aboutsummaryrefslogtreecommitdiffstats
path: root/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h
diff options
context:
space:
mode:
Diffstat (limited to 'roms/skiboot/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h')
-rw-r--r--roms/skiboot/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h333
1 files changed, 333 insertions, 0 deletions
diff --git a/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h
new file mode 100644
index 000000000..a7b851b14
--- /dev/null
+++ b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/cryptoutils.h
@@ -0,0 +1,333 @@
+/********************************************************************************/
+/* */
+/* Sample Crypto Utilities */
+/* Written by Ken Goldman */
+/* IBM Thomas J. Watson Research Center */
+/* */
+/* (c) Copyright IBM Corporation 2017 - 2019. */
+/* */
+/* All rights reserved. */
+/* */
+/* Redistribution and use in source and binary forms, with or without */
+/* modification, are permitted provided that the following conditions are */
+/* met: */
+/* */
+/* Redistributions of source code must retain the above copyright notice, */
+/* this list of conditions and the following disclaimer. */
+/* */
+/* Redistributions in binary form must reproduce the above copyright */
+/* notice, this list of conditions and the following disclaimer in the */
+/* documentation and/or other materials provided with the distribution. */
+/* */
+/* Neither the names of the IBM Corporation nor the names of its */
+/* contributors may be used to endorse or promote products derived from */
+/* this software without specific prior written permission. */
+/* */
+/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */
+/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */
+/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */
+/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */
+/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */
+/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */
+/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */
+/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */
+/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */
+/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */
+/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+/********************************************************************************/
+
+#ifndef CRYPTUTILS_H
+#define CRYPTUTILS_H
+
+/* Windows 10 crypto API clashes with openssl */
+#ifdef TPM_WINDOWS
+#ifndef WIN32_LEAN_AND_MEAN
+#define WIN32_LEAN_AND_MEAN
+#endif
+#include <winsock2.h>
+#include <windows.h>
+#endif
+
+/* TPM_TSS_NO_OPENSSL is a legacy macro. cryptoutils was exposing several OpenSSL specific
+ functions. They are not available for other crypto libraries. For OpenSSL, they are available
+ but deprecated. */
+
+#ifndef TPM_TSS_NO_OPENSSL
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#endif /* TPM_TSS_NO_OPENSSL */
+
+#ifdef TPM_TSS_MBEDTLS
+#include <mbedtls/pk.h>
+#endif /* TPM_TSS_MBEDTLS */
+
+#include <ibmtss/tss.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ /*
+ crypto library independent functions
+ */
+
+ void getCryptoLibrary(const char **name);
+
+ TPM_RC convertPemToRsaPrivKey(void **rsaKey,
+ const char *pemKeyFilename,
+ const char *password);
