summaryrefslogtreecommitdiffstats
path: root/TPM2-Plugin/lib/include
diff options
context:
space:
mode:
authorNingSun <ning.sun@intel.com>2018-03-29 21:06:26 -0700
committerNingSun <ning.sun@intel.com>2018-03-29 22:51:26 -0700
commit337e67515bb081df614ae7e8313c904499e3505f (patch)
treeffe24fbd9a44a618b267e1be4f584d77a830925e /TPM2-Plugin/lib/include
parent4ba28823277dd1d154e4a26f7eae440c40b1f9fd (diff)
Clean up TPM2 PLugin codes
Remove unused and redundant codes. Issue-ID: AAF-94 Change-Id: Icfdbf29e2d7caa339977e7d074f16e123cbff84f Signed-off-by: NingSun <ning.sun@intel.com>
Diffstat (limited to 'TPM2-Plugin/lib/include')
-rw-r--r--TPM2-Plugin/lib/include/hwpluginif.h205
-rw-r--r--TPM2-Plugin/lib/include/plugin_api.h48
-rw-r--r--TPM2-Plugin/lib/include/plugin_register.h233
-rw-r--r--TPM2-Plugin/lib/include/tpm2_plugin_api.h13
4 files changed, 212 insertions, 287 deletions
diff --git a/TPM2-Plugin/lib/include/hwpluginif.h b/TPM2-Plugin/lib/include/hwpluginif.h
new file mode 100644
index 0000000..57c5e07
--- /dev/null
+++ b/TPM2-Plugin/lib/include/hwpluginif.h
@@ -0,0 +1,205 @@
+/* Copyright 2018 Intel Corporation, Inc
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#ifndef __SSHSM_HW_PLUGIN_IF_H__
+#define __SSHSM_HW_PLUGIN_IF_H__
+
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+#define MAX_ID_LENGTH (32)
+
+typedef struct buffer_info_s{
+ char id[MAX_ID_LENGTH+1];
+ int length_of_buffer;
+ unsigned char *buffer;
+ }buffer_info_t;
+
+/***
+ * Init Callback
+ * Description:
+ * This function is called by HWPluginInfra as part of C_Initialize to figure
+ * out whether there is any correspnding HW is present to use this plugin.
+ * In case of TPM2.0 Plugin,
+ * it is expected that this function checks
+ * whether the TPM2.0 is present or not, by checking the capabilities
+ * using Tss2_Sys_GetCapability with TPM_CAP_TPM_PROPERTIES and
+ * TPM_PT_MANUFACTURER property. If this function returns SUCCESS,
+ * TPM plguin can assume that TPM2.0 is presenta nd return success
+ * In case of SGX Plugin: <To be filled>
+ * Parameters:
+ * Inputs: None
+ * OUtputs; None
+ * Returns : SUCCESS (if HW is present), FAILURE if HW is not present
+ *
+ ***/
+typedef int (*sshsm_hw_plugin_init)();
+
+/***
+ * UnInit Callback
+ * Description: This function is called by HWPluginInfra during C_Finalize().
+ * This functin is gives chance for any cleanup by plugins.
+ ***/
+typedef int (*sshsm_hw_plugin_uninit)();
+
+/***
+ * Activate Callback
+ * Description: This callback function is called by HWPluginInfra
+ * (as part of C_Intialize) to activate the
+ * HW via HW plugin. SofHSM HWPluginInfra reads set of files required for
+ * activation (from
+ * activation directory) and passes them as buffers.
+ * HWPluginInfra reads the file in 'activate directory'
+ * as part of C_Initialize and passes the file content as is
+ * to the activate callback function.
+ * If there are two files, then num_buffers in in_info would be 2.
+ * 'id' is name of the file (May not be used by TPM plugin)
+ * 'length_of_buffer' is the valid length of the buffer.
+ * 'buffer' contains the file content.
+ * HWPluginInfra in SoftHSM allocates memory for this structure and internal
+ * buffers and it frees them up after this function returns. Hence,
+ * the plugin should not expect that these buffers are valid after the call
+ * is returned.
+ *
+ * In case of TPM Plugin:
+ * It is expected that activate directory has a file with SRK Handle
+ * saved in it. Note that SRK is saved in TPM memory (persistence)
+ * Actiate function of TPM plugin is called with SRK handle.
+ *
+ ***/
+
+#define MAX_BUFFER_SEGMENTS 8
+typedef struct sshsm_hw_plugin_activate_in_info_s {
+ int num_buffers;
+ buffer_info_t *buffer_info[MAX_BUFFER_SEGMENTS];
+}SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t;
+
+typedef int (*sshsm_hw_plugin_activate)(
+ SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info
+ );
+
+/***
+ * Load Key Callback
+ * Description: This callback function is called by SoftHSM HWPluginInfra
+ * to load private keys into the HW using HW plugin.
+ * Each HW plugin expects the keys to be specific to its HW.
+ * Since SoftHSM HWPluginInfra is expected to be generic, the design
+ * chosen is that HWPluginInfra reads key content from files and pass
+ * that information to HW Plugins via this function pointer.
+ * Yet times, Key information for HW Plugins is exposed as multiple files.
+ * Hence, HWPluginInfra reads multiple files for each key. Since, there
+ * could be multiple keys, each set of files that correspond to one key
+ * is expected to have same file name, but with different extensions. Since
+ * the directory holding these file may also need to have other files
+ * related to key, but for PKCS11, it is expected that all HWPlugin related
+ * files should have its name start with HW.
+ *
+ * HWPluginInfra calls this callback function as many timne as number of
+ * distinct keys. For each distinct key, it reads the HW tagged files, loads
+ * them into the buffer pointers and calls the HW Plugin -loadkey- function.
+ * HWPluginInfra also stores the any returned buffers into the SoftHSM key
+ * object.
+ *
+ * In case of TPM Plugin, it does following:
+ *
+ * -- Gets the buffers in in_info structure.
+ * --- Typically, there are two buffers in TPM understandable way
+ * - public & private key portion
+ * --- From global variables, it knows SRKHandle, SAPI context.
+ * --- Using Tss2_Sys_Load(), it loads the key.
+ *
+ * -- In both cases, it also expected to return KeyHandle, which is
+ * keyObjectHandle in case of TPM.
+ *
+ *
+ ***/
+
+typedef int (*sshsm_hw_plugin_load_key)(
+ SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
+ void **keyHandle
+ );
+
+typedef int (*sshsm_hw_plugin_unload_key)(
+ void **keyHandle
+ );
+
+/***
+ * Callback: RSA Sign Init
+ * Description: This is called by HWPluginInfra as part of C_SignInit function
+ * for RSA keys
+ */
+
+typedef int (*sshsm_hw_plugin_rsa_sign_init)(
+ void *keyHandle,
+ unsigned long mechanism,
+ void *param,
+ int len
+ );
+
+/***
+ * Callback: RSA Sign Init
+ * Description: This is called by HWPluginInfra as part of C_Sign function
+ * for RSA keys. HWPluginInfra get the keyHandle from the key object.
+ *
+ * In case of TPM plugin, it does following:
+ * -- TSS2_Sys_Sing function is called.
+ *
+ *
+ */
+
+typedef int (*sshsm_hw_plugin_rsa_sign)(
+ void *keyHandle,
+ unsigned long mechanism,
+ unsigned char *msg,
+ int msg_len,
+ unsigned char *outsig,
+ int *outsiglen
+ );
+
+/***
+ * Function Name: sshsm_hw_plugin_get_plugin_functions
+ * Descrpiton: Every HW plugin is expected to define this function.
+ * This function is expected to return its function as pointers to the
+ * caller.
+ * SoftHSM calls this function after loading the hw plugin .SO file.
+ * SoftHSM calls this function as part of C_initialize.
+ * Arugments:
+ * Outputs: funcs
+ * Inputs: None
+ * Return value: SUCCESS or FAILURE
+ *
+ ***/
+
+typedef struct sshsm_hw_functions_s
+{
+ sshsm_hw_plugin_init xxx_init;
+ sshsm_hw_plugin_uninit xxx_uninit;
+ sshsm_hw_plugin_activate xxx_activate;
+ sshsm_hw_plugin_load_key xxx_load_key;
+ sshsm_hw_plugin_unload_key xxx_unload_key;
+ sshsm_hw_plugin_rsa_sign_init xxx_rsa_sign_init;
+ sshsm_hw_plugin_rsa_sign xxx_rsa_sign;
+}SSHSM_HW_FUNCTIONS_t;
+
+int sshsm_hw_plugin_get_plugin_functions(SSHSM_HW_FUNCTIONS_t *funcs);
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif
+
diff --git a/TPM2-Plugin/lib/include/plugin_api.h b/TPM2-Plugin/lib/include/plugin_api.h
deleted file mode 100644
index 5f4b924..0000000
--- a/TPM2-Plugin/lib/include/plugin_api.h
+++ /dev/null
@@ -1,48 +0,0 @@
-//**********************************************************************;
-// Copyright (c) 2017, Intel Corporation
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice,
-// this list of conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice,
-// this list of conditions and the following disclaimer in the documentation
-// and/or other materials provided with the distribution.
-//
-// 3. Neither the name of Intel Corporation nor the names of its contributors
-// may be used to endorse or promote products derived from this software without
-// specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-// THE POSSIBILITY OF SUCH DAMAGE.
-//**********************************************************************;
-
-#ifndef __PLUGIN_API_H__
-#define __PLUGIN_API_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-int plugin_configure(char *configPath);
-
-void plugin_assign_hw_instance();
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/TPM2-Plugin/lib/include/plugin_register.h b/TPM2-Plugin/lib/include/plugin_register.h
deleted file mode 100644
index 2bb118d..0000000
--- a/TPM2-Plugin/lib/include/plugin_register.h
+++ /dev/null
@@ -1,233 +0,0 @@
-//**********************************************************************;
-// Copyright (c) 2017, Intel Corporation
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice,
-// this list of conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice,
-// this list of conditions and the following disclaimer in the documentation
-// and/or other materials provided with the distribution.
-//
-// 3. Neither the name of Intel Corporation nor the names of its contributors
-// may be used to endorse or promote products derived from this software without
-// specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-// THE POSSIBILITY OF SUCH DAMAGE.
-//**********************************************************************;
-
-#ifndef __PLUGIN_REGISTER_H__
-#define __PLUGIN_REGISTER_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define MAX_ID_LENGTH (32)
-
-typedef struct buffer_info_s{
- char id[MAX_ID_LENGTH+1];
- int length_of_buffer;
- unsigned char *buffer;
-}buffer_info_t;
-
-
-typedef struct sshsm_hw_plugin_activate_in_info_s {
- int num_buffers;
- buffer_info_t *buffer_info;
-}SSHSM_HW_PLUGIN_ACTIVATE_IN_INFO_t;
-
-typedef struct sshsm_hw_plugin_load_key_in_info_s {
- int num_buffers;
- buffer_info_t buffer_info[];
-}SSHSM_HW_PLUGIN_LOAD_KEY_IN_INFO_t;
-
-
-//typedef int (*sshsm_hw_plugin_load_key)(SSHSM_HW_PLUGIN_LOAD_KEY_IN_INFO_t *loadkey_in_info, void **keyHandle);
-
-//typedef int (*sshsm_hw_plugin_activate)(SSHSM_HW_PLUGIN_ACTIVATE_IN_INFO_t *activate_in_info);
-
-/*
- * Callback function definitions
- */
-
