int nvReadLock(TPMI_RH_NV_AUTH authHandle, TPMI_RH_NV_INDEX nvIndex)
{
UINT32 rval;
TPMS_AUTH_COMMAND sessionData;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_CMD_AUTHS sessionsData;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
TPM2B_MAX_NV_BUFFER nvData = { { sizeof(TPM2B_MAX_NV_BUFFER)-2, } };
TPMS_AUTH_COMMAND *sessionDataArray[1];
TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
sessionDataArray[0] = &sessionData;
sessionDataOutArray[0] = &sessionDataOut;
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsData.cmdAuths = &sessionDataArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionsData.cmdAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
sessionData.hmac.t.size = 0;
*( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
if (strlen(handlePasswd) > 0 && !hexPasswd)
{
sessionData.hmac.t.size = strlen(handlePasswd);
memcpy( &sessionData.hmac.t.buffer[0], handlePasswd, sessionData.hmac.t.size );
}
else if (strlen(handlePasswd) > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure(handlePasswd, &sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for handlePasswd.\n");
return -1;
}
}
rval = Tss2_Sys_NV_ReadLock( sysContext, authHandle, nvIndex, &sessionsData, &sessionsDataOut );
if(rval != TPM_RC_SUCCESS)
{
printf("\nFailed to lock NVRAM area at index 0x%x (%d).Error:0x%x\n", nvIndex, nvIndex, rval );
return -1;
}
return 0;
}
int evictControl(TPMI_RH_PROVISION auth, TPMI_DH_OBJECT objectHandle,TPMI_DH_OBJECT persistentHandle, int P_flag)
{
UINT32 rval;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_CMD_AUTHS sessionsData;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
TPMS_AUTH_COMMAND *sessionDataArray[1];
TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
sessionDataArray[0] = &sessionData;
sessionDataOutArray[0] = &sessionDataOut;
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsData.cmdAuths = &sessionDataArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionsData.cmdAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
if(P_flag == 0)
sessionData.hmac.t.size = 0;
*((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
if (sessionData.hmac.t.size > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure((char *)sessionData.hmac.t.buffer,
&sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for authorization Passwd.\n");
return -1;
}
}
rval = Tss2_Sys_EvictControl(sysContext, auth, objectHandle, &sessionsData, persistentHandle,&sessionsDataOut);
if(rval != TPM_RC_SUCCESS)
{
printf("\nEvictControl Failed, error code: 0x%0x\n\n",rval);
return -1;
}
printf("\nEvictControl succ.\n");
return 0;
}
int quote(TPM_HANDLE akHandle, PCR_LIST pcrList, TPMI_ALG_HASH algorithmId)
{
UINT32 rval;
TPM2B_DATA qualifyingData;
UINT8 qualDataString[] = { 0x00, 0xff, 0x55, 0xaa };
TPMT_SIG_SCHEME inScheme;
TPML_PCR_SELECTION pcrSelection;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_CMD_AUTHS sessionsData;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
TPM2B_ATTEST quoted = { { sizeof(TPM2B_ATTEST)-2, } };
TPMT_SIGNATURE signature;
TPMS_AUTH_COMMAND *sessionDataArray[1];
TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
sessionDataArray[0] = &sessionData;
sessionDataOutArray[0] = &sessionDataOut;
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsData.cmdAuths = &sessionDataArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionsData.cmdAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
*( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
if (sessionData.hmac.t.size > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure((char *)sessionData.hmac.t.buffer,
&sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for AK Passwd.\n");
return -1;
}
}
if(!qualifedData.t.size)
{
qualifyingData.t.size = sizeof( qualDataString );
memcpy( &qualifyingData.t.buffer[0], qualDataString, sizeof( qualDataString ) );
}
else
{
qualifyingData = qualifedData; // shallow copy ok since there are no pointers
}
inScheme.scheme = TPM_ALG_NULL;
pcrSelection.count = 1;
pcrSelection.pcrSelections[0].hash = algorithmId;
pcrSelection.pcrSelections[0].sizeofSelect = 3;
// Clear out PCR select bit field
pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
pcrSelection.pcrSelections[0].pcrSelect[2] = 0;
// Now set the PCR you want
for(int l=0;l<pcrList.size; l++)
{
UINT32 pcrId = pcrList.id[l];
pcrSelection.pcrSelections[0].pcrSelect[( pcrId/8 )] |= ( 1 << ( pcrId) % 8);
}
memset( (void *)&signature, 0, sizeof(signature) );
rval = Tss2_Sys_Quote(sysContext, akHandle, &sessionsData,
&qualifyingData, &inScheme, &pcrSelection, "ed,
&signature, &sessionsDataOut );
if(rval != TPM_RC_SUCCESS)
{
printf("\nQuote Failed ! ErrorCode: 0x%0x\n\n", rval);
return -1;
}
printf( "\nquoted:\n " );
PrintSizedBuffer( (TPM2B *)"ed );
//PrintTPM2B_ATTEST("ed);
printf( "\nsignature:\n " );
PrintBuffer( (UINT8 *)&signature, sizeof(signature) );
//PrintTPMT_SIGNATURE(&signature);
FILE *fp = fopen(outFilePath,"w+");
if(NULL == fp)
{
printf("OutFile: %s Can Not Be Created !\n",outFilePath);
return -2;
}
if(fwrite("ed, calcSizeofTPM2B_ATTEST("ed), 1 ,fp) != 1)
{
fclose(fp);
printf("OutFile: %s Write quoted Data In Error!\n",outFilePath);
return -3;
}
if(fwrite(&signature, calcSizeofTPMT_SIGNATURE(&signature), 1, fp) != 1)
{
fclose(fp);
printf("OutFile: %s Write signature Data In Error!\n",outFilePath);
return -4;
}
fclose(fp);
return 0;
}
int createEKHandle()
{
UINT32 rval;
TPMS_AUTH_COMMAND sessionData;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_CMD_AUTHS sessionsData;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
TPMS_AUTH_COMMAND *sessionDataArray[1];
TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
TPM2B_SENSITIVE_CREATE inSensitive = { { sizeof(TPM2B_SENSITIVE_CREATE) - 2, } };
TPM2B_PUBLIC inPublic = { { sizeof(TPM2B_PUBLIC) - 2, } };
TPM2B_DATA outsideInfo = { { 0, } };
TPML_PCR_SELECTION creationPCR;
TPM2B_NAME name = { { sizeof(TPM2B_NAME) - 2, } };
TPM2B_PUBLIC outPublic = { { 0, } };
TPM2B_CREATION_DATA creationData = { { 0, } };
TPM2B_DIGEST creationHash = { { sizeof(TPM2B_DIGEST) - 2, } };
TPMT_TK_CREATION creationTicket = { 0, };
TPM_HANDLE handle2048ek;
sessionDataArray[0] = &sessionData;
sessionDataOutArray[0] = &sessionDataOut;
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsData.cmdAuths = &sessionDataArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionsData.cmdAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
sessionData.hmac.t.size = 0;
*((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
// use enAuth in Tss2_Sys_CreatePrimary
if (strlen(endorsePasswd) > 0 && !hexPasswd)
{
sessionData.hmac.t.size = strlen(endorsePasswd);
memcpy( &sessionData.hmac.t.buffer[0], endorsePasswd, sessionData.hmac.t.size );
}
else if (strlen(endorsePasswd) > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure(endorsePasswd, &sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for endorsePasswd.\n");
return -1;
}
}
if (strlen(ekPasswd) > 0 && !hexPasswd)
{
sessionData.hmac.t.size = strlen(ekPasswd);
