1 /* Copyright 2018 Intel Corporation, Inc
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
26 #include <tss2/tss2_sys.h>
27 #include "hwpluginif.h"
33 #define TPM_SKM_SRK_HANDLE 0x81000011
35 #define TPM_SKM_AC0_HANDLE 0x90000000
36 #define TPM_SKM_AC1_HANDLE 0x90000001
37 #define TPM_SKM_AC2_HANDLE 0x90000002
39 #define TPM_SKM_APP_HANDLE 0x91100001
41 #define INIT_SIMPLE_TPM2B_SIZE( type ) (type).t.size = sizeof( type ) - 2;
43 #define APP_RC_OFFSET 0x100
45 #define TSS2_APP_RC_PASSED (APP_RC_PASSED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
46 #define TSS2_APP_RC_GET_NAME_FAILED (APP_RC_GET_NAME_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
47 #define TSS2_APP_RC_CREATE_SESSION_KEY_FAILED (APP_RC_CREATE_SESSION_KEY_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
48 #define TSS2_APP_RC_SESSION_SLOT_NOT_FOUND (APP_RC_SESSION_SLOT_NOT_FOUND + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
49 #define TSS2_APP_RC_BAD_ALGORITHM (APP_RC_BAD_ALGORITHM + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
50 #define TSS2_APP_RC_SYS_CONTEXT_CREATE_FAILED (APP_RC_SYS_CONTEXT_CREATE_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
51 #define TSS2_APP_RC_GET_SESSION_STRUCT_FAILED (APP_RC_GET_SESSION_STRUCT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
52 #define TSS2_APP_RC_GET_SESSION_ALG_ID_FAILED (APP_RC_GET_SESSION_ALG_ID_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
53 #define TSS2_APP_RC_INIT_SYS_CONTEXT_FAILED (APP_RC_INIT_SYS_CONTEXT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
54 #define TSS2_APP_RC_TEARDOWN_SYS_CONTEXT_FAILED (APP_RC_TEARDOWN_SYS_CONTEXT_FAILED + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
55 #define TSS2_APP_RC_BAD_LOCALITY (APP_RC_BAD_LOCALITY + APP_RC_OFFSET + TSS2_APP_ERROR_LEVEL)
58 //#define HAVE_TCTI_DEV 1
59 #define HAVE_TCTI_TABRMD 1
60 //#define TCTI_DEFAULT HAVE_TCTI_DEV
64 APP_RC_GET_NAME_FAILED,
65 APP_RC_CREATE_SESSION_KEY_FAILED,
66 APP_RC_SESSION_SLOT_NOT_FOUND,
68 APP_RC_SYS_CONTEXT_CREATE_FAILED,
69 APP_RC_GET_SESSION_STRUCT_FAILED,
70 APP_RC_GET_SESSION_ALG_ID_FAILED,
71 APP_RC_INIT_SYS_CONTEXT_FAILED,
72 APP_RC_TEARDOWN_SYS_CONTEXT_FAILED,
76 TSS2_SYS_CONTEXT *InitSysContext (UINT16 maxCommandSize,
77 TSS2_TCTI_CONTEXT *tctiContext,
78 TSS2_ABI_VERSION *abiVersion );
80 void TeardownSysContext( TSS2_SYS_CONTEXT **sysContext );
82 TSS2_RC TeardownTctiResMgrContext( TSS2_TCTI_CONTEXT *tctiContext );
85 #ifdef HAVE_TCTI_TABRMD
86 #define TCTI_DEFAULT TABRMD_TCTI
87 #define TCTI_DEFAULT_STR "tabrmd"
89 #define TCTI_DEFAULT SOCKET_TCTI
90 #define TCTI_DEFAULT_STR "socket"
92 #define TCTI_DEFAULT DEVICE_TCTI
93 #define TCTI_DEFAULT_STR "device"
97 /* Defaults for Device TCTI */
98 #define TCTI_DEVICE_DEFAULT_PATH "/dev/tpm0"
100 /* Deafults for Socket TCTI connections, port default is for resourcemgr */
101 #define TCTI_SOCKET_DEFAULT_ADDRESS "127.0.0.1"
102 #define TCTI_SOCKET_DEFAULT_PORT 2321
104 /* Environment variables usable as alternatives to command line options */
105 #define TPM2TOOLS_ENV_TCTI_NAME "TPM2TOOLS_TCTI_NAME"
106 #define TPM2TOOLS_ENV_DEVICE_FILE "TPM2TOOLS_DEVICE_FILE"
107 #define TPM2TOOLS_ENV_SOCKET_ADDRESS "TPM2TOOLS_SOCKET_ADDRESS"
108 #define TPM2TOOLS_ENV_SOCKET_PORT "TPM2TOOLS_SOCKET_PORT"
110 #define COMMON_OPTS_INITIALIZER { \
111 .tcti_type = TCTI_DEFAULT, \
112 .device_file = TCTI_DEVICE_DEFAULT_PATH, \
113 .socket_address = TCTI_SOCKET_DEFAULT_ADDRESS, \
114 .socket_port = TCTI_SOCKET_DEFAULT_PORT, \
124 #ifdef HAVE_TCTI_SOCK
127 #ifdef HAVE_TCTI_TABRMD
137 char *socket_address;
138 uint16_t socket_port;
144 #define MAX_DATA_SIGNUPDATE 0x2000
145 #define MAX_SESSIONS 0x1000
147 typedef struct concatenate_data_signupdate {
148 unsigned long int session_handle;
149 unsigned char data_signupdate[MAX_DATA_SIGNUPDATE];
151 }CONCATENATE_DATA_SIGNUPDATE_t;
153 int tpm2_plugin_init();
154 int tpm2_plugin_uninit();
155 int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info);
156 int tpm2_plugin_load_key(
157 SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
159 SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info
162 int tpm2_plugin_rsa_sign_init(
164 unsigned long mechanism,
167 void **plugin_data_ref
170 int tpm2_plugin_rsa_sign(
172 unsigned long mechanism,
175 void *plugin_data_ref,
180 int tpm2_plugin_rsa_sign_update(
182 unsigned long mechnaism,
185 void *plugin_data_ref
188 int tpm2_plugin_rsa_sign_final(
190 unsigned long mechnaism,
191 void *plugin_data_ref,
192 unsigned char *outsig,
196 /** This function is called by SSHSM only if there sign_final function is not called.
197 If sign_final function is called, it is assumed that plugin would have cleaned this up.
200 typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)(
202 unsigned long mechnaism,
203 void *plugin_data_ref