libhis_getkeyblob()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Context", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
}
libhis_changeownership()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create new policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
}
/*ARGSUSED*/
int
cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
{
TSS_RESULT ret;
TSS_HPOLICY hNewPolicy;
if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
gettext("= TPM owner passphrase ="), 0, NULL))
return (ERR_FAIL);
/* policy object for new passphrase */
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hNewPolicy);
if (ret) {
print_error(ret, gettext("Create policy object"));
return (ERR_FAIL);
}
if (set_policy_options(hNewPolicy, TSS_SECRET_MODE_POPUP,
gettext("= New TPM owner passphrase ="), 0, NULL))
return (ERR_FAIL);
ret = Tspi_ChangeAuth(hTPM, NULL, hNewPolicy);
if (ret && ret != TSP_ERROR(TSS_E_POLICY_NO_SECRET)) {
print_error(ret, gettext("Change authorization"));
return (ERR_FAIL);
}
return (0);
}
/*ARGSUSED*/
int
cmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
{
TSS_RESULT ret;
TSS_HOBJECT hKeySRK;
if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
gettext("= TPM owner passphrase ="), 0, NULL))
return (ERR_FAIL);
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TSP_SRK | TSS_KEY_AUTHORIZATION, &hKeySRK);
if (ret) {
print_error(ret, gettext("Create storage root key"));
return (ERR_FAIL);
}
if (set_object_policy(hKeySRK, TSS_SECRET_MODE_SHA1, NULL,
sizeof (well_known), well_known))
return (ERR_FAIL);
ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
if (ret == TPM_E_NO_ENDORSEMENT) {
if (createek(hContext, hTPM))
return (ERR_FAIL);
ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
}
if (ret) {
print_error(ret, gettext("Take ownership"));
return (ERR_FAIL);
}
return (0);
}
static int tpm_create_srk_policy(void *secret)
{
TSS_RESULT result;
UINT32 secret_len;
if (secret_mode == TSS_SECRET_MODE_SHA1)
secret_len = SHA_DIGEST_LENGTH;
else {
secret_len = (secret == NULL) ? 0 : strlen((char *)secret);
DBG("Using SRK secret = %s", (BYTE *)secret);
}
if (hSRKPolicy == NULL_HPOLICY) {
DBG("Creating SRK policy");
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&hSRKPolicy))) {
TSSerr(TPM_F_TPM_CREATE_SRK_POLICY,
TPM_R_REQUEST_FAILED);
return 0;
}
}
if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode,
secret_len, (BYTE *)secret))) {
TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
void initbind(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_BIND;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
TPW_RESULT create_key(TSS_HCONTEXT tss_context, TSS_FLAG aflags, TSS_HKEY *user_key, TSS_HKEY p_key, char *auth, int authlen)
{
TSS_RESULT result;
TSS_HPOLICY policy;
if(!authlen)
aflags |= TSS_KEY_NO_AUTHORIZATION;
else
aflags |= TSS_KEY_AUTHORIZATION;
result = Tspi_Context_CreateObject(tss_context, TSS_OBJECT_TYPE_RSAKEY, aflags, user_key);
if(TSS_SUCCESS != result)
{
Log_Text("create_key", TPW_KEY_ERROR);
return TPW_KEY_ERROR;
}
if(authlen)
{
result = Tspi_Context_CreateObject(tss_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &policy);
result = policySetSecret(policy, authlen, auth);
if(TSS_SUCCESS != result)
{
Log_Text("setPolicy_in_create_key", TPW_POLICY_ERROR);
return TPW_POLICY_ERROR;
}
result = policyAssign(policy, *user_key);
if(TSS_SUCCESS != result)
{
Log_Text("assignPolicy_in_create_key", TPW_POLICY_ERROR);
return TPW_KEY_ERROR;
}
}
result = keyCreateKey(*user_key, p_key, 0);
if(TSS_SUCCESS != result)
{
Log_Text("Create_in_create_key", TPW_KEY_ERROR);
return TPW_KEY_ERROR;
}
return TPW_SUCCESS;
}
/* create and store keys with the uuids in the @uuids parameter. Unregister
* any keys in the PS that are already stored. hParentKey should already be
* loaded and will become the parent of the key stored with uuids[0] */
TSS_RESULT
store_keys(TSS_HCONTEXT hContext, TSS_HKEY hParentKey, TSS_UUID *uuidParent0,
TSS_UUID **uuids)
{
int i;
TSS_RESULT result;
TSS_UUID *uuidParent;
TSS_HKEY hKey;
TSS_FLAG initFlags;
for (i = 0; uuids[i]; i++) {
/* unregister any keys in the PS that are in the way */
if ((result = Tspi_Context_UnregisterKey(hContext,
