From 1ca4825b215df6c3370f6e274d095b2d928e64b4 Mon Sep 17 00:00:00 2001 From: NingSun Date: Thu, 26 Apr 2018 14:20:38 -0700 Subject: Added 3 more TPM2 Plugin APIs Added tpm2_plugin_rsa_sign_update(...), tpm2_plugin_rsa_sign_final(...), tpm2_plugin_rsa_sign_cleanup(...) APIs. Issue-ID: AAF-94 Change-Id: I104ff7b979329c03e91206d19371d3904f163993 Signed-off-by: NingSun --- TPM2-Plugin/bootstrap | 0 TPM2-Plugin/lib/include/hwpluginif.h | 38 ++++++++- TPM2-Plugin/lib/include/tpm2_plugin_api.h | 66 +++++++++------ TPM2-Plugin/lib/tpm2_plugin_api.c | 136 ++++++++++++++++++++++++++---- TPM2-Plugin/lib/tpm2_plugin_init.c | 16 ++-- TPM2-Plugin/test/main.c | 5 +- build.sh | 2 +- 7 files changed, 208 insertions(+), 55 deletions(-) mode change 100755 => 100644 TPM2-Plugin/bootstrap diff --git a/TPM2-Plugin/bootstrap b/TPM2-Plugin/bootstrap old mode 100755 new mode 100644 diff --git a/TPM2-Plugin/lib/include/hwpluginif.h b/TPM2-Plugin/lib/include/hwpluginif.h index 57c5e07..0bbafc6 100644 --- a/TPM2-Plugin/lib/include/hwpluginif.h +++ b/TPM2-Plugin/lib/include/hwpluginif.h @@ -130,11 +130,12 @@ typedef int (*sshsm_hw_plugin_activate)( typedef int (*sshsm_hw_plugin_load_key)( SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, - void **keyHandle + void **keyHandle, + SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info ); typedef int (*sshsm_hw_plugin_unload_key)( - void **keyHandle + void **keyHandle ); /*** @@ -147,7 +148,8 @@ typedef int (*sshsm_hw_plugin_rsa_sign_init)( void *keyHandle, unsigned long mechanism, void *param, - int len + int len, + void **plugin_data_ref ); /*** @@ -166,10 +168,37 @@ typedef int (*sshsm_hw_plugin_rsa_sign)( unsigned long mechanism, unsigned char *msg, int msg_len, + void *plugin_data_ref, unsigned char *outsig, int *outsiglen ); +typedef int (*sshsm_hw_plugin_rsa_sign_update)( + void *keyHandle, + unsigned long mechnaism, + unsigned char *msg, + int msg_len, + void *plugin_data_ref + ); + +typedef int (*sshsm_hw_plugin_rsa_sign_final)( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref, + unsigned char *outsig, + int *outsiglen + ); + +/** This function is called by SSHSM only if there sign_final function is not called. +If sign_final function is called, it is assumed that plugin would have cleaned this up. +***/ + +typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref + ); + /*** * Function Name: sshsm_hw_plugin_get_plugin_functions * Descrpiton: Every HW plugin is expected to define this function. @@ -193,6 +222,9 @@ typedef struct sshsm_hw_functions_s sshsm_hw_plugin_unload_key xxx_unload_key; sshsm_hw_plugin_rsa_sign_init xxx_rsa_sign_init; sshsm_hw_plugin_rsa_sign xxx_rsa_sign; + sshsm_hw_plugin_rsa_sign_update xxx_rsa_sign_update; + sshsm_hw_plugin_rsa_sign_final xxx_rsa_sign_final; + sshsm_hw_plugin_rsa_sign_cleanup xxx_rsa_sign_cleanup; }SSHSM_HW_FUNCTIONS_t; int sshsm_hw_plugin_get_plugin_functions(SSHSM_HW_FUNCTIONS_t *funcs); diff --git a/TPM2-Plugin/lib/include/tpm2_plugin_api.h b/TPM2-Plugin/lib/include/tpm2_plugin_api.h index 2a0ace0..d96d2f9 100644 --- a/TPM2-Plugin/lib/include/tpm2_plugin_api.h +++ b/TPM2-Plugin/lib/include/tpm2_plugin_api.h @@ -141,51 +141,67 @@ typedef struct { int version; } common_opts_t; +#define MAX_DATA_SIGNUPDATE 0x2000 +#define MAX_SESSIONS 0x1000 + +typedef struct concatenate_data_signupdate { + unsigned long int session_handle; + unsigned char data_signupdate[MAX_DATA_SIGNUPDATE]; + int data_length; +}CONCATENATE_DATA_SIGNUPDATE_t; + int tpm2_plugin_init(); int tpm2_plugin_uninit(); int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info); int tpm2_plugin_load_key( SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, - void **keyHandle + void **keyHandle, + SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info ); -int tpm2_rsa_create_object( - unsigned long appHandle, - //DhsmWPKRSAFormat* wpk, - void *wpk, - unsigned char* swk, - int swk_len, - unsigned char* iv, - int iv_len, - int tag_len, - void **cb_object); - -int tpm2_rsa_delete_object( - void *cb_object); - int tpm2_plugin_rsa_sign_init( void *keyHandle, unsigned long mechanism, void *param, - int len); + int len, + void **plugin_data_ref + ); int tpm2_plugin_rsa_sign( void *keyHandle, unsigned long mechanism, unsigned char *msg, int msg_len, + void *plugin_data_ref, unsigned char *sig, - int *sig_len); + int *sig_len + ); + +int tpm2_plugin_rsa_sign_update( + void *keyHandle, + unsigned long mechnaism, + unsigned char *msg, + int msg_len, + void *plugin_data_ref + ); + +int tpm2_plugin_rsa_sign_final( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref, + unsigned char *outsig, + int *outsiglen + ); +/** This function is called by SSHSM only if there sign_final function is not called. +If sign_final function is called, it is assumed that plugin would have cleaned this up. +***/ -int tpm2_import_object( - unsigned long appHandle, - unsigned char* tlvbuffer, - int buflen, - unsigned char* iv, - int iv_len, - unsigned char* tpm_pwd, - int tpm_pwd_len); +typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref + ); #ifdef __cplusplus diff --git a/TPM2-Plugin/lib/tpm2_plugin_api.c b/TPM2-Plugin/lib/tpm2_plugin_api.c index b9fc75b..a080980 100644 --- a/TPM2-Plugin/lib/tpm2_plugin_api.c +++ b/TPM2-Plugin/lib/tpm2_plugin_api.c @@ -132,7 +132,6 @@ tcti_device_init (char const *device_file) } #endif - #ifdef HAVE_TCTI_SOCK TSS2_TCTI_CONTEXT* tcti_socket_init (char const *address, uint16_t port) { @@ -365,7 +364,6 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, memcpy(&inPrivate, loadkey_in_info->buffer_info[1]->buffer, loadkey_in_info->buffer_info[1]->length_of_buffer); - printf("we are here now\n"); returnVal = load_key (sapi_context, parentHandle, &inPublic, @@ -382,7 +380,8 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, } int tpm2_plugin_load_key(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info, - void **keyHandle) + void **keyHandle, + SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info) { int ret = 1; common_opts_t opts = COMMON_OPTS_INITIALIZER; @@ -423,17 +422,65 @@ struct tpm_sign_ctx { TSS2_SYS_CONTEXT *sapi_context; }; +//create a table to consolidate all parts of data from multiple SignUpdate from sessions +CONCATENATE_DATA_SIGNUPDATE_t data_signupdate_session[MAX_SESSIONS]; +unsigned long sign_sequence_id = 0; int tpm2_plugin_rsa_sign_init( void *keyHandle, unsigned long mechanism, void *param, - int len) + int len, + void **plugin_data_ref + ) { - printf("rsa_sign_init API mechanism is %lx \n", mechanism); + printf("rsa_sign_init API mechanism is %ld \n", mechanism); + printf("rsa_sign_init API len is %d \n", len); + int i, j; + + sign_sequence_id++; + unsigned long hSession = sign_sequence_id; + + for (i = 0; i < MAX_SESSIONS; i++){ + if (data_signupdate_session[i].session_handle == 0){ + data_signupdate_session[i].session_handle = hSession; + for (j = 0; j < MAX_DATA_SIGNUPDATE; j++ ) + data_signupdate_session[i].data_signupdate[j] = 0; + data_signupdate_session[i].data_length = 0; + } + } + *plugin_data_ref = (void *)hSession; + printf("rsa_sign_init API done for tpm2_plugin... \n"); return 0; } +/** This function is called by SSHSM only if there sign_final function is not called. +If sign_final function is called, it is assumed that plugin would have cleaned this up. +***/ + +int tpm2_plugin_rsa_sign_cleanup( + void *keyHandle, + unsigned long mechnaism, + void *plugin_data_ref + ) +{ + int i, j; + unsigned long hSession = (unsigned long)plugin_data_ref; + for (i = 0; i < MAX_SESSIONS; i++) { + if (data_signupdate_session[i].session_handle == hSession){ + data_signupdate_session[i].session_handle = 0; + for (j =0; j < MAX_DATA_SIGNUPDATE; j++ ) + data_signupdate_session[i].data_signupdate[j] =0; + data_signupdate_session[i].data_length = 0; + } + } + + if (sign_sequence_id>0xfffffffe) + sign_sequence_id =0; + return 0; +} + + UINT32 tpm_hash(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH hashAlg, UINT16 size, BYTE *data, TPM2B_DIGEST *result) { TPM2B_MAX_BUFFER dataSizedBuffer; @@ -502,8 +549,10 @@ int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer, if (length <= MAX_DIGEST_BUFFER) { if (tpm_hash(sapi_context, halg, length, buffer, - result) == TPM_RC_SUCCESS) + result) == TPM_RC_SUCCESS){ + printf("Single hash result size: %d\n", result->t.size); return 0; + } else return -1; } @@ -527,6 +576,7 @@ int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer, TPM_RC rval = hash_sequence_ex(sapi_context, halg, numBuffers, bufferList, result); free(bufferList); + printf("Sequence hash result size: %d\n", result->t.size); return rval == TPM_RC_SUCCESS ? 0 : -3; } @@ -593,12 +643,10 @@ static bool set_scheme(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT keyHandle, return true; } -static bool sign_and_save(tpm_sign_ctx *ctx, unsigned char *sig, int *sig_len) { +static bool sign_and_save(tpm_sign_ctx *ctx, TPMT_SIGNATURE *sig) { TPM2B_DIGEST digest = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer); TPMT_SIG_SCHEME in_scheme; - TPMT_SIGNATURE signature; - int signature_len; TSS2_SYS_CMD_AUTHS sessions_data; TPMS_AUTH_RESPONSE session_data_out; TSS2_SYS_RSP_AUTHS sessions_data_out; @@ -618,6 +666,8 @@ static bool sign_and_save(tpm_sign_ctx *ctx, unsigned char *sig, int *sig_len) return false; } + printf("Compute message hash digest size : %d \n", digest.t.size); + bool result = set_scheme(ctx->sapi_context, ctx->keyHandle, ctx->halg, &in_scheme); if (!result) { return false; @@ -625,17 +675,14 @@ static bool sign_and_save(tpm_sign_ctx *ctx, unsigned char *sig, int *sig_len) TPM_RC rval = Tss2_Sys_Sign(ctx->sapi_context, ctx->keyHandle, &sessions_data, &digest, &in_scheme, - &ctx->validation, &signature, + &ctx->validation, sig, &sessions_data_out); if (rval != TPM_RC_SUCCESS) { printf("Sys_Sign failed, error code: 0x%x", rval); return false; } - signature_len = sizeof(signature); - sig_len = &signature_len; - sig = (unsigned char *)&signature; - + return true; } @@ -644,11 +691,13 @@ int tpm2_plugin_rsa_sign( unsigned long mechanism, unsigned char *msg, int msg_len, + void *plugin_data_ref, unsigned char *sig, int *sig_len) { TPM_RC rval; common_opts_t opts = COMMON_OPTS_INITIALIZER; + TPMT_SIGNATURE signature; TSS2_TCTI_CONTEXT *tcti_ctx; tcti_ctx = tcti_init_from_options(&opts); if (tcti_ctx == NULL) @@ -671,12 +720,15 @@ int tpm2_plugin_rsa_sign( .validation = { 0 }, .sapi_context = sapi_context }; - + printf("rsa_sign API mechanism is %lx \n", mechanism); ctx.sessionData.sessionHandle = TPM_RS_PW; ctx.validation.tag = TPM_ST_HASHCHECK; ctx.validation.hierarchy = TPM_RH_NULL; - ctx.halg = TPM_ALG_SHA256; + if (mechanism == 7) + ctx.halg = TPM_ALG_SHA256; + else + printf("mechanism not supported! \n"); ctx.keyHandle = *(TPMI_DH_OBJECT *)keyHandle; rval = Tss2_Sys_ContextLoad(ctx.sapi_context, &loaded_key_context, &ctx.keyHandle); @@ -687,11 +739,15 @@ int tpm2_plugin_rsa_sign( ctx.length = msg_len; ctx.msg = msg; - if (!sign_and_save(&ctx, sig, sig_len)){ + if (!sign_and_save(&ctx, &signature)){ printf("RSA sign failed\n"); goto out; } + *sig_len = (int)signature.signature.rsassa.sig.t.size; + printf("signature length: %d \n", *sig_len); + memcpy(sig, signature.signature.rsassa.sig.t.buffer, *sig_len); + printf("signature buffer size: %ld \n", sizeof(signature.signature.rsassa.sig.t.buffer)); printf("RSA sign API successful in TPM plugin ! \n"); out: @@ -701,4 +757,50 @@ out: } +int tpm2_plugin_rsa_sign_update( + void *keyHandle, + unsigned long mechanism, + unsigned char *msg, + int msg_len, + void *plugin_data_ref + ) +{ + int i, j, n; + unsigned long hSession = (unsigned long)plugin_data_ref; + for (i = 0; i < MAX_SESSIONS; i++){ + if (data_signupdate_session[i].session_handle == hSession){ + n = data_signupdate_session[i].data_length; + for (j =0; j < msg_len; j++ ) + data_signupdate_session[i].data_signupdate[n + j] = msg[j]; + data_signupdate_session[i].data_length += msg_len; + return 0; + } + } + return -1; +} + +int tpm2_plugin_rsa_sign_final( + void *keyHandle, + unsigned long mechanism, + void *plugin_data_ref, + unsigned char *outsig, + int *outsiglen + ) +{ + int i, j; + unsigned long hSession = (unsigned long)plugin_data_ref; + unsigned char *msg; + int msg_len; + for (i = 0; i < MAX_SESSIONS; i++){ + if (data_signupdate_session[i].session_handle == hSession){ + msg = data_signupdate_session[i].data_signupdate; + msg_len = data_signupdate_session[i].data_length; + tpm2_plugin_rsa_sign(keyHandle, mechanism, msg, msg_len, plugin_data_ref, outsig, outsiglen); + tpm2_plugin_rsa_sign_cleanup(keyHandle, mechanism, plugin_data_ref); + return 0; + } + } + + return -1; +} diff --git a/TPM2-Plugin/lib/tpm2_plugin_init.c b/TPM2-Plugin/lib/tpm2_plugin_init.c index b221bd2..ef32330 100644 --- a/TPM2-Plugin/lib/tpm2_plugin_init.c +++ b/TPM2-Plugin/lib/tpm2_plugin_init.c @@ -20,13 +20,15 @@ int sshsm_hw_plugin_get_plugin_functions(SSHSM_HW_FUNCTIONS_t *funcs) { printf("%s(): Assigning Function pointers for TPM (dTPM or PTT) mode \n", __func__); - funcs->xxx_init = &tpm2_plugin_init; - funcs->xxx_uninit = &tpm2_plugin_uninit; - funcs->xxx_activate = &tpm2_plugin_activate; - funcs->xxx_load_key = &tpm2_plugin_load_key; - funcs->xxx_unload_key = NULL; - funcs->xxx_rsa_sign_init = &tpm2_plugin_rsa_sign_init; - funcs->xxx_rsa_sign = &tpm2_plugin_rsa_sign; + funcs->xxx_init = &tpm2_plugin_init; + funcs->xxx_uninit = &tpm2_plugin_uninit; + funcs->xxx_activate = &tpm2_plugin_activate; + funcs->xxx_load_key = &tpm2_plugin_load_key; + funcs->xxx_unload_key = NULL; + funcs->xxx_rsa_sign_init = &tpm2_plugin_rsa_sign_init; + funcs->xxx_rsa_sign_update = &tpm2_plugin_rsa_sign_update; + funcs->xxx_rsa_sign_final = &tpm2_plugin_rsa_sign_final; + funcs->xxx_rsa_sign = &tpm2_plugin_rsa_sign; return 0; } diff --git a/TPM2-Plugin/test/main.c b/TPM2-Plugin/test/main.c index c9d15c8..9426529 100644 --- a/TPM2-Plugin/test/main.c +++ b/TPM2-Plugin/test/main.c @@ -24,6 +24,7 @@ void main(void) void *param = NULL; size_t len = 100; void *keyHandle_sign = NULL; + unsigned long int hSession = 1; unsigned char *msg; int msg_len; @@ -56,12 +57,12 @@ void main(void) tpm2_plugin_activate(activate_in_info); printf("---------------------------------------------\n"); - tpm2_plugin_rsa_sign_init(keyHandle_sign, mechanism, param, len); + tpm2_plugin_rsa_sign_init(keyHandle_sign, mechanism, param, len, (void *)hSession); printf("---------------------------------------------\n"); tpm2_plugin_load_key(loadkey_in_info, keyHandle); printf("---------------------------------------------\n"); - tpm2_plugin_rsa_sign(keyHandle_sign, mechanism, msg, msg_len, sig, sig_len); + tpm2_plugin_rsa_sign(keyHandle_sign, mechanism, msg, msg_len, (void *)hSession, sig, sig_len); } diff --git a/build.sh b/build.sh index 369974c..8e44eb9 100644 --- a/build.sh +++ b/build.sh @@ -1,4 +1,4 @@ -#!/etc/bash +#!/bin/bash #set -e sudo kill -9 $(ps -ef | grep "apt" | grep -v grep | awk '{print $2}') -- cgit 1.2.3-korg