diff options
Diffstat (limited to 'TPM2-Plugin')
-rw-r--r--[-rwxr-xr-x] | TPM2-Plugin/bootstrap | 0 | ||||
-rw-r--r-- | TPM2-Plugin/lib/include/hwpluginif.h | 35 | ||||
-rw-r--r-- | TPM2-Plugin/lib/include/tpm2_plugin_api.h | 63 | ||||
-rw-r--r-- | TPM2-Plugin/lib/tpm2_plugin_api.c | 132 | ||||
-rw-r--r-- | TPM2-Plugin/lib/tpm2_plugin_init.c | 16 | ||||
-rw-r--r-- | TPM2-Plugin/test/main.c | 5 |
6 files changed, 201 insertions, 50 deletions
diff --git a/TPM2-Plugin/bootstrap b/TPM2-Plugin/bootstrap index 2a09c33..2a09c33 100755..100644 --- a/TPM2-Plugin/bootstrap +++ b/TPM2-Plugin/bootstrap diff --git a/TPM2-Plugin/lib/include/hwpluginif.h b/TPM2-Plugin/lib/include/hwpluginif.h index d016e37..aa40411 100644 --- a/TPM2-Plugin/lib/include/hwpluginif.h +++ b/TPM2-Plugin/lib/include/hwpluginif.h @@ -143,7 +143,7 @@ typedef int (*sshsm_hw_plugin_load_key)( ); typedef int (*sshsm_hw_plugin_unload_key)( - void **keyHandle + void **keyHandle ); /*** @@ -156,7 +156,8 @@ typedef int (*sshsm_hw_plugin_rsa_sign_init)( void *keyHandle, unsigned long mechanism, void *param, - int len + int len, + void **plugin_data_ref ); /*** @@ -175,10 +176,37 @@ typedef int (*sshsm_hw_plugin_rsa_sign)( unsigned long mechanism, unsigned char *msg, int msg_len, + void *plugin_data_ref, unsigned char *outsig, int *outsiglen ); +typedef int (*sshsm_hw_plugin_rsa_sign_update)( + void *keyHandle, + unsigned long mechnaism, + unsigned char *msg, + int msg_len, + void *plugin_data_ref + ); + +typedef int (*sshsm_hw_plugin_rsa_sign_final)( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref, + unsigned char *outsig, + int *outsiglen + ); + +/** This function is called by SSHSM only if there sign_final function is not called. +If sign_final function is called, it is assumed that plugin would have cleaned this up. +***/ + +typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref + ); + /*** * Function Name: sshsm_hw_plugin_get_plugin_functions * Descrpiton: Every HW plugin is expected to define this function. @@ -202,6 +230,9 @@ typedef struct sshsm_hw_functions_s sshsm_hw_plugin_unload_key xxx_unload_key; sshsm_hw_plugin_rsa_sign_init xxx_rsa_sign_init; sshsm_hw_plugin_rsa_sign xxx_rsa_sign; + sshsm_hw_plugin_rsa_sign_update xxx_rsa_sign_update; + sshsm_hw_plugin_rsa_sign_final xxx_rsa_sign_final; + sshsm_hw_plugin_rsa_sign_cleanup xxx_rsa_sign_cleanup; }SSHSM_HW_FUNCTIONS_t; int sshsm_hw_plugin_get_plugin_functions(SSHSM_HW_FUNCTIONS_t *funcs); diff --git a/TPM2-Plugin/lib/include/tpm2_plugin_api.h b/TPM2-Plugin/lib/include/tpm2_plugin_api.h index f45c0bd..d96d2f9 100644 --- a/TPM2-Plugin/lib/include/tpm2_plugin_api.h +++ b/TPM2-Plugin/lib/include/tpm2_plugin_api.h @@ -141,6 +141,15 @@ typedef struct { int version; } common_opts_t; +#define MAX_DATA_SIGNUPDATE 0x2000 +#define MAX_SESSIONS 0x1000 + +typedef struct concatenate_data_signupdate { + unsigned long int session_handle; + unsigned char data_signupdate[MAX_DATA_SIGNUPDATE]; + int data_length; +}CONCATENATE_DATA_SIGNUPDATE_t; + int tpm2_plugin_init(); int tpm2_plugin_uninit(); int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info); @@ -150,43 +159,49 @@ int tpm2_plugin_load_key( SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info ); -int tpm2_rsa_create_object( - unsigned long appHandle, - //DhsmWPKRSAFormat* wpk, - void *wpk, - unsigned char* swk, - int swk_len, - unsigned char* iv, - int