TSS_PS_TYPE_SYSTEM,
*uuids[i], &hKey)) &&
(TSS_ERROR_CODE(result) != TSS_E_PS_KEY_NOTFOUND)) {
print_error("Tspi_Context_UnregisterKey", result);
return result;
}
}
initFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE |
TSS_KEY_NO_AUTHORIZATION;
uuidParent = uuidParent0;
for (i = 0; uuids[i]; i++) {
/* create the keys and register them */
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
return result;
}
if ((result = Tspi_Key_CreateKey(hKey, hParentKey, 0))) {
print_error("Tspi_Key_CreateKey", result);
return result;
}
/* load key so that the child can be created */
if ((result = Tspi_Key_LoadKey(hKey, hParentKey))) {
print_error("Tspi_Key_LoadKey", result);
return result;
}
/* register the new key */
if ((result = Tspi_Context_RegisterKey(hContext, hKey,
TSS_PS_TYPE_SYSTEM,
*uuids[i],
TSS_PS_TYPE_SYSTEM,
*uuidParent))) {
print_error("Tspi_Context_RegisterKey", result);
return result;
}
hParentKey = hKey;
uuidParent = uuids[i];
}
return TSS_SUCCESS;
}
int
main_v1_1(void){
char *nameOfFunction = "Tspi_Context_CreateObject02";
TSS_HCONTEXT hContext;
TSS_HKEY hSignatureKey;
TSS_RESULT result;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH,
TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING |
TSS_KEY_MIGRATABLE, &hSignatureKey);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_OBJECT_INITFLAG){
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hSignatureKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hSignatureKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hSignatureKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
int main_v1_1(void)
{
char *function = "Tspi_Hash_GetHashValue04";
TSS_HCONTEXT hContext;
TSS_HHASH hHash;
UINT32 ulHashValueLength, exitCode = 0;
BYTE *rgbHashValue, hashBuf[20];
TSS_RESULT result;
print_begin_test(function);
// Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
// Connect to Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH,
TSS_HASH_SHA1, &hHash);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hash)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Hash_GetHashValue(hHash, &ulHashValueLength,
&rgbHashValue);
if (TSS_ERROR_CODE(result) != TSS_E_HASH_NO_DATA) {
if (!(checkNonAPI(result))) {
print_error(function, result);
} else {
print_error_nonapi(function, result);
}
exitCode = result;
} else {
print_success(function, result);
}
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(exitCode);
}
void
tc_create_object(TSS_HCONTEXT hContext, UINT32 type, UINT32 flags, TSS_HOBJECT *hObject)
{
TSS_RESULT result;
//Create Object
result = Tspi_Context_CreateObject(hContext, type, flags, hObject);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
}
void initidentity()
{
//set the type
init_key_type = TSS_KEY_TYPE_IDENTITY;
//set the key size
init_key_size = TSS_KEY_SIZE_DEFAULT;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
static int
tpm_sign_fn(gnutls_privkey_t key, void *_s,
const gnutls_datum_t * data, gnutls_datum_t * sig)
{
struct tpm_ctx_st *s = _s;
TSS_HHASH hash;
int err;
_gnutls_debug_log("TPM sign function called for %u bytes.\n",
data->size);
err =
Tspi_Context_CreateObject(s->tpm_ctx,
TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER,
&hash);
if (err) {
gnutls_assert();
_gnutls_debug_log("Failed to create TPM hash object: %s\n",
Trspi_Error_String(err));
return GNUTLS_E_PK_SIGN_FAILED;
}
err = Tspi_Hash_SetHashValue(hash, data->size, data->data);
if (err) {
gnutls_assert();
_gnutls_debug_log
("Failed to set value in TPM hash object: %s\n",
Trspi_Error_String(err));
Tspi_Context_CloseObject(s->tpm_ctx, hash);
return GNUTLS_E_PK_SIGN_FAILED;
}
err = Tspi_Hash_Sign(hash, s->tpm_key, &sig->size, &sig->data);
Tspi_Context_CloseObject(s->tpm_ctx, hash);
if (err) {
if (s->tpm_key_policy || err != TPM_E_AUTHFAIL)
_gnutls_debug_log
("TPM hash signature failed: %s\n",
Trspi_Error_String(err));
if (err == TPM_E_AUTHFAIL)
return GNUTLS_E_TPM_KEY_PASSWORD_ERROR;
else
return GNUTLS_E_PK_SIGN_FAILED;
}
return 0;
}
static int tpm_sign_fn(gnutls_privkey_t key, void *_vpninfo,
const gnutls_datum_t *data, gnutls_datum_t *sig)
{
struct openconnect_info *vpninfo = _vpninfo;
TSS_HHASH hash;
int err;
