aboutsummaryrefslogtreecommitdiffstats
path: root/TPM2-Plugin/lib/tpm2_plugin_api.c
diff options
context:
space:
mode:
Diffstat (limited to 'TPM2-Plugin/lib/tpm2_plugin_api.c')
-rw-r--r--TPM2-Plugin/lib/tpm2_plugin_api.c857
1 files changed, 530 insertions, 327 deletions
diff --git a/TPM2-Plugin/lib/tpm2_plugin_api.c b/TPM2-Plugin/lib/tpm2_plugin_api.c
index d63550e..b9fc75b 100644
--- a/TPM2-Plugin/lib/tpm2_plugin_api.c
+++ b/TPM2-Plugin/lib/tpm2_plugin_api.c
@@ -1,60 +1,47 @@
-//**********************************************************************;
-// Copyright (c) 2017, Intel Corporation
-// All rights reserved.
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are met:
-//
-// 1. Redistributions of source code must retain the above copyright notice,
-// this list of conditions and the following disclaimer.
-//
-// 2. Redistributions in binary form must reproduce the above copyright notice,
-// this list of conditions and the following disclaimer in the documentation
-// and/or other materials provided with the distribution.
-//
-// 3. Neither the name of Intel Corporation nor the names of its contributors
-// may be used to endorse or promote products derived from this software without
-// specific prior written permission.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-// ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
-// LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-// CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-// SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-// CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-// ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
-// THE POSSIBILITY OF SUCH DAMAGE.
-//**********************************************************************;
-
-#include <tss2/tss2_sys.h>
+/* Copyright 2018 Intel Corporation, Inc
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#include <sapi/tpm20.h>
#include <stdbool.h>
+#include <errno.h>
#include <unistd.h>
#include "tpm2_plugin_api.h"
-#include "tpm2_convert.h"
-#include "tpm2_tcti_ldr.h"
-#include "tpm2_tool.h"
-#include "tpm2_hash.h"
-#include "tpm2_alg_util.h"
-#include "log.h"
-#include "files.h"
-
+#ifdef HAVE_TCTI_DEV
+#include <tcti/tcti_device.h>
+#endif
+#ifdef HAVE_TCTI_SOCK
+#include <tcti/tcti_socket.h>
+#endif
+#ifdef HAVE_TCTI_TABRMD
+#include <tcti/tcti-tabrmd.h>
+#endif
bool output_enabled = true;
-
+bool hexPasswd = false;
+TPM_HANDLE handle2048rsa;
const char *tcti_path="libtss2-tcti-device.so";
-static void tcti_teardown (TSS2_TCTI_CONTEXT *tcti_context)
+static void tcti_teardown(TSS2_TCTI_CONTEXT *tcti_context)
{
-
- Tss2_Tcti_Finalize (tcti_context);
+ if (tcti_context == NULL)
+ return;
+ tss2_tcti_finalize (tcti_context);
free (tcti_context);
}
-static void sapi_teardown (TSS2_SYS_CONTEXT *sapi_context)
+static void sapi_teardown(TSS2_SYS_CONTEXT *sapi_context)
{
-
if (sapi_context == NULL)
return;
Tss2_Sys_Finalize (sapi_context);
@@ -63,49 +50,16 @@ static void sapi_teardown (TSS2_SYS_CONTEXT *sapi_context)
static void sapi_teardown_full (TSS2_SYS_CONTEXT *sapi_context)
{
-
TSS2_TCTI_CONTEXT *tcti_context = NULL;
TSS2_RC rc;
rc = Tss2_Sys_GetTctiContext (sapi_context, &tcti_context);
- if (rc != TPM2_RC_SUCCESS)
+ if (rc != TSS2_RC_SUCCESS)
return;
sapi_teardown (sapi_context);
tcti_teardown (tcti_context);
}
-#define SUPPORTED_ABI_VERSION \
-{ \
- .tssCreator = 1, \
- .tssFamily = 2, \
- .tssLevel = 1, \
- .tssVersion = 108, \
-}
-
-static TSS2_SYS_CONTEXT* sapi_ctx_init(TSS2_TCTI_CONTEXT *tcti_ctx)
-{
-
- TSS2_ABI_VERSION abi_version = SUPPORTED_ABI_VERSION;
-
- size_t size = Tss2_Sys_GetContextSize(0);
- TSS2_SYS_CONTEXT *sapi_ctx = (TSS2_SYS_CONTEXT*) calloc(1, size);
- if (sapi_ctx == NULL) {
- LOG_ERR("Failed to allocate 0x%zx bytes for the SAPI context\n",
- size);
- return NULL;
- }
-
- TSS2_RC rval = Tss2_Sys_Initialize(sapi_ctx, size, tcti_ctx, &abi_version);
- if (rval != TPM2_RC_SUCCESS) {
- LOG_PERR(Tss2_Sys_Initialize, rval);
- free(sapi_ctx);
- return NULL;
- }
-
- return sapi_ctx;
-}
-
-
int tpm2_plugin_init()
{
printf("Init API done for TPM plugin ! \n");
@@ -118,7 +72,7 @@ int tpm2_plugin_uninit()
return 0;
}
-TPM2_HANDLE srk_handle;
+TPM_HANDLE srk_handle;
int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info)
{
/*
@@ -137,137 +91,322 @@ int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_in
return 0;
}
-TPM2_HANDLE handle_load;
-
-typedef struct tpm_load_ctx tpm_load_ctx;
-struct tpm_load_ctx {
- TPMS_AUTH_COMMAND session_data;
- TPMI_DH_OBJECT parent_handle;
- TPM2B_PUBLIC in_public;
- TPM2B_PRIVATE in_private;
- char *out_file;
- char *context_file;
- char *context_parent_file;
- struct {
- UINT8 H : 1;
- UINT8 u : 1;
- UINT8 r : 1;
- UINT8 c : 1;
- UINT8 C : 1;
- } flags;
-};
+TPMI_DH_OBJECT handle_load;
+
+#ifdef HAVE_TCTI_DEV
+TSS2_TCTI_CONTEXT*
+tcti_device_init (char const *device_file)
+{
+ TCTI_DEVICE_CONF conf = {
+ .device_path = device_file,
+ .logCallback = NULL,
+ .logData = NULL,
+ };
+ size_t size;
+ TSS2_RC rc;
+ TSS2_TCTI_CONTEXT *tcti_ctx;
-static tpm_load_ctx ctx_load = {
- .session_data = {
- .sessionHandle = TPM2_RS_PW,
- .nonce = TPM2B_EMPTY_INIT,
- .hmac = TPM2B_EMPTY_INIT,
- .sessionAttributes = 0
+ rc = InitDeviceTcti (NULL, &size, 0);
+ if (rc != TSS2_RC_SUCCESS) {
+ fprintf (stderr,
+ "Failed to get allocation size for device tcti context: "
+ "0x%x\n", rc);
+ return NULL;
}
-};
+ tcti_ctx = (TSS2_TCTI_CONTEXT*)calloc (1, size);
+ if (tcti_ctx == NULL) {
+ fprintf (stderr,
+ "Allocation for device TCTI context failed: %s\n",
+ strerror (errno));
+ return NULL;
+ }
+ rc = InitDeviceTcti (tcti_ctx, &size, &conf);
+ if (rc != TSS2_RC_SUCCESS) {
+ fprintf (stderr,
+ "Failed to initialize device TCTI context: 0x%x\n",
+ rc);
+ free (tcti_ctx);
+ return NULL;
+ }
+ return tcti_ctx;
+}
+#endif
+
+
+#ifdef HAVE_TCTI_SOCK
+TSS2_TCTI_CONTEXT* tcti_socket_init (char const *address, uint16_t port)
+{
+ TCTI_SOCKET_CONF conf = {
+ .hostname = address,
+ .port = port,
+ .logCallback = NULL,
+ .logBufferCallback = NULL,
+ .logData = NULL,
+ };
+ size_t size;
+ TSS2_RC rc;
+ TSS2_TCTI_CONTEXT *tcti_ctx;
+
+ rc = InitSocketTcti (NULL, &size, &conf, 0);
+ if (rc != TSS2_RC_SUCCESS) {
+ fprintf (stderr, "Faled to get allocation size for tcti context: "
+ "0x%x\n", rc);
+ return NULL;
+ }
+ tcti_ctx = (TSS2_TCTI_CONTEXT*)calloc (1, size);
+ if (tcti_ctx == NULL) {
+ fprintf (stderr, "Allocation for tcti context failed: %s\n",
+ strerror (errno));
+ return NULL;
+ }
+ rc = InitSocketTcti (tcti_ctx, &size, &conf, 0);
+ if (rc != TSS2_RC_SUCCESS) {
+ fprintf (stderr, "Failed to initialize tcti context: 0x%x\n", rc);
+ free (tcti_ctx);
+ return NULL;
+ }
+ return tcti_ctx;
+}
+#endif
+#ifdef HAVE_TCTI_TABRMD
+TSS2_TCTI_CONTEXT *tcti_tabrmd_init (void)
+{
+ TSS2_TCTI_CONTEXT *tcti_ctx;
+ TSS2_RC rc;
+ size_t size;
+
+ rc = tss2_tcti_tabrmd_init(NULL, &size);
+ if (rc != TSS2_RC_SUCCESS) {
+ printf("Failed to get size for TABRMD TCTI context: 0x%x", rc);
+ return NULL;
+ }
+ tcti_ctx = (TSS2_TCTI_CONTEXT*)calloc (1, size);
+ if (tcti_ctx == NULL) {
+ printf("Allocation for TABRMD TCTI context failed: %s", strerror (errno));
+ return NULL;
+ }
+ rc = tss2_tcti_tabrmd_init (tcti_ctx, &size);
+ if (rc != TSS2_RC_SUCCESS) {
+ printf("Failed to initialize TABRMD TCTI context: 0x%x", rc);
+ free(tcti_ctx);
+ return NULL;
+ }
+ return tcti_ctx;
+}
+#endif
+TSS2_TCTI_CONTEXT *tcti_init_from_options(common_opts_t *options)
+{
+ switch (options->tcti_type) {
+#ifdef HAVE_TCTI_DEV
+ case DEVICE_TCTI:
+ return tcti_device_init (options->device_file);
+#endif
+#ifdef HAVE_TCTI_SOCK
+ case SOCKET_TCTI:
+ return tcti_socket_init (options->socket_address,
+ options->socket_port);
+#endif
+#ifdef HAVE_TCTI_TABRMD
+ case TABRMD_TCTI:
+ return tcti_tabrmd_init ();
+#endif
+ default:
+ return NULL;
+ }
+}
+
+static TSS2_SYS_CONTEXT *sapi_ctx_init (TSS2_TCTI_CONTEXT *tcti_ctx)
+{
+ TSS2_SYS_CONTEXT *sapi_ctx;
+ TSS2_RC rc;
+ size_t size;
+ TSS2_ABI_VERSION abi_version = {
+ .tssCreator = TSSWG_INTEROP,
+ .tssFamily = TSS_SAPI_FIRST_FAMILY,
+ .tssLevel = TSS_SAPI_FIRST_LEVEL,
+ .tssVersion = TSS_SAPI_FIRST_VERSION,
+ };
+
+ size = Tss2_Sys_GetContextSize (0);
+ sapi_ctx = (TSS2_SYS_CONTEXT*)calloc (1, size);
+ if (sapi_ctx == NULL) {
+ fprintf (stderr,
+ "Failed to allocate 0x%zx bytes for the SAPI context\n",
+ size);
+ return NULL;
+ }
+ rc = Tss2_Sys_Initialize (sapi_ctx, size, tcti_ctx, &abi_version);
+ if (rc != TSS2_RC_SUCCESS) {
+ fprintf (stderr, "Failed to initialize SAPI context: 0x%x\n", rc);
+ free (sapi_ctx);
+ return NULL;
+ }
+ return sapi_ctx;
+}
-int load (TSS2_SYS_CONTEXT *sapi_context) {
+#define BUFFER_SIZE(type, field) (sizeof((((type *)NULL)->t.field)))
+#define TPM2B_TYPE_INIT(type, field) { .t = { .size = BUFFER_SIZE(type, field), }, }
+TPMS_AUTH_COMMAND sessionData;
+int hex2ByteStructure(const char *inStr, UINT16 *byteLength, BYTE *byteBuffer)
+{
+ int strLength;//if the inStr likes "1a2b...", no prefix "0x"
+ int i = 0;
+ if(inStr == NULL || byteLength == NULL || byteBuffer == NULL)
+ return -1;
+ strLength = strlen(inStr);
+ if(strLength%2)
+ return -2;
+ for(i = 0; i < strLength; i++)
+ {
+ if(!isxdigit(inStr[i]))
+ return -3;
+ }
+
+ if(*byteLength < strLength/2)
+ return -4;
+
+ *byteLength = strLength/2;
+
+ for(i = 0; i < *byteLength; i++)
+ {
+ char tmpStr[4] = {0};
+ tmpStr[0] = inStr[i*2];
+ tmpStr[1] = inStr[i*2+1];
+ byteBuffer[i] = strtol(tmpStr, NULL, 16);
+ }
+ return 0;
+}
+int load_key(TSS2_SYS_CONTEXT *sapi_context,
+ TPMI_DH_OBJECT parentHandle,
+ TPM2B_PUBLIC *inPublic,
+ TPM2B_PRIVATE *inPrivate,
+ int P_flag)
+{
UINT32 rval;
- TSS2L_SYS_AUTH_COMMAND sessionsData;
- TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
+ TPMS_AUTH_RESPONSE sessionDataOut;
+ TSS2_SYS_CMD_AUTHS sessionsData;
+ TSS2_SYS_RSP_AUTHS sessionsDataOut;
+ TPMS_AUTH_COMMAND *sessionDataArray[1];
+ TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
TPM2B_NAME nameExt = TPM2B_TYPE_INIT(TPM2B_NAME, name);
- sessionsData.count = 1;
- sessionsData.auths[0] = ctx_load.session_data;
-
- rval = TSS2_RETRY_EXP(Tss2_Sys_Load(sapi_context,
- ctx_load.parent_handle,
- &sessionsData,
- &ctx_load.in_private,
- &ctx_load.in_public,
- &handle_load,
- &nameExt,
- &sessionsDataOut));
- if(rval != TPM2_RC_SUCCESS)
+ sessionDataArray[0] = &sessionData;
+ sessionDataOutArray[0] = &sessionDataOut;
+
+ sessionsDataOut.rspAuths = &sessionDataOutArray[0];
+ sessionsData.cmdAuths = &sessionDataArray[0];
+
+ sessionsDataOut.rspAuthsCount = 1;
+ sessionsData.cmdAuthsCount = 1;
+
+ sessionData.sessionHandle = TPM_RS_PW;
+ sessionData.nonce.t.size = 0;
+
+ if(P_flag == 0)
+ sessionData.hmac.t.size = 0;
+
+ *((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
+ if (sessionData.hmac.t.size > 0 && hexPasswd)
{
- LOG_PERR(Tss2_Sys_Load, rval);
- return -1;
+ sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
+ if (hex2ByteStructure((char *)sessionData.hmac.t.buffer,
+ &sessionData.hmac.t.size,
+ sessionData.hmac.t.buffer) != 0)
+ {
+ printf( "Failed to convert Hex format password for parent Passwd.\n");
+ return -1;
+ }
}
- tpm2_tool_output("handle_load: 0x%08x\n", handle_load);
- if (ctx_load.out_file) {
- if(!files_save_bytes_to_file(ctx_load.out_file, nameExt.name, nameExt.size)) {
- return -2;
- }
+ rval = Tss2_Sys_Load (sapi_context,
+ parentHandle,
+ &sessionsData,
+ inPrivate,
+ inPublic,
+ &handle2048rsa,
+ &nameExt,
+ &sessionsDataOut);
+ if(rval != TPM_RC_SUCCESS)
+ {
+ printf("\nLoad Object Failed ! ErrorCode: 0x%0x\n\n",rval);
+ return -1;
}
+ printf("\nLoad succ.\nLoadedHandle: 0x%08x\n\n",handle2048rsa);
return 0;
}
-int tpm2_tool_load_key(TSS2_SYS_CONTEXT *sapi_context)
+TPMS_CONTEXT loaded_key_context;
+
+int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
+ void **keyHandle, TSS2_SYS_CONTEXT *sapi_context)
{
+ TPMI_DH_OBJECT parentHandle;
+ TPM2B_PUBLIC inPublic;
+ TPM2B_PRIVATE inPrivate;
+ UINT16 size;
int returnVal = 0;
- if ((!ctx_load.flags.H && !ctx_load.flags.c) || (!ctx_load.flags.u || !ctx_load.flags.r)) {
- LOG_ERR("Expected options (H or c) and u and r");
- return 1;
- }
+ memset(&inPublic,0,sizeof(TPM2B_PUBLIC));
+ memset(&inPrivate,0,sizeof(TPM2B_SENSITIVE));
- if(ctx_load.flags.c) {
- returnVal = files_load_tpm_context_from_path(sapi_context,
- &ctx_load.parent_handle,
- ctx_load.context_parent_file) != true;
- if (returnVal) {
- return 1;
- }
- }
+ setbuf(stdout, NULL);
+ setvbuf (stdout, NULL, _IONBF, BUFSIZ);
- returnVal = load(sapi_context);
- if (returnVal) {
- return 1;
- }
+ //parentHandle = 0x81000011;
+ parentHandle = srk_handle;
- if (ctx_load.flags.C) {
- returnVal = files_save_tpm_context_to_path (sapi_context,
- handle_load,
- ctx_load.context_file) != true;
- if (returnVal) {
- return 1;
- }
+ if (loadkey_in_info->num_buffers != 2)
+ return -1;
+ memcpy(&inPublic, loadkey_in_info->buffer_info[0]->buffer,
+ loadkey_in_info->buffer_info[0]->length_of_buffer);
+ memcpy(&inPrivate, loadkey_in_info->buffer_info[1]->buffer,
+ loadkey_in_info->buffer_info[1]->length_of_buffer);
+
+ printf("we are here now\n");
+ returnVal = load_key (sapi_context,
+ parentHandle,
+ &inPublic,
+ &inPrivate,
+ 0);
+