memcpy( &sessionData.hmac.t.buffer[0], ekPasswd, sessionData.hmac.t.size );
}
else if (strlen(ekPasswd) > 0 && hexPasswd)
{
inSensitive.t.sensitive.userAuth.t.size = sizeof(inSensitive.t.sensitive.userAuth) - 2;
if (hex2ByteStructure(ekPasswd,
&inSensitive.t.sensitive.userAuth.t.size,
inSensitive.t.sensitive.userAuth.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for ekPasswd.\n");
return -1;
}
}
inSensitive.t.sensitive.data.t.size = 0;
inSensitive.t.size = inSensitive.t.sensitive.userAuth.b.size + 2;
if ( setKeyAlgorithm(algorithmType, inSensitive, inPublic) )
return -1;
creationPCR.count = 0;
/*To Create EK*/
rval = Tss2_Sys_CreatePrimary(sysContext, TPM_RH_ENDORSEMENT, &sessionsData, &inSensitive, &inPublic,
&outsideInfo, &creationPCR, &handle2048ek, &outPublic, &creationData, &creationHash,
&creationTicket, &name, &sessionsDataOut);
if ( rval != TPM_RC_SUCCESS )
{
printf("\n......TPM2_CreatePrimary Error. TPM Error:0x%x......\n", rval);
return -2;
}
printf("\nEK create succ.. Handle: 0x%8.8x\n", handle2048ek);
if (!nonPersistentRead)
{
// To make EK persistent, use own auth
sessionData.hmac.t.size = 0;
if (strlen(ownerPasswd) > 0 && !hexPasswd)
{
sessionData.hmac.t.size = strlen(ownerPasswd);
memcpy( &sessionData.hmac.t.buffer[0], ownerPasswd, sessionData.hmac.t.size );
}
else if (strlen(ownerPasswd) > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure(ownerPasswd, &sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for ownerPasswd.\n");
return -1;
}
}
rval = Tss2_Sys_EvictControl(sysContext, TPM_RH_OWNER, handle2048ek, &sessionsData, persistentHandle, &sessionsDataOut);
if ( rval != TPM_RC_SUCCESS )
{
printf("\n......EvictControl:Make EK persistent Error. TPM Error:0x%x......\n", rval);
return -3;
}
printf("EvictControl EK persistent succ.\n");
}
rval = Tss2_Sys_FlushContext(sysContext, handle2048ek);
if ( rval != TPM_RC_SUCCESS )
{
printf("\n......Flush transient EK failed. TPM Error:0x%x......\n", rval);
return -4;
}
printf("Flush transient EK succ.\n");
// save ek public
if ( saveDataToFile(outputFile, (UINT8 *)&outPublic, sizeof(outPublic)) )
{
printf("\n......Failed to save EK pub key into file(%s)......\n", outputFile);
return -5;
}
return 0;
}
int encryptDecrypt(TPMI_DH_OBJECT keyHandle, TPMI_YES_NO decryptVal, TPM2B_MAX_BUFFER *inData, const char *outFilePath)
{
UINT32 rval;
// Inputs
TPMI_ALG_SYM_MODE mode;
TPM2B_IV ivIn;
// Outputs
TPM2B_MAX_BUFFER outData = { { sizeof(TPM2B_MAX_BUFFER)-2, } };
TPM2B_IV ivOut = { { sizeof(TPM2B_IV)-2, } };
TSS2_SYS_CMD_AUTHS sessionsData;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
TPMS_AUTH_COMMAND *sessionDataArray[1];
TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
sessionDataArray[0] = &sessionData;
sessionsData.cmdAuths = &sessionDataArray[0];
sessionDataOutArray[0] = &sessionDataOut;
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
*((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
if (sessionData.hmac.t.size > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure((char *)sessionData.hmac.t.buffer,
&sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for key Passwd.\n");
return -1;
}
}
sessionsData.cmdAuthsCount = 1;
sessionsData.cmdAuths[0] = &sessionData;
mode = TPM_ALG_NULL;
ivIn.t.size = MAX_SYM_BLOCK_SIZE;
memset(ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE);
if(decryptVal == NO)
printf("\nENCRYPTDECRYPT: ENCRYPT\n");
if(decryptVal == YES)
printf("\nENCRYPTDECRYPT: DECRYPT\n");