vpn_progress(vpninfo, PRG_TRACE,
_("TPM sign function called for %d bytes.\n"),
data->size);
err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_HASH,
TSS_HASH_OTHER, &hash);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create TPM hash object: %s\n"),
Trspi_Error_String(err));
return GNUTLS_E_PK_SIGN_FAILED;
}
err = Tspi_Hash_SetHashValue(hash, data->size, data->data);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set value in TPM hash object: %s\n"),
Trspi_Error_String(err));
Tspi_Context_CloseObject(vpninfo->tpm_context, hash);
return GNUTLS_E_PK_SIGN_FAILED;
}
err = Tspi_Hash_Sign(hash, vpninfo->tpm_key, &sig->size, &sig->data);
Tspi_Context_CloseObject(vpninfo->tpm_context, hash);
if (err) {
if (vpninfo->tpm_key_policy || err != TPM_E_AUTHFAIL)
vpn_progress(vpninfo, PRG_ERR,
_("TPM hash signature failed: %s\n"),
Trspi_Error_String(err));
if (err == TPM_E_AUTHFAIL)
return GNUTLS_E_INSUFFICIENT_CREDENTIALS;
else
return GNUTLS_E_PK_SIGN_FAILED;
}
return 0;
}
static int
createek(TSS_HCONTEXT hContext, TSS_HTPM hTPM)
{
TSS_RESULT ret;
TSS_HOBJECT hKeyEK;
TSS_VALIDATION ValidationData;
TPM_NONCE nonce;
TPM_DIGEST digest;
/* Create the empty key struct for EK */
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
(TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NON_VOLATILE |
TSS_KEY_NOT_MIGRATABLE | TSS_KEY_TYPE_STORAGE |
TSS_KEY_SIZE_2048 | TSS_KEY_NOT_CERTIFIED_MIGRATABLE |
TSS_KEY_STRUCT_KEY12 | TSS_KEY_EMPTY_KEY),
&hKeyEK);
if (ret) {
print_error(ret, gettext("Create endorsement key object"));
return (ERR_FAIL);
}
ValidationData.ulExternalDataLength = sizeof (nonce);
ValidationData.rgbExternalData = (BYTE *) &nonce;
ret = get_random(sizeof (nonce), (BYTE *) &nonce);
if (ret)
return (ERR_FAIL);
ValidationData.ulValidationDataLength = sizeof (digest);
ValidationData.rgbValidationData = (BYTE *) &digest;
ret = Tspi_TPM_CreateEndorsementKey(hTPM, hKeyEK, &ValidationData);
if (ret) {
print_error(ret, gettext("Create endorsement key"));
return (ERR_FAIL);
}
return (0);
}
int main(int argc, char ** argv) {
FILE * file;
size_t res;
rom_hdr_t hdr;
TSS_RESULT result;
char pathrom[256] = "";
TSS_HKEY hSRK;
TSS_HPOLICY pSRK;
TSS_HKEY hKey;
BYTE * pubInfo;
UINT32 pubInfoSize;
int i;
for(i = 1 ; i < argc ; i++) {
if(strncmp("-f", argv[i], sizeof("-f")) == 0) {
if(i + 1 >= argc) {
usage();
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s", argv[i + 1]);
pathrom[sizeof(pathrom) - 1] = 0;
i++;
} else {
usage();
return 1;
}
}
if(pathrom[0] == 0) {
char * home=getenv("HOME");
if(home == NULL) {
fprintf(stderr, "No $HOME environment variable defined\n");
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s/.dtex/rom.bin", home);
pathrom[sizeof(pathrom) - 1] = 0;
}
file = fopen(pathrom, "rb");
if(file == NULL) {
fprintf(stderr, "Can't open rom file\n");
return 1;
}
res = fread(&hdr, sizeof(hdr), 1, file);
if(res != 1) {
fprintf(stderr, "Can't read rom file\n");
fclose(file);
return 1;
}
fclose(file);
//Creation of the TSS Context
result = Tspi_Context_Create(&hContext);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Create", result);
res = 1;
goto err;
}
//Connection to the TSS Context
result = Tspi_Context_Connect(hContext, NULL);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Connext", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
res = 1;
goto err;
}
// Create object key in order to put the public key
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_EMPTY_KEY, &hKey);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_LoadKeyByBlob", result);
res = 1;
goto err;
}
result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, hdr.tpmsignkey_size, hdr.tpmsignkey_blob);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_SetAttribData", result);
res = 1;
goto err;
}
result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &pubInfoSize, &pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_GetAttribData", result);
res = 1;
goto err;
}
if(fwrite(pubInfo, pubInfoSize, 1, stdout) != 1) {
fprintf(stderr, "Write error\n");
res = 1;
goto err;
}
result = Tspi_Context_FreeMemory(hContext, pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_FreeMemory", result);
