[WIP]: TPM Support

Signed-off-by: Manjeet Singh <[email protected]>

Author: itsManjeet

include/hal/library/cryptlib/cryptlib_tpm.h

@@ -0,0 +1,22 @@
+/**
+ *  Copyright Notice:
+ *  Copyright 2021-2025 DMTF. All rights reserved.
+ *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
+ **/
+
+#ifndef __CRYPTLIB_TPM_H__
+#define __CRYPTLIB_TPM_H__
+
+#include <stdbool.h>
+
+bool libspdm_tpm_device_init();
+
+bool libspdm_tpm_get_private_key(void *handle, void **context);
+
+bool libspdm_tpm_get_public_key(void *handle, void **context);
+
+bool libspdm_tpm_get_certificate(void *handle, void **context);
+
+bool libspdm_tpm_dump_certificate(void *context, void **buffer, size_t *size);
+
+#endif

os_stub/cryptlib_openssl/CMakeLists.txt

@@ -47,8 +47,13 @@ target_sources(cryptlib_openssl
         pk/x509_pqc.c
         rand/rand.c
         sys_call/crt_wrapper_host.c
+        tpm/tpm.c
 )
 
 target_compile_options(cryptlib_openssl PRIVATE ${OPENSSL_FLAGS})
 
 target_link_libraries(cryptlib_openssl PUBLIC openssllib memlib)
+
+if (${DEVICE} STREQUAL "tpm")
+  target_link_libraries(cryptlib_openssl PUBLIC tss2-esys tss2-tctildr)
+endif()

os_stub/cryptlib_openssl/pk/ec.c

@@ -681,6 +681,13 @@ bool libspdm_ecdsa_sign(void *ec_context, size_t hash_nid,
         return false;
     }
 
+    char buffer[4096];
+    BIO *bio = BIO_new(BIO_s_mem());
+    EVP_PKEY_print_public(bio, evp_pkey, 4, NULL);
+    int len = BIO_read(bio, (void*) buffer, sizeof(buffer));
+    buffer[len] = '\0';
+    printf("SIGN PUBLIC KEY: %s\n", buffer);
+
     half_size = evp_pkey_get_half_size(evp_pkey);
     if (*sig_size < (size_t)(half_size * 2)) {
         *sig_size = half_size * 2;
@@ -828,6 +835,13 @@ bool libspdm_ecdsa_verify(void *ec_context, size_t hash_nid,
         return false;
     }
 
+    char buffer[4096];
+    BIO *bio = BIO_new(BIO_s_mem());
+    EVP_PKEY_print_public(bio, evp_pkey, 4, NULL);
+    int len = BIO_read(bio, (void*) buffer, sizeof(buffer));
+    buffer[len] = '\0';
+    printf("VERIFY PUBLIC KEY: %s\n", buffer);
+
     half_size = evp_pkey_get_half_size(evp_pkey);
     if (sig_size != (size_t)(half_size * 2)) {
         return false;

os_stub/cryptlib_openssl/pk/x509.c

@@ -35,6 +35,26 @@
 static const uint8_t m_libspdm_oid_ext_key_usage[] = OID_EXT_KEY_USAGE;
 static const uint8_t m_libspdm_oid_basic_constraints[] = OID_BASIC_CONSTRAINTS;
 
+static void dump_hex(const char* id, const unsigned char *buf, long buflen)
+{
+    char buffer[4096];
+    const unsigned char *p = buf;
+    X509 *cert = d2i_X509(NULL, &p, buflen);
+    if (!cert) {
+        printf("Not an X.509 cert inside this ASN.1 object.\n");
+        return;
+    }
+
+    /* Print certificate */
+    BIO *bio = BIO_new(BIO_s_mem());
+    X509_print(bio, cert);
+    int s = BIO_read(bio, (void*) buffer, sizeof(buffer));
+    buffer[s] = '\0';
+    printf("%s CERT: %s\n", id, buffer);
+    X509_free(cert);
+}
+
+// 
 /**
  * Construct a X509 object from DER-encoded certificate data.
  *
@@ -2037,6 +2057,8 @@ bool libspdm_x509_verify_cert_chain(const uint8_t *root_cert, size_t root_cert_l
 
         /* Verify current_cert with preceding cert;*/
 
+        dump_hex("CURRENT", current_cert, current_cert_len);
+        dump_hex("PRECEDING", preceding_cert, preceding_cert_len);
         verify_flag =
             libspdm_x509_verify_cert(current_cert, current_cert_len,
                                      preceding_cert, preceding_cert_len);
@@ -2458,6 +2480,7 @@ bool libspdm_gen_x509_csr_with_pqc(
     X509_NAME *x509_name;
     EVP_PKEY *private_key;
     EVP_PKEY *public_key;
+    bool owned_keys = false;
     EVP_MD *md;
     uint8_t *csr_p;
     STACK_OF(X509_EXTENSION) *exts;
@@ -2536,11 +2559,13 @@ bool libspdm_gen_x509_csr_with_pqc(
             EVP_PKEY_free(private_key);
             EVP_PKEY_free(public_key);
 
-            private_key = EVP_PKEY_dup(ec_pkey);
-            public_key = EVP_PKEY_dup(ec_pkey);
+            // Can't DUP hardware backed keys
+            private_key = ec_pkey;
+            public_key = ec_pkey;
             if (private_key == NULL || public_key == NULL) {
                 goto free_all;
             }
+            owned_keys = true;
             break;
         }
         case LIBSPDM_CRYPTO_NID_SM2_DSA_P256: {
@@ -2763,8 +2788,10 @@ bool libspdm_gen_x509_csr_with_pqc(
         EVP_MD_free((EVP_MD *)md);
     }
     X509_REQ_free(x509_req);
-    EVP_PKEY_free(private_key);
-    EVP_PKEY_free(public_key);
+    if (!owned_keys) {
+        EVP_PKEY_free(private_key);
+        EVP_PKEY_free(public_key);
+    }
 
     return (ret != 0);
 }

os_stub/cryptlib_openssl/tpm/tpm.c

@@ -0,0 +1,187 @@
+/**
+ *  Copyright Notice:
+ *  Copyright 2021-2025 DMTF. All rights reserved.
+ *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
+ **/
+
+#include <complex.h>
+#include <openssl/err.h>
+#include <tss2/tss2_common.h>
+#include <tss2/tss2_esys.h>
+#include <tss2/tss2_tctildr.h>
+
+#include <openssl/provider.h>
+#include <openssl/store.h>
+#include <tss2/tss2_tcti.h>
+#include <tss2/tss2_tpm2_types.h>
+#include "library/cryptlib/cryptlib_tpm.h"
+
+#include "key_context.h"
+
+bool g_tpm_device_initialized = false;
+
+static libspdm_key_context *create_key_context(EVP_PKEY *pkey)
+{
+    libspdm_key_context *context = (libspdm_key_context *)malloc(sizeof(libspdm_key_context));
+    context->evp_pkey = pkey;
+    return context;
+}
+
+bool libspdm_tpm_device_init()
+{
+    OSSL_PROVIDER *tpm_provider = NULL;
+
+    if (g_tpm_device_initialized)
+        return true;
+
+    tpm_provider = OSSL_PROVIDER_load(NULL, "tpm2");
+    if (tpm_provider == NULL)
+    {
+        LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "failed to load tpm2\n"));
+        return false;
+    }
+
+    OSSL_PROVIDER_load(NULL, "default");
+    OSSL_PROVIDER_load(NULL, "legacy");
+
+    g_tpm_device_initialized = true;
+    return true;
+}
+
+static bool get_keyinfo(const char *handle, void **context, int keyinfo_type)
+{
+    OSSL_STORE_CTX *store_ctx = NULL;
+    OSSL_STORE_INFO *info = NULL;
+
+    /* handle must look like: "tpm2tss:0x81010002" */
+    store_ctx = OSSL_STORE_open_ex(handle, NULL, "provider=tpm2", NULL, NULL, NULL, NULL, NULL);
+    if (!store_ctx)
+    {
+        return false;
+    }
+
+    while ((info = OSSL_STORE_load(store_ctx)) != NULL)
+    {
+        if (OSSL_STORE_INFO_get_type(info) == keyinfo_type)
+        {
+            switch (keyinfo_type)
+            {
+            case OSSL_STORE_INFO_PKEY:
+                *context = OSSL_STORE_INFO_get1_PKEY(info);
+                break;
+            case OSSL_STORE_INFO_PUBKEY:
+                *context = OSSL_STORE_INFO_get1_PUBKEY(info);
+                break;
+            case OSSL_STORE_INFO_CERT:
+                *context = OSSL_STORE_INFO_get1_CERT(info);
+                break;
+            }
+            break;
+        }
+        OSSL_STORE_INFO_free(info);
+    }
+
+    OSSL_STORE_close(store_ctx);
+
+    if (*context == NULL)
+    {
+        LIBSPDM_DEBUG((LIBSPDM_DEBUG_ERROR, "no keyinfo %d foun on handle %s\n", keyinfo_type, handle));
+        return false;
+    }
+
+    return true;
+}
+
+bool libspdm_tpm_get_private_key(void *handle, void **context)
+{
+    EVP_PKEY *pkey = NULL;
+    if (!get_keyinfo((const char *)handle, (void **)&pkey, OSSL_STORE_INFO_PKEY))
+    {
+        return false;
+    }
+    *context = create_key_context(pkey);
+    return true;
+}
+
+bool libspdm_tpm_get_public_key(void *handle, void **context)
+{
+    EVP_PKEY *pkey = NULL;
+    if (!get_keyinfo((const char *)handle, (void **)&pkey, OSSL_STORE_INFO_PUBKEY))
+    {
+        return false;
+    }
+    *context = create_key_context(pkey);
+    return true;
+}
+
+bool libspdm_tpm_get_certificate(void *handle, void **context)
+{
+    return get_keyinfo((const char *)handle, context, OSSL_STORE_INFO_CERT);
+}
+
+bool libspdm_tpm_dump_certificate(void *context, void **buffer, size_t *size)
+{
+    int len = 0;
+    len = i2d_X509((X509 *)context, NULL);
+    if (len < 0)
+        return false;
+
+    void *cert = OPENSSL_malloc(len);
+    if (cert == NULL)
+    {
+        return false;
+    }
+    *buffer = cert;
+    len = i2d_X509((X509 *)context, (unsigned char **)&cert);
+    if (len < 0)
+    {
+        free(*buffer);
+        *buffer = NULL;
+        return false;
+    }
+    *size = len;
+    return true;
+}
+
+bool libspdm_tpm_read_pcr(uint32_t index, void **buffer, size_t *size)
+{
+  TSS2_RC result;
+  TSS2_TCTI_CONTEXT *tcti_context = NULL;
+  ESYS_CONTEXT *context = NULL;
+  
+  TPML_PCR_SELECTION sel = {
+    .count = 1,
+    .pcrSelections = {
+      {
+        .hash = TPM2_ALG_SHA256,
+        .sizeofSelect = 1,
+        .pcrSelect = {index},
+      },
+    }
+  };
+  UINT32 uc;
+  TPML_PCR_SELECTION *out= NULL;
+  TPML_DIGEST *values = NULL;
+
+  if ((result = Tss2_TctiLdr_Initialize(NULL, &tcti_context)) != TSS2_RC_SUCCESS) {
+    goto finish;
+  }
+
+  // TODO: abi version check
+  if ((result = Esys_Initialize(&context, tcti_context, NULL)) != TSS2_RC_SUCCESS) {
+    goto cleanup_tcti;
+  }
+
+  if ((result = Esys_PCR_Read(context, ESYS_TR_NONE, ESYS_TR_NONE, ESYS_TR_NONE, &sel, &uc, &out, &values)) != TSS2_RC_SUCCESS) {
+    goto cleanup_esys;
+  }
+
+cleanup_esys:
+  Esys_Finalize(&context);
+
+cleanup_tcti:
+  Tss2_TctiLdr_Finalize(&tcti_context);
+
+finish:
+  return result == TSS2_RC_SUCCESS;
+}