Cleanup new API's. Add documentation.

wolfSSL · May 20, 2024 · ab45d27 · ab45d27
1 parent f65bea0
commit ab45d27
Show file tree

Hide file tree

Showing 2 changed files with 209 additions and 121 deletions.
diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c
@@ -1063,6 +1063,38 @@ int wolfTPM2_SetAuthSession(WOLFTPM2_DEV* dev, int index,
     return rc;
 }
 
+int wolfTPM2_SetSessionHandle(WOLFTPM2_DEV* dev, int index,
+    WOLFTPM2_SESSION* tpmSession)
+{
+    TPM2_AUTH_SESSION* session;
+
+    if (dev == NULL || index >= MAX_SESSION_NUM || index < 0) {
+        return BAD_FUNC_ARG;
+    }
+
+    session = &dev->session[index];
+    session->sessionHandle = TPM_RS_PW;
+
+    /* Set password handle unless TPM session is available */
+    if (tpmSession) {
+        session->sessionHandle = tpmSession->handle.hndl;
+
+        session->auth.size = tpmSession->handle.auth.size;
+        XMEMCPY(session->auth.buffer, tpmSession->handle.auth.buffer, tpmSession->handle.auth.size);
+
+        session->name.size = tpmSession->handle.name.size;
+        XMEMCPY(session->name.name, tpmSession->handle.name.name, tpmSession->handle.name.size);
+
+        session->policyAuth = tpmSession->handle.policyAuth;
+        session->policyPass = tpmSession->handle.policyPass;
+    }
+
+    TPM2_SetSessionAuth(dev->session);
+
+    return TPM_RC_SUCCESS;
+}
+
+
 int wolfTPM2_CreateAuthSession_EkPolicy(WOLFTPM2_DEV* dev,
                                         WOLFTPM2_SESSION* tpmSession)
 {
@@ -6917,6 +6949,52 @@ int wolfTPM2_PolicyPCR(WOLFTPM2_DEV* dev, TPM_HANDLE sessionHandle,
     return rc;
 }
 
+/* Use this password (in clear) for the policy session instead of the HMAC */
+int wolfTPM2_PolicyPassword(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* tpmSession,
+    const byte* auth, int authSz)
+{
+    PolicyPassword_In policyPasswordIn;
+
+    if (dev == NULL || tpmSession == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (auth != NULL && authSz >= 0) {
+        tpmSession->handle.auth.size = authSz;
+        tpmSession->handle.policyPass = 1;
+        XMEMCPY(tpmSession->handle.auth.buffer, auth, authSz);
+    }
+
+    XMEMSET(&policyPasswordIn, 0, sizeof(policyPasswordIn));
+    policyPasswordIn.policySession = tpmSession->handle.hndl;
+
+    return TPM2_PolicyPassword(&policyPasswordIn);
+}
+
+/* Use this auth with HMAC key on HMAC computation */
+int wolfTPM2_PolicyAuthValue(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* tpmSession,
+    const byte* auth, int authSz)
+{
+    PolicyAuthValue_In policyAuthValueIn;
+
+    if (dev == NULL || tpmSession == NULL) {
+        return BAD_FUNC_ARG;
+    }
+
+    if (auth != NULL && authSz >= 0) {
+        int authDigestSz = TPM2_GetHashDigestSize(tpmSession->authHash);
+        tpmSession->handle.auth.size = authDigestSz + authSz;
+        /* leave room for the computed HMAC key */
+        XMEMCPY(&tpmSession->handle.auth.buffer[authDigestSz], auth, authSz);
+        tpmSession->handle.policyAuth = 1;
+    }
+
+    XMEMSET(&policyAuthValueIn, 0, sizeof(policyAuthValueIn));
+    policyAuthValueIn.policySession = tpmSession->handle.hndl;
+
+    return TPM2_PolicyAuthValue(&policyAuthValueIn);
+}
+
 #ifndef WOLFTPM2_NO_WOLFCRYPT
 /* Authorize a policy based on external key for a verified policy digiest signature */
 int wolfTPM2_PolicyAuthorize(WOLFTPM2_DEV* dev, TPM_HANDLE sessionHandle,
@@ -7219,118 +7297,6 @@ int wolfTPM2_PolicyAuthorizeMake(TPM_ALG_ID pcrAlg,
 /* --- END Policy Support -- */
 /******************************************************************************/
 
