Exemple #1
0
static TPM_RESULT execute_TPM_CreateWrapKey(TPM_REQUEST *req, TPM_RESPONSE *rsp) {
  BYTE *ptr;
  UINT32 len;
  TPM_KEY_HANDLE parentHandle;
  TPM_ENCAUTH dataUsageAuth;
  TPM_ENCAUTH dataMigrationAuth;
  TPM_KEY keyInfo;
  TPM_KEY wrappedKey;
  TPM_RESULT res;
  /* compute parameter digest */
  tpm_compute_in_param_digest(req);
  /* unmarshal input */
  ptr = req->param;
  len = req->paramSize;
  if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &parentHandle)
      || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &dataUsageAuth)
      || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &dataMigrationAuth)
      || tpm_unmarshal_TPM_KEY(&ptr, &len, &keyInfo)
      || len != 0) return TPM_BAD_PARAMETER;
  /* execute command */
  res = TPM_CreateWrapKey(parentHandle, &dataUsageAuth, &dataMigrationAuth, 
    &keyInfo, &req->auth1, &wrappedKey);
  if (res != TPM_SUCCESS) return res;
  /* marshal output */
  rsp->paramSize = len = sizeof_TPM_KEY(wrappedKey);
  //rsp->param = ptr = malloc(len);
  rsp->param = ptr = ExtendBuf;
  if (ptr == NULL
      || tpm_marshal_TPM_KEY(&ptr, &len, &wrappedKey)) {
    free(rsp->param);
    res = TPM_FAIL;
  }
  free_TPM_KEY(wrappedKey);
  return res;
}
Exemple #2
0
static int check_tpm(void)
{
	unsigned char keybuf[TPM_MAX_KEY_SIZE];
	unsigned char pcrvalue[TPM_AUTH_SIZE];
	unsigned char srkauth[TPM_AUTH_SIZE];
	uint32_t ret, srk_handle;
	unsigned int keylen;
	keydata k, key;
	int tpmfp;

	/* check /dev/tpm0 */
        if ((tpmfp = open("/dev/tpm0", O_RDWR)) < 0) {
		printf("Unable to open /dev/tpm0\n");
                exit(-1);
        }
	close(tpmfp);

	/* try a TPM_Reset (should work even if TPM disabled) */
	if((ret=TPM_Reset())){
		printf("TPM_Reset failed, error %s\n", TPM_GetErrMsg(ret));
		exit(-2);
	}

	/* check if TPM enabled with TPM_PcrRead */
	if((ret=TPM_PcrRead(0L,pcrvalue))){
		printf("TPM_PcrRead failed, error %s\n", TPM_GetErrMsg(ret));
		exit(-3);
	}

	/* check if TPM already has default IBM CSS owner */
	srk_handle=TPM_SRK_HANDLE;
	TSS_sha1((unsigned char *)SRKPASS,8,srkauth);
       	k.keyflags = 0;
       	k.authdatausage = 0;    /* key requires no password */
       	k.privkeylen = 0;       /* no private key specified here */
       	k.pub.algorithm = 0x00000099;   /* BOGUS ALG */
       	k.keyusage = 0x0014;    /* key Usage - 0x0014 = bind */
       	k.pub.encscheme = 0x0003;       /* encryption scheme 3 RSA */
       	k.pub.sigscheme = 0x0001;       /* signature scheme none */
       	k.pub.keybitlen = 2048; /* RSA modulus size 2048 bits */
       	k.pub.numprimes = 2;    /* required */
       	k.pub.expsize = 0;      /* RSA exponent - default 0x010001 */
       	k.pub.keylength = 0;    /* key not specified here */
       	k.pub.pcrinfolen = 0;   /* no PCR's used at this time */
	ret=TPM_CreateWrapKey(srk_handle,srkauth,
		NULL,NULL, &k,&key,keybuf,&keylen);
	if(ret==TPM_AUTHFAIL){
		printf("TPM already has unknown owner\n"),
		exit(-4);
	}
	if(ret==TPM_BAD_KEY_PROPS){
		printf("TPM is already IBM CSS managed\n");
		return(0);
	}
	if(ret==TPM_NOSRK){
			printf("TPM is already owned\n");
			return(1);
		
	}
	printf("Unexpected return code %d\n",ret);
	exit(-5);
}