void tc_create_policy(TSS_HCONTEXT hContext, UINT32 type, UINT32 flags, TSS_HOBJECT hObject) { TSS_HPOLICY hPolicy; TSS_RESULT result; //Create Policy Object tc_create_object(hContext, type, flags, &hPolicy); //Set Policy Secret result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Assign Policy to Object (Key) result = Tspi_Policy_AssignToObject(hPolicy, hObject); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } }
void changeownership( unsigned char *auth_tpm_value, unsigned long auth_tpm_size, bool auth_tpm_sha1, unsigned char *auth_new_value, unsigned long auth_new_size, bool auth_new_sha1) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //set up TPM auth if(auth_tpm_sha1) { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); } //assign the TPM auth result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); //set up new auth if(auth_new_sha1) { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); } //change the TPM secret result = Tspi_ChangeAuth(htpm, 0, hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result); return; }
static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, UI_METHOD *ui, void *cb_data) { ASN1_OCTET_STRING *blobstr; TSS_HKEY hKey; TSS_RESULT result; UINT32 authusage; RSA *rsa; EVP_PKEY *pkey; BIO *bf; DBG("%s", __FUNCTION__); if (!key_id) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (!tpm_load_srk(ui, cb_data)) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_SRK_LOAD_FAILED); return NULL; } if ((bf = BIO_new_file(key_id, "r")) == NULL) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_FILE_NOT_FOUND); return NULL; } blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING, "TSS KEY BLOB", bf, NULL, NULL, NULL); if (!blobstr) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_FILE_READ_FAILED); BIO_free(bf); return NULL; } BIO_free(bf); DBG("Loading blob of size: %d", blobstr->length); if ((result = Tspi_Context_LoadKeyByBlob(hContext, hSRK, blobstr->length, blobstr->data, &hKey))) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } ASN1_OCTET_STRING_free(blobstr); if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &authusage))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } if (authusage) { TSS_HPOLICY hPolicy; BYTE *auth; if ((auth = calloc(1, 128)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } if (!tpm_engine_get_auth(ui, (char *)auth, 128, "TPM Key Password: ", cb_data)) { Tspi_Context_CloseObject(hContext, hKey); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolicy))) { Tspi_Context_CloseObject(hContext, hKey); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Policy_AssignToObject(hPolicy, hKey))) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_CloseObject(hContext, hPolicy); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, strlen((char *)auth), auth))) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_CloseObject(hContext, hPolicy); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } free(auth); } /* create the new objects to return */ if ((pkey = EVP_PKEY_new()) == NULL) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } pkey->type = EVP_PKEY_RSA; if ((rsa = RSA_new()) == NULL) { EVP_PKEY_free(pkey); Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } rsa->meth = &tpm_rsa; /* call our local init function here */ rsa->meth->init(rsa); pkey->pkey.rsa = rsa; if (!fill_out_rsa_object(rsa, hKey)) { EVP_PKEY_free(pkey); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } EVP_PKEY_assign_RSA(pkey, rsa); return pkey; }
int tpm_load_srk(UI_METHOD *ui, void *cb_data) { TSS_RESULT result; UINT32 authusage; BYTE *auth; UINT32 auth_size; UINT32 srk_secret_mode = secret_mode; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); return 1; } if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &authusage))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if (!authusage) { DBG("SRK has no auth associated with it."); return 1; } /* If hSRKPolicy is non 0, then a policy object for the SRK has already * been set up by engine pre/post commands. Just assign it to the SRK. * Otherwise, we need to get the SRK's implicit policy and prompt for a * secret */ if (hSRKPolicy) { DBG("Found an already initialized SRK policy, using it"); if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } return 1; } if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((auth = calloc(1, 128)) == NULL) { TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); return 0; } if (!srk_zeroed) { if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", cb_data)) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); } auth_size = strlen((char *)auth); } else { auth_size = sizeof(well_known_secret); memcpy(auth, well_known_secret, auth_size); srk_secret_mode = TSS_SECRET_MODE_SHA1; } /* secret_mode is a global that may be set by engine ctrl * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, srk_secret_mode, auth_size, auth))) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } free(auth); return 1; }
int main_v1_2( char version ) { char * function = "Tspi_SetAttribUint3208"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTpmPolicy; UINT32 ordinal = TPM_ORD_CreateWrapKey, subCap, pulRespLen; TSS_RESULT result; BYTE* prgbRespData; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hTpmPolicy); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_createObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret(hTpmPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_AssignToObject(hTpmPolicy, hTPM); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_AssignToObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } /* Check if ordinal auditing is supported on this TPM */ result = Testsuite_Is_Ordinal_Supported(hTPM, TPM_ORD_SetOrdinalAuditStatus); if (result != TSS_SUCCESS) { fprintf(stderr, "%s: TPM doesn't support auditing, returning success\n", __FILE__); print_success( function, TSS_SUCCESS ); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); } //Call SetAttribUint32 result = Tspi_SetAttribUint32(hTPM, TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS, TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT, ordinal); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Call SetAttribUint32 result = Tspi_SetAttribUint32(hTPM, TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS, TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT, ordinal); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); }
