int main(int argc, char *argv[])
{
int ret = 0;
char *filename = NULL;
int i = 1;
unsigned char * buffer;
uint32_t buffersize;
TPM_CONTEXT_BLOB context;
STACK_TPM_BUFFER(tpmbuffer)
TPM_setlog(0);
while (i < argc) {
if (!strcmp("-if",argv[i])) {
i++;
if (i < argc) {
filename = argv[i];
} else {
printf("Missing parameter for -if.\n");
print_usage();
}
}
else if (!strcmp(argv[i],"-v")) {
TPM_setlog(1);
}
else if (!strcmp("-h",argv[i])) {
print_usage();
}
else if (!strcmp(argv[i],"-h")) {
print_usage();
}
else {
printf("\n%s is not a valid option\n", argv[i]);
print_usage();
}
i++;
}
if (NULL == filename) {
printf("Missing -if argument.\n");
print_usage();
}
ret = TPM_ReadFile(filename, &buffer, &buffersize);
if (ret != 0) {
printf("Error while reading file '%s'.\n",filename);
exit(-1);
}
SET_TPM_BUFFER(&tpmbuffer, buffer, buffersize);
ret = TPM_ReadContextBlob(&tpmbuffer, 0, &context);
if ((ret & ERR_MASK)) {
printf("Error while parsing the context blob.\n");
exit(-1);
}
printf("ContextCount: 0x%08X\n",context.contextCount);
ret = 0;
exit(ret);
}
uint32_t TPM_ReadMSAFile(const char *filename, TPM_MSA_COMPOSITE * msaList)
{
uint32_t ret;
unsigned char *buffer = NULL;
uint32_t buffersize = 0;
ret = TPM_ReadFile(filename, &buffer, &buffersize);
if (ret & ERR_MASK)
goto exit;
msaList->MSAlist = LOAD32(buffer, 0);
if (msaList->MSAlist * TPM_HASH_SIZE + 4 != buffersize) {
ret = ERR_BAD_FILE;
goto exit;
}
msaList->migAuthDigest = malloc(msaList->MSAlist * TPM_HASH_SIZE);
if (msaList->migAuthDigest == NULL) {
ret = ERR_MEM_ERR;
goto exit;
}
memcpy(msaList->migAuthDigest,
buffer + sizeof(uint32_t),
msaList->MSAlist * TPM_HASH_SIZE);
ret = 0;
exit:
if (buffer)
free(buffer);
return 0;
}
static uint32_t swapInKey(uint32_t handle)
{
char *filename = createKeyFilename(handle);
STACK_TPM_BUFFER(context);
unsigned char * mycontext = NULL;
uint32_t contextSize;
uint32_t newhandle;
uint32_t ret;
if (NULL == filename) {
ret = ERR_MEM_ERR;
}
ret = TPM_ReadFile(filename,&mycontext,&contextSize);
if ((ret & ERR_MASK)) {
#if 0
printf("level: %d\n",g_num_transports);
#endif
printf("Could not read from keyfile %s.\n",filename);
return ret;
}
SET_TPM_BUFFER(&context, mycontext, contextSize);
free(mycontext);
ret = TPM_LoadContext(handle,
1,
&context,
&newhandle);
if (ret != 0) {
printf("Got error '%s' while swapping in key 0x%08x.\n",
TPM_GetErrMsg(ret),
handle);
}
if (handle != newhandle) {
printf("keyswap: "
"new handle 0x%08x not the same as old one 0x%08x.\n",
newhandle, handle);
}
if (ret == 0) {
unlink(filename);
}
free(filename);
#if 0
if (ret == 0) {
printf("Swapped in key with handle %08x.\n",handle);
} else {
printf("Could NOT swap in key with handle %08x.\n",handle);
}
#endif
return ret;
}
uint32_t TPM_ReadPubKeyfile(const char *filename, pubkeydata * pubk)
{
unsigned char *buffer = NULL;
uint32_t buffersize = 0;
uint32_t ret = TPM_ReadFile(filename, &buffer, &buffersize);
if ((ret & ERR_MASK) == 0) {
STACK_TPM_BUFFER(buf);
SET_TPM_BUFFER(&buf, buffer, buffersize);
memset(pubk, 0x0, sizeof(*pubk));
if (buffersize != TSS_PubKeyExtract(&buf, 0, pubk))
ret = ERR_BAD_FILE;
free(buffer);
}
return ret;
}
uint32_t TPM_ReadMSAFile(const char * filename, TPM_MSA_COMPOSITE * msaList)
{
uint32_t ret;
unsigned char * buffer = NULL;
uint32_t buffersize = 0;
ret = TPM_ReadFile(filename, &buffer, &buffersize);
if ( (ret & ERR_MASK) != 0 ) {
return ret;
}
msaList->MSAlist = LOAD32(buffer, 0);
if (msaList->MSAlist * TPM_HASH_SIZE + 4 == buffersize) {
msaList->migAuthDigest = malloc( msaList->MSAlist * TPM_HASH_SIZE );
