/*ARGSUSED*/ int cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]) { TSS_RESULT ret; TSS_HPOLICY hNewPolicy; if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP, gettext("= TPM owner passphrase ="), 0, NULL)) return (ERR_FAIL); /* policy object for new passphrase */ ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hNewPolicy); if (ret) { print_error(ret, gettext("Create policy object")); return (ERR_FAIL); } if (set_policy_options(hNewPolicy, TSS_SECRET_MODE_POPUP, gettext("= New TPM owner passphrase ="), 0, NULL)) return (ERR_FAIL); ret = Tspi_ChangeAuth(hTPM, NULL, hNewPolicy); if (ret && ret != TSP_ERROR(TSS_E_POLICY_NO_SECRET)) { print_error(ret, gettext("Change authorization")); return (ERR_FAIL); } return (0); }
static TSS_RESULT tpmChangeAuth(TSS_HCONTEXT aObjToChange, TSS_HOBJECT aParent, TSS_HPOLICY aNewPolicy) { TSS_RESULT result = Tspi_ChangeAuth(aObjToChange, aParent, aNewPolicy); tspiResult("Tspi_ChangeAuth", result); return result; }
void changeownership( unsigned char *auth_tpm_value, unsigned long auth_tpm_size, bool auth_tpm_sha1, unsigned char *auth_new_value, unsigned long auth_new_size, bool auth_new_sha1) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //set up TPM auth if(auth_tpm_sha1) { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); } //assign the TPM auth result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); //set up new auth if(auth_new_sha1) { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); } //change the TPM secret result = Tspi_ChangeAuth(htpm, 0, hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result); return; }
main_v1_1(void){ char *nameOfFunction = "Tspi_ChangeAuth04"; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_HPOLICY hPolicy; TSS_HKEY hMStorageKey; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_FLAG initFlags; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; TSS_HPOLICY srkUsagePolicy; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID for hSRK", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #endif //Create Storage Key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hMStorageKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_CreateKey(hMStorageKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Call Change Auth result = Tspi_ChangeAuth(0xffffffff, hMStorageKey, hPolicy); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }