libtpmtss: Support for TSS2 v2 libraries

conf/plugins/tpm.opt

@@ -1,2 +1,5 @@
 charon.plugins.tpm.use_rng = no
 	Whether the TPM should be used as RNG.
+
+charon.plugins.tpm.tcti.name = tabrmd
+	Name of TCTI library. Valid values: tabrmd, device, mssim.

configure.ac

@@ -1019,18 +1019,28 @@ if test x$tss_trousers = xtrue; then
 fi
 
 if test x$tss_tss2 = xtrue; then
+	PKG_CHECK_MODULES(tss2_sys, [tss2-sys],
+		[tss2_sys=true; AC_DEFINE([TSS2_SYS], [], [use TSS2 v2 System API])],
+		[tss2_sys=false])
+	PKG_CHECK_MODULES(tss2_esys, [tss2-esys],
+		[tss2_esys=true; AC_DEFINE([TSS2_ESYS], [], [use TSS2 v2 Extended System API])],
+		[tss2_esys=false])
 	PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
 		[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
 		[tss2_tabrmd=false])
 	PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
 		[tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],
 		[tss2_socket=false])
-	if test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
-		AC_DEFINE([TSS_TSS2], [], [use TSS 2.0 libraries])
+	if test x$tss2_sys = xtrue; then
+		AC_DEFINE([TSS_TSS2_V2], [], [use TSS 2.0 v2 libraries])
+		AC_SUBST(tss2_CFLAGS, "$tss2_sys_CFLAGS")
+		AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
+	elif test x$tss2_tabrmd = xtrue -o x$tss2_socket = xtrue; then
+		AC_DEFINE([TSS_TSS2_V1], [], [use TSS 2.0 v1 libraries])
 		AC_SUBST(tss2_CFLAGS, "$tss2_tabrmd_CFLAGS $tss2_socket_CFLAGS")
 		AC_SUBST(tss2_LIBS, "$tss2_tabrmd_LIBS $tss2_socket_LIBS")
 	else
-		AC_MSG_FAILURE([no TSS2 TCTI library detected])
+		AC_MSG_FAILURE([no TSS2 TCTI or SAPI libraries detected])
 	fi
 fi
 

src/libtpmtss/Makefile.am

@@ -24,8 +24,8 @@ libtpmtss_la_SOURCES = \
 	tpm_tss.h tpm_tss.c \
 	tpm_tss_quote_info.h tpm_tss_quote_info.c \
 	tpm_tss_trousers.h tpm_tss_trousers.c \
-	tpm_tss_tss2.h tpm_tss_tss2.c \
-	tpm_tss_tss2_names.h tpm_tss_tss2_names.c
+	tpm_tss_tss2.h tpm_tss_tss2_v1.c tpm_tss_tss2_v2.c \
+	tpm_tss_tss2_names.h tpm_tss_tss2_names_v1.c tpm_tss_tss2_names_v2.c
 
 if MONOLITHIC
 SUBDIRS =

src/libtpmtss/plugins/tpm/tpm_plugin.c

@@ -18,6 +18,7 @@
 #include "tpm_cert.h"
 #include "tpm_rng.h"
 
+#include <tpm_tss.h>
 #include <library.h>
 
 typedef struct private_tpm_plugin_t private_tpm_plugin_t;
@@ -80,6 +81,7 @@ METHOD(plugin_t, destroy, void,
 	private_tpm_plugin_t *this)
 {
 	free(this);
+	libtpmtss_deinit();
 }
 
 /*
@@ -89,6 +91,11 @@ plugin_t *tpm_plugin_create()
 {
 	private_tpm_plugin_t *this;
 
+	if (!libtpmtss_init())
+	{
+		return NULL;
+	}
+
 	INIT(this,
 		.public = {
 			.plugin = {

src/libtpmtss/tpm_tss.c

@@ -27,12 +27,20 @@
 /**
  * Described in header.
  */
-void libtpmtss_init(void)
+bool libtpmtss_init(void)
 {
-	/* empty */
+	return tpm_tss_tss2_init();
 }
 
-typedef tpm_tss_t*(*tpm_tss_create)();
+/**
+ * Described in header.
+ */
+void libtpmtss_deinit(void)
+{
+	tpm_tss_tss2_deinit();
+}
+
+typedef tpm_tss_t*(*tpm_tss_create)(void);
 
