int do_pcr_extend(int pcr, BYTE *data, size_t data_len) { TSS_RESULT ret; TSS_HCONTEXT context; TSS_HTPM tpm; BYTE *new_pcr_value; unsigned int new_pcr_value_len; assert(data_len == 20); ret = Tspi_Context_Create(&context); if (ret != TSS_SUCCESS) { fprintf(stderr, "ERROR: failed to get TSS context: %d\n", ret); return 1; } ret = Tspi_Context_Connect(context, NULL); if (ret != TSS_SUCCESS) { fprintf(stderr, "ERROR: failed to connect to TSS daemon: %d\n", ret); return 1; } ret = Tspi_Context_GetTpmObject(context, &tpm); if (ret != TSS_SUCCESS) { fprintf(stderr, "ERROR: failed to get TPM object: %d\n", ret); return 1; } ret = Tspi_TPM_PcrExtend(tpm, pcr, data_len, data, NULL /* event */, &new_pcr_value_len, &new_pcr_value); if (ret != TSS_SUCCESS) { fprintf(stderr, "ERROR: PCR extend fails with code %d\n", ret); return 1; } /* this will free new_pcr_value */ Tspi_Context_Close(context); return 0; }
int tpm_preamble(TSS_HCONTEXT *hContext, TSS_HOBJECT *hTPM) { TSS_RESULT ret; ret = Tspi_Context_Create(hContext); if (ret) { print_error(ret, gettext("Create context")); return (ERR_FAIL); } ret = Tspi_Context_Connect(*hContext, NULL); if (ret) { print_error(ret, gettext("Connect context")); (void) Tspi_Context_Close(*hContext); return (ERR_FAIL); } ret = Tspi_Context_GetTpmObject(*hContext, hTPM); if (ret) { print_error(ret, gettext("Get TPM object")); (void) Tspi_Context_Close(*hContext); return (ERR_FAIL); } return (0); }
void getrandombytes( unsigned long bytes_size, unsigned char *&output_value) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //get random bytes BYTE *bytes_value; result = Tspi_TPM_GetRandom(htpm, bytes_size, &bytes_value); if(result != TSS_SUCCESS) throw libhis_exception("Get Random Bytes", result); //copy C-style output into C++ format output_value = new unsigned char[bytes_size]; for(unsigned long i = 0; i < bytes_size; i++) { output_value[i] = bytes_value[i]; } //clean up random bytes result = Tspi_Context_FreeMemory(hcontext, bytes_value); if(result != TSS_SUCCESS) throw libhis_exception("Cleanup bytes", result); return; }
int main_v1_1( void ) { char *function = "Tspi_TPM_StirRandom02"; BYTE entropy; TSS_HCONTEXT hContext; TSS_HTPM whTPM = -1; TSS_RESULT result; UINT32 exitCode = 0; print_begin_test( function ); // seed entropy with time srand( time(0) ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } entropy = ( rand() % 100 ); //Get random number result = Tspi_TPM_StirRandom( whTPM, 16, &entropy ); if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); } else { print_error_nonapi( function, result ); } exitCode = result; } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
main_v1_1(void){ char *nameOfFunction = "Tspi_GetAttribData09"; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HKEY hSRK; BYTE* BLOB; UINT32 BlobLength; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key by UUID for SRK result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_Close(hContext); exit(result); } //Call GetAttribData result = Tspi_GetAttribData(hSRK, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &BlobLength, &BLOB); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } }
main_v1_2(char version){ char *nameOfFunction = "Tspi_TPM_OwnerGetSRKPubKey01"; TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HKEY hSRK; TSS_HPOLICY hPolicy; UINT32 pulPubKeyLength; BYTE *prgbPubKey; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); return result; } result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); return result; } //Get SRK Public Key result = Tspi_TPM_OwnerGetSRKPubKey(hTPM, &pulPubKeyLength, &prgbPubKey); if (result != TSS_SUCCESS) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); } }
int main(int argc,char **argv) { TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; TSS_HKEY hSRK=0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID=TSS_UUID_SRK; BYTE wks[20]; //For the well known secret // Set wks to the well known secret: 20 bytes of all 0’s memset(wks,0,20); //Pick the TPM you are talking to. // In this case, it is the system TPM (indicated with NULL). result = Tspi_Context_Create( &hContext); DBG("Create Context",result); result = Tspi_Context_Connect(hContext, NULL); DBG("Context Connect�",result); // Get the TPM handle result=Tspi_Context_GetTpmObject(hContext,&hTPM); DBG("Get TPM Handle",result); // Get the SRK handle result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK); DBG("Got the SRK handle�", result); //Get