static int import_tpm_key(gnutls_privkey_t pkey, const gnutls_datum_t * fdata, gnutls_tpmkey_fmt_t format, TSS_UUID * uuid, TSS_FLAG storage, const char *srk_password, const char *key_password) { int err, ret; struct tpm_ctx_st *s; gnutls_datum_t tmp_sig; s = gnutls_malloc(sizeof(*s)); if (s == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } ret = tpm_open_session(s, srk_password); if (ret < 0) { gnutls_assert(); goto out_ctx; } if (fdata != NULL) { ret = load_key(s->tpm_ctx, s->srk, fdata, format, &s->tpm_key); if (ret < 0) { gnutls_assert(); goto out_session; } } else if (uuid) { err = Tspi_Context_LoadKeyByUUID(s->tpm_ctx, storage, *uuid, &s->tpm_key); if (err) { gnutls_assert(); ret = tss_err(err); goto out_session; } } else { gnutls_assert(); ret = GNUTLS_E_INVALID_REQUEST; goto out_session; } ret = gnutls_privkey_import_ext2(pkey, GNUTLS_PK_RSA, s, tpm_sign_fn, NULL, tpm_deinit_fn, 0); if (ret < 0) { gnutls_assert(); goto out_session; } ret = gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, &nulldata, &tmp_sig); if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR) { if (!s->tpm_key_policy) { err = Tspi_Context_CreateObject(s->tpm_ctx, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &s-> tpm_key_policy); if (err) { gnutls_assert(); ret = tss_err(err); goto out_key; } err = Tspi_Policy_AssignToObject(s->tpm_key_policy, s->tpm_key); if (err) { gnutls_assert(); ret = tss_err(err); goto out_key_policy; } } err = myTspi_Policy_SetSecret(s->tpm_key_policy, SAFE_LEN(key_password), (void *) key_password); if (err) { gnutls_assert(); ret = tss_err_key(err); goto out_key_policy; } } else if (ret < 0) { gnutls_assert(); goto out_session; } return 0; out_key_policy: Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy); s->tpm_key_policy = 0; out_key: Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key); s->tpm_key = 0; out_session: tpm_close_session(s); out_ctx: gnutls_free(s); return ret; }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Key_CreateKey-trans01"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey, hWrappingKey, hSigningKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, FALSE, &hWrappingKey, &hSigningKey); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Create Policy Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(keyUsagePolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Assign policy to key result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, hSigningKey); if (result != TSS_SUCCESS) { if (!checkNonAPI(result)) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else { print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
main_v1_1(void){ char *nameOfFunction = "policy_no_secret"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_BOOL allowMaint = FALSE; BYTE *randomData; TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); #ifdef TESTSUITE_NOAUTH_SRK print_NA(); print_end_test(nameOfFunction); exit(0); #endif //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Policy Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Assign new policy w/o secret to the SRK object result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create child key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND| TSS_KEY_NO_AUTHORIZATION, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } // Attempt to use the SRK w/o putting a secret in its policy result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Key creation w/o parent secret set", result); print_error(nameOfFunction, result); Tspi_Context_Close(hContext); exit(result); } else { print_success("Key creation w/o parent secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } // With a secret set, this should work OK result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_Close(hContext); exit(result); } // Try an owner auth'd command w/o secret result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_Close(hContext); exit(result); } //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Tspi_TPM_GetStatus w/o owner secret set", result); Tspi_Context_Close(hContext); exit(result); } else { print_success("TPM_GetStatus w/o owner secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_GetStatus", result); Tspi_Context_Close(hContext); exit(result); } print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }
int main (int argc, char **argv) { TSS_HCONTEXT hContext; TSS_HNVSTORE hNV; FILE *f_out; UINT32 blobLen; UINT32 nvIndex = TSS_NV_DEFINED|TPM_NV_INDEX_EKCert; UINT32 offset; UINT32 ekOffset; UINT32 ekbufLen; BYTE *ekbuf; BYTE *blob; UINT32 tag, certType; int result; if (argc != 2) { printf ("Usage: %s outfilename\n", argv[0]); exit (1); } if ((f_out = fopen (argv[1], "wb")) == NULL) { printf ("Unable to open '%s' for output\n", argv[1]); exit (1); } result = Tspi_Context_Create(&hContext); CKERR; result = Tspi_Context_Connect(hContext, NULL); CKERR; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0, &hNV); CKERR; result = Tspi_SetAttribUint32(hNV, TSS_TSPATTRIB_NV_INDEX, 0, nvIndex); CKERR; /* Try reading certificate header from NV memory */ blobLen = 5; result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob); if (result != TSS_SUCCESS) { /* Try again with authorization */ TSS_HPOLICY hNVPolicy; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hNVPolicy); CKERR; result = Tspi_Policy_SetSecret(hNVPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); CKERR; result = Tspi_Policy_AssignToObject(hNVPolicy, hNV); CKERR; blobLen = 5; result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob); } if (result != TSS_SUCCESS) { printf ("Unable to read EK Certificate from TPM\n"); goto error; } if (blobLen < 5) goto parseerr; tag = (blob[0]<<8) | blob[1]; if (tag != TCG_TAG_PCCLIENT_STORED_CERT) goto parseerr; certType = blob[2]; if (certType != TCG_FULL_CERT) goto parseerr; ekbufLen = (blob[3]<<8) | blob[4]; /* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */ offset = 5; blobLen = 2; result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR; if (blobLen < 2) goto parseerr; tag = (blob[0]<<8) | blob[1]; if (tag == TCG_TAG_PCCLIENT_FULL_CERT) { offset += 2; ekbufLen -= 2; } else if (blob[0] != 0x30) /* Marker of cert structure */ goto parseerr; /* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */ /* Read cert from chip in pieces - too large requests may fail */ ekbuf = malloc(ekbufLen); ekOffset = 0; while (ekOffset < ekbufLen) { blobLen = ekbufLen-ekOffset; if (blobLen > BSIZE) blobLen = BSIZE; result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR; memcpy (ekbuf+ekOffset, blob, blobLen); /* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */ offset += blobLen; ekOffset += blobLen; } fwrite (ekbuf, 1, ekbufLen, f_out); fclose (f_out); printf ("Success!\n"); return 0; error: printf ("Failure, error code: 0x%x\n", result); return 1; parseerr: printf ("Failure, unable to parse certificate store structure\n"); return 2; }
