Ejemplo n.º 1
0
TSS_RESULT
registerkey(int i)
{
	TSS_RESULT result;
	char *function = "Tspi_Context_RegisterKey";

	printf("%s: key %d\n", __FUNCTION__, i);
	result = Tspi_Context_RegisterKey( hContext, hKey[i].handle,
						TSS_PS_TYPE_SYSTEM,
						hKey[i].uuid,
						TSS_PS_TYPE_SYSTEM,
						SRK_UUID );
	if (result != TSS_SUCCESS)
	{
		if( !(checkNonAPI(result)) )
		{
			print_error( function, result );
			return result;
		}
		else
		{
			print_error_nonapi( function, result );
			return result;
		}
	}
	else
	{
		hKey[i].registered = 1;
		print_success( function, result );
		return 0;
	}
}
Ejemplo n.º 2
0
/* create and store keys with the uuids in the @uuids parameter. Unregister
 * any keys in the PS that are already stored. hParentKey should already be
 * loaded and will become the parent of the key stored with uuids[0] */
TSS_RESULT
store_keys(TSS_HCONTEXT hContext, TSS_HKEY hParentKey, TSS_UUID *uuidParent0,
	   TSS_UUID **uuids)
{
	int i;
	TSS_RESULT result;
	TSS_UUID *uuidParent;
	TSS_HKEY hKey;
	TSS_FLAG initFlags;

	for (i = 0; uuids[i]; i++) {
		/* unregister any keys in the PS that are in the way */
		if ((result = Tspi_Context_UnregisterKey(hContext,
							 TSS_PS_TYPE_SYSTEM,
							 *uuids[i], &hKey)) &&
		    (TSS_ERROR_CODE(result) != TSS_E_PS_KEY_NOTFOUND)) {
			print_error("Tspi_Context_UnregisterKey", result);
			return result;
		}
	}

	initFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE |
		    TSS_KEY_NO_AUTHORIZATION;
	uuidParent = uuidParent0;
	for (i = 0; uuids[i]; i++) {
		/* create the keys and register them */
		if ((result = Tspi_Context_CreateObject(hContext,
							TSS_OBJECT_TYPE_RSAKEY,
							initFlags, &hKey))) {
			print_error("Tspi_Context_CreateObject", result);
			return result;
		}

		if ((result = Tspi_Key_CreateKey(hKey, hParentKey, 0))) {
			print_error("Tspi_Key_CreateKey", result);
			return result;
		}

		/* load key so that the child can be created */
		if ((result = Tspi_Key_LoadKey(hKey, hParentKey))) {
			print_error("Tspi_Key_LoadKey", result);
			return result;
		}

		/* register the new key */
		if ((result = Tspi_Context_RegisterKey(hContext, hKey,
						       TSS_PS_TYPE_SYSTEM,
						       *uuids[i],
						       TSS_PS_TYPE_SYSTEM,
						       *uuidParent))) {
			print_error("Tspi_Context_RegisterKey", result);
			return result;
		}
		hParentKey = hKey;
		uuidParent = uuids[i];
	}

	return TSS_SUCCESS;
}
Ejemplo n.º 3
0
main_v1_1(void){

	char		*nameOfFunction = "Tspi_GetAttribData19";
	TSS_FLAG	initFlags;
	TSS_HKEY	hKey;
	TSS_HCONTEXT	hContext;
	TSS_RESULT	result;
	TSS_HKEY	hSRK;
	BYTE*		uuid;
	UINT32		uuidLength;
	int		rc;
	TSS_UUID	null_uuid, key_uuid;
	initFlags	= TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048  |
			TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
			TSS_KEY_NOT_MIGRATABLE;

	memset(&null_uuid, 0, sizeof(TSS_UUID));
	memset(&key_uuid, 0x7f, sizeof(TSS_UUID));

	print_begin_test(nameOfFunction);

		//Create Context and connect
	result = connect_load_srk(&hContext, &hSRK);
	if (result != TSS_SUCCESS) {
		print_error("connect_load_srk", result);
		print_error_exit(nameOfFunction, err_string(result));
		exit(result);
	}
		//Create Key Object
	result = Tspi_Context_CreateObject(hContext,
					   TSS_OBJECT_TYPE_RSAKEY,
					   initFlags, &hKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CreateObject", result);
		print_error_exit(nameOfFunction, err_string(result));
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Create Key in the TPM
	result = Tspi_Key_CreateKey(hKey, hSRK, 0);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Key_CreateKey", result);
		print_error_exit(nameOfFunction, err_string(result));
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Call GetAttribData, uuid should be all 0's
	result = Tspi_GetAttribData(hKey,
				    TSS_TSPATTRIB_KEY_UUID, 0,
				    &uuidLength, &uuid);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_GetAttribData", result);
		print_error_exit(nameOfFunction, err_string(result));
		Tspi_Context_Close(hContext);
		exit(result);
	}

		//Check length and data
	if (uuidLength != sizeof(TSS_UUID)) {
		print_verifyerr("uuid length from Tspi_GetAttribData", 0, 1);
		print_error("uuid length from Tspi_GetAttribData", TSS_E_FAIL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
	if ((rc = memcmp(uuid, &null_uuid, uuidLength))) {
		print_verifyerr("a null uuid from Tspi_GetAttribData", 0, rc);
		print_hex(uuid, sizeof(TSS_UUID));
		print_error("uuid NULL from Tspi_GetAttribData", TSS_E_FAIL);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	Tspi_Context_FreeMemory(hContext, uuid);

register_key:
		//Register Key
	result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM,
					  key_uuid, TSS_PS_TYPE_SYSTEM,
					  SRK_UUID);
	if (TSS_ERROR_CODE(result) == TSS_E_KEY_ALREADY_REGISTERED) {
		result = Tspi_Context_UnregisterKey(hContext,
						    TSS_PS_TYPE_SYSTEM,
						    key_uuid, &hKey);
		if (result != TSS_SUCCESS) {
			print_error("Tspi_Context_UnregisterKey", result);
			print_error_exit(nameOfFunction, err_string(result));
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
		goto register_key;
	} else if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_RegisterKey", result);
		print_error_exit(nameOfFunction, err_string(result));
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}

		//Close the object
	result = Tspi_Context_CloseObject(hContext, hKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CloseObject", result);
		print_error_exit(nameOfFunction, err_string(result));
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
	hKey = 0;
		//Load the key by UUID from PS
	result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
					    key_uuid, &hKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_LoadKeyByUUID", result);
		print_error_exit(nameOfFunction, err_string(result));
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}

