Beispiel #1
0
int main(int argc, char **argv)
{
	TSS_HCONTEXT	hContext;
	TSS_FLAG	initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
	TSS_HKEY	hKey;
	TSS_HKEY	hSRK;
	TSS_RESULT	result;
	TSS_HPOLICY	srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
	BYTE		*blob;
	UINT32		blob_size, srk_authusage;
	BIO		*outb;
	ASN1_OCTET_STRING *blob_str;
	unsigned char	*blob_asn1 = NULL;
	int		asn1_len;
	char		*filename, c, *openssl_key = NULL;
	int		option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
	UINT32		enc_scheme = TSS_ES_RSAESPKCSV15;
	UINT32		sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
	UINT32		key_size = 2048;
	RSA		*rsa;

	while (1) {
		option_index = 0;
		c = getopt_long(argc, argv, "pe:q:s:azhw:",
				long_options, &option_index);
		if (c == -1)
			break;

		switch (c) {
			case 'a':
				initFlags |= TSS_KEY_AUTHORIZATION;
				auth = 1;
				break;
			case 'h':
				usage(argv[0]);
				break;
			case 's':
				key_size = atoi(optarg);
				break;
			case 'e':
				if (!strncasecmp("oaep", optarg, 4)) {
					enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
				} else if (strncasecmp("pkcs", optarg, 4)) {
					usage(argv[0]);
				}
				break;
			case 'q':
				if (!strncasecmp("der", optarg, 3)) {
					sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
				} else if (strncasecmp("sha", optarg, 3)) {
					usage(argv[0]);
				}
				break;
			case 'p':
				initFlags |= TSS_KEY_AUTHORIZATION;
				auth = 1;
				popup = 1;
				break;
			case 'w':
				initFlags |= TSS_KEY_MIGRATABLE;
				wrap = 1;
				openssl_key = optarg;
				break;
			case 'z':
				well_known = 1;
				break;
			default:
				usage(argv[0]);
				break;
		}
	}

	/* set up the key option flags */
	switch (key_size) {
		case 512:
			initFlags |= TSS_KEY_SIZE_512;
			break;
		case 1024:
			initFlags |= TSS_KEY_SIZE_1024;
			break;
		case 2048:
			initFlags |= TSS_KEY_SIZE_2048;
			break;
		case 4096:
			initFlags |= TSS_KEY_SIZE_4096;
			break;
		case 8192:
			initFlags |= TSS_KEY_SIZE_8192;
			break;
		case 16384:
			initFlags |= TSS_KEY_SIZE_16384;
			break;
		default:
			usage(argv[0]);
			break;
	}
#if 0
	while (argc--) {
		printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
	}
	exit(1);
#endif
	filename = argv[argc - 1];
	if (argc < 2 || filename[0] == '-')
		usage(argv[0]);

		//Create Context
	if ((result = Tspi_Context_Create(&hContext))) {
		print_error("Tspi_Context_Create", result);
		exit(result);
	}
		//Connect Context
	if ((result = Tspi_Context_Connect(hContext, NULL))) {
		print_error("Tspi_Context_Connect", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}

		//Create Object
	if ((result = Tspi_Context_CreateObject(hContext,
						TSS_OBJECT_TYPE_RSAKEY,
						initFlags, &hKey))) {
		print_error("Tspi_Context_CreateObject", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
					   TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
					   sig_scheme))) {
		print_error("Tspi_SetAttribUint32", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
					   TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
					   enc_scheme))) {
		print_error("Tspi_SetAttribUint32", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}

		//Load Key By UUID
	if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
						 SRK_UUID, &hSRK))) {
		print_error("Tspi_Context_LoadKeyByUUID", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
					   TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
					   &srk_authusage))) {
		print_error("Tspi_GetAttribUint32", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	if (srk_authusage) {

		if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
						   &srkUsagePolicy))) {
			print_error("Tspi_GetPolicyObject", result);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}

		if (well_known) {

			BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;