int main(int argc,char **argv) { TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; TSS_HKEY hSRK=0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID=TSS_UUID_SRK; BYTE wks[20]; //For the well known secret // Set wks to the well known secret: 20 bytes of all 0’s memset(wks,0,20); //Pick the TPM you are talking to. // In this case, it is the system TPM (indicated with NULL). result = Tspi_Context_Create( &hContext); DBG("Create Context",result); result = Tspi_Context_Connect(hContext, NULL); DBG("Context Connect�",result); // Get the TPM handle result=Tspi_Context_GetTpmObject(hContext,&hTPM); DBG("Get TPM Handle",result); // Get the SRK handle result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK); DBG("Got the SRK handle�", result); //Get the SRK policy result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy); DBG("Got the SRK policy",result); //Then set the SRK policy to be the well known secret result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks); //Note: TSS SECRET MODE SHA1 says ”Don’t hash this. // Use the 20 bytes as they are. DBG("Set the SRK secret in its policy",result); //Do something usefull UINT32 ulDataLength; TSS_HKEY hESS_Bind_Key; FILE * fin; FILE * fout; TSS_HENCDATA hEncData; TSS_UUID MY_UUID=BACKUP_KEY_UUID; BYTE encryptedData[256]; BYTE * decryptedData; BYTE pass123[3]; memset(pass123,0,3); //Read in the encrypted data from the file fin=fopen("data/AES.key.enc","rb"); read(fileno(fin),encryptedData,ulDataLength); fclose(fin); // Create a data object , fill it with clear text and then bind it. result=Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_ENCDATA,TSS_ENCDATA_BIND,&hEncData); DBG("Create Data object",result); result = Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key); DBG("Get unbinding key",result); result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK); DBG("Loaded Key",result); TSS_HPOLICY hBackup_Policy; // Create a policy for the new key. Set its password to ?~@~\123?~@~] result=Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,TSS_POLICY_USAGE, &hBackup_Policy); DBG("Create a backup policy object",result); result=Tspi_Policy_SetSecret(hBackup_Policy,TSS_SECRET_MODE_PLAIN,3,pass123); DBG("Set backup policy object secret",result); // Assign the key?~@~Ys policy to the key object result=Tspi_Policy_AssignToObject( hBackup_Policy,hESS_Bind_Key); DBG("Assign the keys policy to the key", result); result = Tspi_SetAttribData(hEncData,TSS_TSPATTRIB_ENCDATA_BLOB,TSS_TSPATTRIB_ENCDATABLOB_BLOB,256,encryptedData); DBG("Load Data",result); // Use the Unbinding key to decrypt the encrypted data // in the BindData object, and return it result=Tspi_Data_Unbind(hEncData,hESS_Bind_Key,&ulDataLength,&decryptedData); DBG("Unbind",result); fout=fopen("data/originalAES.key", "wb"); write(fileno(fout),decryptedData,ulDataLength); fclose(fout); //Done doing something usefull // Context Close(hobjects you have created); Tspi_Context_FreeMemory(hContext,NULL); // This frees up memory automatically allocated for you. Tspi_Context_Close(hContext); return 0; }
void getkeyblob( unsigned char *auth_srk_value, unsigned long auth_srk_size, bool auth_srk_sha1, unsigned char *auth_key_value, unsigned long auth_key_size, bool auth_key_sha1, unsigned char *uuid_key_value, unsigned char *&output_value, unsigned long &output_size) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //load the SRK TSS_UUID uuid_srk = TSS_UUID_SRK; result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); //set up SRK auth if(auth_srk_sha1) { result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); } //assign the SRK auth result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); //Set up the key UUID hextouuid(uuid_key_value, uuid_key); //Get the key by UUID result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); //set up key auth if(auth_key_sha1) { result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); } //assign the key auth result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); //Unwrap the key result = Tspi_Key_LoadKey(hkey_key, hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); //get the keyblob UINT32 size; BYTE *value; result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &size, &value); if(result != TSS_SUCCESS) throw libhis_exception("Get keyblob", result); //copy out the results output_size = size; output_value = new unsigned char[size]; for(unsigned long i = 0; i < size; i++) output_value[i] = value[i]; //clean up dynamic memory result = Tspi_Context_FreeMemory(hcontext, value); if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result); return; }
int main(int argc, char **argv) { TSS_HTPM hTpm; TSS_HNVSTORE nvObject; TSS_FLAG fNvAttrs; TSS_HPOLICY hTpmPolicy, hDataPolicy; int iRc = -1; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; int opswd_len = -1; int dpswd_len = -1; struct option hOpts[] = { {"index" , required_argument, NULL, 'i'}, {"size" , required_argument, NULL, 's'}, {"permissions" , required_argument, NULL, 'p'}, {"pwdo" , optional_argument, NULL, 'o'}, {"pwda" , optional_argument, NULL, 'a'}, {"use-unicode" , no_argument, NULL, 'u'}, {"data-well-known" , no_argument, NULL, 'z'}, {"owner-well-known", no_argument, NULL, 'y'}, {NULL , no_argument, NULL, 0}, }; initIntlSys(); if (genericOptHandler (argc, argv, "i:s:p:o:a:yzu", hOpts, sizeof(hOpts) / sizeof(struct option), parse, help) != 0) goto out; if (end) { iRc = 0; goto out; } if (!nvindex_set) { logError(_("You must provide an index for the NVRAM area.\n")); goto out; } if (nvperm == 0 && (UINT32)nvindex != TPM_NV_INDEX_LOCK && (UINT32)nvindex != TPM_NV_INDEX0) { logError(_("You must provide permission bits for the NVRAM area.\n")); goto out; } logDebug("permissions = 0x%08x\n", nvperm); if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; fNvAttrs = 0; if (contextCreateObject(hContext, TSS_OBJECT_TYPE_NV, fNvAttrs, &nvObject) != TSS_SUCCESS) goto out_close; if (askOwnerPass) { ownerpass = _GETPASSWD(_("Enter owner password: "******"Failed to get owner password\n")); goto out_close; } } if (ownerpass || ownerWellKnown) { if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if (ownerpass) { if (opswd_len < 0) opswd_len = strlen(ownerpass); if (policySetSecret(hTpmPolicy, opswd_len, (BYTE *)ownerpass) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hTpmPolicy, TCPA_SHA1_160_HASH_LEN, (BYTE *)well_known_secret) != TSS_SUCCESS) goto out_close; } } if (askDataPass) { datapass = _GETPASSWD(_("Enter NVRAM data password: "******"Failed to get NVRAM data password\n")); goto out_close; } } if (datapass || dataWellKnown) { if (contextCreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDataPolicy) != TSS_SUCCESS) goto out_close; if (datapass) { if (dpswd_len < 0) dpswd_len = strlen(datapass); if (policySetSecret(hDataPolicy, dpswd_len, (BYTE *)datapass) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hDataPolicy, TCPA_SHA1_160_HASH_LEN, (BYTE *)well_known_secret) != TSS_SUCCESS) goto out_close; } if (Tspi_Policy_AssignToObject(hDataPolicy, nvObject) != TSS_SUCCESS) goto out_close; } if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_INDEX, 0, nvindex) != TSS_SUCCESS) goto out_close_obj; if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_PERMISSIONS, 0, nvperm) != TSS_SUCCESS) goto out_close_obj; if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_DATASIZE, 0, nvsize) != TSS_SUCCESS) goto out_close_obj; if (NVDefineSpace(nvObject, (TSS_HPCRS)0, (TSS_HPCRS)0) != TSS_SUCCESS) goto out_close; logMsg(_("Successfully created NVRAM area at index 0x%x (%u).\n"), nvindex, nvindex); iRc = 0; goto out_close; out_close_obj: contextCloseObject(hContext, nvObject); out_close: contextClose(hContext); out: return iRc; }
