2 * Copyright 2018 Intel Corporation
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
16 // Author: Arun Kumar Sekar
18 #include "crypto_aux.h"
21 UINT32 (*HmacFunctionPtr)( TPMI_ALG_HASH hashAlg, TPM2B *key,TPM2B **bufferList, TPM2B_DIGEST *result ) = OpenSslHmac;
24 int RSA_OAEP_Enc(TPM2B_PUBLIC_KEY_RSA *plain, // plain text to encrypt
25 //Size of plain (0 <= pl <= kl - (2 * hashLen + 2)
26 TPM2B_PUBLIC_KEY_RSA *cipher, // must be same size as key in bytes
27 TPM2B_PUBLIC_KEY_RSA *key, // Key in big endian byte array
28 TPM2B_DATA *encoding_params // Null terminated string like
29 // ((unsigned char*)"DUPLICATE")
30 // length of encoding parameter includes \0
31 // (10 in DUPLICATE case..)
35 unsigned char encoded[256];
41 RC = RSA_padding_add_PKCS1_OAEP_mgf1(encoded, key->b.size, plain->b.buffer, plain->b.size,
42 encoding_params->b.buffer, encoding_params->b.size, EVP_sha256(), NULL);
44 if(RC!=1)goto cleanup;
46 // Creating OpenSSL structure with the supplied TPM public:
48 RC = BN_set_word(bne,RSA_F4); // the TPM's public exponent (2^16 + 1)
49 if(RC!=1)goto cleanup;
52 RC = RSA_generate_key_ex(rsa, 2048, bne, NULL); // could be done in better way i guess... just for filling up fields..
53 if(RC!=1)goto cleanup;
55 // Over-writing the public N:
56 //rsa->n = BN_bin2bn(key->b.buffer, key->b.size, rsa->n);
57 n = BN_bin2bn(key->b.buffer, key->b.size, NULL);
58 RSA_set0_key(rsa,n,NULL, NULL);
60 //if(rsa->n == NULL) goto cleanup;
61 if(n == NULL) goto cleanup;
64 RC = RSA_public_encrypt(key->b.size, encoded, cipher->b.buffer, rsa, RSA_NO_PADDING);
66 //if(RC<0)goto cleanup;
67 cipher->b.size = key->b.size;
77 void AES_128_CFB_enc_dec(
80 const TPM2B *const key,
81 const TPM2B *const ivIn,
83 const TPMI_YES_NO enc)
85 TPM2B_SYM_KEY ivTemp = {{0}};
91 memccpy(ivOut->buffer, ivIn->buffer, 0, ivIn->size);
93 AES_set_encrypt_key(key->buffer, 128, &aes);
95 for(block=0; block < (in->size) ;block+=16)
97 unsigned char encIV[16];
98 AES_encrypt(ivOut->buffer, encIV, &aes);
102 if(j+block >= (in->size))
105 ivOut->buffer[j] = out->buffer[block+j] = encIV[j]^(in->buffer[block+j]);
108 ivOut->buffer[j] = in->buffer[block+j];
109 out->buffer[block+j] = encIV[j]^(in->buffer[block+j]);
113 out->size = in->size;
118 UINT32 ChangeEndianDword( UINT32 p )
120 return( ((const UINT32)(((p)& 0xFF) << 24)) | \
121 ((const UINT32)(((p)& 0xFF00) << 8)) | \
122 ((const UINT32)(((p)& 0xFF0000) >> 8)) | \
123 ((const UINT32)(((p)& 0xFF000000) >> 24)));
127 TPM_RC KDFa( TPMI_ALG_HASH hashAlg, TPM2B *key, char *label,