+ TPM_RC rval = Tss2_Sys_ContextSave(sapi_context, handle2048rsa, &loaded_key_context);
+ if (rval != TPM_RC_SUCCESS) {
+ printf("Tss2_Sys_ContextSave: Saving handle 0x%x context failed. TPM Error:0x%x", handle2048rsa, rval);
+ return -1;
}
-
+ *keyHandle = &handle2048rsa;
return 0;
}
-int tpm2_plugin_load_key(
- SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
- void **keyHandle
- )
+int tpm2_plugin_load_key(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
+ void **keyHandle)
{
int ret = 1;
- TSS2_TCTI_CONTEXT *tcti;
- tcti = tpm2_tcti_ldr_load(tcti_path, NULL);
- if (!tcti) {
- LOG_ERR("Could not load tcti, got: \"%s\"", tcti_path);
+ common_opts_t opts = COMMON_OPTS_INITIALIZER;
+ TSS2_TCTI_CONTEXT *tcti_ctx;
+ tcti_ctx = tcti_init_from_options(&opts);
+ if (tcti_ctx == NULL)
return -1;
- }
TSS2_SYS_CONTEXT *sapi_context = NULL;
- if (tcti) {
- sapi_context = sapi_ctx_init(tcti);
+ if (tcti_ctx) {
+ sapi_context = sapi_ctx_init(tcti_ctx);
if (!sapi_context) {
- goto free_tcti;
+ free(tcti_ctx);
+ return -1;
}
}
- ret = tpm2_tool_load_key(sapi_context);
- if (ret != 0) {
- LOG_ERR("Unable to run tpm2_tool_iload_key");
- sapi_teardown_full(sapi_context);
+ ret = load_key_execute(loadkey_in_info, keyHandle, sapi_context);
+ if (ret !=0)
+ printf("Load key API failed in TPM plugin ! \n");
-free_tcti:
- tpm2_tcti_ldr_unload();
- return ret;
- }
+ sapi_teardown_full(sapi_context);
- printf("Load key API done for TPM plugin ! \n");
+ printf("Load key API successful in TPM plugin ! \n");
return 0;
}
@@ -278,161 +417,228 @@ struct tpm_sign_ctx {
TPMS_AUTH_COMMAND sessionData;
TPMI_DH_OBJECT keyHandle;
TPMI_ALG_HASH halg;
- TPM2B_DIGEST digest;
- char *outFilePath;
+ char outFilePath[PATH_MAX];
BYTE *msg;
UINT16 length;
- char *contextKeyFile;
- char *inMsgFileName;
- tpm2_convert_sig_fmt sig_format;
- struct {
- UINT16 k : 1;
- UINT16 P : 1;
- UINT16 g : 1;
- UINT16 m : 1;
- UINT16 t : 1;
- UINT16 s : 1;
- UINT16 c : 1;
- UINT16 f : 1;
- UINT16 D : 1;
- } flags;
-};
-
-tpm_sign_ctx ctx_sign = {
- .msg = NULL,
- .sessionData = TPMS_AUTH_COMMAND_INIT(TPM2_RS_PW),
- .halg = TPM2_ALG_SHA1,
- .digest = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer),
+ TSS2_SYS_CONTEXT *sapi_context;
};
-
int tpm2_plugin_rsa_sign_init(
void *keyHandle,
- unsigned long mechanish,
+ unsigned long mechanism,
void *param,
int len)
{
+ printf("rsa_sign_init API mechanism is %lx \n", mechanism);
printf("rsa_sign_init API done for tpm2_plugin... \n");
return 0;
}
-static bool init_sign(TSS2_SYS_CONTEXT *sapi_context) {
+UINT32 tpm_hash(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH hashAlg,
+ UINT16 size, BYTE *data, TPM2B_DIGEST *result) {
+ TPM2B_MAX_BUFFER dataSizedBuffer;
- if (!((ctx_sign.flags.k || ctx_sign.flags.c) && (ctx_sign.flags.m || ctx_sign.flags.D) && ctx_sign.flags.s)) {
- LOG_ERR("Expected options (k or c) and (m or D) and s");
- return false;
+ dataSizedBuffer.t.size = size;
+ memcpy(dataSizedBuffer.t.buffer, data, size);
+ return Tss2_Sys_Hash(sapi_context, 0, &dataSizedBuffer, hashAlg,
+ TPM_RH_NULL, result, 0, 0);
+}
+
+static TPM_RC hash_sequence_ex(TSS2_SYS_CONTEXT *sapi_context,
+
+ TPMI_ALG_HASH hashAlg, UINT32 numBuffers, TPM2B_MAX_BUFFER *bufferList,
+ TPM2B_DIGEST *result) {
+ TPM_RC rval;
+ TPM2B_AUTH nullAuth;
+ TPMI_DH_OBJECT sequenceHandle;