int main (int ac, char **av) { TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HKEY hSRK; TSS_HKEY hAIK; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hSrkPolicy; TSS_HPOLICY hAIKPolicy; TSS_UUID SRK_UUID = TSS_UUID_SRK; BYTE srkSecret[] = TSS_WELL_KNOWN_SECRET; FILE *f_in; FILE *f_out; char *pass = NULL; BYTE *response; UINT32 responseLen; BYTE *buf; UINT32 bufLen; BYTE *asym; UINT32 asymLen; BYTE *sym; UINT32 symLen; int i; int result; if ((ac<2) || ((0==strcmp(av[1],"-p")) ? (ac!=6) : (ac!=4))) { fprintf (stderr, "Usage: %s [-p password] aikblobfile challengefile outresponsefile\n", av[0]); exit (1); } if (0 == strcmp(av[1], "-p")) { pass = av[2]; for (i=3; i<ac; i++) av[i-2] = av[i]; ac -= 2; } result = Tspi_Context_Create(&hContext); CKERR; result = Tspi_Context_Connect(hContext, NULL); CKERR; result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); CKERR; result = Tspi_GetPolicyObject (hSRK, TSS_POLICY_USAGE, &hSrkPolicy); CKERR; result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, sizeof(srkSecret), srkSecret); CKERR; result = Tspi_Context_GetTpmObject (hContext, &hTPM); CKERR; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hTPMPolicy); CKERR; result = Tspi_Policy_AssignToObject(hTPMPolicy, hTPM); #ifdef OWNER_SECRET result = Tspi_Policy_SetSecret (hTPMPolicy, TSS_SECRET_MODE_PLAIN, strlen(OWNER_SECRET)+1, OWNER_SECRET); CKERR; #else result = Tspi_Policy_SetSecret (hTPMPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); CKERR; #endif /* Read AIK blob */ if ((f_in = fopen(av[1], "rb")) == NULL) { fprintf (stderr, "Unable to open file %s\n", av[1]); exit (1); } fseek (f_in, 0, SEEK_END); bufLen = ftell (f_in); fseek (f_in, 0, SEEK_SET); buf = malloc (bufLen); if (fread(buf, 1, bufLen, f_in) != bufLen) { fprintf (stderr, "Unable to readn file %s\n", av[1]); exit (1); } fclose (f_in); result = Tspi_Context_LoadKeyByBlob (hContext, hSRK, bufLen, buf, &hAIK); CKERR; free (buf); if (pass) { result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hAIKPolicy); CKERR; result = Tspi_Policy_AssignToObject(hAIKPolicy, hAIK); result = Tspi_Policy_SetSecret (hAIKPolicy, TSS_SECRET_MODE_PLAIN, strlen(pass)+1, pass); CKERR; } /* Read challenge file */ if ((f_in = fopen(av[2], "rb")) == NULL) { fprintf (stderr, "Unable to open file %s\n", av[2]); exit (1); } fseek (f_in, 0, SEEK_END); bufLen = ftell (f_in); fseek (f_in, 0, SEEK_SET); buf = malloc (bufLen); if (fread(buf, 1, bufLen, f_in) != bufLen) { fprintf (stderr, "Unable to readn file %s\n", av[2]); exit (1); } fclose (f_in); /* Parse challenge */ if (bufLen < 8) goto badchal; asymLen = ntohl(*(UINT32*)buf); asym = buf + 4; buf += asymLen + 4; if (bufLen < asymLen+8) goto badchal; symLen = ntohl(*(UINT32*)buf); if (bufLen != asymLen + symLen + 8) goto badchal; sym = buf + 4; /* Decrypt challenge data */ #ifndef OWNER_SECRET { /* Work around a bug in Trousers 0.3.1 - remove this block when fixed */ /* Force POPUP to activate, it is being ignored */ BYTE *dummyblob1; UINT32 dummylen1; if (Tspi_TPM_OwnerGetSRKPubKey(hTPM, &dummylen1, &dummyblob1) == TSS_SUCCESS) { Tspi_Context_FreeMemory (hContext, dummyblob1); } } #endif result = Tspi_TPM_ActivateIdentity (hTPM, hAIK, asymLen, asym, symLen, sym, &responseLen, &response); CKERR; /* Output response file */ if ((f_out = fopen (av[3], "wb")) == NULL) { fprintf (stderr, "Unable to create file %s\n", av[3]); exit (1); } if (fwrite (response, 1, responseLen, f_out) != responseLen) { fprintf (stderr, "Unable to write to file %s\n", av[3]); exit (1); } fclose (f_out); printf ("Success!\n"); return 0; error: fprintf (stderr, "Failure, error code: 0x%x\n", result); return 1; badchal: fprintf (stderr, "Challenge file format is wrong\n"); return 1; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; BYTE wks[20]; memset(wks,0,20); TSS_HKEY hESS_Bind_Key; TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID; TSS_HPOLICY hESS_Policy; TSS_FLAG initFlags; BYTE *pubKey; UINT32 pubKeySize; FILE *fout, *fin; result =Tspi_Context_Create(&hContext); DBG("Create a context", result); result=Tspi_Context_Connect(hContext, NULL); DBG("Connect to TPM", result); result=Tspi_Context_GetTpmObject(hContext, &hTPM); DBG("Get TPM handle", result); result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); DBG("Get SRK handle", result); result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); DBG("Get SRK Policy", result); result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks); DBG("Tspi_Policy_SetSecret", result); result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hESS_Policy); DBG("Create a key policy object", result); result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1, 20, wks); DBG("Set key policy object secret", result); initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hESS_Bind_Key); DBG("Create the key object", result); result = Tspi_SetAttribUint32(hESS_Bind_Key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15); DBG("Set the keys's padding type", result); result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key); DBG("Assign the key's policy to the key", result); printf("Creating the key could take a while\n"); result = Tspi_Key_CreateKey(hESS_Bind_Key, hSRK, 0); DBG("Asking TPM to create the key", result); result = Tspi_Context_RegisterKey(hContext, hESS_Bind_Key, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, TSS_PS_TYPE_SYSTEM, SRK_UUID); DBG("Registering the key for later retrieval", result); printf("Registering the key blob for later retrieval\r\n"); result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK); DBG("Loading key in TPM", result); result = Tspi_Key_GetPubKey(hESS_Bind_Key, &pubKeySize, &pubKey); DBG("Get Public portion of key", result); fout = fopen("BackupESSBindKey.pub", "wb"); if(fout != NULL) { write(fileno(fout), pubKey, pubKeySize); printf("Finished writing BackupESSBindKey.pub\n"); fclose(fout); } else { printf("Error opening XXXXXXXXXXXX \r\n"); } result = Tspi_Policy_FlushSecret(hESS_Policy); DBG("Policy flush secret", result); result = Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, &hESS_Bind_Key); DBG("Get key handle", result); printf("Unregistering key\r\n"); result = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, &hESS_Bind_Key); DBG("Unregister key", result); // Load a key and bind data UINT32 