+ TPM_RC convertRsaKeyToPublicKeyBin(int *modulusBytes,
+ uint8_t **modulusBin,
+ void *rsaKey);
+ TPM_RC convertRsaKeyToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ void *rsaKey);
+ TPM_RC convertRsaPemToKeyPair(TPM2B_PUBLIC *objectPublic,
+ TPM2B_PRIVATE *objectPrivate,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *pemKeyFilename,
+ const char *password);
+ TPM_RC convertRsaDerToKeyPair(TPM2B_PUBLIC *objectPublic,
+ TPM2B_SENSITIVE *objectSensitive,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *derKeyFilename,
+ const char *password);
+ TPM_RC convertRsaDerToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *derKeyFilename);
+ TPM_RC convertRsaPemToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *pemKeyFilename);
+ TPM_RC convertRsaPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate,
+ TPM2B_SENSITIVE *objectSensitive,
+ int privateKeyBytes,
+ uint8_t *privateKeyBin,
+ const char *password);
+ TPM_RC convertRsaPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ int modulusBytes,
+ uint8_t *modulusBin);
+ TPM_RC convertPublicToPEM(const TPM2B_PUBLIC *public,
+ const char *pemFilename);
+
+ TPM_RC signRSAFromRSA(uint8_t *signature, size_t *signatureLength,
+ size_t signatureSize,
+ const uint8_t *digest, size_t digestLength,
+ TPMI_ALG_HASH hashAlg,
+ void *rsaKey);
+ TPM_RC verifySignatureFromPem(unsigned char *message,
+ unsigned int messageSize,
+ TPMT_SIGNATURE *tSignature,
+ TPMI_ALG_HASH halg,
+ const char *pemFilename);
+ TPM_RC verifyRSASignatureFromRSA(unsigned char *message,
+ unsigned int messageSize,
+ TPMT_SIGNATURE *tSignature,
+ TPMI_ALG_HASH halg,
+ void *rsaPubKey);
+ TPM_RC verifySignatureFromHmacKey(unsigned char *message,
+ unsigned int messageSize,
+ TPMT_SIGNATURE *tSignature,
+ TPMI_ALG_HASH halg,
+ const char *hmacKeyFilename);
+
+ TPM_RC convertRsaBinToTSignature(TPMT_SIGNATURE *tSignature,
+ TPMI_ALG_HASH halg,
+ uint8_t *signatureBin,
+ size_t signatureBinLen);
+
+ /* Some OpenSSL builds do not include ECC */
+
+#ifndef TPM_TSS_NOECC
+
+ TPM_RC convertEcPemToKeyPair(TPM2B_PUBLIC *objectPublic,
+ TPM2B_PRIVATE *objectPrivate,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *pemKeyFilename,
+ const char *password);
+ TPM_RC convertEcPemToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *pemKeyFilename);
+ TPM_RC convertEcDerToKeyPair(TPM2B_PUBLIC *objectPublic,
+ TPM2B_SENSITIVE *objectSensitive,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *derKeyFilename,
+ const char *password);
+ TPM_RC convertEcDerToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ const char *derKeyFilename);
+ TPM_RC convertEcPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate,
+ TPM2B_SENSITIVE *objectSensitive,
+ int privateKeyBytes,
+ uint8_t *privateKeyBin,
+ const char *password);
+ TPM_RC convertEcBinToTSignature(TPMT_SIGNATURE *tSignature,
+ TPMI_ALG_HASH halg,
+ const uint8_t *signatureBin,
+ size_t signatureBinLen);
+
+#endif /* TPM_TSS_NOECC */
+
+ /*
+ OpenSSL specific functions
+
+ These are not intended for general use.
+ */
+
+#ifndef TPM_TSS_NO_OPENSSL
+
+/* Some functions add const to parameters as of openssl 1.1.0 */
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+#define OSSLCONST
+#else
+#define OSSLCONST const
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+ void RSA_get0_key(const RSA *rsaKey,
+ const BIGNUM **n,
+ const BIGNUM **e,
+ const BIGNUM **d);
+ void RSA_get0_factors(const RSA *rsaKey,
+ const BIGNUM **p,
+ const BIGNUM **q);
+#endif /* pre openssl 1.1 */
+
+#if OPENSSL_VERSION_NUMBER < 0x10002000
+ void X509_get0_signature(OSSLCONST ASN1_BIT_STRING **psig,
+ OSSLCONST X509_ALGOR **palg, const X509 *x);
+#endif /* pre openssl 1.0.2 */
+
+ TPM_RC convertPemToEvpPrivKey(EVP_PKEY **evpPkey,
+ const char *pemKeyFilename,
+ const char *password);
+ TPM_RC convertPemToEvpPubKey(EVP_PKEY **evpPkey,
+ const char *pemKeyFilename);
+ TPM_RC convertEvpPubkeyToPem(EVP_PKEY *evpPubkey,
+ const char *pemFilename);
+ TPM_RC convertBin2Bn(BIGNUM **bn,
+ const unsigned char *bin,
+ unsigned int bytes);
+
+ TPM_RC convertEvpPkeyToRsakey(RSA **rsaKey,
+ EVP_PKEY *evpPkey);
+ TPM_RC convertRsaKeyToPrivateKeyBin(int *privateKeyBytes,
+ uint8_t **privateKeyBin,
+ const RSA *rsaKey);
+ TPM_RC convertRsaKeyToPrivate(TPM2B_PRIVATE *objectPrivate,
+ TPM2B_SENSITIVE *objectSensitive,
+ RSA *rsaKey,
+ const char *password);
+ TPM_RC getRsaKeyParts(const BIGNUM **n,
+ const BIGNUM **e,
+ const BIGNUM **d,
+ const BIGNUM **p,
+ const BIGNUM **q,
+ const RSA *rsaKey);
+ int getRsaPubkeyAlgorithm(EVP_PKEY *pkey);
+ TPM_RC convertRsaPublicToEvpPubKey(EVP_PKEY **evpPubkey,
+ const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa);
+ TPM_RC verifyRSASignatureFromEvpPubKey(unsigned char *message,
+ unsigned int messageSize,
+ TPMT_SIGNATURE *tSignature,
+ TPMI_ALG_HASH halg,
+ EVP_PKEY *evpPkey);
+
+#ifndef TPM_TSS_NOECC
+ TPM_RC convertEvpPkeyToEckey(EC_KEY **ecKey,
+ EVP_PKEY *evpPkey);
+ TPM_RC convertEcKeyToPrivateKeyBin(int *privateKeyBytes,
+ uint8_t **privateKeyBin,
+ const EC_KEY *ecKey);
+ TPM_RC convertEcKeyToPublicKeyBin(int *modulusBytes,
+ uint8_t **modulusBin,
+ const EC_KEY *ecKey);
+ TPM_RC convertEcPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ TPMI_ECC_CURVE curveID,
+ int modulusBytes,
+ uint8_t *modulusBin);
+ TPM_RC convertEcKeyToPrivate(TPM2B_PRIVATE *objectPrivate,
+ TPM2B_SENSITIVE *objectSensitive,
+ EC_KEY *ecKey,
+ const char *password);
+ TPM_RC convertEcKeyToPublic(TPM2B_PUBLIC *objectPublic,
+ int keyType,
+ TPMI_ALG_SIG_SCHEME scheme,
+ TPMI_ALG_HASH nalg,
+ TPMI_ALG_HASH halg,
+ EC_KEY *ecKey);
+ TPM_RC convertEcPublicToEvpPubKey(EVP_PKEY **evpPubkey,
+ const TPMS_ECC_POINT *tpmsEccPoint);
+ TPM_RC verifyEcSignatureFromEvpPubKey(unsigned char *message,
+ unsigned int messageSize,
+ TPMT_SIGNATURE *tSignature,
+ EVP_PKEY *evpPkey);
+ TPM_RC getEcCurve(TPMI_ECC_CURVE *curveID,
+ const EC_KEY *ecKey);
+
+#endif /* TPM_TSS_NOECC */
+#endif /* TPM_TSS_NO_OPENSSL */
+
+ /*
+ mbedtls specific functions
+
+ These are not intended for general use, but are used by ekutils.c
+ */
+
+#ifdef TPM_TSS_MBEDTLS
+
+ TPM_RC convertPkToRsaKey(mbedtls_rsa_context **rsaCtx,
+ mbedtls_pk_context *pkCtx);
+ TPM_RC convertPkToEckey(mbedtls_ecp_keypair **ecCtx,
+ mbedtls_pk_context *pkCtx);
+ TPM_RC convertEcKeyToPublicKeyXYBin(size_t *xBytes,
+ uint8_t **xBin,
+ size_t *yBytes,
+ uint8_t **yBin,
+ mbedtls_ecp_keypair *ecKp);
+
+#endif /* TPM_TSS_MBEDTLS */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif