summaryrefslogtreecommitdiffstats
path: root/TPM2-Plugin/lib/include
diff options
context:
space:
mode:
Diffstat (limited to 'TPM2-Plugin/lib/include')
-rw-r--r--TPM2-Plugin/lib/include/files.h366
-rw-r--r--TPM2-Plugin/lib/include/log.h107
-rw-r--r--TPM2-Plugin/lib/include/plugin_api.h48
-rw-r--r--TPM2-Plugin/lib/include/plugin_register.h196
-rw-r--r--TPM2-Plugin/lib/include/tcti_util.h109
-rw-r--r--TPM2-Plugin/lib/include/tpm2_alg_util.h196
-rw-r--r--TPM2-Plugin/lib/include/tpm2_attr_util.h98
-rw-r--r--TPM2-Plugin/lib/include/tpm2_error.h136
-rw-r--r--TPM2-Plugin/lib/include/tpm2_hash.h84
-rw-r--r--TPM2-Plugin/lib/include/tpm2_plugin_api.h136
-rw-r--r--TPM2-Plugin/lib/include/tpm2_tcti_ldr.h62
-rw-r--r--TPM2-Plugin/lib/include/tpm2_util.h325
12 files changed, 1863 insertions, 0 deletions
diff --git a/TPM2-Plugin/lib/include/files.h b/TPM2-Plugin/lib/include/files.h
new file mode 100644
index 0000000..164e308
--- /dev/null
+++ b/TPM2-Plugin/lib/include/files.h
@@ -0,0 +1,366 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+#ifndef FILES_H
+#define FILES_H
+
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <sapi/tpm20.h>
+
+/**
+ * Reads a series of bytes from a file as a byte array. This is similar to files_read_bytes(),
+ * but opens and closes the FILE for the caller. Size is both an input and output value where
+ * the size value is the max buffer size on call and the returned size is how much was read.
+ *
+ * This interface could be cleaned up in a later revision.
+ * @param path
+ * The path to the file to open.
+ * @param buf
+ * The buffer to read the data into
+ * @param size
+ * The max size of the buffer on call, and the size of the data read on return.
+ * @return
+ * True on success, false otherwise.
+ */
+bool files_load_bytes_from_path(const char *path, UINT8 *buf, UINT16 *size);
+
+/**
+ * Loads data from a file path or stdin enforcing an upper bound on size.
+ * @param path
+ * The path to load data from, NULL means stdin.
+ * @param size
+ * The maximum size.
+ * @param buf
+ * The buffer to write the data into.
+ * @return
+ * True on success or false otherwise.
+ */
+bool files_load_bytes_from_file_or_stdin(const char *path, UINT16 *size, BYTE *buf);
+
+/**
+ * Similar to files_write_bytes(), in that it writes an array of bytes to disk,
+ * but this routine opens and closes the file on the callers behalf.
+ * @param path
+ * The path to the file to write the data to.
+ * @param buf
+ * The buffer of data to write
+ * @param size
+ * The size of the data to write in bytes.
+ * @return
+ * True on success, false otherwise.
+ */
+bool files_save_bytes_to_file(const char *path, UINT8 *buf, UINT16 size);
+
+/**
+ * Saves the TPM context for an object handle to disk by calling Tss2_Sys_ContextSave() and serializing the
+ * resulting TPMS_CONTEXT structure to disk.
+ * @param sapi_context
+ * The system api context
+ * @param handle
+ * The object handle for the object to save.
+ * @param path
+ * The output path of the file.
+ *
+ * @return
+ * True on success, False on error.
+ */
+bool files_save_tpm_context_to_path(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE handle, const char *path);
+
+/**
+ * Like files_save_tpm_context_to_path() but saves a tpm session to a FILE stream.
+ * @param sapi_context
+ * The system api context
+ * @param handle
+ * The object handle for the object to save.
+ * @param stream
+ * The FILE stream to save too.
+ * @return
+ * True on success, False on error.
+ */
+bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE handle,
+ FILE *stream);
+
+/**
+ * Loads a TPM object context from disk.
+ * @param sapi_context
+ * The system API context
+ * @param handle
+ * The object handle that was saved.
+ * @param path
+ * The path to the input file.
+ * @return
+ * True on Success, false on error.
+ */
+bool files_load_tpm_context_from_path(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE *handle, const char *path);
+
+/**
+ * Like files_load_tpm_context_from_path() but loads the context from a FILE stream.
+ * @param sapi_context
+ * The system API context
+ * @param handle
+ * The object handle that was saved.
+ * @param stream
+ * The FILE stream to read from.
+ * @return
+ * True on success, False on error.
+ */
+bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context,
+ TPM2_HANDLE *handle, FILE *stream);
+
+/**
+ * Serializes a TPM2B_PUBLIC to the file path provided.
+ * @param public
+ * The TPM2B_PUBLIC to save to disk.
+ * @param path
+ * The path to save to.
+ * @return
+ * true on success, false on error.
+ */
+bool files_save_public(TPM2B_PUBLIC *public, const char *path);
+
+/**
+ * Loads a TPM2B_PUBLIC from disk that was saved with files_save_pubkey()
+ * @param path
+ * The path to load from.
+ * @param public
+ * The TPM2B_PUBLIC to load.
+ * @return
+ * true on success, false on error.
+ */
+bool files_load_public(const char *path, TPM2B_PUBLIC *public);
+
+/**
+ * Serializes a TPMT_SIGNATURE to the file path provided.
+ * @param signature
+ * The TPMT_SIGNATURE to save to disk.
+ * @param path
+ * The path to save to.
+ * @return
+ * true on success, false on error.
+ */
+bool files_save_signature(TPMT_SIGNATURE *signature, const char *path);
+
+/**
+ * Loads a TPMT_SIGNATURE from disk that was saved with files_save_signature()
+ * @param path
+ * The path to load from.
+ * @param signature
+ * The TPMT_SIGNATURE to load.
+ * @return
+ * true on success, false on error.
+ */
+bool files_load_signature(const char *path, TPMT_SIGNATURE *signature);
+
+/**
+ * Serializes a TPMT_TK_VERIFIED to the file path provided.
+ * @param signature
+ * The TPMT_SIGNATURE to save to disk.
+ * @param path
+ * The path to save to.
+ * @return
+ * true on success, false on error.
+ */
+bool files_save_ticket(TPMT_TK_VERIFIED *ticket, const char *path);
+
+/**
+ * Loads a TPMT_TK_VERIFIED from disk that was saved with files_save_ticket()
+ * @param path
+ * The path to load from.
+ * @param signature
+ * The TPMT_TK_VERIFIED to load.
+ * @return
+ * true on success, false on error.
+ */
+bool files_load_ticket(const char *path, TPMT_TK_VERIFIED *ticket);
+
+/**
+ * Loads a TPM2B_SENSITIVE from disk.
+ * @param path
+ * The path to load from.
+ * @param signature
+ * The TPM2B_SENSITIVE to load.
+ * @return
+ * true on success, false on error.
+ */
+bool files_load_sensitive(const char *path, TPM2B_SENSITIVE *sensitive);
+
+/**
+ * Serializes a TPMT_TK_HASHCHECK to the file path provided.