128 TPM2B *contextU, TPM2B *contextV, UINT16 bits, TPM2B_MAX_BUFFER *resultKey )
131 TPM2B_DIGEST tmpResult;
132 TPM2B_DIGEST tpm2bLabel, tpm2bBits, tpm2b_i_2;
133 UINT8 *tpm2bBitsPtr = &tpm2bBits.t.buffer[0];
134 UINT8 *tpm2b_i_2Ptr = &tpm2b_i_2.t.buffer[0];
135 TPM2B_DIGEST *bufferList[8];
136 UINT32 bitsSwizzled, i_Swizzled;
139 UINT16 bytes = bits / 8;
142 DebugPrintf( 0, "KDFA, hashAlg = %4.4x\n", hashAlg );
143 DebugPrintf( 0, "\n\nKDFA, key = \n" );
144 PrintSizedBuffer( key );
147 resultKey->t .size = 0;
149 tpm2b_i_2.t.size = 4;
151 tpm2bBits.t.size = 4;
152 bitsSwizzled = ChangeEndianDword( bits );
153 *(UINT32 *)tpm2bBitsPtr = bitsSwizzled;
155 for(i = 0; label[i] != 0 ;i++ );
157 tpm2bLabel.t.size = i+1;
158 for( i = 0; i < tpm2bLabel.t.size; i++ )
160 tpm2bLabel.t.buffer[i] = label[i];
164 DebugPrintf( 0, "\n\nKDFA, tpm2bLabel = \n" );
165 PrintSizedBuffer( (TPM2B *)&tpm2bLabel );
167 DebugPrintf( 0, "\n\nKDFA, contextU = \n" );
168 PrintSizedBuffer( contextU );
170 DebugPrintf( 0, "\n\nKDFA, contextV = \n" );
171 PrintSizedBuffer( contextV );
174 resultKey->t.size = 0;
178 while( resultKey->t.size < bytes )
182 i_Swizzled = ChangeEndianDword( i );
183 *(UINT32 *)tpm2b_i_2Ptr = i_Swizzled;
186 bufferList[j++] = (TPM2B_DIGEST *)&(tpm2b_i_2.b);
187 bufferList[j++] = (TPM2B_DIGEST *)&(tpm2bLabel.b);
188 bufferList[j++] = (TPM2B_DIGEST *)contextU;
189 bufferList[j++] = (TPM2B_DIGEST *)contextV;
190 bufferList[j++] = (TPM2B_DIGEST *)&(tpm2bBits.b);
191 bufferList[j++] = (TPM2B_DIGEST *)0;
193 for( j = 0; bufferList[j] != 0; j++ )
195 DebugPrintf( 0, "\n\nbufferlist[%d]:\n", j );
196 PrintSizedBuffer( &( bufferList[j]->b ) );
199 rval = (*HmacFunctionPtr )( hashAlg, key, (TPM2B **)&( bufferList[0] ), &tmpResult );
200 if( rval != TPM_RC_SUCCESS )
205 ConcatSizedByteBuffer( resultKey, &(tmpResult.b) );
208 // Truncate the result to the desired size.
209 resultKey->t.size = bytes;
212 DebugPrintf( 0, "\n\nKDFA, resultKey = \n" );
213 PrintSizedBuffer( &( resultKey->b ) );
216 return TPM_RC_SUCCESS;
220 UINT32 OpenSslHmac( TPMI_ALG_HASH hashAlg, TPM2B *key,TPM2B **bufferList, TPM2B_DIGEST *result )
222 if(hashAlg != TPM_ALG_SHA256)return -1;
225 HMAC_CTX *hmac = HMAC_CTX_new();
230 HMAC_Init_ex(hmac, key->buffer, key->size, EVP_sha256(), NULL);
232 for(i=0;bufferList[i];i++)
234 HMAC_Update(hmac, bufferList[i]->buffer, bufferList[i]->size);
237 HMAC_Final(hmac, result->b.buffer, &resLen);
238 result->b.size = resLen;
245 void print_buff(char * data, int len, const PBYTE buff)
247 printf("%s \n",data);
250 printf("0x%02X, ", buff[i]);