res = 1;
goto err;
}
res = 0;
err:
//Close TSS session
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return res;
}
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig)
{
static const TSS_UUID SRK_UUID = TSS_UUID_SRK;
gnutls_datum_t asn1;
unsigned int tss_len;
char *pass;
int ofs, err;
err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Error decoding TSS key blob: %s\n"),
gnutls_strerror(err));
return -EINVAL;
}
/* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */
if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = asn1.data[1];
ofs = 2;
if (tss_len & 0x80) {
int lenlen = tss_len & 0x7f;
if (asn1.size < 2 + lenlen || lenlen > 3) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = 0;
while (lenlen) {
tss_len <<= 8;
tss_len |= asn1.data[ofs++];
lenlen--;
}
}
if (tss_len + ofs != asn1.size) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
err = Tspi_Context_Create(&vpninfo->tpm_context);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create TPM context: %s\n"),
Trspi_Error_String(err));
goto out_blob;
}
err = Tspi_Context_Connect(vpninfo->tpm_context, NULL);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to connect TPM context: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &vpninfo->srk);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK key: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK policy object: %s\n"),
Trspi_Error_String(err));
goto out_srk;
}
pass = vpninfo->cert_password;
vpninfo->cert_password = NULL;
while (1) {
static const char nullpass[20];
/* We don't seem to get the error here... */
if (pass)
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (BYTE *)pass);
else /* Well-known NULL key */
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_SHA1,
sizeof(nullpass), (BYTE *)nullpass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set TPM PIN: %s\n"),
Trspi_Error_String(err));
goto out_srkpol;
}
free(pass);
/* ... we get it here instead. */
err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk,
tss_len, asn1.data + ofs,
&vpninfo->tpm_key);
if (!err)
break;
if (pass)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM key blob: %s\n"),
Trspi_Error_String(err));
if (err != TPM_E_AUTHFAIL)
goto out_srkpol;
err = request_passphrase(vpninfo, "openconnect_tpm_srk",
&pass, _("Enter TPM SRK PIN:"));
if (err)
goto out_srkpol;
}
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY
gnutls_privkey_init(pkey);
/* This would be nicer if there was a destructor callback. I could
allocate a data structure with the TPM handles and the vpninfo
pointer, and destroy that properly when the key is destroyed. */
gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0);
#else
*pkey = OPENCONNECT_TPM_PKEY;
#endif
retry_sign:
err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig);
if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) {
if (!vpninfo->tpm_key_policy) {
err = Tspi_Context_CreateObject(vpninfo->tpm_context,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&vpninfo->tpm_key_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create key policy object: %s\n"),
Trspi_Error_String(err));
goto out_key;
}
err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy,
vpninfo->tpm_key);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to assign policy to key: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
}
err = request_passphrase(vpninfo, "openconnect_tpm_key",
&pass, _("Enter TPM key PIN:"));
if (err)
goto out_key_policy;
err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (void *)pass);
free (pass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set key PIN: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
goto retry_sign;
}
free (asn1.data);
return 0;
out_key_policy:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy);
vpninfo->tpm_key_policy = 0;
out_key:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key);
vpninfo->tpm_key = 0;
out_srkpol:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy);
vpninfo->srk_policy = 0;
out_srk:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk);
vpninfo->srk = 0;
out_context:
Tspi_Context_Close(vpninfo->tpm_context);
vpninfo->tpm_context = 0;