+ TPM2B emptyBuffer;
+ TPMT_TK_HASHCHECK validation;
+
+ TPMS_AUTH_COMMAND cmdAuth;
+ TPMS_AUTH_COMMAND *cmdSessionArray[1] = { &cmdAuth };
+ TSS2_SYS_CMD_AUTHS cmdAuthArray = { 1, &cmdSessionArray[0] };
+
+ nullAuth.t.size = 0;
+ emptyBuffer.size = 0;
+
+ // Set result size to 0, in case any errors occur
+ result->b.size = 0;
+
+ // Init input sessions struct
+ cmdAuth.sessionHandle = TPM_RS_PW;
+ cmdAuth.nonce.t.size = 0;
+ *((UINT8 *) ((void *) &cmdAuth.sessionAttributes)) = 0;
+ cmdAuth.hmac.t.size = 0;
+
+ rval = Tss2_Sys_HashSequenceStart(sapi_context, 0, &nullAuth, hashAlg,
+ &sequenceHandle, 0);
+ if (rval != TPM_RC_SUCCESS) {
+ return rval;
}
- if (ctx_sign.flags.D && (ctx_sign.flags.t || ctx_sign.flags.m)) {
- LOG_WARN("Option D provided, options m and t are ignored.");
+ unsigned i;
+ for (i = 0; i < numBuffers; i++) {
+ rval = Tss2_Sys_SequenceUpdate(sapi_context, sequenceHandle,
+ &cmdAuthArray, &bufferList[i], 0);
+
+ if (rval != TPM_RC_SUCCESS) {
+ return rval;
+ }
}
- if (ctx_sign.flags.D || !ctx_sign.flags.t) {
- ctx_sign.validation.tag = TPM2_ST_HASHCHECK;
- ctx_sign.validation.hierarchy = TPM2_RH_NULL;
- memset(&ctx_sign.validation.digest, 0, sizeof(ctx_sign.validation.digest));
+ rval = Tss2_Sys_SequenceComplete(sapi_context, sequenceHandle,
+ &cmdAuthArray, (TPM2B_MAX_BUFFER *) &emptyBuffer,
+ TPM_RH_PLATFORM, result, &validation, 0);
+
+ if (rval != TPM_RC_SUCCESS) {
+ return rval;
}
- /*
- * load tpm context from a file if -c is provided
- */
- if (ctx_sign.flags.c) {
- bool result = files_load_tpm_context_from_path(sapi_context, &ctx_sign.keyHandle,
- ctx_sign.contextKeyFile);
- if (!result) {
- return false;
- }
+ return rval;
+}
+
+int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer,
+ UINT16 length, TPMI_ALG_HASH halg, TPM2B_DIGEST *result) {
+
+ if (length <= MAX_DIGEST_BUFFER) {
+ if (tpm_hash(sapi_context, halg, length, buffer,
+ result) == TPM_RC_SUCCESS)
+ return 0;
+ else
+ return -1;
}
- /*
- * Process the msg file if needed
- */
- if (ctx_sign.flags.m && !ctx_sign.flags.D) {
- unsigned long file_size;
- bool result = files_get_file_size_path(ctx_sign.inMsgFileName, &file_size);
- if (!result) {
- return false;
- }
- if (file_size == 0) {
- LOG_ERR("The message file \"%s\" is empty!", ctx_sign.inMsgFileName);
- return false;
- }
-
- if (file_size > UINT16_MAX) {
- LOG_ERR(
- "The message file \"%s\" is too large, got: %lu bytes, expected less than: %u bytes!",
- ctx_sign.inMsgFileName, file_size, UINT16_MAX + 1);
- return false;
- }
-
- ctx_sign.msg = (BYTE*) calloc(required_argument, file_size);
- if (!ctx_sign.msg) {
- LOG_ERR("oom");
- return false;
- }
-
- ctx_sign.length = file_size;
- result = files_load_bytes_from_path(ctx_sign.inMsgFileName, ctx_sign.msg, &ctx_sign.length);
- if (!result) {
- free(ctx_sign.msg);
- return false;
- }
+ UINT8 numBuffers = (length - 1) / MAX_DIGEST_BUFFER + 1;
+
+ TPM2B_MAX_BUFFER *bufferList = (TPM2B_MAX_BUFFER *) calloc(numBuffers,
+ sizeof(TPM2B_MAX_BUFFER));
+ if (bufferList == NULL)
+ return -2;
+
+ UINT32 i;
+ for (i = 0; i < (UINT32)(numBuffers - 1); i++) {
+ bufferList[i].t.size = MAX_DIGEST_BUFFER;
+ memcpy(bufferList[i].t.buffer, buffer + i * MAX_DIGEST_BUFFER,
+ MAX_DIGEST_BUFFER);
}
+ bufferList[i].t.size = length - i * MAX_DIGEST_BUFFER;
