diff options
Diffstat (limited to 'TPM2-Plugin/lib/include')
| -rw-r--r-- | TPM2-Plugin/lib/include/files.h | 366 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/log.h | 107 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/plugin_api.h | 48 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/plugin_register.h | 196 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tcti_util.h | 109 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tpm2_alg_util.h | 196 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tpm2_attr_util.h | 98 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tpm2_error.h | 136 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tpm2_hash.h | 84 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tpm2_plugin_api.h | 136 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tpm2_tcti_ldr.h | 62 | ||||
| -rw-r--r-- | TPM2-Plugin/lib/include/tpm2_util.h | 325 |
12 files changed, 1863 insertions, 0 deletions
diff --git a/TPM2-Plugin/lib/include/files.h b/TPM2-Plugin/lib/include/files.h new file mode 100644 index 0000000..164e308 --- /dev/null +++ b/TPM2-Plugin/lib/include/files.h @@ -0,0 +1,366 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; +#ifndef FILES_H +#define FILES_H + +#include <stdbool.h> +#include <stdio.h> + +#include <sapi/tpm20.h> + +/** + * Reads a series of bytes from a file as a byte array. This is similar to files_read_bytes(), + * but opens and closes the FILE for the caller. Size is both an input and output value where + * the size value is the max buffer size on call and the returned size is how much was read. + * + * This interface could be cleaned up in a later revision. + * @param path + * The path to the file to open. + * @param buf + * The buffer to read the data into + * @param size + * The max size of the buffer on call, and the size of the data read on return. + * @return + * True on success, false otherwise. + */ +bool files_load_bytes_from_path(const char *path, UINT8 *buf, UINT16 *size); + +/** + * Loads data from a file path or stdin enforcing an upper bound on size. + * @param path + * The path to load data from, NULL means stdin. + * @param size + * The maximum size. + * @param buf + * The buffer to write the data into. + * @return + * True on success or false otherwise. + */ +bool files_load_bytes_from_file_or_stdin(const char *path, UINT16 *size, BYTE *buf); + +/** + * Similar to files_write_bytes(), in that it writes an array of bytes to disk, + * but this routine opens and closes the file on the callers behalf. + * @param path + * The path to the file to write the data to. + * @param buf + * The buffer of data to write + * @param size + * The size of the data to write in bytes. + * @return + * True on success, false otherwise. + */ +bool files_save_bytes_to_file(const char *path, UINT8 *buf, UINT16 size); + +/** + * Saves the TPM context for an object handle to disk by calling Tss2_Sys_ContextSave() and serializing the + * resulting TPMS_CONTEXT structure to disk. + * @param sapi_context + * The system api context + * @param handle + * The object handle for the object to save. + * @param path + * The output path of the file. + * + * @return + * True on success, False on error. + */ +bool files_save_tpm_context_to_path(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE handle, const char *path); + +/** + * Like files_save_tpm_context_to_path() but saves a tpm session to a FILE stream. + * @param sapi_context + * The system api context + * @param handle + * The object handle for the object to save. + * @param stream + * The FILE stream to save too. + * @return + * True on success, False on error. + */ +bool files_save_tpm_context_to_file(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE handle, + FILE *stream); + +/** + * Loads a TPM object context from disk. + * @param sapi_context + * The system API context + * @param handle + * The object handle that was saved. + * @param path + * The path to the input file. + * @return + * True on Success, false on error. + */ +bool files_load_tpm_context_from_path(TSS2_SYS_CONTEXT *sapi_context, TPM2_HANDLE *handle, const char *path); + +/** + * Like files_load_tpm_context_from_path() but loads the context from a FILE stream. + * @param sapi_context + * The system API context + * @param handle + * The object handle that was saved. + * @param stream + * The FILE stream to read from. + * @return + * True on success, False on error. + */ +bool files_load_tpm_context_from_file(TSS2_SYS_CONTEXT *sapi_context, + TPM2_HANDLE *handle, FILE *stream); + +/** + * Serializes a TPM2B_PUBLIC to the file path provided. + * @param public + * The TPM2B_PUBLIC to save to disk. + * @param path + * The path to save to. + * @return + * true on success, false on error. + */ +bool files_save_public(TPM2B_PUBLIC *public, const char *path); + +/** + * Loads a TPM2B_PUBLIC from disk that was saved with files_save_pubkey() + * @param path + * The path to load from. + * @param public + * The TPM2B_PUBLIC to load. + * @return + * true on success, false on error. + */ +bool files_load_public(const char *path, TPM2B_PUBLIC *public); + +/** + * Serializes a TPMT_SIGNATURE to the file path provided. + * @param signature + * The TPMT_SIGNATURE to save to disk. + * @param path + * The path to save to. + * @return + * true on success, false on error. + */ +bool files_save_signature(TPMT_SIGNATURE *signature, const char *path); + +/** + * Loads a TPMT_SIGNATURE from disk that was saved with files_save_signature() + * @param path + * The path to load from. + * @param signature + * The TPMT_SIGNATURE to load. + * @return + * true on success, false on error. + */ +bool files_load_signature(const char *path, TPMT_SIGNATURE *signature); + +/** + * Serializes a TPMT_TK_VERIFIED to the file path provided. + * @param signature + * The TPMT_SIGNATURE to save to disk. + * @param path + * The path to save to. + * @return + * true on success, false on error. + */ +bool files_save_ticket(TPMT_TK_VERIFIED *ticket, const char *path); + +/** + * Loads a TPMT_TK_VERIFIED from disk that was saved with files_save_ticket() + * @param path + * The path to load from. + * @param signature + * The TPMT_TK_VERIFIED to load. + * @return + * true on success, false on error. + */ +bool files_load_ticket(const char *path, TPMT_TK_VERIFIED *ticket); + +/** + * Loads a TPM2B_SENSITIVE from disk. + * @param path + * The path to load from. + * @param signature + * The TPM2B_SENSITIVE to load. + * @return + * true on success, false on error. + */ +bool files_load_sensitive(const char *path, TPM2B_SENSITIVE *sensitive); + +/** + * Serializes a TPMT_TK_HASHCHECK to the file path provided. + * @param validation + * The TPMT_TK_HASHCHECK to save to disk. + * @param path + * The path to save to. + * @return + * true on success, false on error. + */ +bool files_save_validation(TPMT_TK_HASHCHECK *validation, const char *path); + +/** + * Loads a TPMT_TK_HASHCHECK from disk. + * @param path + * The path to load from. + * @param validation + * The TPMT_TK_HASHCHECK to load. + * @return + * true on success, false on error. + */ +bool files_load_validation(const char *path, TPMT_TK_HASHCHECK *validation); + +/** + * Checks a file for existence. + * @param path + * The file to check for existence. + * @return + * true if a file exists with read permissions, false if it doesn't exist or an error occurs. + * + */ +bool files_does_file_exist(const char *path); + +/** + * Retrieves a files size given a file path. + * @param path + * The path of the file to retreive the size of. + * @param file_size + * A pointer to an unsigned long to return the file size. The + * pointed to value is valid only on a true return. + * + * @return + * True for success or False for error. + */ +bool files_get_file_size_path(const char *path, unsigned long *file_size); + +/** + * Similar to files_get_file_size_path(), but uses an already opened FILE object. + * @param fp + * The file pointer to query the size of. + * @param file_size + * Output of the file size. + * @param path + * An optional path used for error reporting, a NULL path disables error logging. + * @return + * True on success, False otherwise. + */ +bool files_get_file_size(FILE *fp, unsigned long *file_size, const char *path); + +/** + * Writes a TPM2.0 header to a file. + * @param f + * The file to write to. + * @param version + * The version number of the format of the file. + * @return + * True on success, false on error. + */ +bool files_write_header(FILE *f, UINT32 version); + +/** + * Reads a TPM2.0 header from a file. + * @param f + * The file to read. + * @param version + * The version that was found. + * @return + * True on Success, False on error. + */ +bool files_read_header(FILE *f, UINT32 *version); + +/** + * Writes a 16 bit value to the file in big endian, converting + * if needed. + * @param out + * The file to write. + * @param data + * The 16 bit value to write. + * @return + * True on success, False on error. + */ +bool files_write_16(FILE *out, UINT16 data); + +/** + * Same as files_write_16 but for 32 bit values. + */ +bool files_write_32(FILE *out, UINT32 data); + +/** + * Same as files_write_16 but for 64 bit values. + */ +bool files_write_64(FILE *out, UINT64 data); + +/** + * Writes a byte array out to a file. + * @param out + * The file to write to. + * @param data + * The data to write. + * @param size + * The size of the data to write in bytes. + * @return + * True on success, False otherwise. + */ +bool files_write_bytes(FILE *out, UINT8 data[], size_t size); + +/** + * Reads a 16 bit value from a file converting from big endian to host + * endianess. + * @param out + * The file to read from. + * @param data + * The data that is read, valid on a true return. + * @return + * True on success, False on error. + */ +bool files_read_16(FILE *out, UINT16 *data); + +/** + * Same as files_read_16 but for 32 bit values. + */ +bool files_read_32(FILE *out, UINT32 *data); + +/** + * Same as files_read_16 but for 64 bit values. + */ +bool files_read_64(FILE *out, UINT64 *data); + +/** + * Reads len bytes from a file. + * @param out + * The file to read from. + * @param data + * The buffer to read into, only valid on a True return. + * @param size + * The number of bytes to read. + * @return + * True on success, False otherwise. + */ +bool files_read_bytes(FILE *out, UINT8 data[], size_t size); + +#endif /* FILES_H */ diff --git a/TPM2-Plugin/lib/include/log.h b/TPM2-Plugin/lib/include/log.h new file mode 100644 index 0000000..c4ae0bd --- /dev/null +++ b/TPM2-Plugin/lib/include/log.h @@ -0,0 +1,107 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; +#ifndef SRC_LOG_H_ +#define SRC_LOG_H_ + +#include <stdbool.h> +#include <stdio.h> + +#include <sapi/tpm20.h> + +#include "tpm2_error.h" +#include "tpm2_util.h" + +typedef enum log_level log_level; +enum log_level { + log_level_error, + log_level_warning, + log_level_verbose +}; + +void _log (log_level level, const char *file, unsigned lineno, const char *fmt, ...) + COMPILER_ATTR(format (printf, 4, 5)); + +/* + * Prints an error message. The fmt and variadic arguments mirror printf. + * + * Use this to log all error conditions. + */ +#define LOG_ERR(fmt, ...) _log(log_level_error, __FILE__, __LINE__, fmt, ##__VA_ARGS__) + +/** + * Prints an error message for a TSS2_Sys call to the TPM. + * The format is <function-name>(0x<rc>) - <error string> + * @param func + * The function that caused the error + * @param rc + * The return code to print. + */ +#define LOG_PERR(func, rc) _LOG_PERR(xstr(func), rc) + +/** + * Internal use only. + * + * Handles the expanded LOG_PERR call checking argument values + * and handing them off to LOG_ERR. + * @param func + * The function name. + * @param rc + * The rc to decode. + */ +static inline void _LOG_PERR(const char *func, TSS2_RC rc) { + + LOG_ERR("%s(0x%X) - %s", func, rc, tpm2_error_str(rc)); +} + +/* + * Prints an warning message. The fmt and variadic arguments mirror printf. + * + * Use this to log a warning. A warning is when something is wrong, but it is not a fatal + * issue. + */ +#define LOG_WARN(fmt, ...) _log(log_level_warning, __FILE__, __LINE__, fmt, ##__VA_ARGS__) + +/* + * Prints an informational message. The fmt and variadic arguments mirror printf. + * + * Informational messages are only shown when verboseness is increased. Valid messages + * would be debugging type messages where additional, extraneous information is printed. + */ +#define LOG_INFO(fmt, ...) _log(log_level_verbose, __FILE__, __LINE__, fmt, ##__VA_ARGS__) + +/** + * Sets the log level so only messages <= to it print. + * @param level + * The logging level to set. + */ +void log_set_level (log_level level); + +#endif /* SRC_LOG_H_ */ diff --git a/TPM2-Plugin/lib/include/plugin_api.h b/TPM2-Plugin/lib/include/plugin_api.h new file mode 100644 index 0000000..5f4b924 --- /dev/null +++ b/TPM2-Plugin/lib/include/plugin_api.h @@ -0,0 +1,48 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; + +#ifndef __PLUGIN_API_H__ +#define __PLUGIN_API_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +int plugin_configure(char *configPath); + +void plugin_assign_hw_instance(); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/TPM2-Plugin/lib/include/plugin_register.h b/TPM2-Plugin/lib/include/plugin_register.h new file mode 100644 index 0000000..a154a24 --- /dev/null +++ b/TPM2-Plugin/lib/include/plugin_register.h @@ -0,0 +1,196 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; + +#ifndef __PLUGIN_REGISTER_H__ +#define __PLUGIN_REGISTER_H__ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Callback function definitions + */ + +typedef int (*fp_crypto_rsa_decrypt_init) ( + /* IN */ + unsigned long mechanism, /* PKCS#11 Mechanism */ + void *param, /* PKCS#11 Paramter */ + unsigned long param_len, /* PKCS#11 Parameter len */ + /* OUT */ + void *cb /* Address of pointer to store context block */ + ); + +typedef int (*fp_crypto_rsa_decrypt) ( + /* IN */ + void* cb, /* Pointer Crypto Block which is created during decrypt_init */ + unsigned char* cipher, /* Input Cipher data */ + int cipher_length, /* Ciphet data length */ + /* OUT */ + unsigned char* out_data, /* Decrypted output data */ + int* out_data_len /* output length */ + ); + +typedef int (*fp_crypto_rsa_sign_init) ( + /* IN */ + unsigned long mechanism, /* PKCS#11 Mechanism */ + void *param, /* PKCS#11 Paramter */ + unsigned long param_len, /* PKCS#11 Parameter len */ + /* OUT */ + void *cb /* Address of pointer to store context block */ + ); + +typedef int (*fp_crypto_rsa_sign_update) ( + /* IN */ + void *cb, /* Previously created context block (during sign_init) passed */ + void *pPart, /* pPart */ + unsigned long ulPartLen /* ulPartLen */ + ); + +typedef int (*fp_crypto_rsa_sign_final) ( + /* IN */ + void *cb, /* Previously passed context block */ + /* OUT */ + unsigned char *sig, /* Output Signature buffer */ + int *sigLen /* Pointer to hold signature buffer length */ + ); + +typedef int (*fp_crypto_rsa_sign) ( + /* IN */ + void *cb, /* Previously created context block (during sign_init) passed */ + unsigned char* msg, /* Data to be signed */ + int msg_len, /* Input data length */ + /* OUT */ + unsigned char *sig, /* Output Signature buffer */ + int *sig_len /* Pointer to hold signature buffer length */ + ); + +typedef int (*fp_crypto_ecdsa_sign) ( + /* IN */ + void *cb, /* Previously created context block (during sign_init) passed */ + unsigned char* data, /* Data to be signed */ + int data_len, /* Input data length */ + /* OUT */ + unsigned char *sig, /* Output Signature buffer */ + int *sig_len /* Pointer to hold signature buffer length */ + ); + +typedef int (*fp_crypto_ecdsa_verify) ( + /* IN */ + unsigned long appHandle, /* Application handle needed for QAT KPT mode */ + //DhsmWPKECDSAFormat *wpk, /* Wrapped Private Key strcuture for ECDSA */ + void *wpk, /* Wrapped Private Key strcuture for ECDSA */ + unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */ + int swk_len, /* SWK length */ + unsigned char* iv, /* IV value used during Application Key encryption */ + int iv_len, /* IV length */ + int tag_len, /* AES-GCM tag length */ + unsigned char* data, /* Data which is used for signing */ + int data_len, /* Input data length */ + unsigned char *sig, /* Signature value */ + int sig_len, /* Signature length */ + /* OUT */ + int* verifyResult /* Pointer to hold the verification result */ + ); + +typedef int (*fp_crypto_del_apphandle) (unsigned long skmKeyHandle); + +// SWK related operations +typedef int (*fp_crypto_swk_getParentKey) (unsigned char** tlvbuffer, int* buflen); +typedef int (*fp_crypto_swk_import) ( + unsigned long appHandle, + unsigned char* tlvbuffer, + int buflen, + unsigned char* iv, + int iv_len, + unsigned char* tpm_pwd, + int tpm_pwd_len); + +typedef int (*fp_crypto_rsa_create_object) ( + unsigned long appHandle, /* Application handle needed for QAT KPT mode */ + //DhsmWPKRSAFormat *wpk, /* Wrapped Private Key structure for RSA */ + void *wpk, /* Wrapped Private Key structure for RSA */ + unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */ + int swk_len, /* SWK length */ + unsigned char* iv, /* IV value used during Application Key encryption */ + int iv_len, /* IV length */ + int tag_len, /* AES-GCM tag length */ + void **cb_object /* Pointer to store context block */ + ); + +typedef int (*fp_crypto_rsa_delete_object) ( + void *cb_object /* Pointer Crypto Block which is created during decrypt_create_object */ + ); + +typedef int (*fp_crypto_ecdsa_create_object) ( + unsigned long appHandle, /* Application handle needed for QAT KPT mode */ + //DhsmWPKECDSAFormat *wpk, /* Wrapped Private Key structure for RSA */ + void *wpk, /* Wrapped Private Key structure for RSA */ + unsigned char* swk, /* Symmetric Wrapping Key (SWK) value */ + int swk_len, /* SWK length */ + unsigned char* iv, /* IV value used during Application Key encryption */ + int iv_len, /* IV length */ + int tag_len, /* AES-GCM tag length */ + void **cb_object /* Pointer to store context block */ + ); + +typedef int (*fp_crypto_ecdsa_delete_object) ( + void *cb_object /* Pointer Crypto Block which is created during decrypt_create_object */ + ); + + +typedef struct +{ + fp_crypto_rsa_decrypt_init cb_crypto_rsa_decrypt_init; + fp_crypto_rsa_decrypt cb_crypto_rsa_decrypt; + fp_crypto_rsa_sign_init cb_crypto_rsa_sign_init; + fp_crypto_rsa_sign_update cb_crypto_rsa_sign_update; + fp_crypto_rsa_sign_final cb_crypto_rsa_sign_final; + fp_crypto_rsa_sign cb_crypto_rsa_sign; + fp_crypto_ecdsa_sign cb_crypto_ecdsa_sign; + fp_crypto_ecdsa_verify cb_crypto_ecdsa_verify; + fp_crypto_del_apphandle cb_crypto_del_apphandle; + fp_crypto_swk_getParentKey cb_crypto_swk_getParentKey; + fp_crypto_swk_import cb_crypto_swk_import; + fp_crypto_rsa_create_object cb_crypto_rsa_create_object; + fp_crypto_rsa_delete_object cb_crypto_rsa_delete_object; + fp_crypto_ecdsa_create_object cb_crypto_ecdsa_create_object; + fp_crypto_ecdsa_delete_object cb_crypto_ecdsa_delete_object; + +} plugin_register; + + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/TPM2-Plugin/lib/include/tcti_util.h b/TPM2-Plugin/lib/include/tcti_util.h new file mode 100644 index 0000000..1b3b289 --- /dev/null +++ b/TPM2-Plugin/lib/include/tcti_util.h @@ -0,0 +1,109 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; + +// +// The context for TCTI implementations is on opaque +// structure. There shall never be a definition of its content. +// Implementation provide the size information to +// applications via the initialize call. +// This makes use of a compiler trick that allows type +// checking of the pointer even though the type isn't +// defined. +// +// The first field of a Context must be the common part +// (see below). +#ifndef TSS2_TCTI_UTIL_H +#define TSS2_TCTI_UTIL_H + +#if defined linux || defined unix +#include <sys/socket.h> +#define SOCKET int +#endif + +#include <tcti/common.h> + +#define TCTI_MAGIC 0x7e18e9defa8bc9e2 +#define TCTI_VERSION 0x1 + +#define TCTI_LOG_CALLBACK(ctx) ((TSS2_TCTI_CONTEXT_INTEL*)ctx)->logCallback +#define TCTI_LOG_DATA(ctx) ((TSS2_TCTI_CONTEXT_INTEL*)ctx)->logData +#define TCTI_LOG_BUFFER_CALLBACK(ctx) ((TSS2_TCTI_CONTEXT_INTEL*)ctx)->logBufferCallback + +typedef TSS2_RC (*TCTI_TRANSMIT_PTR)( TSS2_TCTI_CONTEXT *tctiContext, size_t size, uint8_t *command); +typedef TSS2_RC (*TCTI_RECEIVE_PTR) (TSS2_TCTI_CONTEXT *tctiContext, size_t *size, uint8_t *response, int32_t timeout); + +enum tctiStates { TCTI_STAGE_INITIALIZE, TCTI_STAGE_SEND_COMMAND, TCTI_STAGE_RECEIVE_RESPONSE }; + +/* current Intel version */ +typedef struct { + uint64_t magic; + uint32_t version; + TCTI_TRANSMIT_PTR transmit; + TCTI_RECEIVE_PTR receive; + TSS2_RC (*finalize) (TSS2_TCTI_CONTEXT *tctiContext); + TSS2_RC (*cancel) (TSS2_TCTI_CONTEXT *tctiContext); + TSS2_RC (*getPollHandles) (TSS2_TCTI_CONTEXT *tctiContext, + TSS2_TCTI_POLL_HANDLE *handles, size_t *num_handles); + TSS2_RC (*setLocality) (TSS2_TCTI_CONTEXT *tctiContext, uint8_t locality); + struct { + UINT32 debugMsgEnabled: 1; + UINT32 locality: 8; + UINT32 commandSent: 1; + UINT32 rmDebugPrefix: 1; // Used to add a prefix to RM debug messages. This is ONLY used + // for TPM commands and responses as a way to differentiate + // RM generated TPM commands from application generated ones. + + // Following two fields used to save partial response status in case receive buffer's too small. + UINT32 tagReceived: 1; + UINT32 responseSizeReceived: 1; + UINT32 protocolResponseSizeReceived: 1; + } status; + + // Following two fields used to save partial response in case receive buffer's too small. + TPM_ST tag; + TPM_RC responseSize; + + TSS2_TCTI_CONTEXT *currentTctiContext; + + // Sockets if socket interface is being used. + SOCKET otherSock; + SOCKET tpmSock; + SOCKET currentConnectSock; + + // File descriptor for device file if real TPM is being used. + int devFile; + UINT8 previousStage; // Used to check for sequencing errors. + unsigned char responseBuffer[4096]; + TCTI_LOG_CALLBACK logCallback; + TCTI_LOG_BUFFER_CALLBACK logBufferCallback; + void *logData; +} TSS2_TCTI_CONTEXT_INTEL; + +#define TCTI_CONTEXT ( (TSS2_TCTI_CONTEXT_COMMON_CURRENT *)(SYS_CONTEXT->tctiContext) ) +#define TCTI_CONTEXT_INTEL ( (TSS2_TCTI_CONTEXT_INTEL *)tctiContext ) + +#endif diff --git a/TPM2-Plugin/lib/include/tpm2_alg_util.h b/TPM2-Plugin/lib/include/tpm2_alg_util.h new file mode 100644 index 0000000..ce4083c --- /dev/null +++ b/TPM2-Plugin/lib/include/tpm2_alg_util.h @@ -0,0 +1,196 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; +#ifndef LIB_TPM2_ALG_UTIL_H_ +#define LIB_TPM2_ALG_UTIL_H_ + +#include <stdbool.h> + +#include <sapi/tpm20.h> + +/** + * Iterator callback routine for iterating over known algorithm name and value + * pairs. + * @param id + * The algorithm id. + * @param name + * The associated "nice-name". + * @param userdata + * A user supplied data pointer. + * @return + * True to stop iterating, false to keep iterating. + */ +typedef bool (*tpm2_alg_util_alg_iteraror)(TPM2_ALG_ID id, const char *name, void *userdata); + +/** + * Iterate over the algorithm name-value pairs calling the iterator callback for each pair. + * @param iterator + * The iterator callback function. + * @param userdata + * A pointer to user supplied data, this is passed to the iterator for each call. + */ +void tpm2_alg_util_for_each_alg(tpm2_alg_util_alg_iteraror iterator, void *userdata); + +/** + * Convert a "nice-name" string to an algorithm id. + * @param name + * The "nice-name" to convert. + * @return + * TPM2_ALG_ERROR on error, or a valid algorithm identifier. + */ +TPM2_ALG_ID tpm2_alg_util_strtoalg(const char *name); + +/** + * Convert an id to a nice-name. + * @param id + * The id to convert. + * @return + * The nice-name. + */ +const char *tpm2_alg_util_algtostr(TPM2_ALG_ID id); + +/** + * Converts either a string from algrotithm number or algorithm nice-name to + * an algorithm id. + * @param optarg + * The string to convert from an algorithm number or nice name. + * @return + * TPM2_ALG_ERROR on error or the algorithm id. + */ +TPM2_ALG_ID tpm2_alg_util_from_optarg(char *optarg); + +/** + * Detects if an algorithm is considered a hashing algorithm. + * @param id + * The algorithm id to check. + * @return + * True if it is a hash algorithm, False otherwise. + */ +bool tpm2_alg_util_is_hash_alg(TPM2_ALG_ID id); + +/** + * Contains the information from parsing an argv style vector of strings for + * pcr digest language specifications. + */ +typedef struct tpm2_pcr_digest_spec tpm2_pcr_digest_spec; +struct tpm2_pcr_digest_spec { + TPML_DIGEST_VALUES digests; + TPMI_DH_PCR pcr_index; +}; + +/** + * Parses an argv array that contains a digest specification at each location + * within argv. + * + * The digest specification is as follows: + * - A pcr identifier as understood by strtoul with 0 as the base. + * - A colon followed by the algorithm hash specification. + * - The algorithm hash specification is as follows: + * - The algorithm friendly name or raw numerical as understood by + * strtoul with a base of 0. + * - An equals sign + * - The hex hash value, + * + * This all distills to a string that looks like this: + * <pcr index>:<hash alg id>=<hash value> + * + * Example: + * "4:sha=f1d2d2f924e986ac86fdf7b36c94bcdf32beec15" + * + * Note: + * Multiple specifications of PCR and hash are OK. Multiple hashes + * cause the pcr to be extended with both hashes. Multiple same PCR + * values cause the PCR to be extended multiple times. Extension + * is done in order from left to right as specified. + * + * At most 5 hash extensions per PCR entry are supported. This + * is to keep the parser simple. + * + * @param sapi_context + * The system API context for hashing files with the tpm. This can + * be NULL if the argument vector doesn't have a file spec for the hash. + * @param argv + * The argv of digest specifications to parse. + * @param len + * The number of digest specifications to parse. + * @param digests + * An array of tpm2_pcr_digest_spec big enough to hold len items. + * @return + * True if parsing was successful, False otherwise. + * @note + * This function logs errors via LOG_ERR. + */ +bool pcr_parse_digest_list(char **argv, int len, + tpm2_pcr_digest_spec *digest_spec); + +/** + * Retrieves the size of a hash in bytes for a given hash + * algorithm or 0 if unknown/not found. + * @param id + * The HASH algorithm identifier. + * @return + * 0 on failure or the size of the hash bytes. + */ +UINT16 tpm2_alg_util_get_hash_size(TPMI_ALG_HASH id); + +/** + * Extracts the plain signature data without any headers + * + * Communicates errors via LOG_ERR. + * + * @param size + * Will receive the number of bytes stored in buffer. + * @signature The actual signature struct to extract the plain signature from. + * @return + * Returns a buffer filled with the extracted signature or NULL on error. + * Needs to be free()'d by the caller. + */ +UINT8* tpm2_extract_plain_signature(UINT16 *size, TPMT_SIGNATURE *signature); + +/** + * Retrieves an approproate signature scheme (scheme) signable by + * specified key (keyHandle) and hash algorithm (halg). + * @param sapi_context + * System API context for tpm + * @param keyHandle + * Handle to key used in signing operation + * @param halg + * Hash algoritm for message + * @param scheme + * Signature scheme output + * @return + * True if successful + * False otherwise, and scheme is left unmodified + */ +bool get_signature_scheme(TSS2_SYS_CONTEXT *sapi_context, + TPMI_DH_OBJECT keyHandle, TPMI_ALG_HASH halg, + TPMT_SIG_SCHEME *scheme); + +#endif /* LIB_TPM2_ALG_UTIL_H_ */ diff --git a/TPM2-Plugin/lib/include/tpm2_attr_util.h b/TPM2-Plugin/lib/include/tpm2_attr_util.h new file mode 100644 index 0000000..2487982 --- /dev/null +++ b/TPM2-Plugin/lib/include/tpm2_attr_util.h @@ -0,0 +1,98 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; +#ifndef LIB_TPM2_ATTR_UTIL_H_ +#define LIB_TPM2_ATTR_UTIL_H_ + +#include <stdbool.h> + +#include <sapi/tpm20.h> + +/** + * Converts a list of | (pipe) separated attributes as defined in tavle 204 + * of https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf + * to an actual bit field representation. The trailing TPMA_NV_ can be omitted and must be lower-case. + * For exmaple, TPMA_NV_PPWRITE, bcomes ppwrite. To append them together, just do the pipe inbetwwen. + * ppwrite|ownerwrite. + * + * @param attribute_list + * The attribute string to parse, which may be modified in place. + * @param nvattrs + * The TPMA_NV attributes set based on the attribute list. Only valid on true returns. + * @return + * true on success, false on error. + */ +bool tpm2_attr_util_nv_strtoattr(char *attribute_list, TPMA_NV *nvattrs); + +/** + * Like tpm2_attr_util_nv_strtoattr() but converts TPMA_OBJECT attributes as defined in: + * Table 31 of https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf + * @param attribute_list + * The attribute string to parse, which may be modified in place. + * The TPMA_OBJECT attributes set based on the attribute list. Only valid on true returns. + * @return + * true on success, false on error. + */ +bool tpm2_attr_util_obj_strtoattr(char *attribute_list, TPMA_OBJECT *objattrs); + +/** + * Converts a numerical or friendly string described object attribute into the + * TPMA_OBJECT. Similar to tpm2_alg_util_from_optarg(). + * @param argvalue + * Either a raw numeric for a UINT32 or a friendly name object attribute list + * as in tpm2_attr_util_nv_strtoattr(). + * @param objattrs + * The converted bits for a TPMA_OBJECT + * @return + * true on success or false on error. + */ +bool tpm2_attr_util_obj_from_optarg(char *argvalue, TPMA_OBJECT *objattrs); + +/** + * Converts a TPMA_NV structure to a friendly name style string. + * @param nvattrs + * The nvattrs to convert to nice name. + * @return A string allocated with calloc(), callers shall use + * free() to free it. The string is a null terminated text representation + * of the TPMA_NV attributes. + */ +char *tpm2_attr_util_nv_attrtostr(TPMA_NV nvattrs); + +/** + * Like tpm2_nv_util_obj_strtoattr() but converts TPMA_OBJECT attributes as defined in: + * Table 31 of https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf + * @param objattrs + * The object parameters to convert to a name + * @return + * The name of the object attrs as a string that must be freed via free(). + */ +char *tpm2_attr_util_obj_attrtostr(TPMA_OBJECT objattrs); + +#endif /* LIB_TPM2_ATTR_UTIL_H_ */ diff --git a/TPM2-Plugin/lib/include/tpm2_error.h b/TPM2-Plugin/lib/include/tpm2_error.h new file mode 100644 index 0000000..0549edc --- /dev/null +++ b/TPM2-Plugin/lib/include/tpm2_error.h @@ -0,0 +1,136 @@ +//**********************************************************************; +// Copyright (c) 2018, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; + +#ifndef LIB_TPM2_ERROR_H_ +#define LIB_TPM2_ERROR_H_ + +#include <stdbool.h> + +#include <sapi/tpm20.h> + +/** + * Number of error layers + */ +#define TPM2_ERROR_TSS2_RC_LAYER_COUNT (TSS2_RC_LAYER_MASK >> TSS2_RC_LAYER_SHIFT) + +/** + * Mask for the error bits of tpm2 compliant return code. + */ +#define TPM2_ERROR_TSS2_RC_ERROR_MASK 0xFFFF + +/** + * Retrieves the error bits from a TSS2_RC. The error bits are + * contained in the first 2 octets. + * @param rc + * The rc to query for the error bits. + * @return + * The error bits. + */ +static inline UINT16 tpm2_error_get(TSS2_RC rc) { + return ((rc & TPM2_ERROR_TSS2_RC_ERROR_MASK)); +} + +/** + * A custom error handler prototype. + * @param rc + * The rc to decode with only the error bits set, ie no need to mask the + * layer bits out. Handlers will never be invoked with the error bits set + * to 0, as zero always indicates success. + * @return + * An error string describing the rc. If the handler cannot determine + * a valid response, it can return NULL indicating that the framework + * should just print the raw hexidecimal value of the error field of + * a tpm2_err_layer_rc. + * Note that this WILL NOT BE FREED by the caller, + * i.e. static. + */ +typedef const char *(*tpm2_error_handler)(TSS2_RC rc); + +/** + * Register or unregister a custom layer error handler. + * @param layer + * The layer in which to register a handler for. It is an error + * to register for the following reserved layers: + * - TSS2_TPM_RC_LAYER - layer 0 + * - TSS2_SYS_RC_LAYER - layer 8 + * - TSS2_MU_RC_LAYER - layer 9 + * - TSS2_TCTI_RC_LAYER - layer 10 + * @param name + * A friendly layer name. It is an error for the name to be of + * length 0 or greater than 4. + * @param handler + * The handler function to register or NULL to unregister. + * @return + * True on success or False on error. + */ +bool tpm2_error_set_handler(UINT8 layer, const char *name, + tpm2_error_handler handler); + +/** + * Given a TSS2_RC return code, provides a static error string in the format: + * <layer-name>:<layer-specific-msg>. + * + * The layer-name section will either be the friendly name, or if no layer + * handler is registered, the base10 layer number. + * + * The "layer-specific-msg" is layer specific and will contain details on the + * error that occurred or the error code if it couldn't look it up. + * + * Known layer specific substrings: + * TPM - The tpm layer produces 2 distinct format codes that allign with: + * - Section 6.6 of: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf + * - Section 39.4 of: https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf + * + * The two formats are format 0 and format 1. + * Format 0 string format: + * - "<error|warn>(<version>): <description> + * - Examples: + * - error(1.2): bad tag + * - warn(2.0): the 1st handle in the handle area references a transient object or session that is not loaded + * + * Format 1 string format: + * - <handle|session|parameter>(<index>):<description> + * - Examples: + * - handle(unk):value is out of range or is not correct for the context + * - tpm:handle(5):value is out of range or is not correct for the context + * + * Note that passing TPM2_RC_SUCCESS results in the layer specific message of "success". + * + * The System, TCTI and Marshaling (MU) layers, all define simple string + * returns analogous to strerror(3). + * + * Unknown layers will have the layer number in decimal and then a layer specific string of + * a hex value representing the error code. For example: 9:0x3 + * + * @param rc + * The error code to decode. + * @return + * A human understandable error description string. + */ +const char *tpm2_error_str(TSS2_RC rc); + +#endif /* LIB_TPM2_ERROR_H_ */ diff --git a/TPM2-Plugin/lib/include/tpm2_hash.h b/TPM2-Plugin/lib/include/tpm2_hash.h new file mode 100644 index 0000000..7fab882 --- /dev/null +++ b/TPM2-Plugin/lib/include/tpm2_hash.h @@ -0,0 +1,84 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; +#ifndef SRC_TPM_HASH_H_ +#define SRC_TPM_HASH_H_ + +#include <stdbool.h> + +#include <sapi/tpm20.h> + +/** + * Hashes a BYTE array via the tpm. + * @param sapi_context + * The system api context. + * @param hash_alg + * The hashing algorithm to use. + * @param hierarchy + * The hierarchy. + * @param buffer + * The data to hash. + * @param length + * The length of the data. + * @param result + * The digest result. + * @param validation + * The validation ticket. Note that some hierarchies don't produce a + * validation ticket and thus size will be 0. + * @return + * True on success, false otherwise. + */ +bool tpm2_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH halg, + TPMI_RH_HIERARCHY hierarchy, BYTE *buffer, UINT16 length, + TPM2B_DIGEST *result, TPMT_TK_HASHCHECK *validation); + +/** + * Hashes a FILE * object via the tpm. + * @param sapi_context + * The system api context. + * @param hash_alg + * The hashing algorithm to use. + * @param hierarchy + * The hierarchy. + * @param input + * The FILE object to hash. + * @param result + * The digest result. + * @param validation + * The validation ticket. Note that some hierarchies don't produce a + * validation ticket and thus size will be 0. + * @return + * True on success, false otherwise. + */ +bool tpm2_hash_file(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH halg, + TPMI_RH_HIERARCHY hierarchy, FILE *input, TPM2B_DIGEST *result, + TPMT_TK_HASHCHECK *validation); + +#endif /* SRC_TPM_HASH_H_ */ diff --git a/TPM2-Plugin/lib/include/tpm2_plugin_api.h b/TPM2-Plugin/lib/include/tpm2_plugin_api.h new file mode 100644 index 0000000..238af99 --- /dev/null +++ b/TPM2-Plugin/lib/include/tpm2_plugin_api.h @@ -0,0 +1,136 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; + +#ifndef __TPM_API_H__ +#define __TPM_API_H__ + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <limits.h> +#include <ctype.h> +#include <getopt.h> + +#include <sapi/tpm20.h> + +#include "plugin_register.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define TPM_SKM_SRK_HANDLE 0x81000011 + +#define TPM_SKM_AC0_HANDLE 0x90000000 +#define TPM_SKM_AC1_HANDLE 0x90000001 +#define TPM_SKM_AC2_HANDLE 0x90000002 + +#define TPM_SKM_APP_HANDLE 0x91100001 + +#define INIT_SIMPLE_TPM2B_SIZE( type ) (type).t.size = sizeof( type ) - 2; + +#define APP_RC_OFFSET 0x100 + +#define TSS2_APP_RC_PASSED (APP_RC_PASSED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_GET_NAME_FAILED (APP_RC_GET_NAME_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_CREATE_SESSION_KEY_FAILED (APP_RC_CREATE_SESSION_KEY_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_SESSION_SLOT_NOT_FOUND (APP_RC_SESSION_SLOT_NOT_FOUND + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_BAD_ALGORITHM (APP_RC_BAD_ALGORITHM + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_SYS_CONTEXT_CREATE_FAILED (APP_RC_SYS_CONTEXT_CREATE_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_GET_SESSION_STRUCT_FAILED (APP_RC_GET_SESSION_STRUCT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_GET_SESSION_ALG_ID_FAILED (APP_RC_GET_SESSION_ALG_ID_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED (APP_RC_INIT_SYS_CONTEXT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_TEARDOWN_SYS_CONTEXT_FAILED (APP_RC_TEARDOWN_SYS_CONTEXT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) +#define TSS2_APP_RC_BAD_LOCALITY (APP_RC_BAD_LOCALITY + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL) + +enum TSS2_APP_RC_CODE +{ + APP_RC_PASSED, + APP_RC_GET_NAME_FAILED, + APP_RC_CREATE_SESSION_KEY_FAILED, + APP_RC_SESSION_SLOT_NOT_FOUND, + APP_RC_BAD_ALGORITHM, + APP_RC_SYS_CONTEXT_CREATE_FAILED, + APP_RC_GET_SESSION_STRUCT_FAILED, + APP_RC_GET_SESSION_ALG_ID_FAILED, + APP_RC_INIT_SYS_CONTEXT_FAILED, + APP_RC_TEARDOWN_SYS_CONTEXT_FAILED, + APP_RC_BAD_LOCALITY +}; + +TSS2_SYS_CONTEXT *InitSysContext (UINT16 maxCommandSize, + TSS2_TCTI_CONTEXT *tctiContext, + TSS2_ABI_VERSION *abiVersion ); + +void TeardownSysContext( TSS2_SYS_CONTEXT **sysContext ); + +TSS2_RC TeardownTctiResMgrContext( TSS2_TCTI_CONTEXT *tctiContext ); + +int tpm2_rsa_create_object( + unsigned long appHandle, + //DhsmWPKRSAFormat* wpk, + void *wpk, + unsigned char* swk, + int swk_len, + unsigned char* iv, + int iv_len, + int tag_len, + void **cb_object); + +int tpm2_rsa_delete_object( + void *cb_object); + +int tpm2_rsa_sign_init( + unsigned long mechanish, + void *param, + size_t len, + void *ctx); + +int tpm2_rsa_sign( + void *ctx, + unsigned char *msg, + int msg_len, + unsigned char *sig, + int *sig_len); + + +int tpm2_import_object( + unsigned long appHandle, + unsigned char* tlvbuffer, + int buflen, + unsigned char* iv, + int iv_len, + unsigned char* tpm_pwd, + int tpm_pwd_len); + + +#ifdef __cplusplus +} +#endif + + +#endif diff --git a/TPM2-Plugin/lib/include/tpm2_tcti_ldr.h b/TPM2-Plugin/lib/include/tpm2_tcti_ldr.h new file mode 100644 index 0000000..1e20d3d --- /dev/null +++ b/TPM2-Plugin/lib/include/tpm2_tcti_ldr.h @@ -0,0 +1,62 @@ +//**********************************************************************; +// Copyright (c) 2018, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; + +#include <sapi/tpm20.h> + +#ifndef LIB_TPM2_TCTI_LDR_H_ +#define LIB_TPM2_TCTI_LDR_H_ + +/** + * Loads a TCTI from a friendly name, library name, or path. + * For example + * friendly: path = tabrmd + * library name: path = libtcti-socket.so + * full path: path = /home/user/lib/libtcti-custom.so + * @param path + * The path/library to load. + * @param opts + * The tcti option configs. + * @return + * A tcti context on success or NULL on failure. + */ +TSS2_TCTI_CONTEXT *tpm2_tcti_ldr_load(const char *path, const char *opts); + +/** + * Returns the loaded TCTIs information structure, + * which contains the initialization routine, description + * and help string amongst other things. + * @return + * NULL if no TCTI is loaded, else the info structure pointer. + */ +const TSS2_TCTI_INFO *tpm2_tcti_ldr_getinfo(void); + +/** + * Unloads the tcti loaded via tpm2_tcti_ldr_load(); + */ +void tpm2_tcti_ldr_unload(void); + +#endif /* LIB_TPM2_TCTI_LDR_H_ */ diff --git a/TPM2-Plugin/lib/include/tpm2_util.h b/TPM2-Plugin/lib/include/tpm2_util.h new file mode 100644 index 0000000..edc759d --- /dev/null +++ b/TPM2-Plugin/lib/include/tpm2_util.h @@ -0,0 +1,325 @@ +//**********************************************************************; +// Copyright (c) 2017, Intel Corporation +// All rights reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions are met: +// +// 1. Redistributions of source code must retain the above copyright notice, +// this list of conditions and the following disclaimer. +// +// 2. Redistributions in binary form must reproduce the above copyright notice, +// this list of conditions and the following disclaimer in the documentation +// and/or other materials provided with the distribution. +// +// 3. Neither the name of Intel Corporation nor the names of its contributors +// may be used to endorse or promote products derived from this software without +// specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE +// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF +// THE POSSIBILITY OF SUCH DAMAGE. +//**********************************************************************; +#ifndef STRING_BYTES_H +#define STRING_BYTES_H + +#include <stdbool.h> +#include <stdint.h> +#include <stdio.h> + +#include <sapi/tpm20.h> + +#include "tpm2_error.h" + +#if defined (__GNUC__) +#define COMPILER_ATTR(...) __attribute__((__VA_ARGS__)) +#else +#define COMPILER_ATTR(...) +#endif + +#define xstr(s) str(s) +#define str(s) #s + +#define UNUSED(x) (void)x + +#define ARRAY_LEN(x) (sizeof(x)/sizeof(x[0])) + +#define BUFFER_SIZE(type, field) (sizeof((((type *)NULL)->field))) + +#define TSS2_APP_RC_LAYER TSS2_RC_LAYER(5) + +#define TPM2B_TYPE_INIT(type, field) { .size = BUFFER_SIZE(type, field), } +#define TPM2B_INIT(xsize) { .size = xsize, } +#define TPM2B_EMPTY_INIT TPM2B_INIT(0) +#define TPM2B_SENSITIVE_CREATE_EMPTY_INIT { \ + .sensitive = { \ + .data = { \ + .size = 0 \ + }, \ + .userAuth = { \ + .size = 0 \ + } \ + } \ + } + +#define TPMS_AUTH_COMMAND_INIT(session_handle) { \ + .sessionHandle = session_handle,\ + .nonce = TPM2B_EMPTY_INIT, \ + .sessionAttributes = TPMA_SESSION_CONTINUESESSION, \ + .hmac = TPM2B_EMPTY_INIT \ + } + +#define TPMS_AUTH_COMMAND_EMPTY_INIT TPMS_AUTH_COMMAND_INIT(0) + + +#define TPMT_TK_CREATION_EMPTY_INIT { \ + .tag = 0, \ + .hierarchy = 0, \ + .digest = TPM2B_EMPTY_INIT \ + } + +#define TPML_PCR_SELECTION_EMPTY_INIT { \ + .count = 0, \ + } //ignore pcrSelections since count is 0. + +#define TPMS_CAPABILITY_DATA_EMPTY_INIT { \ + .capability = 0, \ + } // ignore data since capability is 0. + +#define TPMT_TK_HASHCHECK_EMPTY_INIT { \ + .tag = 0, \ + .hierarchy = 0, \ + .digest = TPM2B_EMPTY_INIT \ + } + +#define TSS2L_SYS_AUTH_COMMAND_INIT(cnt, array) { \ + .count = cnt, \ + .auths = array, \ + } + +/* + * This macro is useful as a wrapper around SAPI functions to automatically + * retry function calls when the RC is TPM2_RC_RETRY. + */ +#define TSS2_RETRY_EXP(expression) \ + ({ \ + TSS2_RC __result = 0; \ + do { \ + __result = (expression); \ + } while (tpm2_error_get(__result) == TPM2_RC_RETRY); \ + __result; \ + }) + +/** + * prints output to stdout respecting the quiet option. + * Ie when quiet, don't print. + * @param fmt + * The format specifier, ala printf. + * @param ... + * The varargs, just like printf. + */ +#define tpm2_tool_output(fmt, ...) \ + do { \ + if (output_enabled) { \ + printf(fmt, ##__VA_ARGS__); \ + } \ + } while (0) + +int tpm2_util_hex_to_byte_structure(const char *inStr, UINT16 *byteLenth, BYTE *byteBuffer); + +/** + * Appends a TPM2B buffer to a MAX buffer. + * @param result + * The MAX buffer to append to + * @param append + * The buffer to append to result. + * @return + * true on success, false otherwise. + */ +bool tpm2_util_concat_buffer(TPM2B_MAX_BUFFER *result, TPM2B *append); + +/** + * Converts a numerical string into a uint32 value. + * @param str + * The numerical string to convert. + * @param value + * The value to store the conversion into. + * @return + * true on success, false otherwise. + */ +bool tpm2_util_string_to_uint32(const char *str, uint32_t *value); + +/** + * Converts a numerical string into a uint16 value. + * @param str + * The numerical string to convert. + * @param value + * The value to store the conversion into. + * @return + * true on success, false otherwise. + */ +bool tpm2_util_string_to_uint16(const char *str, uint16_t *value); + +/** + * Prints an xxd compatible hexdump to stdout if output is enabled, + * ie no -Q option. + * + * @param data + * The data to print. + * @param len + * The length of the data. + * @param plain + * true for a plain hex string false for an xxd compatable + * dump. + */ +void tpm2_util_hexdump(const BYTE *data, size_t len, bool plain); + +/** + * Prints an xxd compatible hexdump to stdout if output is enabled, + * ie no -Q option. + * + * @param fd + * A readable open file. + * @param len + * The length of the data to read and print. + * @param plain + * true for a plain hex string false for an xxd compatable + * dump. + * @return + * true if len bytes were successfully read and printed, + * false otherwise + */ +bool tpm2_util_hexdump_file(FILE *fd, size_t len, bool plain); + +/** + * Prints a TPM2B as a hex dump. + * @param buffer the TPM2B to print. + */ +static inline void tpm2_util_print_tpm2b(TPM2B *buffer) { + + return tpm2_util_hexdump(buffer->buffer, buffer->size, true); +} + +/** + * Reads a TPM2B object from FILE* and prints data in hex. + * @param fd + * A readable open file. + */ +bool tpm2_util_print_tpm2b_file(FILE *fd); + +/** + * Copies a tpm2b from dest to src and clears dest if src is NULL. + * If src is NULL, it is a NOP. + * @param dest + * The destination TPM2B + * @param src + * The source TPM2B + * @return + * The number of bytes copied. + */ +UINT16 tpm2_util_copy_tpm2b(TPM2B *dest, TPM2B *src); + +/** + * Checks if the host is big endian + * @return + * True of the host is big endian false otherwise. + */ +bool tpm2_util_is_big_endian(void); + +/** + * Swaps the endianess of 16 bit value. + * @param data + * A 16 bit value to swap the endianess on. + * @return + * The 16 bit value with the endianess swapped. + */ +UINT16 tpm2_util_endian_swap_16(UINT16 data); + +/** + * Just like string_bytes_endian_convert_16 but for 32 bit values. + */ +UINT32 tpm2_util_endian_swap_32(UINT32 data); + +/** + * Just like string_bytes_endian_convert_16 but for 64 bit values. + */ +UINT64 tpm2_util_endian_swap_64(UINT64 data); + +/** + * Converts a 16 bit value from host endianess to network endianess. + * @param data + * The data to possibly swap endianess. + * @return + * The swapped data. + */ +UINT16 tpm2_util_hton_16(UINT16 data); + +/** + * Just like string_bytes_endian_hton_16 but for 32 bit values. + */ +UINT32 tpm2_util_hton_32(UINT32 data); + +/** + * Just like string_bytes_endian_hton_16 but for 64 bit values. + */ +UINT64 tpm2_util_hton_64(UINT64 data); + +/** + * Converts a 16 bit value from network endianess to host endianess. + * @param data + * The data to possibly swap endianess. + * @return + * The swapped data. + */ +UINT16 tpm2_util_ntoh_16(UINT16 data); + +/** + * Just like string_bytes_endian_ntoh_16 but for 32 bit values. + */ +UINT32 tpm2_util_ntoh_32(UINT32 data); + +/** + * Just like string_bytes_endian_ntoh_16 but for 64 bit values. + */ +UINT64 tpm2_util_ntoh_64(UINT64 data); + +/** + * Counts the number of set bits aka a population count. + * @param data + * The data to count set bits in. + * @return + * The number of set bits or population count. + */ +UINT32 tpm2_util_pop_count(UINT32 data); + +/** + * Prints whitespace indention for yaml output. + * @param indent_count + * Number of times to indent + */ +void print_yaml_indent(size_t indent_count); + +/** + * Convert a TPM2B_PUBLIC into a yaml format and output if not quiet. + * @param public + * The TPM2B_PUBLIC to output in YAML format. + */ +void tpm2_util_public_to_yaml(TPM2B_PUBLIC *public); + + +/** + * Convert a TPMA_OBJECT to a yaml format and output if not quiet. + * @param obj + * The TPMA_OBJECT attributes to print. + */ +void tpm2_util_tpma_object_to_yaml(TPMA_OBJECT obj); + +#endif /* STRING_BYTES_H */ |