if (NULL == msaList->migAuthDigest) {
return ERR_MEM_ERR;
}
memcpy(msaList->migAuthDigest,
buffer+sizeof(uint32_t),
msaList->MSAlist * TPM_HASH_SIZE);
} else {
return ERR_BAD_FILE;
}
return 0;
}
int main(int argc, char *argv[])
{
uint32_t ret = 0;
char * filename = NULL;
int i;
char *ownerPassword = NULL;
const char *ownerAuthFilename = NULL;
unsigned char ownerAuth[TPM_HASH_SIZE];
unsigned char *ownerHashPtr = NULL;
struct stat _stat;
uint32_t index = 0xffffffff;
TPM_setlog(0);
for (i=1 ; i<argc ; i++) {
if (!strcmp("-pwdo",argv[i])) {
i++;
if (i < argc) {
ownerPassword = argv[i];
}
else {
printf("Missing parameter for -pwdo.\n");
usage();
}
}
else if (strcmp(argv[i],"-pwdof") == 0) {
i++;
if (i < argc) {
ownerAuthFilename = argv[i];
}
else {
printf("Missing parameter for -pwdo.f\n");
usage();
}
}
else if (!strcmp("-row",argv[i])) {
i++;
if (i < argc) {
if (1 != sscanf(argv[i], "%x", &index)) {
printf("Could not parse the -row value.\n");
usage();
}
}
else {
printf("Missing argument after -row\n");
usage();
}
}
else if (strcmp(argv[i],"-if") == 0) {
i++;
if (i < argc) {
filename = argv[i];
}
else {
printf("-if option needs a value\n");
}
}
else if (!strcmp("-v",argv[i])) {
TPM_setlog(1);
}
else if (!strcmp("-h",argv[i])) {
usage();
}
else {
printf("\n%s is not a valid option\n", argv[i]);
usage();
}
}
if (index == 0xfffffff) {
printf("Missing the -row parameter!\n");
usage();
}
if (filename == NULL) {
printf("Missing the -if parameter!\n");
usage();
}
if ((ownerPassword != NULL) && (ownerAuthFilename != NULL)) {
printf("\nCannot have -pwdo and -pwdof arguments\n");
usage();
}
/* use the SHA1 hash of the password string as the Owner Authorization Data */
if (ownerPassword != NULL) {
TSS_sha1((unsigned char *)ownerPassword,
strlen(ownerPassword),
ownerAuth);
ownerHashPtr = ownerAuth;
}
/* get the ownerAuth from a file */
else if (ownerAuthFilename != NULL) {
unsigned char *buffer = NULL;
uint32_t buffersize;
ret = TPM_ReadFile(ownerAuthFilename, &buffer, &buffersize);
if ((ret & ERR_MASK)) {
printf("Error reading %s.\n", ownerAuthFilename);
exit(-1);
}
if (buffersize != sizeof(ownerAuth)) {
printf("Error reading %s, size %u should be %lu.\n",
ownerAuthFilename, buffersize, (unsigned long)sizeof(ownerAuth));
exit(-1);
}
memcpy(ownerAuth, buffer, sizeof(ownerAuth));
ownerHashPtr = ownerAuth;
free(buffer);
}
if (0 == stat(filename, &_stat)) {
unsigned char *blob = malloc(_stat.st_size);
uint32_t blobSize = _stat.st_size;
FILE *f;
if (NULL == blob) {
printf("Could not allocate memory!\n");
exit(-1);
}
f = fopen(filename, "rb");
if (NULL == f) {
printf("Could not open file for reading.\n");
exit(-1);
}
if (blobSize != fread(blob, 1, blobSize, f)) {
printf("Could not read the file.\n");
fclose(f);
exit(-1);
}
fclose(f);
ret = TPM_Delegate_LoadOwnerDelegation(index,
ownerHashPtr,
blob, blobSize);
if ( ret != 0) {
printf("Error '%s' from Delegate_LoadOwnerDelegation.\n",
TPM_GetErrMsg(ret));
exit(-1);
}
else {
printf("Successfully loaded the blob.\n");
}
}
else {
printf("Error, file %s not accessible.\n",filename);
}
exit(ret);
}
int main(int argc, char * argv[])
{
uint32_t ret;
int i;
const char * ownerPassword = NULL;
const char *ownerAuthFilename = NULL;
const char * counterPassword = NULL;
unsigned char * ownerAuthPtr = NULL;
unsigned char * counterAuthPtr = NULL;
unsigned char ownerAuth[TPM_HASH_SIZE];
unsigned char counterAuth[TPM_HASH_SIZE];
uint32_t id = -1;
TPM_setlog(0);
for (i=1 ; i<argc ; i++) {
if (!strcmp("-pwdo",argv[i])) {
i++;
if (i < argc) {
ownerPassword = argv[i];
} else {
printf("Missing parameter for -pwdo.\n");
usage();
}
}
else if (strcmp(argv[i],"-pwdof") == 0) {
i++;
if (i < argc) {
ownerAuthFilename = argv[i];
}
else {
printf("Missing parameter for -pwdof.\n");
usage();
}
}
else if (!strcmp("-pwdc",argv[i])) {
i++;
if (i < argc) {
counterPassword = argv[i];
} else {
printf("Missing parameter for -pwdc.\n");
usage();
}
}
else if (!strcmp("-ix",argv[i])) {
i++;
if (i < argc) {
id = atoi(argv[i]);
} else {
printf("Missing mandatory parameter for -ix.\n");
usage();
}
}
else if (!strcmp("-v",argv[i])) {
TPM_setlog(1);
}
else if (!strcmp("-h",argv[i])) {
usage();
}
else {
printf("\n%s is not a valid option\n",argv[i]);
usage();
}
}
if ((int)id < 0) {
printf("Input parameter -idx missing or invalid\n");
usage();
}
/* use the SHA1 hash of the password string as the Owner Authorization Data */
if (ownerPassword != NULL) {
TSS_sha1((unsigned char *)ownerPassword,
strlen(ownerPassword),
ownerAuth);
ownerAuthPtr = ownerAuth;
}
/* get the ownerAuth from a file */
else if (ownerAuthFilename != NULL) {
unsigned char *buffer = NULL;
uint32_t buffersize;
ret = TPM_ReadFile(ownerAuthFilename, &buffer, &buffersize);
if ((ret & ERR_MASK)) {
printf("Error reading %s.\n", ownerAuthFilename);
exit(-1);
}
if (buffersize != sizeof(ownerAuth)) {
printf("Error reading %s, size %u should be %lu.\n",
ownerAuthFilename, buffersize, (unsigned long)sizeof(ownerAuth));
exit(-1);
}
memcpy(ownerAuth, buffer, sizeof(ownerAuth));
ownerAuthPtr = ownerAuth;
free(buffer);
}
else if (counterPassword != NULL) {
TSS_sha1((unsigned char *)counterPassword,
strlen(counterPassword),
counterAuth);
counterAuthPtr = counterAuth;
}
else {
printf("Input authorization -pwdo or -pwdof or -pwdc missing\n");
usage();
}
if (counterAuthPtr != NULL) {
ret= TPM_ReleaseCounter(id, counterAuthPtr);
if (ret != 0) {
printf("Got error '%s' (0x%x) from TPM_ReleaseCounter.\n",
TPM_GetErrMsg(ret),
ret);
}
}
else {
ret = TPM_ReleaseCounterOwner(id, ownerAuthPtr);
if (ret != 0) {
printf("Got error '%s' (0x%x) from TPM_ReleaseCounterOwner.\n",
TPM_GetErrMsg(ret),
ret);
}
}
if (ret == 0) {
printf("Successfully released the counter.\n");
}
return ret;
}
int main(int argc, char *argv[])
{
int ret; /* general return value */
uint32_t keyhandle = 0; /* handle of quote key */
unsigned int pcrmask = 0; /* pcr register mask */
unsigned char passhash1[TPM_HASH_SIZE]; /* hash of key password */
unsigned char nonce[TPM_NONCE_SIZE]; /* nonce data */
STACK_TPM_BUFFER(signature);
pubkeydata pubkey; /* public key structure */
unsigned char *passptr;
TPM_PCR_COMPOSITE tpc;
STACK_TPM_BUFFER (ser_tpc);
STACK_TPM_BUFFER (ser_tqi);
STACK_TPM_BUFFER (response);
uint32_t pcrs;
int i;
uint16_t sigscheme = TPM_SS_RSASSAPKCS1v15_SHA1;
TPM_PCR_SELECTION tps;
static char *keypass = NULL;
const char *certFilename = NULL;
int verbose = FALSE;
TPM_setlog(0); /* turn off verbose output from TPM driver */
for (i=1 ; i<argc ; i++) {
if (strcmp(argv[i],"-hk") == 0) {
i++;
if (i < argc) {
/* convert key handle from hex */
if (1 != sscanf(argv[i], "%x", &keyhandle)) {
printf("Invalid -hk argument '%s'\n",argv[i]);
exit(2);
}
if (keyhandle == 0) {
printf("Invalid -hk argument '%s'\n",argv[i]);
exit(2);
}
}
else {
printf("-hk option needs a value\n");
printUsage();
}
}
else if (!strcmp(argv[i], "-pwdk")) {
i++;
if (i < argc) {
keypass = argv[i];
}
else {
printf("Missing parameter to -pwdk\n");
printUsage();
}
}
else if (strcmp(argv[i],"-bm") == 0) {
i++;
if (i < argc) {
/* convert key handle from hex */
