char* secure_dev_tpm_get_storage_key(SEC_DEVICE_HANDLE handle) { char* result; if (handle == NULL) { /* Codes_SRS_SECURE_DEVICE_TPM_07_016: [ If handle is NULL, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("Invalid handle value specified"); result = NULL; } else if (handle->srk_pub.publicArea.unique.rsa.t.size == 0) { /* Codes_SRS_SECURE_DEVICE_TPM_07_017: [ If the srk_public value was not initialized, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("storage root key is invalid"); result = NULL; } else { unsigned char data_bytes[1024]; unsigned char* data_pos = data_bytes; /* Codes_SRS_SECURE_DEVICE_TPM_07_018: [ secure_dev_tpm_get_storage_key shall allocate and return the Storage Root Key. ] */ uint32_t data_length = TPM2B_PUBLIC_Marshal(&handle->srk_pub, &data_pos, NULL); STRING_HANDLE encoded_srk = Azure_Base64_Encode_Bytes(data_bytes, data_length); if (encoded_srk == NULL) { /* Codes_SRS_SECURE_DEVICE_TPM_07_019: [ If any failure is encountered, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("Failure encoding storage root key"); result = NULL; } else { if (mallocAndStrcpy_s(&result, STRING_c_str(encoded_srk)) != 0) { /* Codes_SRS_SECURE_DEVICE_TPM_07_019: [ If any failure is encountered, secure_dev_tpm_get_storage_key shall return NULL. ] */ LogError("Failure allocating storage root key"); result = NULL; } STRING_delete(encoded_srk); } } return result; }
static uint32_t TpmUtilSignAppPayload( ANY_OBJECT* appPayloadAuthority ) { DEFINE_CALL_BUFFERS; UINT32 result = TPM_RC_SUCCESS; union { Hash_In hash; Sign_In sign; VerifySignature_In verifySignature; } in; union { Hash_Out hash; Sign_Out sign; VerifySignature_Out verifySignature; } out; TPM2B_DIGEST digest = {0}; TPMT_TK_HASHCHECK hashCheck = {0}; TPMT_SIGNATURE signature = {0}; const UINT64 marker = TPM_APP_AUTHORITY_SECTION; uint8_t appPayload[] = { 0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63, 0x6b, 0x20, 0x62, 0x72, 0x6f, 0x77, 0x6e, 0x20, // The quick brown 0x66, 0x6f, 0x78, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x73, 0x20, 0x6f, 0x76, 0x65, 0x72, 0x20, 0x74, // fox jumps over t 0x68, 0x65, 0x20, 0x6c, 0x61, 0x7a, 0x79, 0x20, 0x64, 0x6f, 0x67 // he lazy dog }; // Hash the payload in the TPM INITIALIZE_CALL_BUFFERS(TPM2_Hash, &in.hash, &out.hash); in.hash.data.t.size = sizeof(appPayload); MemoryCopy(in.hash.data.t.buffer, appPayload, in.hash.data.t.size, sizeof(in.hash.data.t.buffer)); #ifdef NTZTPM in.hash.hashAlg = TPM_ALG_SM3_256; #else in.hash.hashAlg = TPM_ALG_SHA256; #endif in.hash.hierarchy = TPM_RH_NULL; EXECUTE_TPM_CALL(FALSE, TPM2_Hash); digest = out.hash.outHash; hashCheck = out.hash.validation; // Sign the digest INITIALIZE_CALL_BUFFERS(TPM2_Sign, &in.sign, &out.sign); parms.objectTableIn[TPM2_Sign_HdlIn_KeyHandle] = *appPayloadAuthority; in.sign.digest = digest; in.sign.inScheme.scheme = TPM_ALG_NULL; in.sign.validation = hashCheck; EXECUTE_TPM_CALL(FALSE, TPM2_Sign); signature = out.sign.signature; // Verify the signature INITIALIZE_CALL_BUFFERS(TPM2_VerifySignature, &in.verifySignature, &out.verifySignature); parms.objectTableIn[TPM2_VerifySignature_HdlIn_KeyHandle] = *appPayloadAuthority; in.verifySignature.digest = digest; in.verifySignature.signature = signature; EXECUTE_TPM_CALL(FALSE, TPM2_VerifySignature); // Dump the appPayload data if(sizeof(pbCmd) < (sizeof(appPayload) + sizeof(UINT64))) { result = TPM_RC_FAILURE; goto Cleanup; } MemorySet(pbCmd, 0x00, sizeof(pbCmd)); buffer = pbCmd; size = sizeof(pbCmd); MemoryCopy(pbCmd, appPayload, sizeof(appPayload), size); buffer += sizeof(appPayload); size -= sizeof(appPayload); MemoryCopy(buffer, &marker, sizeof(TPM_APP_AUTHORITY_SECTION), size); buffer += sizeof(UINT64); size -= sizeof(UINT64); if((TPM2B_PUBLIC_Marshal(&appPayloadAuthority->obj.publicArea, &buffer, &size) < 0) || (TPMT_SIGNATURE_Marshal(&signature, &buffer, &size) < 0)) { result = TPM_RC_FAILURE; goto Cleanup; } // Write the fakeAppPayload to flash HAL_FLASH_Program(FLASH_TYPEPROGRAM_WORD, ADDR_FLASH_SECTOR_23 + sizeof(persistedData), (uint32_t)(sizeof(pbCmd) - size)); for(uint32_t n = 0; n < (sizeof(pbCmd) - size); n++) { if(HAL_FLASH_Program(FLASH_TYPEPROGRAM_BYTE, ADDR_FLASH_SECTOR_23 + sizeof(persistedData) + sizeof(uint32_t) + n, pbCmd[n]) != HAL_OK) { printf("Flash Write Error @ 0x%08x\r\n", ADDR_FLASH_SECTOR_23 + n); } } Cleanup: return result; }