From 7dbd84458650688076403133bdb3c263a1bae525 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 13 Nov 2023 14:15:14 -0800 Subject: [PATCH] Add TPM crypto callback support for RSA key generation. --- src/tpm2_cryptocb.c | 43 +++++++++++++++++++++++++++++++++++-------- src/tpm2_wrap.c | 8 ++++---- wolftpm/tpm2_wrap.h | 12 ++++++++++++ 3 files changed, 51 insertions(+), 12 deletions(-) diff --git a/src/tpm2_cryptocb.c b/src/tpm2_cryptocb.c index 8daad7fe..42efb5ff 100644 --- a/src/tpm2_cryptocb.c +++ b/src/tpm2_cryptocb.c @@ -78,14 +78,41 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) #ifndef NO_RSA /* RSA */ if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { - /* TODO: Add crypto callback RSA keygen support */ - #if 0 - RsaKey* key; - int size; - long e; - WC_RNG* rng; - #endif - rc = exit_rc; + #ifdef WOLFSSL_KEY_GEN + if (tlsCtx->rsaKeyGen != NULL && tlsCtx->storageKey != NULL) { + /* create a new RSA key */ + TPMT_PUBLIC publicTemplate; + XMEMSET(&publicTemplate, 0, sizeof(publicTemplate)); + rc = GetKeyTemplateRSA(&publicTemplate, + WOLFTPM2_WRAP_DIGEST, /* name algorithm */ + ( /* objectAttributes */ + TPMA_OBJECT_sensitiveDataOrigin | + TPMA_OBJECT_userWithAuth | + TPMA_OBJECT_decrypt | + TPMA_OBJECT_noDA + ), + info->pk.rsakg.size, /* keyBits */ + info->pk.rsakg.e, /* exponent */ + TPM_ALG_NULL, /* sigScheme */ + WOLFTPM2_WRAP_DIGEST /* sigHash */ + ); + if (rc == 0) { + rc = wolfTPM2_CreateKey(tlsCtx->dev, tlsCtx->rsaKeyGen, + &tlsCtx->storageKey->handle, &publicTemplate, NULL, 0); + } + if (rc == 0) { + rc = wolfTPM2_LoadKey(tlsCtx->dev, tlsCtx->rsaKeyGen, + &tlsCtx->storageKey->handle); + } + if (rc == 0) { + /* export public portion of new key to wolf RsaKey struct */ + rc = wolfTPM2_RsaKey_TpmToWolf(tlsCtx->dev, + (WOLFTPM2_KEY*)tlsCtx->rsaKeyGen, info->pk.rsakg.key); + } + } + else + #endif + rc = exit_rc; } else if (info->pk.type == WC_PK_TYPE_RSA) { switch (info->pk.rsa.type) { diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 2f4f464b..c19dfede 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -5280,8 +5280,8 @@ int wolfTPM2_ChangePlatformAuth(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* session) /* --- BEGIN Utility Functions -- */ /******************************************************************************/ -static int GetKeyTemplateRSA(TPMT_PUBLIC* publicTemplate, - TPM_ALG_ID nameAlg, TPMA_OBJECT objectAttributes, int keyBits, int exponent, +int GetKeyTemplateRSA(TPMT_PUBLIC* publicTemplate, + TPM_ALG_ID nameAlg, TPMA_OBJECT objectAttributes, int keyBits, long exponent, TPM_ALG_ID sigScheme, TPM_ALG_ID sigHash) { if (publicTemplate == NULL) @@ -5293,7 +5293,7 @@ static int GetKeyTemplateRSA(TPMT_PUBLIC* publicTemplate, publicTemplate->nameAlg = nameAlg; publicTemplate->objectAttributes = objectAttributes; publicTemplate->parameters.rsaDetail.keyBits = keyBits; - publicTemplate->parameters.rsaDetail.exponent = exponent; + publicTemplate->parameters.rsaDetail.exponent = (UINT32)exponent; publicTemplate->parameters.rsaDetail.scheme.scheme = sigScheme; publicTemplate->parameters.rsaDetail.scheme.details.anySig.hashAlg = sigHash; /* For fixedParent or (decrypt and restricted) enable symmetric */ @@ -5311,7 +5311,7 @@ static int GetKeyTemplateRSA(TPMT_PUBLIC* publicTemplate, return TPM_RC_SUCCESS; } -static int GetKeyTemplateECC(TPMT_PUBLIC* publicTemplate, +int GetKeyTemplateECC(TPMT_PUBLIC* publicTemplate, TPM_ALG_ID nameAlg, TPMA_OBJECT objectAttributes, TPM_ECC_CURVE curve, TPM_ALG_ID sigScheme, TPM_ALG_ID sigHash) { diff --git a/wolftpm/tpm2_wrap.h b/wolftpm/tpm2_wrap.h index a43274f6..01577416 100644 --- a/wolftpm/tpm2_wrap.h +++ b/wolftpm/tpm2_wrap.h @@ -2870,6 +2870,9 @@ typedef struct TpmCryptoDevCtx { WOLFTPM2_DEV* dev; #ifndef NO_RSA WOLFTPM2_KEY* rsaKey; /* RSA */ + #ifdef WOLFSSL_KEY_GEN + WOLFTPM2_KEYBLOB* rsaKeyGen; /* RSA KeyGen */ + #endif #endif #ifdef HAVE_ECC WOLFTPM2_KEY* eccKey; /* ECDSA */ @@ -3387,6 +3390,15 @@ WOLFTPM_API int wolfTPM2_PolicyAuthorizeMake(TPM_ALG_ID pcrAlg, const TPM2B_PUBLIC* pub, byte* digest, word32* digestSz, const byte* policyRef, word32 policyRefSz); + +/* Internal API's */ +WOLFTPM_LOCAL int GetKeyTemplateRSA(TPMT_PUBLIC* publicTemplate, + TPM_ALG_ID nameAlg, TPMA_OBJECT objectAttributes, int keyBits, long exponent, + TPM_ALG_ID sigScheme, TPM_ALG_ID sigHash); +WOLFTPM_LOCAL int GetKeyTemplateECC(TPMT_PUBLIC* publicTemplate, + TPM_ALG_ID nameAlg, TPMA_OBJECT objectAttributes, TPM_ECC_CURVE curve, + TPM_ALG_ID sigScheme, TPM_ALG_ID sigHash); + #ifdef __cplusplus } /* extern "C" */ #endif