FAPI: Add new profiles P_RSA3072SHA256 P_ECCP384SHA384

* The new profiles are added to the dist directory. * The key size 3072 and 4092 is added to the json serialization and deserialization. Signed-off-by: Juergen Repp <[email protected]>
JuergenReppSIT · Feb 12, 2024 · 3091750 · 3091750
1 parent 48ce2d4
commit 3091750
Show file tree

Hide file tree

Showing 5 changed files with 209 additions and 3 deletions.
diff --git a/Makefile.am b/Makefile.am
@@ -707,7 +707,9 @@ tpm2-tss-fapi.conf: dist/tmpfiles.d/tpm2-tss-fapi.conf.in
 
 fapiprofilesdir = @sysconfdir@/tpm2-tss/fapi-profiles
 fapiprofiles_DATA = dist/fapi-profiles/P_RSA2048SHA256.json \
-                    dist/fapi-profiles/P_ECCP256SHA256.json
+                    dist/fapi-profiles/P_ECCP256SHA256.json \
+                    dist/fapi-profiles/P_RSA3072SHA384.json \
+                    dist/fapi-profiles/P_ECCP384SHA384.json
 
 libtss2_fapi = src/tss2-fapi/libtss2-fapi.la
 tss2_HEADERS += $(srcdir)/include/tss2/tss2_fapi.h
@@ -717,6 +719,8 @@ EXTRA_DIST +=  \
     dist/fapi-config.json.in \
     dist/fapi-profiles/P_RSA2048SHA256.json \
     dist/fapi-profiles/P_ECCP256SHA256.json \
+    dist/fapi-profiles/P_RSA3072SHA384.json \
+    dist/fapi-profiles/P_ECCP384SHA384.json \
     dist/sysusers.d/tpm2-tss.conf \
     dist/tmpfiles.d/tpm2-tss-fapi.conf.in \
     doc/fapi-config.md \

diff --git a/dist/fapi-profiles/P_ECCP384SHA384.json b/dist/fapi-profiles/P_ECCP384SHA384.json
@@ -0,0 +1,94 @@
+{
+    "type": "TPM2_ALG_ECC",
+    "nameAlg":"TPM2_ALG_SHA384",
+    "srk_template": "system,restricted,decrypt,0x81000001",
+    "srk_description": "Storage root key SRK",
+    "srk_persistent": 0,
+    "ek_template":  "system,restricted,decrypt,user",
+    "ek_description": "Endorsement key EK",
+    "ecc_signing_scheme": {
+        "scheme":"TPM2_ALG_ECDSA",
+        "details":{
+            "hashAlg":"TPM2_ALG_SHA384"
+        },
+    },
+    "sym_mode":"TPM2_ALG_CFB",
+    "sym_parameters": {
+        "algorithm":"TPM2_ALG_AES",
+        "keyBits":"256",
+        "mode":"TPM2_ALG_CFB"
+    },
+    "sym_block_size": 16,
+    "pcr_selection": [
+       { "hash": "TPM2_ALG_SHA1",
+         "pcrSelect": [ ],
+       },
+       { "hash": "TPM2_ALG_SHA256",
+         "pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
+       }
+    ],
+    "curveID": "TPM2_ECC_NIST_P384",
+    "ek_policy": {
+        "description": "Endorsement hierarchy used for policy secret.",
+        "policy":[
+            {
+                "type": "PolicyOR",
+                "branches": [
+                    {
+                        "name": "A",
+                        "description": "",
+                        "policy": [
+                            {
+                                "type":"POLICYSECRET",
+                                "objectName": "4000000b"
+                            }
+                        ]
+                    },
+                    {
+                        "name": "B",
+                        "description": "",
+                        "policy": [
+                            {
+                                "type":"AUTHORIZENV",
+                                "nvPublic": {
+				    "size": 60,
+				    "nvPublic": {
+                                        "nvIndex": 29392642,
+                                        "nameAlg":"SHA384",
+                                        "attributes":{
+                                          "PPWRITE":0,
+                                          "OWNERWRITE":0,
+                                          "AUTHWRITE":0,
+                                          "POLICYWRITE":1,
+                                          "POLICY_DELETE":0,
+                                          "WRITELOCKED":0,
+                                          "WRITEALL":1,
+                                          "WRITEDEFINE":0,
+                                          "WRITE_STCLEAR":0,
+                                          "GLOBALLOCK":0,
+                                          "PPREAD":1,
+                                          "OWNERREAD":1,
+                                          "AUTHREAD":1,
+                                          "POLICYREAD":1,
+                                          "NO_DA":1,
+                                          "ORDERLY":0,
+                                          "CLEAR_STCLEAR":0,
+                                          "READLOCKED":0,
+                                          "WRITTEN":1,
+                                          "PLATFORMCREATE":0,
+                                          "READ_STCLEAR":0,
+                                          "TPM2_NT":"ORDINARY"
+                                        },
+                                        "authPolicy":"8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53",
+                                        "dataSize":50
+				    }
+	                        }
+
+                           }
+		        ]
+                    }
+                ]
+            }
+        ]
+    }
+}
diff --git a/dist/fapi-profiles/P_RSA3072SHA384.json b/dist/fapi-profiles/P_RSA3072SHA384.json
@@ -0,0 +1,108 @@
+{
+    "type": "TPM2_ALG_RSA",
+    "nameAlg":"TPM2_ALG_SHA384",
+    "srk_template": "system,restricted,decrypt,0x81000001",
+    "srk_description": "Storage root key SRK",
+    "srk_persistent": 1,
+    "ek_template":  "system,restricted,decrypt,user",
+    "ek_description": "Endorsement key EK",
+    "rsa_signing_scheme": {
+        "scheme":"TPM2_ALG_RSAPSS",
+        "details":{
+            "hashAlg":"TPM2_ALG_SHA384"
+        }
+    },
+    "rsa_decrypt_scheme": {
+        "scheme":"TPM2_ALG_OAEP",
+        "details":{
+            "hashAlg":"TPM2_ALG_SHA384"
+        }
+    },
+    "sym_mode":"TPM2_ALG_CFB",
+    "sym_parameters": {
+        "algorithm":"TPM2_ALG_AES",
+        "keyBits":"256",
+        "mode":"TPM2_ALG_CFB"
+    },
+    "sym_block_size": 16,
+    "pcr_selection": [
+        { "hash": "TPM2_ALG_SHA1",
+          "pcrSelect": [ ]
+        },
+        { "hash": "TPM2_ALG_SHA256",
+          "pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ]
+        }
+    ],
+    "exponent": 0,
+    "keyBits": 3072,
+    "session_hash_alg": "TPM2_ALG_SHA256",
+    "session_symmetric":{
+        "algorithm":"TPM2_ALG_AES",
+        "keyBits":"256",
+        "mode":"TPM2_ALG_CFB"
+    },
+    "ek_policy": {
+        "description": "Endorsement hierarchy used for policy secret.",
+        "policy":[
+            {
+                "type": "PolicyOR",
+                "branches": [
+                    {
+                        "name": "A",
+                        "description": "",
+                        "policy": [
+                            {
+                                "type":"POLICYSECRET",
+                                "objectName": "4000000b"
+                            }
+                        ]
+                    },
+                    {
+                        "name": "B",
+                        "description": "",
+                        "policy": [
+                            {
+                                "type":"AUTHORIZENV",
+                                "nvPublic": {
+				    "size": 60,
+				    "nvPublic": {
+                                        "nvIndex": 29392642,
+                                        "nameAlg":"SHA384",
+                                        "attributes":{
+                                          "PPWRITE":0,
+                                          "OWNERWRITE":0,
+                                          "AUTHWRITE":0,
+                                          "POLICYWRITE":1,
+                                          "POLICY_DELETE":0,
+                                          "WRITELOCKED":0,
+                                          "WRITEALL":1,
+                                          "WRITEDEFINE":0,
+                                          "WRITE_STCLEAR":0,
+                                          "GLOBALLOCK":0,
+                                          "PPREAD":1,
+                                          "OWNERREAD":1,
+                                          "AUTHREAD":1,
+                                          "POLICYREAD":1,
+                                          "NO_DA":1,
+                                          "ORDERLY":0,
+                                          "CLEAR_STCLEAR":0,
+                                          "READLOCKED":0,
+                                          "WRITTEN":1,
+                                          "PLATFORMCREATE":0,
+                                          "READ_STCLEAR":0,
+                                          "TPM2_NT":"ORDINARY"
+                                        },
+                                        "authPolicy":"8bbf2266537c171cb56e403c4dc1d4b64f432611dc386e6f532050c3278c930e143e8bb1133824ccb431053871c6db53",
+                                        "dataSize":50
+				    }
+	                        }
+
+                           }
+		        ]
+                    }
+                ]
+            }
+        ]
+    }
+
+}
diff --git a/src/tss2-fapi/tpm_json_deserialize.c b/src/tss2-fapi/tpm_json_deserialize.c
@@ -3578,7 +3578,7 @@ ifapi_json_TPMI_RSA_KEY_BITS_deserialize(json_object *jso,
         TPMI_RSA_KEY_BITS *out)
 {
     SUBTYPE_FILTER(TPMI_RSA_KEY_BITS, UINT16,
-        1024, 2048);
+        1024, 2048, 3072, 4096);
 }
 
 /** Deserialize a TPM2B_ECC_PARAMETER json object.

diff --git a/src/tss2-fapi/tpm_json_serialize.c b/src/tss2-fapi/tpm_json_serialize.c
@@ -3452,7 +3452,7 @@ ifapi_json_TPM2B_PUBLIC_KEY_RSA_serialize(const TPM2B_PUBLIC_KEY_RSA *in, json_o
 TSS2_RC
 ifapi_json_TPMI_RSA_KEY_BITS_serialize(const TPMI_RSA_KEY_BITS in, json_object **jso)
 {
-    CHECK_IN_LIST(TPMI_RSA_KEY_BITS, in, 1024, 2048);
+    CHECK_IN_LIST(TPMI_RSA_KEY_BITS, in, 1024, 2048, 3072, 4096);
     return ifapi_json_UINT16_serialize(in, jso);
 }