if (1 != sscanf(argv[i], "%x", &pcrmask)) {
printf("Invalid -bm argument '%s'\n",argv[i]);
exit(2);
}
}
else {
printf("-bm option needs a value\n");
printUsage();
}
}
else if (!strcmp(argv[i], "-cert")) {
i++;
if (i < argc) {
certFilename = argv[i];
}
else {
printf("Missing parameter to -cert\n");
printUsage();
}
}
else if (!strcmp(argv[i], "-h")) {
printUsage();
}
else if (!strcmp(argv[i], "-v")) {
verbose = TRUE;
TPM_setlog(1);
}
else {
printf("\n%s is not a valid option\n", argv[i]);
printUsage();
}
}
if ((keyhandle == 0) ||
(pcrmask == 0)) {
printf("Missing argument\n");
printUsage();
}
/* get the SHA1 hash of the password string for use as the Key Authorization Data */
if (keypass != NULL) {
TSS_sha1((unsigned char *)keypass, strlen(keypass), passhash1);
passptr = passhash1;
}
else {
passptr = NULL;
}
/* for testing, use the password hash as the test nonce */
memcpy(nonce, passhash1, TPM_HASH_SIZE);
ret = TPM_GetNumPCRRegisters(&pcrs);
if (ret != 0) {
printf("Error reading number of PCR registers.\n");
exit(-1);
}
if (pcrs > TPM_NUM_PCR) {
printf("Library does not support that many PCRs.\n");
exit(-1);
}
tps.sizeOfSelect = pcrs / 8;
for (i = 0; i < tps.sizeOfSelect; i++) {
tps.pcrSelect[i] = (pcrmask & 0xff);
pcrmask >>= 8;
}
/*
** perform the TPM Quote function
*/
ret = TPM_Quote(keyhandle, /* KEY handle */
passptr, /* Key Password (hashed), or null */
nonce, /* nonce data */
&tps, /* specify PCR registers */
&tpc, /* pointer to pcr composite */
&signature);/* buffer to receive result, int to receive result length */
if (ret != 0) {
printf("Error '%s' from TPM_Quote\n", TPM_GetErrMsg(ret));
exit(ret);
}
/*
** Get the public key and convert to an OpenSSL RSA public key
*/
ret = TPM_GetPubKey(keyhandle, passptr, &pubkey);
if (ret != 0) {
printf("quote: Error '%s' from TPM_GetPubKey\n", TPM_GetErrMsg(ret));
exit(-6);
}
ret = TPM_ValidatePCRCompositeSignature(&tpc,
nonce,
&pubkey,
&signature,
sigscheme);
if (ret) {
printf("Error %s from validating the signature over the PCR composite.\n",
TPM_GetErrMsg(ret));
exit(ret);
}
printf("Verification against AIK succeeded\n");
/* optionally verify the quote signature against the key certificate */
if (certFilename != NULL) {
unsigned char *certStream = NULL; /* freed @1 */
uint32_t certStreamLength;
X509 *x509Certificate = NULL; /* freed @2 */
unsigned char *tmpPtr; /* because d2i_X509 moves the ptr */
/* AIK public key parts */
RSA *rsaKey = NULL; /* freed @3 */
if (verbose) printf("quote: verifying the signature against the certificate\n");
/* load the key certificate */
if (ret == 0) {
ret = TPM_ReadFile(certFilename,
&certStream, /* freed @1 */
&certStreamLength);
}
/* convert to openssl X509 */
if (ret == 0) {
if (verbose) printf("quote: parsing the certificate stream\n");
tmpPtr = certStream;
x509Certificate = d2i_X509(NULL,
(const unsigned char **)&tmpPtr, certStreamLength);
if (x509Certificate == NULL) {
printf("Error in certificate deserialization d2i_X509()\n");
ret = -1;
}
}
if (ret == 0) {
if (verbose) printf("quote: get the certificate public key\n");
ret = GetRSAKey(&rsaKey, /* freed @3 */
x509Certificate);
}
if (ret == 0) {
if (verbose) printf("quote: quote validate signature\n");
ret = TPM_ValidatePCRCompositeSignatureRSA(&tpc,
nonce,
rsaKey,
&signature,
sigscheme);
if (ret != 0) {
printf("Verification against certificate failed\n");
}
}
if (ret == 0) {
printf("Verification against certificate succeeded\n");
}
free(certStream); /* @1 */
X509_free(x509Certificate); /* @2 */
RSA_free(rsaKey); /* @3 */
}
exit(ret);
}