iv_len, - int tag_len, - void **cb_object); - -int tpm2_rsa_delete_object( - void *cb_object); - int tpm2_plugin_rsa_sign_init( void *keyHandle, unsigned long mechanism, void *param, - int len); + int len, + void **plugin_data_ref + ); int tpm2_plugin_rsa_sign( void *keyHandle, unsigned long mechanism, unsigned char *msg, int msg_len, + void *plugin_data_ref, unsigned char *sig, - int *sig_len); + int *sig_len + ); + +int tpm2_plugin_rsa_sign_update( + void *keyHandle, + unsigned long mechnaism, + unsigned char *msg, + int msg_len, + void *plugin_data_ref + ); + +int tpm2_plugin_rsa_sign_final( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref, + unsigned char *outsig, + int *outsiglen + ); +/** This function is called by SSHSM only if there sign_final function is not called. +If sign_final function is called, it is assumed that plugin would have cleaned this up. +***/ -int tpm2_import_object( - unsigned long appHandle, - unsigned char* tlvbuffer, - int buflen, - unsigned char* iv, - int iv_len, - unsigned char* tpm_pwd, - int tpm_pwd_len); +typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref + ); #ifdef __cplusplus diff --git a/TPM2-Plugin/lib/tpm2_plugin_api.c b/TPM2-Plugin/lib/tpm2_plugin_api.c index b949e48..75e4fc1 100644 --- a/TPM2-Plugin/lib/tpm2_plugin_api.c +++ b/TPM2-Plugin/lib/tpm2_plugin_api.c @@ -134,7 +134,6 @@ tcti_device_init (char const *device_file) } #endif - #ifdef HAVE_TCTI_SOCK TSS2_TCTI_CONTEXT* tcti_socket_init (char const *address, uint16_t port) { @@ -491,17 +490,65 @@ struct tpm_sign_ctx { TSS2_SYS_CONTEXT *sapi_context; }; +//create a table to consolidate all parts of data from multiple SignUpdate from sessions +CONCATENATE_DATA_SIGNUPDATE_t data_signupdate_session[MAX_SESSIONS]; +unsigned long sign_sequence_id = 0; int tpm2_plugin_rsa_sign_init( void *keyHandle, unsigned long mechanism, void *param, - int len) + int len, + void **plugin_data_ref + ) { - printf("rsa_sign_init API mechanism is %lx \n", mechanism); + printf("rsa_sign_init API mechanism is %ld \n", mechanism); + printf("rsa_sign_init API len is %d \n", len); + int i, j; + + sign_sequence_id++; + unsigned long hSession = sign_sequence_id; + + for (i = 0; i < MAX_SESSIONS; i++){ + if (data_signupdate_session[i].session_handle == 0){ + data_signupdate_session[i].session_handle = hSession; + for (j = 0; j < MAX_DATA_SIGNUPDATE; j++ ) + data_signupdate_session[i].data_signupdate[j] = 0; + data_signupdate_session[i].data_length = 0; + } + } + *plugin_data_ref = (void *)hSession; + printf("rsa_sign_init API done for tpm2_plugin... \n"); return 0; } +/** This function is called by SSHSM only if there sign_final function is not called. +If sign_final function is called, it is assumed that plugin would have cleaned this up. +***/ + +int tpm2_plugin_rsa_sign_cleanup( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref + ) +{ + int i, j; + unsigned long hSession = (unsigned long)plugin_data_ref; + for (i = 0; i < MAX_SESSIONS; i++) { + if (data_signupdate_session[i].session_handle == hSession){ + data_signupdate_session[i].session_handle = 0; + for (j =0; j < MAX_DATA_SIGNUPDATE; j++ ) + data_signupdate_session[i].data_signupdate[j] =0; + data_signupdate_session[i].data_length = 0; + } + } + + if (sign_sequence_id>0xfffffffe) + sign_sequence_id =0; + return 0; +} + + UINT32 tpm_hash(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH hashAlg, UINT16 size, BYTE *data, TPM2B_DIGEST *result) { TPM2B_MAX_BUFFER dataSizedBuffer; @@ -570,8 +617,10 @@ int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer, if (length <= MAX_DIGEST_BUFFER) { if (tpm_hash(sapi_context, halg, length, buffer, - result) == TPM_RC_SUCCESS) + result) == TPM_RC_SUCCESS){ + printf("Single hash result size: %d\n", result->t.size); return 0; + } else return -1; } @@ -595,6 +644,7 @@ int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer, TPM_RC rval = hash_sequence_ex(sapi_context, halg, numBuffers, bufferList, result); free(bufferList); + printf("Sequence hash result size: %d\n", result->t.size); return rval == TPM_RC_SUCCESS ? 0 : -3; } @@ -661,12 +711,10 @@ static bool set_scheme(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT keyHandle, return true; } -static bool sign_and_save(tpm_sign_ctx *ctx, unsigned char *sig, int *sig_len) { +static bool sign_and_save(tpm_sign_ctx *ctx, TPMT_SIGNATURE *sig) { TPM2B_DIGEST digest = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer); TPMT_SIG_SCHEME in_scheme; - TPMT_SIGNATURE signature; - int signature_len; TSS2_SYS_CMD_AUTHS sessions_data; TPMS_AUTH_RESPONSE session_data_out; TSS2_SYS_RSP_AUTHS sessions_data_out; @@ -686,6 +734,8 @@ static bool sign_and_save(tpm_sign_ctx *ctx, unsigned char *sig, int *sig_len) return false; } + printf("Compute message hash digest size : %d \n", digest.t.size); + bool result = set_scheme(ctx->sapi_context, ctx->keyHandle, ctx->halg, &in_scheme); if (!result) { return false; @@ -693,17 +743,14 @@ static bool sign_and_save(tpm_sign_ctx *ctx, unsigned char *sig, int *sig_len) TPM_RC rval = Tss2_Sys_Sign(ctx->sapi_context, ctx->keyHandle, &sessions_data, &digest, &in_scheme, - &ctx->validation, &signature, + &ctx->validation, sig, &sessions_data_out); if (rval != TPM_RC_SUCCESS) { printf("Sys_Sign failed, error code: 0x%x", rval); return false; } - signature_len = sizeof(signature); - sig_len = &signature_len; - sig = (unsigned char *)&signature; - + return true; } @@ -712,11 +759,13 @@ int tpm2_plugin_rsa_sign( unsigned long mechanism, unsigned char *msg, int msg_len, + void *plugin_data_ref, unsigned char *sig, int *sig_len) { TPM_RC rval; common_opts_t opts = COMMON_OPTS_INITIALIZER; + TPMT_SIGNATURE signature; TSS2_TCTI_CONTEXT *tcti_ctx; tcti_ctx = tcti_init_from_options(&opts); if (tcti_ctx == NULL) @@ -739,12 +788,15 @@ int tpm2_plugin_rsa_sign( .validation = { 0 }, .sapi_context = sapi_context }; - + printf("rsa_sign API mechanism is %lx \n", mechanism); ctx.sessionData.sessionHandle = TPM_RS_PW; ctx.validation.tag = TPM_ST_HASHCHECK; ctx.validation.hierarchy = TPM_RH_NULL; - ctx.halg = TPM_ALG_SHA256; + if (mechanism == 7) + ctx.halg = TPM_ALG_SHA256; + else + printf("mechanism not supported! \n"); ctx.keyHandle = *(TPMI_DH_OBJECT *)keyHandle; rval = Tss2_Sys_ContextLoad(ctx.sapi_context, &loaded_key_context, &ctx.keyHandle); @@ -755,11 +807,15 @@ int tpm2_plugin_rsa_sign( ctx.length = msg_len; ctx.msg = msg; - if (!sign_and_save(&ctx, sig, sig_len)){ + if (!sign_and_save(&ctx, &signature)){ printf("RSA sign failed\n"); goto out; } + *sig_len = (int)signature.signature.rsassa.sig.t.size; + printf("signature length: %d \n", *sig_len); + memcpy(sig, signature.signature.rsassa.sig.t.buffer, *sig_len); + printf("signature buffer size: %ld \n", sizeof(signature.signature.rsassa.sig.t.buffer)); printf("RSA sign