		//Call GetAttribData, uuid should be equal to key_uuid
	result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_UUID, 0,
				    &uuidLength, &uuid);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_GetAttribData", result);
		print_error_exit(nameOfFunction, err_string(result));
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Check length and data
	if (uuidLength != sizeof(TSS_UUID)) {
		print_verifyerr("uuid length from Tspi_GetAttribData", 0, 1);
		print_error("uuid length from Tspi_GetAttribData", TSS_E_FAIL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
	if ((rc = memcmp(uuid, &key_uuid, uuidLength))) {
		print_verifyerr("key's uuid from Tspi_GetAttribData", 0, rc);
		print_hex((BYTE *)&key_uuid, sizeof(TSS_UUID));
		print_error("key's uuid from Tspi_GetAttribData", TSS_E_FAIL);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	print_success(nameOfFunction, result);
	print_end_test(nameOfFunction);
	Tspi_Context_Close(hContext);
	exit(0);
}
Ejemplo n.º 4
0
int
main_v1_1(void){

	char		*nameOfFunction = "Tspi_Context_GetRegisteredKeysByUUID03";
	TSS_HCONTEXT	hContext;
	TSS_HTPM	hTPM;
	TSS_FLAG	initFlags;
	TSS_HKEY	hKey;
	TSS_HKEY	hSRK;
	TSS_RESULT	result;
	TSS_UUID	migratableSignUUID={1, 2, 3, 4, 5, {6, 7, 8, 9, 10, 2}};
	TSS_HPOLICY	srkUsagePolicy;

	UINT32			pulKeyHierarchySize;
	TSS_KM_KEYINFO*		ppKeyHierarchy;

	initFlags	= TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_512  |
			TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
			TSS_KEY_NOT_MIGRATABLE;

	print_begin_test(nameOfFunction);

		//Create
	result = Tspi_Context_Create(&hContext);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_Create ", result);
		exit(result);
	}
		//Connect
	result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_Connect ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Get TPM Object
	result = Tspi_Context_GetTpmObject(hContext, &hTPM);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_GetTpmObject ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Create Object
	result = Tspi_Context_CreateObject(hContext,
				TSS_OBJECT_TYPE_RSAKEY,
				initFlags, &hKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CreateObject ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Load Key by UUID
	result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, 
					SRK_UUID, &hSRK);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_LoadKeyByUUID ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
#ifndef TESTSUITE_NOAUTH_SRK
		//Get Policy Object for the srkUsagePolicy
	result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_GetPolicyObject ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Set Secret for the srkUsagePolicy
	result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
			TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Policy_SetSecret ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
#endif
		//Create the hKey with the hSRK wrapping key
	result = Tspi_Key_CreateKey(hKey, hSRK, 0);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Key_CreateKey", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Register the hKey
	result = Tspi_Context_RegisterKey(hContext,
				hKey, TSS_PS_TYPE_SYSTEM, migratableSignUUID,
				TSS_PS_TYPE_SYSTEM, SRK_UUID);
	if (result != TSS_SUCCESS && TSS_ERROR_CODE(result) != TSS_E_KEY_ALREADY_REGISTERED) {
		print_error("Tspi_Context_RegisterKey ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Get Registered Keys By UUID
	result = Tspi_Context_GetRegisteredKeysByUUID(hContext, 
			-1, &migratableSignUUID,
			&pulKeyHierarchySize, &ppKeyHierarchy);
	if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
		if(!checkNonAPI(result)){
			print_error(nameOfFunction, result);
			print_end_test(nameOfFunction);
			Tspi_Context_FreeMemory(hContext, NULL);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
		else{
			print_error_nonapi(nameOfFunction, result);
			print_end_test(nameOfFunction);
			Tspi_Context_FreeMemory(hContext, NULL);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
	}
	else{
		print_success(nameOfFunction, result);
		print_end_test(nameOfFunction);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(0);
	}
}
Ejemplo n.º 5
0
int main_v1_1(void)
{
	char *function = "Tspi_Hash_Sign03";
	TSS_HCONTEXT hContext;
	TSS_HKEY hSRK;
	TSS_HKEY hMSigningKey;
	TSS_HKEY hKey;
	TSS_UUID SRKUUID = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 };
	TSS_UUID migratableSignUUID = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 2 };
	TSS_HHASH hHash;
	BYTE *prgbSignature;
//      UINT32          pulSignatureLength;
	TSS_RESULT result;
	TSS_HPOLICY srkUsagePolicy;
	TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
	    TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
	    TSS_KEY_NOT_MIGRATABLE;
	UINT32 exitCode = 0;

	print_begin_test(function);

	// Create Context
	result = Tspi_Context_Create(&hContext);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_Create", result);
		exit(result);
	}
	// Connect to Context
	result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_Connect", result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
	// create hKey
	result = Tspi_Context_CreateObject(hContext,
					   TSS_OBJECT_TYPE_RSAKEY,
					   initFlags, &hKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CreateObject (hKey)", result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
	//Load Key By UUID
	result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
					    SRK_UUID, &hSRK);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
#ifndef TESTSUITE_NOAUTH_SRK
	//Get Policy Object
	result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
				      &srkUsagePolicy);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_GetPolicyObject", result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
	//Set Secret
	result =
	    Tspi_Policy_SetSecret(srkUsagePolicy,
				  TESTSUITE_SRK_SECRET_MODE,
				  TESTSUITE_SRK_SECRET_LEN,
				  TESTSUITE_SRK_SECRET);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Policy_SetSecret", result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
#endif
	//Create Signing Key
	result =
	    Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
				      TSS_KEY_SIZE_2048 |
				      TSS_KEY_TYPE_SIGNING, &hMSigningKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CreateObject (signing key)",
			    result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	result = Tspi_Key_CreateKey(hMSigningKey, hSRK, 0);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Key_CreateKey (signing key)",
			    result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	result = Tspi_Context_RegisterKey(hContext, hMSigningKey,
					  TSS_PS_TYPE_SYSTEM,
					  migratableSignUUID,
					  TSS_PS_TYPE_SYSTEM, SRKUUID);
	if ((result != TSS_SUCCESS) &&
	    (TSS_ERROR_CODE(result) != TSS_E_KEY_ALREADY_REGISTERED)) {
		print_error("Tspi_Context_RegisterKey (signing key)",
			    result);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}

/*	result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
						migratableSignUUID,
						&hMSigningKey );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_LoadKeyByUUID (signing key)",
				result );
		Tspi_Context_UnregisterKey( hContext, TSS_PS_TYPE_SYSTEM,
						migratableSignUUID,
						&hMSigningKey );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}
*/
	result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH,
					   TSS_HASH_SHA1, &hHash);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CreateObject (hash)", result);
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
					   migratableSignUUID,
					   &hMSigningKey);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}

	result =
	    Tspi_Hash_SetHashValue(hHash, 20, "Je pense, danc je suis.");
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Hash_SetHashValue", result);
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
					   migratableSignUUID,
					   &hMSigningKey);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_Close(hContext);
		exit(result);
	}
	//Load Key Blob
	result = Tspi_Hash_Sign(hHash, hMSigningKey, NULL, &prgbSignature);
	if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
		if (!(checkNonAPI(result))) {
			print_error(function, result);
		} else {
			print_error_nonapi(function, result);
		}
		exitCode = result;
	} else {
		print_success(function, result);
	}

	print_end_test(function);
	Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
				   migratableSignUUID, &hMSigningKey);
	Tspi_Context_FreeMemory(hContext, NULL);
	Tspi_Context_Close(hContext);
	exit(exitCode);
}
Ejemplo n.º 6
0
/**
 * gnutls_tpm_privkey_generate:
 * @pk: the public key algorithm
 * @bits: the security bits
 * @srk_password: a password to protect the exported key (optional)
 * @key_password: the password for the TPM (optional)
 * @format: the format of the private key
 * @pub_format: the format of the public key
 * @privkey: the generated key
 * @pubkey: the corresponding public key (may be null)
 * @flags: should be a list of GNUTLS_TPM_* flags
 *
 * This function will generate a private key in the TPM
 * chip. The private key will be generated within the chip
 * and will be exported in a wrapped with TPM's master key
 * form. Furthermore the wrapped key can be protected with
 * the provided @password.
 *
 * Note that bits in TPM is quantized value. If the input value
 * is not one of the allowed values, then it will be quantized to
 * one of 512, 1024, 2048, 4096, 8192 and 16384.
 *
 * Allowed flags are:
 *
 * %GNUTLS_TPM_KEY_SIGNING: Generate a signing key instead of a legacy,

 * %GNUTLS_TPM_REGISTER_KEY: Register the generate key in TPM. In that
 * case @privkey would contain a URL with the UUID.
 *
 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
 *   negative error value.
 *
 * Since: 3.1.0
 **/
int
gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
			    const char *srk_password,
			    const char *key_password,
			    gnutls_tpmkey_fmt_t format,
			    gnutls_x509_crt_fmt_t pub_format,
			    gnutls_datum_t * privkey,
			    gnutls_datum_t * pubkey, unsigned int flags)
{
	TSS_FLAG tpm_flags = TSS_KEY_VOLATILE;
	TSS_HKEY key_ctx;
	TSS_RESULT tssret;
	int ret;
	void *tdata;
	UINT32 tint;
	gnutls_datum_t tmpkey = { NULL, 0 };
	TSS_HPOLICY key_policy;
	gnutls_pubkey_t pub;
	struct tpm_ctx_st s;
	TSS_FLAG storage_type;
	TSS_HTPM htpm;
	uint8_t buf[32];

	if (flags & GNUTLS_TPM_KEY_SIGNING)
		tpm_flags |= TSS_KEY_TYPE_SIGNING;
	else
		tpm_flags |= TSS_KEY_TYPE_LEGACY;

	if (flags & GNUTLS_TPM_KEY_USER)
		storage_type = TSS_PS_TYPE_USER;
	else
		storage_type = TSS_PS_TYPE_SYSTEM;

	if (bits <= 512)
		tpm_flags |= TSS_KEY_SIZE_512;
	else if (bits <= 1024)
		tpm_flags |= TSS_KEY_SIZE_1024;
	else if (bits <= 2048)
		tpm_flags |= TSS_KEY_SIZE_2048;
	else if (bits <= 4096)
		tpm_flags |= TSS_KEY_SIZE_4096;
	else if (bits <= 8192)
		tpm_flags |= TSS_KEY_SIZE_8192;
	else
		tpm_flags |= TSS_KEY_SIZE_16384;

	ret = tpm_open_session(&s, srk_password);
	if (ret < 0)
		return gnutls_assert_val(ret);

	/* put some randomness into TPM. 
	 * Let's not trust it completely.
	 */
	tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
	if (tssret != 0) {
		gnutls_assert();
		ret = tss_err(tssret);
		goto err_cc;
	}


	ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
	if (ret < 0) {
		gnutls_assert();
		goto err_cc;
	}

	tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
	if (tssret) {
		gnutls_assert();
	}

	tssret =
	    Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
				      tpm_flags, &key_ctx);
	if (tssret != 0) {
		gnutls_assert();
		ret = tss_err(tssret);
		goto err_cc;
	}

	tssret =
	    Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO,
				 TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
				 TSS_SS_RSASSAPKCS1V15_DER);
	if (tssret != 0) {
		gnutls_assert();
		ret = tss_err(tssret);
		goto err_sa;
	}

	/* set the password of the actual key */
	if (key_password) {
		tssret =
		    Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE,
					 &key_policy);
		if (tssret != 0) {
			gnutls_assert();
			ret = tss_err(tssret);
			goto err_sa;
		}

		tssret = myTspi_Policy_SetSecret(key_policy,
						 SAFE_LEN(key_password),
						 (void *) key_password);
		if (tssret != 0) {
			gnutls_assert();
			ret = tss_err(tssret);
			goto err_sa;
		}
	}

	tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
	if (tssret != 0) {
		gnutls_assert();
		ret = tss_err(tssret);
		goto err_sa;
	}

	if (flags & GNUTLS_TPM_REGISTER_KEY) {
		TSS_UUID key_uuid;

		ret = randomize_uuid(&key_uuid);
		if (ret < 0) {
			gnutls_assert();
			goto err_sa;
		}

		tssret =
		    Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx,
					     storage_type, key_uuid,
					     TSS_PS_TYPE_SYSTEM, srk_uuid);
		if (tssret != 0) {
			gnutls_assert();
			ret = tss_err(tssret);
			goto err_sa;
		}

		ret =
		    encode_tpmkey_url((char **) &privkey->data, &key_uuid,
				      storage_type);
		if (ret < 0) {
			TSS_HKEY tkey;

			Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type,
						   key_uuid, &tkey);
			gnutls_assert();
			goto err_sa;
		}
		privkey->size = strlen((char *) privkey->data);

	} else {		/* get the key as blob */


		tssret =
		    Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
				       TSS_TSPATTRIB_KEYBLOB_BLOB, &tint,
				       (void *) &tdata);
		if (tssret != 0) {
			gnutls_assert();
			ret = tss_err(tssret);
			goto err_sa;
		}


		if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) {
			ret =
			    _gnutls_x509_encode_string
			    (ASN1_ETYPE_OCTET_STRING, tdata, tint,
			     &tmpkey);
			if (ret < 0) {
				gnutls_assert();
				goto cleanup;
			}

			ret =
			    _gnutls_fbase64_encode("TSS KEY BLOB",
						   tmpkey.data,
						   tmpkey.size, privkey);
			if (ret < 0) {
				gnutls_assert();
				goto cleanup;
			}
		} else {
			UINT32 tint2;

			tmpkey.size = tint + 32;	/* spec says no more than 20 */
			tmpkey.data = gnutls_malloc(tmpkey.size);
			if (tmpkey.data == NULL) {
				gnutls_assert();
				ret = GNUTLS_E_MEMORY_ERROR;
				goto cleanup;
			}

			tint2 = tmpkey.size;
			tssret =
			    Tspi_EncodeDER_TssBlob(tint, tdata,
						   TSS_BLOB_TYPE_PRIVATEKEY,
						   &tint2, tmpkey.data);
			if (tssret != 0) {
				gnutls_assert();
				ret = tss_err(tssret);
				goto cleanup;
			}

			tmpkey.size = tint2;

			privkey->data = tmpkey.data;
			privkey->size = tmpkey.size;
			tmpkey.data = NULL;
		}
	}

	/* read the public key */
	if (pubkey != NULL) {
		size_t psize;

		ret = gnutls_pubkey_init(&pub);
		if (ret < 0) {
			gnutls_assert();
			goto privkey_cleanup;
		}

		ret = read_pubkey(pub, key_ctx, &psize);
		if (ret < 0) {
			gnutls_assert();
			goto privkey_cleanup;
		}
		psize += 512;

		pubkey->data = gnutls_malloc(psize);
		if (pubkey->data == NULL) {
			gnutls_assert();
			ret = GNUTLS_E_MEMORY_ERROR;
			goto pubkey_cleanup;
		}

		ret =
		    gnutls_pubkey_export(pub, pub_format, pubkey->data,
					 &psize);
		if (ret < 0) {
			gnutls_assert();
			goto pubkey_cleanup;
		}
		pubkey->size = psize;

		gnutls_pubkey_deinit(pub);
	}

	ret = 0;
	goto cleanup;

      pubkey_cleanup:
	gnutls_pubkey_deinit(pub);
      privkey_cleanup:
	gnutls_free(privkey->data);
	privkey->data = NULL;
      cleanup:
	gnutls_free(tmpkey.data);
	tmpkey.data = NULL;
      err_sa:
	Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
      err_cc:
	tpm_close_session(&s);
	return ret;
}
Ejemplo n.º 7
0
int
main_v1_1( void )
{
	char		*function = "key_auth_check01";
	TSS_HCONTEXT	hContext;
	UINT32		exitCode;
	TSS_HKEY	hSRK;
	TSS_HKEY	hMSigningKey;
	TSS_UUID	migratableSignUUID = {0x1, 0x55, 0x67, 0x8, 0x5, { 6, 7, 8, 9, 10, 2 } };
	TSS_HHASH	hHash;
	BYTE		*prgbSignature;
	UINT32		pulSignatureLength;
	TSS_RESULT	result;
	TSS_HPOLICY	srkUsagePolicy, keyUsagePolicy;

	print_begin_test( function );

		// Create Context
	result = Tspi_Context_Create( &hContext );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Create", result );
		print_error_exit( function, err_string(result) );
		exit( result );
	}

		// Connect to Context
	result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Connect", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		//Load Key By UUID
	result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
						SRK_UUID, &hSRK );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

#ifndef TESTSUITE_NOAUTH_SRK
		//Get Policy Object
	result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
					&srkUsagePolicy );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_GetPolicyObject", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		//Set Secret
	result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
				TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Policy_SetSecret", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}
#endif

		//Create Signing Key
	result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
						TSS_KEY_SIZE_2048 |
						TSS_KEY_TYPE_SIGNING |
						TSS_KEY_AUTHORIZATION,
						&hMSigningKey );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (signing key)",
				result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		// get signing key's policy
	result = Tspi_GetPolicyObject( hMSigningKey, TSS_POLICY_USAGE,
					&keyUsagePolicy );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_GetPolicyObject", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		//Set Secret
	result = Tspi_Policy_SetSecret( keyUsagePolicy, TESTSUITE_KEY_SECRET_MODE,
					TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Policy_SetSecret", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

	result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Key_CreateKey (signing key)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

	result = Tspi_Key_LoadKey( hMSigningKey, hSRK );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_LoadKey (hMSigningKey)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		// create hash
	result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_HASH,
						TSS_HASH_SHA1, &hHash );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (hash)", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

	result = Tspi_Hash_UpdateHashValue( hHash, 20, "Je pense, danc je s" );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Hash_SetHashValue", result );
		print_error_exit( function, err_string(result) );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}


	result = Tspi_Hash_Sign( hHash, hMSigningKey, &pulSignatureLength,
					&prgbSignature );
	if ( result != TSS_SUCCESS )
	{
		if( !(checkNonAPI(result)) )
		{
			print_error( function, result );
			exitCode = 1;
		}
		else
		{
			print_error_nonapi( function, result );
			exitCode = 1;
		}
	}
	else
	{
		result = Tspi_Context_RegisterKey(hContext, hMSigningKey, TSS_PS_TYPE_SYSTEM,
						migratableSignUUID, TSS_PS_TYPE_SYSTEM, SRK_UUID);
		if (result != TSS_SUCCESS)
		{
			print_error( "Tspi_Context_RegisterKey", result );
			print_error_exit( function, err_string(result) );
			Tspi_Context_FreeMemory( hContext, NULL );
			Tspi_Context_Close( hContext );
			exit( result );
		}
		print_success( function, result );
		exitCode = 0;
	}

	print_end_test( function );
	Tspi_Context_FreeMemory( hContext, NULL );
	Tspi_Context_Close( hContext );
	exit( exitCode );
}
Ejemplo n.º 8
0
int
main_v1_1( void )
{
	char		*function = "key_auth_chain02";
	TSS_HCONTEXT    hContext;
	TSS_HKEY        hSRK;
	TSS_HKEY	hKey0, hKey1, hKey2;
	TSS_RESULT	result;
	TSS_HENCDATA	hEncData;
	TSS_HPOLICY	srkUsagePolicy, keyUsagePolicy;
	int temp;

	print_begin_test( function );

	srand(time(0));

		// Create Context
	result = Tspi_Context_Create( &hContext );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Create", result );
		print_error_exit( function, err_string(result) );
		exit( result );
	}

		// Connect to Context
	result = Tspi_Context_Connect( hContext, NULL );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Connect", result );
		goto done;
	}

		//Load Key By UUID
	result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
						uuid_2, &hKey2 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
		goto done;
	}

	result = Tspi_Context_CreateObject( hContext,
						TSS_OBJECT_TYPE_ENCDATA,
						TSS_ENCDATA_BIND, &hEncData );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (hEncData)", result );
		goto done;
	}

		// Data Bind
	result = Tspi_Data_Bind( hEncData, hKey2, ulDataLength, rgbDataToBind );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Data_Bind", result );
		goto done;
	}


	result = Tspi_Data_Unbind( hEncData, hKey2, &pulDataLength, &prgbDataToUnBind );
	if ( result != TSS_SUCCESS )
	{
		if( !(checkNonAPI(result)) )
		{
			print_error( function, result );
			goto done;
		}
		else
		{
			print_error_nonapi( function, result );
			goto done;
		}
	}
	else
	{
		if ((pulDataLength == ulDataLength) &&
			!memcmp(prgbDataToUnBind, rgbDataToBind, pulDataLength))
			print_success( function, result );
		else{
			printf("Data doesn't match");
			print_error("Data doestn't match: Tspi_Data_Unbind", TSS_E_FAIL);
		}
		
	}


#if 0
#ifndef TESTSUITE_NOAUTH_SRK
		//Get Policy Object
	result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
					&srkUsagePolicy );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_GetPolicyObject", result );
		goto done;
	}

		//Set Secret
	result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
				TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Policy_SetSecret", result );
		goto done;
	}
#endif

	/* ######## Start Key 0 ######## */
	result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
						TSS_KEY_SIZE_2048 |
						TSS_KEY_TYPE_STORAGE |
						TSS_KEY_NO_AUTHORIZATION,
						&hKey0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (key 0)", result );
		goto done;
	}

	result = Tspi_Key_CreateKey( hKey0, hSRK, 0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Key_CreateKey (key 0)", result );
		goto done;
	}

	result = Tspi_Context_RegisterKey( hContext, hKey0,
						TSS_PS_TYPE_SYSTEM,
						uuid_0,
						TSS_PS_TYPE_SYSTEM,
						SRK_UUID );
	if ( (result != TSS_SUCCESS) )
	{
		print_error( "Tspi_Context_RegisterKey (uuid_0)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		goto done;
	}
	fprintf( stderr, "\t\tKey 0 Finished\n" );
	/* ######## End Key 0 ######## */

	/* ######## Start Key 1 ######## */
	result = Tspi_Context_CreateObject( hContext,
						TSS_OBJECT_TYPE_RSAKEY,
						TSS_KEY_AUTHORIZATION,
						&hKey1 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (key 1)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		goto done;
	}

	result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
                                                uuid_0, &hKey0 );
        if ( result != TSS_SUCCESS )
        {
                print_error( "Tspi_Context_LoadKeyByUUID (hKey0)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		goto done;
        }

	result = Tspi_GetPolicyObject( hKey1, TSS_POLICY_USAGE,
					&keyUsagePolicy );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_GetPolicyObject", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		goto done;
	}

		//Set Secret
	result = Tspi_Policy_SetSecret( keyUsagePolicy, TESTSUITE_KEY_SECRET_MODE,
				TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Policy_SetSecret", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		goto done;
	}

	result = Tspi_Key_CreateKey( hKey1, hKey0, 0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Key_CreateKey (key 1)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		goto done;
	}

	result = Tspi_Context_RegisterKey( hContext, hKey1,
						TSS_PS_TYPE_SYSTEM,
						uuid_1,
						TSS_PS_TYPE_SYSTEM,
						uuid_0 );
	if ( (result != TSS_SUCCESS) )
	{
		print_error( "Tspi_Context_RegisterKey (uuid_1)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		goto done;
	}
	fprintf( stderr, "\t\tKey 1 Finished\n" );
	/* ######## End Key 1 ######## */

	/* ######## Start Key 2 ######## */
	result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
						TSS_KEY_NO_AUTHORIZATION,
						&hKey2 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (key 2)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_1, &hKey1);
		goto done;
	}

	result = Tspi_Key_LoadKey( hKey1, hKey0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_LoadKeyByUUID (hKey1)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_1, &hKey1);
		goto done;
	}

	result = Tspi_Key_CreateKey( hKey2, hKey1, 0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Key_CreateKey (key 2)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_1, &hKey1);
		goto done;
	}

	result = Tspi_Context_RegisterKey( hContext, hKey2,
						TSS_PS_TYPE_SYSTEM,
						uuid_2,
						TSS_PS_TYPE_SYSTEM,
						uuid_1 );
	if ( (result != TSS_SUCCESS) )
	{
		print_error( "Tspi_Context_RegisterKey (uuid_2)", result );
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_0, &hKey0);
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, uuid_1, &hKey1);
		goto done;
	}
	fprintf( stderr, "\t\tKey 2 Finished\n" );
	/* ######## End Key 2 ######## */
#endif

