Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Various cleanups #388

Merged
merged 1 commit into from
Dec 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion examples/keygen/keygen.c
Original file line number Diff line number Diff line change
Expand Up @@ -221,13 +221,14 @@ int TPM2_Keygen_Example(void* userCtx, int argc, char *argv[])
}

if (endorseKey) {
/* endorsement is always RSA */
/* endorsement key (EK) */
rc = wolfTPM2_CreateEK(&dev, &endorse, srkAlg);
endorse.handle.policyAuth = 1; /* EK requires Policy auth, not Password */
pubFilename = ekPubFile;
primary = &endorse;
}
else {
/* storage root key (SRK) */
rc = getPrimaryStoragekey(&dev, &storage, srkAlg);
pubFilename = srkPubFile;
primary = &storage;
Expand Down
3 changes: 2 additions & 1 deletion examples/keygen/keyload.c
Original file line number Diff line number Diff line change
Expand Up @@ -138,13 +138,14 @@ int TPM2_Keyload_Example(void* userCtx, int argc, char *argv[])
printf("Loading %s key\n", TPM2_GetAlgName(alg));

if (endorseKey) {
/* endorsement is always RSA */
/* endorsement key (EK) */
rc = wolfTPM2_CreateEK(&dev, &endorse, srkAlg);
if (rc != 0) goto exit;
endorse.handle.policyAuth = 1;
primary = &endorse;
}
else {
/* storage root key (SRK) */
rc = getPrimaryStoragekey(&dev, &storage, srkAlg);
if (rc != 0) goto exit;
primary = &storage;
Expand Down
14 changes: 8 additions & 6 deletions src/tpm2_param_enc.c
Original file line number Diff line number Diff line change
Expand Up @@ -299,7 +299,8 @@ static int TPM2_ParamEnc_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
/* Perform AES CFB Encryption */
rc = wc_AesInit(&enc, NULL, INVALID_DEVID);
if (rc == 0) {
rc = wc_AesSetKey(&enc, symKey, symKeySz, &symKey[symKeySz], AES_ENCRYPTION);
rc = wc_AesSetKey(&enc, symKey, symKeySz, &symKey[symKeySz],
AES_ENCRYPTION);
if (rc == 0) {
rc = wc_AesCfbEncrypt(&enc, paramData, paramData, paramSz);
}
Expand All @@ -315,7 +316,7 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
UINT32 paramSz)
{
int rc = TPM_RC_FAILURE;
BYTE symKey[32 + 16]; /* AES key 128-bit + IV (block size) */
BYTE symKey[32 + 16]; /* AES key 128-bit + IV (block size) */
int symKeySz = session->symmetric.keyBits.aes / 8;
const int symKeyIvSz = 16;
Aes dec;
Expand Down Expand Up @@ -344,7 +345,8 @@ static int TPM2_ParamDec_AESCFB(TPM2_AUTH_SESSION *session, TPM2B_AUTH* keyIn,
/* Perform AES CFB Decryption */
rc = wc_AesInit(&dec, NULL, INVALID_DEVID);
if (rc == 0) {
rc = wc_AesSetKey(&dec, symKey, symKeySz, &symKey[symKeySz], AES_ENCRYPTION);
rc = wc_AesSetKey(&dec, symKey, symKeySz, &symKey[symKeySz],
AES_ENCRYPTION);
if (rc == 0) {
rc = wc_AesCfbDecrypt(&dec, paramData, paramData, paramSz);
}
Expand Down Expand Up @@ -392,21 +394,21 @@ int TPM2_CalcCpHash(TPMI_ALG_HASH authHash, TPM_CC cmdCode,
if (rc == 0 && name1 && name1->size > 0) {
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("Name 0: %d\n", name1->size);
TPM2_PrintBin(name1->name, name1->size);
TPM2_PrintBin(name1->name, name1->size);
#endif
rc = wc_HashUpdate(&hash_ctx, hashType, name1->name, name1->size);
}
if (rc == 0 && name2 && name2->size > 0) {
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("Name 1: %d\n", name2->size);
TPM2_PrintBin(name2->name, name2->size);
TPM2_PrintBin(name2->name, name2->size);
#endif
rc = wc_HashUpdate(&hash_ctx, hashType, name2->name, name2->size);
}
if (rc == 0 && name3 && name3->size > 0) {
#ifdef WOLFTPM_DEBUG_VERBOSE
printf("Name 2: %d\n", name3->size);
TPM2_PrintBin(name3->name, name3->size);
TPM2_PrintBin(name3->name, name3->size);
#endif
rc = wc_HashUpdate(&hash_ctx, hashType, name3->name, name3->size);
}
Expand Down
32 changes: 19 additions & 13 deletions src/tpm2_wrap.c
Original file line number Diff line number Diff line change
Expand Up @@ -2127,11 +2127,11 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
int integritySz = 0;
int ivSz = 0;
int sensSz = 0;
BYTE* sensitiveData = NULL;
TPM2B_SYM_KEY symKey;
TPM2B_IV ivField;
TPM2_Packet packet;
#ifdef WOLFTPM2_PRIVATE_IMPORT
BYTE* sensitiveData = NULL;
TPM2B_SYM_KEY symKey;
TPM2B_DIGEST hmacKey;
Aes enc;
Hmac hmac_ctx;
Expand All @@ -2144,12 +2144,7 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
/* if using a parent then use it's integrity algorithm */
if (parentKey != NULL) {
nameAlg = parentKey->pub.publicArea.nameAlg;
symKey.size = parentKey->handle.symmetric.keyBits.sym;
}
else {
symKey.size = sym->keyBits.sym;
}

digestSz = TPM2_GetHashDigestSize(nameAlg);
if (digestSz == 0) {
#ifdef DEBUG_WOLFTPM
Expand Down Expand Up @@ -2188,9 +2183,23 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
TPM2_Packet_AppendSensitive(&packet, sens);
sensSz = packet.pos;
priv->size = integritySz + ivSz + sensSz;
sensSz = ivSz + sensSz;

#ifdef WOLFTPM2_PRIVATE_IMPORT
sensitiveData = &priv->buffer[integritySz];
sensSz = ivSz + sensSz;
if (parentKey != NULL) {
symKey.size = parentKey->handle.symmetric.keyBits.sym;
}
else {
symKey.size = sym->keyBits.sym;
}
/* convert from bit to byte and round up */
symKey.size = (symKey.size + 7) / 8;
/* check for invalid value */
if (symKey.size > sizeof(symKey.buffer)) {
return BUFFER_E;
}
#endif

if (innerWrap) {
/* TODO: Inner wrap support */
Expand All @@ -2199,7 +2208,6 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
if (outerWrap) {
#ifdef WOLFTPM2_PRIVATE_IMPORT
/* Generate symmetric key for encryption of inner values */
symKey.size = (symKey.size + 7) / 8; /* convert to byte and round up */
rc = TPM2_KDFa(nameAlg, symSeed, "STORAGE", (TPM2B_NONCE*)name,
NULL, symKey.buffer, symKey.size);
if (rc != symKey.size) {
Expand All @@ -2213,7 +2221,7 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
rc = wc_AesInit(&enc, NULL, INVALID_DEVID);
if (rc == 0) {
rc = wc_AesSetKey(&enc, symKey.buffer, symKey.size,
ivField.size == 0 ? NULL : ivField.buffer, AES_ENCRYPTION);
ivField.buffer, AES_ENCRYPTION);
if (rc == 0) {
/* use inline encryption for both IV and sensitive */
rc = wc_AesCfbEncrypt(&enc, sensitiveData, sensitiveData,
Expand Down Expand Up @@ -2270,9 +2278,7 @@ static int SensitiveToPrivate(TPM2B_SENSITIVE* sens, TPM2B_PRIVATE* priv,
digestSz = TPM2_Packet_SwapU16(digestSz);
XMEMCPY(&priv->buffer[0], &digestSz, sizeof(word16));
#else
(void)sensitiveData;
(void)name;
(void)symKey;
(void)sensSz;
rc = NOT_COMPILED_IN;
#endif
Expand Down Expand Up @@ -5258,7 +5264,7 @@ int wolfTPM2_LoadSymmetricKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, int alg,
return BUFFER_E;
}

hashAlg = (keySz == 32) ? TPM_ALG_SHA256 : TPM_ALG_SHA1;
hashAlg = WOLFTPM2_WRAP_DIGEST;
hashAlgDigSz = TPM2_GetHashDigestSize(hashAlg);

/* Setup load command */
Expand Down
Loading