out_blob:
free (asn1.data);
return -EIO;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
int
main_v1_2(char version)
{
char *function = "Tspi_Data_Unbind-trans03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hKey, hWrappingKey;
TSS_HPOLICY hSrkPolicy;
BYTE *prgbDataToUnBind;
TSS_HENCDATA hEncData;
UINT32 pulDataLength;
BYTE rgbDataToBind[32] =
{ 0, 1, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4,
5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 };
UINT32 ulDataLength = 32;
TSS_UUID uuid;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_FLAG initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(function);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
// create hKey
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND, &hEncData);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hEncData)",
result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Load the newly created key
result = Tspi_Key_LoadKey(hKey, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_LoadKey", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Data_Bind(hEncData, hKey, ulDataLength, rgbDataToBind);
if (result != TSS_SUCCESS) {
print_error("Tspi_Data_Bind", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Data_Unbind(hEncData, hKey, &pulDataLength, &prgbDataToUnBind);
if (result != TSS_SUCCESS) {
print_error("Tspi_Data_Unbind", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result != TSS_SUCCESS) {
if (!(checkNonAPI(result)))
print_error(function, result);
else
print_error_nonapi(function, result);
} else {
result =
Tspi_Context_FreeMemory(hContext, prgbDataToUnBind);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_FreeMemory ", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(function, result);
}
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
main_v1_1(void){
char *nameOfFunction = "Tspi_Key_LoadKey01";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_UUID uuid;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
//Create Key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_Create Key", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key (hKey)
result = Tspi_Key_LoadKey(hKey, hSRK);
if (result != TSS_SUCCESS){
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
main_v1_1(void){
char *nameOfFunction = "Tspi_Key_CreateMigrationBlob03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hKey;
UINT32 TargetPubKeyLength;
BYTE *TargetPublicKeyData;
BYTE *MigTicket;
UINT32 TicketLength;
BYTE *randomData;
UINT32 randomLength;
UINT32 migBlobLength;
BYTE *migBlob;
UINT32 blobLength;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy,
tpmUsagePolicy;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID for hSRK", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
#endif
//Get Policy Object
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE,
&hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Create Signing Key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Key_CreateKey", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
Tspi_Context_CloseObject(hContext, hKey);
exit(result);
}
//Authorize Migration Ticket
result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hKey,
TSS_MS_REWRAP, &TicketLength, &MigTicket);
if (result != TSS_SUCCESS)
{
print_error("Tpsi_TPM_AuthorizeMigrationTicket ", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
Tspi_Context_CloseObject(hContext, hKey);
exit(result);
}
//Create Migration Blob
result = Tspi_Key_CreateMigrationBlob(-1, hSRK,
TicketLength, MigTicket, &randomLength,
&randomData, &migBlobLength, &migBlob);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
int
main_v1_2(char version)
{
char *function = "Tspi_PcrComposite_GetPcrLocality01";
TSS_HCONTEXT hContext;
TSS_HPCRS hPcrComposite;
TSS_RESULT result;
UINT32 pLocalityValue;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
print_error_exit( function, err_string(result) );
exit( result );
}
// create object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hPcrComposite)",
result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_GetPcrLocality( hPcrComposite, &pLocalityValue );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit(result);