ulDataLength; BYTE *rbgBoundData; BYTE newPubKey[1000], encData[1000]; TSS_HENCDATA hEncData; fin = fopen("BackupESSBindKey.pub", "r"); read(fileno(fin), newPubKey,284); if (fin == NULL) return 0; fclose(fin); result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hESS_Bind_Key); DBG("Tspi_Context_CreateObject BindKey", result); result = Tspi_SetAttribData(hESS_Bind_Key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, 284,newPubKey); DBG("Set Public key into new key object", result); fin = fopen("data", "rb"); read(fileno(fin), encData, 7); fclose(fin); result=Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hEncData); DBG("Create Data Object", result); result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData); DBG("Bind data", result); result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &ulDataLength,&rbgBoundData); DBG("Get encrypted data", result); fout = fopen("Bound.data", "wb"); write(fileno(fout),rbgBoundData,ulDataLength); fclose(fout); result = Tspi_Context_FreeMemory(hContext, NULL); DBG("Tspi Context Free Memory", result); result = Tspi_Context_Close(hContext); DBG("Tspi Context Close", result); return 0; }
int TSPI_SealCurrPCR(TSS_HCONTEXT c, uint32_t keyhandle, uint32_t pcrmap, unsigned char *keyauth, unsigned char *dataauth, unsigned char *data, unsigned int datalen, unsigned char *blob, unsigned int *bloblen) { #define CHECK_ERROR(r,m) if (r != TSS_SUCCESS) { fprintf(stderr, m ": 0x%08x\n", r); return -1;} TSS_RESULT r = 0; TSS_HTPM tpm; TSS_HPCRS pcrComposite; TSS_UUID uuid; TSS_UUID srk_uuid = TSS_UUID_SRK; TSS_HKEY key; TSS_HENCDATA seal; TSS_HPOLICY key_policy, seal_policy; unsigned char *cipher; unsigned int cipher_len; /* Get the PCR values into composite object */ r = Tspi_Context_GetTpmObject(c, &tpm); CHECK_ERROR(r, "Error Getting TPM"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &pcrComposite); CHECK_ERROR(r, "Error Creating PCR-Composite"); r = Tspi_PcrComposite_SetPcrLocality(pcrComposite, TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR); CHECK_ERROR(r, "Error Setting Localities"); for (uint32_t pcrmask = 1, pcr = 0; pcr < NUM_PCRS; pcr++, pcrmask <<= 1) { if ((pcrmap & pcrmask) != 0) { uint32_t pcrval_size; uint8_t *pcrval; if (pcrvals[pcr] == NULL) { r = Tspi_TPM_PcrRead(tpm, pcr, &pcrval_size, &pcrval); CHECK_ERROR(r, "Error Reading PCR"); r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, pcrval_size, pcrval); CHECK_ERROR(r, "Error Setting Composite"); r = Tspi_Context_FreeMemory(c, pcrval); CHECK_ERROR(r, "Error Freeing Memory"); } else { pcrval = pcrvals[pcr]; r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, LEN, pcrval); CHECK_ERROR(r, "Error Setting Composite"); } } } /* Get the SRK and Policy Ready */ if (keyhandle = 0x40000000) { uuid = srk_uuid; } else { fprintf(stderr, "Error, only SRK currently supported\n"); r = 1; return -1; } r = Tspi_Context_LoadKeyByUUID(c, TSS_PS_TYPE_SYSTEM, uuid, &key); CHECK_ERROR(r, "Error Loading Key"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &key_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(key_policy, TSS_SECRET_MODE_SHA1, keylen, keyauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(key_policy, key); CHECK_ERROR(r, "Error Assigning Policy"); /* Get the Encdata Ready */ r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &seal); CHECK_ERROR(r, "Error Creating EncData"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &seal_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(seal_policy, TSS_SECRET_MODE_SHA1, keylen, dataauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(seal_policy, seal); CHECK_ERROR(r, "Error Assigning Policy"); /* Seal the Data */ r = Tspi_Data_Seal(seal, key, datalen, data, pcrComposite); CHECK_ERROR(r, "Error Sealing Data"); r = Tspi_GetAttribData(seal, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &cipher_len, &cipher); CHECK_ERROR(r, "Error Getting Sealed Data"); /* Return that stuff */ if (cipher_len > bloblen) { sprintf(stderr, "Internal Error, cipher too long"); r = 1; return -1; } memcpy(blob, cipher, cipher_len); *bloblen = cipher_len; /* Note: Do not even bother to return cipher directly. Would be freed during Context_Close anyways */ Tspi_Context_FreeMemory(c, cipher); return (r == 0)? 0 : -1; }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_ReadValue-trans03"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HOBJECT hPolObject = NULL_HOBJECT; TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; BYTE *auth = "123456"; UINT32 auth_length = 6; BYTE *policyData; UINT32 read_space = 10; TSS_RESULT result; TSS_HKEY hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifdef NV_LOCKED /* Get TPM object */ result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif /* Create policy object for the NV object*/ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_AssignToObject(hPolObject, hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData); #ifdef CLEAR_TEST_INDEX Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); Tspi_NV_ReleaseSpace(hNVStore); #endif #ifdef NV_LOCKED if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT) #else if (result != TSS_SUCCESS) #endif { print_error("Tspi_NV_ReadValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result == TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } }
int main_v1_1( void ) { char *function = "policy_compliance"; TSS_RESULT result; TSS_HPOLICY hDefaultPolicy, hKeyUsagePolicy, hKeyMigPolicy; TSS_HPOLICY hEncdataUsagePolicy, hTPMPolicy, hNewPolicy; TSS_HCONTEXT hContext; TSS_HKEY hKey; TSS_HENCDATA hEncData; TSS_HTPM hTPM; TSS_HPCRS hPcrs; TSS_HHASH hHash; UINT32 trash; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } /* * Test 1 * * TSP's default policy object should exist. * */ result = Tspi_Context_GetDefaultPolicy ( hContext, &hDefaultPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Test 1: TSP object's default policy should exist", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 1", result ); /* * Test 2 * * Create a key, then get its usage policy handle. It should match * the TSP's default policy. * */ result = Tspi_Context_CreateObject ( hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_512 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_MIGRATABLE, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hKeyUsagePolicy); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_Close( hContext ); exit( result ); } if (hKeyUsagePolicy != hDefaultPolicy) { print_error( "Test 2: default policy should match new policies", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 2", result ); /* * Test 3 * * The key should have no migration policy by default. * */ result = Tspi_GetPolicyObject(hKey, TSS_POLICY_MIGRATION, &hKeyMigPolicy); if ( TSS_ERROR_CODE(result) != TSS_E_KEY_NO_MIGRATION_POLICY ) { print_error( "Test 3: Key's migration policy