			//Set Well Known Secret
			if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
							TSS_SECRET_MODE_SHA1,
							sizeof(well_known_secret),
							(BYTE *)well_known_secret))) {
				print_error("Tspi_Policy_SetSecret", result);
				Tspi_Context_Close(hContext);
				exit(result);
			}
		} else {

			char *authdata = calloc(1, 128);

			if (!authdata) {
				fprintf(stderr, "malloc failed.\n");
				Tspi_Context_Close(hContext);
				exit(result);
			}

			if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
				free(authdata);
				Tspi_Context_Close(hContext);
				exit(result);
			}

			free(authdata);
		}
	}

	if (auth) {
		if ((result = Tspi_Context_CreateObject(hContext,
							TSS_OBJECT_TYPE_POLICY,
							TSS_POLICY_USAGE,
							&keyUsagePolicy))) {
			print_error("Tspi_Context_CreateObject", result);
			Tspi_Context_Close(hContext);
			exit(result);
		}

		if (popup) {
			//Set Secret
			if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
							    TSS_SECRET_MODE_POPUP,
							    0, NULL))) {
				print_error("Tspi_Policy_SetSecret", result);
				Tspi_Context_Close(hContext);
				exit(result);
			}
		} else {
			char *authdata = calloc(1, 128);

			if (!authdata) {
				fprintf(stderr, "malloc failed.\n");
				Tspi_Context_Close(hContext);
				exit(result);
			}

			if (EVP_read_pw_string(authdata, 128,
						"Enter Key Usage Password: "******"Passwords do not match.\n");
				free(authdata);
				Tspi_Context_Close(hContext);
				exit(result);
			}

			//Set Secret
			if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
							    TSS_SECRET_MODE_PLAIN,
							    strlen(authdata),
							    (BYTE *)authdata))) {
				print_error("Tspi_Policy_SetSecret", result);
				free(authdata);
				Tspi_Context_Close(hContext);
				exit(result);
			}

			free(authdata);
		}

		if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
			print_error("Tspi_Policy_AssignToObject", result);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
	}

	// Create or Wrap Key
	if (wrap) {
		char n[256], p[128];
		unsigned int size_n, size_p;
		BYTE *pubSRK;

		/*Set migration policy needed to wrap the key*/
		if ((result = Tspi_Context_CreateObject(hContext,
						TSS_OBJECT_TYPE_POLICY,
						TSS_POLICY_MIGRATION,
						&keyMigrationPolicy))) {
			print_error("Tspi_Context_CreateObject", result);
			Tspi_Context_Close(hContext);
			exit(result);
		}
		if (auth) {
			char *authdata = calloc(1, 128);

			if (!authdata) {
				fprintf(stderr, "malloc failed.\n");
				Tspi_Context_Close(hContext);
				exit(result);
			}

			if (EVP_read_pw_string(authdata, 128,
						"Enter Key Migration Password: "******"Passwords do not match.\n");
				free(authdata);
				Tspi_Context_Close(hContext);
				exit(result);
			}

			if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
							    TSS_SECRET_MODE_PLAIN,
							    strlen(authdata),
							    (BYTE *)authdata))) {
				print_error("Tspi_Policy_SetSecret", result);
				Tspi_Context_Close(hContext);
				exit(result);
			}

			free(authdata);
		}

		if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
			print_error("Tspi_Policy_AssignToObject", result);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}

		/* Pull the PubKRK out of the TPM */
		if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
			print_error("Tspi_Key_WrapKey", result);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
		Tspi_Context_FreeMemory(hContext, pubSRK);

		if ((rsa = openssl_read_key(openssl_key)) == NULL) {
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(-1);
		}

		if (RSA_size(rsa) != key_size / 8) {
			fprintf(stderr,
				"Error, key size is incorrect, please use the '-s' option\n");
			RSA_free(rsa);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(-1);
		}

		if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
						  &size_p, (unsigned char *)p)) {
			fprintf(stderr, "Error getting modulus and prime!\n");
			RSA_free(rsa);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(-1);
		}

		if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
						 TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
						 size_n, (BYTE *)n))) {
			print_error("Tspi_SetAttribData (RSA modulus)", result);
			RSA_free(rsa);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(-1);
		}

		if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
						 TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
						 size_p, (BYTE *)p))) {
			print_error("Tspi_SetAttribData (private key)", result);
			RSA_free(rsa);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(-1);
		}

		if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
			print_error("Tspi_Key_WrapKey", result);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
	} else {
		if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
			print_error("Tspi_Key_CreateKey", result);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
	}

	if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
					 TSS_TSPATTRIB_KEYBLOB_BLOB,
					 &blob_size, &blob))) {
		print_error("Tspi_GetAttribData", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	if ((outb = BIO_new_file(filename, "w")) == NULL) {
                fprintf(stderr, "Error opening file for write: %s\n", filename);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(-1);
	}
	blob_str = ASN1_OCTET_STRING_new();
	if (!blob_str) {
                fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(-1);
	}		