+ * @param validation
+ * The TPMT_TK_HASHCHECK to save to disk.
+ * @param path
+ * The path to save to.
+ * @return
+ * true on success, false on error.
+ */
+bool files_save_validation(TPMT_TK_HASHCHECK *validation, const char *path);
+
+/**
+ * Loads a TPMT_TK_HASHCHECK from disk.
+ * @param path
+ * The path to load from.
+ * @param validation
+ * The TPMT_TK_HASHCHECK to load.
+ * @return
+ * true on success, false on error.
+ */
+bool files_load_validation(const char *path, TPMT_TK_HASHCHECK *validation);
+
+/**
+ * Checks a file for existence.
+ * @param path
+ * The file to check for existence.
+ * @return
+ * true if a file exists with read permissions, false if it doesn't exist or an error occurs.
+ *
+ */
+bool files_does_file_exist(const char *path);
+
+/**
+ * Retrieves a files size given a file path.
+ * @param path
+ * The path of the file to retreive the size of.
+ * @param file_size
+ * A pointer to an unsigned long to return the file size. The
+ * pointed to value is valid only on a true return.
+ *
+ * @return
+ * True for success or False for error.
+ */
+bool files_get_file_size_path(const char *path, unsigned long *file_size);
+
+/**
+ * Similar to files_get_file_size_path(), but uses an already opened FILE object.
+ * @param fp
+ * The file pointer to query the size of.
+ * @param file_size
+ * Output of the file size.
+ * @param path
+ * An optional path used for error reporting, a NULL path disables error logging.
+ * @return
+ * True on success, False otherwise.
+ */
+bool files_get_file_size(FILE *fp, unsigned long *file_size, const char *path);
+
+/**
+ * Writes a TPM2.0 header to a file.
+ * @param f
+ * The file to write to.
+ * @param version
+ * The version number of the format of the file.
+ * @return
+ * True on success, false on error.
+ */
+bool files_write_header(FILE *f, UINT32 version);
+
+/**
+ * Reads a TPM2.0 header from a file.
+ * @param f
+ * The file to read.
+ * @param version
+ * The version that was found.
+ * @return
+ * True on Success, False on error.
+ */
+bool files_read_header(FILE *f, UINT32 *version);
+
+/**
+ * Writes a 16 bit value to the file in big endian, converting
+ * if needed.
+ * @param out
+ * The file to write.
+ * @param data
+ * The 16 bit value to write.
+ * @return
+ * True on success, False on error.
+ */
+bool files_write_16(FILE *out, UINT16 data);
+
+/**
+ * Same as files_write_16 but for 32 bit values.
+ */
+bool files_write_32(FILE *out, UINT32 data);
+
+/**
+ * Same as files_write_16 but for 64 bit values.
+ */
+bool files_write_64(FILE *out, UINT64 data);
+
+/**
+ * Writes a byte array out to a file.
+ * @param out
+ * The file to write to.
+ * @param data
+ * The data to write.
+ * @param size
+ * The size of the data to write in bytes.
+ * @return
+ * True on success, False otherwise.
+ */
+bool files_write_bytes(FILE *out, UINT8 data[], size_t size);
+
+/**
+ * Reads a 16 bit value from a file converting from big endian to host
+ * endianess.
+ * @param out
+ * The file to read from.
+ * @param data
+ * The data that is read, valid on a true return.
+ * @return
+ * True on success, False on error.
+ */
+bool files_read_16(FILE *out, UINT16 *data);
+
+/**
+ * Same as files_read_16 but for 32 bit values.
+ */
+bool files_read_32(FILE *out, UINT32 *data);
+
+/**
+ * Same as files_read_16 but for 64 bit values.
+ */
+bool files_read_64(FILE *out, UINT64 *data);
+
+/**
+ * Reads len bytes from a file.
+ * @param out
+ * The file to read from.
+ * @param data
+ * The buffer to read into, only valid on a True return.
+ * @param size
+ * The number of bytes to read.
+ * @return
+ * True on success, False otherwise.
+ */
+bool files_read_bytes(FILE *out, UINT8 data[], size_t size);
+
+#endif /* FILES_H */
diff --git a/TPM2-Plugin/lib/include/log.h b/TPM2-Plugin/lib/include/log.h
new file mode 100644
index 0000000..c4ae0bd
--- /dev/null
+++ b/TPM2-Plugin/lib/include/log.h
@@ -0,0 +1,107 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+#ifndef SRC_LOG_H_
+#define SRC_LOG_H_
+
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <sapi/tpm20.h>
+
+#include "tpm2_error.h"
+#include "tpm2_util.h"
+
+typedef enum log_level log_level;
+enum log_level {
+ log_level_error,
+ log_level_warning,
+ log_level_verbose
+};
+
+void _log (log_level level, const char *file, unsigned lineno, const char *fmt, ...)
+ COMPILER_ATTR(format (printf, 4, 5));
+
+/*
+ * Prints an error message. The fmt and variadic arguments mirror printf.
+ *
+ * Use this to log all error conditions.
+ */
+#define LOG_ERR(fmt, ...) _log(log_level_error, __FILE__, __LINE__, fmt, ##__VA_ARGS__)
+
+/**
+ * Prints an error message for a TSS2_Sys call to the TPM.
+ * The format is <function-name>(0x<rc>) - <error string>
+ * @param func
+ * The function that caused the error
+ * @param rc
+ * The return code to print.
+ */
+#define LOG_PERR(func, rc) _LOG_PERR(xstr(func), rc)
+
+/**
+ * Internal use only.
+ *
+ * Handles the expanded LOG_PERR call checking argument values
+ * and handing them off to LOG_ERR.
+ * @param func
+ * The function name.
+ * @param rc
+ * The rc to decode.
+ */
+static inline void _LOG_PERR(const char *func, TSS2_RC rc) {
+
+ LOG_ERR("%s(0x%X) - %s", func, rc, tpm2_error_str(rc));
+}
+
+/*
+ * Prints an warning message. The fmt and variadic arguments mirror printf.
+ *
+ * Use this to log a warning. A warning is when something is wrong, but it is not a fatal
+ * issue.
+ */
+#define LOG_WARN(fmt, ...) _log(log_level_warning, __FILE__, __LINE__, fmt, ##__VA_ARGS__)
+
+/*
+ * Prints an informational message. The fmt and variadic arguments mirror printf.
+ *
+ * Informational messages are only shown when verboseness is increased. Valid messages
+ * would be debugging type messages where additional, extraneous information is printed.
+ */
+#define LOG_INFO(fmt, ...) _log(log_level_verbose, __FILE__, __LINE__, fmt, ##__VA_ARGS__)
+
+/**
+ * Sets the log level so only messages <= to it print.
+ * @param level
+ * The logging level to set.