the SRK policy result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy); DBG("Got the SRK policy",result); //Then set the SRK policy to be the well known secret result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks); //Note: TSS SECRET MODE SHA1 says ”Don’t hash this. // Use the 20 bytes as they are. DBG("Set the SRK secret in its policy",result); //Do something usefull TSS_UUID MY_UUID=BACKUP_KEY_UUID; TSS_HKEY hESS_Bind_Key; result=Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key); DBG("Get key handle", result); printf("Unregistering key\r\n"); result=Tspi_Context_UnregisterKey(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key); DBG("Unregister key",result); //Done doing something usefull // Context Close(hobjects you have created); Tspi_Context_FreeMemory(hContext,NULL); // This frees up memory automatically allocated for you. Tspi_Context_Close(hContext); return 0; }
static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password) { int err, ret; err = Tspi_Context_Create(&s->tpm_ctx); if (err) { gnutls_assert(); return tss_err(err); } err = Tspi_Context_Connect(s->tpm_ctx, NULL); if (err) { gnutls_assert(); ret = tss_err(err); goto out_tspi_ctx; } err = Tspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM, srk_uuid, &s->srk); if (err) { gnutls_assert(); ret = tss_err(err); goto out_tspi_ctx; } err = Tspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy); if (err) { gnutls_assert(); ret = tss_err(err); goto out_srk; } err = myTspi_Policy_SetSecret(s->srk_policy, SAFE_LEN(srk_password), (BYTE *) srk_password); if (err) { gnutls_assert(); ret = tss_err(err); goto out_srkpol; } return 0; out_srkpol: Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy); s->srk_policy = 0; out_srk: Tspi_Context_CloseObject(s->tpm_ctx, s->srk); s->srk = 0; out_tspi_ctx: Tspi_Context_Close(s->tpm_ctx); s->tpm_ctx = 0; return ret; }
main_v1_1(void){ char *nameOfFunction = "Tspi_TPM_SelfTestFull02"; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HTPM hTPM; print_begin_test(nameOfFunction); //Create Result result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Result result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect ", result); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject ", result); Tspi_Context_Close(hContext); exit(result); } //Self Test result = Tspi_TPM_SelfTestFull(-1); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_1(void){ char *nameOfFunction = "Tspi_Context_CreateObject02"; TSS_HCONTEXT hContext; TSS_HKEY hSignatureKey; TSS_RESULT result; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect ", result); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING | TSS_KEY_MIGRATABLE, &hSignatureKey); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_OBJECT_INITFLAG){ if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hSignatureKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hSignatureKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hSignatureKey); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_1( void ) { char *function = "Tspi_Context_FreeMemory02"; BYTE random; TSS_HCONTEXT hContext; TSS_HCONTEXT whContext = -1; TSS_RESULT result; UINT32 exitCode = 0; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_Close( hContext ); exit( result ); } // Free selected memory result = Tspi_Context_FreeMemory( whContext, &random ); if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = result; } else { print_error_nonapi( function, result ); exitCode = result; } } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main_v1_1(void) { char *function = "Tspi_Hash_GetHashValue04"; TSS_HCONTEXT hContext; TSS_HHASH hHash; UINT32 ulHashValueLength, exitCode = 0; BYTE *rgbHashValue, hashBuf[20]; TSS_RESULT result; print_begin_test(function); // Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } // Connect to Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hash)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &ulHashValueLength, &rgbHashValue); if (TSS_ERROR_CODE(result) != TSS_E_HASH_NO_DATA) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } exitCode = result; } else { print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(exitCode); }
main_v1_2(char version) { char *nameOfFunction = "Tspi_TPM_ReadCounter03"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); exit(result); } //GetTPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTPMObject", result); exit(result); } // Read Counter result = Tspi_TPM_ReadCounter(hTPM, NULL); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } }
main_v1_1(void){ char *nameOfFunction = "Tspi_TPM_GetEvents03"; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HTPM hTPM; TSS_PCR_EVENT* prgPcrEvents; print_begin_test(nameOfFunction); //Create Result result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Result result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect ", result); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject ", result); Tspi_Context_Close(hContext); exit(result); } //Get Events result = Tspi_TPM_GetEvents(-1, -1, -1, &hContext, &prgPcrEvents); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_1(void) { TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HTPM hTPM; BYTE pcrValue[] = "01234567890123456789"; UINT32 ulPcrValLen = 20; BYTE *newPcrValue; UINT32 ulnewPcrValLen; // Create Context result = Tspi_Context_Create(&hContext); if (TSS_SUCCESS != result) { print_error("Tspi_Context_Create", result); exit(result); } // Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (TSS_SUCCESS != result) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (TSS_SUCCESS != result) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } printf("ulPcrValLen:%d\n", ulPcrValLen); // Call PcrExtend result = Tspi_TPM_PcrExtend(hTPM, 15, ulPcrValLen, pcrValue, NULL, &ulnewPcrValLen, &newPcrValue); if (TSS_SUCCESS != result) { print_error("Tspi_TPM_PcrExtend", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } printf("\nSuccess\n"); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return 0; }
void changeownership( unsigned char *auth_tpm_value, unsigned long auth_tpm_size, bool auth_tpm_sha1, unsigned char *auth_new_value, unsigned long auth_new_size, bool auth_new_sha1) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //set up TPM auth if(auth_tpm_sha1) { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); } //assign the TPM auth result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); //set up new auth if(auth_new_sha1) { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); } //change the TPM secret result = Tspi_ChangeAuth(htpm, 0, hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result); return; }
int main(int argc, char **argv) { TSS_HKEY hSRK, hKey; TSS_UUID srkUUID = TSS_UUID_SRK; TSS_HPOLICY srkpol, hTPMPolicy; TSS_HTPM hTPM; TSS_PCR_EVENT event; BYTE *pcr; int ret, i, pcri; uint32_t size; char rub[20] = "BLAHBLAHBLAHBLAHBLAH"; if (argc != 2) usage(argv[0]); pcri = atoi(argv[1]); if (pcri < 0 || pcri > 23) errx(1, "PCR out of range (0-16) (no extending to dynamic PCRS this way)\n"); memset(&event, 0, sizeof(event)); event.ulPcrIndex = pcri; /* create context and connect */ ret = Tspi_Context_Create(&hContext); check("context create", ret); ret = Tspi_Context_Connect(hContext, NULL); check("context connect", ret); ret = Tspi_Context_GetTpmObject(hContext, &hTPM); check("get policy object", ret); ret = Tspi_TPM_PcrExtend(hTPM, pcri, 20, rub, &event, &size, &pcr); check("pcr extend", ret); printf("pcr %d is now: \n", pcri); for (i = 0; i < size; i++) printf("%x ", pcr[i]); printf("\n"); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return 0; }
main_v1_2(char version){ char *nameOfFunction = "Tspi_TPM_OwnerGetSRKPubKey02"; TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HPOLICY hPolicy; UINT32 pulPubKeyLength; BYTE *prgbPubKey; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); exit(result); } //Get SRK Public Key result = Tspi_TPM_OwnerGetSRKPubKey(0xffffffff, &pulPubKeyLength, &prgbPubKey); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result);} } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_1(void) { char *function = "Tspi_Hash_UpdateHashValue02"; TSS_HCONTEXT hContext; TSS_HHASH whHash = -1; TSS_RESULT result; UINT32 exitCode = 0; print_begin_test(function); // Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } // Connect to Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_UpdateHashValue(whHash, 24, "Je pense, danc je suis."); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } exitCode = result; } else { print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(exitCode); }
int main_v1_1(void){ char *nameOfFunction = "Tspi_Context_Close03"; TSS_HCONTEXT hContext; TSS_RESULT result; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS){ print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Close Context result = Tspi_Context_Close(-1); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); exit(0); } }
