1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /***********************************************************************
3 * Copyright (c) 2017-2018, Intel Corporation
4 *
5 * All rights reserved.
6 ***********************************************************************/
7 #ifdef HAVE_CONFIG_H
8 #include <config.h>
9 #endif
10
11 #include <inttypes.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <assert.h>
15
16 #include <openssl/sha.h>
17 #include <openssl/hmac.h>
18 #include <openssl/evp.h>
19 #include <openssl/opensslv.h>
20
21 #define LOGMODULE testintegration
22 #include "util/log.h"
23 #include "sapi-util.h"
24 #include "test.h"
25 /*
26 * Use te provide SAPI context to create & load a primary key. The key will
27 * be a 2048 bit (restricted decryption) RSA key. The associated symmetric
28 * key is a 128 bit AES (CFB mode) key.
29 */
30 TSS2_RC
create_primary_rsa_2048_aes_128_cfb(TSS2_SYS_CONTEXT * sapi_context,TPM2_HANDLE * handle)31 create_primary_rsa_2048_aes_128_cfb (
32 TSS2_SYS_CONTEXT *sapi_context,
33 TPM2_HANDLE *handle)
34 {
35 TSS2_RC rc = TSS2_RC_SUCCESS;
36 TPM2B_SENSITIVE_CREATE in_sensitive = { 0 };
37 TPM2B_PUBLIC in_public = { 0 };
38 TPM2B_DATA outside_info = { 0 };
39 TPML_PCR_SELECTION creation_pcr = { 0 };
40 TPM2B_PUBLIC out_public = { 0 };
41 TPM2B_CREATION_DATA creation_data = { 0 };
42 TPM2B_DIGEST creation_hash = TPM2B_DIGEST_INIT;
43 TPMT_TK_CREATION creation_ticket = { 0 };
44 TPM2B_NAME name = TPM2B_NAME_INIT;
45 /* session parameters */
46 /* command session info */
47 TSS2L_SYS_AUTH_COMMAND sessions_cmd = {
48 .auths = {{ .sessionHandle = TPM2_RS_PW }},
49 .count = 1
50 };
51 /* response session info */
52 TSS2L_SYS_AUTH_RESPONSE sessions_rsp = {
53 .auths = { 0 },
54 .count = 0
55 };
56
57 if (sapi_context == NULL || handle == NULL) {
58 return TSS2_RC_LAYER_MASK | TSS2_BASE_RC_BAD_REFERENCE;
59 }
60 in_public.publicArea.type = TPM2_ALG_RSA;
61 in_public.publicArea.nameAlg = TPM2_ALG_SHA256;
62 in_public.publicArea.objectAttributes |= TPMA_OBJECT_RESTRICTED;
63 in_public.publicArea.objectAttributes |= TPMA_OBJECT_USERWITHAUTH;
64 in_public.publicArea.objectAttributes |= TPMA_OBJECT_DECRYPT;
65 in_public.publicArea.objectAttributes |= TPMA_OBJECT_FIXEDTPM;
66 in_public.publicArea.objectAttributes |= TPMA_OBJECT_FIXEDPARENT;
67 in_public.publicArea.objectAttributes |= TPMA_OBJECT_SENSITIVEDATAORIGIN;
68 in_public.publicArea.parameters.rsaDetail.symmetric.algorithm = TPM2_ALG_AES;
69 in_public.publicArea.parameters.rsaDetail.symmetric.keyBits.aes = 128;
70 in_public.publicArea.parameters.rsaDetail.symmetric.mode.aes = TPM2_ALG_CFB;
71 in_public.publicArea.parameters.rsaDetail.scheme.scheme = TPM2_ALG_NULL;
72 in_public.publicArea.parameters.rsaDetail.keyBits = 2048;
73