shouldn't exist by default", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 3", result ); /* * Test 4 * * Create an encdata object, then get its usage policy handle. It should match * the TSP's default policy. * */ result = Tspi_Context_CreateObject ( hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hEncData ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject(hEncData, TSS_POLICY_USAGE, &hEncdataUsagePolicy); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_Close( hContext ); exit( result ); } if (hEncdataUsagePolicy != hDefaultPolicy) { print_error( "Test 4: default policy should match new policies", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 4", result ); /* * Test 5 * * Connect the TSP context to a TCS and get the TPM object, then its policy. It should * not match the TSP's default policy. * */ // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_GetTpmObject( hContext, &hTPM ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetTpmObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_Close( hContext ); exit( result ); } if (hTPMPolicy == hDefaultPolicy) { print_error( "Test 5: default policy should not match the TPM policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 5", result ); /* * Test 6 * * Create a new policy object. Its handle should not match the TSP's default policy or * the TPM's policy. * */ result = Tspi_Context_CreateObject ( hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &hNewPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } if (hNewPolicy == hTPMPolicy || hNewPolicy == hDefaultPolicy) { print_error( "Test 6: new policy should not match any other policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 6", result ); /* * Test 7 * * Assign the policy object as the key's migration policy. After this, the key should have * a migration policy. * */ result = Tspi_Policy_AssignToObject( hNewPolicy, hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_AssignToObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject(hKey, TSS_POLICY_MIGRATION, &hKeyMigPolicy); if ( result != TSS_SUCCESS || hKeyMigPolicy != hNewPolicy) { print_error( "Test 7: Key's migration policy should match new policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 7", result ); /* * Test 8 * * Try to get a migration policy for the TPM * */ result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_MIGRATION, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 8: TPM should have no migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 8", result ); /* * Test 9 * * Try to get a migration policy for enc data * */ result = Tspi_GetPolicyObject(hEncData, TSS_POLICY_MIGRATION, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 9: Encdata should have no migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 9", result ); /* * Test 10 * * Try to get a migration policy for a hash object * */ result = Tspi_Context_CreateObject ( hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER, &hHash ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject(hHash, TSS_POLICY_MIGRATION, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 10: Hash should have no migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 10", result ); /* * Test 11 * * Try to get a usage policy for a hash object * */ result = Tspi_GetPolicyObject(hHash, TSS_POLICY_USAGE, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 11: Hash should have no usage policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 11", result ); /* * Test 12 * * Try to get a migration policy for a pcrs object * */ result = Tspi_Context_CreateObject ( hContext, TSS_OBJECT_TYPE_PCRS, 0, &hPcrs ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject(hPcrs, TSS_POLICY_MIGRATION, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 12: Pcrs should have no migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 12", result ); /* * Test 13 * * Try to get a usage policy for a pcrs object * */ result = Tspi_GetPolicyObject(hPcrs, TSS_POLICY_USAGE, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 13: Pcrs should have no usage policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 13", result ); /* * Test 14 * * Try to get a migration policy for a policy object * */ result = Tspi_GetPolicyObject(hEncdataUsagePolicy, TSS_POLICY_MIGRATION, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 14: Policies should have no migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 14", result ); /* * Test 15 * * Try to get a usage policy for a policy object * */ result = Tspi_GetPolicyObject(hEncdataUsagePolicy, TSS_POLICY_USAGE, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 15: Policies should have no usage policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 15", result ); /* * Test 16 * * Try to get a migration policy for a context object * */ result = Tspi_GetPolicyObject(hContext, TSS_POLICY_MIGRATION, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 16: Contexts should have no migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 16", result ); /* * Test 17 * * Try to get a usage policy for a context object * */ result = Tspi_GetPolicyObject(hContext, TSS_POLICY_USAGE, &trash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 17: Context's policies should not be accessible by " "Tspi_GetPolicyObject", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 17", result ); /* * Test 18 * * Try to assign a migration policy for the TPM * */ result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hTPM); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 18: TPM should not be assigned a migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 18", result ); /* * Test 19 * * Try to assign a migration policy for enc data * */ result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hEncData); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 19: Encdata should not be assigned a migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 19", result ); /* * Test 20 * * Try to assign a migration policy to a hash object * */ result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hHash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 20: Hash should not be assigned a migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 20", result ); /* * Test 21 * * Try to assign a usage policy for a hash object * */ result = Tspi_Policy_AssignToObject(hKeyUsagePolicy, hHash); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( "Test 21: Hash should not be assigned a usage policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 21", result ); /* * Test 22 * * Try to assign a migration policy for a pcrs object * */ result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hPcrs); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 22: Pcrs should not be assigned a migration policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 22", result ); /* * Test 23 * * Try to assign a usage policy for a pcrs object * */ result = Tspi_Policy_AssignToObject(hKeyUsagePolicy, hPcrs); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 23: Pcrs should not be assigned a usage policy", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 23", result ); /* * Test 24 * * Try to assign a migration policy for a policy object * */ result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hKeyUsagePolicy); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 24: Policies should not be assigned migration policies", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 24", result ); /* * Test 25 * * Try to assign a usage policy for a policy object * */ result = Tspi_Policy_AssignToObject(hKeyUsagePolicy, hEncdataUsagePolicy); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 25: Policies should not be assigned usage policies", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 25", result ); /* * Test 26 * * Try to assign a migration policy for a context object * */ result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hContext); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { print_error( "Test 26: Contexts should not be assigned migration policies", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 26", result ); /* * Test 27 * * Close hKey's usage policy and make sure getPolicyObject returns correctly * */ result = Tspi_Context_CloseObject(hContext, hKeyUsagePolicy); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CloseObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hNewPolicy); if ( TSS_ERROR_CODE(result) != TSS_E_INTERNAL_ERROR ) { print_error( "Test 27: Accessing a closed policy should trigger" " TSS_E_INTERNAL_ERROR", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } else print_success( "Test 27", result ); print_success(function, TSS_SUCCESS); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); }
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig) { static const TSS_UUID SRK_UUID = TSS_UUID_SRK; gnutls_datum_t asn1; unsigned int tss_len; char *pass; int ofs, err; err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Error decoding TSS key blob: %s\n"), gnutls_strerror(err)); return -EINVAL; } /* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */ if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = asn1.data[1]; ofs = 2; if (tss_len & 0x80) { int lenlen = tss_len & 0x7f; if (asn1.size < 2 + lenlen || lenlen > 3) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = 0; while (lenlen) { tss_len <<= 8; tss_len |= asn1.data[ofs++]; lenlen--; } } if (tss_len + ofs != asn1.size) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } err = Tspi_Context_Create(&vpninfo->tpm_context); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create TPM context: %s\n"), Trspi_Error_String(err)); goto out_blob; } err = Tspi_Context_Connect(vpninfo->tpm_context, NULL); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to connect TPM context: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM, SRK_UUID, &vpninfo->srk); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK key: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK policy object: %s\n"), Trspi_Error_String(err)); goto out_srk; } pass = vpninfo->cert_password; vpninfo->cert_password = NULL; while (1) { static const char nullpass[20]; /* We don't seem to get the error here... */ if (pass) err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (BYTE *)pass); else /* Well-known NULL key */ err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_SHA1, sizeof(nullpass), (BYTE *)nullpass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM PIN: %s\n"), Trspi_Error_String(err)); goto out_srkpol; } free(pass); /* ... we get it here instead. */ err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk, tss_len, asn1.data + ofs, &vpninfo->tpm_key); if (!err) break; if (pass) vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM key blob: %s\n"), Trspi_Error_String(err)); if (err != TPM_E_AUTHFAIL) goto out_srkpol; err = request_passphrase(vpninfo, "openconnect_tpm_srk", &pass, _("Enter TPM SRK PIN:")); if (err) goto out_srkpol; } #ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY gnutls_privkey_init(pkey); /* This would be nicer if there was a destructor callback. I could allocate a data structure with the TPM handles and the vpninfo pointer, and destroy that properly when the key is destroyed. */ gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0); #else *pkey = OPENCONNECT_TPM_PKEY; #endif retry_sign: err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig); if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) { if (!vpninfo->tpm_key_policy) { err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &vpninfo->tpm_key_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create key policy object: %s\n"), Trspi_Error_String(err)); goto out_key; } err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy, vpninfo->tpm_key); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to assign policy to key: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } } err = request_passphrase(vpninfo, "openconnect_tpm_key", &pass, _("Enter TPM key PIN:")); if (err) goto out_key_policy; err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (void *)pass); free (pass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set key PIN: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } goto retry_sign; } free (asn1.data); return 0; out_key_policy: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy); vpninfo->tpm_key_policy = 0; out_key: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key); vpninfo->tpm_key = 0; out_srkpol: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy); vpninfo->srk_policy = 0; out_srk: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk); vpninfo->srk = 0; out_context: Tspi_Context_Close(vpninfo->tpm_context); vpninfo->tpm_context = 0; out_blob: free (asn1.data); return -EIO; }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_WriteValue04"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HOBJECT hPolObject = NULL_HOBJECT; BYTE *auth = "123456"; UINT32 auth_length = 6; BYTE *data = "1234567890"; TSS_RESULT result; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create policy object for the NV object*/ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_AssignToObject(hPolObject, hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00050001); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_NV_WriteValue(hNVStore, /*offset*/0,/*datalength*/10, data); #ifdef NV_LOCKED if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else{ print_error("Tspi_NV_WriteValue", result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } #else if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else{ print_error("Tspi_NV_WriteValue", result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } #endif }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Key_ConvertMigrationBlob-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hKeyToMigrate, hKeyToMigrateInto; TSS_HKEY hMigrationAuthorityKey, hWrappingKey; BYTE *MigTicket; UINT32 TicketLength; BYTE *randomData; UINT32 randomLength; UINT32 migBlobLength; BYTE *migBlob; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY hUsagePolicy, hMigPolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION, &hMigrationAuthorityKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Create Migrate Authority's key result = Tspi_Key_CreateKey(hMigrationAuthorityKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_Close(hContext); exit(result); } //Create key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_MIGRATABLE, &hKeyToMigrate); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } // Create usage policy result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(hUsagePolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } //Assign migration policy result = Tspi_Policy_AssignToObject(hUsagePolicy, hKeyToMigrate); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create migration policy result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &hMigPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(hMigPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } //Assign migration policy result = Tspi_Policy_AssignToObject(hMigPolicy, hKeyToMigrate); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create Key To Migrate result = Tspi_Key_CreateKey(hKeyToMigrate, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_Close(hContext); Tspi_Context_CloseObject(hContext, hKeyToMigrate); exit(result); } //Authorize Migration Ticket result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hMigrationAuthorityKey, TSS_MS_MIGRATE, &TicketLength, &MigTicket); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_AuthorizeMigrationTicket ", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_MIGRATABLE, &hKeyToMigrateInto); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Create Migration Blob result = Tspi_Key_CreateMigrationBlob(hKeyToMigrate, hSRK, TicketLength, MigTicket, &randomLength, &randomData, &migBlobLength, &migBlob); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_AuthorizeMigrationTicket ", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_LoadKey(hMigrationAuthorityKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_AuthorizeMigrationTicket ", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_ConvertMigrationBlob(hKeyToMigrateInto, hMigrationAuthorityKey, randomLength, randomData, migBlobLength, migBlob); if (result != TSS_SUCCESS) { print_error("Tspi_Key_ConvertMigrationBlob", result); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result != TSS_SUCCESS) { if (!checkNonAPI(result)) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_2(char version) { char *function = "Tspi_Data_Unseal01"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HTPM hTPM; TSS_HPOLICY hKeyPolicy, hEncUsagePolicy, hSRKPolicy; BYTE rgbDataToSeal[DATA_SIZE]; BYTE *rgbPcrValue; UINT32 ulPcrLen; TSS_HENCDATA hEncData; BYTE *prgbDataToUnseal; TSS_HPCRS hPcrComposite; UINT32 BlobLength; UINT32 ulDataLength = DATA_SIZE, ulNewDataLength; TSS_UUID uuid; TSS_RESULT result; TSS_FLAG initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(function); memset(rgbDataToSeal, 0x5d, DATA_SIZE); // Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } // Connect to Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hEncData)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // get the use policy for the encrypted data to set its secret result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hEncUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hEncUsagePolicy, TESTSUITE_ENCDATA_SECRET_MODE, TESTSUITE_ENCDATA_SECRET_LEN, TESTSUITE_ENCDATA_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hEncUsagePolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Assign the use policy to the object result = Tspi_Policy_AssignToObject(hEncUsagePolicy, hEncData); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK // set the SRK auth data result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject (hSRK)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hSRKPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hSRKPolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif // set the new key's authdata result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hKeyPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hKeyPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hKeyPolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Assign the use policy to the object result = Tspi_Policy_AssignToObject(hKeyPolicy, hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create the key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Key_LoadKey (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hPcrComposite)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #define PCR_NUM 5 result = Tspi_TPM_PcrRead(hTPM, PCR_NUM, &ulPcrLen, &rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_PcrRead", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_PcrComposite_SetPcrValue(hPcrComposite, PCR_NUM, ulPcrLen, rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_FreeMemory(hContext, rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_Context_FreeMemory", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_PcrComposite_SetPcrLocality(hPcrComposite, TPM_LOC_ZERO); if (result != TSS_SUCCESS) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Tell the TSS to mask the data before sending result = Tspi_SetAttribUint32(hEncData, TSS_TSPATTRIB_ENCDATA_SEAL, TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE, TSS_TSPATTRIB_ENCDATA_SEAL_PROTECT); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Data Seal result = Tspi_Data_Seal(hEncData, hKey, ulDataLength, rgbDataToSeal, hPcrComposite); if (result != TSS_SUCCESS) { print_error("Tspi_Data_Seal", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Data_Unseal(hEncData, hKey, &ulNewDataLength, &prgbDataToUnseal); if (result != TSS_SUCCESS) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } } else { if (ulDataLength != ulNewDataLength) { printf ("ERROR length of returned data doesn't match!\n"); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else if (memcmp (prgbDataToUnseal, rgbDataToSeal, ulDataLength)) { printf ("ERROR data returned from unseal doesn't match!\n"); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_FreeMemory(hContext, prgbDataToUnseal); if (result != TSS_SUCCESS) { print_error("Tspi_Context_FreeMemory ", result); Tspi_Context_Close(hContext); exit(result); } print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); }