TSS_RESULT extend_pcr (const char * buf, const int len) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_HPOLICY hOwnerPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; BYTE passcode[20]; memset(passcode,0,20); memcpy (passcode, buf, len); UINT32 ulNewPcrValueLength; BYTE* NewPcrValue; result = Tspi_Context_Create (&hContext); DBG(" Create a Context\n",result); result = Tspi_Context_Connect (hContext, NULL); DBG(" Connect to TPM\n", result); // Get the TPM handle result = Tspi_Context_GetTpmObject (hContext, &hTPM); DBG(" Get TPM Handle\n",result); result = Tspi_GetPolicyObject (hTPM, TSS_POLICY_USAGE, &hOwnerPolicy); DBG( " Owner Policy\n", result); result = Tspi_TPM_PcrExtend (hTPM, 9, sizeof(passcode), passcode, NULL, &ulNewPcrValueLength, &NewPcrValue); DBG(" extend\n",result); return result; }
/** * gnutls_tpm_get_registered: * @list: a list to store the keys * * This function will get a list of stored keys in the TPM. The uuid * of those keys * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.1.0 **/ int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list) { TSS_RESULT tssret; int ret; *list = gnutls_calloc(1, sizeof(struct tpm_key_list_st)); if (*list == NULL) return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR); tssret = Tspi_Context_Create(&(*list)->tpm_ctx); if (tssret) { gnutls_assert(); ret = tss_err(tssret); goto cleanup; } tssret = Tspi_Context_Connect((*list)->tpm_ctx, NULL); if (tssret) { gnutls_assert(); ret = tss_err(tssret); goto cleanup; } tssret = Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx, TSS_PS_TYPE_SYSTEM, NULL, &(*list)->size, &(*list)->ki); if (tssret) { gnutls_assert(); ret = tss_err(tssret); goto cleanup; } return 0; cleanup: gnutls_tpm_key_list_deinit(*list); return ret; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; //By default SRK is 20bytes 0 //takeownership -z BYTE wks[20]; memset(wks,0,20); //At the beginning //Create context and get tpm handle result =Tspi_Context_Create(&hContext); DBG("Create a context\n", result); result=Tspi_Context_Connect(hContext, NULL); DBG("Connect to TPM\n", result); result=Tspi_Context_GetTpmObject(hContext, &hTPM); DBG("Get TPM handle\n", result); //Get SRK handle //This operation need SRK secret when you takeownership //if takeownership -z the SRK is wks by default result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); DBG("Get SRK handle\n", result); result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); DBG("Get SRK Policy\n", result); result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20, wks); DBG("Tspi_Policy_SetSecret\n", result); //At the end of program //Cleanup some object result = Tspi_Context_FreeMemory(hContext, NULL); DBG("Tspi Context Free Memory\n", result); result = Tspi_Context_Close(hContext); DBG("Tspi Context Close\n", result); return 0; }
int main_v1_2( char version ) { char *function = "Tspi_TPM_GetCapability16"; UINT32 pulRespDataLength; BYTE *pRetData; UINT32 subCap, subCapLength, numPcrs; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; UINT32 exitCode; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Retrieve TPM object of context result = Tspi_Context_GetTpmObject( hContext, &hTPM ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetTpmObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } subCap = TSS_TPMCAP_PROP_TRANSESSIONS; subCapLength = sizeof(UINT32); result = Tspi_TPM_GetCapability( hTPM, TSS_TPMCAP_PROPERTY, subCapLength, (BYTE *)&subCap, &pulRespDataLength, &pRetData ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { print_success( function, result ); exitCode = 0; if (pulRespDataLength == sizeof(UINT32)) fprintf(stderr, "\tThere are %u available transport sessions in this TPM\n\n", *(UINT32 *)pRetData ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main(int argc, char *argv[]) { TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; char *credential_filename = DEFAULT_CREDENTIAL_FILENAME; UINT32 nonceVerifierLength; BYTE *nonceVerifier; TSS_HDAA hDAA; TSS_DAA_CREDENTIAL *hDaaCredential; TSS_DAA_SIGN_DATA signData; TSS_DAA_SIGNATURE daaSignature; TSS_DAA_SELECTED_ATTRIB revealAttributes; char *szTpmPasswd = DEFAULT_OWN_PASSWD; char *message = NULL; BYTE **attributes = NULL; FILE *file; char *param; int i, length, rv; bi_ptr random = NULL; TSS_BOOL isCorrect; EVP_MD_CTX *mdctx; TSS_HKEY hKEY; init_tss_version( &signData); init_tss_version( &daaSignature); init_tss_version( &revealAttributes); i = 1; while( i < argc) { param = argv[ i]; if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) { i++; if( i == argc) return print_usage( argv[0]); message = argv[i]; } else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){ i++; if( i == argc) return print_usage( argv[0]); credential_filename = argv[i]; } else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){ i++; if( i == argc) return print_usage( argv[0]); szTpmPasswd = argv[i]; } else { fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param); return print_usage( argv[0]); } i++; } bi_init( NULL); printf("Loading credential: %s ", credential_filename); file = fopen( credential_filename, "r"); if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) { LogError( "[test_join]: Error when loading \'%s\': %s\n", credential_filename, strerror( errno)); result = TSS_E_FAIL; goto out_close; } fclose( file); printf("Done\n"); // Create Context LogDebug("Create Context"); result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { LogError( "Tspi_Context_Create %d\n", result ); goto out; } // Connect to Context result = Tspi_Context_Connect( hContext, NULL ); if ( result != TSS_SUCCESS) goto out_close; printf("\nConnect to the context: %X\n", hContext); if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS) goto out_close; // Get the correct policy using the TPM ownership PASSWD if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS) goto out_close; if( (result = Tspi_Policy_SetSecret( hPolicy, TSS_SECRET_MODE_PLAIN, strlen( szTpmPasswd), szTpmPasswd)) != TSS_SUCCESS) goto out_close; LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy); //Create Object result = obj_daa_add( hContext, &hDAA); if (result != TSS_SUCCESS) { LogError("Tspi_Context_CreateObject:%d", result); Tspi_Context_Close(hContext); LogError("%s: %s", argv[0], err_string(result)); exit(result); } LogDebug("created DAA object:%X", hDAA); // TODO: verifier base name ?? result = Tspi_DAA_VerifyInit( hDAA, // in &nonceVerifierLength, // out &nonceVerifier, // out 0, //baseNameLength, // out NULL //baseName // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("Verify Init return nonceVerifier [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0); mdctx = EVP_MD_CTX_create(); // create the TSS_DAA_SIGN_DATA struct // .selector: 0 -> payload contains a handle to an AIK // 1 -> payload contains a hashed message if( message != NULL) { signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest()); EVP_DigestUpdate(mdctx, (BYTE *)message, strlen( message)); signData.payloadLength = EVP_MD_CTX_size(mdctx); signData.payload = (BYTE *)EVP_MD_CTX_create(); EVP_DigestFinal(mdctx, signData.payload, NULL); } else { signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY; result = Tspi_Context_CreateObject( hContext, // in TSS_OBJECT_TYPE_RSAKEY, // in TSS_KEY_SIZE_2048, // in &hKEY // out ); if( result != TSS_SUCCESS) goto out_close; } result = Tspi_TPM_DAA_Sign( hDAA, // in hTPM, // in (TSS_HKEY)hDaaCredential, // in revealAttributes, // in 0, // verifierBaseNameLength, // in NULL, // verifierBaseName, // in nonceVerifierLength, // in nonceVerifier, // in signData, // in &daaSignature // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("TPM_DAA_Sign return daaSignature [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); // generate attributes list but without copying the not revealed ones attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength); for( i=0; i < (int)(hDaaCredential->attributesLength); i++) { if( revealAttributes.indicesList[i]) { attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8); memcpy( attributes[i], hDaaCredential->attributes[i], DAA_PARAM_SIZE_F_I / 8); } else { attributes[i] = NULL; } } result = Tspi_DAA_VerifySignature( hDAA, // in daaSignature, // in (TSS_HKEY)&(hDaaCredential->issuerPK), // in signData, // in hDaaCredential->attributesLength, // in attributes, // in nonceVerifierLength, // in nonceVerifier, // in 0, //baseNameLength, //in NULL, // in &isCorrect // out ); printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no")); out_close: EVP_MD_CTX_destroy(mdctx); if( attributes != NULL) { for( i=0; i<(int)hDaaCredential->attributesLength; i++) { if( attributes[i] != NULL) free( attributes[i]); } free( attributes); } if( random != NULL) bi_free_ptr( random); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); out: bi_release(); LogDebug("THE END result=%d:%s",result, err_string( result) );; return result; }