rval = Tss2_Sys_EncryptDecrypt(sysContext, keyHandle, &sessionsData, decryptVal, mode, &ivIn, inData, &outData, &ivOut, &sessionsDataOut);
if(rval != TPM_RC_SUCCESS)
{
printf("EncryptDecrypt failed, error code: 0x%x\n", rval);
return -1;
}
printf("\nEncryptDecrypt succ.\n");
if(saveDataToFile(outFilePath, (UINT8 *)outData.t.buffer, outData.t.size))
return -2;
printf("OutFile %s completed!\n", outFilePath);
return 0;
}
int nvSpaceDefine()
{
UINT32 rval;
TPM2B_AUTH nvAuth;
TPM2B_NV_PUBLIC publicInfo;
TPMS_AUTH_COMMAND sessionData;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_CMD_AUTHS sessionsData;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsData.cmdAuths = &sessionDataArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionsData.cmdAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
sessionData.hmac.t.size = 0;
*( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
if (strlen(handlePasswd) > 0 && !hexPasswd)
{
sessionData.hmac.t.size = strlen(handlePasswd);
memcpy( &sessionData.hmac.t.buffer[0], handlePasswd, sessionData.hmac.t.size );
}
else if (strlen(handlePasswd) > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure(handlePasswd, &sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for handlePasswd.\n");
return -1;
}
}
publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
sizeof( UINT16 );
publicInfo.t.nvPublic.nvIndex = nvIndex;
publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA256;
// Now set the attributes.
publicInfo.t.nvPublic.attributes.val = nvAttribute;
publicInfo.t.nvPublic.authPolicy.t.size = 0;
publicInfo.t.nvPublic.dataSize = size;
nvAuth.t.size = 0;
if (strlen(indexPasswd) > 0 && !hexPasswd)
{
nvAuth.t.size = strlen(indexPasswd);
memcpy( &nvAuth.t.buffer[0], indexPasswd, nvAuth.t.size );
}
else if (strlen(indexPasswd) > 0 && hexPasswd)
{
nvAuth.t.size = sizeof(nvAuth) - 2;
if (hex2ByteStructure(indexPasswd,&nvAuth.t.size,nvAuth.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for indexPasswd.\n");
return -1;
}
}
rval = Tss2_Sys_NV_DefineSpace( sysContext, authHandle, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
if(rval != TPM_RC_SUCCESS)
{
printf( "\nFailed to define NV area at index 0x%x (%d).Error:0x%x\n", nvIndex, nvIndex, rval );
return -1;
}
printf( "Success to define NV area at index 0x%x (%d).\n", nvIndex, nvIndex);
return 0;
}
int main(int argc, char* argv[])
{
char hostName[200] = DEFAULT_HOSTNAME;
int port = DEFAULT_RESMGR_TPM_PORT;
UINT16 size;
setbuf(stdout, NULL);
setvbuf (stdout, NULL, _IONBF, BUFSIZ);
int opt = -1;
const char *optstring = "hve:s:n:o:p:d:";
static struct option long_options[] = {
{"help",0,NULL,'h'},
{"version",0,NULL,'v'},
{"encKey",1,NULL,'e'},
{"sec",1,NULL,'s'},
{"name",1,NULL,'n'},
{"outFile",1,NULL,'o'},
{"port",1,NULL,'p'},
{"debugLevel",1,NULL,'d'},
{0,0,0,0}
};
int returnVal = 0;
int flagCnt = 0;
int h_flag = 0,
v_flag = 0,
e_flag = 0,
s_flag = 0,
n_flag = 0,
o_flag = 0;
if(argc == 1)
{
showHelp(argv[0]);
return 0;
}
while((opt = getopt_long(argc,argv,optstring,long_options,NULL)) != -1)
{
switch(opt)
{
case 'h':
h_flag = 1;
break;
case 'v':
v_flag = 1;
break;
case 'e':
size = sizeof(inPublic);
if(loadDataFromFile(optarg, (UINT8 *)&inPublic, &size) != 0)
{
returnVal = -1;
break;
}
e_flag = 1;
break;
case 's':
inCredential.t.size = sizeof(inCredential) - 2;
if(loadDataFromFile(optarg, inCredential.t.buffer, &inCredential.t.size) != 0)
{
returnVal = -2;
break;
}
s_flag = 1;
break;
case 'n':
objectName.t.size = sizeof(objectName) - 2;
if(hex2ByteStructure(optarg,&objectName.t.size,objectName.t.name) != 0)