+ */
+void log_set_level (log_level level);
+
+#endif /* SRC_LOG_H_ */
diff --git a/TPM2-Plugin/lib/include/plugin_api.h b/TPM2-Plugin/lib/include/plugin_api.h
new file mode 100644
index 0000000..5f4b924
--- /dev/null
+++ b/TPM2-Plugin/lib/include/plugin_api.h
@@ -0,0 +1,48 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+
+#ifndef __PLUGIN_API_H__
+#define __PLUGIN_API_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int plugin_configure(char *configPath);
+
+void plugin_assign_hw_instance();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/TPM2-Plugin/lib/include/plugin_register.h b/TPM2-Plugin/lib/include/plugin_register.h
new file mode 100644
index 0000000..a154a24
--- /dev/null
+++ b/TPM2-Plugin/lib/include/plugin_register.h
@@ -0,0 +1,196 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+
+#ifndef __PLUGIN_REGISTER_H__
+#define __PLUGIN_REGISTER_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Callback function definitions
+ */
+
+typedef int (*fp_crypto_rsa_decrypt_init) (
+ /* IN */
+ unsigned long mechanism, /* PKCS#11 Mechanism */
+ void *param, /* PKCS#11 Paramter */
+ unsigned long param_len, /* PKCS#11 Parameter len */
+ /* OUT */
+ void *cb /* Address of pointer to store context block */
+ );
+
+typedef int (*fp_crypto_rsa_decrypt) (
+ /* IN */
+ void* cb, /* Pointer Crypto Block which is created during decrypt_init */
+ unsigned char* cipher, /* Input Cipher data */
+ int cipher_length, /* Ciphet data length */
+ /* OUT */
+ unsigned char* out_data, /* Decrypted output data */
+ int* out_data_len /* output length */
+ );
+
+typedef int (*fp_crypto_rsa_sign_init) (
+ /* IN */
+ unsigned long mechanism, /* PKCS#11 Mechanism */
+ void *param, /* PKCS#11 Paramter */
+ unsigned long param_len, /* PKCS#11 Parameter len */
+ /* OUT */
+ void *cb /* Address of pointer to store context block */
+ );
+
+typedef int (*fp_crypto_rsa_sign_update) (
+ /* IN */
+ void *cb, /* Previously created context block (during sign_init) passed */
+ void *pPart, /* pPart */
+ unsigned long ulPartLen /* ulPartLen */
+ );
+
+typedef int (*fp_crypto_rsa_sign_final) (
+ /* IN */
+ void *cb, /* Previously passed context block */
+ /* OUT */
+ unsigned char *sig, /* Output Signature buffer */
+ int *sigLen /* Pointer to hold signature buffer length */
+ );
+
+typedef int (*fp_crypto_rsa_sign) (
+ /* IN */
+ void *cb, /* Previously created context block (during sign_init) passed */
+ unsigned char* msg, /* Data to be signed */
+ int msg_len, /* Input data length */
+ /* OUT */
+ unsigned char *sig, /* Output Signature buffer */
+ int *sig_len /* Pointer to hold signature buffer length */
+ );
+
+typedef int (*fp_crypto_ecdsa_sign) (
+ /* IN */
+ void *cb, /* Previously created context block (during sign_init) passed */
+ unsigned char* data, /* Data to be signed */
+ int data_len, /* Input data length */
+ /* OUT */
+ unsigned char *sig, /* Output Signature buffer */
+ int *sig_len /* Pointer to hold signature buffer length */
+ );
+
+typedef int (*fp_crypto_ecdsa_verify) (
+ /* IN */
+ unsigned long appHandle, /* Application handle needed for QAT KPT mode */
+ //DhsmWPKECDSAFormat *wpk, /* Wrapped Private Key strcuture for ECDSA */
+ void *wpk, /* Wrapped Private Key strcuture for ECDSA */
+ unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */
+ int swk_len, /* SWK length */
+ unsigned char* iv, /* IV value used during Application Key encryption */
+ int iv_len, /* IV length */
+ int tag_len, /* AES-GCM tag length */
+ unsigned char* data, /* Data which is used for signing */
+ int data_len, /* Input data length */
+ unsigned char *sig, /* Signature value */
+ int sig_len, /* Signature length */
+ /* OUT */
+ int* verifyResult /* Pointer to hold the verification result */
+ );
+
+typedef int (*fp_crypto_del_apphandle) (unsigned long skmKeyHandle);
+
+// SWK related operations
+typedef int (*fp_crypto_swk_getParentKey) (unsigned char** tlvbuffer, int* buflen);
+typedef int (*fp_crypto_swk_import) (
+ unsigned long appHandle,
+ unsigned char* tlvbuffer,
+ int buflen,
+ unsigned char* iv,
+ int iv_len,
+ unsigned char* tpm_pwd,
+ int tpm_pwd_len);
+
+typedef int (*fp_crypto_rsa_create_object) (
+ unsigned long appHandle, /* Application handle needed for QAT KPT mode */
+ //DhsmWPKRSAFormat *wpk, /* Wrapped Private Key structure for RSA */
+ void *wpk, /* Wrapped Private Key structure for RSA */
+ unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */
+ int swk_len, /* SWK length */
+ unsigned char* iv, /* IV value used during Application Key encryption */
+ int iv_len, /* IV length */
+ int tag_len, /* AES-GCM tag length */
+ void **cb_object /* Pointer to store context block */
+ );
+
+typedef int (*fp_crypto_rsa_delete_object) (
+ void *cb_object /* Pointer Crypto Block which is created during decrypt_create_object */
+ );
+
+typedef int (*fp_crypto_ecdsa_create_object) (
+ unsigned long appHandle, /* Application handle needed for QAT KPT mode */
+ //DhsmWPKECDSAFormat *wpk, /* Wrapped Private Key structure for RSA */
+ void *wpk, /* Wrapped Private Key structure for RSA */
+ unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */
+ int swk_len, /* SWK length */
+ unsigned char* iv, /* IV value used during Application Key encryption */
+ int iv_len, /* IV length */
+ int tag_len, /* AES-GCM tag length */
+ void **cb_object /* Pointer to store context block */
+ );
+
+typedef int (*fp_crypto_ecdsa_delete_object) (
+ void *cb_object /* Pointer Crypto Block which is created during decrypt_create_object */
+ );
+
+
+typedef struct
+{
+ fp_crypto_rsa_decrypt_init cb_crypto_rsa_decrypt_init;
+ fp_crypto_rsa_decrypt cb_crypto_rsa_decrypt;
+ fp_crypto_rsa_sign_init cb_crypto_rsa_sign_init;
+ fp_crypto_rsa_sign_update cb_crypto_rsa_sign_update;
+ fp_crypto_rsa_sign_final cb_crypto_rsa_sign_final;
+ fp_crypto_rsa_sign cb_crypto_rsa_sign;
+ fp_crypto_ecdsa_sign cb_crypto_ecdsa_sign;
+ fp_crypto_ecdsa_verify cb_crypto_ecdsa_verify;
+ fp_crypto_del_apphandle cb_crypto_del_apphandle;
+ fp_crypto_swk_getParentKey cb_crypto_swk_getParentKey;
+ fp_crypto_swk_import cb_crypto_swk_import;
+ fp_crypto_rsa_create_object cb_crypto_rsa_create_object;
+ fp_crypto_rsa_delete_object cb_crypto_rsa_delete_object;
+ fp_crypto_ecdsa_create_object cb_crypto_ecdsa_create_object;
+ fp_crypto_ecdsa_delete_object cb_crypto_ecdsa_delete_object;
+
+} plugin_register;
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
diff --git a/TPM2-Plugin/lib/include/tcti_util.h b/TPM2-Plugin/lib/include/tcti_util.h
new file mode 100644
index 0000000..1b3b289
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tcti_util.h
@@ -0,0 +1,109 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+
+//
+// The context for TCTI implementations is on opaque
+// structure. There shall never be a definition of its content.