-typedef int (*fp_crypto_hw_plugin_init) ( );
-typedef int (*fp_crypto_hw_plugin_uninit) ( );
-typedef int (*fp_crypto_hw_plugin_activate)(
- SSHSM_HW_PLUGIN_ACTIVATE_IN_INFO_t *activate_in_info
- );
-
-typedef int (*fp_crypto_hw_plugin_load_key)(
- SSHSM_HW_PLUGIN_LOAD_KEY_IN_INFO_t *loadkey_in_info,
- void **keyHandle
- );
-typedef int (*fp_crypto_rsa_decrypt_init) (
- /* IN */
- unsigned long mechanism, /* PKCS#11 Mechanism */
- void *param, /* PKCS#11 Paramter */
- unsigned long param_len, /* PKCS#11 Parameter len */
- /* OUT */
- void *cb /* Address of pointer to store context block */
- );
-
-typedef int (*fp_crypto_rsa_decrypt) (
- /* IN */
- void* cb, /* Pointer Crypto Block which is created during decrypt_init */
- unsigned char* cipher, /* Input Cipher data */
- int cipher_length, /* Ciphet data length */
- /* OUT */
- unsigned char* out_data, /* Decrypted output data */
- int* out_data_len /* output length */
- );
-
-typedef int (*fp_crypto_rsa_sign_init) (
- /* IN */
- unsigned long mechanism, /* PKCS#11 Mechanism */
- void *param, /* PKCS#11 Paramter */
- unsigned long param_len, /* PKCS#11 Parameter len */
- /* OUT */
- void *cb /* Address of pointer to store context block */
- );
-
-typedef int (*fp_crypto_rsa_sign_update) (
- /* IN */
- void *cb, /* Previously created context block (during sign_init) passed */
- void *pPart, /* pPart */
- unsigned long ulPartLen /* ulPartLen */
- );
-
-typedef int (*fp_crypto_rsa_sign_final) (
- /* IN */
- void *cb, /* Previously passed context block */
- /* OUT */
- unsigned char *sig, /* Output Signature buffer */
- int *sigLen /* Pointer to hold signature buffer length */
- );
-
-typedef int (*fp_crypto_rsa_sign) (
- /* IN */
- void *cb, /* Previously created context block (during sign_init) passed */
- unsigned char* msg, /* Data to be signed */
- int msg_len, /* Input data length */
- /* OUT */
- unsigned char *sig, /* Output Signature buffer */
- int *sig_len /* Pointer to hold signature buffer length */
- );
-
-typedef int (*fp_crypto_ecdsa_sign) (
- /* IN */
- void *cb, /* Previously created context block (during sign_init) passed */
- unsigned char* data, /* Data to be signed */
- int data_len, /* Input data length */
- /* OUT */
- unsigned char *sig, /* Output Signature buffer */
- int *sig_len /* Pointer to hold signature buffer length */
- );
-
-typedef int (*fp_crypto_ecdsa_verify) (
- /* IN */
- unsigned long appHandle, /* Application handle needed for QAT KPT mode */
- //DhsmWPKECDSAFormat *wpk, /* Wrapped Private Key strcuture for ECDSA */
- void *wpk, /* Wrapped Private Key strcuture for ECDSA */
- unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */
- int swk_len, /* SWK length */
- unsigned char* iv, /* IV value used during Application Key encryption */
- int iv_len, /* IV length */
- int tag_len, /* AES-GCM tag length */
- unsigned char* data, /* Data which is used for signing */
- int data_len, /* Input data length */
- unsigned char *sig, /* Signature value */
- int sig_len, /* Signature length */
- /* OUT */
- int* verifyResult /* Pointer to hold the verification result */
- );
-
-typedef int (*fp_crypto_del_apphandle) (unsigned long skmKeyHandle);
-
-// SWK related operations
-typedef int (*fp_crypto_swk_getParentKey) (unsigned char** tlvbuffer, int* buflen);
-typedef int (*fp_crypto_swk_import) (
- unsigned long appHandle,
- unsigned char* tlvbuffer,
- int buflen,
- unsigned char* iv,
- int iv_len,
- unsigned char* tpm_pwd,
- int tpm_pwd_len);
-
-typedef int (*fp_crypto_rsa_create_object) (
- unsigned long appHandle, /* Application handle needed for QAT KPT mode */
- //DhsmWPKRSAFormat *wpk, /* Wrapped Private Key structure for RSA */
- void *wpk, /* Wrapped Private Key structure for RSA */
- unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */
- int swk_len, /* SWK length */
- unsigned char* iv, /* IV value used during Application Key encryption */
- int iv_len, /* IV length */
- int tag_len, /* AES-GCM tag length */
- void **cb_object /* Pointer to store context block */
- );
-
-typedef int (*fp_crypto_rsa_delete_object) (
- void *cb_object /* Pointer Crypto Block which is created during decrypt_create_object */
- );
-
-typedef int (*fp_crypto_ecdsa_create_object) (
- unsigned long appHandle, /* Application handle needed for QAT KPT mode */
- //DhsmWPKECDSAFormat *wpk, /* Wrapped Private Key structure for RSA */
- void *wpk, /* Wrapped Private Key structure for RSA */
- unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */
- int swk_len, /* SWK length */
- unsigned char* iv, /* IV value used during Application Key encryption */
- int iv_len, /* IV length */
- int tag_len, /* AES-GCM tag length */
- void **cb_object /* Pointer to store context block */
- );
-
-typedef int (*fp_crypto_ecdsa_delete_object) (
- void *cb_object /* Pointer Crypto Block which is created during decrypt_create_object */
- );
-
-
-typedef struct
-{
- fp_crypto_hw_plugin_init cb_crypto_hw_plugin_init;
- fp_crypto_hw_plugin_uninit cb_crypto_hw_plugin_uninit;
- fp_crypto_hw_plugin_activate cb_crypto_hw_plugin_activate;
- fp_crypto_hw_plugin_load_key cb_crypto_hw_plugin_load_key;
- fp_crypto_rsa_decrypt cb_crypto_rsa_decrypt;
- fp_crypto_rsa_sign_init cb_crypto_rsa_sign_init;
- fp_crypto_rsa_sign_update cb_crypto_rsa_sign_update;
- fp_crypto_rsa_sign_final cb_crypto_rsa_sign_final;
- fp_crypto_rsa_sign cb_crypto_rsa_sign;
- fp_crypto_ecdsa_sign cb_crypto_ecdsa_sign;
- fp_crypto_ecdsa_verify cb_crypto_ecdsa_verify;
- fp_crypto_del_apphandle cb_crypto_del_apphandle;
- fp_crypto_swk_getParentKey cb_crypto_swk_getParentKey;
- fp_crypto_swk_import cb_crypto_swk_import;
- fp_crypto_rsa_create_object cb_crypto_rsa_create_object;
- fp_crypto_rsa_delete_object cb_crypto_rsa_delete_object;
- fp_crypto_ecdsa_create_object cb_crypto_ecdsa_create_object;
- fp_crypto_ecdsa_delete_object cb_crypto_ecdsa_delete_object;
-
-} plugin_register;
-
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
-
diff --git a/TPM2-Plugin/lib/include/tpm2_plugin_api.h b/TPM2-Plugin/lib/include/tpm2_plugin_api.h
index 4c3ad63..e166071 100644
--- a/TPM2-Plugin/lib/include/tpm2_plugin_api.h
+++ b/TPM2-Plugin/lib/include/tpm2_plugin_api.h
@@ -37,7 +37,7 @@
#include <tss2/tss2_sys.h>
-#include "plugin_register.h"
+#include "hwpluginif.h"
#ifdef __cplusplus
extern "C" {
@@ -92,9 +92,9 @@ TSS2_RC TeardownTctiResMgrContext( TSS2_TCTI_CONTEXT *tctiContext );
int tpm2_plugin_init();
int tpm2_plugin_uninit();
-int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_IN_INFO_t *activate_in_info);
+int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info);
int tpm2_plugin_load_key(
- SSHSM_HW_PLUGIN_LOAD_KEY_IN_INFO_t *loadkey_in_info,
+ SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
void **keyHandle
);
@@ -113,13 +113,14 @@ int tpm2_rsa_delete_object(
void *cb_object);
int tpm2_plugin_rsa_sign_init(
+ void *keyHandle,
unsigned long mechanish,
void *param,
- size_t len,
- void *ctx);
+ int len);
int tpm2_plugin_rsa_sign(
- void *ctx,
+ void *keyHandle,
+ unsigned long mechanism,
unsigned char *msg,
int msg_len,
unsigned char *sig,