diff options
-rw-r--r-- | TPM2-Plugin/lib/Makefile.am | 4 | ||||
-rw-r--r-- | TPM2-Plugin/lib/include/tpm2_plugin_api.h | 2 | ||||
-rw-r--r-- | TPM2-Plugin/lib/tpm2_plugin_api.c | 388 | ||||
-rw-r--r-- | build.sh | 8 |
4 files changed, 203 insertions, 199 deletions
diff --git a/TPM2-Plugin/lib/Makefile.am b/TPM2-Plugin/lib/Makefile.am index 3d52e9a..36ed397 100644 --- a/TPM2-Plugin/lib/Makefile.am +++ b/TPM2-Plugin/lib/Makefile.am @@ -1,4 +1,4 @@ AM_CPPFLAGS = -I ./include lib_LTLIBRARIES = libtpm2-plugin.la -libtpm2_plugin_la_SOURCES = tpm2_plugin_api.c tpm2_plugin_init.c -libtpm2_plugin_la_LDFLAGS = -version-info @VERSION_INFO@ -lsapi -ltcti-tabrmd -ltcti-socket -ltcti-device -lcrypto -lssl -ldl +libtpm2_plugin_la_SOURCES = tpm2_plugin_api.c tpm2_plugin_init.c +libtpm2_plugin_la_LDFLAGS = -version-info @VERSION_INFO@ -ltss2-tcti-tabrmd -lcrypto -lssl -ldl diff --git a/TPM2-Plugin/lib/include/tpm2_plugin_api.h b/TPM2-Plugin/lib/include/tpm2_plugin_api.h index d96d2f9..a21641a 100644 --- a/TPM2-Plugin/lib/include/tpm2_plugin_api.h +++ b/TPM2-Plugin/lib/include/tpm2_plugin_api.h @@ -23,7 +23,7 @@ #include <ctype.h> #include <getopt.h> -#include <sapi/tpm20.h> +#include <tss2/tss2_sys.h> #include "hwpluginif.h" #ifdef __cplusplus diff --git a/TPM2-Plugin/lib/tpm2_plugin_api.c b/TPM2-Plugin/lib/tpm2_plugin_api.c index b328413..7c0c27e 100644 --- a/TPM2-Plugin/lib/tpm2_plugin_api.c +++ b/TPM2-Plugin/lib/tpm2_plugin_api.c @@ -13,53 +13,77 @@ * limitations under the License. */ -#include <sapi/tpm20.h> +#include <tss2/tss2_common.h> +#include <tss2/tss2_esys.h> +#include <tss2/tss2_mu.h> +#include <tss2/tss2_tcti_device.h> +#include <tss2/tss2_tcti_mssim.h> +#include <tss2/tss2_tpm2_types.h> + +#ifndef TSS2_SYS_H +#define TSS2_SYS_H +#endif +#ifndef TSS2_API_VERSION_1_2_1_108 +#error Version mismatch among TSS2 header files. +#endif /* TSS2_API_VERSION_1_2_1_108 */ +#ifdef __cplusplus +extern "C" { +#endif + + +/* SAPI context blob */ +typedef struct _TSS2_SYS_OPAQUE_CONTEXT_BLOB TSS2_SYS_CONTEXT; + #include <stdbool.h> #include <errno.h> #include <unistd.h> #include "tpm2_plugin_api.h" #ifdef HAVE_TCTI_DEV -#include <tcti/tcti_device.h> +#include <tss2/tss2_tcti.h> #endif #ifdef HAVE_TCTI_SOCK -#include <tcti/tcti_socket.h> +#include <tss2/tss2-tcti-tabrmd.h> #endif #ifdef HAVE_TCTI_TABRMD -#include <tcti/tcti-tabrmd.h> +#include <tss2/tss2-tcti-tabrmd.h> #endif #define ARRAY_LEN(x) (sizeof(x)/sizeof(x[0])) +#define TSSWG_INTEROP 1 +#define TSS_SAPI_FIRST_FAMILY 2 +#define TSS_SAPI_FIRST_LEVEL 1 +#define TSS_SAPI_FIRST_VERSION 108 bool output_enabled = true; bool hexPasswd = false; -TPM_HANDLE handle2048rsa; +TPM2_HANDLE handle2048rsa; const char *tcti_path="libtss2-tcti-device.so"; -static void tcti_teardown(TSS2_TCTI_CONTEXT *tcti_context) +static void tcti_teardown(TSS2_TCTI_CONTEXT *tcticontext) { - if (tcti_context == NULL) + if (tcticontext == NULL) return; - tss2_tcti_finalize (tcti_context); - free (tcti_context); + Tss2_Tcti_Finalize (tcticontext); + free (tcticontext); } -static void sapi_teardown(TSS2_SYS_CONTEXT *sapi_context) +static void sapi_teardown(TSS2_SYS_CONTEXT *sysContext) { - if (sapi_context == NULL) + if (sysContext == NULL) return; - Tss2_Sys_Finalize (sapi_context); - free (sapi_context); + Tss2_Sys_Finalize (sysContext); + free (sysContext); } -static void sapi_teardown_full (TSS2_SYS_CONTEXT *sapi_context) +static void sapi_teardown_full (TSS2_SYS_CONTEXT *sysContext) { - TSS2_TCTI_CONTEXT *tcti_context = NULL; + TSS2_TCTI_CONTEXT *tcticontext = NULL; TSS2_RC rc; - rc = Tss2_Sys_GetTctiContext (sapi_context, &tcti_context); + rc = Tss2_Sys_GetTctiContext (sysContext, &tcticontext); if (rc != TSS2_RC_SUCCESS) return; - sapi_teardown (sapi_context); - tcti_teardown (tcti_context); + sapi_teardown (sysContext); + tcti_teardown (tcticontext); } int tpm2_plugin_init() @@ -74,7 +98,7 @@ int tpm2_plugin_uninit() return 0; } -TPM_HANDLE srk_handle; +TPM2_HANDLE srk_handle; int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info) { /* @@ -176,7 +200,8 @@ TSS2_TCTI_CONTEXT *tcti_tabrmd_init (void) TSS2_RC rc; size_t size; - rc = tss2_tcti_tabrmd_init(NULL, &size); + //rc = tss2_tcti_tabrmd_init(NULL, &size); + rc = Tss2_Tcti_Tabrmd_Init(NULL, &size, NULL); if (rc != TSS2_RC_SUCCESS) { printf("Failed to get size for TABRMD TCTI context: 0x%x", rc); return NULL; @@ -186,7 +211,7 @@ TSS2_TCTI_CONTEXT *tcti_tabrmd_init (void) printf("Allocation for TABRMD TCTI context failed: %s", strerror (errno)); return NULL; } - rc = tss2_tcti_tabrmd_init (tcti_ctx, &size); + rc = Tss2_Tcti_Tabrmd_Init (tcti_ctx, &size, NULL); if (rc != TSS2_RC_SUCCESS) { printf("Failed to initialize TABRMD TCTI context: 0x%x", rc); free(tcti_ctx); @@ -218,7 +243,7 @@ TSS2_TCTI_CONTEXT *tcti_init_from_options(common_opts_t *options) static TSS2_SYS_CONTEXT *sapi_ctx_init (TSS2_TCTI_CONTEXT *tcti_ctx) { - TSS2_SYS_CONTEXT *sapi_ctx; + TSS2_SYS_CONTEXT *sysContext; TSS2_RC rc; size_t size; TSS2_ABI_VERSION abi_version = { @@ -229,24 +254,24 @@ static TSS2_SYS_CONTEXT *sapi_ctx_init (TSS2_TCTI_CONTEXT *tcti_ctx) }; size = Tss2_Sys_GetContextSize (0); - sapi_ctx = (TSS2_SYS_CONTEXT*)calloc (1, size); - if (sapi_ctx == NULL) { + sysContext = (TSS2_SYS_CONTEXT*)calloc (1, size); + if (sysContext == NULL) { fprintf (stderr, "Failed to allocate 0x%zx bytes for the SAPI context\n", size); return NULL; } - rc = Tss2_Sys_Initialize (sapi_ctx, size, tcti_ctx, &abi_version); + rc = Tss2_Sys_Initialize (sysContext, size, tcti_ctx, &abi_version); if (rc != TSS2_RC_SUCCESS) { fprintf (stderr, "Failed to initialize SAPI context: 0x%x\n", rc); - free (sapi_ctx); + free (sysContext); return NULL; } - return sapi_ctx; + return sysContext; } -#define BUFFER_SIZE(type, field) (sizeof((((type *)NULL)->t.field))) -#define TPM2B_TYPE_INIT(type, field) { .t = { .size = BUFFER_SIZE(type, field), }, } +#define BUFFER_SIZE(type, field) (sizeof((((type *)NULL)->field))) +#define TPM2B_TYPE_INIT(type, field) { .size = BUFFER_SIZE(type, field), } int hex2ByteStructure(const char *inStr, UINT16 *byteLength, BYTE *byteBuffer) { @@ -277,44 +302,35 @@ int hex2ByteStructure(const char *inStr, UINT16 *byteLength, BYTE *byteBuffer) } return 0; } - -int load_key(TSS2_SYS_CONTEXT *sapi_context, - TPMS_AUTH_COMMAND sessionData, +int load_key(TSS2_SYS_CONTEXT *sysContext, + TSS2L_SYS_AUTH_COMMAND sessionData, TPMI_DH_OBJECT parentHandle, TPM2B_PUBLIC *inPublic, TPM2B_PRIVATE *inPrivate) { UINT32 rval; - TPMS_AUTH_RESPONSE sessionDataOut; - TSS2_SYS_CMD_AUTHS sessionsData; - TSS2_SYS_RSP_AUTHS