main_v1_2(char version){
char *nameOfFunction = "Tspi_TPM_OwnerGetSRKPubKey01";
TSS_RESULT result;
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HKEY hSRK;
TSS_HPOLICY hPolicy;
UINT32 pulPubKeyLength;
BYTE *prgbPubKey;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
exit(result);
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS ) {
print_error( "Tspi_GetPolicyObject", result );
return result;
}
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if ( result != TSS_SUCCESS ) {
print_error( "Tspi_Policy_SetSecret", result );
return result;
}
//Get SRK Public Key
result = Tspi_TPM_OwnerGetSRKPubKey(hTPM, &pulPubKeyLength, &prgbPubKey);
if (result != TSS_SUCCESS) {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(0);
}
}
int main(int argc,char **argv)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_RESULT result;
TSS_HKEY hSRK=0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID=TSS_UUID_SRK;
BYTE wks[20]; //For the well known secret
// Set wks to the well known secret: 20 bytes of all 0’s
memset(wks,0,20);
//Pick the TPM you are talking to.
// In this case, it is the system TPM (indicated with NULL).
result = Tspi_Context_Create( &hContext);
DBG("Create Context",result);
result = Tspi_Context_Connect(hContext, NULL);
DBG("Context Connect�",result);
// Get the TPM handle
result=Tspi_Context_GetTpmObject(hContext,&hTPM);
DBG("Get TPM Handle",result);
// Get the SRK handle
result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK);
DBG("Got the SRK handle�", result);
//Get the SRK policy
result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy);
DBG("Got the SRK policy",result);
//Then set the SRK policy to be the well known secret
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks);
//Note: TSS SECRET MODE SHA1 says ”Don’t hash this.
// Use the 20 bytes as they are.
DBG("Set the SRK secret in its policy",result);
//Do something usefull
TSS_UUID MY_UUID=BACKUP_KEY_UUID;
TSS_HKEY hESS_Bind_Key;
result=Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key);
DBG("Get key handle", result);
printf("Unregistering key\r\n");
result=Tspi_Context_UnregisterKey(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key);
DBG("Unregister key",result);
//Done doing something usefull
// Context Close(hobjects you have created);
Tspi_Context_FreeMemory(hContext,NULL);
// This frees up memory automatically allocated for you.
Tspi_Context_Close(hContext);
return 0;
}
static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
{
int err, ret;
err = Tspi_Context_Create(&s->tpm_ctx);
if (err) {
gnutls_assert();
return tss_err(err);
}
err = Tspi_Context_Connect(s->tpm_ctx, NULL);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_tspi_ctx;
}
err =
Tspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
srk_uuid, &s->srk);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_tspi_ctx;
}
err =
Tspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_srk;
}
err = myTspi_Policy_SetSecret(s->srk_policy,
SAFE_LEN(srk_password),
(BYTE *) srk_password);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_srkpol;
}
return 0;
out_srkpol:
Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
s->srk_policy = 0;
out_srk:
Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
s->srk = 0;
out_tspi_ctx:
Tspi_Context_Close(s->tpm_ctx);
s->tpm_ctx = 0;
return ret;
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_UpdateVerificationCount03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
goto done;
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, -1);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE)
{
print_error( function, result );
result = 1;
goto done;
}
else
{
print_success( function, result );
result = 0;
}
done:
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
print_end_test( function );
exit( result );
}
int
set_object_policy(TSS_HOBJECT handle, TSS_FLAG mode, char *prompt,
UINT32 secret_len, BYTE *secret)
{
TSS_HPOLICY hPolicy;
TSS_RESULT ret;
ret = Tspi_GetPolicyObject(handle, TSS_POLICY_USAGE, &hPolicy);
if (ret) {
print_error(ret, gettext("Get object policy"));
return (ERR_FAIL);
}
return (set_policy_options(hPolicy, mode, prompt, secret_len, secret));
}
TSS_RESULT extend_pcr (const char * buf, const int len)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_HPOLICY hOwnerPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE passcode[20];
memset(passcode,0,20);
memcpy (passcode, buf, len);
UINT32 ulNewPcrValueLength;
BYTE* NewPcrValue;
result = Tspi_Context_Create (&hContext);
DBG(" Create a Context\n",result);
result = Tspi_Context_Connect (hContext, NULL);
DBG(" Connect to TPM\n", result);
// Get the TPM handle
result = Tspi_Context_GetTpmObject (hContext, &hTPM);
DBG(" Get TPM Handle\n",result);
result = Tspi_GetPolicyObject (hTPM, TSS_POLICY_USAGE, &hOwnerPolicy);
DBG( " Owner Policy\n", result);
result = Tspi_TPM_PcrExtend (hTPM,
9,
sizeof(passcode),
passcode,
NULL,
&ulNewPcrValueLength,
&NewPcrValue);
DBG(" extend\n",result);
return result;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
//By default SRK is 20bytes 0
//takeownership -z
BYTE wks[20];
memset(wks,0,20);
//At the beginning
//Create context and get tpm handle
result =Tspi_Context_Create(&hContext);
DBG("Create a context\n", result);
result=Tspi_Context_Connect(hContext, NULL);
DBG("Connect to TPM\n", result);
result=Tspi_Context_GetTpmObject(hContext, &hTPM);
