over 130 */ + unsigned int maxSpeed = 33000000; + int mode = 0; /* mode 0 */ + int bits_per_word = 0; /* 8-bits */ + + *spiDev = open(TPM2_SPI_DEV, O_RDWR); + if (*spiDev >= 0) { + ioctl(*spiDev, SPI_IOC_WR_MODE, &mode); + ioctl(*spiDev, SPI_IOC_RD_MAX_SPEED_HZ, &maxSpeed); + ioctl(*spiDev, SPI_IOC_WR_BITS_PER_WORD, &bits_per_word); + } + } + + if (*spiDev >= 0) { + struct spi_ioc_transfer spi; + size_t size; + + XMEMSET(&spi, 0, sizeof(spi)); + spi.tx_buf = (unsigned long)txBuf; + spi.rx_buf = (unsigned long)rxBuf; + spi.len = xferSz; + spi.cs_change= 1; /* strobe CS between transfers */ + + size = ioctl(*spiDev, SPI_IOC_MESSAGE(1), &spi); + if (size == xferSz) + ret = TPM_RC_SUCCESS; + } +#else + /* TODO: Add your platform here for HW interface */ + #error Add your platform here for HW interface + (void)txBuf; + (void)rxBuf; + (void)xferSz; + (void)userCtx; +#endif + +#ifdef DEBUG_WOLFTPM + //printf("TPM2_IoCb: %d\n", xferSz); + //TPM2_PrintBin(txBuf, xferSz); + //TPM2_PrintBin(rxBuf, xferSz); +#endif + + (void)ctx; + + return ret; +} + +/******************************************************************************/ +/* --- END IO Callback Logic -- */ +/******************************************************************************/ diff --git a/examples/tpm_io.h b/examples/tpm_io.h new file mode 100755 index 0000000..f8074d3 --- /dev/null +++ b/examples/tpm_io.h @@ -0,0 +1,32 @@ +/* tpm_io.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfTPM is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfTPM is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef _TPM_IO_H_ +#define _TPM_IO_H_ + +#include + +void* TPM2_IoGetUserCtx(void); +int TPM2_IoCb(TPM2_CTX* ctx, const byte* txBuf, byte* rxBuf, + word16 xferSz, void* userCtx); + + +#endif /* _TPM_IO_H_ */ diff --git a/examples/wrap/include.am b/examples/wrap/include.am new file mode 100755 index 0000000..075e26e --- /dev/null +++ b/examples/wrap/include.am @@ -0,0 +1,14 @@ +# vim:ft=automake +# All paths should be given relative to the root + +if BUILD_EXAMPLES +noinst_PROGRAMS += examples/wrap/wrap_test +noinst_HEADERS += examples/wrap/wrap_test.h +examples_wrap_wrap_test_SOURCES = examples/wrap/wrap_test.c \ + examples/tpm_io.c +examples_wrap_wrap_test_LDADD = src/libwolftpm.la $(LIB_STATIC_ADD) +examples_wrap_wrap_test_DEPENDENCIES = src/libwolftpm.la +endif + +dist_example_DATA+= examples/wrap/wrap_test.c +DISTCLEANFILES+= examples/wrap/.libs/wrap_test diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c new file mode 100755 index 0000000..8f49c5e --- /dev/null +++ b/examples/wrap/wrap_test.c @@ -0,0 +1,201 @@ +/* wrap_test.c + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfTPM is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfTPM is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* This example shows using the TPM2 wrapper API's in TPM2_Wrapper_Test() below. */ + +#include +#include + +#ifndef WOLFTPM2_NO_WRAPPER + +#include +#include + +#define TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE 0x81000200 + +/******************************************************************************/ +/* --- BEGIN Wrapper API Tests -- */ +/******************************************************************************/ + +int TPM2_Wrapper_Test(void* userCtx) +{ + int rc; + WOLFTPM2_DEV dev; + WOLFTPM2_KEY storageKey; + WOLFTPM2_KEY rsaKey; + WOLFTPM2_KEY eccKey; + WOLFTPM2_BUFFER message; + WOLFTPM2_BUFFER cipher; + WOLFTPM2_BUFFER plain; + TPMT_PUBLIC publicTemplate; + TPM2B_ECC_POINT pubPoint; + const char storageKeyAuth[] = "ThisIsMyStorageKeyAuth"; + const char keyAuth[] = "ThisIsMyKeyAuth"; + + printf("TPM2 Demo for Wrapper API's\n"); + + + /* Init the TPM2 device */ + rc = wolfTPM2_Init(&dev, TPM2_IoCb, userCtx); + if (rc != 0) return rc; + + /* See if primary storage key already exists */ + rc = wolfTPM2_ReadPublicKey(&dev, &storageKey, TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE); + if (rc != 0) { + /* Create primary storage key */ + rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate, + TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent | + TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | + TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA); + if (rc != 0) goto exit; + rc = wolfTPM2_CreatePrimaryKey(&dev, &storageKey, TPM_RH_OWNER, + &publicTemplate, (byte*)storageKeyAuth, sizeof(storageKeyAuth)-1); + if (rc != 0) goto exit; + + /* Move this key into peristent storage */ + rc = wolfTPM2_NVStoreKey(&dev, TPM_RH_OWNER, &storageKey, + TPM2_DEMO_PERSISTENT_STORAGE_KEY_HANDLE); + if (rc != 0) goto exit; + } + else { + /* specify auth password for storage key */ + storageKey.handle.auth.size = sizeof(storageKeyAuth)-1; + XMEMCPY(storageKey.handle.auth.buffer, storageKeyAuth, + storageKey.handle.auth.size); + } + + /* Create RSA key for encrypt/decrypt */ + rc = wolfTPM2_GetKeyTemplate_RSA(&publicTemplate, + TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | + TPMA_OBJECT_decrypt | TPMA_OBJECT_sign | TPMA_OBJECT_noDA); + if (rc != 0) goto exit; + rc = wolfTPM2_CreateAndLoadKey(&dev, &rsaKey, &storageKey.handle, + &publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1); + if (rc != 0) goto exit; + + /* Perform RSA encrypt / decrypt */ + message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */ + XMEMSET(message.buffer, 0x11, message.size); + cipher.size = sizeof(cipher.buffer); /* encrypted data */ + rc = wolfTPM2_RsaEncrypt(&dev, &rsaKey, TPM_ALG_OAEP, + message.buffer, message.size, cipher.buffer, &cipher.size); + if (rc != 0) goto exit; + + plain.size = sizeof(plain.buffer); + rc = wolfTPM2_RsaDecrypt(&dev, &rsaKey, TPM_ALG_OAEP, + cipher.buffer, cipher.size, plain.buffer, &plain.size); + if (rc != 0) goto exit; + + rc = wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); + if (rc != 0) goto exit; + + /* Validate encrypt / decrypt */ + if (message.size != plain.size || + XMEMCMP(message.buffer, plain.buffer, message.size) != 0) { + rc = TPM_RC_TESTING; goto exit; + } + printf("RSA Encrypt Test Passed\n"); + + + /* Create an ECC key for ECDSA */ + rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate, + TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | + TPMA_OBJECT_sign | TPMA_OBJECT_noDA, + TPM_ECC_NIST_P256, TPM_ALG_ECDSA); + if (rc != 0) goto exit; + rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle, + &publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1); + if (rc != 0) goto exit; + + /* Perform sign / verify */ + message.size = WC_SHA256_DIGEST_SIZE; /* test message 0x11,0x11,etc */ + XMEMSET(message.buffer, 0x11, message.size); + cipher.size = sizeof(cipher.buffer); /* signature */ + rc = wolfTPM2_SignHash(&dev, &eccKey, message.buffer, message.size, + cipher.buffer, &cipher.size); + if (rc != 0) goto exit; + + rc = wolfTPM2_VerifyHash(&dev, &eccKey, cipher.buffer, cipher.size, + message.buffer, message.size); + if (rc != 0) goto exit; + + rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); + if (rc != 0) goto exit; + + printf("ECC Sign/Verify Passed\n"); + + + /* Create an ECC key for DH */ + rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate, + TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth | + TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA, + TPM_ECC_NIST_P256, TPM_ALG_ECDH); + if (rc != 0) goto exit; + rc = wolfTPM2_CreateAndLoadKey(&dev, &eccKey, &storageKey.handle, + &publicTemplate, (byte*)keyAuth, sizeof(keyAuth)-1); + if (rc != 0) goto exit; + + /* Create ephemeral ECC key and generate a shared secret */ + cipher.size = sizeof(cipher.buffer); + rc = wolfTPM2_ECDHGen(&dev, &eccKey, &pubPoint, + cipher.buffer, &cipher.size); + if (rc != 0) goto exit; + + rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); + if (rc != 0) goto exit; + + printf("ECC DH Generation Passed\n"); + + +exit: + + if (rc != 0) { + printf("Failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc)); + } + + wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); + wolfTPM2_UnloadHandle(&dev, &eccKey.handle); + wolfTPM2_UnloadHandle(&dev, &storageKey.handle); + wolfTPM2_Cleanup(&dev); + + return rc; +} + +/******************************************************************************/ +/* --- END Wrapper API Tests -- */ +/******************************************************************************/ + +#endif /* !WOLFTPM2_NO_WRAPPER */ + +#ifndef NO_MAIN_DRIVER +int main(void) +{ + int rc = -1; + +#ifndef WOLFTPM2_NO_WRAPPER + rc = TPM2_Wrapper_Test(TPM2_IoGetUserCtx()); +#else + printf("Wrapper code not compiled in\n"); +#endif + + return rc; +} +#endif /* !NO_MAIN_DRIVER */ diff --git a/examples/wrap/wrap_test.h b/examples/wrap/wrap_test.h new file mode 100755 index 0000000..c4dbc85 --- /dev/null +++ b/examples/wrap/wrap_test.h @@ -0,0 +1,28 @@ +/* wrap_test.h + * + * Copyright (C) 2006-2018 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfTPM is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfTPM is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#ifndef _WRAP_TEST_H_ +#define _WRAP_TEST_H_ + + +int TPM2_Wrapper_Test(void* userCtx); + +#endif /* _WRAP_TEST_H_ */ diff --git a/src/tpm2.c b/src/tpm2.c index bac5220..703d84c 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -4526,6 +4526,241 @@ int TPM2_GetNonce(byte* nonceBuf, int nonceSz) return rc; } +void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex) +{ + if (pcr) { + pcr->count = 1; + pcr->pcrSelections[0].hash = alg; + pcr->pcrSelections[0].sizeofSelect = PCR_SELECT_MIN; + XMEMSET(pcr->pcrSelections[0].pcrSelect, 0, PCR_SELECT_MIN); + pcr->pcrSelections[0].pcrSelect[pcrIndex >> 3] = (1 << (pcrIndex & 0x7)); + } +} + + +#define TPM_RC_STRINGIFY(rc) #rc +#ifdef DEBUG_WOLFTPM + #define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) ": " desc +#else + #define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) +#endif + +const char* TPM2_GetRCString(int rc) +{ + /* for negative return codes use wolfCrypt */ + if (rc < 0) { + return wc_GetErrorString(rc); + } + + if (rc & RC_VER1) { + int rc_fm0 = rc & RC_MAX_FM0; + + switch (rc_fm0) { + TPM_RC_STR(TPM_RC_SUCCESS, "Success"); + TPM_RC_STR(TPM_RC_BAD_TAG, "Bad Tag"); + TPM_RC_STR(TPM_RC_INITIALIZE, "TPM not initialized by TPM2_Startup or already initialized"); + TPM_RC_STR(TPM_RC_FAILURE, "Commands not being accepted because of a TPM failure"); + TPM_RC_STR(TPM_RC_SEQUENCE, "Improper use of a sequence handle"); + TPM_RC_STR(TPM_RC_DISABLED, "The command is disabled"); + TPM_RC_STR(TPM_RC_EXCLUSIVE, "Command failed because audit sequence required exclusivity"); + TPM_RC_STR(TPM_RC_AUTH_TYPE, "Authorization handle is not correct for command"); + TPM_RC_STR(TPM_RC_AUTH_MISSING, "Command requires an authorization session for handle and it is not present"); + TPM_RC_STR(TPM_RC_POLICY, "Policy failure in math operation or an invalid authPolicy value"); + TPM_RC_STR(TPM_RC_PCR, "PCR check fail"); + TPM_RC_STR(TPM_RC_PCR_CHANGED, "PCR have changed since checked"); + TPM_RC_STR(TPM_RC_UPGRADE, "Indicates that the TPM is in field upgrade mode"); + TPM_RC_STR(TPM_RC_TOO_MANY_CONTEXTS, "Context ID counter is at maximum"); + TPM_RC_STR(TPM_RC_AUTH_UNAVAILABLE, "The authValue or authPolicy is not available for selected entity"); + TPM_RC_STR(TPM_RC_REBOOT, "A _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation"); + TPM_RC_STR(TPM_RC_UNBALANCED, "The protection algorithms (hash and symmetric) are not reasonably balanced"); + TPM_RC_STR(TPM_RC_COMMAND_SIZE, "Command commandSize value is inconsistent with contents of the command buffer"); + TPM_RC_STR(TPM_RC_COMMAND_CODE, "Command code not supported"); + TPM_RC_STR(TPM_RC_AUTHSIZE, "The value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required"); + TPM_RC_STR(TPM_RC_AUTH_CONTEXT, "Use of an authorization session with a context command or another command that cannot have an authorization session"); + TPM_RC_STR(TPM_RC_NV_RANGE, "NV offset+size is out of range"); + TPM_RC_STR(TPM_RC_NV_SIZE, "Requested allocation size is larger than allowed"); + TPM_RC_STR(TPM_RC_NV_LOCKED, "NV access locked"); + TPM_RC_STR(TPM_RC_NV_AUTHORIZATION, "NV access authorization fails in command actions"); + TPM_RC_STR(TPM_RC_NV_UNINITIALIZED, "An NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored"); + TPM_RC_STR(TPM_RC_NV_SPACE, "Insufficient space for NV allocation"); + TPM_RC_STR(TPM_RC_NV_DEFINED, "NV Index or persistent object already defined"); + TPM_RC_STR(TPM_RC_BAD_CONTEXT, "Context in TPM2_ContextLoad() is not valid"); + TPM_RC_STR(TPM_RC_CPHASH, "The cpHash value already set or not correct for use"); + TPM_RC_STR(TPM_RC_PARENT, "Handle for parent is not a valid parent"); + TPM_RC_STR(TPM_RC_NEEDS_TEST, "Some function needs testing"); + TPM_RC_STR(TPM_RC_NO_RESULT, "Cannot process a request due to an unspecified problem"); + TPM_RC_STR(TPM_RC_SENSITIVE, "The sensitive area did not unmarshal correctly after decryption"); + default: + break; + } + } + + if (rc & RC_FMT1) { + int rc_fmt1 = rc & RC_MAX_FMT1; + + switch (rc_fmt1) { + TPM_RC_STR(TPM_RC_ASYMMETRIC, "Asymmetric algorithm not supported or not correct"); + TPM_RC_STR(TPM_RC_ATTRIBUTES, "Inconsistent attributes"); + TPM_RC_STR(TPM_RC_HASH, "Hash algorithm not supported or not appropriate"); + TPM_RC_STR(TPM_RC_VALUE, "Value is out of range or is not correct for the context"); + TPM_RC_STR(TPM_RC_HIERARCHY, "Hierarchy is not enabled or is not correct for the use"); + TPM_RC_STR(TPM_RC_KEY_SIZE, "Key size is not supported"); + TPM_RC_STR(TPM_RC_MGF, "Mask generation function not supported"); + TPM_RC_STR(TPM_RC_MODE, "Mode of operation not supported"); + TPM_RC_STR(TPM_RC_TYPE, "The type of the value is not appropriate for the use"); + TPM_RC_STR(TPM_RC_HANDLE, "The handle is not correct for the use"); + TPM_RC_STR(TPM_RC_KDF, "Unsupported key derivation function or function not appropriate for use"); + TPM_RC_STR(TPM_RC_RANGE, "Value was out of allowed range"); + TPM_RC_STR(TPM_RC_AUTH_FAIL, "The authorization HMAC check failed and DA counter incremented"); + TPM_RC_STR(TPM_RC_NONCE, "Invalid nonce size or nonce value mismatch"); + TPM_RC_STR(TPM_RC_PP, "Authorization requires assertion of PP"); + TPM_RC_STR(TPM_RC_SCHEME, "Unsupported or incompatible scheme"); + TPM_RC_STR(TPM_RC_SIZE, "Structure is the wrong size"); + TPM_RC_STR(TPM_RC_SYMMETRIC, "Unsupported symmetric algorithm or key size, or not appropriate for instance"); + TPM_RC_STR(TPM_RC_TAG, "Incorrect structure tag"); + TPM_RC_STR(TPM_RC_SELECTOR, "Union selector is incorrect"); + TPM_RC_STR(TPM_RC_INSUFFICIENT, "The TPM was unable to unmarshal a value because there were not enough octets in the input buffer"); + TPM_RC_STR(TPM_RC_SIGNATURE, "The signature is not valid"); + TPM_RC_STR(TPM_RC_KEY, "Key fields are not compatible with the selected use"); + TPM_RC_STR(TPM_RC_POLICY_FAIL, "A policy check failed"); + TPM_RC_STR(TPM_RC_INTEGRITY, "Integrity check failed"); + TPM_RC_STR(TPM_RC_TICKET, "Invalid ticket"); + TPM_RC_STR(TPM_RC_RESERVED_BITS, "Reserved bits not set to zero as required"); + TPM_RC_STR(TPM_RC_BAD_AUTH, "Authorization failure without DA implications"); + TPM_RC_STR(TPM_RC_EXPIRED, "The policy has expired"); + TPM_RC_STR(TPM_RC_POLICY_CC, "The commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented"); + TPM_RC_STR(TPM_RC_BINDING, "Public and sensitive portions of an object are not cryptographically bound"); + TPM_RC_STR(TPM_RC_CURVE, "Curve not supported"); + TPM_RC_STR(TPM_RC_ECC_POINT, "Point is not on the required curve"); + default: + break; + } + } + + if (rc & RC_WARN) { + int rc_warn = rc & RC_MAX_WARN; + + switch (rc_warn) { + TPM_RC_STR(TPM_RC_CONTEXT_GAP, "Gap for context ID is too large"); + TPM_RC_STR(TPM_RC_OBJECT_MEMORY, "Out of memory for object contexts"); + TPM_RC_STR(TPM_RC_SESSION_MEMORY, "Out of memory for session contexts"); + TPM_RC_STR(TPM_RC_MEMORY, "Out of shared object/session memory or need space for internal operations"); + TPM_RC_STR(TPM_RC_SESSION_HANDLES, "Out of session handles; a session must be flushed before a new session may be created"); + TPM_RC_STR(TPM_RC_OBJECT_HANDLES, "Out of object handles"); + TPM_RC_STR(TPM_RC_LOCALITY, "Bad locality"); + TPM_RC_STR(TPM_RC_YIELDED, "The TPM has suspended operation on the command"); + TPM_RC_STR(TPM_RC_CANCELED, "The command was canceled"); + TPM_RC_STR(TPM_RC_TESTING, "TPM is performing self-tests"); + TPM_RC_STR(TPM_RC_NV_RATE, "The TPM is rate-limiting accesses to prevent wearout of NV"); + TPM_RC_STR(TPM_RC_LOCKOUT, "Authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode"); + TPM_RC_STR(TPM_RC_RETRY, "The TPM was not able to start the command"); + TPM_RC_STR(TPM_RC_NV_UNAVAILABLE, "The command may require writing of NV and NV is not current accessible"); + TPM_RC_STR(TPM_RC_NOT_USED, "This value is reserved and shall not be returned by the TPM"); + default: + break; + } + } + + return "Unknown"; +} + +const char* TPM2_GetAlgName(TPM_ALG_ID alg) +{ + switch (alg) { + case TPM_ALG_RSA: + return "RSA"; + case TPM_ALG_SHA1: + return "SHA1"; + case TPM_ALG_HMAC: + return "HMAC"; + case TPM_ALG_AES: + return "AES"; + case TPM_ALG_MGF1: + return "MGF1"; + case TPM_ALG_KEYEDHASH: + return "KEYEDHASH"; + case TPM_ALG_XOR: + return "XOR"; + case TPM_ALG_SHA256: + return "SHA256"; + case TPM_ALG_SHA384: + return "SHA384"; + case TPM_ALG_SHA512: + return "SHA512"; + case TPM_ALG_NULL: + return "NULL"; + case TPM_ALG_SM3_256: + return "SM3_256"; + case TPM_ALG_SM4: + return "SM4"; + case TPM_ALG_RSASSA: + return "RSASSA"; + case TPM_ALG_RSAES: + return "RSAES"; + case TPM_ALG_RSAPSS: + return "RSAPSS"; + case TPM_ALG_OAEP: + return "OAEP"; + case TPM_ALG_ECDSA: + return "ECDSA"; + case TPM_ALG_ECDH: + return "ECDH"; + case TPM_ALG_ECDAA: + return "ECDAA"; + case TPM_ALG_SM2: + return "SM2"; + case TPM_ALG_ECSCHNORR: + return "ECSCHNORR"; + case TPM_ALG_ECMQV: + return "ECMQV"; + case TPM_ALG_KDF1_SP800_56A: + return "KDF1_SP800_56A"; + case TPM_ALG_KDF2: + return "KDF2"; + case TPM_ALG_KDF1_SP800_108: + return "KDF1_SP800_108"; + case TPM_ALG_ECC: + return "ECC"; + case TPM_ALG_SYMCIPHER: + return "SYMCIPHER"; + case TPM_ALG_CTR: + return "CTR"; + case TPM_ALG_OFB: + return "OFB"; + case TPM_ALG_CBC: + return "CBC"; + case TPM_ALG_CFB: + return "CFB"; + case TPM_ALG_ECB: + return "ECB"; + default: + break; + } + return "Unknown"; +} + +int TPM2_GetCurveSize(TPM_ECC_CURVE curveID) +{ + switch (curveID) { + case TPM_ECC_NIST_P192: + return 24; + case TPM_ECC_NIST_P224: + return 28; + case TPM_ECC_NIST_P256: + case TPM_ECC_BN_P256: + case TPM_ECC_SM2_P256: + return 32; + case TPM_ECC_NIST_P384: + return 48; + case TPM_ECC_NIST_P521: + return 66; + case TPM_ECC_BN_P638: + return 80; + } + return 0; +} + + #ifdef DEBUG_WOLFTPM #define LINE_LEN 16 diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index c3129ab..3a96cd7 100755 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -62,9 +62,9 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx) /* define the default session auth */ XMEMSET(dev->session, 0, sizeof(dev->session)); - dev->session[0].sessionHandle = TPM_RS_PW; /* default */ - TPM2_SetSessionAuth(dev->session); + wolfTPM2_SetAuth(dev, 0, TPM_RS_PW, NULL, 0); + /* startup */ XMEMSET(&startupIn, 0, sizeof(Startup_In)); startupIn.startupType = TPM_SU_CLEAR; rc = TPM2_Startup(&startupIn); @@ -80,6 +80,24 @@ int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx) return TPM_RC_SUCCESS; } +int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index, + TPM_HANDLE sessionHandle, const byte* auth, int authSz) +{ + if (dev == NULL || index >= MAX_SESSION_NUM) { + return BAD_FUNC_ARG; + } + + /* define the default session auth */ + dev->session[index].sessionHandle = sessionHandle; + dev->session[index].auth.size = authSz; + if (auth && authSz > 0) + XMEMCPY(dev->session[index].auth.buffer, auth, authSz); + + TPM2_SetSessionAuth(dev->session); + + return 0; +} + int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev) { int rc; @@ -373,7 +391,7 @@ int wolfTPM2_NVDeleteKey(WOLFTPM2_DEV* dev, TPM_HANDLE primaryHandle, WOLFTPM2_K } /* if key is not persistent then just return success */ - if (key->handle.hndl < PERMANENT_FIRST || key->handle.hndl > PERMANENT_LAST) + if (key->handle.hndl < PERSISTENT_FIRST || key->handle.hndl > PERSISTENT_LAST) return TPM_RC_SUCCESS; /* Move key into NV to persist */ @@ -690,27 +708,32 @@ int wolfTPM2_ReadPCR(WOLFTPM2_DEV* dev, int pcrIndex, int alg, byte* digest, int wolfTPM2_UnloadHandle(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* handle) { int rc; - FlushContext_In flushCtxIn; + FlushContext_In in; if (dev == NULL || handle == NULL) return BAD_FUNC_ARG; - if (handle->hndl != 0 && handle->hndl != TPM_RH_NULL) { - flushCtxIn.flushHandle = handle->hndl; - rc = TPM2_FlushContext(&flushCtxIn); - if (rc != TPM_RC_SUCCESS) { - printf("TPM2_FlushContext failed %d: %s\n", rc, - wolfTPM2_GetRCString(rc)); - return rc; - } - - #ifdef DEBUG_WOLFTPM - printf("TPM2_FlushContext: Closed handle 0x%x\n", handle->hndl); - #endif - - handle->hndl = TPM_RH_NULL; + /* don't try and unload null or persistent handles */ + if (handle->hndl == 0 || handle->hndl == TPM_RH_NULL || + (handle->hndl >= PERSISTENT_FIRST && handle->hndl <= PERSISTENT_LAST)) { + return TPM_RC_SUCCESS; } + XMEMSET(&in, 0, sizeof(in)); + in.flushHandle = handle->hndl; + rc = TPM2_FlushContext(&in); + if (rc != TPM_RC_SUCCESS) { + printf("TPM2_FlushContext failed %d: %s\n", rc, + wolfTPM2_GetRCString(rc)); + return rc; + } + +#ifdef DEBUG_WOLFTPM + printf("TPM2_FlushContext: Closed handle 0x%x\n", handle->hndl); +#endif + + handle->hndl = TPM_RH_NULL; + return TPM_RC_SUCCESS; } @@ -809,239 +832,6 @@ int wolfTPM2_GetKeyTemplate_ECC(TPMT_PUBLIC* publicTemplate, return 0; } -const char* wolfTPM2_GetAlgName(TPM_ALG_ID alg) -{ - switch (alg) { - case TPM_ALG_RSA: - return "RSA"; - case TPM_ALG_SHA1: - return "SHA1"; - case TPM_ALG_HMAC: - return "HMAC"; - case TPM_ALG_AES: - return "AES"; - case TPM_ALG_MGF1: - return "MGF1"; - case TPM_ALG_KEYEDHASH: - return "KEYEDHASH"; - case TPM_ALG_XOR: - return "XOR"; - case TPM_ALG_SHA256: - return "SHA256"; - case TPM_ALG_SHA384: - return "SHA384"; - case TPM_ALG_SHA512: - return "SHA512"; - case TPM_ALG_NULL: - return "NULL"; - case TPM_ALG_SM3_256: - return "SM3_256"; - case TPM_ALG_SM4: - return "SM4"; - case TPM_ALG_RSASSA: - return "RSASSA"; - case TPM_ALG_RSAES: - return "RSAES"; - case TPM_ALG_RSAPSS: - return "RSAPSS"; - case TPM_ALG_OAEP: - return "OAEP"; - case TPM_ALG_ECDSA: - return "ECDSA"; - case TPM_ALG_ECDH: - return "ECDH"; - case TPM_ALG_ECDAA: - return "ECDAA"; - case TPM_ALG_SM2: - return "SM2"; - case TPM_ALG_ECSCHNORR: - return "ECSCHNORR"; - case TPM_ALG_ECMQV: - return "ECMQV"; - case TPM_ALG_KDF1_SP800_56A: - return "KDF1_SP800_56A"; - case TPM_ALG_KDF2: - return "KDF2"; - case TPM_ALG_KDF1_SP800_108: - return "KDF1_SP800_108"; - case TPM_ALG_ECC: - return "ECC"; - case TPM_ALG_SYMCIPHER: - return "SYMCIPHER"; - case TPM_ALG_CTR: - return "CTR"; - case TPM_ALG_OFB: - return "OFB"; - case TPM_ALG_CBC: - return "CBC"; - case TPM_ALG_CFB: - return "CFB"; - case TPM_ALG_ECB: - return "ECB"; - default: - break; - } - return "Unknown"; -} - -#define TPM_RC_STRINGIFY(rc) #rc -#ifdef DEBUG_WOLFTPM - #define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) ": " desc -#else - #define TPM_RC_STR(rc, desc) case rc: return TPM_RC_STRINGIFY(rc) -#endif - -const char* wolfTPM2_GetRCString(int rc) -{ - /* for negative return codes use wolfCrypt */ - if (rc < 0) { - return wc_GetErrorString(rc); - } - - if (rc & RC_VER1) { - int rc_fm0 = rc & RC_MAX_FM0; - - switch (rc_fm0) { - TPM_RC_STR(TPM_RC_SUCCESS, "Success"); - TPM_RC_STR(TPM_RC_BAD_TAG, "Bad Tag"); - TPM_RC_STR(TPM_RC_INITIALIZE, "TPM not initialized by TPM2_Startup or already initialized"); - TPM_RC_STR(TPM_RC_FAILURE, "Commands not being accepted because of a TPM failure"); - TPM_RC_STR(TPM_RC_SEQUENCE, "Improper use of a sequence handle"); - TPM_RC_STR(TPM_RC_DISABLED, "The command is disabled"); - TPM_RC_STR(TPM_RC_EXCLUSIVE, "Command failed because audit sequence required exclusivity"); - TPM_RC_STR(TPM_RC_AUTH_TYPE, "Authorization handle is not correct for command"); - TPM_RC_STR(TPM_RC_AUTH_MISSING, "Command requires an authorization session for handle and it is not present"); - TPM_RC_STR(TPM_RC_POLICY, "Policy failure in math operation or an invalid authPolicy value"); - TPM_RC_STR(TPM_RC_PCR, "PCR check fail"); - TPM_RC_STR(TPM_RC_PCR_CHANGED, "PCR have changed since checked"); - TPM_RC_STR(TPM_RC_UPGRADE, "Indicates that the TPM is in field upgrade mode"); - TPM_RC_STR(TPM_RC_TOO_MANY_CONTEXTS, "Context ID counter is at maximum"); - TPM_RC_STR(TPM_RC_AUTH_UNAVAILABLE, "The authValue or authPolicy is not available for selected entity"); - TPM_RC_STR(TPM_RC_REBOOT, "A _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation"); - TPM_RC_STR(TPM_RC_UNBALANCED, "The protection algorithms (hash and symmetric) are not reasonably balanced"); - TPM_RC_STR(TPM_RC_COMMAND_SIZE, "Command commandSize value is inconsistent with contents of the command buffer"); - TPM_RC_STR(TPM_RC_COMMAND_CODE, "Command code not supported"); - TPM_RC_STR(TPM_RC_AUTHSIZE, "The value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required"); - TPM_RC_STR(TPM_RC_AUTH_CONTEXT, "Use of an authorization session with a context command or another command that cannot have an authorization session"); - TPM_RC_STR(TPM_RC_NV_RANGE, "NV offset+size is out of range"); - TPM_RC_STR(TPM_RC_NV_SIZE, "Requested allocation size is larger than allowed"); - TPM_RC_STR(TPM_RC_NV_LOCKED, "NV access locked"); - TPM_RC_STR(TPM_RC_NV_AUTHORIZATION, "NV access authorization fails in command actions"); - TPM_RC_STR(TPM_RC_NV_UNINITIALIZED, "An NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored"); - TPM_RC_STR(TPM_RC_NV_SPACE, "Insufficient space for NV