sessionsDataOut; - TPMS_AUTH_COMMAND *sessionDataArray[1]; - TPMS_AUTH_RESPONSE *sessionDataOutArray[1]; - + TSS2L_SYS_AUTH_RESPONSE sessionsDataOut; TPM2B_NAME nameExt = TPM2B_TYPE_INIT(TPM2B_NAME, name); - sessionDataArray[0] = &sessionData; - sessionDataOutArray[0] = &sessionDataOut; - - sessionsDataOut.rspAuths = &sessionDataOutArray[0]; - sessionsData.cmdAuths = &sessionDataArray[0]; +TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ + .sessionHandle = TPM2_RS_PW, + .sessionAttributes = 0, + .nonce = {.size = 0}, + .hmac = {.size = 0}}}}; - sessionsDataOut.rspAuthsCount = 1; - sessionsData.cmdAuthsCount = 1; - - if (sessionData.hmac.t.size > 0 && hexPasswd) + if (sessionsData.auths[0].hmac.size > 0 && hexPasswd) { - sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2; - if (hex2ByteStructure((char *)sessionData.hmac.t.buffer, - &sessionData.hmac.t.size, - sessionData.hmac.t.buffer) != 0) + sessionsData.auths[0].hmac.size = sizeof(sessionsData.auths[0].hmac) - 2; + if (hex2ByteStructure((char *)sessionsData.auths[0].hmac.buffer, + &sessionsData.auths[0].hmac.size, + sessionsData.auths[0].hmac.buffer) != 0) { printf( "Failed to convert Hex format password for parent Passwd.\n"); return -1; } } - rval = Tss2_Sys_Load (sapi_context, + rval = Tss2_Sys_Load (sysContext, parentHandle, &sessionsData, inPrivate, @@ -322,7 +338,7 @@ int load_key(TSS2_SYS_CONTEXT *sapi_context, &handle2048rsa, &nameExt, &sessionsDataOut); - if(rval != TPM_RC_SUCCESS) + if(rval != TPM2_RC_SUCCESS) { printf("\nLoad Object Failed ! ErrorCode: 0x%0x\n\n",rval); return -1; @@ -332,30 +348,23 @@ int load_key(TSS2_SYS_CONTEXT *sapi_context, return 0; } -int read_public(TSS2_SYS_CONTEXT *sapi_context, - TPM_HANDLE handle, +int read_public(TSS2_SYS_CONTEXT *sysContext, + TPM2_HANDLE handle, SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info) { - - TPMS_AUTH_RESPONSE session_out_data; - TSS2_SYS_RSP_AUTHS sessions_out_data; - TPMS_AUTH_RESPONSE *session_out_data_array[1]; + TSS2L_SYS_AUTH_RESPONSE sessionsDataOut; TPM2B_PUBLIC public = { - { 0, } + 0 }; TPM2B_NAME name = TPM2B_TYPE_INIT(TPM2B_NAME, name); TPM2B_NAME qualified_name = TPM2B_TYPE_INIT(TPM2B_NAME, name); - session_out_data_array[0] = &session_out_data; - sessions_out_data.rspAuths = &session_out_data_array[0]; - sessions_out_data.rspAuthsCount = ARRAY_LEN(session_out_data_array); - - TPM_RC rval = Tss2_Sys_ReadPublic(sapi_context, handle, 0, - &public, &name, &qualified_name, &sessions_out_data); - if (rval != TPM_RC_SUCCESS) { + TPM2_RC rval = Tss2_Sys_ReadPublic(sysContext, handle, 0, + &public, &name, &qualified_name, &sessionsDataOut); + if (rval != TPM2_RC_SUCCESS) { printf("TPM2_ReadPublic error: rval = 0x%0x", rval); return false; } @@ -363,33 +372,33 @@ int read_public(TSS2_SYS_CONTEXT *sapi_context, printf("\nTPM2_ReadPublic OutPut: \n"); printf("name: \n"); UINT16 i; - for (i = 0; i < name.t.size; i++) - printf("%02x ", name.t.name[i]); + for (i = 0; i < name.size; i++) + printf("%02x ", name.name[i]); printf("\n"); printf("qualified_name: \n"); - for (i = 0; i < qualified_name.t.size; i++) - printf("%02x ", qualified_name.t.name[i]); + for (i = 0; i < qualified_name.size; i++) + printf("%02x ", qualified_name.name[i]); printf("\n"); - printf("public.t.publicArea.parameters.rsaDetail.keyBits = %d \n", public.t.publicArea.parameters.rsaDetail.keyBits); - printf("public.t.publicArea.parameters.rsaDetail.exponent = %d \n", public.t.publicArea.parameters.rsaDetail.exponent); + printf("public.publicArea.parameters.rsaDetail.keyBits = %d \n", public.publicArea.parameters.rsaDetail.keyBits); + printf("public.publicArea.parameters.rsaDetail.exponent = %d \n", public.publicArea.parameters.rsaDetail.exponent); - importkey_info->modulus_size = public.t.publicArea.unique.rsa.t.size; + importkey_info->modulus_size = public.publicArea.unique.rsa.size; printf("importkey_info->modulus_size = %ld \n", importkey_info->modulus_size); importkey_info->modulus = (unsigned char *) malloc(importkey_info->modulus_size); if (importkey_info->modulus != NULL) { - memcpy(importkey_info->modulus, &public.t.publicArea.unique.rsa.t.buffer, importkey_info->modulus_size); + memcpy(importkey_info->modulus, &public.publicArea.unique.rsa.buffer, importkey_info->modulus_size); } - importkey_info->exponent_size = sizeof(public.t.publicArea.parameters.rsaDetail.exponent); + importkey_info->exponent_size = sizeof(public.publicArea.parameters.rsaDetail.exponent); printf("importkey_info->exponent_size = %ld \n", importkey_info->exponent_size); - importkey_info->exponent = (unsigned char *) malloc(importkey_info->exponent_size); + importkey_info->exponent = (unsigned int *) malloc(importkey_info->exponent_size); if (importkey_info->exponent != NULL) { - memcpy(importkey_info->exponent, &public.t.publicArea.parameters.rsaDetail.exponent, importkey_info->exponent_size); + memcpy(importkey_info->exponent, &public.publicArea.parameters.rsaDetail.exponent, importkey_info->exponent_size); } - //*importkey_info->exponent = public.t.publicArea.parameters.rsaDetail.exponent; + //*importkey_info->exponent = public.publicArea.parameters.rsaDetail.exponent; return 0; } @@ -399,17 +408,17 @@ Reads the PRK_PASSWORD Environment variable and populates that information into the provided sessionData variable */ -int readPassword(TPMS_AUTH_COMMAND *sessionData) +int readPassword(TSS2L_SYS_AUTH_COMMAND *sessionData) { char *prk_passwd; prk_passwd = getenv("TPM_PRK_PASSWORD"); if (prk_passwd != NULL) { - sessionData->hmac.t.size = strlen(prk_passwd); - if (sessionData->hmac.t.size > sizeof(sessionData->hmac.t.buffer)) { + sessionData->auths[0].hmac.size = strlen(prk_passwd); + if (sessionData->auths[0].hmac.size > sizeof(sessionData->auths[0].hmac.buffer)) { return -1; } - memcpy(sessionData->hmac.t.buffer, prk_passwd, sessionData->hmac.t.size); + memcpy(sessionData->auths[0].hmac.buffer, prk_passwd, sessionData->auths[0].hmac.size); return 0; } return 0; @@ -418,14 +427,14 @@ int readPassword(TPMS_AUTH_COMMAND *sessionData) TPMS_CONTEXT loaded_key_context; int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, - void **keyHandle, TSS2_SYS_CONTEXT *sapi_context, + void **keyHandle, TSS2_SYS_CONTEXT *sysContext, SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info) { TPMI_DH_OBJECT parentHandle; TPM2B_PUBLIC inPublic; TPM2B_PRIVATE inPrivate; - TPMS_AUTH_COMMAND sessionData; + TSS2L_SYS_AUTH_COMMAND sessionData; UINT16 size; int returnVal = 0; @@ -434,11 +443,11 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, sessionAttributes is a union and the following assignment is based on the method used in other tpm2 tools. */ - *((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0; - sessionData.sessionHandle = TPM_RS_PW; - sessionData.nonce.t.size = 0; - sessionData.hmac.t.size = 0; - + TSS2L_SYS_AUTH_COMMAND sessionsData = { .count = 1, .auths = {{ + .sessionHandle = TPM2_RS_PW, + .sessionAttributes = 0, + .nonce = {.size = 0}, + .hmac = {.size = 0}}}}; memset(&inPublic,0,sizeof(TPM2B_PUBLIC)); memset(&inPrivate,0,sizeof(TPM2B_PRIVATE)); @@ -475,17 +484,17 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, return -1; } - returnVal = load_key (sapi_context, + returnVal = load_key (sysContext, sessionData, parentHandle, &inPublic, &inPrivate); - returnVal = read_public(sapi_context, + returnVal = read_public(sysContext, handle2048rsa, importkey_info); - TPM_RC rval = Tss2_Sys_ContextSave(sapi_context, handle2048rsa, &loaded_key_context); - if (rval != TPM_RC_SUCCESS) { + TPM2_RC rval = Tss2_Sys_ContextSave(sysContext, handle2048rsa, &loaded_key_context); + if (rval != TPM2_RC_SUCCESS) { printf("Tss2_Sys_ContextSave: Saving handle 0x%x context failed. TPM Error:0x%x", handle2048rsa, rval); return -1; } @@ -504,20 +513,20 @@ int tpm2_plugin_load_key(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_inf if (tcti_ctx == NULL) return -1; - TSS2_SYS_CONTEXT *sapi_context = NULL; + TSS2_SYS_CONTEXT *sysContext = NULL; if (tcti_ctx) { - sapi_context = sapi_ctx_init(tcti_ctx); - if (!sapi_context) { + sysContext = sapi_ctx_init(tcti_ctx); + if (!sysContext) { free(tcti_ctx); return -1; } } - ret = load_key_execute(loadkey_in_info, keyHandle, sapi_context, importkey_info); + ret = load_key_execute(loadkey_in_info, keyHandle, sysContext, importkey_info); if (ret !=0) printf("Load key API failed in TPM plugin ! \n"); - sapi_teardown_full(sapi_context); + sapi_teardown_full(sysContext); printf("Load key API successful in TPM plugin ! \n"); return 0; @@ -533,7 +542,7 @@ struct tpm_sign_ctx { char outFilePath[PATH_MAX]; BYTE *msg; UINT16 length; - TSS2_SYS_CONTEXT *sapi_context; + TSS2_SYS_CONTEXT *sysContext; }; //create a table to consolidate all parts of data from multiple SignUpdate from sessions @@ -595,83 +604,87 @@ int tpm2_plugin_rsa_sign_cleanup( } -UINT32 tpm_hash(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH hashAlg, +UINT32 tpm_hash(TSS2_SYS_CONTEXT *sysContext, TPMI_ALG_HASH hashAlg, UINT16 size, BYTE *data, TPM2B_DIGEST *result) { TPM2B_MAX_BUFFER dataSizedBuffer; - dataSizedBuffer.t.size = size; - memcpy(dataSizedBuffer.t.buffer, data, size); - return Tss2_Sys_Hash(sapi_context, 0, &dataSizedBuffer, hashAlg, - TPM_RH_NULL, result, 0, 0); + dataSizedBuffer.size = size; + memcpy(dataSizedBuffer.buffer, data, size); + return Tss2_Sys_Hash(sysContext, 0, &dataSizedBuffer, hashAlg, + TPM2_RH_NULL, result, 0, 0); } -static TPM_RC hash_sequence_ex(TSS2_SYS_CONTEXT *sapi_context, +static TPM2_RC hash_sequence_ex(TSS2_SYS_CONTEXT *sysContext, TPMI_ALG_HASH hashAlg, UINT32 numBuffers, TPM2B_MAX_BUFFER *bufferList, TPM2B_DIGEST *result) { - TPM_RC rval; + TPM2_RC rval; TPM2B_AUTH nullAuth; TPMI_DH_OBJECT sequenceHandle; - TPM2B emptyBuffer; + TPM2B_MAX_BUFFER emptyBuffer; TPMT_TK_HASHCHECK validation; TPMS_AUTH_COMMAND cmdAuth; TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth }; - TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] }; + TSS2L_SYS_AUTH_COMMAND cmdAuthArray = { .count = 1, .auths = {{ + .sessionHandle = TPM2_RS_PW, + .sessionAttributes = 0, + .nonce = {.size = 0}, + .hmac = {.size = 0}}}}; - nullAuth.t.size = 0; + nullAuth.size = 0; emptyBuffer.size = 0; // Set result size to 0, in case any errors occur - result->b.size = 0; + result->size = 0; // Init input sessions struct - cmdAuth.sessionHandle = TPM_RS_PW; - cmdAuth.nonce.t.size = 0; + cmdAuth.sessionHandle = TPM2_RS_PW; + cmdAuth.nonce.size = 0; *((UINT8 *) ((void *) &cmdAuth.sessionAttributes)) = 0; - cmdAuth.hmac.t.size = 0; + cmdAuth.hmac.size = 0; - rval = Tss2_Sys_HashSequenceStart(sapi_context, 0, &nullAuth, hashAlg, + rval = Tss2_Sys_HashSequenceStart(sysContext, 0, &nullAuth, hashAlg, &sequenceHandle, 0); - if (rval != TPM_RC_SUCCESS) { + if (rval != TPM2_RC_SUCCESS) { return rval; } unsigned i; for (i = 0; i < numBuffers; i++) { - rval = Tss2_Sys_SequenceUpdate(sapi_context, sequenceHandle, + rval = Tss2_Sys_SequenceUpdate(sysContext, sequenceHandle, &cmdAuthArray, &bufferList[i], 0); - if (rval != TPM_RC_SUCCESS) { + if (rval != TPM2_RC_SUCCESS) { return rval; } } - rval = Tss2_Sys_SequenceComplete(sapi_context, sequenceHandle, + rval = Tss2_Sys_SequenceComplete(sysContext, sequenceHandle, &cmdAuthArray, (TPM2B_MAX_BUFFER *) &emptyBuffer, - TPM_RH_PLATFORM, result, &validation, 0); + TPM2_RH_PLATFORM, result, &validation, 0); - if (rval != TPM_RC_SUCCESS) { + if (rval != TPM2_RC_SUCCESS) { return rval; } return rval; } -int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer, +int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sysContext, BYTE *buffer, UINT16 length, TPMI_ALG_HASH halg, TPM2B_DIGEST *result) { - if (length <= MAX_DIGEST_BUFFER) { - if (tpm_hash(sapi_context, halg, length, buffer, - result) == TPM_RC_SUCCESS){ - printf("Single hash result size: %d\n", result->t.size); + if (length <= TPM2_MAX_DIGEST_BUFFER) { + if (tpm_hash(sysContext, halg, length, buffer, + result) == TPM2_RC_SUCCESS){ + printf("Single hash result size: %d\n", result->size); return 0; } else return -1; } - UINT8 numBuffers = (length - 1) / MAX_DIGEST_BUFFER + 1; + UINT8 numBuffers = (length - 1) / TPM2_MAX_DIGEST_BUFFER + 1; TPM2B_MAX_BUFFER *bufferList = (TPM2B_MAX_BUFFER *) calloc(numBuffers, sizeof(TPM2B_MAX_BUFFER)); @@ -680,76 +693,67 @@ int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer, UINT32 i; for (i = 0; i < (UINT32)(numBuffers - 1); i++) { - bufferList[i].t.size = MAX_DIGEST_BUFFER; - memcpy(bufferList[i].t.buffer, buffer + i * MAX_DIGEST_BUFFER, - MAX_DIGEST_BUFFER); + bufferList[i].size = TPM2_MAX_DIGEST_BUFFER; + memcpy(bufferList[i].buffer, buffer + i * TPM2_MAX_DIGEST_BUFFER, + TPM2_MAX_DIGEST_BUFFER); } - bufferList[i].t.size = length - i * MAX_DIGEST_BUFFER; - memcpy(bufferList[i].t.buffer, buffer + i * MAX_DIGEST_BUFFER, - bufferList[i].t.size); + bufferList[i].size = length - i * TPM2_MAX_DIGEST_BUFFER; + memcpy(bufferList[i].buffer, buffer + i * TPM2_MAX_DIGEST_BUFFER, + bufferList[i].size); - TPM_RC rval = hash_sequence_ex(sapi_context, halg, numBuffers, bufferList, result); + TPM2_RC rval = hash_sequence_ex(sysContext, halg, numBuffers, bufferList, result); free(bufferList); - printf("Sequence hash result size: %d\n", result->t.size); - return rval == TPM_RC_SUCCESS ? 0 : -3; + printf("Sequence hash result size: %d\n", result->size); + return rval == TPM2_RC_SUCCESS ? 0 : -3; } -static bool get_key_type(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT objectHandle, +static bool get_key_type(TSS2_SYS_CONTEXT *sysContext, TPMI_DH_OBJECT objectHandle, TPMI_ALG_PUBLIC *type) { - TPMS_AUTH_RESPONSE session_data_out; - - TPMS_AUTH_RESPONSE *session_data_out_array[1] = { - &session_data_out - }; - - TSS2_SYS_RSP_AUTHS sessions_data_out = { - 1, - &session_data_out_array[0] - }; + TSS2L_SYS_AUTH_RESPONSE sessions_data_out; TPM2B_PUBLIC out_public = { - { 0, } + 0 }; TPM2B_NAME name = TPM2B_TYPE_INIT(TPM2B_NAME, name); TPM2B_NAME qaulified_name = TPM2B_TYPE_INIT(TPM2B_NAME, name); - TPM_RC rval = Tss2_Sys_ReadPublic(sapi_context, objectHandle, 0, &out_public, &name, + TPM2_RC rval = Tss2_Sys_ReadPublic(sysContext, objectHandle, 0, &out_public, &name, &qaulified_name, &sessions_data_out); - if (rval != TPM_RC_SUCCESS) { + if (rval != TPM2_RC_SUCCESS) { printf("Sys_ReadPublic failed, error code: 0x%x", rval); return false; } - *type = out_public.t.publicArea.type; + *type = out_public.publicArea.type; return true; } -static bool set_scheme(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT keyHandle, +static bool set_scheme(TSS2_SYS_CONTEXT *sysContext, TPMI_DH_OBJECT keyHandle, TPMI_ALG_HASH halg, TPMT_SIG_SCHEME *inScheme) { - TPM_ALG_ID type; - bool result = get_key_type(sapi_context, keyHandle, &type); + TPM2_ALG_ID type; + bool result = get_key_type(sysContext, keyHandle, &type); if (!result) { return false; } switch (type) { - case TPM_ALG_RSA : - inScheme->scheme = TPM_ALG_RSASSA; + case TPM2_ALG_RSA : + inScheme->scheme = TPM2_ALG_RSASSA; inScheme->details.rsassa.hashAlg = halg; break; - case TPM_ALG_KEYEDHASH : - inScheme->scheme = TPM_ALG_HMAC; + case TPM2_ALG_KEYEDHASH : + inScheme->scheme = TPM2_ALG_HMAC; inScheme->details.hmac.hashAlg = halg; break; - case TPM_ALG_ECC : - inScheme->scheme = TPM_ALG_ECDSA; + case TPM2_ALG_ECC : + inScheme->scheme = TPM2_ALG_ECDSA; inScheme->details.ecdsa.hashAlg = halg; break; - case TPM_ALG_SYMCIPHER : + case TPM2_ALG_SYMCIPHER : default: printf("Unknown key type, got: 0x%x", type); return false; @@ -761,42 +765,36 @@ static bool sign_and_save(tpm_sign_ctx *ctx, TPMT_SIGNATURE *sig) { TPM2B_DIGEST digest = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer); TPMT_SIG_SCHEME in_scheme; - TSS2_SYS_CMD_AUTHS sessions_data; - TPMS_AUTH_RESPONSE session_data_out; - TSS2_SYS_RSP_AUTHS sessions_data_out; - TPMS_AUTH_COMMAND *session_data_array[1]; - TPMS_AUTH_RESPONSE *session_data_out_array[1]; - - session_data_array[0] = &ctx->sessionData; - sessions_data.cmdAuths = &session_data_array[0]; - session_data_out_array[0] = &session_data_out; - sessions_data_out.rspAuths = &session_data_out_array[0]; - sessions_data_out.rspAuthsCount = 1; - sessions_data.cmdAuthsCount = 1; - - int rc = tpm_hash_compute_data(ctx->sapi_context, ctx->msg, ctx->length, ctx->halg, &digest); + TSS2L_SYS_AUTH_RESPONSE sessions_data_out; + + TSS2L_SYS_AUTH_COMMAND sessions_data = { .count = 1, .auths = {{ + .sessionHandle = TPM2_RS_PW, + .sessionAttributes = 0, + .nonce = {.size = 0}, + .hmac = {.size = 0}}}}; + + int rc = tpm_hash_compute_data(ctx->sysContext, ctx->msg, ctx->length, ctx->halg, &digest); if (rc) { printf("Compute message hash failed!"); return false; } - printf("Compute message hash digest size : %d \n", digest.t.size); + printf("Compute message hash digest size : %d \n", digest.size); - bool result = set_scheme(ctx->sapi_context, ctx->keyHandle, ctx->halg, &in_scheme); + bool result = set_scheme(ctx->sysContext, ctx->keyHandle, ctx->halg, &in_scheme); if (!result) { return false; } - TPM_RC rval = Tss2_Sys_Sign(ctx->sapi_context, ctx->keyHandle, + TPM2_RC rval = Tss2_Sys_Sign(ctx->sysContext, ctx->keyHandle, &sessions_data, &digest, &in_scheme, &ctx->validation, sig, &sessions_data_out); - if (rval != TPM_RC_SUCCESS) { + if (rval != TPM2_RC_SUCCESS) { printf("Sys_Sign failed, error code: 0x%x", rval); return false; } - return true; } @@ -809,7 +807,7 @@ int tpm2_plugin_rsa_sign( unsigned char *sig, int *sig_len) { - TPM_RC rval; + TPM2_RC rval; common_opts_t opts = COMMON_OPTS_INITIALIZER; TPMT_SIGNATURE signature; TSS2_TCTI_CONTEXT *tcti_ctx; @@ -817,10 +815,10 @@ int tpm2_plugin_rsa_sign( if (tcti_ctx == NULL) return -1; - TSS2_SYS_CONTEXT *sapi_context = NULL; + TSS2_SYS_CONTEXT *sysContext = NULL; if (tcti_ctx) { - sapi_context = sapi_ctx_init(tcti_ctx); - if (!sapi_context) { + sysContext = sapi_ctx_init(tcti_ctx); + if (!sysContext) { free(tcti_ctx); return -1; } @@ -832,21 +830,21 @@ int tpm2_plugin_rsa_sign( .halg = 0, .keyHandle = 0, .validation = { 0 }, - .sapi_context = sapi_context + .sysContext = sysContext }; printf("rsa_sign API mechanism is %lx \n", mechanism); - ctx.sessionData.sessionHandle = TPM_RS_PW; - ctx.validation.tag = TPM_ST_HASHCHECK; - ctx.validation.hierarchy = TPM_RH_NULL; + ctx.sessionData.sessionHandle = TPM2_RS_PW; + ctx.validation.tag = TPM2_ST_HASHCHECK; + ctx.validation.hierarchy = TPM2_RH_NULL; if (mechanism == 7) - ctx.halg = TPM_ALG_SHA256; + ctx.halg = TPM2_ALG_SHA256; else printf("mechanism not supported! \n"); ctx.keyHandle = *(TPMI_DH_OBJECT *)keyHandle; - rval = Tss2_Sys_ContextLoad(ctx.sapi_context, &loaded_key_context, &ctx.keyHandle); - if (rval != TPM_RC_SUCCESS) { + rval = Tss2_Sys_ContextLoad(ctx.sysContext, &loaded_key_context, &ctx.keyHandle); + if (rval != TPM2_RC_SUCCESS) { printf("ContextLoad Error in RSA Sign API. TPM Error:0x%x", rval); goto out; } @@ -858,14 +856,14 @@ int tpm2_plugin_rsa_sign( goto out; } - *sig_len = (int)signature.signature.rsassa.sig.t.size; + *sig_len = (int)signature.signature.rsassa.sig.size; printf("signature length: %d \n", *sig_len); - memcpy(sig, signature.signature.rsassa.sig.t.buffer, *sig_len); - printf("signature buffer size: %ld \n", sizeof(signature.signature.rsassa.sig.t.buffer)); + memcpy(sig, signature.signature.rsassa.sig.buffer, *sig_len); + printf("signature buffer size: %ld \n", sizeof(signature.signature.rsassa.sig.buffer)); printf("RSA sign API successful in TPM plugin ! \n"); out: - sapi_teardown_full(sapi_context); + sapi_teardown_full(sysContext); return 0; @@ -77,6 +77,12 @@ rm -rf tpm2-tools-3.1.0 echo "Build Import utility tool" cd tpm-util/import make -f sampleMakefile -cd ../../ +cd ../.. +echo "Build TPM-Plugin" +cd TPM2-Plugin +./bootstrap +./configure +sudo make install +cd .. sudo ldconfig |