int do_pcr_extend(int pcr, BYTE *data, size_t data_len) {
TSS_RESULT ret;
TSS_HCONTEXT context;
TSS_HTPM tpm;
BYTE *new_pcr_value;
unsigned int new_pcr_value_len;
assert(data_len == 20);
ret = Tspi_Context_Create(&context);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "ERROR: failed to get TSS context: %d\n", ret);
return 1;
}
ret = Tspi_Context_Connect(context, NULL);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "ERROR: failed to connect to TSS daemon: %d\n", ret);
return 1;
}
ret = Tspi_Context_GetTpmObject(context, &tpm);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "ERROR: failed to get TPM object: %d\n", ret);
return 1;
}
ret = Tspi_TPM_PcrExtend(tpm, pcr, data_len, data, NULL /* event */,
&new_pcr_value_len, &new_pcr_value);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "ERROR: PCR extend fails with code %d\n", ret);
return 1;
}
/* this will free new_pcr_value */
Tspi_Context_Close(context);
return 0;
}
int
tpm_preamble(TSS_HCONTEXT *hContext, TSS_HOBJECT *hTPM)
{
TSS_RESULT ret;
ret = Tspi_Context_Create(hContext);
if (ret) {
print_error(ret, gettext("Create context"));
return (ERR_FAIL);
}
ret = Tspi_Context_Connect(*hContext, NULL);
if (ret) {
print_error(ret, gettext("Connect context"));
(void) Tspi_Context_Close(*hContext);
return (ERR_FAIL);
}
ret = Tspi_Context_GetTpmObject(*hContext, hTPM);
if (ret) {
print_error(ret, gettext("Get TPM object"));
(void) Tspi_Context_Close(*hContext);
return (ERR_FAIL);
}
return (0);
}
void getrandombytes(
unsigned long bytes_size,
unsigned char *&output_value)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//get random bytes
BYTE *bytes_value;
result = Tspi_TPM_GetRandom(htpm, bytes_size, &bytes_value);
if(result != TSS_SUCCESS) throw libhis_exception("Get Random Bytes", result);
//copy C-style output into C++ format
output_value = new unsigned char[bytes_size];
for(unsigned long i = 0; i < bytes_size; i++)
{
output_value[i] = bytes_value[i];
}
//clean up random bytes
result = Tspi_Context_FreeMemory(hcontext, bytes_value);
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup bytes", result);
return;
}
int
main_v1_1( void )
{
char *function = "Tspi_TPM_StirRandom02";
BYTE entropy;
TSS_HCONTEXT hContext;
TSS_HTPM whTPM = -1;
TSS_RESULT result;
UINT32 exitCode = 0;
print_begin_test( function );
// seed entropy with time
srand( time(0) );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
entropy = ( rand() % 100 );
//Get random number
result = Tspi_TPM_StirRandom( whTPM, 16, &entropy );
if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
}
else
{
print_error_nonapi( function, result );
}
exitCode = result;
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
main_v1_1(void){
char *nameOfFunction = "Tspi_GetAttribData09";
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HKEY hSRK;
BYTE* BLOB;
UINT32 BlobLength;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key by UUID for SRK
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Call GetAttribData
result = Tspi_GetAttribData(hSRK, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
&BlobLength, &BLOB);
if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
}
main_v1_2(char version){
char *nameOfFunction = "Tspi_TPM_OwnerGetSRKPubKey01";
TSS_RESULT result;
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HKEY hSRK;
TSS_HPOLICY hPolicy;
UINT32 pulPubKeyLength;
BYTE *prgbPubKey;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
exit(result);
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS ) {
print_error( "Tspi_GetPolicyObject", result );
return result;
}
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if ( result != TSS_SUCCESS ) {
print_error( "Tspi_Policy_SetSecret", result );
return result;
}
//Get SRK Public Key
result = Tspi_TPM_OwnerGetSRKPubKey(hTPM, &pulPubKeyLength, &prgbPubKey);
if (result != TSS_SUCCESS) {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(0);
}
}
int main(int argc,char **argv)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_RESULT result;
TSS_HKEY hSRK=0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID=TSS_UUID_SRK;
BYTE wks[20]; //For the well known secret
// Set wks to the well known secret: 20 bytes of all 0’s
memset(wks,0,20);
//Pick the TPM you are talking to.
// In this case, it is the system TPM (indicated with NULL).
result = Tspi_Context_Create( &hContext);
DBG("Create Context",result);
result = Tspi_Context_Connect(hContext, NULL);
DBG("Context Connect�",result);
// Get the TPM handle
result=Tspi_Context_GetTpmObject(hContext,&hTPM);
DBG("Get TPM Handle",result);
// Get the SRK handle
result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK);
DBG("Got the SRK handle�", result);
//Get the SRK policy
result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy);
DBG("Got the SRK policy",result);
//Then set the SRK policy to be the well known secret
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks);
//Note: TSS SECRET MODE SHA1 says ”Don’t hash this.
// Use the 20 bytes as they are.
DBG("Set the SRK secret in its policy",result);
//Do something usefull
TSS_UUID MY_UUID=BACKUP_KEY_UUID;
TSS_HKEY hESS_Bind_Key;
result=Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key);
DBG("Get key handle", result);
printf("Unregistering key\r\n");
result=Tspi_Context_UnregisterKey(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key);
DBG("Unregister key",result);
//Done doing something usefull
// Context Close(hobjects you have created);
Tspi_Context_FreeMemory(hContext,NULL);
// This frees up memory automatically allocated for you.
Tspi_Context_Close(hContext);
return 0;
}
static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password)
{
int err, ret;
err = Tspi_Context_Create(&s->tpm_ctx);
if (err) {
gnutls_assert();
return tss_err(err);
}
err = Tspi_Context_Connect(s->tpm_ctx, NULL);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_tspi_ctx;
}
err =
Tspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM,
srk_uuid, &s->srk);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_tspi_ctx;
}
err =
Tspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_srk;
}
err = myTspi_Policy_SetSecret(s->srk_policy,
SAFE_LEN(srk_password),
(BYTE *) srk_password);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_srkpol;
}
return 0;
out_srkpol:
Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy);
s->srk_policy = 0;
out_srk:
Tspi_Context_CloseObject(s->tpm_ctx, s->srk);
s->srk = 0;
out_tspi_ctx:
Tspi_Context_Close(s->tpm_ctx);
s->tpm_ctx = 0;
return ret;
}
main_v1_1(void){
char *nameOfFunction = "Tspi_TPM_SelfTestFull02";
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HTPM hTPM;
print_begin_test(nameOfFunction);
//Create Result
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Result
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Self Test
result = Tspi_TPM_SelfTestFull(-1);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
}
int
main_v1_1(void){
char *nameOfFunction = "Tspi_Context_CreateObject02";
TSS_HCONTEXT hContext;
TSS_HKEY hSignatureKey;
TSS_RESULT result;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH,
TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING |
TSS_KEY_MIGRATABLE, &hSignatureKey);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_OBJECT_INITFLAG){
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hSignatureKey);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hSignatureKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hSignatureKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
int
main_v1_1( void )
{
char *function = "Tspi_Context_FreeMemory02";
BYTE random;
TSS_HCONTEXT hContext;
TSS_HCONTEXT whContext = -1;
TSS_RESULT result;
UINT32 exitCode = 0;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_Close( hContext );
exit( result );
}
// Free selected memory
result = Tspi_Context_FreeMemory( whContext, &random );
if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = result;
}
else
{
print_error_nonapi( function, result );
exitCode = result;
}
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int main_v1_1(void)
{
char *function = "Tspi_Hash_GetHashValue04";
TSS_HCONTEXT hContext;
TSS_HHASH hHash;
UINT32 ulHashValueLength, exitCode = 0;
BYTE *rgbHashValue, hashBuf[20];
TSS_RESULT result;
print_begin_test(function);
// Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
// Connect to Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH,
TSS_HASH_SHA1, &hHash);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hash)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Hash_GetHashValue(hHash, &ulHashValueLength,
&rgbHashValue);
if (TSS_ERROR_CODE(result) != TSS_E_HASH_NO_DATA) {
if (!(checkNonAPI(result))) {
print_error(function, result);
} else {
print_error_nonapi(function, result);
}
exitCode = result;
} else {
print_success(function, result);
}
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(exitCode);
}
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_TPM_ReadCounter03";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_RESULT result;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
exit(result);
}
//GetTPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTPMObject", result);
exit(result);
}
// Read Counter
result = Tspi_TPM_ReadCounter(hTPM, NULL);
if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
}
main_v1_1(void){
char *nameOfFunction = "Tspi_TPM_GetEvents03";
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_PCR_EVENT* prgPcrEvents;
print_begin_test(nameOfFunction);
//Create Result
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Result
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject ", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Events
result = Tspi_TPM_GetEvents(-1, -1, -1, &hContext, &prgPcrEvents);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(0);
}
}
int main_v1_1(void)
{
TSS_RESULT result;
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
BYTE pcrValue[] = "01234567890123456789";
UINT32 ulPcrValLen = 20;
BYTE *newPcrValue;
UINT32 ulnewPcrValLen;
// Create Context
result = Tspi_Context_Create(&hContext);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_Create", result);
exit(result);
}
// Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Get TPM Object
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
printf("ulPcrValLen:%d\n", ulPcrValLen);
// Call PcrExtend
result = Tspi_TPM_PcrExtend(hTPM, 15, ulPcrValLen, pcrValue,
NULL, &ulnewPcrValLen, &newPcrValue);
if (TSS_SUCCESS != result) {
print_error("Tspi_TPM_PcrExtend", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
printf("\nSuccess\n");
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
void changeownership(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *auth_new_value,
unsigned long auth_new_size,
bool auth_new_sha1)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
//set up new auth
if(auth_new_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
}
//change the TPM secret
result = Tspi_ChangeAuth(htpm, 0, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result);
return;
}
int
main(int argc, char **argv)
{
TSS_HKEY hSRK, hKey;
TSS_UUID srkUUID = TSS_UUID_SRK;
TSS_HPOLICY srkpol, hTPMPolicy;
TSS_HTPM hTPM;
TSS_PCR_EVENT event;
BYTE *pcr;
int ret, i, pcri;
uint32_t size;
char rub[20] = "BLAHBLAHBLAHBLAHBLAH";
if (argc != 2)
usage(argv[0]);
pcri = atoi(argv[1]);
if (pcri < 0 || pcri > 23)
errx(1, "PCR out of range (0-16) (no extending to dynamic PCRS this way)\n");
memset(&event, 0, sizeof(event));
event.ulPcrIndex = pcri;
/* create context and connect */
ret = Tspi_Context_Create(&hContext);
check("context create", ret);
ret = Tspi_Context_Connect(hContext, NULL);
check("context connect", ret);
ret = Tspi_Context_GetTpmObject(hContext, &hTPM);
check("get policy object", ret);
ret = Tspi_TPM_PcrExtend(hTPM, pcri, 20, rub, &event, &size, &pcr);
check("pcr extend", ret);
printf("pcr %d is now: \n", pcri);
for (i = 0; i < size; i++)
printf("%x ", pcr[i]);
printf("\n");
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
main_v1_2(char version){
char *nameOfFunction = "Tspi_TPM_OwnerGetSRKPubKey02";
TSS_RESULT result;
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HPOLICY hPolicy;
UINT32 pulPubKeyLength;
BYTE *prgbPubKey;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
exit(result);
}
//Get SRK Public Key
result = Tspi_TPM_OwnerGetSRKPubKey(0xffffffff, &pulPubKeyLength, &prgbPubKey);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);}
} else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(0);
}
}
int main_v1_1(void)
{
char *function = "Tspi_Hash_UpdateHashValue02";
TSS_HCONTEXT hContext;
TSS_HHASH whHash = -1;
TSS_RESULT result;
UINT32 exitCode = 0;
print_begin_test(function);
// Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
// Connect to Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Hash_UpdateHashValue(whHash, 24,
"Je pense, danc je suis.");
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if (!(checkNonAPI(result))) {
print_error(function, result);
} else {
print_error_nonapi(function, result);
}
exitCode = result;
} else {
print_success(function, result);
}
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(exitCode);
}
int
main_v1_1(void){