	ASN1_STRING_set(blob_str, blob, blob_size);
	asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
	PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);

	BIO_free(outb);
	Tspi_Context_Close(hContext);

	printf("Success.\n");

	return 0;
}
Beispiel #2
0
int
main_v1_2(char version)
{
    char		*function = "Tspi_Key_GetPubKey-trans02";
    TSS_HCONTEXT	hContext;
    TSS_HKEY	hSRK;
    TSS_HKEY	hKey, hWrappingKey, hSigningKey;
    TSS_UUID	SRKUUID			= {0,0,0,0,0,0,0,0,0,0,1};
    TSS_UUID	migratableSignUUID	= {1,2,3,4,5,6,7,8,9,10,2};
    TSS_UUID	uuid;
    TSS_RESULT	result;
    UINT32		ulPubKeyLength;
    BYTE		*rgbPubKey;
    TSS_HPOLICY	srkUsagePolicy;
    TSS_HTPM	hTPM;
    TSS_FLAG	initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048  |
                            TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
                            TSS_KEY_NOT_MIGRATABLE;

    print_begin_test( function );

    result = connect_load_all(&hContext, &hSRK, &hTPM);
    if (result != TSS_SUCCESS) {
        print_error("Tspi_Context_Create ", result);
        exit(result);
    }

    result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
                                      &hSigningKey);
    if (result != TSS_SUCCESS) {
        print_error("Testsuite_Transport_Init", result);
        Tspi_Context_Close(hContext);
        exit(result);
    }
    //Create Signing Key
    result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
                                        initFlags, &hKey );
    if ( result != TSS_SUCCESS )
    {
        print_error( "Tspi_Context_CreateObject (hKey)", result );
        Tspi_Context_FreeMemory( hContext, NULL );
        Tspi_Context_Close( hContext );
        exit( result );
    }

    result = Tspi_Key_CreateKey( hKey, hSRK, 0 );
    if ( result != TSS_SUCCESS )
    {
        print_error( "Tspi_Key_CreateKey (hKey)", result );
        Tspi_Context_FreeMemory( hContext, NULL );
        Tspi_Context_Close( hContext );
        exit( result );
    }

    result = Tspi_Key_LoadKey( hKey, hSRK );
    if ( result != TSS_SUCCESS )
    {
        print_error( "Tspi_Key_LoadKey (hKey)", result );
        Tspi_Context_FreeMemory( hContext, NULL );
        Tspi_Context_Close( hContext );
        exit( result );
    }

    // Get Pub Key
    result = Tspi_Key_GetPubKey( hKey, &ulPubKeyLength, &rgbPubKey );
    if ( result != TSS_SUCCESS )
    {
        print_error( "Tspi_Key_GetPubKey", result );
        Tspi_Context_FreeMemory( hContext, NULL );
        Tspi_Context_Close( hContext );
        exit( result );
    }

    result = Testsuite_Transport_Final(hContext, hSigningKey);
    if ( result != TSS_SUCCESS )
    {
        if( !(checkNonAPI(result)) )
        {
            print_error( function, result );
        }
        else
        {
            print_error_nonapi( function, result );
        }
    }
    else
    {
        result = Tspi_Context_FreeMemory(hContext, rgbPubKey);
        if (result != TSS_SUCCESS) {
            print_error("Tspi_Context_FreeMemory ", result);
            Tspi_Context_Close(hContext);
            exit(result);
        }
        print_success( function, result );
    }

    print_end_test( function );
    Tspi_Context_FreeMemory( hContext, NULL );
    Tspi_Context_Close( hContext );
    exit( result );
}
Beispiel #3
0
TSS_RESULT
Tspi_Context_LoadKeyByUUID(TSS_HCONTEXT tspContext,		/* in */
			   TSS_FLAG persistentStorageType,	/* in */
			   TSS_UUID uuidData,			/* in */
			   TSS_HKEY * phKey)			/* out */
{
	TSS_RESULT result;
	TSS_UUID parentUUID;
	UINT32 keyBlobSize, parentPSType;
	BYTE *keyBlob = NULL;
	TCS_KEY_HANDLE tcsKeyHandle;
	TSS_HKEY parentTspHandle;
	TCS_LOADKEY_INFO info;
	UINT32		ulPubKeyLength;
	BYTE		*rgbPubKey;

	if (phKey == NULL)
		return TSPERR(TSS_E_BAD_PARAMETER);

	if ((!obj_is_context(tspContext)))
		return TSPERR(TSS_E_INVALID_HANDLE);

	/* This key is in the System Persistant storage */
	if (persistentStorageType == TSS_PS_TYPE_SYSTEM) {
#if 1
		memset(&info, 0, sizeof(TCS_LOADKEY_INFO));

		result = RPC_LoadKeyByUUID(tspContext, uuidData, &info, &tcsKeyHandle);

		if (TSS_ERROR_CODE(result) == TCS_E_KM_LOADFAILED) {
			TSS_HKEY keyHandle;
			TSS_HPOLICY hPolicy;

			/* load failed, due to some key in the chain needing auth
			 * which doesn't yet exist at the TCS level. However, the
			 * auth may already be set in policies at the TSP level.
			 * To find out, get the key handle of the key requiring
			 * auth. First, look at the list of keys in memory. */
			if ((obj_rsakey_get_by_uuid(&info.parentKeyUUID, &keyHandle))) {
				/* If that failed, look on disk, in User PS. */
				if (ps_get_key_by_uuid(tspContext, &info.parentKeyUUID,
						       &keyHandle))
					return result;
			}

			if (obj_rsakey_get_policy(keyHandle, TSS_POLICY_USAGE,
						  &hPolicy, NULL))
				return result;

			if (secret_PerformAuth_OIAP(keyHandle, TPM_ORD_LoadKey, hPolicy, FALSE,
						    &info.paramDigest, &info.authData))
				return result;

			if ((result = RPC_LoadKeyByUUID(tspContext, uuidData, &info,
							&tcsKeyHandle)))
				return result;
		} else if (result)
			return result;

		/*check if provided UUID has an owner evict key UUID prefix */
		if (!memcmp(&uuidData, &owner_evict_uuid, sizeof(TSS_UUID)-1)) {
			if ((result = obj_rsakey_add(tspContext, TSS_RSAKEY_FLAG_OWNEREVICT,
						      phKey)))
				return result;
			if ((result = obj_rsakey_set_tcs_handle(*phKey, tcsKeyHandle)))
				return result;

			//The cached public key portion of the owner evict key is used 
			//further by TPM_KEY_CONTROLOWNER command for sanity check
			if ((result = Tspi_Key_GetPubKey(*phKey, &ulPubKeyLength, &rgbPubKey)))
				return result;

			result = obj_rsakey_set_pubkey(*phKey, FALSE, rgbPubKey);

			free(rgbPubKey);		
			if (result != TSS_SUCCESS)
				return result;
		} else {
			if ((result = RPC_GetRegisteredKeyBlob(tspContext, uuidData, &keyBlobSize,
							       &keyBlob)))
				return result;

			if ((result = obj_rsakey_add_by_key(tspContext, &uuidData, keyBlob,
							    TSS_OBJ_FLAG_SYSTEM_PS, phKey))) {
				free (keyBlob);
				return result;
			}
	
			result = obj_rsakey_set_tcs_handle(*phKey, tcsKeyHandle);

			free (keyBlob);
		}
#else
		if ((result = load_from_system_ps(tspContext, &uuidData, phKey)))
			return result;
#endif
	} else if (persistentStorageType == TSS_PS_TYPE_USER) {
		if ((result = ps_get_parent_uuid_by_uuid(&uuidData, &parentUUID)))
			return result;

		/* If the parent is not in memory, recursively call ourselves on it */
		if (obj_rsakey_get_by_uuid(&parentUUID, &parentTspHandle) != TSS_SUCCESS) {
			if ((result = ps_get_parent_ps_type_by_uuid(&uuidData, &parentPSType)))
				return result;

			if ((result = Tspi_Context_LoadKeyByUUID(tspContext, parentPSType,
								 parentUUID, &parentTspHandle)))
				return result;
		}

		if ((result = ps_get_key_by_uuid(tspContext, &uuidData, phKey)))
			return result;

		/* The parent is loaded and we have the parent key handle, so call the TCS to
		 * actually load the child. */
		return Tspi_Key_LoadKey(*phKey, parentTspHandle);
	} else {
		return TSPERR(TSS_E_BAD_PARAMETER);
	}

	return TSS_SUCCESS;
}
Beispiel #4
0
int
main_v1_1( void )
{
	char		*function = "Tspi_Key_GetPubKey01";
	TSS_HCONTEXT	hContext;
	TSS_HKEY	hSRK;
	TSS_HKEY	hKey;
	TSS_UUID	SRKUUID			= {0,0,0,0,0,0,0,0,0,0,1};
	TSS_UUID	migratableSignUUID	= {1,2,3,4,5,6,7,8,9,10,2};
	TSS_UUID	uuid;
	TSS_RESULT	result;
	UINT32		ulPubKeyLength;
	BYTE		*rgbPubKey;
	TSS_HPOLICY	srkUsagePolicy;
	TSS_FLAG	initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048  |
				TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
				TSS_KEY_NOT_MIGRATABLE;

	print_begin_test( function );

		// Create Context
	result = Tspi_Context_Create( &hContext );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Create", result );
		print_error_exit( function, err_string(result) );
		exit( result );
	}

		// Connect to Context
	result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Connect", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		//Load Key By UUID
	result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
						SRK_UUID, &hSRK );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

#ifndef TESTSUITE_NOAUTH_SRK
		//Get Policy Object
	result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
					&srkUsagePolicy );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_GetPolicyObject", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		//Set Secret
	result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
				TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Policy_SetSecret", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}
#endif
		//Create Signing Key
	result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
						initFlags, &hKey );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (hKey)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

	result = Tspi_Key_CreateKey( hKey, hSRK, 0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Key_CreateKey (hKey)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

	result = Tspi_Key_LoadKey( hKey, hSRK );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Key_LoadKey (hKey)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		// Get Pub Key
	result = Tspi_Key_GetPubKey( hKey, &ulPubKeyLength, &rgbPubKey );
	if ( result != TSS_SUCCESS )
	{
		if( !(checkNonAPI(result)) )
		{
			print_error( function, result );
		}
		else
		{
			print_error_nonapi( function, result );
		}
	}
	else
	{
		result = Tspi_Context_FreeMemory(hContext, rgbPubKey);
		if (result != TSS_SUCCESS) {
			print_error("Tspi_Context_FreeMemory ", result);
			print_error_exit(function, err_string(result));
			Tspi_Context_Close(hContext);
			exit(result);
		}
		print_success( function, result );
	}

	print_end_test( function );
	Tspi_Context_FreeMemory( hContext, NULL );
	Tspi_Context_Close( hContext );
	exit( result );
}
Beispiel #5
0
int main(int argc, char **argv)
{
	
	TSS_HCONTEXT hContext=0;
	TSS_HTPM hTPM = 0;
	TSS_RESULT result;
	TSS_HKEY hSRK = 0;
	TSS_HPOLICY hSRKPolicy=0;
	TSS_UUID SRK_UUID = TSS_UUID_SRK;
	BYTE wks[20]; 
	memset(wks,0,20);

	TSS_HKEY hESS_Bind_Key;
	TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID;
	TSS_HPOLICY hESS_Policy;
	TSS_FLAG initFlags;
	BYTE *pubKey;
	UINT32 pubKeySize;
	FILE *fout, *fin;

	result =Tspi_Context_Create(&hContext);
	DBG("Create a context", result);
	result=Tspi_Context_Connect(hContext, NULL);
	DBG("Connect to TPM", result);
	
	
	result=Tspi_Context_GetTpmObject(hContext, &hTPM);
	DBG("Get TPM handle", result);
	result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
	DBG("Get SRK handle", result);
	result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
	DBG("Get SRK Policy", result);
	result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks);
	DBG("Tspi_Policy_SetSecret", result);
	

	result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,
			TSS_POLICY_USAGE, &hESS_Policy);
	DBG("Create a key policy object", result);
	result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1,
			20, wks);
	DBG("Set key policy object secret", result);
	initFlags = TSS_KEY_TYPE_BIND |
		    TSS_KEY_SIZE_2048 |
		    TSS_KEY_AUTHORIZATION |
		    TSS_KEY_NOT_MIGRATABLE;
	result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
			initFlags, &hESS_Bind_Key);
	DBG("Create the key object", result);
	result = Tspi_SetAttribUint32(hESS_Bind_Key,
		TSS_TSPATTRIB_KEY_INFO,
		TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
		TSS_ES_RSAESPKCSV15);
	DBG("Set the keys's padding type", result);
	result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key);
	DBG("Assign the key's policy to the key", result);
	printf("Creating the key could take a while\n");
	result = Tspi_Key_CreateKey(hESS_Bind_Key,
		hSRK, 0);
	DBG("Asking TPM to create the key", result);
	result = Tspi_Context_RegisterKey(hContext,
					hESS_Bind_Key,
					TSS_PS_TYPE_SYSTEM,
					ESS_BIND_UUID,
					TSS_PS_TYPE_SYSTEM,
					SRK_UUID);
	DBG("Registering the key for later retrieval", result);
	
	printf("Registering the key blob for later retrieval\r\n");

	result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
	DBG("Loading key in TPM", result);
	result = Tspi_Key_GetPubKey(hESS_Bind_Key,
				&pubKeySize, &pubKey);
	DBG("Get Public portion of key", result);
	fout = fopen("BackupESSBindKey.pub", "wb");
	if(fout != NULL) {
		write(fileno(fout), pubKey, pubKeySize);
		printf("Finished writing BackupESSBindKey.pub\n");
		fclose(fout);
	}
	else {
		printf("Error opening XXXXXXXXXXXX \r\n");
	}
	result = Tspi_Policy_FlushSecret(hESS_Policy);
	DBG("Policy flush secret", result);

	result = Tspi_Context_GetKeyByUUID(hContext,
					TSS_PS_TYPE_SYSTEM,
					ESS_BIND_UUID,
					&hESS_Bind_Key);
	DBG("Get key handle", result);
	printf("Unregistering key\r\n");
	result = Tspi_Context_UnregisterKey(hContext,
					TSS_PS_TYPE_SYSTEM,
					ESS_BIND_UUID,
					&hESS_Bind_Key);
	DBG("Unregister key", result);
	// Load a key and bind data
	UINT32 ulDataLength;
	BYTE *rbgBoundData;
	BYTE newPubKey[1000], encData[1000];
	TSS_HENCDATA hEncData;
	fin = fopen("BackupESSBindKey.pub", "r");
	read(fileno(fin), newPubKey,284);
	if (fin == NULL)
		return 0;
	fclose(fin);
	result = Tspi_Context_CreateObject(hContext,
				TSS_OBJECT_TYPE_RSAKEY,
				initFlags, &hESS_Bind_Key);
	DBG("Tspi_Context_CreateObject BindKey", result);
	result = Tspi_SetAttribData(hESS_Bind_Key,
				TSS_TSPATTRIB_KEY_BLOB,
				TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
				284,newPubKey);
	DBG("Set Public key into new key object", result);
	fin = fopen("data", "rb");
	read(fileno(fin), encData, 7);
	fclose(fin);
	result=Tspi_Context_CreateObject(hContext,
				TSS_OBJECT_TYPE_ENCDATA,
				TSS_ENCDATA_BIND,
				&hEncData);
	DBG("Create Data Object", result);
	result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData);
	DBG("Bind data", result);
	result = Tspi_GetAttribData(hEncData,
			TSS_TSPATTRIB_ENCDATA_BLOB,
			TSS_TSPATTRIB_ENCDATABLOB_BLOB,
			&ulDataLength,&rbgBoundData);
	DBG("Get encrypted data", result);
	fout = fopen("Bound.data", "wb");
	write(fileno(fout),rbgBoundData,ulDataLength);
	fclose(fout);

	result = Tspi_Context_FreeMemory(hContext, NULL);
	DBG("Tspi Context Free Memory", result);
	result = Tspi_Context_Close(hContext);
	DBG("Tspi Context Close", result);
	return 0;
	

}