+// Implementation provide the size information to
+// applications via the initialize call.
+// This makes use of a compiler trick that allows type
+// checking of the pointer even though the type isn't
+// defined.
+//
+// The first field of a Context must be the common part
+// (see below).
+#ifndef TSS2_TCTI_UTIL_H
+#define TSS2_TCTI_UTIL_H
+
+#if defined linux || defined unix
+#include <sys/socket.h>
+#define SOCKET int
+#endif
+
+#include <tcti/common.h>
+
+#define TCTI_MAGIC 0x7e18e9defa8bc9e2
+#define TCTI_VERSION 0x1
+
+#define TCTI_LOG_CALLBACK(ctx) ((TSS2_TCTI_CONTEXT_INTEL*)ctx)->logCallback
+#define TCTI_LOG_DATA(ctx) ((TSS2_TCTI_CONTEXT_INTEL*)ctx)->logData
+#define TCTI_LOG_BUFFER_CALLBACK(ctx) ((TSS2_TCTI_CONTEXT_INTEL*)ctx)->logBufferCallback
+
+typedef TSS2_RC (*TCTI_TRANSMIT_PTR)( TSS2_TCTI_CONTEXT *tctiContext, size_t size, uint8_t *command);
+typedef TSS2_RC (*TCTI_RECEIVE_PTR) (TSS2_TCTI_CONTEXT *tctiContext, size_t *size, uint8_t *response, int32_t timeout);
+
+enum tctiStates { TCTI_STAGE_INITIALIZE, TCTI_STAGE_SEND_COMMAND, TCTI_STAGE_RECEIVE_RESPONSE };
+
+/* current Intel version */
+typedef struct {
+ uint64_t magic;
+ uint32_t version;
+ TCTI_TRANSMIT_PTR transmit;
+ TCTI_RECEIVE_PTR receive;
+ TSS2_RC (*finalize) (TSS2_TCTI_CONTEXT *tctiContext);
+ TSS2_RC (*cancel) (TSS2_TCTI_CONTEXT *tctiContext);
+ TSS2_RC (*getPollHandles) (TSS2_TCTI_CONTEXT *tctiContext,
+ TSS2_TCTI_POLL_HANDLE *handles, size_t *num_handles);
+ TSS2_RC (*setLocality) (TSS2_TCTI_CONTEXT *tctiContext, uint8_t locality);
+ struct {
+ UINT32 debugMsgEnabled: 1;
+ UINT32 locality: 8;
+ UINT32 commandSent: 1;
+ UINT32 rmDebugPrefix: 1; // Used to add a prefix to RM debug messages. This is ONLY used
+ // for TPM commands and responses as a way to differentiate
+ // RM generated TPM commands from application generated ones.
+
+ // Following two fields used to save partial response status in case receive buffer's too small.
+ UINT32 tagReceived: 1;
+ UINT32 responseSizeReceived: 1;
+ UINT32 protocolResponseSizeReceived: 1;
+ } status;
+
+ // Following two fields used to save partial response in case receive buffer's too small.
+ TPM_ST tag;
+ TPM_RC responseSize;
+
+ TSS2_TCTI_CONTEXT *currentTctiContext;
+
+ // Sockets if socket interface is being used.
+ SOCKET otherSock;
+ SOCKET tpmSock;
+ SOCKET currentConnectSock;
+
+ // File descriptor for device file if real TPM is being used.
+ int devFile;
+ UINT8 previousStage; // Used to check for sequencing errors.
+ unsigned char responseBuffer[4096];
+ TCTI_LOG_CALLBACK logCallback;
+ TCTI_LOG_BUFFER_CALLBACK logBufferCallback;
+ void *logData;
+} TSS2_TCTI_CONTEXT_INTEL;
+
+#define TCTI_CONTEXT ( (TSS2_TCTI_CONTEXT_COMMON_CURRENT *)(SYS_CONTEXT->tctiContext) )
+#define TCTI_CONTEXT_INTEL ( (TSS2_TCTI_CONTEXT_INTEL *)tctiContext )
+
+#endif
diff --git a/TPM2-Plugin/lib/include/tpm2_alg_util.h b/TPM2-Plugin/lib/include/tpm2_alg_util.h
new file mode 100644
index 0000000..ce4083c
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tpm2_alg_util.h
@@ -0,0 +1,196 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+#ifndef LIB_TPM2_ALG_UTIL_H_
+#define LIB_TPM2_ALG_UTIL_H_
+
+#include <stdbool.h>
+
+#include <sapi/tpm20.h>
+
+/**
+ * Iterator callback routine for iterating over known algorithm name and value
+ * pairs.
+ * @param id
+ * The algorithm id.
+ * @param name
+ * The associated "nice-name".
+ * @param userdata
+ * A user supplied data pointer.
+ * @return
+ * True to stop iterating, false to keep iterating.
+ */
+typedef bool (*tpm2_alg_util_alg_iteraror)(TPM2_ALG_ID id, const char *name, void *userdata);
+
+/**
+ * Iterate over the algorithm name-value pairs calling the iterator callback for each pair.
+ * @param iterator
+ * The iterator callback function.
+ * @param userdata
+ * A pointer to user supplied data, this is passed to the iterator for each call.
+ */
+void tpm2_alg_util_for_each_alg(tpm2_alg_util_alg_iteraror iterator, void *userdata);
+
+/**
+ * Convert a "nice-name" string to an algorithm id.
+ * @param name
+ * The "nice-name" to convert.
+ * @return
+ * TPM2_ALG_ERROR on error, or a valid algorithm identifier.
+ */
+TPM2_ALG_ID tpm2_alg_util_strtoalg(const char *name);
+
+/**
+ * Convert an id to a nice-name.
+ * @param id
+ * The id to convert.
+ * @return
+ * The nice-name.
+ */
+const char *tpm2_alg_util_algtostr(TPM2_ALG_ID id);
+
+/**
+ * Converts either a string from algrotithm number or algorithm nice-name to
+ * an algorithm id.
+ * @param optarg
+ * The string to convert from an algorithm number or nice name.
+ * @return
+ * TPM2_ALG_ERROR on error or the algorithm id.
+ */
+TPM2_ALG_ID tpm2_alg_util_from_optarg(char *optarg);
+
+/**
+ * Detects if an algorithm is considered a hashing algorithm.
+ * @param id
+ * The algorithm id to check.
+ * @return
+ * True if it is a hash algorithm, False otherwise.
+ */
+bool tpm2_alg_util_is_hash_alg(TPM2_ALG_ID id);
+
+/**
+ * Contains the information from parsing an argv style vector of strings for
+ * pcr digest language specifications.
+ */
+typedef struct tpm2_pcr_digest_spec tpm2_pcr_digest_spec;
+struct tpm2_pcr_digest_spec {
+ TPML_DIGEST_VALUES digests;
+ TPMI_DH_PCR pcr_index;
+};
+
+/**
+ * Parses an argv array that contains a digest specification at each location
+ * within argv.