char *nameOfFunction = "Tspi_Context_Close03";
TSS_HCONTEXT hContext;
TSS_RESULT result;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS){
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Close Context
result = Tspi_Context_Close(-1);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
exit(0);
}
}
TSS_RESULT extend_pcr (const char * buf, const int len)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_HPOLICY hOwnerPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE passcode[20];
memset(passcode,0,20);
memcpy (passcode, buf, len);
UINT32 ulNewPcrValueLength;
BYTE* NewPcrValue;
result = Tspi_Context_Create (&hContext);
DBG(" Create a Context\n",result);
result = Tspi_Context_Connect (hContext, NULL);
DBG(" Connect to TPM\n", result);
// Get the TPM handle
result = Tspi_Context_GetTpmObject (hContext, &hTPM);
DBG(" Get TPM Handle\n",result);
result = Tspi_GetPolicyObject (hTPM, TSS_POLICY_USAGE, &hOwnerPolicy);
DBG( " Owner Policy\n", result);
result = Tspi_TPM_PcrExtend (hTPM,
9,
sizeof(passcode),
passcode,
NULL,
&ulNewPcrValueLength,
&NewPcrValue);
DBG(" extend\n",result);
return result;
}
/**
* gnutls_tpm_get_registered:
* @list: a list to store the keys
*
* This function will get a list of stored keys in the TPM. The uuid
* of those keys
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int gnutls_tpm_get_registered(gnutls_tpm_key_list_t * list)
{
TSS_RESULT tssret;
int ret;
*list = gnutls_calloc(1, sizeof(struct tpm_key_list_st));
if (*list == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
tssret = Tspi_Context_Create(&(*list)->tpm_ctx);
if (tssret) {
gnutls_assert();
ret = tss_err(tssret);
goto cleanup;
}
tssret = Tspi_Context_Connect((*list)->tpm_ctx, NULL);
if (tssret) {
gnutls_assert();
ret = tss_err(tssret);
goto cleanup;
}
tssret =
Tspi_Context_GetRegisteredKeysByUUID2((*list)->tpm_ctx,
TSS_PS_TYPE_SYSTEM, NULL,
&(*list)->size,
&(*list)->ki);
if (tssret) {
gnutls_assert();
ret = tss_err(tssret);
goto cleanup;
}
return 0;
cleanup:
gnutls_tpm_key_list_deinit(*list);
return ret;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
//By default SRK is 20bytes 0
//takeownership -z
BYTE wks[20];
memset(wks,0,20);
//At the beginning
//Create context and get tpm handle
result =Tspi_Context_Create(&hContext);
DBG("Create a context\n", result);
result=Tspi_Context_Connect(hContext, NULL);
DBG("Connect to TPM\n", result);
result=Tspi_Context_GetTpmObject(hContext, &hTPM);
DBG("Get TPM handle\n", result);
//Get SRK handle
//This operation need SRK secret when you takeownership
//if takeownership -z the SRK is wks by default
result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
DBG("Get SRK handle\n", result);
result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
DBG("Get SRK Policy\n", result);
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20, wks);
DBG("Tspi_Policy_SetSecret\n", result);
//At the end of program
//Cleanup some object
result = Tspi_Context_FreeMemory(hContext, NULL);
DBG("Tspi Context Free Memory\n", result);
result = Tspi_Context_Close(hContext);
DBG("Tspi Context Close\n", result);
return 0;
}
int
main_v1_2( char version )
{
char *function = "Tspi_TPM_GetCapability16";
UINT32 pulRespDataLength;
BYTE *pRetData;
UINT32 subCap, subCapLength, numPcrs;
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_RESULT result;
UINT32 exitCode;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Retrieve TPM object of context
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
subCap = TSS_TPMCAP_PROP_TRANSESSIONS;
subCapLength = sizeof(UINT32);
result = Tspi_TPM_GetCapability( hTPM, TSS_TPMCAP_PROPERTY,
subCapLength, (BYTE *)&subCap,
&pulRespDataLength,
&pRetData );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
print_success( function, result );
exitCode = 0;
if (pulRespDataLength == sizeof(UINT32))
fprintf(stderr, "\tThere are %u available transport sessions in this TPM\n\n",
*(UINT32 *)pRetData );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int main(int argc, char *argv[]) {
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
char *credential_filename = DEFAULT_CREDENTIAL_FILENAME;
UINT32 nonceVerifierLength;
BYTE *nonceVerifier;
TSS_HDAA hDAA;
TSS_DAA_CREDENTIAL *hDaaCredential;
TSS_DAA_SIGN_DATA signData;
TSS_DAA_SIGNATURE daaSignature;
TSS_DAA_SELECTED_ATTRIB revealAttributes;
char *szTpmPasswd = DEFAULT_OWN_PASSWD;
char *message = NULL;
BYTE **attributes = NULL;
FILE *file;
char *param;
int i, length, rv;
bi_ptr random = NULL;
TSS_BOOL isCorrect;