	Tspi_Context_FreeMemory( hContext, NULL );
	Tspi_Context_Close( hContext );
	exit( result );

done:
	print_error_exit( function, err_string(result) );
	Tspi_Context_FreeMemory( hContext, NULL );
	Tspi_Context_Close( hContext );
	exit( result );
}
Ejemplo n.º 9
0
int main(int argc, char **argv)
{
	TSS_HKEY hKey, hSRK;
	TSS_HCONTEXT hContext;
	TSS_HTPM hTPM;
	TSS_RESULT result;
	TSS_HPOLICY hPolicy;
	TSS_HPCRS hPcrs;
	UINT32 ulPcrValueLength, subCap, subCapLength;
	UINT32 pulRespDataLength, numPcrs;
	BYTE *pNumPcrs, *rgbPcrValue, *uuidString, *pcrsSelectedValues[24];
	int i, c, *pcrsSelected = NULL, numPcrsSelected = 0;
	TSS_UUID *uuid;
	BYTE wellknown[] = TSS_WELL_KNOWN_SECRET;

	while (1) {
		c = getopt(argc, argv, "p:");
		if (c == -1)
			break;
		switch (c) {
			case 'p':
				numPcrsSelected++;
				pcrsSelected = realloc(pcrsSelected,
						       (sizeof(int) 
							* numPcrsSelected));
				if (pcrsSelected == NULL) {
					PRINT_ERR("Malloc of %zd bytes failed.",
						  (sizeof(int)
						   * numPcrsSelected));
					return -1;
				}
				pcrsSelected[numPcrsSelected - 1] =
					atoi(optarg);
				break;
			default:
				usage(argv[0]);
				break;
		}
	}
	if (numPcrsSelected == 0)
		printf("Warning: Key will not be bound to any PCR's!\n");
	if (numPcrsSelected > 24) {
		PRINT_ERR("Too many PCRs selected! Exiting.");
		return -EINVAL;
	}
        result = Tspi_Context_Create(&hContext);
        if (result != TSS_SUCCESS) {
                PRINT_TSS_ERR("Tspi_Context_Create", result);
                return result;
        }
        result = Tspi_Context_Connect(hContext, NULL);
        if (result != TSS_SUCCESS) {
                PRINT_TSS_ERR("Tspi_Context_Connect", result);
                Tspi_Context_Close(hContext);
                return result;
        }
	result = Tspi_Context_GetTpmObject(hContext, &hTPM);
	if (result != TSS_SUCCESS) {
		PRINT_TSS_ERR("Tspi_Context_GetTpmObject", result);
		Tspi_Context_Close(hContext);
		return result;
	}
	subCap = TSS_TPMCAP_PROP_PCR;
	subCapLength = sizeof(UINT32);
	result = Tspi_TPM_GetCapability(hTPM, TSS_TPMCAP_PROPERTY,
					subCapLength, (BYTE *)&subCap,
					&pulRespDataLength, &pNumPcrs );
	if (result != TSS_SUCCESS) {
		PRINT_TSS_ERR("Tspi_TPM_GetCapability", result);
		Tspi_Context_Close(hContext);
		return result;
	}
	numPcrs = *(UINT32 *)pNumPcrs;
	for (i = 0; i < (int)numPcrsSelected; i++) {
		if (pcrsSelected[i] > (int)numPcrs) {
			fprintf(stderr, "%d: invalid PCR register. PCRs range "
				"from 0 - %u\n", pcrsSelected[i], numPcrs);
			return -1;
		}
	}
	result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0,
					   &hPcrs);
	if (result != TSS_SUCCESS) {
		PRINT_TSS_ERR("Tspi_Context_CreateObject", result);
		return result;
	}
	for (i = 0; i < numPcrsSelected; i++) {
		result = Tspi_TPM_PcrRead(hTPM, pcrsSelected[i],
					  &ulPcrValueLength, &rgbPcrValue);
		if (result != TSS_SUCCESS) {
			PRINT_TSS_ERR("Tspi_TPM_PcrRead", result);
			Tspi_Context_Close(hContext);
			return result;
		}
		result = Tspi_PcrComposite_SetPcrValue(hPcrs, pcrsSelected[i],
						       ulPcrValueLength,
						       rgbPcrValue);
		if (result != TSS_SUCCESS) {
			PRINT_TSS_ERR("Tspi_PcrComposite_SetPcrValue", result );
			Tspi_Context_Close( hContext );
			return result;
		}

		pcrsSelectedValues[i] = rgbPcrValue;
	}
        result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
					    SRK_UUID, &hSRK);
        if (result != TSS_SUCCESS) {
                PRINT_TSS_ERR("Tspi_Context_LoadKeyByUUID", result);
                Tspi_Context_Close(hContext);
                return result;
        }
	result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hPolicy);
        if (result != TSS_SUCCESS) {
                PRINT_TSS_ERR("Tspi_GetPolicyObject", result);
                Tspi_Context_Close(hContext);
                return result;
        }

	result = Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_SHA1,
				       sizeof(wellknown), wellknown);
        if (result != TSS_SUCCESS) {
                PRINT_TSS_ERR("Tspi_GetPolicyObject", result);
                Tspi_Context_Close(hContext);
                return result;
        }
	result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
					   (TSS_KEY_TYPE_STORAGE
					    | TSS_KEY_SIZE_2048
					    | TSS_KEY_VOLATILE
					    | TSS_KEY_NO_AUTHORIZATION
					    | TSS_KEY_NOT_MIGRATABLE), &hKey);
	if (result != TSS_SUCCESS) {
                PRINT_TSS_ERR("Tspi_Context_CreateObject", result);
                Tspi_Context_Close(hContext);
                return result;
	}
	result = Tspi_Key_CreateKey(hKey, hSRK, hPcrs);
	if (result != TSS_SUCCESS) {
                PRINT_TSS_ERR("Tspi_Key_CreateKey", result);
                Tspi_Context_Close(hContext);
                return result;
	}
	result = Tspi_TPM_GetRandom(hTPM, (UINT32)16, (BYTE **)&uuid);
	if (result != TSS_SUCCESS) {
		PRINT_TSS_ERR("Tspi_TPM_GetRandom", result);
		Tspi_Context_Close(hContext);
		return result;
	}
	result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_USER,
					  *uuid, TSS_PS_TYPE_SYSTEM, SRK_UUID);
	if (result != TSS_SUCCESS) {
		PRINT_TSS_ERR("Tspi_Context_RegisterKey", result);
		Tspi_Context_Close(hContext);
		return result;
	}
	printf("Success: Key created bound to:\n");
	for (i = 0; i < numPcrsSelected; i++) {
		uuidString = (unsigned char *) 
			      util_bytes_to_string((char *)
						   pcrsSelectedValues[i], 20);
		if (uuidString == NULL) {
			PRINT_ERR("malloc of 41 bytes failed");
			Tspi_Context_Close(hContext);
			return result;
		}

		printf("PCR %d: %s\n", pcrsSelected[i], uuidString);
		free(uuidString);
		Tspi_Context_FreeMemory(hContext, pcrsSelectedValues[i]);
	}
	uuidString = (BYTE *)util_bytes_to_string((char *)uuid, 16);
	if (uuidString == NULL) {
		PRINT_ERR("malloc of 33 bytes failed");
		Tspi_Context_Close(hContext);
		return result;
	}
	printf("And registered in persistent storage with UUID "
	       "(tspi_uuid parameter): %s\n", uuidString);
	Tspi_Context_FreeMemory(hContext, (BYTE *)uuid);
	free(uuidString);
	Tspi_Context_Close(hContext);
	return 0;
}
Ejemplo n.º 10
0
int main(int argc, char **argv)
{
	