+ *
+ * The digest specification is as follows:
+ * - A pcr identifier as understood by strtoul with 0 as the base.
+ * - A colon followed by the algorithm hash specification.
+ * - The algorithm hash specification is as follows:
+ * - The algorithm friendly name or raw numerical as understood by
+ * strtoul with a base of 0.
+ * - An equals sign
+ * - The hex hash value,
+ *
+ * This all distills to a string that looks like this:
+ * <pcr index>:<hash alg id>=<hash value>
+ *
+ * Example:
+ * "4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15"
+ *
+ * Note:
+ * Multiple specifications of PCR and hash are OK. Multiple hashes
+ * cause the pcr to be extended with both hashes. Multiple same PCR
+ * values cause the PCR to be extended multiple times. Extension
+ * is done in order from left to right as specified.
+ *
+ * At most 5 hash extensions per PCR entry are supported. This
+ * is to keep the parser simple.
+ *
+ * @param sapi_context
+ * The system API context for hashing files with the tpm. This can
+ * be NULL if the argument vector doesn't have a file spec for the hash.
+ * @param argv
+ * The argv of digest specifications to parse.
+ * @param len
+ * The number of digest specifications to parse.
+ * @param digests
+ * An array of tpm2_pcr_digest_spec big enough to hold len items.
+ * @return
+ * True if parsing was successful, False otherwise.
+ * @note
+ * This function logs errors via LOG_ERR.
+ */
+bool pcr_parse_digest_list(char **argv, int len,
+ tpm2_pcr_digest_spec *digest_spec);
+
+/**
+ * Retrieves the size of a hash in bytes for a given hash
+ * algorithm or 0 if unknown/not found.
+ * @param id
+ * The HASH algorithm identifier.
+ * @return
+ * 0 on failure or the size of the hash bytes.
+ */
+UINT16 tpm2_alg_util_get_hash_size(TPMI_ALG_HASH id);
+
+/**
+ * Extracts the plain signature data without any headers
+ *
+ * Communicates errors via LOG_ERR.
+ *
+ * @param size
+ * Will receive the number of bytes stored in buffer.
+ * @signature The actual signature struct to extract the plain signature from.
+ * @return
+ * Returns a buffer filled with the extracted signature or NULL on error.
+ * Needs to be free()'d by the caller.
+ */
+UINT8* tpm2_extract_plain_signature(UINT16 *size, TPMT_SIGNATURE *signature);
+
+/**
+ * Retrieves an approproate signature scheme (scheme) signable by
+ * specified key (keyHandle) and hash algorithm (halg).
+ * @param sapi_context
+ * System API context for tpm
+ * @param keyHandle
+ * Handle to key used in signing operation
+ * @param halg
+ * Hash algoritm for message
+ * @param scheme
+ * Signature scheme output
+ * @return
+ * True if successful
+ * False otherwise, and scheme is left unmodified
+ */
+bool get_signature_scheme(TSS2_SYS_CONTEXT *sapi_context,
+ TPMI_DH_OBJECT keyHandle, TPMI_ALG_HASH halg,
+ TPMT_SIG_SCHEME *scheme);
+
+#endif /* LIB_TPM2_ALG_UTIL_H_ */
diff --git a/TPM2-Plugin/lib/include/tpm2_attr_util.h b/TPM2-Plugin/lib/include/tpm2_attr_util.h
new file mode 100644
index 0000000..2487982
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tpm2_attr_util.h
@@ -0,0 +1,98 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+#ifndef LIB_TPM2_ATTR_UTIL_H_
+#define LIB_TPM2_ATTR_UTIL_H_
+
+#include <stdbool.h>
+
+#include <sapi/tpm20.h>
+
+/**
+ * Converts a list of | (pipe) separated attributes as defined in tavle 204
+ * of https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+ * to an actual bit field representation. The trailing TPMA_NV_ can be omitted and must be lower-case.
+ * For exmaple, TPMA_NV_PPWRITE, bcomes ppwrite. To append them together, just do the pipe inbetwwen.
+ * ppwrite|ownerwrite.
+ *
+ * @param attribute_list
+ * The attribute string to parse, which may be modified in place.
+ * @param nvattrs
+ * The TPMA_NV attributes set based on the attribute list. Only valid on true returns.
+ * @return
+ * true on success, false on error.
+ */
+bool tpm2_attr_util_nv_strtoattr(char *attribute_list, TPMA_NV *nvattrs);
+
+/**
+ * Like tpm2_attr_util_nv_strtoattr() but converts TPMA_OBJECT attributes as defined in:
+ * Table 31 of https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+ * @param attribute_list
+ * The attribute string to parse, which may be modified in place.
+ * The TPMA_OBJECT attributes set based on the attribute list. Only valid on true returns.
+ * @return
+ * true on success, false on error.
+ */
+bool tpm2_attr_util_obj_strtoattr(char *attribute_list, TPMA_OBJECT *objattrs);
+
+/**
+ * Converts a numerical or friendly string described object attribute into the
+ * TPMA_OBJECT. Similar to tpm2_alg_util_from_optarg().
+ * @param argvalue
+ * Either a raw numeric for a UINT32 or a friendly name object attribute list
+ * as in tpm2_attr_util_nv_strtoattr().
+ * @param objattrs
+ * The converted bits for a TPMA_OBJECT
+ * @return
+ * true on success or false on error.
+ */
+bool tpm2_attr_util_obj_from_optarg(char *argvalue, TPMA_OBJECT *objattrs);
+
+/**
+ * Converts a TPMA_NV structure to a friendly name style string.
+ * @param nvattrs
+ * The nvattrs to convert to nice name.
+ * @return A string allocated with calloc(), callers shall use
+ * free() to free it. The string is a null terminated text representation
+ * of the TPMA_NV attributes.
+ */
+char *tpm2_attr_util_nv_attrtostr(TPMA_NV nvattrs);
+
+/**
+ * Like tpm2_nv_util_obj_strtoattr() but converts TPMA_OBJECT attributes as defined in:
+ * Table 31 of https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+ * @param objattrs
+ * The object parameters to convert to a name
+ * @return
+ * The name of the object attrs as a string that must be freed via free().
+ */
+char *tpm2_attr_util_obj_attrtostr(TPMA_OBJECT objattrs);
+
+#endif /* LIB_TPM2_ATTR_UTIL_H_ */
diff --git a/TPM2-Plugin/lib/include/tpm2_error.h b/TPM2-Plugin/lib/include/tpm2_error.h
new file mode 100644
index 0000000..0549edc
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tpm2_error.h
@@ -0,0 +1,136 @@
+//**********************************************************************;
+// Copyright (c) 2018, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+
+#ifndef LIB_TPM2_ERROR_H_
+#define LIB_TPM2_ERROR_H_
+
+#include <stdbool.h>
+
+#include <sapi/tpm20.h>
+
+/**
+ * Number of error layers
+ */
+#define TPM2_ERROR_TSS2_RC_LAYER_COUNT (TSS2_RC_LAYER_MASK >> TSS2_RC_LAYER_SHIFT)
+
+/**
+ * Mask for the error bits of tpm2 compliant return code.
