int main(int argc, char *argv[]) { int ret = 0; char *filename = NULL; int i = 1; unsigned char * buffer; uint32_t buffersize; TPM_CONTEXT_BLOB context; STACK_TPM_BUFFER(tpmbuffer) TPM_setlog(0); while (i < argc) { if (!strcmp("-if",argv[i])) { i++; if (i < argc) { filename = argv[i]; } else { printf("Missing parameter for -if.\n"); print_usage(); } } else if (!strcmp(argv[i],"-v")) { TPM_setlog(1); } else if (!strcmp("-h",argv[i])) { print_usage(); } else if (!strcmp(argv[i],"-h")) { print_usage(); } else { printf("\n%s is not a valid option\n", argv[i]); print_usage(); } i++; } if (NULL == filename) { printf("Missing -if argument.\n"); print_usage(); } ret = TPM_ReadFile(filename, &buffer, &buffersize); if (ret != 0) { printf("Error while reading file '%s'.\n",filename); exit(-1); } SET_TPM_BUFFER(&tpmbuffer, buffer, buffersize); ret = TPM_ReadContextBlob(&tpmbuffer, 0, &context); if ((ret & ERR_MASK)) { printf("Error while parsing the context blob.\n"); exit(-1); } printf("ContextCount: 0x%08X\n",context.contextCount); ret = 0; exit(ret); }
uint32_t TPM_ReadMSAFile(const char *filename, TPM_MSA_COMPOSITE * msaList) { uint32_t ret; unsigned char *buffer = NULL; uint32_t buffersize = 0; ret = TPM_ReadFile(filename, &buffer, &buffersize); if (ret & ERR_MASK) goto exit; msaList->MSAlist = LOAD32(buffer, 0); if (msaList->MSAlist * TPM_HASH_SIZE + 4 != buffersize) { ret = ERR_BAD_FILE; goto exit; } msaList->migAuthDigest = malloc(msaList->MSAlist * TPM_HASH_SIZE); if (msaList->migAuthDigest == NULL) { ret = ERR_MEM_ERR; goto exit; } memcpy(msaList->migAuthDigest, buffer + sizeof(uint32_t), msaList->MSAlist * TPM_HASH_SIZE); ret = 0; exit: if (buffer) free(buffer); return 0; }
static uint32_t swapInKey(uint32_t handle) { char *filename = createKeyFilename(handle); STACK_TPM_BUFFER(context); unsigned char * mycontext = NULL; uint32_t contextSize; uint32_t newhandle; uint32_t ret; if (NULL == filename) { ret = ERR_MEM_ERR; } ret = TPM_ReadFile(filename,&mycontext,&contextSize); if ((ret & ERR_MASK)) { #if 0 printf("level: %d\n",g_num_transports); #endif printf("Could not read from keyfile %s.\n",filename); return ret; } SET_TPM_BUFFER(&context, mycontext, contextSize); free(mycontext); ret = TPM_LoadContext(handle, 1, &context, &newhandle); if (ret != 0) { printf("Got error '%s' while swapping in key 0x%08x.\n", TPM_GetErrMsg(ret), handle); } if (handle != newhandle) { printf("keyswap: " "new handle 0x%08x not the same as old one 0x%08x.\n", newhandle, handle); } if (ret == 0) { unlink(filename); } free(filename); #if 0 if (ret == 0) { printf("Swapped in key with handle %08x.\n",handle); } else { printf("Could NOT swap in key with handle %08x.\n",handle); } #endif return ret; }
uint32_t TPM_ReadPubKeyfile(const char *filename, pubkeydata * pubk) { unsigned char *buffer = NULL; uint32_t buffersize = 0; uint32_t ret = TPM_ReadFile(filename, &buffer, &buffersize); if ((ret & ERR_MASK) == 0) { STACK_TPM_BUFFER(buf); SET_TPM_BUFFER(&buf, buffer, buffersize); memset(pubk, 0x0, sizeof(*pubk)); if (buffersize != TSS_PubKeyExtract(&buf, 0, pubk)) ret = ERR_BAD_FILE; free(buffer); } return ret; }
uint32_t TPM_ReadMSAFile(const char * filename, TPM_MSA_COMPOSITE * msaList) { uint32_t ret; unsigned char * buffer = NULL; uint32_t buffersize = 0; ret = TPM_ReadFile(filename, &buffer, &buffersize); if ( (ret & ERR_MASK) != 0 ) { return ret; } msaList->MSAlist = LOAD32(buffer, 0); if (msaList->MSAlist * TPM_HASH_SIZE + 4 == buffersize) { msaList->migAuthDigest = malloc( msaList->MSAlist * TPM_HASH_SIZE ); if (NULL == msaList->migAuthDigest) { return ERR_MEM_ERR; } memcpy(msaList->migAuthDigest, buffer+sizeof(uint32_t), msaList->MSAlist * TPM_HASH_SIZE); } else { return ERR_BAD_FILE; } return 0; }