API successful in TPM plugin ! \n"); out: @@ -769,4 +825,50 @@ out: } +int tpm2_plugin_rsa_sign_update( + void *keyHandle, + unsigned long mechanism, + unsigned char *msg, + int msg_len, + void *plugin_data_ref + ) +{ + int i, j, n; + unsigned long hSession = (unsigned long)plugin_data_ref; + for (i = 0; i < MAX_SESSIONS; i++){ + if (data_signupdate_session[i].session_handle == hSession){ + n = data_signupdate_session[i].data_length; + for (j =0; j < msg_len; j++ ) + data_signupdate_session[i].data_signupdate[n + j] = msg[j]; + data_signupdate_session[i].data_length += msg_len; + return 0; + } + } + return -1; +} + +int tpm2_plugin_rsa_sign_final( + void *keyHandle, + unsigned long mechanism, + void *plugin_data_ref, + unsigned char *outsig, + int *outsiglen + ) +{ + int i, j; + unsigned long hSession = (unsigned long)plugin_data_ref; + unsigned char *msg; + int msg_len; + for (i = 0; i < MAX_SESSIONS; i++){ + if (data_signupdate_session[i].session_handle == hSession){ + msg = data_signupdate_session[i].data_signupdate; + msg_len = data_signupdate_session[i].data_length; + tpm2_plugin_rsa_sign(keyHandle, mechanism, msg, msg_len, plugin_data_ref, outsig, outsiglen); + tpm2_plugin_rsa_sign_cleanup(keyHandle, mechanism, plugin_data_ref); + return 0; + } + } + + return -1; +} diff --git a/TPM2-Plugin/lib/tpm2_plugin_init.c b/TPM2-Plugin/lib/tpm2_plugin_init.c index b221bd2..ef32330 100644 --- a/TPM2-Plugin/lib/tpm2_plugin_init.c +++ b/TPM2-Plugin/lib/tpm2_plugin_init.c @@ -20,13 +20,15 @@ int sshsm_hw_plugin_get_plugin_functions(SSHSM_HW_FUNCTIONS_t *funcs) { printf("%s(): Assigning Function pointers for TPM (dTPM or PTT) mode \n", __func__); - funcs->xxx_init = &tpm2_plugin_init; - funcs->xxx_uninit = &tpm2_plugin_uninit; - funcs->xxx_activate = &tpm2_plugin_activate; - funcs->xxx_load_key = &tpm2_plugin_load_key; - funcs->xxx_unload_key = NULL; - funcs->xxx_rsa_sign_init = &tpm2_plugin_rsa_sign_init; - funcs->xxx_rsa_sign = &tpm2_plugin_rsa_sign; + funcs->xxx_init = &tpm2_plugin_init; + funcs->xxx_uninit = &tpm2_plugin_uninit; + funcs->xxx_activate = &tpm2_plugin_activate; + funcs->xxx_load_key = &tpm2_plugin_load_key; + funcs->xxx_unload_key = NULL; + funcs->xxx_rsa_sign_init = &tpm2_plugin_rsa_sign_init; + funcs->xxx_rsa_sign_update = &tpm2_plugin_rsa_sign_update; + funcs->xxx_rsa_sign_final = &tpm2_plugin_rsa_sign_final; + funcs->xxx_rsa_sign = &tpm2_plugin_rsa_sign; return 0; } diff --git a/TPM2-Plugin/test/main.c b/TPM2-Plugin/test/main.c index 31fa7d6..046b3d7 100644 --- a/TPM2-Plugin/test/main.c +++ b/TPM2-Plugin/test/main.c @@ -24,6 +24,7 @@ void main(void) void *param = NULL; size_t len = 100; void *keyHandle_sign = NULL; + unsigned long int hSession = 1; unsigned char *msg; int msg_len; @@ -59,12 +60,12 @@ void main(void) tpm2_plugin_activate(activate_in_info); printf("---------------------------------------------\n"); - tpm2_plugin_rsa_sign_init(keyHandle_sign, mechanism, param, len); + tpm2_plugin_rsa_sign_init(keyHandle_sign, mechanism, param, len, (void *)hSession); printf("---------------------------------------------\n"); tpm2_plugin_load_key(loadkey_in_info, keyHandle, importkey_info); printf("---------------------------------------------\n"); - tpm2_plugin_rsa_sign(keyHandle_sign, mechanism, msg, msg_len, sig, sig_len); + tpm2_plugin_rsa_sign(keyHandle_sign, mechanism, msg, msg_len, (void *)hSession, sig, sig_len); } |