74 LOG_INFO("CreatePrimary RSA 2048, AES 128 CFB");
75 rc = Tss2_Sys_CreatePrimary (sapi_context,
76 TPM2_RH_OWNER,
77 &sessions_cmd,
78 &in_sensitive,
79 &in_public,
80 &outside_info,
81 &creation_pcr,
82 handle,
83 &out_public,
84 &creation_data,
85 &creation_hash,
86 &creation_ticket,
87 &name,
88 &sessions_rsp);
89 if (rc == TPM2_RC_SUCCESS) {
90 LOG_INFO("success");
91 } else {
92 LOG_ERROR("CreatePrimary FAILED! Response Code : 0x%x", rc);
93 exit(1);
94 }
95
96 return rc;
97 }
98
99 TSS2_RC
create_aes_128_cfb(TSS2_SYS_CONTEXT * sapi_context,TPM2_HANDLE handle_parent,TPM2_HANDLE * handle)100 create_aes_128_cfb (
101 TSS2_SYS_CONTEXT *sapi_context,
102 TPM2_HANDLE handle_parent,
103 TPM2_HANDLE *handle)
104 {
105 TSS2_RC rc = TSS2_RC_SUCCESS;
106 TPM2B_SENSITIVE_CREATE in_sensitive = { 0 };
107 /* template defining key type */
108 TPM2B_PUBLIC in_public = {
109 .size = 0,
110 .publicArea.type = TPM2_ALG_SYMCIPHER,
111 .publicArea.nameAlg = TPM2_ALG_SHA256,
112 .publicArea.objectAttributes = TPMA_OBJECT_DECRYPT |
113 TPMA_OBJECT_FIXEDTPM |
114 TPMA_OBJECT_FIXEDPARENT |
115 TPMA_OBJECT_SENSITIVEDATAORIGIN |
116 TPMA_OBJECT_SIGN_ENCRYPT |
117 TPMA_OBJECT_USERWITHAUTH,
118 .publicArea.parameters.symDetail.sym = {
119 .algorithm = TPM2_ALG_AES,
120 .keyBits.sym = 128,
121 .mode.sym = TPM2_ALG_CFB,
122 },
123 };
124
125 TPM2B_DATA outside_info = { 0 };
126 TPML_PCR_SELECTION creation_pcr = { 0 };
127 TPM2B_PRIVATE out_private = TPM2B_PRIVATE_INIT;
128 TPM2B_PUBLIC out_public = { 0 };
129 TPM2B_CREATION_DATA creation_data = { 0 };
130 TPM2B_DIGEST creation_hash = TPM2B_DIGEST_INIT;
131 TPMT_TK_CREATION creation_ticket = { 0 };
132 TPM2B_NAME name = TPM2B_NAME_INIT;
133 /* session parameters */
134 /* command session info */
135 TSS2L_SYS_AUTH_COMMAND sessions_cmd = {
136 .auths = {{ .sessionHandle = TPM2_RS_PW }},
137 .count = 1
138 };
139 /* response session info */
140 TSS2L_SYS_AUTH_RESPONSE sessions_rsp = {
141 .auths = { 0 },
142 .count = 0
143 };
144
145 rc = TSS2_RETRY_EXP (Tss2_Sys_Create (sapi_context,
146 handle_parent,
147 &sessions_cmd,
148 &in_sensitive,
149 &in_public,
150 &outside_info,
151 &creation_pcr,
152 &out_private,
153 &out_public,
154 &creation_data,
155 &creation_hash,
156 &creation_ticket,
157 &sessions_rsp));
158 if (rc != TPM2_RC_SUCCESS) {
159 return rc;
160 }
161
162 return Tss2_Sys_Load (sapi_context,
163 handle_parent,
164 &sessions_cmd,
165 &out_private,
166 &out_public,
167 handle,
168 &name,
169 &sessions_rsp);
170 }
171
172 TSS2_RC
create_keyedhash_key(TSS2_SYS_CONTEXT * sapi_context,TPM2_HANDLE handle_parent,TPM2_HANDLE * handle)173 create_keyedhash_key (
174 TSS2_SYS_CONTEXT *sapi_context,
175 TPM2_HANDLE handle_parent,
176 TPM2_HANDLE *handle)
177 {
178 TSS2_RC rc = TSS2_RC_SUCCESS;
179 TPM2B_SENSITIVE_CREATE in_sensitive = { 0 };
180 /* template defining key type */
181 TPM2B_PUBLIC in_public = {
182 .size = 0,
183 .publicArea.type = TPM2_ALG_KEYEDHASH,
184 .publicArea.nameAlg = TPM2_ALG_SHA256,
185 .publicArea.objectAttributes = TPMA_OBJECT_RESTRICTED |
186 TPMA_OBJECT_SIGN_ENCRYPT |
187 TPMA_OBJECT_FIXEDTPM |
188 TPMA_OBJECT_FIXEDPARENT |
189 TPMA_OBJECT_SENSITIVEDATAORIGIN |
190 TPMA_OBJECT_USERWITHAUTH,
191 .publicArea.parameters.keyedHashDetail.scheme.scheme = TPM2_ALG_HMAC,
192 .publicArea.parameters.keyedHashDetail.scheme.details.hmac.hashAlg = TPM2_ALG_SHA1,
193 .publicArea.unique.keyedHash.size = 0,
194 };
195
196 TPM2B_DATA outside_info = { 0 };
197 TPML_PCR_SELECTION creation_pcr = { 0 };
198 TPM2B_PRIVATE out_private = TPM2B_PRIVATE_INIT;
199 TPM2B_PUBLIC out_public = { 0 };
200 TPM2B_CREATION_DATA creation_data = { 0 };
201 TPM2B_DIGEST creation_hash = TPM2B_DIGEST_INIT;
202 TPMT_TK_CREATION creation_ticket = { 0 };
203 TPM2B_NAME name = TPM2B_NAME_INIT;
204 /* session parameters */
205 /* command session info */
206 TSS2L_SYS_AUTH_COMMAND sessions_cmd = {
207 .auths = {{ .sessionHandle = TPM2_RS_PW }},
208 .count = 1
209 };
210 /* response session info */
211 TSS2L_SYS_AUTH_RESPONSE sessions_rsp = {
212 .auths = { 0 },
213 .count = 0
214 };
215
216 rc = TSS2_RETRY_EXP (Tss2_Sys_Create (sapi_context,
217 handle_parent,
218 &sessions_cmd,
219 &in_sensitive,
220 &in_public,
221 &outside_info,
222 &creation_pcr,
223 &out_private,
224 &out_public,
225 &creation_data,
226 &creation_hash,
227 &creation_ticket,
228 &sessions_rsp));
229 if (rc != TPM2_RC_SUCCESS) {
230 return rc;
231 }
232
233 return Tss2_Sys_Load (sapi_context,
234 handle_parent,
235 &sessions_cmd,
236 &out_private,
237 &out_public,
238 handle,
239 &name,
240 &sessions_rsp);
241 }
242
243
244 TSS2_RC
tpm_encrypt_decrypt_cfb(TSS2_SYS_CONTEXT * sapi_context,TPMI_DH_OBJECT handle,TPMI_YES_NO decrypt,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * data_out)245 tpm_encrypt_decrypt_cfb (
246 TSS2_SYS_CONTEXT *sapi_context,
247 TPMI_DH_OBJECT handle,
248 TPMI_YES_NO decrypt,
249 TPM2B_MAX_BUFFER *data_in,
250 TPM2B_MAX_BUFFER *data_out)
251 {
252 TPMI_ALG_SYM_MODE mode = TPM2_ALG_NULL;
253 TPM2B_IV iv_in = TPM2B_IV_INIT;
254 TPM2B_IV iv_out = TPM2B_IV_INIT;
255
256 /* session parameters */
257 /* command session info */
258 /* command session info */
259 TSS2L_SYS_AUTH_COMMAND sessions_cmd = {
260 .auths = {{ .sessionHandle = TPM2_RS_PW }},
261 .count = 1
262 };
263 /* response session info */
264 TSS2L_SYS_AUTH_RESPONSE sessions_rsp = {
265 .auths = { 0 },
266 .count = 0
267 };
268
269 return Tss2_Sys_EncryptDecrypt (sapi_context,
270 handle,
271 &sessions_cmd,
272 decrypt,
273 mode,
274 &iv_in,
275 data_in,
276 data_out,
277 &iv_out,
