Added 3 more TPM2 Plugin APIs

Added tpm2_plugin_rsa_sign_update(...), tpm2_plugin_rsa_sign_final(...),
tpm2_plugin_rsa_sign_cleanup(...) APIs.

Issue-ID: AAF-94
Change-Id: I104ff7b979329c03e91206d19371d3904f163993
Signed-off-by: NingSun <ning.sun@intel.com>

diff --git a/TPM2-Plugin/bootstrap b/TPM2-Plugin/bootstrap
old mode 100755 (executable)
new mode 100644 (file)

diff --git a/TPM2-Plugin/lib/include/hwpluginif.h b/TPM2-Plugin/lib/include/hwpluginif.h
index 57c5e07..0bbafc6 100644 (file)
--- a/TPM2-Plugin/lib/include/hwpluginif.h
+++ b/TPM2-Plugin/lib/include/hwpluginif.h
@@ -130,11 +130,12 @@ typedef int (*sshsm_hw_plugin_activate)(
 
 typedef int (*sshsm_hw_plugin_load_key)(
            SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
-           void **keyHandle
+           void **keyHandle,
+           SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info
         );
 
 typedef int (*sshsm_hw_plugin_unload_key)(
-           void **keyHandle
+         void **keyHandle
         );
 
 /***
@@ -147,7 +148,8 @@ typedef int (*sshsm_hw_plugin_rsa_sign_init)(
          void *keyHandle,
          unsigned long mechanism,
          void *param,
-         int len
+         int len,
+         void **plugin_data_ref
         );
 
 /***
@@ -166,10 +168,37 @@ typedef int (*sshsm_hw_plugin_rsa_sign)(
          unsigned long mechanism,
          unsigned char *msg,
          int msg_len,
+         void *plugin_data_ref,
          unsigned char *outsig,
          int *outsiglen
         );
 
+typedef int (*sshsm_hw_plugin_rsa_sign_update)(
+         void *keyHandle,
+         unsigned long mechnaism,
+         unsigned char *msg,
+         int msg_len,
+         void *plugin_data_ref
+        );
+
+typedef int (*sshsm_hw_plugin_rsa_sign_final)(
+         void *keyHandle,
+         unsigned long mechnaism,
+         void *plugin_data_ref,
+         unsigned char *outsig,
+         int *outsiglen
+        );
+
+/** This function is called by SSHSM only if there sign_final function is not called.
+If sign_final function is called, it is assumed that plugin would have cleaned this up.
+***/
+
+typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)(
+         void *keyHandle,
+         unsigned long mechnaism,
+         void *plugin_data_ref
+        );
+
 /***
  * Function Name: sshsm_hw_plugin_get_plugin_functions
  * Descrpiton:  Every HW plugin is expected to define this function.
@@ -193,6 +222,9 @@ typedef struct sshsm_hw_functions_s
     sshsm_hw_plugin_unload_key xxx_unload_key;
     sshsm_hw_plugin_rsa_sign_init  xxx_rsa_sign_init;
     sshsm_hw_plugin_rsa_sign xxx_rsa_sign;
+    sshsm_hw_plugin_rsa_sign_update xxx_rsa_sign_update;
+    sshsm_hw_plugin_rsa_sign_final xxx_rsa_sign_final;
+    sshsm_hw_plugin_rsa_sign_cleanup xxx_rsa_sign_cleanup;
 }SSHSM_HW_FUNCTIONS_t;
 
 int sshsm_hw_plugin_get_plugin_functions(SSHSM_HW_FUNCTIONS_t *funcs);

diff --git a/TPM2-Plugin/lib/include/tpm2_plugin_api.h b/TPM2-Plugin/lib/include/tpm2_plugin_api.h
index 2a0ace0..d96d2f9 100644 (file)
--- a/TPM2-Plugin/lib/include/tpm2_plugin_api.h
+++ b/TPM2-Plugin/lib/include/tpm2_plugin_api.h
@@ -141,51 +141,67 @@ typedef struct {
     int       version;
 } common_opts_t;
 
+#define MAX_DATA_SIGNUPDATE  0x2000
+#define MAX_SESSIONS  0x1000
+
+typedef struct concatenate_data_signupdate {
+    unsigned long int session_handle;
+    unsigned char data_signupdate[MAX_DATA_SIGNUPDATE];
+    int data_length;
+}CONCATENATE_DATA_SIGNUPDATE_t;
+
 int tpm2_plugin_init();
 int tpm2_plugin_uninit();
 int tpm2_plugin_activate(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *activate_in_info);
 int tpm2_plugin_load_key(
            SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
-           void **keyHandle
+           void **keyHandle,
+           SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info
         );
 
-int tpm2_rsa_create_object(
-                        unsigned long appHandle,
-                        //DhsmWPKRSAFormat* wpk,
-                        void *wpk,
-                        unsigned char* swk,
-                        int swk_len,
-                        unsigned char* iv,
-                        int iv_len,
-                        int tag_len,
-                        void **cb_object);
-
-int tpm2_rsa_delete_object(
-                        void *cb_object);
-
 int tpm2_plugin_rsa_sign_init(
         void *keyHandle,
         unsigned long mechanism,
         void *param,
-        int len);
+        int len,
+        void **plugin_data_ref
+        );
 
 int tpm2_plugin_rsa_sign(
         void *keyHandle,
         unsigned long mechanism,
         unsigned char *msg,
         int msg_len,
+        void *plugin_data_ref,
         unsigned char *sig,
-        int *sig_len);
+        int *sig_len
+        );
+
+int tpm2_plugin_rsa_sign_update(
+        void *keyHandle,
+        unsigned long mechnaism,
+        unsigned char *msg,
+        int msg_len,
+        void *plugin_data_ref
+        );
+
+int tpm2_plugin_rsa_sign_final(
+        void *keyHandle,
+        unsigned long mechnaism,
+        void *plugin_data_ref,
+        unsigned char *outsig,
+        int *outsiglen
+        );
 
+/** This function is called by SSHSM only if there sign_final function is not called.
+If sign_final function is called, it is assumed that plugin would have cleaned this up.
+***/
 
-int tpm2_import_object(
-        unsigned long appHandle,
-        unsigned char* tlvbuffer,
-        int buflen,
-        unsigned char* iv,
-        int iv_len,
-        unsigned char* tpm_pwd,
-        int tpm_pwd_len);
+typedef int (*sshsm_hw_plugin_rsa_sign_cleanup)(
+        void *keyHandle,
+        unsigned long mechnaism,
+        void *plugin_data_ref
+        );
 
 
 #ifdef __cplusplus

diff --git a/TPM2-Plugin/lib/tpm2_plugin_api.c b/TPM2-Plugin/lib/tpm2_plugin_api.c
index b9fc75b..a080980 100644 (file)
--- a/TPM2-Plugin/lib/tpm2_plugin_api.c
+++ b/TPM2-Plugin/lib/tpm2_plugin_api.c
@@ -132,7 +132,6 @@ tcti_device_init (char const *device_file)
 }
 #endif
 
-
 #ifdef HAVE_TCTI_SOCK
 TSS2_TCTI_CONTEXT* tcti_socket_init (char const *address, uint16_t port)
 {
@@ -365,7 +364,6 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
     memcpy(&inPrivate, loadkey_in_info->buffer_info[1]->buffer,
            loadkey_in_info->buffer_info[1]->length_of_buffer);
 
-        printf("we are here now\n");
     returnVal = load_key (sapi_context,
                           parentHandle,
                           &inPublic,
@@ -382,7 +380,8 @@ int load_key_execute(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
 }
 
 int tpm2_plugin_load_key(SSHSM_HW_PLUGIN_ACTIVATE_LOAD_IN_INFO_t *loadkey_in_info,
-                         void **keyHandle)
+                         void **keyHandle,
+                         SSHSM_HW_PLUGIN_IMPORT_PUBLIC_KEY_INFO_t *importkey_info)
 {
     int ret = 1;
     common_opts_t opts = COMMON_OPTS_INITIALIZER;
@@ -423,17 +422,65 @@ struct tpm_sign_ctx {
     TSS2_SYS_CONTEXT *sapi_context;
 };
 