EVP_MD_CTX *mdctx;
TSS_HKEY hKEY;
init_tss_version( &signData);
init_tss_version( &daaSignature);
init_tss_version( &revealAttributes);
i = 1;
while( i < argc) {
param = argv[ i];
if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) {
i++;
if( i == argc) return print_usage( argv[0]);
message = argv[i];
} else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){
i++;
if( i == argc) return print_usage( argv[0]);
credential_filename = argv[i];
} else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){
i++;
if( i == argc) return print_usage( argv[0]);
szTpmPasswd = argv[i];
} else {
fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param);
return print_usage( argv[0]);
}
i++;
}
bi_init( NULL);
printf("Loading credential: %s ", credential_filename);
file = fopen( credential_filename, "r");
if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) {
LogError( "[test_join]: Error when loading \'%s\': %s\n",
credential_filename,
strerror( errno));
result = TSS_E_FAIL;
goto out_close;
}
fclose( file);
printf("Done\n");
// Create Context
LogDebug("Create Context");
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
LogError( "Tspi_Context_Create %d\n", result );
goto out;
}
// Connect to Context
result = Tspi_Context_Connect( hContext, NULL );
if ( result != TSS_SUCCESS) goto out_close;
printf("\nConnect to the context: %X\n", hContext);
if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS)
goto out_close;
// Get the correct policy using the TPM ownership PASSWD
if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS)
goto out_close;
if( (result = Tspi_Policy_SetSecret( hPolicy,
TSS_SECRET_MODE_PLAIN,
strlen( szTpmPasswd),
szTpmPasswd)) != TSS_SUCCESS)
goto out_close;
LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy);
//Create Object
result = obj_daa_add( hContext, &hDAA);
if (result != TSS_SUCCESS) {
LogError("Tspi_Context_CreateObject:%d", result);
Tspi_Context_Close(hContext);
LogError("%s: %s", argv[0], err_string(result));
exit(result);
}
LogDebug("created DAA object:%X", hDAA);
// TODO: verifier base name ??
result = Tspi_DAA_VerifyInit(
hDAA, // in
&nonceVerifierLength, // out
&nonceVerifier, // out
0, //baseNameLength, // out
NULL //baseName // out
);
if (result != TSS_SUCCESS) goto out_close;
LogDebug("Verify Init return nonceVerifier [%s]",
dump_byte_array( nonceVerifierLength, nonceVerifier));
create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0);
mdctx = EVP_MD_CTX_create();
// create the TSS_DAA_SIGN_DATA struct
// .selector: 0 -> payload contains a handle to an AIK
// 1 -> payload contains a hashed message
if( message != NULL) {
signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH;
signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH;
EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest());
EVP_DigestUpdate(mdctx, (BYTE *)message, strlen( message));
signData.payloadLength = EVP_MD_CTX_size(mdctx);
signData.payload = (BYTE *)EVP_MD_CTX_create();
EVP_DigestFinal(mdctx, signData.payload, NULL);
} else {
signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY;
result = Tspi_Context_CreateObject(
hContext, // in
TSS_OBJECT_TYPE_RSAKEY, // in
TSS_KEY_SIZE_2048, // in
&hKEY // out
);
if( result != TSS_SUCCESS) goto out_close;
}
result = Tspi_TPM_DAA_Sign(
hDAA, // in
hTPM, // in
(TSS_HKEY)hDaaCredential, // in
revealAttributes, // in
0, // verifierBaseNameLength, // in
NULL, // verifierBaseName, // in
nonceVerifierLength, // in
nonceVerifier, // in
signData, // in
&daaSignature // out
);
if (result != TSS_SUCCESS) goto out_close;
LogDebug("TPM_DAA_Sign return daaSignature [%s]",
dump_byte_array( nonceVerifierLength, nonceVerifier));
// generate attributes list but without copying the not revealed ones
attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength);
for( i=0; i < (int)(hDaaCredential->attributesLength); i++) {
if( revealAttributes.indicesList[i]) {
attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8);
memcpy( attributes[i],
hDaaCredential->attributes[i],
DAA_PARAM_SIZE_F_I / 8);
} else {
attributes[i] = NULL;
}
}
result = Tspi_DAA_VerifySignature(
hDAA, // in
daaSignature, // in
(TSS_HKEY)&(hDaaCredential->issuerPK), // in
signData, // in
hDaaCredential->attributesLength, // in
attributes, // in
nonceVerifierLength, // in
nonceVerifier, // in
0, //baseNameLength, //in
NULL, // in
&isCorrect // out
);
printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no"));
out_close:
EVP_MD_CTX_destroy(mdctx);
if( attributes != NULL) {
for( i=0; i<(int)hDaaCredential->attributesLength; i++) {
if( attributes[i] != NULL) free( attributes[i]);
}
free( attributes);
}
if( random != NULL) bi_free_ptr( random);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
out:
bi_release();
LogDebug("THE END result=%d:%s",result, err_string( result) );;
return result;
}
main_v1_1(void){
char *nameOfFunction = "policy_no_secret";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_BOOL allowMaint = FALSE;
BYTE *randomData;
TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy;
print_begin_test(nameOfFunction);
#ifdef TESTSUITE_NOAUTH_SRK
print_NA();
print_end_test(nameOfFunction);
exit(0);
#endif
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Policy Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Assign new policy w/o secret to the SRK object
result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create child key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND|
TSS_KEY_NO_AUTHORIZATION, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Attempt to use the SRK w/o putting a secret in its policy
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Key creation w/o parent secret set", result);
print_error(nameOfFunction, result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("Key creation w/o parent secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
// With a secret set, this should work OK
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Try an owner auth'd command w/o secret
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Policy Object
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Tspi_TPM_GetStatus w/o owner secret set", result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("TPM_GetStatus w/o owner secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_GetStatus", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
int
main_v1_1( void )
{
char *function = "Tspi_GetPolicyObject01";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_RESULT result;
UINT32 exitCode;
TSS_HPOLICY srkUsagePolicy;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
Tspi_Context_Close( hContext );
exit( result );
}
//Get Policy Object
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
print_end_test( function );
Tspi_Context_Close( hContext );
exit(result);
}
else
{
print_error_nonapi( function, result );
print_end_test( function );
Tspi_Context_Close( hContext );
exit(result);
}
}
else
{
print_success( function, result );
exitCode = 0;
}
print_end_test( function );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int main(int argc, char ** argv) {
FILE * file;
size_t res;
rom_hdr_t hdr;
TSS_RESULT result;
char pathrom[256] = "";
TSS_HKEY hSRK;
TSS_HPOLICY pSRK;
TSS_HKEY hKey;
BYTE * pubInfo;
UINT32 pubInfoSize;
int i;
for(i = 1 ; i < argc ; i++) {
if(strncmp("-f", argv[i], sizeof("-f")) == 0) {
if(i + 1 >= argc) {
usage();
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s", argv[i + 1]);
pathrom[sizeof(pathrom) - 1] = 0;
i++;
} else {
usage();
return 1;
}
}
if(pathrom[0] == 0) {
char * home=getenv("HOME");
if(home == NULL) {
fprintf(stderr, "No $HOME environment variable defined\n");
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s/.dtex/rom.bin", home);
pathrom[sizeof(pathrom) - 1] = 0;
}
file = fopen(pathrom, "rb");
if(file == NULL) {
fprintf(stderr, "Can't open rom file\n");
return 1;
}
res = fread(&hdr, sizeof(hdr), 1, file);
if(res != 1) {
fprintf(stderr, "Can't read rom file\n");
fclose(file);
return 1;
}
fclose(file);
//Creation of the TSS Context
result = Tspi_Context_Create(&hContext);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Create", result);
res = 1;
goto err;
}
//Connection to the TSS Context
result = Tspi_Context_Connect(hContext, NULL);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Connext", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
res = 1;
goto err;
}
// Create object key in order to put the public key
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_EMPTY_KEY, &hKey);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_LoadKeyByBlob", result);
res = 1;
goto err;
}
result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, hdr.tpmsignkey_size, hdr.tpmsignkey_blob);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_SetAttribData", result);
res = 1;
goto err;
}
result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &pubInfoSize, &pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_GetAttribData", result);
res = 1;
goto err;
}
if(fwrite(pubInfo, pubInfoSize, 1, stdout) != 1) {
fprintf(stderr, "Write error\n");
res = 1;
goto err;
}
result = Tspi_Context_FreeMemory(hContext, pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_FreeMemory", result);
res = 1;
goto err;
}
res = 0;
err:
//Close TSS session
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return res;
}
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig)
{
static const TSS_UUID SRK_UUID = TSS_UUID_SRK;
gnutls_datum_t asn1;
unsigned int tss_len;
char *pass;
int ofs, err;
err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Error decoding TSS key blob: %s\n"),
gnutls_strerror(err));
return -EINVAL;
}
/* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */
if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = asn1.data[1];
ofs = 2;
if (tss_len & 0x80) {
int lenlen = tss_len & 0x7f;
if (asn1.size < 2 + lenlen || lenlen > 3) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = 0;
while (lenlen) {
tss_len <<= 8;
tss_len |= asn1.data[ofs++];
lenlen--;
}
}
if (tss_len + ofs != asn1.size) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
err = Tspi_Context_Create(&vpninfo->tpm_context);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create TPM context: %s\n"),
Trspi_Error_String(err));
goto out_blob;
}
err = Tspi_Context_Connect(vpninfo->tpm_context, NULL);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to connect TPM context: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &vpninfo->srk);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK key: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK policy object: %s\n"),
Trspi_Error_String(err));
goto out_srk;
}
pass = vpninfo->cert_password;
vpninfo->cert_password = NULL;
while (1) {
static const char nullpass[20];
/* We don't seem to get the error here... */
if (pass)
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (BYTE *)pass);
else /* Well-known NULL key */
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_SHA1,
sizeof(nullpass), (BYTE *)nullpass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set TPM PIN: %s\n"),
Trspi_Error_String(err));
goto out_srkpol;
}
free(pass);
/* ... we get it here instead. */
err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk,
tss_len, asn1.data + ofs,
&vpninfo->tpm_key);
if (!err)
break;
if (pass)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM key blob: %s\n"),
Trspi_Error_String(err));
if (err != TPM_E_AUTHFAIL)
goto out_srkpol;
err = request_passphrase(vpninfo, "openconnect_tpm_srk",
&pass, _("Enter TPM SRK PIN:"));
if (err)
goto out_srkpol;
}
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY
gnutls_privkey_init(pkey);
/* This would be nicer if there was a destructor callback. I could
allocate a data structure with the TPM handles and the vpninfo
pointer, and destroy that properly when the key is destroyed. */
gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0);
#else
*pkey = OPENCONNECT_TPM_PKEY;
#endif
retry_sign:
err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig);
if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) {
if (!vpninfo->tpm_key_policy) {
err = Tspi_Context_CreateObject(vpninfo->tpm_context,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&vpninfo->tpm_key_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create key policy object: %s\n"),
Trspi_Error_String(err));
goto out_key;
}
err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy,
vpninfo->tpm_key);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to assign policy to key: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
}
err = request_passphrase(vpninfo, "openconnect_tpm_key",
&pass, _("Enter TPM key PIN:"));
if (err)
goto out_key_policy;
err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (void *)pass);
free (pass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set key PIN: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
goto retry_sign;
}
free (asn1.data);
return 0;
out_key_policy:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy);
vpninfo->tpm_key_policy = 0;
out_key:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key);
vpninfo->tpm_key = 0;
out_srkpol:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy);
vpninfo->srk_policy = 0;
out_srk:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk);
vpninfo->srk = 0;
out_context:
Tspi_Context_Close(vpninfo->tpm_context);
vpninfo->tpm_context = 0;
out_blob:
free (asn1.data);
return -EIO;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