main_v1_1(void){ char *nameOfFunction = "policy_no_secret"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_BOOL allowMaint = FALSE; BYTE *randomData; TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); #ifdef TESTSUITE_NOAUTH_SRK print_NA(); print_end_test(nameOfFunction); exit(0); #endif //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Policy Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Assign new policy w/o secret to the SRK object result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create child key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND| TSS_KEY_NO_AUTHORIZATION, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } // Attempt to use the SRK w/o putting a secret in its policy result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Key creation w/o parent secret set", result); print_error(nameOfFunction, result); Tspi_Context_Close(hContext); exit(result); } else { print_success("Key creation w/o parent secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } // With a secret set, this should work OK result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_Close(hContext); exit(result); } // Try an owner auth'd command w/o secret result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_Close(hContext); exit(result); } //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Tspi_TPM_GetStatus w/o owner secret set", result); Tspi_Context_Close(hContext); exit(result); } else { print_success("TPM_GetStatus w/o owner secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_GetStatus", result); Tspi_Context_Close(hContext); exit(result); } print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); }
int main_v1_1( void ) { char *function = "Tspi_GetPolicyObject01"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_RESULT result; UINT32 exitCode; TSS_HPOLICY srkUsagePolicy; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); Tspi_Context_Close( hContext ); exit( result ); } //Get Policy Object result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &srkUsagePolicy ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); print_end_test( function ); Tspi_Context_Close( hContext ); exit(result); } else { print_error_nonapi( function, result ); print_end_test( function ); Tspi_Context_Close( hContext ); exit(result); } } else { print_success( function, result ); exitCode = 0; } print_end_test( function ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main(int argc, char ** argv) { FILE * file; size_t res; rom_hdr_t hdr; TSS_RESULT result; char pathrom[256] = ""; TSS_HKEY hSRK; TSS_HPOLICY pSRK; TSS_HKEY hKey; BYTE * pubInfo; UINT32 pubInfoSize; int i; for(i = 1 ; i < argc ; i++) { if(strncmp("-f", argv[i], sizeof("-f")) == 0) { if(i + 1 >= argc) { usage(); return 1; } snprintf(pathrom, sizeof(pathrom), "%s", argv[i + 1]); pathrom[sizeof(pathrom) - 1] = 0; i++; } else { usage(); return 1; } } if(pathrom[0] == 0) { char * home=getenv("HOME"); if(home == NULL) { fprintf(stderr, "No $HOME environment variable defined\n"); return 1; } snprintf(pathrom, sizeof(pathrom), "%s/.dtex/rom.bin", home); pathrom[sizeof(pathrom) - 1] = 0; } file = fopen(pathrom, "rb"); if(file == NULL) { fprintf(stderr, "Can't open rom file\n"); return 1; } res = fread(&hdr, sizeof(hdr), 1, file); if(res != 1) { fprintf(stderr, "Can't read rom file\n"); fclose(file); return 1; } fclose(file); //Creation of the TSS Context result = Tspi_Context_Create(&hContext); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_Create", result); res = 1; goto err; } //Connection to the TSS Context result = Tspi_Context_Connect(hContext, NULL); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_Connext", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); res = 1; goto err; } // Create object key in order to put the public key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_EMPTY_KEY, &hKey); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_LoadKeyByBlob", result); res = 1; goto err; } result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, hdr.tpmsignkey_size, hdr.tpmsignkey_blob); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_SetAttribData", result); res = 1; goto err; } result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &pubInfoSize, &pubInfo); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_GetAttribData", result); res = 1; goto err; } if(fwrite(pubInfo, pubInfoSize, 1, stdout) != 1) { fprintf(stderr, "Write error\n"); res = 1; goto err; } result = Tspi_Context_FreeMemory(hContext, pubInfo); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_FreeMemory", result); res = 1; goto err; } res = 0; err: //Close TSS session Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return res; }