+ memcpy(bufferList[i].t.buffer, buffer + i * MAX_DIGEST_BUFFER,
+ bufferList[i].t.size);
- return true;
+ TPM_RC rval = hash_sequence_ex(sapi_context, halg, numBuffers, bufferList, result);
+ free(bufferList);
+ return rval == TPM_RC_SUCCESS ? 0 : -3;
}
-static bool sign_and_save(TSS2_SYS_CONTEXT *sapi_context) {
+static bool get_key_type(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT objectHandle,
+ TPMI_ALG_PUBLIC *type) {
- TPMT_SIG_SCHEME in_scheme;
- TPMT_SIGNATURE signature;
+ TPMS_AUTH_RESPONSE session_data_out;
+
+ TPMS_AUTH_RESPONSE *session_data_out_array[1] = {
+ &session_data_out
+ };
+
+ TSS2_SYS_RSP_AUTHS sessions_data_out = {
+ 1,
+ &session_data_out_array[0]
+ };
+
+ TPM2B_PUBLIC out_public = {
+ { 0, }
+ };
+
+ TPM2B_NAME name = TPM2B_TYPE_INIT(TPM2B_NAME, name);
- TSS2L_SYS_AUTH_COMMAND sessions_data = { 1, { ctx_sign.sessionData }};
- TSS2L_SYS_AUTH_RESPONSE sessions_data_out;
+ TPM2B_NAME qaulified_name = TPM2B_TYPE_INIT(TPM2B_NAME, name);
- if (!ctx_sign.flags.D) {
- bool res = tpm2_hash_compute_data(sapi_context, ctx_sign.halg, TPM2_RH_NULL,
- ctx_sign.msg, ctx_sign.length, &ctx_sign.digest, NULL);
- if (!res) {
- LOG_ERR("Compute message hash failed!");
- return false;
- }
+ TPM_RC rval = Tss2_Sys_ReadPublic(sapi_context, objectHandle, 0, &out_public, &name,
+ &qaulified_name, &sessions_data_out);
+ if (rval != TPM_RC_SUCCESS) {
+ printf("Sys_ReadPublic failed, error code: 0x%x", rval);
+ return false;
}
+ *type = out_public.t.publicArea.type;
+ return true;
+}
- bool result = get_signature_scheme(sapi_context, ctx_sign.keyHandle, ctx_sign.halg, &in_scheme);
+static bool set_scheme(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT keyHandle,
+ TPMI_ALG_HASH halg, TPMT_SIG_SCHEME *inScheme) {
+
+ TPM_ALG_ID type;
+ bool result = get_key_type(sapi_context, keyHandle, &type);
if (!result) {
return false;
}
- TSS2_RC rval = TSS2_RETRY_EXP(Tss2_Sys_Sign(sapi_context, ctx_sign.keyHandle,
- &sessions_data, &ctx_sign.digest, &in_scheme, &ctx_sign.validation, &signature,
- &sessions_data_out));
- if (rval != TPM2_RC_SUCCESS) {
- LOG_PERR(Tss2_Sys_Sign, rval);
+ switch (type) {
+ case TPM_ALG_RSA :
+ inScheme->scheme = TPM_ALG_RSASSA;
+ inScheme->details.rsassa.hashAlg = halg;
+ break;
+ case TPM_ALG_KEYEDHASH :
+ inScheme->scheme = TPM_ALG_HMAC;
+ inScheme->details.hmac.hashAlg = halg;
+ break;
+ case TPM_ALG_ECC :
+ inScheme->scheme = TPM_ALG_ECDSA;
+ inScheme->details.ecdsa.hashAlg = halg;
+ break;
+ case TPM_ALG_SYMCIPHER :
+ default:
+ printf("Unknown key type, got: 0x%x", type);
return false;
}
- return tpm2_convert_sig(&signature, ctx_sign.sig_format, ctx_sign.outFilePath);
+ return true;
}
+static bool sign_and_save(tpm_sign_ctx *ctx, unsigned char *sig, int *sig_len) {
+ TPM2B_DIGEST digest = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer);
+ TPMT_SIG_SCHEME in_scheme;
+ TPMT_SIGNATURE signature;
+ int signature_len;
+ TSS2_SYS_CMD_AUTHS sessions_data;
+ TPMS_AUTH_RESPONSE session_data_out;
+ TSS2_SYS_RSP_AUTHS sessions_data_out;
+ TPMS_AUTH_COMMAND *session_data_array[1];
+ TPMS_AUTH_RESPONSE *session_data_out_array[1];
+
+ session_data_array[0] = &ctx->sessionData;
+ sessions_data.cmdAuths = &session_data_array[0];
+ session_data_out_array[0] = &session_data_out;
+ sessions_data_out.rspAuths = &session_data_out_array[0];
+ sessions_data_out.rspAuthsCount = 1;
+ sessions_data.cmdAuthsCount = 1;
+
+ int rc = tpm_hash_compute_data(ctx->sapi_context, ctx->msg, ctx->length, ctx->halg, &digest);
+ if (rc) {
+ printf("Compute message hash failed!");
+ return false;
+ }
-int tpm2_tool_sign(TSS2_SYS_CONTEXT *sapi_context)
-{
-
- bool result = init_sign(sapi_context);
+ bool result = set_scheme(ctx->sapi_context, ctx->keyHandle, ctx->halg, &in_scheme);
if (!result) {
- return 1;
+ return false;
}
- result = sign_and_save(sapi_context);
+ TPM_RC rval = Tss2_Sys_Sign(ctx->sapi_context, ctx->keyHandle,
+ &sessions_data, &digest, &in_scheme,
+ &ctx->validation, &signature,
+ &sessions_data_out);
- free(ctx_sign.msg);
+ if (rval != TPM_RC_SUCCESS) {
+ printf("Sys_Sign failed, error code: 0x%x", rval);
+ return false;
+ }
+ signature_len = sizeof(signature);
+ sig_len = &signature_len;
+ sig = (unsigned char *)&signature;
- return result != true;
+ return true;
}
-
int tpm2_plugin_rsa_sign(
void *keyHandle,
unsigned long mechanism,
@@ -441,61 +647,58 @@ int tpm2_plugin_rsa_sign(
unsigned char *sig,
int *sig_len)
{
- int ret = 1;
- TSS2_TCTI_CONTEXT *tcti;
- tcti = tpm2_tcti_ldr_load(tcti_path, NULL);
- if (!tcti) {
- LOG_ERR("Could not load tcti, got: \"%s\"", tcti_path);
+ TPM_RC rval;
+ common_opts_t opts = COMMON_OPTS_INITIALIZER;
+ TSS2_TCTI_CONTEXT *tcti_ctx;
+ tcti_ctx = tcti_init_from_options(&opts);
+ if (tcti_ctx == NULL)
return -1;
- }
-
+
TSS2_SYS_CONTEXT *sapi_context = NULL;
- if (tcti) {
- sapi_context = sapi_ctx_init(tcti);
- if (!sapi_context) {
- goto free_tcti;
- }
+ if (tcti_ctx) {
+ sapi_context = sapi_ctx_init(tcti_ctx);
+ if (!sapi_context) {
+ free(tcti_ctx);
+ return -1;
+ }
}
+
+ tpm_sign_ctx ctx = {
+ .msg = NULL,
+ .sessionData = { 0 },
+ .halg = 0,
+ .keyHandle = 0,
+ .validation = { 0 },
+ .sapi_context = sapi_context
+ };
- ret = tpm2_tool_sign(sapi_context);
- if (ret != 0) {
- LOG_ERR("Unable to run tpm2_tool_sign");
- sapi_teardown_full(sapi_context);
+ printf("rsa_sign API mechanism is %lx \n", mechanism);
+ ctx.sessionData.sessionHandle = TPM_RS_PW;
+ ctx.validation.tag = TPM_ST_HASHCHECK;
+ ctx.validation.hierarchy = TPM_RH_NULL;
+ ctx.halg = TPM_ALG_SHA256;
+ ctx.keyHandle = *(TPMI_DH_OBJECT *)keyHandle;
+
+ rval = Tss2_Sys_ContextLoad(ctx.sapi_context, &loaded_key_context, &ctx.keyHandle);
+ if (rval != TPM_RC_SUCCESS) {
+ printf("ContextLoad Error in RSA Sign API. TPM Error:0x%x", rval);
+ goto out;
+ }
+ ctx.length = msg_len;
+ ctx.msg = msg;
-free_tcti:
- tpm2_tcti_ldr_unload();
- return ret;
+ if (!sign_and_save(&ctx, sig, sig_len)){
+ printf("RSA sign failed\n");
+ goto out;
}
- printf("rsa_sign API done for tpm2_plugin... \n");
-}
-int tpm2_rsa_create_object(
- unsigned long appHandle,
- //DhsmWPKRSAFormat* wpk,
- void *wpk,
- unsigned char* swk,
- int swk_len,
- unsigned char* iv,
- int iv_len,
- int tag_len,
- void **cb_object)
-{
- return 0;
-}
+ printf("RSA sign API successful in TPM plugin ! \n");
+
+out:
+ sapi_teardown_full(sapi_context);
-int tpm2_rsa_delete_object(void *cb_object)
-{
return 0;
+
}
-int tpm2_import_object(unsigned long appHandle,
- unsigned char* tlvbuffer,
- int buflen,
- unsigned char* iv,
- int iv_len,
- unsigned char* tpm_pwd,
- int tpm_pwd_len)
-{
- return 0;
-}