diff options
Diffstat (limited to 'roms/skiboot/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c')
| -rw-r--r-- | roms/skiboot/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c | 582 |
1 files changed, 582 insertions, 0 deletions
diff --git a/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c new file mode 100644 index 000000000..06b07ef0c --- /dev/null +++ b/roms/skiboot/libstb/tss2/ibmtpm20tss/utils/objecttemplates.c @@ -0,0 +1,582 @@ +/********************************************************************************/ +/* */ +/* Object Templates */ +/* Written by Ken Goldman */ +/* IBM Thomas J. Watson Research Center */ +/* */ +/* (c) Copyright IBM Corporation 2016 - 2019. */ +/* */ +/* All rights reserved. */ +/* */ +/* Redistribution and use in source and binary forms, with or without */ +/* modification, are permitted provided that the following conditions are */ +/* met: */ +/* */ +/* Redistributions of source code must retain the above copyright notice, */ +/* this list of conditions and the following disclaimer. */ +/* */ +/* Redistributions in binary form must reproduce the above copyright */ +/* notice, this list of conditions and the following disclaimer in the */ +/* documentation and/or other materials provided with the distribution. */ +/* */ +/* Neither the names of the IBM Corporation nor the names of its */ +/* contributors may be used to endorse or promote products derived from */ +/* this software without specific prior written permission. */ +/* */ +/* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ +/* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ +/* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ +/* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ +/* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ +/* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ +/* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ +/* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ +/* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ +/* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ +/* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +/********************************************************************************/ + +/* These are templates suitable for creating typical objects. The functions are shared by create + and createprimary + +*/ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <stdint.h> + +#include <ibmtss/tss.h> +#include <ibmtss/tssutils.h> +#include <ibmtss/tssresponsecode.h> +#include <ibmtss/tssmarshal.h> + +#include "objecttemplates.h" + +/* asymPublicTemplate() is a template for an ECC or RSA key. + + It can create these types: + + TYPE_ST: storage key (decrypt, restricted, RSA NULL scheme, EC NULL scheme) + TYPE_DEN: decryption key (not storage key, RSA NULL scheme, EC NULL scheme) + TYPE_DEO: decryption key (not storage key, RSA OAEP scheme, EC NULL scheme) + TYPE_DEE: decryption key (not storage key, RSA ES scheme, EC NULL scheme) + TYPE_SI: signing key (unrestricted, RSA NULL schemem EC NULL scheme) + TYPE_SIR: signing key (restricted, RSA RSASSA scheme, EC ECDSA scheme) + TYPE_GP: general purpose key + TYPE_DAA: signing key (unrestricted, ECDAA) + TYPE_DAAR: signing key (restricted, ECDAA) +*/ + +TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + int keyType, /* see above */ + TPMI_ALG_PUBLIC algPublic, /* RSA or ECC */ + TPMI_RSA_KEY_BITS keyBits, /* RSA modulus */ + TPMI_ECC_CURVE curveID, /* for ECC */ + TPMI_ALG_HASH nalg, /* Name algorithm */ + TPMI_ALG_HASH halg, /* hash algorithm */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + publicArea->type = algPublic; /* RSA or ECC */ + publicArea->nameAlg = nalg; + + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + + switch (keyType) { + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + case TYPE_ST: + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + break; + case TYPE_SI: + case TYPE_DAA: + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + case TYPE_SIR: + case TYPE_DAAR: + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + break; + case TYPE_GP: + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + } + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + } + if (rc == 0) { + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + + /* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */ + if (algPublic == TPM_ALG_RSA) { + /* Table 180 - Definition of {RSA} TPMS_RSA_PARMS rsaDetail */ + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */ + switch (keyType) { + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_GP: + /* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */ + publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL; + break; + case TYPE_ST: + publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; + /* Table 125 - TPMU_SYM_KEY_BITS keyBits */ + publicArea->parameters.rsaDetail.symmetric.keyBits.aes = 128; + /* Table 126 - TPMU_SYM_MODE mode */ + publicArea->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; + break; + } + + /* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME scheme */ + switch (keyType) { + case TYPE_DEN: + case TYPE_GP: + case TYPE_ST: + case TYPE_SI: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; + break; + case TYPE_DEO: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_OAEP; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ + publicArea->parameters.rsaDetail.scheme.details.oaep.hashAlg = halg; + break; + case TYPE_DEE: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_RSAES; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ + publicArea->parameters.rsaDetail.scheme.details.oaep.hashAlg = halg; + break; + case TYPE_SIR: + publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_RSASSA; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ + /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ + /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ + publicArea->parameters.rsaDetail.scheme.details.rsassa.hashAlg = halg; + break; + } + + /* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type keyBits */ + publicArea->parameters.rsaDetail.keyBits = keyBits; + publicArea->parameters.rsaDetail.exponent = 0; + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 177 - Definition of TPMU_PUBLIC_ID */ + publicArea->unique.rsa.t.size = 0; + } + else { /* algPublic == TPM_ALG_ECC */ + /* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure eccDetail */ + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */ + switch (keyType) { + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + case TYPE_SI: + case TYPE_SIR: + case TYPE_DAA: + case TYPE_DAAR: + case TYPE_GP: + /* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */ + publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; + break; + case TYPE_ST: + publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES; + /* Table 125 - TPMU_SYM_KEY_BITS keyBits */ + publicArea->parameters.eccDetail.symmetric.keyBits.aes = 128; + /* Table 126 - TPMU_SYM_MODE mode */ + publicArea->parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB; + break; + } + /* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure scheme */ + /* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type scheme */ + switch (keyType) { + case TYPE_GP: + case TYPE_SI: + case TYPE_DEN: + case TYPE_DEO: + case TYPE_DEE: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */ + publicArea->parameters.eccDetail.curveID = curveID; + /* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */ + /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + break; + case TYPE_SIR: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; + /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ + /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ + publicArea->parameters.eccDetail.scheme.details.ecdsa.hashAlg = halg; + /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ + /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */ + publicArea->parameters.eccDetail.curveID = curveID; + /* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */ + /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + /* Table 149 - Definition of TPMU_KDF_SCHEME Union <IN/OUT, S> */ + /* Table 148 - Definition of Types for KDF Schemes, hash-based key- + or mask-generation functions */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure hashAlg */ + publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = halg; + break; + case TYPE_DAA: + case TYPE_DAAR: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDAA; + publicArea->parameters.eccDetail.scheme.details.ecdaa.hashAlg = halg; + publicArea->parameters.eccDetail.scheme.details.ecdaa.count = 1; + publicArea->parameters.eccDetail.curveID = curveID; + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + publicArea->unique.ecc.y.t.size = 0; + publicArea->unique.ecc.x.t.size = 0; + break; + case TYPE_ST: + publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + publicArea->parameters.eccDetail.scheme.details.anySig.hashAlg = 0; + publicArea->parameters.eccDetail.curveID = TPM_ECC_NIST_P256; + publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; + publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = 0; + break; + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 177 - Definition of TPMU_PUBLIC_ID */ + publicArea->unique.ecc.x.t.size = 0; + publicArea->unique.ecc.y.t.size = 0; + } + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* symmetricCipherTemplate() is a template for an AES 128 CFB key + + */ + +TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, /* Name algorithm */ + int rev116, /* TPM rev 116 compatibility, sets SIGN */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + publicArea->type = TPM_ALG_SYMCIPHER; + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + /* rev 116 used DECRYPT for both decrypt and encrypt. After 116, encrypt required SIGN */ + if (!rev116) { + /* actually encrypt */ + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + } + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + /* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */ + { + /* Table 131 - Definition of TPMS_SYMCIPHER_PARMS symDetail */ + { + /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT sym */ + /* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ + publicArea->parameters.symDetail.sym.algorithm = TPM_ALG_AES; + /* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */ + publicArea->parameters.symDetail.sym.keyBits.aes = 128; + /* Table 126 - Definition of TPMU_SYM_MODE Union */ + publicArea->parameters.symDetail.sym.mode.aes = TPM_ALG_CFB; + } + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* keyedHashPublicTemplate() is a template for an HMAC key + + It can create these types: + + TYPE_KH: HMAC key, unrestricted + TYPE_KHR: HMAC key, restricted +*/ + +TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + int keyType, /* see above */ + TPMI_ALG_HASH nalg, /* Name algorithm */ + TPMI_ALG_HASH halg, /* hash algorithm */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + publicArea->type = TPM_ALG_KEYEDHASH; + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + switch (keyType) { + case TYPE_KH: + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + break; + case TYPE_KHR: + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + break; + } + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + { + /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */ + /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC; + /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */ + /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg = halg; + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* derivationParentPublicTemplate() is a template for a derivation parent + + The key is not restricted +*/ + +TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be + overridden here */ + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, /* Name algorithm */ + TPMI_ALG_HASH halg, /* hash algorithm */ + const char *policyFilename) /* binary policy, NULL means + empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + publicArea->type = TPM_ALG_KEYEDHASH; + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDTPM; + publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDPARENT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + { + /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */ + /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_XOR; + /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */ + /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ + /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ + publicArea->parameters.keyedHashDetail.scheme.details.xorr.kdf = TPM_ALG_KDF1_SP800_108; + publicArea->parameters.keyedHashDetail.scheme.details.xorr.hashAlg = halg; + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +/* blPublicTemplate() is a template for a sealed data blob. + +*/ + +TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ + TPMA_OBJECT addObjectAttributes, /* add default, can be overridden + here */ + TPMA_OBJECT deleteObjectAttributes, + TPMI_ALG_HASH nalg, /* Name algorithm */ + const char *policyFilename) /* binary policy, NULL means empty */ +{ + TPM_RC rc = 0; + + if (rc == 0) { + publicArea->objectAttributes = addObjectAttributes; + + /* Table 185 - TPM2B_PUBLIC inPublic */ + /* Table 184 - TPMT_PUBLIC publicArea */ + /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ + publicArea->type = TPM_ALG_KEYEDHASH; + /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ + publicArea->nameAlg = nalg; + /* Table 32 - TPMA_OBJECT objectAttributes */ + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN; + publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; + publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; + publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; + /* Table 72 - TPM2B_DIGEST authPolicy */ + /* policy set separately */ + { + /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union <IN/OUT, S> */ + /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ + /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ + /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ + publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL; + /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union <IN/OUT, S> */ + } + /* Table 177 - TPMU_PUBLIC_ID unique */ + /* Table 72 - Definition of TPM2B_DIGEST Structure */ + publicArea->unique.sym.t.size = 0; + } + if (rc == 0) { + rc = getPolicy(publicArea, policyFilename); + } + return rc; +} + +TPM_RC getPolicy(TPMT_PUBLIC *publicArea, + const char *policyFilename) +{ + TPM_RC rc = 0; + + if (rc == 0) { + if (policyFilename != NULL) { + rc = TSS_File_Read2B(&publicArea->authPolicy.b, + sizeof(publicArea->authPolicy.t.buffer), + policyFilename); + } + else { + publicArea->authPolicy.t.size = 0; /* default empty policy */ + } + } + return rc; +} + +void printUsageTemplate(void) +{ + printf("\t[Asymmetric Key Algorithm]\n"); + printf("\n"); + printf("\t-rsa keybits (default)\n"); + printf("\t\t(2048 default)\n"); + printf("\t-ecc curve\n"); + printf("\t\tbnp256\n"); + printf("\t\tnistp256\n"); + printf("\t\tnistp384\n"); + printf("\n"); + printf("\tKey attributes\n"); + printf("\n"); + printf("\t\t-bl\tdata blob for unseal (create only)\n"); + printf("\t\t\trequires -if\n"); + printf("\t\t-den\tdecryption, (unrestricted, RSA and EC NULL scheme)\n"); + printf("\t\t-deo\tdecryption, (unrestricted, RSA OAEP, EC NULL scheme)\n"); + printf("\t\t-dee\tdecryption, (unrestricted, RSA ES, EC NULL scheme)\n"); + printf("\t\t-des\tencryption/decryption, AES symmetric\n"); + printf("\t\t\t[-116 for TPM rev 116 compatibility]\n"); + printf("\t\t-st\tstorage (restricted)\n"); + printf("\t\t\t[default for primary keys]\n"); + printf("\t\t-si\tunrestricted signing (RSA and EC NULL scheme)\n"); + printf("\t\t-sir\trestricted signing (RSA RSASSA, EC ECDSA scheme)\n"); + printf("\t\t-dau\tunrestricted ECDAA signing key pair\n"); + printf("\t\t-dar\trestricted ECDAA signing key pair\n"); + printf("\t\t-kh\tkeyed hash (unrestricted, hmac)\n"); + printf("\t\t-khr\tkeyed hash (restricted, hmac)\n"); + printf("\t\t-dp\tderivation parent\n"); + printf("\t\t-gp\tgeneral purpose, not storage\n"); + printf("\n"); + printf("\t\t[-kt\t(can be specified more than once)]\n" + "\t\t\tf\tfixedTPM (default for primary keys and derivation parents)\n" + "\t\t\tp\tfixedParent (default for primary keys and derivation parents)\n" + "\t\t\tnf\tno fixedTPM (default for non-primary keys)\n" + "\t\t\tnp\tno fixedParent (default for non-primary keys)\n" + "\t\t\ted\tencrypted duplication (default not set)\n"); + printf("\t[-da\tobject subject to DA protection (default no)]\n"); + printf("\t[-pol\tpolicy file (default empty)]\n"); + printf("\t[-uwa\tuserWithAuth attribute clear (default set)]\n"); + printf("\t[-if\tdata (inSensitive) file name]\n"); + printf("\n"); + printf("\t[-nalg\tname hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + printf("\t[-halg\tscheme hash algorithm (sha1, sha256, sha384, sha512) (default sha256)]\n"); + return; +} |