DBG("Get TPM handle\n", result);
//Get SRK handle
//This operation need SRK secret when you takeownership
//if takeownership -z the SRK is wks by default
result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
DBG("Get SRK handle\n", result);
result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
DBG("Get SRK Policy\n", result);
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20, wks);
DBG("Tspi_Policy_SetSecret\n", result);
//At the end of program
//Cleanup some object
result = Tspi_Context_FreeMemory(hContext, NULL);
DBG("Tspi Context Free Memory\n", result);
result = Tspi_Context_Close(hContext);
DBG("Tspi Context Close\n", result);
return 0;
}
main_v1_1(void){
char *nameOfFunction = "Tspi_Key_LoadKey01";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_UUID uuid;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
//Create Key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_Create Key", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key (hKey)
result = Tspi_Key_LoadKey(hKey, hSRK);
if (result != TSS_SUCCESS){
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
main_v1_1(void){
char *nameOfFunction = "Tspi_Key_CreateMigrationBlob03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hKey;
UINT32 TargetPubKeyLength;
BYTE *TargetPublicKeyData;
BYTE *MigTicket;
UINT32 TicketLength;
BYTE *randomData;
UINT32 randomLength;
UINT32 migBlobLength;
BYTE *migBlob;
UINT32 blobLength;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy,
tpmUsagePolicy;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID for hSRK", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
#endif
//Get Policy Object
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE,
&hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Create Signing Key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Key_CreateKey", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
Tspi_Context_CloseObject(hContext, hKey);
exit(result);
}
//Authorize Migration Ticket
result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hKey,
TSS_MS_REWRAP, &TicketLength, &MigTicket);
if (result != TSS_SUCCESS)
{
print_error("Tpsi_TPM_AuthorizeMigrationTicket ", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
Tspi_Context_CloseObject(hContext, hKey);
exit(result);
}
//Create Migration Blob
result = Tspi_Key_CreateMigrationBlob(-1, hSRK,
TicketLength, MigTicket, &randomLength,
&randomData, &migBlobLength, &migBlob);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_ReadTables-trans03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hWrappingKey;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
UINT32 familyTableSize, delegateTableSize;
TSS_FAMILY_TABLE_ENTRY *familyTable;
TSS_DELEGATION_TABLE_ENTRY *delegateTable;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", (result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", (result) );
goto done;
}
result = Tspi_TPM_Delegate_ReadTables(hContext, &familyTableSize, &familyTable,
&delegateTableSize, &delegateTable);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_ReadTables", (result) );
goto done;
}
result = Testsuite_Transport_Final(hContext, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Testsuite_Transport_Final", (result) );
goto done;
}
else
{
result = Tspi_Context_FreeMemory(hContext, (BYTE *)familyTable);
if (result != TSS_SUCCESS)
{
print_error( "Tspi_Context_FreeMemory", result );
goto done;
}
result = Tspi_Context_FreeMemory(hContext, (BYTE *)delegateTable);
if (result != TSS_SUCCESS)
{
print_error( "Tspi_Context_FreeMemory", result );
goto done;
}
else
{
print_success( function, result );
}
}
print_end_test( function );
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
int
main_v1_2( char version )
{
char *function = "Tspi_GetAttribData21";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HPOLICY hSrkPolicy;
BYTE *rgbDataToSeal = "This is a test";
BYTE rgbPcrValue[20];
TSS_HPCRS hPcrComposite;
UINT32 AttribDataSize;
BYTE* AttribData;
UINT32 ulDataLength = strlen(rgbDataToSeal);
TSS_RESULT result,resultFree;
TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 |
TSS_KEY_TYPE_STORAGE |
TSS_KEY_NO_AUTHORIZATION;
TSS_FLAG pcrsInitFlags = 0;
print_begin_test( function );
if (version == TESTSUITE_TEST_TSS_1_2) {
keyInitFlags |= TSS_KEY_STRUCT_KEY12;
pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG;
}
memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue));
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
print_end_test(function);
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key by UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags,
&hPcrComposite );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hPcrComposite)",
result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrValue", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrLocality", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Checking flag and subflags
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -",
result );
}
print_end_test(function);
Tspi_Context_Close(hContext);
exit( 0 );
}
int
main_v1_1( void )
{
char *function = "Tspi_GetPolicyObject01";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_RESULT result;
UINT32 exitCode;
TSS_HPOLICY srkUsagePolicy;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
Tspi_Context_Close( hContext );
exit( result );
}
//Get Policy Object