+//create a table to consolidate all parts of data from multiple SignUpdate from sessions
+CONCATENATE_DATA_SIGNUPDATE_t data_signupdate_session[MAX_SESSIONS];
+unsigned long sign_sequence_id = 0;
 int tpm2_plugin_rsa_sign_init(
         void *keyHandle,
         unsigned long mechanism,
         void *param,
-        int len)
+        int len,
+        void **plugin_data_ref
+       )
 {
-    printf("rsa_sign_init API mechanism is %lx \n", mechanism);
+    printf("rsa_sign_init API mechanism is %ld \n", mechanism);
+    printf("rsa_sign_init API len is %d \n", len);
+    int i, j;
+
+    sign_sequence_id++;
+    unsigned long hSession = sign_sequence_id;
+
+    for (i = 0; i < MAX_SESSIONS; i++){
+        if (data_signupdate_session[i].session_handle == 0){
+            data_signupdate_session[i].session_handle = hSession;
+            for (j = 0; j < MAX_DATA_SIGNUPDATE; j++ )
+                data_signupdate_session[i].data_signupdate[j] = 0;
+            data_signupdate_session[i].data_length = 0;
+        }
+    }
+    *plugin_data_ref = (void *)hSession;
+
     printf("rsa_sign_init API done for tpm2_plugin... \n");
     return 0;
 }
 
+/** This function is called by SSHSM only if there sign_final function is not called.
+If sign_final function is called, it is assumed that plugin would have cleaned this up.
+***/
+
+int tpm2_plugin_rsa_sign_cleanup(
+         void *keyHandle,
+         unsigned long mechnaism,
+         void *plugin_data_ref
+        )
+{
+    int i, j;
+    unsigned long hSession = (unsigned long)plugin_data_ref;
+    for (i = 0; i < MAX_SESSIONS; i++)    {
+        if (data_signupdate_session[i].session_handle == hSession){
+            data_signupdate_session[i].session_handle = 0;
+            for (j =0; j < MAX_DATA_SIGNUPDATE; j++ )
+                data_signupdate_session[i].data_signupdate[j] =0;
+            data_signupdate_session[i].data_length = 0;
+        }
+    }
+
+    if (sign_sequence_id>0xfffffffe)
+        sign_sequence_id =0;
+    return 0;
+}
+
+
 UINT32 tpm_hash(TSS2_SYS_CONTEXT *sapi_context, TPMI_ALG_HASH hashAlg,
         UINT16 size, BYTE *data, TPM2B_DIGEST *result) {
     TPM2B_MAX_BUFFER dataSizedBuffer;
@@ -502,8 +549,10 @@ int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer,
 
     if (length <= MAX_DIGEST_BUFFER) {
         if (tpm_hash(sapi_context, halg, length, buffer,
-                result) == TPM_RC_SUCCESS)
+                result) == TPM_RC_SUCCESS){
+            printf("Single hash result size: %d\n", result->t.size);
             return 0;
+        }
         else
             return -1;
     }
@@ -527,6 +576,7 @@ int tpm_hash_compute_data(TSS2_SYS_CONTEXT *sapi_context, BYTE *buffer,
 
     TPM_RC rval = hash_sequence_ex(sapi_context, halg, numBuffers, bufferList, result);
     free(bufferList);
+    printf("Sequence hash result size: %d\n", result->t.size);
     return rval == TPM_RC_SUCCESS ? 0 : -3;
 }
 
@@ -593,12 +643,10 @@ static bool set_scheme(TSS2_SYS_CONTEXT *sapi_context, TPMI_DH_OBJECT keyHandle,
 
     return true;
 }
-static bool sign_and_save(tpm_sign_ctx *ctx,  unsigned char *sig, int *sig_len) {
+static bool sign_and_save(tpm_sign_ctx *ctx, TPMT_SIGNATURE *sig) {
     TPM2B_DIGEST digest = TPM2B_TYPE_INIT(TPM2B_DIGEST, buffer);
 
     TPMT_SIG_SCHEME in_scheme;
-    TPMT_SIGNATURE signature;
-    int signature_len;
     TSS2_SYS_CMD_AUTHS sessions_data;
     TPMS_AUTH_RESPONSE session_data_out;
     TSS2_SYS_RSP_AUTHS sessions_data_out;
@@ -618,6 +666,8 @@ static bool sign_and_save(tpm_sign_ctx *ctx,  unsigned char *sig, int *sig_len)
         return false;
     }
 
+    printf("Compute message hash digest size : %d \n", digest.t.size);
+
     bool result = set_scheme(ctx->sapi_context, ctx->keyHandle, ctx->halg, &in_scheme);
     if (!result) {
         return false;
@@ -625,17 +675,14 @@ static bool sign_and_save(tpm_sign_ctx *ctx,  unsigned char *sig, int *sig_len)
 
     TPM_RC rval = Tss2_Sys_Sign(ctx->sapi_context, ctx->keyHandle,
                                 &sessions_data, &digest, &in_scheme,
-                                &ctx->validation, &signature,
+                                &ctx->validation, sig,
                                 &sessions_data_out);
 
     if (rval != TPM_RC_SUCCESS) {
         printf("Sys_Sign failed, error code: 0x%x", rval);
         return false;
     }
-    signature_len = sizeof(signature);
-    sig_len = &signature_len;
-    sig = (unsigned char *)&signature;
-
+    
     return true;
 }
 
@@ -644,11 +691,13 @@ int tpm2_plugin_rsa_sign(
         unsigned long mechanism,
         unsigned char *msg,
         int msg_len,
+        void *plugin_data_ref,
         unsigned char *sig,
         int *sig_len)
 {
     TPM_RC rval;
     common_opts_t opts = COMMON_OPTS_INITIALIZER;
+    TPMT_SIGNATURE signature;
     TSS2_TCTI_CONTEXT *tcti_ctx;
     tcti_ctx = tcti_init_from_options(&opts);
     if (tcti_ctx == NULL)
@@ -671,12 +720,15 @@ int tpm2_plugin_rsa_sign(
             .validation = { 0 },
             .sapi_context = sapi_context
     };
-    
+
     printf("rsa_sign API mechanism is %lx \n", mechanism);
     ctx.sessionData.sessionHandle = TPM_RS_PW;
     ctx.validation.tag = TPM_ST_HASHCHECK;
     ctx.validation.hierarchy = TPM_RH_NULL;
-    ctx.halg = TPM_ALG_SHA256;
+    if (mechanism == 7)
+        ctx.halg = TPM_ALG_SHA256;
+    else
+        printf("mechanism not supported! \n");
     ctx.keyHandle = *(TPMI_DH_OBJECT *)keyHandle;
 
     rval = Tss2_Sys_ContextLoad(ctx.sapi_context, &loaded_key_context, &ctx.keyHandle);
@@ -687,11 +739,15 @@ int tpm2_plugin_rsa_sign(
     ctx.length = msg_len;
     ctx.msg = msg;
 
-    if (!sign_and_save(&ctx, sig, sig_len)){
+    if (!sign_and_save(&ctx, &signature)){
         printf("RSA sign failed\n");
         goto out;
     }
 
+    *sig_len = (int)signature.signature.rsassa.sig.t.size;
+    printf("signature length:  %d \n", *sig_len);
+    memcpy(sig, signature.signature.rsassa.sig.t.buffer, *sig_len);
+    printf("signature buffer size:  %ld \n", sizeof(signature.signature.rsassa.sig.t.buffer));
     printf("RSA sign API successful in TPM plugin ! \n");
 
 out:
@@ -701,4 +757,50 @@ out:
 
 }
 
+int tpm2_plugin_rsa_sign_update(
+         void *keyHandle,
+         unsigned long mechanism,
+         unsigned char *msg,
+         int msg_len,
+         void *plugin_data_ref
+        )
+{
+    int i, j, n;
+    unsigned long hSession = (unsigned long)plugin_data_ref;
+    for (i = 0; i < MAX_SESSIONS; i++){
+        if (data_signupdate_session[i].session_handle == hSession){
+            n = data_signupdate_session[i].data_length;
+            for (j =0; j < msg_len; j++ )
+                data_signupdate_session[i].data_signupdate[n + j] = msg[j];
+            data_signupdate_session[i].data_length += msg_len;
+            return 0;
+        }
+    }
+    return -1;
+}
+
+int tpm2_plugin_rsa_sign_final(
+         void *keyHandle,
+         unsigned long mechanism,
+         void *plugin_data_ref,
+         unsigned char *outsig,
+         int *outsiglen
+        )
+{
+    int i, j;
+    unsigned long hSession = (unsigned long)plugin_data_ref;
+    unsigned char *msg;
+    int msg_len;
+    for (i = 0; i < MAX_SESSIONS; i++){
+        if (data_signupdate_session[i].session_handle == hSession){
+            msg = data_signupdate_session[i].data_signupdate;
+            msg_len = data_signupdate_session[i].data_length;
+            tpm2_plugin_rsa_sign(keyHandle, mechanism, msg, msg_len, plugin_data_ref, outsig, outsiglen);
+            tpm2_plugin_rsa_sign_cleanup(keyHandle, mechanism, plugin_data_ref);
+            return 0;
+        }
+    }
+
+    return -1;
+}
 

diff --git a/TPM2-Plugin/lib/tpm2_plugin_init.c b/TPM2-Plugin/lib/tpm2_plugin_init.c
index b221bd2..ef32330 100644 (file)
--- a/TPM2-Plugin/lib/tpm2_plugin_init.c
+++ b/TPM2-Plugin/lib/tpm2_plugin_init.c
@@ -20,13 +20,15 @@
 int sshsm_hw_plugin_get_plugin_functions(SSHSM_HW_FUNCTIONS_t *funcs)
 {
     printf("%s(): Assigning Function pointers for TPM (dTPM or PTT) mode \n", __func__);
-    funcs->xxx_init           = &tpm2_plugin_init;
-    funcs->xxx_uninit         = &tpm2_plugin_uninit;
-    funcs->xxx_activate       = &tpm2_plugin_activate;
-    funcs->xxx_load_key       = &tpm2_plugin_load_key;
-    funcs->xxx_unload_key     = NULL;
-    funcs->xxx_rsa_sign_init  = &tpm2_plugin_rsa_sign_init;
-    funcs->xxx_rsa_sign       = &tpm2_plugin_rsa_sign;
+    funcs->xxx_init             = &tpm2_plugin_init;
+    funcs->xxx_uninit           = &tpm2_plugin_uninit;
+    funcs->xxx_activate         = &tpm2_plugin_activate;
+    funcs->xxx_load_key         = &tpm2_plugin_load_key;
+    funcs->xxx_unload_key       = NULL;
+    funcs->xxx_rsa_sign_init    = &tpm2_plugin_rsa_sign_init;
+    funcs->xxx_rsa_sign_update  = &tpm2_plugin_rsa_sign_update;
+    funcs->xxx_rsa_sign_final   = &tpm2_plugin_rsa_sign_final;
+    funcs->xxx_rsa_sign         = &tpm2_plugin_rsa_sign;
 
     return 0;
 }

diff --git a/TPM2-Plugin/test/main.c b/TPM2-Plugin/test/main.c
index c9d15c8..9426529 100644 (file)
--- a/TPM2-Plugin/test/main.c
+++ b/TPM2-Plugin/test/main.c
@@ -24,6 +24,7 @@ void main(void)
     void *param = NULL;
     size_t len = 100;
     void *keyHandle_sign = NULL;
+    unsigned long int hSession = 1;
 
     unsigned char *msg;
     int msg_len;
@@ -56,12 +57,12 @@ void main(void)
     tpm2_plugin_activate(activate_in_info);
 
     printf("---------------------------------------------\n");
-    tpm2_plugin_rsa_sign_init(keyHandle_sign, mechanism, param, len);
+    tpm2_plugin_rsa_sign_init(keyHandle_sign, mechanism, param, len, (void *)hSession);
 
     printf("---------------------------------------------\n");
     tpm2_plugin_load_key(loadkey_in_info, keyHandle);
 
     printf("---------------------------------------------\n");
-    tpm2_plugin_rsa_sign(keyHandle_sign, mechanism, msg, msg_len, sig, sig_len);
+    tpm2_plugin_rsa_sign(keyHandle_sign, mechanism, msg, msg_len, (void *)hSession, sig, sig_len);
 
 }

diff --git a/build.sh b/build.sh
index 369974c..8e44eb9 100644 (file)
--- a/build.sh
+++ b/build.sh
@@ -1,4 +1,4 @@
-#!/etc/bash
+#!/bin/bash
 
 #set -e
 sudo kill -9 $(ps -ef | grep "apt" | grep -v grep | awk '{print $2}')