allocation"); - TPM_RC_STR(TPM_RC_NV_DEFINED, "NV Index or persistent object already defined"); - TPM_RC_STR(TPM_RC_BAD_CONTEXT, "Context in TPM2_ContextLoad() is not valid"); - TPM_RC_STR(TPM_RC_CPHASH, "The cpHash value already set or not correct for use"); - TPM_RC_STR(TPM_RC_PARENT, "Handle for parent is not a valid parent"); - TPM_RC_STR(TPM_RC_NEEDS_TEST, "Some function needs testing"); - TPM_RC_STR(TPM_RC_NO_RESULT, "Cannot process a request due to an unspecified problem"); - TPM_RC_STR(TPM_RC_SENSITIVE, "The sensitive area did not unmarshal correctly after decryption"); - default: - break; - } - } - - if (rc & RC_FMT1) { - int rc_fmt1 = rc & RC_MAX_FMT1; - - switch (rc_fmt1) { - TPM_RC_STR(TPM_RC_ASYMMETRIC, "Asymmetric algorithm not supported or not correct"); - TPM_RC_STR(TPM_RC_ATTRIBUTES, "Inconsistent attributes"); - TPM_RC_STR(TPM_RC_HASH, "Hash algorithm not supported or not appropriate"); - TPM_RC_STR(TPM_RC_VALUE, "Value is out of range or is not correct for the context"); - TPM_RC_STR(TPM_RC_HIERARCHY, "Hierarchy is not enabled or is not correct for the use"); - TPM_RC_STR(TPM_RC_KEY_SIZE, "Key size is not supported"); - TPM_RC_STR(TPM_RC_MGF, "Mask generation function not supported"); - TPM_RC_STR(TPM_RC_MODE, "Mode of operation not supported"); - TPM_RC_STR(TPM_RC_TYPE, "The type of the value is not appropriate for the use"); - TPM_RC_STR(TPM_RC_HANDLE, "The handle is not correct for the use"); - TPM_RC_STR(TPM_RC_KDF, "Unsupported key derivation function or function not appropriate for use"); - TPM_RC_STR(TPM_RC_RANGE, "Value was out of allowed range"); - TPM_RC_STR(TPM_RC_AUTH_FAIL, "The authorization HMAC check failed and DA counter incremented"); - TPM_RC_STR(TPM_RC_NONCE, "Invalid nonce size or nonce value mismatch"); - TPM_RC_STR(TPM_RC_PP, "Authorization requires assertion of PP"); - TPM_RC_STR(TPM_RC_SCHEME, "Unsupported or incompatible scheme"); - TPM_RC_STR(TPM_RC_SIZE, "Structure is the wrong size"); - TPM_RC_STR(TPM_RC_SYMMETRIC, "Unsupported symmetric algorithm or key size, or not appropriate for instance"); - TPM_RC_STR(TPM_RC_TAG, "Incorrect structure tag"); - TPM_RC_STR(TPM_RC_SELECTOR, "Union selector is incorrect"); - TPM_RC_STR(TPM_RC_INSUFFICIENT, "The TPM was unable to unmarshal a value because there were not enough octets in the input buffer"); - TPM_RC_STR(TPM_RC_SIGNATURE, "The signature is not valid"); - TPM_RC_STR(TPM_RC_KEY, "Key fields are not compatible with the selected use"); - TPM_RC_STR(TPM_RC_POLICY_FAIL, "A policy check failed"); - TPM_RC_STR(TPM_RC_INTEGRITY, "Integrity check failed"); - TPM_RC_STR(TPM_RC_TICKET, "Invalid ticket"); - TPM_RC_STR(TPM_RC_RESERVED_BITS, "Reserved bits not set to zero as required"); - TPM_RC_STR(TPM_RC_BAD_AUTH, "Authorization failure without DA implications"); - TPM_RC_STR(TPM_RC_EXPIRED, "The policy has expired"); - TPM_RC_STR(TPM_RC_POLICY_CC, "The commandCode in the policy is not the commandCode of the command or the command code in a policy command references a command that is not implemented"); - TPM_RC_STR(TPM_RC_BINDING, "Public and sensitive portions of an object are not cryptographically bound"); - TPM_RC_STR(TPM_RC_CURVE, "Curve not supported"); - TPM_RC_STR(TPM_RC_ECC_POINT, "Point is not on the required curve"); - default: - break; - } - } - - if (rc & RC_WARN) { - int rc_warn = rc & RC_MAX_WARN; - - switch (rc_warn) { - TPM_RC_STR(TPM_RC_CONTEXT_GAP, "Gap for context ID is too large"); - TPM_RC_STR(TPM_RC_OBJECT_MEMORY, "Out of memory for object contexts"); - TPM_RC_STR(TPM_RC_SESSION_MEMORY, "Out of memory for session contexts"); - TPM_RC_STR(TPM_RC_MEMORY, "Out of shared object/session memory or need space for internal operations"); - TPM_RC_STR(TPM_RC_SESSION_HANDLES, "Out of session handles; a session must be flushed before a new session may be created"); - TPM_RC_STR(TPM_RC_OBJECT_HANDLES, "Out of object handles"); - TPM_RC_STR(TPM_RC_LOCALITY, "Bad locality"); - TPM_RC_STR(TPM_RC_YIELDED, "The TPM has suspended operation on the command"); - TPM_RC_STR(TPM_RC_CANCELED, "The command was canceled"); - TPM_RC_STR(TPM_RC_TESTING, "TPM is performing self-tests"); - TPM_RC_STR(TPM_RC_NV_RATE, "The TPM is rate-limiting accesses to prevent wearout of NV"); - TPM_RC_STR(TPM_RC_LOCKOUT, "Authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode"); - TPM_RC_STR(TPM_RC_RETRY, "The TPM was not able to start the command"); - TPM_RC_STR(TPM_RC_NV_UNAVAILABLE, "The command may require writing of NV and NV is not current accessible"); - TPM_RC_STR(TPM_RC_NOT_USED, "This value is reserved and shall not be returned by the TPM"); - default: - break; - } - } - - return "Unknown"; -} - -void wolfTPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex) -{ - if (pcr) { - pcr->count = 1; - pcr->pcrSelections[0].hash = alg; - pcr->pcrSelections[0].sizeofSelect = PCR_SELECT_MIN; - XMEMSET(pcr->pcrSelections[0].pcrSelect, 0, PCR_SELECT_MIN); - pcr->pcrSelections[0].pcrSelect[pcrIndex >> 3] = (1 << (pcrIndex & 0x7)); - } -} - -int wolfTPM2_GetCurveSize(TPM_ECC_CURVE curveID) -{ - switch (curveID) { - case TPM_ECC_NIST_P192: - return 24; - case TPM_ECC_NIST_P224: - return 28; - case TPM_ECC_NIST_P256: - case TPM_ECC_BN_P256: - case TPM_ECC_SM2_P256: - return 32; - case TPM_ECC_NIST_P384: - return 48; - case TPM_ECC_NIST_P521: - return 66; - case TPM_ECC_BN_P638: - return 80; - } - return 0; -} - /******************************************************************************/ /* --- END Utility Functions -- */ /******************************************************************************/ diff --git a/wolftpm/tpm2.h b/wolftpm/tpm2.h index 064e612..f136eb5 100644 --- a/wolftpm/tpm2.h +++ b/wolftpm/tpm2.h @@ -849,13 +849,13 @@ typedef enum { HR_HANDLE_MASK = 0x00FFFFFF, HR_RANGE_MASK = 0xFF000000, HR_SHIFT = 24, - HR_PCR = (TPM_HT_PCR << HR_SHIFT), - HR_HMAC_SESSION = (TPM_HT_HMAC_SESSION << HR_SHIFT), - HR_POLICY_SESSION = (TPM_HT_POLICY_SESSION << HR_SHIFT), - HR_TRANSIENT = (TPM_HT_TRANSIENT << HR_SHIFT), - HR_PERSISTENT = (TPM_HT_PERSISTENT << HR_SHIFT), - HR_NV_INDEX = (TPM_HT_NV_INDEX << HR_SHIFT), - HR_PERMANENT = (TPM_HT_PERMANENT << HR_SHIFT), + HR_PCR = ((UINT32)TPM_HT_PCR << HR_SHIFT), + HR_HMAC_SESSION = ((UINT32)TPM_HT_HMAC_SESSION << HR_SHIFT), + HR_POLICY_SESSION = ((UINT32)TPM_HT_POLICY_SESSION << HR_SHIFT), + HR_TRANSIENT = ((UINT32)TPM_HT_TRANSIENT << HR_SHIFT), + HR_PERSISTENT = ((UINT32)TPM_HT_PERSISTENT << HR_SHIFT), + HR_NV_INDEX = ((UINT32)TPM_HT_NV_INDEX << HR_SHIFT), + HR_PERMANENT = ((UINT32)TPM_HT_PERMANENT << HR_SHIFT), PCR_FIRST = (HR_PCR + 0), PCR_LAST = (PCR_FIRST + IMPLEMENTATION_PCR-1), HMAC_SESSION_FIRST = (HR_HMAC_SESSION + 0), @@ -2912,6 +2912,12 @@ WOLFTPM_API TPM2_CTX* TPM2_GetActiveCtx(void); WOLFTPM_API int TPM2_GetHashDigestSize(TPMI_ALG_HASH hashAlg); WOLFTPM_API int TPM2_GetNonce(byte* nonceBuf, int nonceSz); +WOLFTPM_API void TPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, + int pcrIndex); +WOLFTPM_API const char* TPM2_GetRCString(int rc); +WOLFTPM_API const char* TPM2_GetAlgName(TPM_ALG_ID alg); +WOLFTPM_API int TPM2_GetCurveSize(TPM_ECC_CURVE curveID); + #ifdef DEBUG_WOLFTPM WOLFTPM_API void TPM2_PrintBin(const byte* buffer, word32 length); diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h index 1eb9ec8..58c0934 100755 --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -59,6 +59,9 @@ typedef struct WOLFTPM2_BUFFER { WOLFTPM_API int wolfTPM2_Init(WOLFTPM2_DEV* dev, TPM2HalIoCb ioCb, void* userCtx); WOLFTPM_API int wolfTPM2_Cleanup(WOLFTPM2_DEV* dev); +WOLFTPM_API int wolfTPM2_SetAuth(WOLFTPM2_DEV* dev, int index, + TPM_HANDLE sessionHandle, const byte* auth, int authSz); + WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session, WOLFTPM2_KEY* tpmKey, WOLFTPM2_HANDLE* bind, TPM_SE sesType, int useEncrypDecrypt); @@ -103,9 +106,12 @@ WOLFTPM_API int wolfTPM2_GetKeyTemplate_RSA(TPMT_PUBLIC* publicTemplate, TPMA_OBJECT objectAttributes); WOLFTPM_API int wolfTPM2_GetKeyTemplate_ECC(TPMT_PUBLIC* publicTemplate, TPMA_OBJECT objectAttributes, TPM_ECC_CURVE curve, TPM_ALG_ID sigScheme); -WOLFTPM_API void wolfTPM2_SetupPCRSel(TPML_PCR_SELECTION* pcr, TPM_ALG_ID alg, int pcrIndex); -WOLFTPM_API const char* wolfTPM2_GetAlgName(TPM_ALG_ID alg); -WOLFTPM_API const char* wolfTPM2_GetRCString(TPM_RC rc); -WOLFTPM_API int wolfTPM2_GetCurveSize(TPM_ECC_CURVE curveID); + +/* moved to tpm.h native code. macros here for backwards compatibility */ +#define wolfTPM2_SetupPCRSel TPM2_SetupPCRSel +#define wolfTPM2_GetAlgName TPM2_GetAlgName +#define wolfTPM2_GetRCString TPM2_GetRCString +#define wolfTPM2_GetCurveSize TPM2_GetCurveSize + #endif /* __TPM2_WRAP_H__ */