 /**
  * See header.

src/libtpmtss/tpm_tss.h

@@ -48,14 +48,14 @@ struct tpm_tss_t {
 	/**
 	 * Get TPM version supported by TSS
 	 *
-	 * @return		TPM version
+	 * @return				TPM version
 	 */
 	tpm_version_t (*get_version)(tpm_tss_t *this);
 
 	/**
 	 * Get TPM version info (TPM 1.2 only)
 	 *
-	 * @return			TPM version info struct
+	 * @return				TPM version info struct
 	 */
 	chunk_t (*get_version_info)(tpm_tss_t *this);
 
@@ -74,8 +74,8 @@ struct tpm_tss_t {
 	/**
 	 * Get public key from TPM using its object handle (TPM 2.0 only)
 	 *
-	 * @param handle	key object handle
-	 * @return			public key in PKCS#1 format
+	 * @param handle		key object handle
+	 * @return				public key in PKCS#1 format
 	 */
 	chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle);
 
@@ -169,8 +169,15 @@ struct tpm_tss_t {
 tpm_tss_t *tpm_tss_probe(tpm_version_t version);
 
 /**
- * Dummy libtpmtss initialization function needed for integrity test
+ * libtpmtss initialization function
+ *
+ * @return					TRUE if initialization was successful
  */
-void libtpmtss_init(void);
+bool libtpmtss_init(void);
+
+/**
+ * libtpmtss de-initialization function
+ */
+void libtpmtss_deinit(void);
 
 #endif /** TPM_TSS_H_ @}*/

src/libtpmtss/tpm_tss_trousers.h

@@ -47,6 +47,6 @@ struct tpm_tss_trousers_t {
 /**
  * Create a tpm_tss_trousers instance.
  */
-tpm_tss_t *tpm_tss_trousers_create();
+tpm_tss_t *tpm_tss_trousers_create(void);
 
 #endif /** TPM_TSS_TROUSERS_H_ @}*/

src/libtpmtss/tpm_tss_tss2.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -26,6 +26,18 @@
 /**
  * Create a tpm_tss_tss2 instance.
  */
-tpm_tss_t *tpm_tss_tss2_create();
+tpm_tss_t *tpm_tss_tss2_create(void);
+
+/**
+ * Initialize the tpm_tss_tss2 library.
+ *
+ * @return		TRUE if initialization was successful
+ */
+bool tpm_tss_tss2_init(void);
+
+/**
+ * /De-initialize the tpm_tss_tss2 library.
+ */
+void tpm_tss_tss2_deinit(void);
 
 #endif /** TPM_TSS_TSS2_H_ @}*/

src/libtpmtss/tpm_tss_tss2_names_v1.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -15,7 +15,7 @@
 
 #include "tpm_tss_tss2_names.h"
 
-#ifdef TSS_TSS2
+#ifdef TSS_TSS2_V1
 
 #include <tpm20.h>
 
@@ -102,7 +102,9 @@ ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_SM2_P256, TPM_ECC_SM2_P256, TPM_ECC_BN_P6
 );
 ENUM_END(tpm_ecc_curve_names, TPM_ECC_SM2_P256);
 
-#else /* TSS_TSS2 */
+#else /* TSS_TSS2_V1 */
+
+#ifndef TSS_TSS2_V2 
 
 /**
  * TPM 2.0 algorithm ID names
@@ -118,6 +120,8 @@ ENUM(tpm_ecc_curve_names, 0, 0,
 	"NONE"
 );
 
-#endif /* TSS_TSS2 */
+#endif /* !TSS_TSS2_V2 */
+
+#endif /* TSS_TSS2_V1 */
 
 

src/libtpmtss/tpm_tss_tss2_names_v2.c

@@ -0,0 +1,98 @@
+/*
+ * Copyright (C) 2018 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifdef TSS_TSS2_V2
+
+#include "tpm_tss_tss2_names.h"
+
+#include <tss2/tss2_sys.h>
+
+/**
+ * TPM 2.0 algorithm ID names
+ */
+ENUM_BEGIN(tpm_alg_id_names, TPM2_ALG_ERROR, TPM2_ALG_RSA,
+	"ERROR",
+	"RSA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SHA1, TPM2_ALG_KEYEDHASH, TPM2_ALG_RSA,
+	"SHA1",
+	"HMAC",
+	"AES",
+	"MGF1",
+	"KEYEDHASH"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_XOR, TPM2_ALG_SHA512, TPM2_ALG_KEYEDHASH,
+	"XOR",
+	"SHA256",
+	"SHA384",
+	"SHA512"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_NULL, TPM2_ALG_NULL, TPM2_ALG_SHA512,
+	"NULL"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SM3_256, TPM2_ALG_ECMQV, TPM2_ALG_NULL,
+	"SM3_256",
+	"SM4",
+	"RSASSA",
+	"RSAES",
+	"RSAPSS",
+	"OAEP",
+	"ECDSA",
+	"ECDH",
+	"SM2",
+	"ECSCHNORR",
+	"ECMQV"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_KDF1_SP800_56A, TPM2_ALG_ECC, TPM2_ALG_ECMQV,
+	"KDF1_SP800_56A",
+	"KDF2",
+	"KDF1_SP800_108",
+	"ECC"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_SYMCIPHER, TPM2_ALG_CAMELLIA, TPM2_ALG_ECC,
+	"SYMCIPHER",
+	"CAMELLIA"
+);
+ENUM_NEXT(tpm_alg_id_names, TPM2_ALG_CTR, TPM2_ALG_ECB, TPM2_ALG_CAMELLIA,
+	"CTR",
+	"OFB",
+	"CBC",
+	"CFB",
+	"ECB"
+);
+ENUM_END(tpm_alg_id_names, TPM2_ALG_ECB);
+
+/**
+ * TPM 2.0 ECC curve names
+ */
+ENUM_BEGIN(tpm_ecc_curve_names, TPM2_ECC_NONE, TPM2_ECC_NIST_P521,
+	"NONE",
+	"NIST_P192",
+	"NIST_P224",
+	"NIST_P256",
+	"NIST_P384",
+	"NIST_P521"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_BN_P256, TPM2_ECC_BN_P638, TPM2_ECC_NIST_P521,
+	"BN_P256",
+	"BN_P638"
+);
+ENUM_NEXT(tpm_ecc_curve_names, TPM2_ECC_SM2_P256, TPM2_ECC_SM2_P256, TPM2_ECC_BN_P638,
+	"SM2_P256"
+);
+ENUM_END(tpm_ecc_curve_names, TPM2_ECC_SM2_P256);
+
+#endif /* TSS_TSS2_V2 */
+

src/libtpmtss/tpm_tss_tss2_v1.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2016 Andreas Steffen
+ * Copyright (C) 2016-2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
  * This program is free software; you can redistribute it and/or modify it
@@ -16,7 +16,7 @@
 #include "tpm_tss_tss2.h"
 #include "tpm_tss_tss2_names.h"
 
-#ifdef TSS_TSS2
+#ifdef TSS_TSS2_V1
 
 #include <asn1/asn1.h>
 #include <asn1/oid.h>
@@ -24,9 +24,9 @@
 
 #include <tpm20.h>
 
-#ifdef TSS2_TCTI_TABRMD
+#ifdef TSS2_TCTI_TABRMD_V1
 #include <tcti/tcti-tabrmd.h>
-#endif /* TSS2_TCTI_TABRMD */
+#endif /* TSS2_TCTI_TABRMD_V1 */
 
 #ifdef TSS2_TCTI_SOCKET
 #include <tcti_socket.h>
@@ -1168,7 +1168,7 @@ tpm_tss_t *tpm_tss_tss2_create()
 	{
 		available = initialize_sys_context(this);
 	}
-	DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not ");
+	DBG1(DBG_PTS, "TPM 2.0 via TSS2 v1 %savailable", available ? "" : "not ");
 
 	if (!available)
 	{
@@ -1178,13 +1178,15 @@ tpm_tss_t *tpm_tss_tss2_create()
 	return &this->public;
 }
 
-#else /* TSS_TSS2 */
+#else /* TSS_TSS2_V1 */
 
-tpm_tss_t *tpm_tss_tss2_create()
+#ifndef TSS_TSS2_V2
+tpm_tss_t *tpm_tss_tss2_create(void)
 {
 	return NULL;
 }
+#endif /* !TSS_TSS2_V2 */
 
-#endif /* TSS_TSS2 */
+#endif /* TSS_TSS2_V1 */