static TPM_RESULT execute_TPM_CreateWrapKey(TPM_REQUEST *req, TPM_RESPONSE *rsp) { BYTE *ptr; UINT32 len; TPM_KEY_HANDLE parentHandle; TPM_ENCAUTH dataUsageAuth; TPM_ENCAUTH dataMigrationAuth; TPM_KEY keyInfo; TPM_KEY wrappedKey; TPM_RESULT res; /* compute parameter digest */ tpm_compute_in_param_digest(req); /* unmarshal input */ ptr = req->param; len = req->paramSize; if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &parentHandle) || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &dataUsageAuth) || tpm_unmarshal_TPM_ENCAUTH(&ptr, &len, &dataMigrationAuth) || tpm_unmarshal_TPM_KEY(&ptr, &len, &keyInfo) || len != 0) return TPM_BAD_PARAMETER; /* execute command */ res = TPM_CreateWrapKey(parentHandle, &dataUsageAuth, &dataMigrationAuth, &keyInfo, &req->auth1, &wrappedKey); if (res != TPM_SUCCESS) return res; /* marshal output */ rsp->paramSize = len = sizeof_TPM_KEY(wrappedKey); //rsp->param = ptr = malloc(len); rsp->param = ptr = ExtendBuf; if (ptr == NULL || tpm_marshal_TPM_KEY(&ptr, &len, &wrappedKey)) { free(rsp->param); res = TPM_FAIL; } free_TPM_KEY(wrappedKey); return res; }
static int check_tpm(void) { unsigned char keybuf[TPM_MAX_KEY_SIZE]; unsigned char pcrvalue[TPM_AUTH_SIZE]; unsigned char srkauth[TPM_AUTH_SIZE]; uint32_t ret, srk_handle; unsigned int keylen; keydata k, key; int tpmfp; /* check /dev/tpm0 */ if ((tpmfp = open("/dev/tpm0", O_RDWR)) < 0) { printf("Unable to open /dev/tpm0\n"); exit(-1); } close(tpmfp); /* try a TPM_Reset (should work even if TPM disabled) */ if((ret=TPM_Reset())){ printf("TPM_Reset failed, error %s\n", TPM_GetErrMsg(ret)); exit(-2); } /* check if TPM enabled with TPM_PcrRead */ if((ret=TPM_PcrRead(0L,pcrvalue))){ printf("TPM_PcrRead failed, error %s\n", TPM_GetErrMsg(ret)); exit(-3); } /* check if TPM already has default IBM CSS owner */ srk_handle=TPM_SRK_HANDLE; TSS_sha1((unsigned char *)SRKPASS,8,srkauth); k.keyflags = 0; k.authdatausage = 0; /* key requires no password */ k.privkeylen = 0; /* no private key specified here */ k.pub.algorithm = 0x00000099; /* BOGUS ALG */ k.keyusage = 0x0014; /* key Usage - 0x0014 = bind */ k.pub.encscheme = 0x0003; /* encryption scheme 3 RSA */ k.pub.sigscheme = 0x0001; /* signature scheme none */ k.pub.keybitlen = 2048; /* RSA modulus size 2048 bits */ k.pub.numprimes = 2; /* required */ k.pub.expsize = 0; /* RSA exponent - default 0x010001 */ k.pub.keylength = 0; /* key not specified here */ k.pub.pcrinfolen = 0; /* no PCR's used at this time */ ret=TPM_CreateWrapKey(srk_handle,srkauth, NULL,NULL, &k,&key,keybuf,&keylen); if(ret==TPM_AUTHFAIL){ printf("TPM already has unknown owner\n"), exit(-4); } if(ret==TPM_BAD_KEY_PROPS){ printf("TPM is already IBM CSS managed\n"); return(0); } if(ret==TPM_NOSRK){ printf("TPM is already owned\n"); return(1); } printf("Unexpected return code %d\n",ret); exit(-5); }