+ */
+#define TPM2_ERROR_TSS2_RC_ERROR_MASK 0xFFFF
+
+/**
+ * Retrieves the error bits from a TSS2_RC. The error bits are
+ * contained in the first 2 octets.
+ * @param rc
+ * The rc to query for the error bits.
+ * @return
+ * The error bits.
+ */
+static inline UINT16 tpm2_error_get(TSS2_RC rc) {
+ return ((rc & TPM2_ERROR_TSS2_RC_ERROR_MASK));
+}
+
+/**
+ * A custom error handler prototype.
+ * @param rc
+ * The rc to decode with only the error bits set, ie no need to mask the
+ * layer bits out. Handlers will never be invoked with the error bits set
+ * to 0, as zero always indicates success.
+ * @return
+ * An error string describing the rc. If the handler cannot determine
+ * a valid response, it can return NULL indicating that the framework
+ * should just print the raw hexidecimal value of the error field of
+ * a tpm2_err_layer_rc.
+ * Note that this WILL NOT BE FREED by the caller,
+ * i.e. static.
+ */
+typedef const char *(*tpm2_error_handler)(TSS2_RC rc);
+
+/**
+ * Register or unregister a custom layer error handler.
+ * @param layer
+ * The layer in which to register a handler for. It is an error
+ * to register for the following reserved layers:
+ * - TSS2_TPM_RC_LAYER - layer 0
+ * - TSS2_SYS_RC_LAYER - layer 8
+ * - TSS2_MU_RC_LAYER - layer 9
+ * - TSS2_TCTI_RC_LAYER - layer 10
+ * @param name
+ * A friendly layer name. It is an error for the name to be of
+ * length 0 or greater than 4.
+ * @param handler
+ * The handler function to register or NULL to unregister.
+ * @return
+ * True on success or False on error.
+ */
+bool tpm2_error_set_handler(UINT8 layer, const char *name,
+ tpm2_error_handler handler);
+
+/**
+ * Given a TSS2_RC return code, provides a static error string in the format:
+ * <layer-name>:<layer-specific-msg>.
+ *
+ * The layer-name section will either be the friendly name, or if no layer
+ * handler is registered, the base10 layer number.
+ *
+ * The "layer-specific-msg" is layer specific and will contain details on the
+ * error that occurred or the error code if it couldn't look it up.
+ *
+ * Known layer specific substrings:
+ * TPM - The tpm layer produces 2 distinct format codes that allign with:
+ * - Section 6.6 of: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
+ * - Section 39.4 of: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
+ *
+ * The two formats are format 0 and format 1.
+ * Format 0 string format:
+ * - "<error|warn>(<version>): <description>
+ * - Examples:
+ * - error(1.2): bad tag
+ * - warn(2.0): the 1st handle in the handle area references a transient object or session that is not loaded
+ *
+ * Format 1 string format:
+ * - <handle|session|parameter>(<index>):<description>
+ * - Examples:
+ * - handle(unk):value is out of range or is not correct for the context
+ * - tpm:handle(5):value is out of range or is not correct for the context
+ *
+ * Note that passing TPM2_RC_SUCCESS results in the layer specific message of "success".
+ *
+ * The System, TCTI and Marshaling (MU) layers, all define simple string
+ * returns analogous to strerror(3).
+ *
+ * Unknown layers will have the layer number in decimal and then a layer specific string of
+ * a hex value representing the error code. For example: 9:0x3
+ *
+ * @param rc
+ * The error code to decode.
+ * @return
+ * A human understandable error description string.
+ */
+const char *tpm2_error_str(TSS2_RC rc);
+
+#endif /* LIB_TPM2_ERROR_H_ */
diff --git a/TPM2-Plugin/lib/include/tpm2_hash.h b/TPM2-Plugin/lib/include/tpm2_hash.h
new file mode 100644
index 0000000..7fab882
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tpm2_hash.h
@@ -0,0 +1,84 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+#ifndef SRC_TPM_HASH_H_
+#define SRC_TPM_HASH_H_
+
+#include <stdbool.h>
+
+#include <sapi/tpm20.h>
+
+/**
+ * Hashes a BYTE array via the tpm.
+ * @param sapi_context
+ * The system api context.
+ * @param hash_alg
+ * The hashing algorithm to use.
+ * @param hierarchy
+ * The hierarchy.
+ * @param buffer
+ * The data to hash.
+ * @param length
+ * The length of the data.
+ * @param result
+ * The digest result.
+ * @param validation
+ * The validation ticket. Note that some hierarchies don't produce a
+ * validation ticket and thus size will be 0.
+ * @return
+ * True on success, false otherwise.
+ */
+bool tpm2_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH halg,
+ TPMI_RH_HIERARCHY hierarchy, BYTE *buffer, UINT16 length,
+ TPM2B_DIGEST *result, TPMT_TK_HASHCHECK *validation);
+
+/**
+ * Hashes a FILE * object via the tpm.
+ * @param sapi_context
+ * The system api context.
+ * @param hash_alg
+ * The hashing algorithm to use.
+ * @param hierarchy
+ * The hierarchy.
+ * @param input
+ * The FILE object to hash.
+ * @param result
+ * The digest result.
+ * @param validation
+ * The validation ticket. Note that some hierarchies don't produce a
+ * validation ticket and thus size will be 0.
+ * @return
+ * True on success, false otherwise.