	TSS_HCONTEXT hContext=0;
	TSS_HTPM hTPM = 0;
	TSS_RESULT result;
	TSS_HKEY hSRK = 0;
	TSS_HPOLICY hSRKPolicy=0;
	TSS_UUID SRK_UUID = TSS_UUID_SRK;
	BYTE wks[20]; 
	memset(wks,0,20);

	TSS_HKEY hESS_Bind_Key;
	TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID;
	TSS_HPOLICY hESS_Policy;
	TSS_FLAG initFlags;
	BYTE *pubKey;
	UINT32 pubKeySize;
	FILE *fout, *fin;

	result =Tspi_Context_Create(&hContext);
	DBG("Create a context", result);
	result=Tspi_Context_Connect(hContext, NULL);
	DBG("Connect to TPM", result);
	
	
	result=Tspi_Context_GetTpmObject(hContext, &hTPM);
	DBG("Get TPM handle", result);
	result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
	DBG("Get SRK handle", result);
	result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
	DBG("Get SRK Policy", result);
	result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks);
	DBG("Tspi_Policy_SetSecret", result);
	

	result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,
			TSS_POLICY_USAGE, &hESS_Policy);
	DBG("Create a key policy object", result);
	result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1,
			20, wks);
	DBG("Set key policy object secret", result);
	initFlags = TSS_KEY_TYPE_BIND |
		    TSS_KEY_SIZE_2048 |
		    TSS_KEY_AUTHORIZATION |
		    TSS_KEY_NOT_MIGRATABLE;
	result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
			initFlags, &hESS_Bind_Key);
	DBG("Create the key object", result);
	result = Tspi_SetAttribUint32(hESS_Bind_Key,
		TSS_TSPATTRIB_KEY_INFO,
		TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
		TSS_ES_RSAESPKCSV15);
	DBG("Set the keys's padding type", result);
	result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key);
	DBG("Assign the key's policy to the key", result);
	printf("Creating the key could take a while\n");
	result = Tspi_Key_CreateKey(hESS_Bind_Key,
		hSRK, 0);
	DBG("Asking TPM to create the key", result);
	result = Tspi_Context_RegisterKey(hContext,
					hESS_Bind_Key,
					TSS_PS_TYPE_SYSTEM,
					ESS_BIND_UUID,
					TSS_PS_TYPE_SYSTEM,
					SRK_UUID);
	DBG("Registering the key for later retrieval", result);
	
	printf("Registering the key blob for later retrieval\r\n");

	result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
	DBG("Loading key in TPM", result);
	result = Tspi_Key_GetPubKey(hESS_Bind_Key,
				&pubKeySize, &pubKey);
	DBG("Get Public portion of key", result);
	fout = fopen("BackupESSBindKey.pub", "wb");
	if(fout != NULL) {
		write(fileno(fout), pubKey, pubKeySize);
		printf("Finished writing BackupESSBindKey.pub\n");
		fclose(fout);
	}
	else {
		printf("Error opening XXXXXXXXXXXX \r\n");
	}
	result = Tspi_Policy_FlushSecret(hESS_Policy);
	DBG("Policy flush secret", result);

	result = Tspi_Context_GetKeyByUUID(hContext,
					TSS_PS_TYPE_SYSTEM,
					ESS_BIND_UUID,
					&hESS_Bind_Key);
	DBG("Get key handle", result);
	printf("Unregistering key\r\n");
	result = Tspi_Context_UnregisterKey(hContext,
					TSS_PS_TYPE_SYSTEM,
					ESS_BIND_UUID,
					&hESS_Bind_Key);
	DBG("Unregister key", result);
	// Load a key and bind data
	UINT32 ulDataLength;
	BYTE *rbgBoundData;
	BYTE newPubKey[1000], encData[1000];
	TSS_HENCDATA hEncData;
	fin = fopen("BackupESSBindKey.pub", "r");
	read(fileno(fin), newPubKey,284);
	if (fin == NULL)
		return 0;
	fclose(fin);
	result = Tspi_Context_CreateObject(hContext,
				TSS_OBJECT_TYPE_RSAKEY,
				initFlags, &hESS_Bind_Key);
	DBG("Tspi_Context_CreateObject BindKey", result);
	result = Tspi_SetAttribData(hESS_Bind_Key,
				TSS_TSPATTRIB_KEY_BLOB,
				TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
				284,newPubKey);
	DBG("Set Public key into new key object", result);
	fin = fopen("data", "rb");
	read(fileno(fin), encData, 7);
	fclose(fin);
	result=Tspi_Context_CreateObject(hContext,
				TSS_OBJECT_TYPE_ENCDATA,
				TSS_ENCDATA_BIND,
				&hEncData);
	DBG("Create Data Object", result);
	result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData);
	DBG("Bind data", result);
	result = Tspi_GetAttribData(hEncData,
			TSS_TSPATTRIB_ENCDATA_BLOB,
			TSS_TSPATTRIB_ENCDATABLOB_BLOB,
			&ulDataLength,&rbgBoundData);
	DBG("Get encrypted data", result);
	fout = fopen("Bound.data", "wb");
	write(fileno(fout),rbgBoundData,ulDataLength);
	fclose(fout);

	result = Tspi_Context_FreeMemory(hContext, NULL);
	DBG("Tspi Context Free Memory", result);
	result = Tspi_Context_Close(hContext);
	DBG("Tspi Context Close", result);
	return 0;
	

}
Ejemplo n.º 11
0
int
main_v1_1( void )
{
	char		*function = "Tspi_Context_GetKeyByUUID04";
	TSS_HKEY	hSRK;
	TSS_HKEY	hMSigningKey;
	TSS_UUID	SRKUUID			= {0,0,0,0,0,0,0,0,0,0,1};
	TSS_UUID	migratableSignUUID	= {1,2,3,4,5,6,7,8,9,10,2};
	TSS_UUID	wrongUUID		= {4,1,5,2,2,6,6,3,4,8,0};
	TSS_HCONTEXT	hContext;
	TSS_RESULT	result;
	TSS_HPOLICY	srkUsagePolicy;
	UINT32		exitCode = 0;

	print_begin_test( function );