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
print_end_test( function );
Tspi_Context_Close( hContext );
exit(result);
}
else
{
print_error_nonapi( function, result );
print_end_test( function );
Tspi_Context_Close( hContext );
exit(result);
}
}
else
{
print_success( function, result );
exitCode = 0;
}
print_end_test( function );
Tspi_Context_Close( hContext );
exit( exitCode );
}
main_v1_1(void){
char *nameOfFunction = "Tspi_ChangeAuth04";
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_HPOLICY hPolicy;
TSS_HKEY hMStorageKey;
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_FLAG initFlags;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
TSS_HPOLICY srkUsagePolicy;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create hKey
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID for hSRK", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
//Create Storage Key
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hMStorageKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Key_CreateKey(hMStorageKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Call Change Auth
result = Tspi_ChangeAuth(0xffffffff, hMStorageKey, hPolicy);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
main_v1_1(void){
char *nameOfFunction = "policy_no_secret";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_BOOL allowMaint = FALSE;
BYTE *randomData;
TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy;
print_begin_test(nameOfFunction);
#ifdef TESTSUITE_NOAUTH_SRK
print_NA();
print_end_test(nameOfFunction);
exit(0);
#endif
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Policy Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Assign new policy w/o secret to the SRK object
result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create child key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND|
TSS_KEY_NO_AUTHORIZATION, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Attempt to use the SRK w/o putting a secret in its policy
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Key creation w/o parent secret set", result);
print_error(nameOfFunction, result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("Key creation w/o parent secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
// With a secret set, this should work OK
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Try an owner auth'd command w/o secret
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Policy Object
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Tspi_TPM_GetStatus w/o owner secret set", result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("TPM_GetStatus w/o owner secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_GetStatus", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
int main(int argc, char *argv[]) {
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
char *credential_filename = DEFAULT_CREDENTIAL_FILENAME;
UINT32 nonceVerifierLength;
BYTE *nonceVerifier;
TSS_HDAA hDAA;
TSS_DAA_CREDENTIAL *hDaaCredential;
TSS_DAA_SIGN_DATA signData;
TSS_DAA_SIGNATURE daaSignature;
TSS_DAA_SELECTED_ATTRIB revealAttributes;
char *szTpmPasswd = DEFAULT_OWN_PASSWD;
char *message = NULL;
BYTE **attributes = NULL;
FILE *file;
char *param;
int i, length, rv;
bi_ptr random = NULL;
TSS_BOOL isCorrect;
EVP_MD_CTX *mdctx;
TSS_HKEY hKEY;
init_tss_version( &signData);
init_tss_version( &daaSignature);
init_tss_version( &revealAttributes);
i = 1;
while( i < argc) {
param = argv[ i];
if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) {
i++;
if( i == argc) return print_usage( argv[0]);
message = argv[i];
} else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){
i++;
if( i == argc) return print_usage( argv[0]);
credential_filename = argv[i];
} else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){
i++;
if( i == argc) return print_usage( argv[0]);
szTpmPasswd = argv[i];
} else {
fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param);
return print_usage( argv[0]);
}
i++;
}
bi_init( NULL);
printf("Loading credential: %s ", credential_filename);
file = fopen( credential_filename, "r");
if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) {
LogError( "[test_join]: Error when loading \'%s\': %s\n",
credential_filename,
strerror( errno));
result = TSS_E_FAIL;
goto out_close;
}
fclose( file);
printf("Done\n");
// Create Context
LogDebug("Create Context");
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
LogError( "Tspi_Context_Create %d\n", result );
goto out;
}
// Connect to Context
result = Tspi_Context_Connect( hContext, NULL );
if ( result != TSS_SUCCESS) goto out_close;
printf("\nConnect to the context: %X\n", hContext);
if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS)
goto out_close;
// Get the correct policy using the TPM ownership PASSWD
if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS)
goto out_close;
if( (result = Tspi_Policy_SetSecret( hPolicy,
TSS_SECRET_MODE_PLAIN,
strlen( szTpmPasswd),
szTpmPasswd)) != TSS_SUCCESS)
goto out_close;
LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy);
//Create Object
result = obj_daa_add( hContext, &hDAA);
if (result != TSS_SUCCESS) {
LogError("Tspi_Context_CreateObject:%d", result);
Tspi_Context_Close(hContext);
LogError("%s: %s", argv[0], err_string(result));
exit(result);
}
LogDebug("created DAA object:%X", hDAA);
// TODO: verifier base name ??