}
else
{
print_error_nonapi( function, result );
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit(result);
}
}
else
{
print_success( function, result );
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
}
int
main_v1_2( char version )
{
char *function = "Tspi_GetAttribData21";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HPOLICY hSrkPolicy;
BYTE *rgbDataToSeal = "This is a test";
BYTE rgbPcrValue[20];
TSS_HPCRS hPcrComposite;
UINT32 AttribDataSize;
BYTE* AttribData;
UINT32 ulDataLength = strlen(rgbDataToSeal);
TSS_RESULT result,resultFree;
TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 |
TSS_KEY_TYPE_STORAGE |
TSS_KEY_NO_AUTHORIZATION;
TSS_FLAG pcrsInitFlags = 0;
print_begin_test( function );
if (version == TESTSUITE_TEST_TSS_1_2) {
keyInitFlags |= TSS_KEY_STRUCT_KEY12;
pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG;
}
memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue));
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
print_end_test(function);
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key by UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags,
&hPcrComposite );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hPcrComposite)",
result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrValue", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrLocality", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Checking flag and subflags
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -",
result );
}
print_end_test(function);
Tspi_Context_Close(hContext);
exit( 0 );
}
int main(int argc, char *argv[]) {
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
char *credential_filename = DEFAULT_CREDENTIAL_FILENAME;
UINT32 nonceVerifierLength;
BYTE *nonceVerifier;
TSS_HDAA hDAA;
TSS_DAA_CREDENTIAL *hDaaCredential;
TSS_DAA_SIGN_DATA signData;
TSS_DAA_SIGNATURE daaSignature;
TSS_DAA_SELECTED_ATTRIB revealAttributes;
char *szTpmPasswd = DEFAULT_OWN_PASSWD;
char *message = NULL;
BYTE **attributes = NULL;
FILE *file;
char *param;
int i, length, rv;
bi_ptr random = NULL;
TSS_BOOL isCorrect;
EVP_MD_CTX *mdctx;
TSS_HKEY hKEY;
init_tss_version( &signData);
init_tss_version( &daaSignature);
init_tss_version( &revealAttributes);
i = 1;
while( i < argc) {
param = argv[ i];
if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) {
i++;
if( i == argc) return print_usage( argv[0]);
message = argv[i];
} else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){
i++;
if( i == argc) return print_usage( argv[0]);
credential_filename = argv[i];
} else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){
i++;
if( i == argc) return print_usage( argv[0]);
szTpmPasswd = argv[i];
} else {
fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param);
return print_usage( argv[0]);
}
i++;
}
bi_init( NULL);
printf("Loading credential: %s ", credential_filename);
file = fopen( credential_filename, "r");
if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) {
LogError( "[test_join]: Error when loading \'%s\': %s\n",
credential_filename,
strerror( errno));
result = TSS_E_FAIL;
goto out_close;
}
fclose( file);
printf("Done\n");
// Create Context
LogDebug("Create Context");
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
LogError( "Tspi_Context_Create %d\n", result );
goto out;
}
// Connect to Context
result = Tspi_Context_Connect( hContext, NULL );
if ( result != TSS_SUCCESS) goto out_close;
printf("\nConnect to the context: %X\n", hContext);
if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS)
goto out_close;
// Get the correct policy using the TPM ownership PASSWD
if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS)
goto out_close;
if( (result = Tspi_Policy_SetSecret( hPolicy,
TSS_SECRET_MODE_PLAIN,
strlen( szTpmPasswd),
szTpmPasswd)) != TSS_SUCCESS)
goto out_close;
LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy);
//Create Object
result = obj_daa_add( hContext, &hDAA);
if (result != TSS_SUCCESS) {
LogError("Tspi_Context_CreateObject:%d", result);
Tspi_Context_Close(hContext);
LogError("%s: %s", argv[0], err_string(result));
exit(result);
}
LogDebug("created DAA object:%X", hDAA);
// TODO: verifier base name ??
result = Tspi_DAA_VerifyInit(
hDAA, // in
&nonceVerifierLength, // out
&nonceVerifier, // out
0, //baseNameLength, // out
NULL //baseName // out
);
if (result != TSS_SUCCESS) goto out_close;
LogDebug("Verify Init return nonceVerifier [%s]",
dump_byte_array( nonceVerifierLength, nonceVerifier));
create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0);
mdctx = EVP_MD_CTX_create();
// create the TSS_DAA_SIGN_DATA struct
// .selector: 0 -> payload contains a handle to an AIK
// 1 -> payload contains a hashed message
if( message != NULL) {
signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH;
signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH;
EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest());
EVP_DigestUpdate(mdctx, (BYTE *)message, strlen( message));
signData.payloadLength = EVP_MD_CTX_size(mdctx);
signData.payload = (BYTE *)EVP_MD_CTX_create();
EVP_DigestFinal(mdctx, signData.payload, NULL);
} else {
signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY;
result = Tspi_Context_CreateObject(
hContext, // in
TSS_OBJECT_TYPE_RSAKEY, // in
TSS_KEY_SIZE_2048, // in
&hKEY // out
);
if( result != TSS_SUCCESS) goto out_close;
}
result = Tspi_TPM_DAA_Sign(
hDAA, // in
hTPM, // in
(TSS_HKEY)hDaaCredential, // in
revealAttributes, // in
0, // verifierBaseNameLength, // in
NULL, // verifierBaseName, // in
nonceVerifierLength, // in
nonceVerifier, // in
signData, // in
&daaSignature // out
);
if (result != TSS_SUCCESS) goto out_close;
LogDebug("TPM_DAA_Sign return daaSignature [%s]",
dump_byte_array( nonceVerifierLength, nonceVerifier));
// generate attributes list but without copying the not revealed ones
attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength);
for( i=0; i < (int)(hDaaCredential->attributesLength); i++) {
if( revealAttributes.indicesList[i]) {
attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8);
memcpy( attributes[i],
hDaaCredential->attributes[i],
DAA_PARAM_SIZE_F_I / 8);
} else {
attributes[i] = NULL;
}
}
result = Tspi_DAA_VerifySignature(
hDAA, // in
daaSignature, // in
(TSS_HKEY)&(hDaaCredential->issuerPK), // in
signData, // in
hDaaCredential->attributesLength, // in
attributes, // in
nonceVerifierLength, // in
nonceVerifier, // in
0, //baseNameLength, //in
NULL, // in
&isCorrect // out
);
printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no"));
out_close:
EVP_MD_CTX_destroy(mdctx);
if( attributes != NULL) {
for( i=0; i<(int)hDaaCredential->attributesLength; i++) {
if( attributes[i] != NULL) free( attributes[i]);
}
free( attributes);
}
if( random != NULL) bi_free_ptr( random);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
out:
bi_release();
LogDebug("THE END result=%d:%s",result, err_string( result) );;
return result;
}
TSS_RESULT MyFunc_CreatePubKey(RSA *rsa, int padding, TSS_HKEY *hKey){
TSS_HCONTEXT hContext;
TSS_RESULT result;
UINT32 encScheme, sizeN, keySize;
BYTE n[2048];
switch(padding){
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
if((keySize = get_tss_key_size(RSA_size(rsa) * 8 )) == 0){
return TSS_E_BAD_PARAMETER;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_LEGACY | keySize, hKey);
if(result != TSS_SUCCESS){
LogError("Tspi_Context_CreateObject failed:%s", strresult(result));
return result;
}
if((sizeN = BN_bn2bin(rsa->n, n)) <= 0){
LogError("BN_bn2bin failed");
ERR_print_errors_fp(stdout);
Tspi_Context_CloseObject(hContext, *hKey);
return TSS_E_FAIL;
}
result = Tspi_SetAttribData(*hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, sizeN, n);
if(result != TSS_SUCCESS){
LogError("Tspi_SetAttribData failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext, *hKey);
return result;
}
result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ALGORITHM, TSS_ALG_RSA );
if(result != TSS_SUCCESS){
LogError("Tspi_SetAttribUnit32 failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext, *hKey);
return result;
}
result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_PRIMES, 2);
if(result != TSS_SUCCESS){
LogError("Tspi_SetAttribUnit32 failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext, *hKey);
return result;
}
result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme);
if(result != TSS_SUCCESS){
LogError("Tspi_Setattribunit32 failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext,*hKey);
return result;
}
return TSS_SUCCESS;
}
main_v1_1(void){
char *nameOfFunction = "policy_no_secret";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_BOOL allowMaint = FALSE;
BYTE *randomData;
TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy;
print_begin_test(nameOfFunction);
#ifdef TESTSUITE_NOAUTH_SRK
print_NA();
print_end_test(nameOfFunction);
exit(0);
#endif
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Policy Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Assign new policy w/o secret to the SRK object
result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create child key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND|
TSS_KEY_NO_AUTHORIZATION, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Attempt to use the SRK w/o putting a secret in its policy
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Key creation w/o parent secret set", result);
print_error(nameOfFunction, result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("Key creation w/o parent secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
// With a secret set, this should work OK
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Try an owner auth'd command w/o secret
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Policy Object
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Tspi_TPM_GetStatus w/o owner secret set", result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("TPM_GetStatus w/o owner secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_GetStatus", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_ReadValue-trans03";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HOBJECT hPolObject = NULL_HOBJECT;
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
BYTE *auth = "123456";
UINT32 auth_length = 6;
BYTE *policyData;
UINT32 read_space = 10;
TSS_RESULT result;
TSS_HKEY hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifdef NV_LOCKED
/* Get TPM object */
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS)
{
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
/* Create policy object for the NV object*/
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_AssignToObject(hPolObject, hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext,NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData);
#ifdef CLEAR_TEST_INDEX
Tspi_Context_GetTpmObject(hContext, &hTPM);
Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
Tspi_NV_ReleaseSpace(hNVStore);
#endif
#ifdef NV_LOCKED
if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT)
#else
if (result != TSS_SUCCESS)
#endif
{
print_error("Tspi_NV_ReadValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result == TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_ReleaseSpace-trans02";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
TSS_RESULT result;
TSS_HKEY hSigningKey, hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
&hSigningKey);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011111);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
if (result != TSS_SUCCESS)
{
print_error("Tspi_NV_DefineSpace", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0x0);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Release NV space*/
result = Tspi_NV_ReleaseSpace(hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_NV_ReleaseSpace", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, hSigningKey);
if (result== TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_CreateDelegation02";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HPOLICY hDelegation = NULL_HPOLICY;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
goto done;
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", result );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(0xffffffff, 'b', 0, NULL_HPCRS, hFamily, hDelegation);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE)
{
print_error( function, result );
result = 1;
goto done;
}
else
{
print_success( function, result );
result = 0;
}
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
print_end_test( function );
exit( result );
}
int main_v1_1(void)
{
TSS_RESULT result;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HCONTEXT hContext;
TSS_HENCDATA hEncData;
TSS_HPOLICY hEncPolicy;
UINT32 ulEncDataLen, ulDataUnsealedLen;
BYTE *rgbDataUnsealed, *dataBuf;
int i, exitCode;
FILE *fEncData = NULL;
char *file_name = "sealedData";
BYTE *rgbDataToSeal = "0123456789ABCDEF0123456789ABCDEF";
UINT32 ulDataToSealLen = 32;
// load Context, SRK, TPM
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result) {
printf("connect_load_all failed\n");
return result;
}
// Create Encrypted Data Object
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_SEAL,
&hEncData);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = set_secret(hContext, hEncData, &hEncPolicy);
if (result) {
printf("set_secret failed\n");
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
fEncData = fopen(file_name, "rb");
if (!fEncData) {
printf("open %s failed\n", file_name);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(-1);
}
// Get file size
fseek(fEncData, 0L, SEEK_END);
ulEncDataLen = ftell(fEncData);
fseek(fEncData, 0L, SEEK_SET);
dataBuf = malloc(ulEncDataLen);
if (fread(dataBuf, 1, ulEncDataLen, fEncData) != ulEncDataLen) {
printf("fread failed\n");
free(dataBuf);
fclose(fEncData);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(-1);
}
fclose(fEncData);
printf("Sealed data:\n");
print_hex(dataBuf, ulEncDataLen);
result = Tspi_SetAttribData(hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
ulEncDataLen,
dataBuf);
if (TSS_SUCCESS != result) {
print_error("Tspi_SetAttribData", result);
free(dataBuf);
dataBuf = NULL;
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
free(dataBuf);
dataBuf = NULL;
result = Tspi_Data_Unseal(hEncData,
hSRK,
&ulDataUnsealedLen,
&rgbDataUnsealed);
if (TSS_SUCCESS != result) {
print_error("Tspi_Data_Unseal", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
printf("Unsealed Data:\n");
print_hex(rgbDataUnsealed, ulDataUnsealedLen);
if (ulDataUnsealedLen != ulDataToSealLen ||
memcmp(rgbDataToSeal, rgbDataUnsealed, ulDataToSealLen)) {
printf("\nFailed\n");
} else {
printf("\nSuccess\n");
}
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