+ */
+bool tpm2_hash_file(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH halg,
+ TPMI_RH_HIERARCHY hierarchy, FILE *input, TPM2B_DIGEST *result,
+ TPMT_TK_HASHCHECK *validation);
+
+#endif /* SRC_TPM_HASH_H_ */
diff --git a/TPM2-Plugin/lib/include/tpm2_plugin_api.h b/TPM2-Plugin/lib/include/tpm2_plugin_api.h
new file mode 100644
index 0000000..238af99
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tpm2_plugin_api.h
@@ -0,0 +1,136 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+
+#ifndef __TPM_API_H__
+#define __TPM_API_H__
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+#include <ctype.h>
+#include <getopt.h>
+
+#include <sapi/tpm20.h>
+
+#include "plugin_register.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define TPM_SKM_SRK_HANDLE 0x81000011
+
+#define TPM_SKM_AC0_HANDLE 0x90000000
+#define TPM_SKM_AC1_HANDLE 0x90000001
+#define TPM_SKM_AC2_HANDLE 0x90000002
+
+#define TPM_SKM_APP_HANDLE 0x91100001
+
+#define INIT_SIMPLE_TPM2B_SIZE( type ) (type).t.size = sizeof( type ) - 2;
+
+#define APP_RC_OFFSET 0x100
+
+#define TSS2_APP_RC_PASSED (APP_RC_PASSED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_GET_NAME_FAILED (APP_RC_GET_NAME_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_CREATE_SESSION_KEY_FAILED (APP_RC_CREATE_SESSION_KEY_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_SESSION_SLOT_NOT_FOUND (APP_RC_SESSION_SLOT_NOT_FOUND + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_BAD_ALGORITHM (APP_RC_BAD_ALGORITHM + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_SYS_CONTEXT_CREATE_FAILED (APP_RC_SYS_CONTEXT_CREATE_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_GET_SESSION_STRUCT_FAILED (APP_RC_GET_SESSION_STRUCT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_GET_SESSION_ALG_ID_FAILED (APP_RC_GET_SESSION_ALG_ID_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED (APP_RC_INIT_SYS_CONTEXT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_TEARDOWN_SYS_CONTEXT_FAILED (APP_RC_TEARDOWN_SYS_CONTEXT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+#define TSS2_APP_RC_BAD_LOCALITY (APP_RC_BAD_LOCALITY + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
+
+enum TSS2_APP_RC_CODE
+{
+ APP_RC_PASSED,
+ APP_RC_GET_NAME_FAILED,
+ APP_RC_CREATE_SESSION_KEY_FAILED,
+ APP_RC_SESSION_SLOT_NOT_FOUND,
+ APP_RC_BAD_ALGORITHM,
+ APP_RC_SYS_CONTEXT_CREATE_FAILED,
+ APP_RC_GET_SESSION_STRUCT_FAILED,
+ APP_RC_GET_SESSION_ALG_ID_FAILED,
+ APP_RC_INIT_SYS_CONTEXT_FAILED,
+ APP_RC_TEARDOWN_SYS_CONTEXT_FAILED,
+ APP_RC_BAD_LOCALITY
+};
+
+TSS2_SYS_CONTEXT *InitSysContext (UINT16 maxCommandSize,
+ TSS2_TCTI_CONTEXT *tctiContext,
+ TSS2_ABI_VERSION *abiVersion );
+
+void TeardownSysContext( TSS2_SYS_CONTEXT **sysContext );
+
+TSS2_RC TeardownTctiResMgrContext( TSS2_TCTI_CONTEXT *tctiContext );
+
+int tpm2_rsa_create_object(
+ unsigned long appHandle,
+ //DhsmWPKRSAFormat* wpk,
+ void *wpk,
+ unsigned char* swk,
+ int swk_len,
+ unsigned char* iv,
+ int iv_len,
+ int tag_len,
+ void **cb_object);
+
+int tpm2_rsa_delete_object(
+ void *cb_object);
+
+int tpm2_rsa_sign_init(
+ unsigned long mechanish,
+ void *param,
+ size_t len,
+ void *ctx);
+
+int tpm2_rsa_sign(
+ void *ctx,
+ unsigned char *msg,
+ int msg_len,
+ unsigned char *sig,
+ int *sig_len);
+
+
+int tpm2_import_object(
+ unsigned long appHandle,
+ unsigned char* tlvbuffer,
+ int buflen,
+ unsigned char* iv,
+ int iv_len,
+ unsigned char* tpm_pwd,
+ int tpm_pwd_len);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif
diff --git a/TPM2-Plugin/lib/include/tpm2_tcti_ldr.h b/TPM2-Plugin/lib/include/tpm2_tcti_ldr.h
new file mode 100644
index 0000000..1e20d3d
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tpm2_tcti_ldr.h
@@ -0,0 +1,62 @@
+//**********************************************************************;
+// Copyright (c) 2018, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+
+#include <sapi/tpm20.h>
+
+#ifndef LIB_TPM2_TCTI_LDR_H_
+#define LIB_TPM2_TCTI_LDR_H_
+
+/**
+ * Loads a TCTI from a friendly name, library name, or path.
+ * For example
+ * friendly: path = tabrmd
+ * library name: path = libtcti-socket.so
+ * full path: path = /home/user/lib/libtcti-custom.so
+ * @param path
+ * The path/library to load.
+ * @param opts
+ * The tcti option configs.
+ * @return
+ * A tcti context on success or NULL on failure.
+ */
+TSS2_TCTI_CONTEXT *tpm2_tcti_ldr_load(const char *path, const char *opts);
+
+/**
+ * Returns the loaded TCTIs information structure,
+ * which contains the initialization routine, description
+ * and help string amongst other things.
+ * @return
+ * NULL if no TCTI is loaded, else the info structure pointer.
+ */
+const TSS2_TCTI_INFO *tpm2_tcti_ldr_getinfo(void);
+
+/**
+ * Unloads the tcti loaded via tpm2_tcti_ldr_load();
+ */
+void tpm2_tcti_ldr_unload(void);
+
+#endif /* LIB_TPM2_TCTI_LDR_H_ */
diff --git a/TPM2-Plugin/lib/include/tpm2_util.h b/TPM2-Plugin/lib/include/tpm2_util.h
new file mode 100644
index 0000000..edc759d
--- /dev/null
+++ b/TPM2-Plugin/lib/include/tpm2_util.h
@@ -0,0 +1,325 @@
+//**********************************************************************;
+// Copyright (c) 2017, Intel Corporation
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met:
+//
+// 1. Redistributions of source code must retain the above copyright notice,
+// this list of conditions and the following disclaimer.
+//
+// 2. Redistributions in binary form must reproduce the above copyright notice,
+// this list of conditions and the following disclaimer in the documentation
+// and/or other materials provided with the distribution.
+//
+// 3. Neither the name of Intel Corporation nor the names of its contributors
+// may be used to endorse or promote products derived from this software without
+// specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+// THE POSSIBILITY OF SUCH DAMAGE.
+//**********************************************************************;
+#ifndef STRING_BYTES_H
+#define STRING_BYTES_H
+
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdio.h>
+
+#include <sapi/tpm20.h>
+
+#include "tpm2_error.h"
+
+#if defined (__GNUC__)
+#define COMPILER_ATTR(...) __attribute__((__VA_ARGS__))
+#else
+#define COMPILER_ATTR(...)
+#endif
+
+#define xstr(s) str(s)
+#define str(s) #s
+
+#define UNUSED(x) (void)x
+
+#define ARRAY_LEN(x) (sizeof(x)/sizeof(x[0]))
+
+#define BUFFER_SIZE(type, field) (sizeof((((type *)NULL)->field)))
+
+#define TSS2_APP_RC_LAYER TSS2_RC_LAYER(5)
+
+#define TPM2B_TYPE_INIT(type, field) { .size = BUFFER_SIZE(type, field), }
+#define TPM2B_INIT(xsize) { .size = xsize, }
+#define TPM2B_EMPTY_INIT TPM2B_INIT(0)
+#define TPM2B_SENSITIVE_CREATE_EMPTY_INIT { \
+ .sensitive = { \
+ .data = { \
+ .size = 0 \
+ }, \
+ .userAuth = { \
+ .size = 0 \
+ } \
+ } \
+ }
+
+#define TPMS_AUTH_COMMAND_INIT(session_handle) { \
+ .sessionHandle = session_handle,\
+ .nonce = TPM2B_EMPTY_INIT, \
+ .sessionAttributes = TPMA_SESSION_CONTINUESESSION, \
+ .hmac = TPM2B_EMPTY_INIT \
+ }
+
+#define TPMS_AUTH_COMMAND_EMPTY_INIT TPMS_AUTH_COMMAND_INIT(0)
+
+
+#define TPMT_TK_CREATION_EMPTY_INIT { \
+ .tag = 0, \
+ .hierarchy = 0, \
+ .digest = TPM2B_EMPTY_INIT \
+ }
+
+#define TPML_PCR_SELECTION_EMPTY_INIT { \
+ .count = 0, \
+ } //ignore pcrSelections since count is 0.
+
+#define TPMS_CAPABILITY_DATA_EMPTY_INIT { \
+ .capability = 0, \
+ } // ignore data since capability is 0.
+
+#define TPMT_TK_HASHCHECK_EMPTY_INIT { \
+ .tag = 0, \
+ .hierarchy = 0, \
+ .digest = TPM2B_EMPTY_INIT \
+ }
+
+#define TSS2L_SYS_AUTH_COMMAND_INIT(cnt, array) { \
+ .count = cnt, \
+ .auths = array, \
+ }
+
+/*
+ * This macro is useful as a wrapper around SAPI functions to automatically
+ * retry function calls when the RC is TPM2_RC_RETRY.
+ */
+#define TSS2_RETRY_EXP(expression) \
+ ({ \
+ TSS2_RC __result = 0; \
+ do { \
+ __result = (expression); \
+ } while (tpm2_error_get(__result) == TPM2_RC_RETRY); \
+ __result; \
+ })
+
+/**
+ * prints output to stdout respecting the quiet option.
+ * Ie when quiet, don't print.
+ * @param fmt
+ * The format specifier, ala printf.
+ * @param ...
+ * The varargs, just like printf.
+ */
+#define tpm2_tool_output(fmt, ...) \
+ do { \
+ if (output_enabled) { \
+ printf(fmt, ##__VA_ARGS__); \
+ } \
+ } while (0)
+
+int tpm2_util_hex_to_byte_structure(const char *inStr, UINT16 *byteLenth, BYTE *byteBuffer);
+
+/**
+ * Appends a TPM2B buffer to a MAX buffer.
+ * @param result
+ * The MAX buffer to append to
+ * @param append
+ * The buffer to append to result.
+ * @return
+ * true on success, false otherwise.
+ */
+bool tpm2_util_concat_buffer(TPM2B_MAX_BUFFER *result, TPM2B *append);
+
+/**
+ * Converts a numerical string into a uint32 value.
+ * @param str
+ * The numerical string to convert.
+ * @param value
+ * The value to store the conversion into.
+ * @return
+ * true on success, false otherwise.
+ */
+bool tpm2_util_string_to_uint32(const char *str, uint32_t *value);
+
+/**
+ * Converts a numerical string into a uint16 value.
+ * @param str
+ * The numerical string to convert.
+ * @param value
+ * The value to store the conversion into.
+ * @return
+ * true on success, false otherwise.
+ */
+bool tpm2_util_string_to_uint16(const char *str, uint16_t *value);
+
+/**
+ * Prints an xxd compatible hexdump to stdout if output is enabled,
+ * ie no -Q option.
+ *
+ * @param data
+ * The data to print.
+ * @param len
+ * The length of the data.
+ * @param plain
+ * true for a plain hex string false for an xxd compatable
+ * dump.
+ */
+void tpm2_util_hexdump(const BYTE *data, size_t len, bool plain);
+
+/**
+ * Prints an xxd compatible hexdump to stdout if output is enabled,
+ * ie no -Q option.
+ *
+ * @param fd
+ * A readable open file.
+ * @param len
+ * The length of the data to read and print.
+ * @param plain
+ * true for a plain hex string false for an xxd compatable
+ * dump.
+ * @return
+ * true if len bytes were successfully read and printed,
+ * false otherwise
+ */
+bool tpm2_util_hexdump_file(FILE *fd, size_t len, bool plain);
+
+/**
+ * Prints a TPM2B as a hex dump.
+ * @param buffer the TPM2B to print.
+ */
+static inline void tpm2_util_print_tpm2b(TPM2B *buffer) {
+
+ return tpm2_util_hexdump(buffer->buffer, buffer->size, true);
+}
+
+/**
+ * Reads a TPM2B object from FILE* and prints data in hex.
+ * @param fd
+ * A readable open file.
+ */
+bool tpm2_util_print_tpm2b_file(FILE *fd);
+
+/**
+ * Copies a tpm2b from dest to src and clears dest if src is NULL.
+ * If src is NULL, it is a NOP.
+ * @param dest
+ * The destination TPM2B
+ * @param src
+ * The source TPM2B
+ * @return
+ * The number of bytes copied.
+ */
+UINT16 tpm2_util_copy_tpm2b(TPM2B *dest, TPM2B *src);
+
+/**
+ * Checks if the host is big endian
+ * @return
+ * True of the host is big endian false otherwise.
+ */
+bool tpm2_util_is_big_endian(void);
+
+/**
+ * Swaps the endianess of 16 bit value.
+ * @param data
+ * A 16 bit value to swap the endianess on.
+ * @return
+ * The 16 bit value with the endianess swapped.
+ */
+UINT16 tpm2_util_endian_swap_16(UINT16 data);
+
+/**
+ * Just like string_bytes_endian_convert_16 but for 32 bit values.
+ */
+UINT32 tpm2_util_endian_swap_32(UINT32 data);
+
+/**
+ * Just like string_bytes_endian_convert_16 but for 64 bit values.
+ */
+UINT64 tpm2_util_endian_swap_64(UINT64 data);
+
+/**
+ * Converts a 16 bit value from host endianess to network endianess.
+ * @param data
+ * The data to possibly swap endianess.
+ * @return
+ * The swapped data.
+ */
+UINT16 tpm2_util_hton_16(UINT16 data);
+
+/**
+ * Just like string_bytes_endian_hton_16 but for 32 bit values.
+ */
+UINT32 tpm2_util_hton_32(UINT32 data);
+
+/**
+ * Just like string_bytes_endian_hton_16 but for 64 bit values.
+ */
+UINT64 tpm2_util_hton_64(UINT64 data);
+
+/**
+ * Converts a 16 bit value from network endianess to host endianess.
+ * @param data
+ * The data to possibly swap endianess.
+ * @return
+ * The swapped data.
+ */
+UINT16 tpm2_util_ntoh_16(UINT16 data);
+
+/**
+ * Just like string_bytes_endian_ntoh_16 but for 32 bit values.
+ */
+UINT32 tpm2_util_ntoh_32(UINT32 data);
+
+/**
+ * Just like string_bytes_endian_ntoh_16 but for 64 bit values.
+ */
+UINT64 tpm2_util_ntoh_64(UINT64 data);
+
+/**
+ * Counts the number of set bits aka a population count.
+ * @param data
+ * The data to count set bits in.
+ * @return
+ * The number of set bits or population count.
+ */
+UINT32 tpm2_util_pop_count(UINT32 data);
+
+/**
+ * Prints whitespace indention for yaml output.
+ * @param indent_count
+ * Number of times to indent
+ */
+void print_yaml_indent(size_t indent_count);
+
+/**
+ * Convert a TPM2B_PUBLIC into a yaml format and output if not quiet.
+ * @param public
+ * The TPM2B_PUBLIC to output in YAML format.
+ */
+void tpm2_util_public_to_yaml(TPM2B_PUBLIC *public);
+
+
+/**
+ * Convert a TPMA_OBJECT to a yaml format and output if not quiet.
+ * @param obj
+ * The TPMA_OBJECT attributes to print.
+ */
+void tpm2_util_tpma_object_to_yaml(TPMA_OBJECT obj);
+
+#endif /* STRING_BYTES_H */