int main(int argc, char *argv[]) { uint32_t ret = 0; char * filename = NULL; int i; char *ownerPassword = NULL; const char *ownerAuthFilename = NULL; unsigned char ownerAuth[TPM_HASH_SIZE]; unsigned char *ownerHashPtr = NULL; struct stat _stat; uint32_t index = 0xffffffff; TPM_setlog(0); for (i=1 ; i<argc ; i++) { if (!strcmp("-pwdo",argv[i])) { i++; if (i < argc) { ownerPassword = argv[i]; } else { printf("Missing parameter for -pwdo.\n"); usage(); } } else if (strcmp(argv[i],"-pwdof") == 0) { i++; if (i < argc) { ownerAuthFilename = argv[i]; } else { printf("Missing parameter for -pwdo.f\n"); usage(); } } else if (!strcmp("-row",argv[i])) { i++; if (i < argc) { if (1 != sscanf(argv[i], "%x", &index)) { printf("Could not parse the -row value.\n"); usage(); } } else { printf("Missing argument after -row\n"); usage(); } } else if (strcmp(argv[i],"-if") == 0) { i++; if (i < argc) { filename = argv[i]; } else { printf("-if option needs a value\n"); } } else if (!strcmp("-v",argv[i])) { TPM_setlog(1); } else if (!strcmp("-h",argv[i])) { usage(); } else { printf("\n%s is not a valid option\n", argv[i]); usage(); } } if (index == 0xfffffff) { printf("Missing the -row parameter!\n"); usage(); } if (filename == NULL) { printf("Missing the -if parameter!\n"); usage(); } if ((ownerPassword != NULL) && (ownerAuthFilename != NULL)) { printf("\nCannot have -pwdo and -pwdof arguments\n"); usage(); } /* use the SHA1 hash of the password string as the Owner Authorization Data */ if (ownerPassword != NULL) { TSS_sha1((unsigned char *)ownerPassword, strlen(ownerPassword), ownerAuth); ownerHashPtr = ownerAuth; } /* get the ownerAuth from a file */ else if (ownerAuthFilename != NULL) { unsigned char *buffer = NULL; uint32_t buffersize; ret = TPM_ReadFile(ownerAuthFilename, &buffer, &buffersize); if ((ret & ERR_MASK)) { printf("Error reading %s.\n", ownerAuthFilename); exit(-1); } if (buffersize != sizeof(ownerAuth)) { printf("Error reading %s, size %u should be %lu.\n", ownerAuthFilename, buffersize, (unsigned long)sizeof(ownerAuth)); exit(-1); } memcpy(ownerAuth, buffer, sizeof(ownerAuth)); ownerHashPtr = ownerAuth; free(buffer); } if (0 == stat(filename, &_stat)) { unsigned char *blob = malloc(_stat.st_size); uint32_t blobSize = _stat.st_size; FILE *f; if (NULL == blob) { printf("Could not allocate memory!\n"); exit(-1); } f = fopen(filename, "rb"); if (NULL == f) { printf("Could not open file for reading.\n"); exit(-1); } if (blobSize != fread(blob, 1, blobSize, f)) { printf("Could not read the file.\n"); fclose(f); exit(-1); } fclose(f); ret = TPM_Delegate_LoadOwnerDelegation(index, ownerHashPtr, blob, blobSize); if ( ret != 0) { printf("Error '%s' from Delegate_LoadOwnerDelegation.\n", TPM_GetErrMsg(ret)); exit(-1); } else { printf("Successfully loaded the blob.\n"); } } else { printf("Error, file %s not accessible.\n",filename); } exit(ret); }
int main(int argc, char * argv[]) { uint32_t ret; int i; const char * ownerPassword = NULL; const char *ownerAuthFilename = NULL; const char * counterPassword = NULL; unsigned char * ownerAuthPtr = NULL; unsigned char * counterAuthPtr = NULL; unsigned char ownerAuth[TPM_HASH_SIZE]; unsigned char counterAuth[TPM_HASH_SIZE]; uint32_t id = -1; TPM_setlog(0); for (i=1 ; i<argc ; i++) { if (!strcmp("-pwdo",argv[i])) { i++; if (i < argc) { ownerPassword = argv[i]; } else { printf("Missing parameter for -pwdo.\n"); usage(); } } else if (strcmp(argv[i],"-pwdof") == 0) { i++; if (i < argc) { ownerAuthFilename = argv[i]; } else { printf("Missing parameter for -pwdof.\n"); usage(); } } else if (!strcmp("-pwdc",argv[i])) { i++; if (i < argc) { counterPassword = argv[i]; } else { printf("Missing parameter for -pwdc.\n"); usage(); } } else if (!strcmp("-ix",argv[i])) { i++; if (i < argc) { id = atoi(argv[i]); } else { printf("Missing mandatory parameter for -ix.\n"); usage(); } } else if (!strcmp("-v",argv[i])) { TPM_setlog(1); } else if (!strcmp("-h",argv[i])) { usage(); } else { printf("\n%s is not a valid option\n",argv[i]); usage(); } } if ((int)id < 0) { printf("Input parameter -idx missing or invalid\n"); usage(); } /* use the SHA1 hash of the password string as the Owner Authorization Data */ if (ownerPassword != NULL) { TSS_sha1((unsigned char *)ownerPassword, strlen(ownerPassword), ownerAuth); ownerAuthPtr = ownerAuth; } /* get the ownerAuth from a file */ else if (ownerAuthFilename != NULL) { unsigned char *buffer = NULL; uint32_t buffersize; ret = TPM_ReadFile(ownerAuthFilename, &buffer, &buffersize); if ((ret & ERR_MASK)) { printf("Error reading %s.\n", ownerAuthFilename); exit(-1); } if (buffersize != sizeof(ownerAuth)) { printf("Error reading %s, size %u should be %lu.\n", ownerAuthFilename, buffersize, (unsigned long)sizeof(ownerAuth)); exit(-1); } memcpy(ownerAuth, buffer, sizeof(ownerAuth)); ownerAuthPtr = ownerAuth; free(buffer); } else if (counterPassword != NULL) { TSS_sha1((unsigned char *)counterPassword, strlen(counterPassword), counterAuth); counterAuthPtr = counterAuth; } else { printf("Input authorization -pwdo or -pwdof or -pwdc missing\n"); usage(); } if (counterAuthPtr != NULL) { ret= TPM_ReleaseCounter(id, counterAuthPtr); if (ret != 0) { printf("Got error '%s' (0x%x) from TPM_ReleaseCounter.\n", TPM_GetErrMsg(ret), ret); } } else { ret = TPM_ReleaseCounterOwner(id, ownerAuthPtr); if (ret != 0) { printf("Got error '%s' (0x%x) from TPM_ReleaseCounterOwner.\n", TPM_GetErrMsg(ret), ret); } } if (ret == 0) { printf("Successfully released the counter.\n"); } return ret; }
int main(int argc, char *argv[]) { int ret; /* general return value */ uint32_t keyhandle = 0; /* handle of quote key */ unsigned int pcrmask = 0; /* pcr register mask */ unsigned char passhash1[TPM_HASH_SIZE]; /* hash of key password */ unsigned char nonce[TPM_NONCE_SIZE]; /* nonce data */ STACK_TPM_BUFFER(signature); pubkeydata pubkey; /* public key structure */ unsigned char *passptr; TPM_PCR_COMPOSITE tpc; STACK_TPM_BUFFER (ser_tpc); STACK_TPM_BUFFER (ser_tqi); STACK_TPM_BUFFER (response); uint32_t pcrs; int i; uint16_t sigscheme = TPM_SS_RSASSAPKCS1v15_SHA1; TPM_PCR_SELECTION tps; static char *keypass = NULL; const char *certFilename = NULL; int verbose = FALSE; TPM_setlog(0); /* turn off verbose output from TPM driver */ for (i=1 ; i<argc ; i++) { if (strcmp(argv[i],"-hk") == 0) { i++; if (i < argc) { /* convert key handle from hex */ if (1 != sscanf(argv[i], "%x", &keyhandle)) { printf("Invalid -hk argument '%s'\n",argv[i]); exit(2); } if (keyhandle == 0) { printf("Invalid -hk argument '%s'\n",argv[i]); exit(2); } } else { printf("-hk option needs a value\n"); printUsage(); } } else if (!strcmp(argv[i], "-pwdk")) { i++; if (i < argc) { keypass = argv[i]; } else { printf("Missing parameter to -pwdk\n"); printUsage(); } } else if (strcmp(argv[i],"-bm") == 0) { i++; if (i < argc) { /* convert key handle from hex */ if (1 != sscanf(argv[i], "%x", &pcrmask)) { printf("Invalid -bm argument '%s'\n",argv[i]); exit(2); } } else { printf("-bm option needs a value\n"); printUsage(); } } else if (!strcmp(argv[i], "-cert")) { i++; if (i < argc) { certFilename = argv[i]; } else { printf("Missing parameter to -cert\n"); printUsage(); } } else if (!strcmp(argv[i], "-h")) { printUsage(); } else if (!strcmp(argv[i], "-v")) { verbose = TRUE; TPM_setlog(1); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((keyhandle == 0) || (pcrmask == 0)) { printf("Missing argument\n"); printUsage(); } /* get the SHA1 hash of the password string for use as the Key Authorization Data */ if (keypass != NULL) { TSS_sha1((unsigned char *)keypass, strlen(keypass), passhash1); passptr = passhash1; } else { passptr = NULL; } /* for testing, use the password hash as the test nonce */ memcpy(nonce, passhash1, TPM_HASH_SIZE); ret = TPM_GetNumPCRRegisters(&pcrs); if (ret != 0) { printf("Error reading number of PCR registers.\n"); exit(-1); } if (pcrs > TPM_NUM_PCR) { printf("Library does not support that many PCRs.\n"); exit(-1); } tps.sizeOfSelect = pcrs / 8; for (i = 0; i < tps.sizeOfSelect; i++) { tps.pcrSelect[i] = (pcrmask & 0xff); pcrmask >>= 8; } /* ** perform the TPM Quote function */ ret = TPM_Quote(keyhandle, /* KEY handle */ passptr, /* Key Password (hashed), or null */ nonce, /* nonce data */ &tps, /* specify PCR registers */ &tpc, /* pointer to pcr composite */ &signature);/* buffer to receive result, int to receive result length */ if (ret != 0) { printf("Error '%s' from TPM_Quote\n", TPM_GetErrMsg(ret)); exit(ret); } /* ** Get the public key and convert to an OpenSSL RSA public key */ ret = TPM_GetPubKey(keyhandle, passptr, &pubkey); if (ret != 0) { printf("quote: Error '%s' from TPM_GetPubKey\n", TPM_GetErrMsg(ret)); exit(-6); } ret = TPM_ValidatePCRCompositeSignature(&tpc, nonce, &pubkey, &signature, sigscheme); if (ret) { printf("Error %s from validating the signature over the PCR composite.\n", TPM_GetErrMsg(ret)); exit(ret); } printf("Verification against AIK succeeded\n"); /* optionally verify the quote signature against the key certificate */ if (certFilename != NULL) { unsigned char *certStream = NULL; /* freed @1 */ uint32_t certStreamLength; X509 *x509Certificate = NULL; /* freed @2 */ unsigned char *tmpPtr; /* because d2i_X509 moves the ptr */ /* AIK public key parts */ RSA *rsaKey = NULL; /* freed @3 */ if (verbose) printf("quote: verifying the signature against the certificate\n"); /* load the key certificate */ if (ret == 0) { ret = TPM_ReadFile(certFilename, &certStream, /* freed @1 */ &certStreamLength); } /* convert to openssl X509 */ if (ret == 0) { if (verbose) printf("quote: parsing the certificate stream\n"); tmpPtr = certStream; x509Certificate = d2i_X509(NULL, (const unsigned char **)&tmpPtr, certStreamLength); if (x509Certificate == NULL) { printf("Error in certificate deserialization d2i_X509()\n"); ret = -1; } } if (ret == 0) { if (verbose) printf("quote: get the certificate public key\n"); ret = GetRSAKey(&rsaKey, /* freed @3 */ x509Certificate); } if (ret == 0) { if (verbose) printf("quote: quote validate signature\n"); ret = TPM_ValidatePCRCompositeSignatureRSA(&tpc, nonce, rsaKey, &signature, sigscheme); if (ret != 0) { printf("Verification against certificate failed\n"); } } if (ret == 0) { printf("Verification against certificate succeeded\n"); } free(certStream); /* @1 */ X509_free(x509Certificate); /* @2 */ RSA_free(rsaKey); /* @3 */ } exit(ret); }