{
returnVal = -3;
break;
}
n_flag = 1;
break;
case 'o':
safeStrNCpy(outFilePath, optarg, sizeof(outFilePath));
if(checkOutFile(outFilePath) != 0)
{
returnVal = -4;
break;
}
o_flag = 1;
break;
case 'p':
if( getPort(optarg, &port) )
{
printf("Incorrect port number.\n");
returnVal = -5;
}
break;
case 'd':
if( getDebugLevel(optarg, &debugLevel) )
{
printf("Incorrect debug level.\n");
returnVal = -6;
}
break;
case ':':
// printf("Argument %c needs a value!\n",optopt);
returnVal = -7;
break;
case '?':
// printf("Unknown Argument: %c\n",optopt);
returnVal = -8;
break;
//default:
// break;
}
if(returnVal)
break;
};
if(returnVal != 0)
return returnVal;
flagCnt = h_flag + v_flag + e_flag + s_flag + n_flag + o_flag;
if(flagCnt == 1)
{
if(h_flag == 1)
showHelp(argv[0]);
else if(v_flag == 1)
showVersion(argv[0]);
else
{
showArgMismatch(argv[0]);
return -9;
}
}
else if(flagCnt == 4 && h_flag != 1 && v_flag != 1)
{
prepareTest(hostName, port, debugLevel);
returnVal = makeCredential();
finishTest();
if(returnVal)
return -10;
}
else
{
showArgMismatch(argv[0]);
return -11;
}
return 0;
}
int activateCredential()
{
UINT32 rval;
TPM2B_DIGEST certInfoData = { { sizeof(certInfoData)-2, } };
printf("\nACTIVATE CREDENTIAL TESTS:\n");
cmdAuth.sessionHandle = TPM_RS_PW;
cmdAuth2.sessionHandle = TPM_RS_PW;
*((UINT8 *)((void *)&cmdAuth.sessionAttributes)) = 0;
*((UINT8 *)((void *)&cmdAuth2.sessionAttributes)) = 0;
*((UINT8 *)((void *)&cmdAuth3.sessionAttributes)) = 0;
TPMS_AUTH_COMMAND *cmdSessionArray[2] = { &cmdAuth, &cmdAuth3 };
TSS2_SYS_CMD_AUTHS cmdAuthArray = { 2, &cmdSessionArray[0] };
TPMS_AUTH_COMMAND *cmdSessionArray1[1] = { &cmdAuth2 };
TSS2_SYS_CMD_AUTHS cmdAuthArray1 = { 1, &cmdSessionArray1[0] };
SESSION *session;
TPM2B_ENCRYPTED_SECRET encryptedSalt = { { 0, } };
TPM2B_NONCE nonceCaller = { { 0, } };
TPMT_SYM_DEF symmetric;
symmetric.algorithm = TPM_ALG_NULL;
if (cmdAuth.hmac.t.size > 0 && hexPasswd)
{
cmdAuth.hmac.t.size = sizeof(cmdAuth.hmac) - 2;
if (hex2ByteStructure((char *)cmdAuth.hmac.t.buffer,
&cmdAuth.hmac.t.size,
cmdAuth.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for handlePasswd.\n");
return -1;
}
}
if (cmdAuth2.hmac.t.size > 0 && hexPasswd)
{
cmdAuth2.hmac.t.size = sizeof(cmdAuth2.hmac) - 2;
if (hex2ByteStructure((char *)cmdAuth2.hmac.t.buffer,
&cmdAuth2.hmac.t.size,
cmdAuth2.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for endorsePasswd.\n");
return -1;
}
}
rval = StartAuthSessionWithParams( &session, TPM_RH_NULL, 0, TPM_RH_NULL,
0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
if( rval != TPM_RC_SUCCESS )
{
printf("\n......StartAuthSessionWithParams Error. TPM Error:0x%x......\n", rval);
return -1;
}
printf("\nStartAuthSessionWithParams succ.......\n");
rval = Tss2_Sys_PolicySecret(sysContext, TPM_RH_ENDORSEMENT, session->sessionHandle, &cmdAuthArray1, 0, 0, 0, 0, 0, 0, 0);
if( rval != TPM_RC_SUCCESS )
{
printf("\n......Tss2_Sys_PolicySecret Error. TPM Error:0x%x......\n", rval);
return -2;
}
printf("\nTss2_Sys_PolicySecret succ.......\n");
cmdAuth3.sessionHandle = session->sessionHandle;
cmdAuth3.sessionAttributes.continueSession = 1;
cmdAuth3.hmac.t.size = 0;
rval = Tss2_Sys_ActivateCredential(sysContext, activateHandle, keyHandle, &cmdAuthArray, &credentialBlob, &secret, &certInfoData, 0);
if(rval != TPM_RC_SUCCESS)
{
printf("\n......ActivateCredential failed. TPM Error:0x%x......\n", rval);
return -3;
}
printf("\nActivate Credential succ.\n");
// Need to flush the session here.