result = Tspi_DAA_VerifyInit(
hDAA, // in
&nonceVerifierLength, // out
&nonceVerifier, // out
0, //baseNameLength, // out
NULL //baseName // out
);
if (result != TSS_SUCCESS) goto out_close;
LogDebug("Verify Init return nonceVerifier [%s]",
dump_byte_array( nonceVerifierLength, nonceVerifier));
create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0);
mdctx = EVP_MD_CTX_create();
// create the TSS_DAA_SIGN_DATA struct
// .selector: 0 -> payload contains a handle to an AIK
// 1 -> payload contains a hashed message
if( message != NULL) {
signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH;
signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH;
EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest());
EVP_DigestUpdate(mdctx, (BYTE *)message, strlen( message));
signData.payloadLength = EVP_MD_CTX_size(mdctx);
signData.payload = (BYTE *)EVP_MD_CTX_create();
EVP_DigestFinal(mdctx, signData.payload, NULL);
} else {
signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY;
result = Tspi_Context_CreateObject(
hContext, // in
TSS_OBJECT_TYPE_RSAKEY, // in
TSS_KEY_SIZE_2048, // in
&hKEY // out
);
if( result != TSS_SUCCESS) goto out_close;
}
result = Tspi_TPM_DAA_Sign(
hDAA, // in
hTPM, // in
(TSS_HKEY)hDaaCredential, // in
revealAttributes, // in
0, // verifierBaseNameLength, // in
NULL, // verifierBaseName, // in
nonceVerifierLength, // in
nonceVerifier, // in
signData, // in
&daaSignature // out
);
if (result != TSS_SUCCESS) goto out_close;
LogDebug("TPM_DAA_Sign return daaSignature [%s]",
dump_byte_array( nonceVerifierLength, nonceVerifier));
// generate attributes list but without copying the not revealed ones
attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength);
for( i=0; i < (int)(hDaaCredential->attributesLength); i++) {
if( revealAttributes.indicesList[i]) {
attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8);
memcpy( attributes[i],
hDaaCredential->attributes[i],
DAA_PARAM_SIZE_F_I / 8);
} else {
attributes[i] = NULL;
}
}
result = Tspi_DAA_VerifySignature(
hDAA, // in
daaSignature, // in
(TSS_HKEY)&(hDaaCredential->issuerPK), // in
signData, // in
hDaaCredential->attributesLength, // in
attributes, // in
nonceVerifierLength, // in
nonceVerifier, // in
0, //baseNameLength, //in
NULL, // in
&isCorrect // out
);
printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no"));
out_close:
EVP_MD_CTX_destroy(mdctx);
if( attributes != NULL) {
for( i=0; i<(int)hDaaCredential->attributesLength; i++) {
if( attributes[i] != NULL) free( attributes[i]);
}
free( attributes);
}
if( random != NULL) bi_free_ptr( random);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
out:
bi_release();
LogDebug("THE END result=%d:%s",result, err_string( result) );;
return result;
}
main_v1_2(char version){
char *nameOfFunction = "Tspi_TPM_KeyControlOwner01";
TSS_RESULT result;
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hSRK;
TSS_HKEY hKey;
TSS_HKEY hTargetPubKey;
TSS_HPOLICY hTpmPolicy, hSrkPolicy;
TSS_UUID Uuid;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory( hContext, NULL );
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_2048 |
TSS_KEY_TYPE_SIGNING, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Requires Owner auth - get policy
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTpmPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject ", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Set Owner Secret
result = Tspi_Policy_SetSecret(hTpmPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN,
TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error("Tspi_Policy_SetSecret (Owner)", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Get SRK Key
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID ", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Requires SRK auth - get policy
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject ", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Set SRK Secret
result = Tspi_Policy_SetSecret(hSrkPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error("Tspi_Policy_SetSecret (Owner)", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Create Key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Load key
result = Tspi_Key_LoadKey(hKey, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_LoadKey", result);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
}
//Set Ownerevict bit
result = Tspi_TPM_KeyControlOwner(hTPM, hKey, TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT,
TRUE, &Uuid);
if (result != TSS_SUCCESS) {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close(hContext);
exit(0);
}
}
int
main_v1_1( void )
{
char *function = "Tspi_Context_LoadKeyByBlob03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hMSigningKey;
BYTE* migratableSignKeyBlob;
UINT32 blobLength;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy;
UINT32 exitCode = 0;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Set Secret
result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret (1)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
//Create Signing Key
result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_2048 |
TSS_KEY_TYPE_SIGNING,
&hMSigningKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_CreateObject (signing key)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey (Signing Key)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// get blob
result = Tspi_GetAttribData( hMSigningKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blobLength, &migratableSignKeyBlob );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key Blob
result = Tspi_Context_LoadKeyByBlob( hContext, hSRK,
blobLength,
NULL,
&hMSigningKey );
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = result;
}
else
{
print_error_nonapi( function, result );
exitCode = result;
}
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int
main(int argc, char **argv)
{
RSA *rsa = NULL;
TSS_HCONTEXT hContext;
TSS_HKEY hKey, hSRK, hCAKey;
TSS_HPOLICY hTPMPolicy, hidpol;
TSS_UUID srkUUID = TSS_UUID_SRK;
TSS_HPOLICY srkpol;
TSS_HTPM hTPM;
UINT32 idbloblen, ch;
int ret,i, blobos, fd;
BYTE *srkpass, *tpmpass;
BYTE *blobo, *idblob;
srkpass = tpmpass = NULL;
while ((ch = getopt(argc, argv, "hs:t:")) != -1) {
switch (ch) {
case 's':
srkpass = optarg;
break;
case 't':
tpmpass = optarg;
break;
case 'h':
default:
usage(argv[0]);
break;
}
}
if (!srkpass || !tpmpass)
usage(argv[0]);
/* create context and connect */
ret = Tspi_Context_Create(&hContext);
check_fail("context create", ret);
ret = Tspi_Context_Connect(hContext, NULL);
check_fail("context connect", ret);
ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID,
&hSRK);
check_fail("loadkeybyuuid", ret);
ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol);
check_fail("get policy object", ret);
//ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234");
ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN,
strlen(srkpass), srkpass);
check_fail("policy set secret", ret);
ret = Tspi_Context_GetTpmObject(hContext, &hTPM);
check_fail("get policy object", ret);
//Insert the owner auth into the TPM's policy
ret = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
check_fail("get tpm policy", ret);
ret = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
strlen(tpmpass), tpmpass);
check_fail("set owner secret", ret);
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
//TSS_KEY_TYPE_STORAGE
TSS_KEY_TYPE_IDENTITY
//TSS_KEY_TYPE_SIGNING
| TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION
| TSS_KEY_NOT_MIGRATABLE | TSS_KEY_VOLATILE
, &hKey);
check_fail("create object - key", ret);
ret = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hidpol);
check_fail("get id key policy", ret);
ret = Tspi_Policy_SetSecret(hidpol, TSS_SECRET_MODE_PLAIN,
strlen(srkpass), srkpass);
check_fail("set idkey secret", ret);
/* We must create this fake privacy CA key in software so that
* Tspi_TPM_CollateIdentityRequest will happily work. It needs it to
* create the cert request which is required in a normal remote
* attestion procedure. It is not needed in our setup though.
*/
ret = make_fake_key(hContext, &hCAKey, &rsa, RSA_PKCS1_OAEP_PADDING);
check_fail("ca nonsense", ret);
/* We do not care about idblob - that is the certificate request that
* we are supposed to send to our CA in normal remote attestation. The
* fifth argument is our identity label (it is supposed to be unicode).
*/
ret = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hCAKey, 8, "id label",
hKey, TSS_ALG_3DES, &idbloblen, &idblob);
check_fail("collate id", ret);
blobo = NULL;
/*ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobos, &blobo);*/
ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &blobos, &blobo);
check_fail("get blob", ret);
if (!blobo) {
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
FATAL("no blobo");
}
printf("size: %d\n", blobos);
for (i = 0;i < blobos; i++) {
printf("\\x%x", blobo[i]);
}
printf("\n");
fd = open("key.blob", O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
if (fd == -1) {
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
FATAL("Open\n");
}
ret = write(fd, blobo, blobos);
if (ret != blobos)
printf("Warning: couldn't write the whole key\n");
close(fd);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
int tpm_load_srk(UI_METHOD *ui, void *cb_data)
{
TSS_RESULT result;
UINT32 authusage;
BYTE *auth;
UINT32 auth_size;
UINT32 srk_secret_mode = secret_mode;
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
if (hSRK != NULL_HKEY) {
DBGFN("SRK is already loaded.");
return 1;
}
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&authusage))) {
Tspi_Context_CloseObject(hContext, hSRK);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if (!authusage) {
DBG("SRK has no auth associated with it.");
return 1;
}
/* If hSRKPolicy is non 0, then a policy object for the SRK has already
* been set up by engine pre/post commands. Just assign it to the SRK.
* Otherwise, we need to get the SRK's implicit policy and prompt for a
* secret */
if (hSRKPolicy) {
DBG("Found an already initialized SRK policy, using it");
if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, hSRK))) {
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&hSRKPolicy))) {
Tspi_Context_CloseObject(hContext, hSRK);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if ((auth = calloc(1, 128)) == NULL) {
TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!srk_zeroed) {
if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ",
cb_data)) {
Tspi_Context_CloseObject(hContext, hSRK);
free(auth);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
}
auth_size = strlen((char *)auth);
} else {
auth_size = sizeof(well_known_secret);
memcpy(auth, well_known_secret, auth_size);
srk_secret_mode = TSS_SECRET_MODE_SHA1;
}
/* secret_mode is a global that may be set by engine ctrl
* commands. By default, its set to TSS_SECRET_MODE_PLAIN */
if ((result = Tspi_Policy_SetSecret(hSRKPolicy, srk_secret_mode,
auth_size, auth))) {
Tspi_Context_CloseObject(hContext, hSRK);
free(auth);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
free(auth);
return 1;
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_DefineSpace-trans03";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
TSS_RESULT result;
TSS_HKEY hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifdef NV_LOCKED
/* Get TPM object */
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS)
{
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011101);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
#ifdef CLEAR_TEST_INDEX
Tspi_NV_ReleaseSpace(hNVStore);
#endif
if (result != TSS_SUCCESS)
{
print_error("Tspi_NV_DefineSpace", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result== TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error("Tspi_NV_DefineSpace", result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
int
main_v1_1(void){
char *nameOfFunction = "Tspi_Context_GetRegisteredKeysByUUID03";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_UUID migratableSignUUID={1, 2, 3, 4, 5, {6, 7, 8, 9, 10, 2}};
TSS_HPOLICY srkUsagePolicy;
UINT32 pulKeyHierarchySize;
TSS_KM_KEYINFO* ppKeyHierarchy;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_512 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(nameOfFunction);
//Create
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key by UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID ", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object for the srkUsagePolicy
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject ", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret for the srkUsagePolicy
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret ", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
//Create the hKey with the hSRK wrapping key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Register the hKey
result = Tspi_Context_RegisterKey(hContext,
hKey, TSS_PS_TYPE_SYSTEM, migratableSignUUID,
TSS_PS_TYPE_SYSTEM, SRK_UUID);
if (result != TSS_SUCCESS && TSS_ERROR_CODE(result) != TSS_E_KEY_ALREADY_REGISTERED) {
print_error("Tspi_Context_RegisterKey ", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Registered Keys By UUID
result = Tspi_Context_GetRegisteredKeysByUUID(hContext,
-1, &migratableSignUUID,
&pulKeyHierarchySize, &ppKeyHierarchy);
if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig)
{
static const TSS_UUID SRK_UUID = TSS_UUID_SRK;
gnutls_datum_t asn1;
unsigned int tss_len;
char *pass;
int ofs, err;
err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Error decoding TSS key blob: %s\n"),
gnutls_strerror(err));
return -EINVAL;
}
/* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */
if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = asn1.data[1];
ofs = 2;
if (tss_len & 0x80) {
int lenlen = tss_len & 0x7f;
if (asn1.size < 2 + lenlen || lenlen > 3) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = 0;
while (lenlen) {
tss_len <<= 8;
tss_len |= asn1.data[ofs++];
lenlen--;
}
}
if (tss_len + ofs != asn1.size) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
err = Tspi_Context_Create(&vpninfo->tpm_context);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create TPM context: %s\n"),
Trspi_Error_String(err));
goto out_blob;
}
err = Tspi_Context_Connect(vpninfo->tpm_context, NULL);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to connect TPM context: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &vpninfo->srk);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK key: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK policy object: %s\n"),
Trspi_Error_String(err));
goto out_srk;
}
pass = vpninfo->cert_password;
vpninfo->cert_password = NULL;
while (1) {
static const char nullpass[20];
/* We don't seem to get the error here... */
if (pass)
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (BYTE *)pass);
else /* Well-known NULL key */
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_SHA1,
sizeof(nullpass), (BYTE *)nullpass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set TPM PIN: %s\n"),
Trspi_Error_String(err));
goto out_srkpol;
}
free(pass);
/* ... we get it here instead. */
err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk,
tss_len, asn1.data + ofs,
&vpninfo->tpm_key);
if (!err)
break;
if (pass)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM key blob: %s\n"),
Trspi_Error_String(err));
if (err != TPM_E_AUTHFAIL)
goto out_srkpol;
err = request_passphrase(vpninfo, "openconnect_tpm_srk",
&pass, _("Enter TPM SRK PIN:"));
if (err)
goto out_srkpol;
}
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY
gnutls_privkey_init(pkey);
/* This would be nicer if there was a destructor callback. I could
allocate a data structure with the TPM handles and the vpninfo
pointer, and destroy that properly when the key is destroyed. */
gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0);
#else
*pkey = OPENCONNECT_TPM_PKEY;
#endif
retry_sign:
err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig);
if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) {
if (!vpninfo->tpm_key_policy) {
err = Tspi_Context_CreateObject(vpninfo->tpm_context,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&vpninfo->tpm_key_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create key policy object: %s\n"),
Trspi_Error_String(err));
goto out_key;
}
err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy,
vpninfo->tpm_key);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to assign policy to key: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
}
err = request_passphrase(vpninfo, "openconnect_tpm_key",
&pass, _("Enter TPM key PIN:"));
if (err)
goto out_key_policy;
err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (void *)pass);
free (pass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set key PIN: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
goto retry_sign;
}
free (asn1.data);
return 0;
out_key_policy:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy);
vpninfo->tpm_key_policy = 0;
out_key:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key);
vpninfo->tpm_key = 0;
out_srkpol:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy);
vpninfo->srk_policy = 0;
out_srk:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk);
vpninfo->srk = 0;
out_context:
Tspi_Context_Close(vpninfo->tpm_context);
vpninfo->tpm_context = 0;
out_blob:
free (asn1.data);
return -EIO;
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_GetFamily05";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM, hTPM2;
TSS_HPOLICY hTPMPolicy;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY, hFamily2;
UINT32 familyID, returnedID;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
goto done;
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", result );
goto done;
}
result = Tspi_GetAttribUint32(hFamily, TSS_TSPATTRIB_DELFAMILY_INFO,
TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID, &familyID);
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( "Tspi_TPM_GetAttribUint32", result );
}
else
{
print_error_nonapi( "Tspi_TPM_GetAttribUint32", result );
}
goto done;
}
/* Keep hTPM to invalidate family and then set it to NULL */
hTPM2 = hTPM;
hTPM = NULL_HTPM;
/* Keep family address */
hFamily2 = hFamily;
result = Tspi_TPM_Delegate_GetFamily(hTPM, familyID, &hFamily);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE)
{
Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2);
print_error( function, result );
result = 1;
goto done;
}
else
{
Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2);
print_success( function, result );
result = 0;
}
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
print_end_test( function );
exit( result );
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_ReadTables06";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
UINT32 familyTableSize, delegateTableSize;
TSS_FAMILY_TABLE_ENTRY *familyTable;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", result );
goto done;
}
result = Tspi_TPM_Delegate_ReadTables(hContext, &familyTableSize, &familyTable,
&delegateTableSize, NULL);
if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( function, result );
result = 1;
goto done;
}
else
{
print_success( function, result );
result = 0;
}
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
print_end_test( function );
exit( result );
}
main_v1_1(void) {
char *nameOfFunction = "Tspi_ChangeAuthAsym02";
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_HPOLICY hPolicy;
TSS_UUID migratableStorageUUID = {1,2,3,4,5,6,7,8,9,10,5};
TSS_UUID migratableSignUUID = {1,2,3,4,5,6,7,8,9,10,8};
TSS_UUID AIKUUID = {1,2,3,4,5,6,7,8,9,10,6};
TSS_HKEY hAIK;
TSS_HKEY hMSigningKey;
TSS_HKEY hMStorageKey;
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_FLAG initFlags;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
TSS_HPOLICY srkUsagePolicy;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create hKey
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID ", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
//Create Object for the hAIK Key
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hAIK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create the hAIK Key
result = Tspi_Key_CreateKey(hAIK, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
// Load hAIK Key
result = Tspi_Key_LoadKey(hAIK, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object for Storage Key
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hMStorageKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Storage Key
result = Tspi_Key_CreateKey(hMStorageKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tpspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
// Load hMStorageKey Key
result = Tspi_Key_LoadKey(hMStorageKey, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object for Signing Key
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hMSigningKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Signing Key
result = Tspi_Key_CreateKey(hMSigningKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Default Policy
result = Tspi_Context_GetDefaultPolicy(hContext, &hPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetPolicy", result);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Call to Change Auth Asym
result = Tspi_ChangeAuthAsym(-1, hMStorageKey, hAIK, hPolicy);
if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
if(!checkNonAPI(result)) {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
else {
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hMStorageKey);
Tspi_Context_CloseObject(hContext, hAIK);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
main_v1_2(char version)
{
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTpmUsagePolicy;
TSS_FLAG initFlags;
TSS_HKEY hSrcKey;
TSS_HKEY hDestKey;
TSS_HKEY hMaKey[MA_KEY_COUNT];
TSS_HKEY hCmkKey;
TSS_HKEY hNewKey;
TSS_HMIGDATA hMigData;
TSS_HHASH hHash;
UINT32 blobSize;
BYTE *blob;
UINT32 randomSize;
BYTE *random;
int i;
TSS_RESULT result;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
exit(result);
}
//Get TPM Policy Object
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(hTpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
/***** Create Overall Source Parent key *****/
initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION;
tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hSrcKey);
tc_create_key(hContext, hSrcKey, hSRK, initFlags);
tc_load_key(hContext, hSrcKey, hSRK);
/***** Create Overall Destination Parent key *****/
initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION;
tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hDestKey);
tc_create_key(hContext, hDestKey, hSRK, initFlags);
tc_load_key(hContext, hDestKey, hSRK);
/***** Create MAs and MSA list *****/
//Create MigData Object
tc_create_object(hContext, TSS_OBJECT_TYPE_MIGDATA, 0, &hMigData);
for (i = 0; i < MA_KEY_COUNT; i++) {
//Create Key Object
initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION;
tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hMaKey[i]);
tc_create_key(hContext, hMaKey[i], hSrcKey, initFlags);
//Get PubKey Blob
tc_get_attribdata(hContext, hMaKey[i], TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob);
//Add PubKey Blob to the MSA list
tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB,
TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB, blobSize, blob);
}
//Grant Owner Approval of MAs
result = Tspi_TPM_CMKApproveMA(hTPM, hMigData);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_CMKApproveMA", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
/***** Create a CMK ****/
initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION |
TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE;
tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hCmkKey);
//Get and Assign MA/MSA information
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA,
TSS_MIGATTRIB_AUTHORITY_DIGEST, &blobSize, &blob);
tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO,
TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST, blobSize, blob);
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA,
TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC, &blobSize, &blob);
tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO,
TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL, blobSize, blob);
tc_create_key(hContext, hCmkKey, hSrcKey, initFlags);
/***** Authorize migration to the Dest key *****/
//Authorize Migration Ticket
result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hDestKey, TSS_MS_RESTRICT_APPROVE_DOUBLE,
&blobSize, &blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_AuthorizeMigrationTicket", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Save Ticket
tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONTICKET, 0, blobSize, blob);
/***** Sign the migration ticket *****/
//Get PubKey Blob of CMK