-/******************************************************************************/
-/* Additional Functions to support policy authorizations - START  */
-/******************************************************************************/
-
-
-int wolfTPM2_SetSessionHandle(WOLFTPM2_DEV* dev, int index, WOLFTPM2_SESSION* tpmSession)
-{
-    TPM2_AUTH_SESSION* session;
-
-    if (dev == NULL || index >= MAX_SESSION_NUM || index < 0) {
-        return BAD_FUNC_ARG;
-    }
-
-    session = &dev->session[index];
-    session->sessionHandle = TPM_RS_PW;
-
-    /* Set password handle unless TPM session is available */
-    if (tpmSession) {
-        session->sessionHandle = tpmSession->handle.hndl;
-
-        session->auth.size = tpmSession->handle.auth.size;
-        XMEMCPY(session->auth.buffer, tpmSession->handle.auth.buffer, tpmSession->handle.auth.size);
-
-        session->name.size = tpmSession->handle.name.size;
-        XMEMCPY(session->name.name, tpmSession->handle.name.name, tpmSession->handle.name.size);
-
-        session->policyAuth = tpmSession->handle.policyAuth;
-        session->policyPass = tpmSession->handle.policyPass;
-    }
-
-    TPM2_SetSessionAuth(dev->session);
-
-    return TPM_RC_SUCCESS;
-}
-
-/* Use this password (in clear) for the policy session instead of the HMAC */
-int wolfTPM2_PolicyPassword(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* tpmSession,
-    const byte* auth, int authSz)
-{
-    PolicyPassword_In policyPasswordIn;
-
-    if (dev == NULL || tpmSession == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (auth != NULL && authSz >= 0) {
-        tpmSession->handle.auth.size = authSz;
-        tpmSession->handle.policyPass = 1;
-        XMEMCPY(tpmSession->handle.auth.buffer, auth, authSz);
-    }
-
-    XMEMSET(&policyPasswordIn, 0, sizeof(policyPasswordIn));
-    policyPasswordIn.policySession = tpmSession->handle.hndl;
-
-    return TPM2_PolicyPassword(&policyPasswordIn);
-}
-
-/* Use this auth with HMAC key on HMAC computation */
-int wolfTPM2_PolicyAuthValue(WOLFTPM2_DEV* dev, WOLFTPM2_SESSION* tpmSession,
-    const byte* auth, int authSz)
-{
-    PolicyAuthValue_In policyAuthValueIn;
-
-    if (dev == NULL || tpmSession == NULL) {
-        return BAD_FUNC_ARG;
-    }
-
-    if (auth != NULL && authSz >= 0) {
-        int authDigestSz = TPM2_GetHashDigestSize(tpmSession->authHash);
-        tpmSession->handle.auth.size = authDigestSz + authSz;
-        /* leave room for the computed HMAC key */
-        XMEMCPY(&tpmSession->handle.auth.buffer[authDigestSz], auth, authSz);
-        tpmSession->handle.policyAuth = 1;
-    }
-
-    XMEMSET(&policyAuthValueIn, 0, sizeof(policyAuthValueIn));
-    policyAuthValueIn.policySession = tpmSession->handle.hndl;
-
-    return TPM2_PolicyAuthValue(&policyAuthValueIn);
-}
-
-int wolfTPM2_GetKeyTemplate_RSA_policySRK(TPMT_PUBLIC* publicTemplate)
-{
-    TPMA_OBJECT objectAttributes = (
-        TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
-        TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_adminWithPolicy |
-        TPMA_OBJECT_restricted | TPMA_OBJECT_decrypt | TPMA_OBJECT_noDA);
-
-    return GetKeyTemplateRSA(publicTemplate, TPM_ALG_SHA256,
-        objectAttributes, 2048, 0, TPM_ALG_NULL, TPM_ALG_NULL);
-}
-
-int wolfTPM2_GetKeyTemplate_policyKeySeal(TPMT_PUBLIC* publicTemplate, TPM_ALG_ID nameAlg)
-{
-    if (publicTemplate == NULL)
-        return BAD_FUNC_ARG;
-    /* Seal Object can be only of type KEYEDHASH and can not be used for
-     * signing or encryption. Hash algorithm can be chosen by the developer.
-     */
-    XMEMSET(publicTemplate, 0, sizeof(TPMT_PUBLIC));
-    publicTemplate->type = TPM_ALG_KEYEDHASH;
-    publicTemplate->nameAlg = nameAlg;
-    publicTemplate->objectAttributes = (
-        TPMA_OBJECT_fixedTPM | TPMA_OBJECT_fixedParent |
-        TPMA_OBJECT_adminWithPolicy | TPMA_OBJECT_noDA);
-    publicTemplate->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL;
-    return TPM_RC_SUCCESS;
-}
-
-/******************************************************************************/
-/* Additional Functions to support policy authorizations - END  */
-/******************************************************************************/
 
 /******************************************************************************/
 /* --- BEGIN Provisioned TPM Support -- */