diff --git a/examples/README.md b/examples/README.md index a0eb9c5..4cfe8c8 100644 --- a/examples/README.md +++ b/examples/README.md @@ -281,7 +281,7 @@ Typical output for storing and then reading an RSA key using parameter encryptio $ ./examples/nvram/store -aes TPM2_StartAuthSession: sessionHandle 0x2000000 Reading 840 bytes from keyblob.bin -Storing key at TPM NV index 0x1800203 with password protection +Storing key at TPM NV index 0x1800202 with password protection Public part = 616 bytes Private part = 222 bytes NV write succeeded @@ -290,7 +290,7 @@ $ ./examples/nvram/read 616 222 -aes TPM2_StartAuthSession: sessionHandle 0x2000000 Trying to read 616 bytes of public key part from NV Trying to read 222 bytes of private key part from NV -Extraction of key from NVRAM at index 0x1800203 succeeded +Extraction of key from NVRAM at index 0x1800202 succeeded ``` The read example takes as first argument the size of the public part and as second argument the private part. This information is given from the store example. The "-aes" swiches triggers the use of parameter encryption. diff --git a/examples/nvram/read.c b/examples/nvram/read.c index 5a23365..8390561 100644 --- a/examples/nvram/read.c +++ b/examples/nvram/read.c @@ -120,28 +120,28 @@ int TPM2_NVRAM_Read_Example(void* userCtx, int argc, char *argv[]) /* Prepare auth for NV Index */ XMEMSET(&nv, 0, sizeof(nv)); - nv.handle.hndl = TPM2_DEMO_NVRAM_STORE_PRIV_INDEX; + nv.handle.hndl = TPM2_DEMO_NVRAM_STORE_INDEX; nv.handle.auth.size = auth.size; XMEMCPY(nv.handle.auth.buffer, auth.buffer, auth.size); readSize = keyBlob.pub.size; printf("Trying to read %d bytes of public key part from NV\n", readSize); - rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX, + rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX, (byte*)&keyBlob.pub.publicArea, &readSize, 0); if (rc != 0) goto exit; readSize = keyBlob.priv.size; printf("Trying to read %d bytes of private key part from NV\n", readSize); - rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX, + rc = wolfTPM2_NVReadAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX, (byte*)&keyBlob.priv.buffer, &readSize, keyBlob.pub.size); if (rc != 0) goto exit; parent.hndl = TPM_RH_OWNER; - rc = wolfTPM2_NVDeleteAuth(&dev, &parent, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX); + rc = wolfTPM2_NVDeleteAuth(&dev, &parent, TPM2_DEMO_NVRAM_STORE_INDEX); if (rc != 0) goto exit; printf("Extraction of key from NVRAM at index 0x%x succeeded\n" , - TPM2_DEMO_NVRAM_STORE_PRIV_INDEX); + TPM2_DEMO_NVRAM_STORE_INDEX); exit: diff --git a/examples/nvram/store.c b/examples/nvram/store.c index f61d4b0..3927e4d 100644 --- a/examples/nvram/store.c +++ b/examples/nvram/store.c @@ -116,20 +116,20 @@ int TPM2_NVRAM_Store_Example(void* userCtx, int argc, char *argv[]) if (rc != 0) goto exit; /* Our wolfTPM2 wrapper for NV_Define */ - rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX, + rc = wolfTPM2_NVCreateAuth(&dev, &parent, &nv, TPM2_DEMO_NVRAM_STORE_INDEX, nvAttributes, TPM2_DEMO_NV_TEST_SIZE, (byte*)gNvAuth, sizeof(gNvAuth)-1); if (rc != 0 && rc != TPM_RC_NV_DEFINED) goto exit; printf("Storing key at TPM NV index 0x%x with password protection\n", - TPM2_DEMO_NVRAM_STORE_PRIV_INDEX); + TPM2_DEMO_NVRAM_STORE_INDEX); printf("Public part = %d bytes\n", keyBlob.pub.size); - rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX, + rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX, (byte*)&keyBlob.pub.publicArea, keyBlob.pub.size, 0); if (rc != 0) goto exit; printf("Private part = %d bytes\n", keyBlob.priv.size); - rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_PRIV_INDEX, + rc = wolfTPM2_NVWriteAuth(&dev, &nv, TPM2_DEMO_NVRAM_STORE_INDEX, keyBlob.priv.buffer, keyBlob.priv.size, keyBlob.pub.size); if (rc != 0) goto exit; diff --git a/examples/tpm_test.h b/examples/tpm_test.h index a9888dd..c6e9f9f 100755 --- a/examples/tpm_test.h +++ b/examples/tpm_test.h @@ -42,8 +42,7 @@ #define TPM2_DEMO_NV_TEST_INDEX 0x01800200 #define TPM2_DEMO_NV_TEST_AUTH_INDEX 0x01800201 -#define TPM2_DEMO_NVRAM_STORE_PUB_INDEX 0x01800202 -#define TPM2_DEMO_NVRAM_STORE_PRIV_INDEX 0x01800203 +#define TPM2_DEMO_NVRAM_STORE_INDEX 0x01800202 #define TPM2_DEMO_NV_TEST_SIZE 1024 /* max size on Infineon SLB9670 is 1664 */ static const char gStorageKeyAuth[] = "ThisIsMyStorageKeyAuth"; diff --git a/src/tpm2.c b/src/tpm2.c index 87643ef..98aec6d 100644 --- a/src/tpm2.c +++ b/src/tpm2.c @@ -5675,7 +5675,6 @@ int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size) wc_HashAlg hash; enum wc_HashType hashType; byte appending[sizeof(TPMS_NV_PUBLIC)]; - TPM2B_DATA digest; TPM2_Packet packet; /* Prepare temporary buffer */ @@ -5707,14 +5706,14 @@ int TPM2_HashNvPublic(TPMS_NV_PUBLIC* nvPublic, byte* buffer, UINT16* size) } if (rc == 0) { - rc = wc_HashFinal(&hash, hashType, digest.buffer); + rc = wc_HashFinal(&hash, hashType, &buffer[2]); } if (rc == 0) { + /* Concatenate the nvPublic digest with nameAlg at the front */ nameAlgValue = TPM2_Packet_SwapU16(nvPublic->nameAlg); nameAlgSize = sizeof(nvPublic->nameAlg); XMEMCPY(buffer, (byte*)&nameAlgValue, nameAlgSize); - XMEMCPY(&buffer[2], digest.buffer, hashSize); /* account for nameAlg concatenation */ *size = hashSize + nameAlgSize; rc = TPM_RC_SUCCESS; diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index f9e1378..63eb83a 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -430,7 +430,7 @@ int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, return wolfTPM2_SetAuth(dev, index, TPM_RS_PW, auth, 0, name); } -int wolfTPM2_SetNameHandle(WOLFTPM2_DEV* dev, int index, +int wolfTPM2_SetAuthHandleName(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle) { const TPM2B_NAME* name = NULL; @@ -2602,6 +2602,7 @@ int wolfTPM2_NVCreateAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent, return rc; } + XMEMSET(nv, 0, sizeof(*nv)); /* Compute NV Index name in case of parameter encryption */ rc = TPM2_HashNvPublic(&in.publicInfo.nvPublic, (byte*)&nv->handle.name.name, @@ -2611,7 +2612,6 @@ int wolfTPM2_NVCreateAuth(WOLFTPM2_DEV* dev, WOLFTPM2_HANDLE* parent, } /* return new NV handle */ - XMEMSET(nv, 0, sizeof(*nv)); nv->handle.hndl = (TPM_HANDLE)nvIndex; nv->handle.auth = in.auth; /* nv->handle.name already populated by TPM2_HashNvPublic above */ @@ -2675,11 +2675,11 @@ int wolfTPM2_NVWriteAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv, } /* Necessary, because NVWrite has two handles, second is NV Index */ - rc = wolfTPM2_SetNameHandle(dev, 0, &nv->handle); - rc |= wolfTPM2_SetNameHandle(dev, 1, &nv->handle); + rc = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle); + rc |= wolfTPM2_SetAuthHandleName(dev, 1, &nv->handle); if (rc != TPM_RC_SUCCESS) { printf("Storing NV Index Name failed\n"); - return rc; + return TPM_RC_FAILURE; } while (dataSz > 0) { @@ -2761,11 +2761,11 @@ int wolfTPM2_NVReadAuth(WOLFTPM2_DEV* dev, WOLFTPM2_NV* nv, } /* Necessary, because NVWrite has two handles, second is NV Index */ - rc = wolfTPM2_SetNameHandle(dev, 0, &nv->handle); - rc |= wolfTPM2_SetNameHandle(dev, 1, &nv->handle); + rc = wolfTPM2_SetAuthHandleName(dev, 0, &nv->handle); + rc |= wolfTPM2_SetAuthHandleName(dev, 1, &nv->handle); if (rc != TPM_RC_SUCCESS) { printf("Storing NV Index Name failed\n"); - return rc; + return TPM_RC_FAILURE; } dataSz = *pDataSz; diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h index 901de9d..001c344 100644 --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -139,7 +139,7 @@ WOLFTPM_API int wolfTPM2_SetAuthPassword(WOLFTPM2_DEV* dev, int index, const TPM WOLFTPM_API int wolfTPM2_SetAuthHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle); WOLFTPM_API int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_SESSION* tpmSession, TPMA_SESSION sessionAttributes); -WOLFTPM_API int wolfTPM2_SetNameHandle(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle); +WOLFTPM_API int wolfTPM2_SetAuthHandleName(WOLFTPM2_DEV* dev, int index, const WOLFTPM2_HANDLE* handle); WOLFTPM_API int wolfTPM2_StartSession(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session, WOLFTPM2_KEY* tpmKey,