tc_get_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob);
tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB,
TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB, blobSize, blob);
//Get PubKey Blob of destination CMK parent
tc_get_attribdata(hContext, hDestKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob);
tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB,
TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB, blobSize, blob);
//Get PubKey Blob of MA
tc_get_attribdata(hContext, hMaKey[0], TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob);
tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB,
TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB, blobSize, blob);
//Get Ticket Signature Data
tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash);
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA,
TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob);
result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_UpdateHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA,
TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob);
result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_UpdateHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA,
TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob);
result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_UpdateHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_GetHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Load Verify Key
tc_load_key(hContext, hMaKey[0], hSrcKey);
//Generate Ticket Signature
result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_Sign", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Save Ticket Signature
tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA,
TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob);
//Create Ticket
result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_CMKCreateTicket", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
/***** Create a migration blob *****/
//Create Blob
result = Tspi_Key_CMKCreateBlob(hCmkKey, hSrcKey, hMigData, &randomSize, &random);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_CMKCreateBlob", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
/***** Create a CMK ticket for the destination TPM *****/
//We are using the same TPM so the next steps are not necessary, but are
//done for procedural info
//Get Ticket Signature Data
tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash);
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA,
TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob);
result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_UpdateHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA,
TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob);
result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_UpdateHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA,
TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob);
result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_UpdateHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_GetHashValue", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Load Verify Key
tc_load_key(hContext, hMaKey[0], hSrcKey);
//Generate Ticket Signature
result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Hash_Sign", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Save Ticket Signature
tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA,
TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob);
//Create Ticket
result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_CMKCreateTicket", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
/***** Migrate the key *****/
initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION |
TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE;
tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hNewKey);
result = Tspi_Key_CMKConvertMigration(hNewKey, hDestKey, hMigData, randomSize, random);
if (result != TSS_SUCCESS) {
if (!checkNonAPI(result)) {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
}
tc_load_key(hContext, hNewKey, hDestKey);
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(0);
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_UpdateVerificationCount-trans03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hWrappingKey;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HPOLICY hDelegation1 = NULL_HPOLICY;
TSS_HPOLICY hDelegation2 = NULL_HPOLICY;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", (result) );
goto done;
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation1);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", (result) );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation1, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", (result) );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', 0, NULL_HPCRS, hFamily, hDelegation1);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation2);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", (result) );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation2, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT,
NULL_HPCRS, hFamily, hDelegation2);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) );
goto done;
}
result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, hDelegation1);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_UpdateVerificationCount", (result) );
goto done;
}
result = Testsuite_Transport_Final(hContext, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Testsuite_Transport_Final", (result) );
goto done;
}
else
{
print_success( function, result );
}
print_end_test( function );
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_CreateDelegation02";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HPOLICY hDelegation = NULL_HPOLICY;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
goto done;
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", result );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(0xffffffff, 'b', 0, NULL_HPCRS, hFamily, hDelegation);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE)
{
print_error( function, result );
result = 1;
goto done;
}
else
{
print_success( function, result );
result = 0;
}
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
print_end_test( function );
exit( result );
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_ReadValue-trans03";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HOBJECT hPolObject = NULL_HOBJECT;
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
BYTE *auth = "123456";
UINT32 auth_length = 6;
BYTE *policyData;
UINT32 read_space = 10;
TSS_RESULT result;
TSS_HKEY hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifdef NV_LOCKED
/* Get TPM object */
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS)
{
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
/* Create policy object for the NV object*/
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_AssignToObject(hPolObject, hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext,NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData);
#ifdef CLEAR_TEST_INDEX
Tspi_Context_GetTpmObject(hContext, &hTPM);
Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
Tspi_NV_ReleaseSpace(hNVStore);
#endif
#ifdef NV_LOCKED
if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT)
#else
if (result != TSS_SUCCESS)
#endif
{
print_error("Tspi_NV_ReadValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result == TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
}
