libtpmtss: Add enumeration of supported signature schemes to TSS2 implementations
authorTobias Brunner <tobias@strongswan.org>
Mon, 15 Oct 2018 11:28:51 +0000 (13:28 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 26 Oct 2018 07:03:27 +0000 (09:03 +0200)
src/libtpmtss/tpm_tss_trousers.c
src/libtpmtss/tpm_tss_tss2_v1.c
src/libtpmtss/tpm_tss_tss2_v2.c

index 81e542d..9373733 100644 (file)
@@ -390,6 +390,12 @@ METHOD(tpm_tss_t, get_public, chunk_t,
        return aik_pubkey;
 }
 
+METHOD(tpm_tss_t, supported_signature_schemes, enumerator_t*,
+       private_tpm_tss_trousers_t *this, uint32_t handle)
+{
+       return enumerator_create_empty();
+}
+
 METHOD(tpm_tss_t, read_pcr, bool,
        private_tpm_tss_trousers_t *this, uint32_t pcr_num, chunk_t *pcr_value,
        hash_algorithm_t alg)
@@ -642,6 +648,7 @@ tpm_tss_t *tpm_tss_trousers_create()
                                .get_version_info = _get_version_info,
                                .generate_aik = _generate_aik,
                                .get_public = _get_public,
+                               .supported_signature_schemes = _supported_signature_schemes,
                                .read_pcr = _read_pcr,
                                .extend_pcr = _extend_pcr,
                                .quote = _quote,
index 180e947..26fd25c 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
  * Copyright (C) 2016-2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -523,6 +524,89 @@ METHOD(tpm_tss_t, get_public, chunk_t,
        return aik_pubkey;
 }
 
+METHOD(tpm_tss_t, supported_signature_schemes, enumerator_t*,
+       private_tpm_tss_tss2_t *this, uint32_t handle)
+{
+       TPM2B_PUBLIC public = { { 0, } };
+       hash_algorithm_t digest;
+       signature_params_t supported_scheme;
+
+       if (!read_public(this, handle, &public))
+       {
+               return enumerator_create_empty();
+       }
+
+       switch (public.t.publicArea.type)
+       {
+               case TPM_ALG_RSA:
+               {
+                       TPMS_RSA_PARMS *rsa;
+                       TPMT_RSA_SCHEME *scheme;
+
+                       rsa = &public.t.publicArea.parameters.rsaDetail;
+                       scheme = &rsa->scheme;
+                       digest = hash_alg_from_tpm_alg_id(scheme->details.anySig.hashAlg);
+
+                       switch (scheme->scheme)
+                       {
+                               case TPM_ALG_RSAPSS:
+                               {
+                                       rsa_pss_params_t pss_params = {
+                                               .hash = digest,
+                                               .mgf1_hash = digest,
+                                               .salt_len = RSA_PSS_SALT_LEN_MAX,
+                                       };
+                                       supported_scheme = (signature_params_t){
+                                               .scheme = SIGN_RSA_EMSA_PSS,
+                                               .params = &pss_params,
+                                       };
+                                       if (!rsa_pss_params_set_salt_len(&pss_params, rsa->keyBits))
+                                       {
+                                               return enumerator_create_empty();
+                                       }
+                                       break;
+                               }
+                               case TPM_ALG_RSASSA:
+                                       supported_scheme = (signature_params_t){
+                                               .scheme = signature_scheme_from_oid(
+                                                                       hasher_signature_algorithm_to_oid(digest,
+                                                                                                                                         KEY_RSA)),
+                                       };
+                                       break;
+                               default:
+                                       return enumerator_create_empty();
+                       }
+                       break;
+               }
+               case TPM_ALG_ECC:
+               {
+                       TPMT_ECC_SCHEME *scheme;
+
+                       scheme = &public.t.publicArea.parameters.eccDetail.scheme;
+                       digest = hash_alg_from_tpm_alg_id(scheme->details.anySig.hashAlg);
+
+                       switch (scheme->scheme)
+                       {
+                               case TPM_ALG_ECDSA:
+                                       supported_scheme = (signature_params_t){
+                                               .scheme = signature_scheme_from_oid(
+                                                                       hasher_signature_algorithm_to_oid(digest,
+                                                                                                                                       KEY_ECDSA)),
+                                       };
+                                       break;
+                               default:
+                                       return enumerator_create_empty();
+                       }
+                       break;
+               }
+               default:
+                       DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL);
+                       return enumerator_create_empty();
+       }
+       return enumerator_create_single(signature_params_clone(&supported_scheme),
+                                                                       (void*)signature_params_destroy);
+}
+
 /**
  * Configure a PCR Selection assuming a maximum of 24 registers
  */
@@ -809,7 +893,7 @@ METHOD(tpm_tss_t, quote, bool,
                        DBG1(DBG_PTS, "%s unsupported %N signature algorithm",
                                                   LABEL, tpm_alg_id_names, sig.sigAlg);
                        return FALSE;
-       };
+       }
 
        DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg);
        pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg);
@@ -1036,7 +1120,7 @@ METHOD(tpm_tss_t, sign, bool,
                        DBG1(DBG_PTS, "%s unsupported %N signature scheme",
                                                   LABEL, signature_scheme_names, scheme);
                        return FALSE;
-       };
+       }
 
        return TRUE;
 }
@@ -1174,6 +1258,7 @@ tpm_tss_t *tpm_tss_tss2_create()
                        .get_version_info = _get_version_info,
                        .generate_aik = _generate_aik,
                        .get_public = _get_public,
+                       .supported_signature_schemes = _supported_signature_schemes,
                        .read_pcr = _read_pcr,
                        .extend_pcr = _extend_pcr,
                        .quote = _quote,
index 7cb0d48..f47858e 100644 (file)
@@ -1,4 +1,5 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
  * Copyright (C) 2018 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -477,6 +478,89 @@ METHOD(tpm_tss_t, get_public, chunk_t,
        return aik_pubkey;
 }
 
+METHOD(tpm_tss_t, supported_signature_schemes, enumerator_t*,
+       private_tpm_tss_tss2_t *this, uint32_t handle)
+{
+       TPM2B_PUBLIC public = { 0, };
+       hash_algorithm_t digest;
+       signature_params_t supported_scheme;
+
+       if (!read_public(this, handle, &public))
+       {
+               return enumerator_create_empty();
+       }
+
+       switch (public.publicArea.type)
+       {
+               case TPM2_ALG_RSA:
+               {
+                       TPMS_RSA_PARMS *rsa;
+                       TPMT_RSA_SCHEME *scheme;
+
+                       rsa = &public.publicArea.parameters.rsaDetail;
+                       scheme = &rsa->scheme;
+                       digest = hash_alg_from_tpm_alg_id(scheme->details.anySig.hashAlg);
+
+                       switch (scheme->scheme)
+                       {
+                               case TPM2_ALG_RSAPSS:
+                               {
+                                       rsa_pss_params_t pss_params = {
+                                               .hash = digest,
+                                               .mgf1_hash = digest,
+                                               .salt_len = RSA_PSS_SALT_LEN_MAX,
+                                       };
+                                       supported_scheme = (signature_params_t){
+                                               .scheme = SIGN_RSA_EMSA_PSS,
+                                               .params = &pss_params,
+                                       };
+                                       if (!rsa_pss_params_set_salt_len(&pss_params, rsa->keyBits))
+                                       {
+                                               return enumerator_create_empty();
+                                       }
+                                       break;
+                               }
+                               case TPM2_ALG_RSASSA:
+                                       supported_scheme = (signature_params_t){
+                                               .scheme = signature_scheme_from_oid(
+                                                                       hasher_signature_algorithm_to_oid(digest,
+                                                                                                                                         KEY_RSA)),
+                                       };
+                                       break;
+                               default:
+                                       return enumerator_create_empty();
+                       }
+                       break;
+               }
+               case TPM2_ALG_ECC:
+               {
+                       TPMT_ECC_SCHEME *scheme;
+
+                       scheme = &public.publicArea.parameters.eccDetail.scheme;
+                       digest = hash_alg_from_tpm_alg_id(scheme->details.anySig.hashAlg);
+
+                       switch (scheme->scheme)
+                       {
+                               case TPM2_ALG_ECDSA:
+                                       supported_scheme = (signature_params_t){
+                                               .scheme = signature_scheme_from_oid(
+                                                                       hasher_signature_algorithm_to_oid(digest,
+                                                                                                                                       KEY_ECDSA)),
+                                       };
+                                       break;
+                               default:
+                                       return enumerator_create_empty();
+                       }
+                       break;
+               }
+               default:
+                       DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL);
+                       return enumerator_create_empty();
+       }
+       return enumerator_create_single(signature_params_clone(&supported_scheme),
+                                                                       (void*)signature_params_destroy);
+}
+
 /**
  * Configure a PCR Selection assuming a maximum of 24 registers
  */
@@ -729,7 +813,7 @@ METHOD(tpm_tss_t, quote, bool,
                        DBG1(DBG_PTS, "%s unsupported %N signature algorithm",
                                                   LABEL, tpm_alg_id_names, sig.sigAlg);
                        return FALSE;
-       };
+       }
 
        DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg);
        pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg);
@@ -940,7 +1024,7 @@ METHOD(tpm_tss_t, sign, bool,
                        DBG1(DBG_PTS, "%s unsupported %N signature scheme",
                                                   LABEL, signature_scheme_names, scheme);
                        return FALSE;
-       };
+       }
 
        return TRUE;
 }
@@ -1061,6 +1145,7 @@ tpm_tss_t *tpm_tss_tss2_create()
                        .get_version_info = _get_version_info,
                        .generate_aik = _generate_aik,
                        .get_public = _get_public,
+                       .supported_signature_schemes = _supported_signature_schemes,
                        .read_pcr = _read_pcr,
                        .extend_pcr = _extend_pcr,
                        .quote = _quote,