rval = Tss2_Sys_FlushContext( sysContext, session->sessionHandle );
if( rval != TPM_RC_SUCCESS )
{
printf("\n......TPM2_Sys_FlushContext Error. TPM Error:0x%x......\n", rval);
return -4;
}
// And remove the session from sessions table.
rval = EndAuthSession( session );
if( rval != TPM_RC_SUCCESS )
{
printf("\n......EndAuthSession Error. TPM Error:0x%x......\n", rval);
return -5;
}
printf("\nCertInfoData :\n");
for (int k = 0; k<certInfoData.t.size; k++)
{
printf("0x%.2x ", certInfoData.t.buffer[k]);
}
printf("\n\n");
if(saveDataToFile(outFilePath, certInfoData.t.buffer, certInfoData.t.size) == 0)
printf("OutFile %s completed!\n",outFilePath);
else
return -6;
return 0;
}
int nvWrite()
{
UINT32 rval;
TPMS_AUTH_COMMAND sessionData;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_CMD_AUTHS sessionsData;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
UINT16 i, offset = 0;
TPM2B_MAX_NV_BUFFER nvWriteData;
TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsData.cmdAuths = &sessionDataArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionsData.cmdAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
sessionData.hmac.t.size = 0;
*( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
if (strlen(handlePasswd) > 0 && !hexPasswd)
{
sessionData.hmac.t.size = strlen(handlePasswd);
memcpy( &sessionData.hmac.t.buffer[0], handlePasswd, sessionData.hmac.t.size );
}
else if (strlen(handlePasswd) > 0 && hexPasswd)
{
sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
if (hex2ByteStructure(handlePasswd, &sessionData.hmac.t.size,
sessionData.hmac.t.buffer) != 0)
{
printf( "Failed to convert Hex format password for handlePasswd.\n");
return -1;
}
}
while (dataSize > 0)
{
nvWriteData.t.size = dataSize > MAX_NV_BUFFER_SIZE ? MAX_NV_BUFFER_SIZE : dataSize;
printf("\nThe data(size=%d) to be written:\n", nvWriteData.t.size);
for( i = 0; i<(int)nvWriteData.t.size; i++ )
{
nvWriteData.t.buffer[i] = nvBuffer[offset+i];
printf("%02x ", nvBuffer[offset+i]);
}
printf("\n\n");
rval = Tss2_Sys_NV_Write( sysContext, authHandle, nvIndex, &sessionsData, &nvWriteData, offset, &sessionsDataOut );
if(rval != TSS2_RC_SUCCESS)
{
printf( "Failed to write NV area at index 0x%x (%d) offset 0x%x. Error:0x%x\n", nvIndex, nvIndex, offset, rval );
return -1;
}
printf( "Success to write NV area at index 0x%x (%d) offset 0x%x.\n", nvIndex, nvIndex, offset );
dataSize -= nvWriteData.t.size;
offset += nvWriteData.t.size;
}
return 0;
}