278 &sessions_rsp);
279 }
280
281 TSS2_RC
tpm_decrypt_cfb(TSS2_SYS_CONTEXT * sapi_context,TPMI_DH_OBJECT handle,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * data_out)282 tpm_decrypt_cfb (
283 TSS2_SYS_CONTEXT *sapi_context,
284 TPMI_DH_OBJECT handle,
285 TPM2B_MAX_BUFFER *data_in,
286 TPM2B_MAX_BUFFER *data_out)
287 {
288 return tpm_encrypt_decrypt_cfb (sapi_context, handle, YES, data_in, data_out);
289 }
290
291 TSS2_RC
tpm_encrypt_cfb(TSS2_SYS_CONTEXT * sapi_context,TPMI_DH_OBJECT handle,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * data_out)292 tpm_encrypt_cfb (
293 TSS2_SYS_CONTEXT *sapi_context,
294 TPMI_DH_OBJECT handle,
295 TPM2B_MAX_BUFFER *data_in,
296 TPM2B_MAX_BUFFER *data_out)
297 {
298 return tpm_encrypt_decrypt_cfb (sapi_context, handle, NO, data_in, data_out);
299 }
300
301 TSS2_RC
tpm_encrypt_decrypt_2_cfb(TSS2_SYS_CONTEXT * sapi_context,TPMI_DH_OBJECT handle,TPMI_YES_NO decrypt,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * data_out)302 tpm_encrypt_decrypt_2_cfb (
303 TSS2_SYS_CONTEXT *sapi_context,
304 TPMI_DH_OBJECT handle,
305 TPMI_YES_NO decrypt,
306 TPM2B_MAX_BUFFER *data_in,
307 TPM2B_MAX_BUFFER *data_out)
308 {
309 TPMI_ALG_SYM_MODE mode = TPM2_ALG_NULL;
310 TPM2B_IV iv_in = TPM2B_IV_INIT;
311 TPM2B_IV iv_out = TPM2B_IV_INIT;
312
313 /* session parameters */
314 /* command session info */
315 /* command session info */
316 TSS2L_SYS_AUTH_COMMAND sessions_cmd = {
317 .auths = {{ .sessionHandle = TPM2_RS_PW }},
318 .count = 1
319 };
320 /* response session info */
321 TSS2L_SYS_AUTH_RESPONSE sessions_rsp = {
322 .auths = { 0 },
323 .count = 0
324 };
325
326 return Tss2_Sys_EncryptDecrypt2 (sapi_context,
327 handle,
328 &sessions_cmd,
329 data_in,
330 decrypt,
331 mode,
332 &iv_in,
333 data_out,
334 &iv_out,
335 &sessions_rsp);
336 }
337
338 TSS2_RC
tpm_decrypt_2_cfb(TSS2_SYS_CONTEXT * sapi_context,TPMI_DH_OBJECT handle,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * data_out)339 tpm_decrypt_2_cfb (
340 TSS2_SYS_CONTEXT *sapi_context,
341 TPMI_DH_OBJECT handle,
342 TPM2B_MAX_BUFFER *data_in,
343 TPM2B_MAX_BUFFER *data_out)
344 {
345 return tpm_encrypt_decrypt_2_cfb (sapi_context, handle, YES, data_in, data_out);
346 }
347
348 TSS2_RC
tpm_encrypt_2_cfb(TSS2_SYS_CONTEXT * sapi_context,TPMI_DH_OBJECT handle,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * data_out)349 tpm_encrypt_2_cfb (
350 TSS2_SYS_CONTEXT *sapi_context,
351 TPMI_DH_OBJECT handle,
352 TPM2B_MAX_BUFFER *data_in,
353 TPM2B_MAX_BUFFER *data_out)
354 {
355 return tpm_encrypt_decrypt_2_cfb (sapi_context, handle, NO, data_in, data_out);
356 }
357
358 static TSS2_RC
encrypt_decrypt_cfb(TPM2B_MAX_BUFFER * data_out,TPM2B_MAX_BUFFER * data_in,TPMI_YES_NO decrypt,TPM2B_MAX_BUFFER * key,TPM2B_IV * iv)359 encrypt_decrypt_cfb (
360 TPM2B_MAX_BUFFER *data_out,
361 TPM2B_MAX_BUFFER *data_in,
362 TPMI_YES_NO decrypt,
363 TPM2B_MAX_BUFFER *key,
364 TPM2B_IV *iv)
365 {
366 EVP_CIPHER_CTX *ctx;
367 const EVP_CIPHER *type;
368 TSS2_RC rc = TSS2_SYS_RC_BAD_VALUE;
369 int len = 0, sll_rc;
370
371 ctx = EVP_CIPHER_CTX_new();
372 if (!ctx)
373 return TSS2_SYS_RC_GENERAL_FAILURE;
374
375 switch (key->size) {
376 case 16:
377 type = EVP_aes_128_cfb();
378 break;
379 case 24:
380 type = EVP_aes_192_cfb();
381 break;
382 case 32:
383 type = EVP_aes_256_cfb();
384 break;
385 default:
386 goto clean;
387 }
388
389 rc = TSS2_SYS_RC_GENERAL_FAILURE;
390
391 if (decrypt) {
392 sll_rc = EVP_DecryptInit_ex(ctx, type, NULL, key->buffer, iv->buffer);
393 if (sll_rc != 1)
394 goto clean;
395
396 sll_rc = EVP_DecryptUpdate(ctx, data_out->buffer, &len,
397 data_in->buffer, data_in->size);
398 if (sll_rc != 1)
399 goto clean;
400
401 data_out->size = len;
402
403 sll_rc = EVP_DecryptFinal_ex(ctx, data_out->buffer + len, &len);
404 if (sll_rc != 1)
405 goto clean;
406
407 } else {
408
409 sll_rc = EVP_EncryptInit_ex(ctx, type, NULL, key->buffer, iv->buffer);
410 if (sll_rc != 1)
411 goto clean;
412
413 sll_rc = EVP_EncryptUpdate(ctx, data_out->buffer, &len,
414 data_in->buffer, data_in->size);
415 if (sll_rc != 1)
416 goto clean;
417
418 data_out->size = len;
419
420 sll_rc = EVP_EncryptFinal_ex(ctx, data_out->buffer + len, &len);
421 if (sll_rc != 1)
422 goto clean;
423 }
424
425 data_out->size += len;
426 rc = TPM2_RC_SUCCESS;
427
428 clean:
429 EVP_CIPHER_CTX_free(ctx);
430
431 return rc;
432 }
433
434 TSS2_RC
decrypt_cfb(TPM2B_MAX_BUFFER * data_out,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * key,TPM2B_IV * iv)435 decrypt_cfb (
436 TPM2B_MAX_BUFFER *data_out,
437 TPM2B_MAX_BUFFER *data_in,
438 TPM2B_MAX_BUFFER *key,
439 TPM2B_IV *iv)
440 {
441 return encrypt_decrypt_cfb(data_out, data_in, YES, key, iv);
442 }
443
444 TSS2_RC
encrypt_cfb(TPM2B_MAX_BUFFER * data_out,TPM2B_MAX_BUFFER * data_in,TPM2B_MAX_BUFFER * key,TPM2B_IV * iv)445 encrypt_cfb (
446 TPM2B_MAX_BUFFER *data_out,
447 TPM2B_MAX_BUFFER *data_in,
448 TPM2B_MAX_BUFFER *key,
449 TPM2B_IV *iv)
450 {
451 return encrypt_decrypt_cfb(data_out, data_in, NO, key, iv);
452 }
453
454 TSS2_RC
hash(TPM2_ALG_ID alg,const void * data,int size,TPM2B_DIGEST * out)455 hash (
456 TPM2_ALG_ID alg,
457 const void *data,
458 int size,
459 TPM2B_DIGEST *out)
460 {
461 switch (alg) {
462 case TPM2_ALG_SHA1:
463 SHA1(data, size, out->buffer);
464 out->size = TPM2_SHA1_DIGEST_SIZE;
465 break;
466 case TPM2_ALG_SHA256:
467 SHA256(data, size, out->buffer);
468 out->size = TPM2_SHA256_DIGEST_SIZE;
469 break;
470 case TPM2_ALG_SHA384:
471 SHA384(data, size, out->buffer);
472 out->size = TPM2_SHA384_DIGEST_SIZE;
473 break;
474 case TPM2_ALG_SHA512:
475 SHA512(data, size, out->buffer);
476 out->size = TPM2_SHA512_DIGEST_SIZE;
477 break;
478 default:
479 return TSS2_SYS_RC_BAD_VALUE;
480 }
481 return TPM2_RC_SUCCESS;
482 }
483
484 TSS2_RC
hmac(TPM2_ALG_ID alg,const void * key,int key_len,TPM2B_DIGEST ** buffer_list,TPM2B_DIGEST * out)485 hmac(
486 TPM2_ALG_ID alg,
487 const void *key,
488 int key_len,
489 TPM2B_DIGEST **buffer_list,
490 TPM2B_DIGEST *out)
491 {
492 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
493 HMAC_CTX *ctx;
494 #else
495 HMAC_CTX _ctx;
496 HMAC_CTX *ctx = &_ctx;
497 #endif
498 EVP_MD *evp;
499 int rc = 1, i;
500 unsigned int *buf = NULL, size;
501 uint8_t *buf_ptr;
502
503 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
504 /* HMAC_CTX_new and HMAC_CTX_free are new in openSSL 1.1.0 */
505 ctx = HMAC_CTX_new();
506 #else
507 HMAC_CTX_init(ctx);
508 #endif
509
510 if (!ctx)
511 return TSS2_SYS_RC_GENERAL_FAILURE;
512
513 switch (alg) {
514 case TPM2_ALG_SHA1:
515 evp = (EVP_MD *) EVP_sha1();
516 out->size = TPM2_SHA1_DIGEST_SIZE;
517 break;
518 case TPM2_ALG_SHA256:
519 evp = (EVP_MD *) EVP_sha256();
520 out->size = TPM2_SHA256_DIGEST_SIZE;
521 break;
522 case TPM2_ALG_SHA384:
523 evp = (EVP_MD *) EVP_sha384();
524 out->size = TPM2_SHA384_DIGEST_SIZE;
525 break;
526 case TPM2_ALG_SHA512:
527 evp = (EVP_MD *) EVP_sha512();
528 out->size = TPM2_SHA512_DIGEST_SIZE;
529 break;
530 default:
531 rc = TSS2_SYS_RC_BAD_VALUE;
532 goto out;
533 }
534 rc = 0;
535 buf = calloc(1, out->size);
536 if (!buf)
537 goto out;
538
539 buf_ptr = (uint8_t *)buf;
540
541 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
542 rc = HMAC_Init_ex(ctx, key, key_len, evp, NULL);
543 #else
544 rc = HMAC_Init(ctx, key, key_len, evp);
545 #endif
546
547 if (rc != 1)
548 goto out;
549 for (i = 0; buffer_list[i] != 0; i++) {
550 rc = HMAC_Update(ctx, buffer_list[i]->buffer, buffer_list[i]->size);
551 if (rc != 1)
552 goto out;
553 }
554 /* buf_ptr has to be 4 bytes alligned for whatever reason */
555 rc = HMAC_Final(ctx, buf_ptr, &size);
556 if (rc != 1)
557 goto out;
558
559 assert(size == out->size);
560
561 memcpy(out->buffer, buf, out->size);
562
563 out:
564 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
565 HMAC_CTX_free(ctx);
566 #else
567 HMAC_CTX_cleanup(ctx);
568 #endif
569
570 if (buf)
571 free(buf);
572
573 /* In openSSL 1 means success 0 error */
574 return rc == 1 ? TPM2_RC_SUCCESS : TSS2_SYS_RC_GENERAL_FAILURE;
575 }
576
577 TSS2_RC
ConcatSizedByteBuffer(TPM2B_MAX_BUFFER * result,TPM2B * buf)578 ConcatSizedByteBuffer(
579 TPM2B_MAX_BUFFER *result,
580 TPM2B *buf)
581 {
582 if (result->size + buf->size > TPM2_MAX_DIGEST_BUFFER)
583 return TSS2_SYS_RC_BAD_VALUE;
584
585 memmove(result->buffer + result->size,
586 buf->buffer, buf->size);
587
588 result->size += buf->size;
589 return TPM2_RC_SUCCESS;
590 }
591
592 TSS2_RC
CompareSizedByteBuffer(TPM2B * buffer1,TPM2B * buffer2)593 CompareSizedByteBuffer(
594 TPM2B *buffer1,
595 TPM2B *buffer2)
596 {
597 if (buffer1->size != buffer2->size)
598 return TPM2_RC_FAILURE;
599
600 if (memcmp(buffer1->buffer, buffer2->buffer, buffer1->size))
601 return TPM2_RC_FAILURE;
602
603 return TPM2_RC_SUCCESS;
604 }
605
606 void
CatSizedByteBuffer(TPM2B * dest,TPM2B * src)607 CatSizedByteBuffer(
608 TPM2B *dest,
609 TPM2B *src)
610 {
611 if (!dest || !src)
612 return;
613
614 memcpy(dest->buffer + dest->size, src->buffer, src->size);
615 dest->size += src->size;
616 }
617
618 UINT16
CopySizedByteBuffer(TPM2B * dest,const TPM2B * src)619 CopySizedByteBuffer(
620 TPM2B *dest,
621 const TPM2B *src)
622 {
623 if (!dest)
624 return 0;
625
626 if (!src) {
627 dest->size = 0;
628 return 0;
629 }
630
631 memcpy(dest->buffer, src->buffer, src->size);
632 dest->size = src->size;
633 return src->size + 2;
634 }
635
636 UINT16
GetDigestSize(TPM2_ALG_ID hash)637 GetDigestSize(TPM2_ALG_ID hash)
638 {
639 switch (hash) {
640 case TPM2_ALG_SHA1:
641 return TPM2_SHA1_DIGEST_SIZE;
642 case TPM2_ALG_SHA256:
643 return TPM2_SHA256_DIGEST_SIZE;
644 case TPM2_ALG_SHA384:
645 return TPM2_SHA384_DIGEST_SIZE;
646 case TPM2_ALG_SHA512:
647 return TPM2_SHA512_DIGEST_SIZE;
648 case TPM2_ALG_SM3_256:
649 return TPM2_SM3_256_DIGEST_SIZE;
650 default:
651 return 0;
652 }
653 }
654
655 TSS2_RC
DefineNvIndex(TSS2_SYS_CONTEXT * sys_ctx,TPMI_RH_PROVISION authHandle,TPM2B_AUTH * auth,const TPM2B_DIGEST * authPolicy,TPMI_RH_NV_INDEX nvIndex,TPMI_ALG_HASH nameAlg,TPMA_NV attributes,UINT16 size)656 DefineNvIndex (
657 TSS2_SYS_CONTEXT *sys_ctx,
658 TPMI_RH_PROVISION authHandle,
659 TPM2B_AUTH *auth,
660 const TPM2B_DIGEST *authPolicy,
661 TPMI_RH_NV_INDEX nvIndex,
662 TPMI_ALG_HASH nameAlg,
663 TPMA_NV attributes,
664 UINT16 size)
665 {
666 TPM2B_NV_PUBLIC publicInfo = {
667 .nvPublic = {
668 .attributes = attributes | TPMA_NV_ORDERLY,
669 .dataSize = size,
670 .nameAlg = nameAlg,
671 .nvIndex = nvIndex,
672 },
673 .size = sizeof (TPMI_RH_NV_INDEX) + sizeof (TPMI_ALG_HASH) +
674 sizeof (TPMA_NV) + sizeof (UINT16) + sizeof (UINT16),
675 };
676 CopySizedByteBuffer ((TPM2B*)&publicInfo.nvPublic.authPolicy,
677 (TPM2B*)authPolicy);
678
679 TSS2L_SYS_AUTH_RESPONSE sessionsDataOut;
680 TSS2L_SYS_AUTH_COMMAND sessionsData = {
681 .count = 1,
682 .auths = {
683 {
684 .sessionHandle = TPM2_RS_PW,
685 .sessionAttributes = 0,
686 .nonce = { .size = 0 },
687 .hmac = { .size = 0 },
688 },
689 },
690 };
691
692 return Tss2_Sys_NV_DefineSpace (sys_ctx,
693 authHandle,
694 &sessionsData,
695 auth,
696 &publicInfo,
697 &sessionsDataOut);
698 }
699