		// Create Context
	result = Tspi_Context_Create( &hContext );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Create", result );
		exit( result );
	}

		// Connect to Context
	result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_Connect", result );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		// Load SRK
	result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
						SRK_UUID, &hSRK );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

#ifndef TESTSUITE_NOAUTH_SRK
		//Get Policy Object
	result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
					&srkUsagePolicy );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_GetPolicyObject", result );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		//Set Secret
	result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
					TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Policy_SetSecret", result );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}
#endif

		//Create Signing Key
	result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
						TSS_KEY_SIZE_2048 |
						TSS_KEY_TYPE_SIGNING,
						&hMSigningKey );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Context_CreateObject (signing key)",
				result );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		// Create signing key
	result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 );
	if ( result != TSS_SUCCESS )
	{
		print_error( "Tspi_Key_CreateKey (signing key)", result );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		// register signing key; srk is parent
	result = Tspi_Context_RegisterKey( hContext, hMSigningKey,
						TSS_PS_TYPE_SYSTEM,
						migratableSignUUID,
						TSS_PS_TYPE_SYSTEM,
						SRKUUID );
	if ( (result != TSS_SUCCESS) &&
		(TSS_ERROR_CODE(result) != TSS_E_KEY_ALREADY_REGISTERED))
	{
		print_error( "Tspi_Context_RegisterKey", result );
		Tspi_Context_UnregisterKey( hContext, TSS_PS_TYPE_SYSTEM,
						migratableSignUUID,
						&hMSigningKey );
		Tspi_Context_FreeMemory( hContext, NULL );
		Tspi_Context_Close( hContext );
		exit( result );
	}

		// get signing key
	result = Tspi_Context_GetKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
						wrongUUID,
						&hMSigningKey );
	if ( TSS_ERROR_CODE(result) != TSS_E_PS_KEY_NOTFOUND )
	{
		if( !(checkNonAPI(result)) )
		{
			print_error( function, result );
			exitCode = result;
		}
		else
		{
			print_error_nonapi( function, result );
			exitCode = result;
		}
	}
	else
	{
		print_success( function, result );
	}

	print_end_test( function );
	Tspi_Context_UnregisterKey( hContext, TSS_PS_TYPE_SYSTEM,
					migratableSignUUID,
					&hMSigningKey );
	Tspi_Context_FreeMemory( hContext, NULL );
	Tspi_Context_Close( hContext );
	exit( exitCode );
}
Ejemplo n.º 12
0
int
main_v1_1(void){

	char		*nameOfFunction = "Tspi_Context_GetKeyByPublicInfo02";
	TSS_HCONTEXT	hContext;
	TSS_HTPM	hTPM;
	TSS_FLAG	initFlags;
	TSS_HKEY	hKey;
	TSS_HKEY	hSRK;
	TSS_RESULT	result;
	TSS_UUID	migratableSignUUID={1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 2};
	TSS_HPOLICY	srkUsagePolicy, keyUsagePolicy;
	TSS_HKEY	hMSigningKey;
	UINT32		ulPublicKeyLength = 2048;
	BYTE*		rgbPublicKeyInfo;
	initFlags	= TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048  |
			TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
			TSS_KEY_NOT_MIGRATABLE;
	TSS_FLAG	wrongType;
	BYTE		well_known_secret[20] = TSS_WELL_KNOWN_SECRET;
	
	wrongType = (TSS_PS_TYPE_SYSTEM + TSS_PS_TYPE_USER);
	print_begin_test(nameOfFunction);

		//Create
	result = Tspi_Context_Create(&hContext);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_Create ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Connect
	result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_Connect ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Get TPM Object
	result = Tspi_Context_GetTpmObject(hContext, &hTPM);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_GetTpmObject ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Create Object
	result = Tspi_Context_CreateObject(hContext,
				TSS_OBJECT_TYPE_RSAKEY,
				initFlags, &hKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CreateObject ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Load Key by UUID
	result = Tspi_Context_LoadKeyByUUID(hContext, 
					TSS_PS_TYPE_SYSTEM,
					SRK_UUID, &hSRK);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_LoadKeyByUUID ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
#ifndef TESTSUITE_NOAUTH_SRK
		//Get Policy Object for the srkUsagePolicy
	result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_GetPolicyObject ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Set Secret for the srkUsagePolicy
	result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
			TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Policy_SetSecret ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
#endif
		//Create the hKey with the hSRK wrapping key
	result = Tspi_Key_CreateKey(hKey, hSRK, 0);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Key_CreateKey", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Register the hKey
	result = Tspi_Context_RegisterKey(hContext,
				hKey, TSS_PS_TYPE_SYSTEM, migratableSignUUID,
				TSS_PS_TYPE_SYSTEM, SRK_UUID);
	if (result != TSS_SUCCESS &&
			TSS_ERROR_CODE(result) != TSS_E_KEY_ALREADY_REGISTERED) {
		print_error("Tspi_Context_RegisterKey ", result);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//Create the hKey with the hSRK wrapping key
	result = Tspi_Context_CloseObject(hContext, hKey);
	if (result != TSS_SUCCESS) {
		print_error("Tspi_Context_CloseObject ", result);
		Tspi_Context_Close(hContext);
		exit(result);
	}
		//GetKeyByPublicInfo
	result = Tspi_Context_GetKeyByPublicInfo(hContext, 
			wrongType, TSS_ALG_RSA, 
			ulPublicKeyLength,
			rgbPublicKeyInfo, &hKey);
	if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
		if(!checkNonAPI(result)){
			print_error(nameOfFunction, result);
			print_end_test(nameOfFunction);
			Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
						migratableSignUUID, &hKey);
			Tspi_Context_FreeMemory(hContext, NULL);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
		else{
			print_error_nonapi(nameOfFunction, result);
			print_end_test(nameOfFunction);
			Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
						migratableSignUUID, &hKey);
			Tspi_Context_FreeMemory(hContext, NULL);
			Tspi_Context_CloseObject(hContext, hKey);
			Tspi_Context_Close(hContext);
			exit(result);
		}
	}
	else{
		print_success(nameOfFunction, result);
		print_end_test(nameOfFunction);
		Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
					migratableSignUUID, &hKey);
		Tspi_Context_FreeMemory(hContext, NULL);
		Tspi_Context_CloseObject(hContext, hKey);
		Tspi_Context_Close(hContext);
		exit(0);
	}
}