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig) { static const TSS_UUID SRK_UUID = TSS_UUID_SRK; gnutls_datum_t asn1; unsigned int tss_len; char *pass; int ofs, err; err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Error decoding TSS key blob: %s\n"), gnutls_strerror(err)); return -EINVAL; } /* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */ if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = asn1.data[1]; ofs = 2; if (tss_len & 0x80) { int lenlen = tss_len & 0x7f; if (asn1.size < 2 + lenlen || lenlen > 3) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = 0; while (lenlen) { tss_len <<= 8; tss_len |= asn1.data[ofs++]; lenlen--; } } if (tss_len + ofs != asn1.size) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } err = Tspi_Context_Create(&vpninfo->tpm_context); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create TPM context: %s\n"), Trspi_Error_String(err)); goto out_blob; } err = Tspi_Context_Connect(vpninfo->tpm_context, NULL); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to connect TPM context: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM, SRK_UUID, &vpninfo->srk); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK key: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK policy object: %s\n"), Trspi_Error_String(err)); goto out_srk; } pass = vpninfo->cert_password; vpninfo->cert_password = NULL; while (1) { static const char nullpass[20]; /* We don't seem to get the error here... */ if (pass) err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (BYTE *)pass); else /* Well-known NULL key */ err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_SHA1, sizeof(nullpass), (BYTE *)nullpass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM PIN: %s\n"), Trspi_Error_String(err)); goto out_srkpol; } free(pass); /* ... we get it here instead. */ err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk, tss_len, asn1.data + ofs, &vpninfo->tpm_key); if (!err) break; if (pass) vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM key blob: %s\n"), Trspi_Error_String(err)); if (err != TPM_E_AUTHFAIL) goto out_srkpol; err = request_passphrase(vpninfo, "openconnect_tpm_srk", &pass, _("Enter TPM SRK PIN:")); if (err) goto out_srkpol; } #ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY gnutls_privkey_init(pkey); /* This would be nicer if there was a destructor callback. I could allocate a data structure with the TPM handles and the vpninfo pointer, and destroy that properly when the key is destroyed. */ gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0); #else *pkey = OPENCONNECT_TPM_PKEY; #endif retry_sign: err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig); if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) { if (!vpninfo->tpm_key_policy) { err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &vpninfo->tpm_key_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create key policy object: %s\n"), Trspi_Error_String(err)); goto out_key; } err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy, vpninfo->tpm_key); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to assign policy to key: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } } err = request_passphrase(vpninfo, "openconnect_tpm_key", &pass, _("Enter TPM key PIN:")); if (err) goto out_key_policy; err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (void *)pass); free (pass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set key PIN: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } goto retry_sign; } free (asn1.data); return 0; out_key_policy: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy); vpninfo->tpm_key_policy = 0; out_key: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key); vpninfo->tpm_key = 0; out_srkpol: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy); vpninfo->srk_policy = 0; out_srk: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk); vpninfo->srk = 0; out_context: Tspi_Context_Close(vpninfo->tpm_context); vpninfo->tpm_context = 0; out_blob: free (asn1.data); return -EIO; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }