void
tc_create_policy(TSS_HCONTEXT hContext, UINT32 type, UINT32 flags, TSS_HOBJECT hObject)
{
TSS_HPOLICY hPolicy;
TSS_RESULT result;
//Create Policy Object
tc_create_object(hContext, type, flags, &hPolicy);
//Set Policy Secret
result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_KEY_SECRET_MODE,
TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Assign Policy to Object (Key)
result = Tspi_Policy_AssignToObject(hPolicy, hObject);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
}
void changeownership(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *auth_new_value,
unsigned long auth_new_size,
bool auth_new_sha1)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
//set up new auth
if(auth_new_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
}
//change the TPM secret
result = Tspi_ChangeAuth(htpm, 0, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result);
return;
}
static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
UI_METHOD *ui, void *cb_data)
{
ASN1_OCTET_STRING *blobstr;
TSS_HKEY hKey;
TSS_RESULT result;
UINT32 authusage;
RSA *rsa;
EVP_PKEY *pkey;
BIO *bf;
DBG("%s", __FUNCTION__);
if (!key_id) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (!tpm_load_srk(ui, cb_data)) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_SRK_LOAD_FAILED);
return NULL;
}
if ((bf = BIO_new_file(key_id, "r")) == NULL) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_FILE_NOT_FOUND);
return NULL;
}
blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING,
"TSS KEY BLOB", bf, NULL, NULL, NULL);
if (!blobstr) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_FILE_READ_FAILED);
BIO_free(bf);
return NULL;
}
BIO_free(bf);
DBG("Loading blob of size: %d", blobstr->length);
if ((result = Tspi_Context_LoadKeyByBlob(hContext, hSRK,
blobstr->length,
blobstr->data, &hKey))) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_REQUEST_FAILED);
return NULL;
}
ASN1_OCTET_STRING_free(blobstr);
if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&authusage))) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_REQUEST_FAILED);
return NULL;
}
if (authusage) {
TSS_HPOLICY hPolicy;
BYTE *auth;
if ((auth = calloc(1, 128)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!tpm_engine_get_auth(ui, (char *)auth, 128,
"TPM Key Password: ",
cb_data)) {
Tspi_Context_CloseObject(hContext, hKey);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return NULL;
}
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&hPolicy))) {
Tspi_Context_CloseObject(hContext, hKey);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Policy_AssignToObject(hPolicy, hKey))) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_CloseObject(hContext, hPolicy);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Policy_SetSecret(hPolicy,
TSS_SECRET_MODE_PLAIN,
strlen((char *)auth), auth))) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_CloseObject(hContext, hPolicy);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return 0;
}
free(auth);
}
/* create the new objects to return */
if ((pkey = EVP_PKEY_new()) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
pkey->type = EVP_PKEY_RSA;
if ((rsa = RSA_new()) == NULL) {
EVP_PKEY_free(pkey);
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
rsa->meth = &tpm_rsa;
/* call our local init function here */
rsa->meth->init(rsa);
pkey->pkey.rsa = rsa;
if (!fill_out_rsa_object(rsa, hKey)) {
EVP_PKEY_free(pkey);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return NULL;
}
EVP_PKEY_assign_RSA(pkey, rsa);
return pkey;
}
int tpm_load_srk(UI_METHOD *ui, void *cb_data)
{
TSS_RESULT result;
UINT32 authusage;
BYTE *auth;
UINT32 auth_size;
UINT32 srk_secret_mode = secret_mode;
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
if (hSRK != NULL_HKEY) {
DBGFN("SRK is already loaded.");
return 1;
}
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&authusage))) {
Tspi_Context_CloseObject(hContext, hSRK);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if (!authusage) {
DBG("SRK has no auth associated with it.");
return 1;
}
/* If hSRKPolicy is non 0, then a policy object for the SRK has already
* been set up by engine pre/post commands. Just assign it to the SRK.
* Otherwise, we need to get the SRK's implicit policy and prompt for a
* secret */
if (hSRKPolicy) {
DBG("Found an already initialized SRK policy, using it");
if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, hSRK))) {
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&hSRKPolicy))) {
Tspi_Context_CloseObject(hContext, hSRK);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if ((auth = calloc(1, 128)) == NULL) {
TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!srk_zeroed) {
if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ",
cb_data)) {
Tspi_Context_CloseObject(hContext, hSRK);
free(auth);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
}
auth_size = strlen((char *)auth);
} else {
auth_size = sizeof(well_known_secret);
memcpy(auth, well_known_secret, auth_size);
srk_secret_mode = TSS_SECRET_MODE_SHA1;
}
/* secret_mode is a global that may be set by engine ctrl
* commands. By default, its set to TSS_SECRET_MODE_PLAIN */
if ((result = Tspi_Policy_SetSecret(hSRKPolicy, srk_secret_mode,
auth_size, auth))) {
Tspi_Context_CloseObject(hContext, hSRK);
free(auth);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
free(auth);
return 1;
}
int
main_v1_2( char version )
{
char * function = "Tspi_SetAttribUint3208";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTpmPolicy;
UINT32 ordinal = TPM_ORD_CreateWrapKey, subCap, pulRespLen;
TSS_RESULT result;
BYTE* prgbRespData;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hTpmPolicy);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_createObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret(hTpmPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_AssignToObject(hTpmPolicy, hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_AssignToObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
/* Check if ordinal auditing is supported on this TPM */
result = Testsuite_Is_Ordinal_Supported(hTPM, TPM_ORD_SetOrdinalAuditStatus);
if (result != TSS_SUCCESS) {
fprintf(stderr, "%s: TPM doesn't support auditing, returning success\n", __FILE__);
print_success( function, TSS_SUCCESS );
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
//Call SetAttribUint32
result = Tspi_SetAttribUint32(hTPM,
TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS,
TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT,
ordinal);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Call SetAttribUint32
result = Tspi_SetAttribUint32(hTPM,
TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS,
TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT,
ordinal);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
static int
import_tpm_key(gnutls_privkey_t pkey,
const gnutls_datum_t * fdata,
gnutls_tpmkey_fmt_t format,
TSS_UUID * uuid,
TSS_FLAG storage,
const char *srk_password, const char *key_password)
{
int err, ret;
struct tpm_ctx_st *s;
gnutls_datum_t tmp_sig;
s = gnutls_malloc(sizeof(*s));
if (s == NULL) {
gnutls_assert();
return GNUTLS_E_MEMORY_ERROR;
}
ret = tpm_open_session(s, srk_password);
if (ret < 0) {
gnutls_assert();
goto out_ctx;
}
if (fdata != NULL) {
ret =
load_key(s->tpm_ctx, s->srk, fdata, format,
&s->tpm_key);
if (ret < 0) {
gnutls_assert();
goto out_session;
}
} else if (uuid) {
err =
Tspi_Context_LoadKeyByUUID(s->tpm_ctx, storage,
*uuid, &s->tpm_key);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_session;
}
} else {
gnutls_assert();
ret = GNUTLS_E_INVALID_REQUEST;
goto out_session;
}
ret =
gnutls_privkey_import_ext2(pkey, GNUTLS_PK_RSA, s,
tpm_sign_fn, NULL, tpm_deinit_fn,
0);
if (ret < 0) {
gnutls_assert();
goto out_session;
}
ret =
gnutls_privkey_sign_data(pkey, GNUTLS_DIG_SHA1, 0, &nulldata,
&tmp_sig);
if (ret == GNUTLS_E_TPM_KEY_PASSWORD_ERROR) {
if (!s->tpm_key_policy) {
err = Tspi_Context_CreateObject(s->tpm_ctx,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&s->
tpm_key_policy);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_key;
}
err =
Tspi_Policy_AssignToObject(s->tpm_key_policy,
s->tpm_key);
if (err) {
gnutls_assert();
ret = tss_err(err);
goto out_key_policy;
}
}
err = myTspi_Policy_SetSecret(s->tpm_key_policy,
SAFE_LEN(key_password),
(void *) key_password);
if (err) {
gnutls_assert();
ret = tss_err_key(err);
goto out_key_policy;
}
} else if (ret < 0) {
gnutls_assert();
goto out_session;
}
return 0;
out_key_policy:
Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key_policy);
s->tpm_key_policy = 0;
out_key:
Tspi_Context_CloseObject(s->tpm_ctx, s->tpm_key);
s->tpm_key = 0;
out_session:
tpm_close_session(s);
out_ctx:
gnutls_free(s);
return ret;
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Key_CreateKey-trans01";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey, hWrappingKey, hSigningKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, FALSE, &hWrappingKey,
&hSigningKey);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result =
Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Policy Object
result =
Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&keyUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result =
Tspi_Policy_SetSecret(keyUsagePolicy,
TESTSUITE_KEY_SECRET_MODE,
TESTSUITE_KEY_SECRET_LEN,
TESTSUITE_KEY_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Assign policy to key
result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, hSigningKey);
if (result != TSS_SUCCESS) {
if (!checkNonAPI(result)) {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(0);
}
}
main_v1_1(void){
char *nameOfFunction = "policy_no_secret";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_BOOL allowMaint = FALSE;
BYTE *randomData;
TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy;
print_begin_test(nameOfFunction);
#ifdef TESTSUITE_NOAUTH_SRK
print_NA();
print_end_test(nameOfFunction);
exit(0);
#endif
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Policy Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&srkUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Assign new policy w/o secret to the SRK object
result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create child key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND|
TSS_KEY_NO_AUTHORIZATION, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Attempt to use the SRK w/o putting a secret in its policy
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Key creation w/o parent secret set", result);
print_error(nameOfFunction, result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("Key creation w/o parent secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
// With a secret set, this should work OK
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Try an owner auth'd command w/o secret
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Policy Object
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret mode to none
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_error("Tspi_TPM_GetStatus w/o owner secret set", result);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_success("TPM_GetStatus w/o owner secret set", result);
}
//Set Secret
result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_GetStatus", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(result);
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
int
main (int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_HNVSTORE hNV;
FILE *f_out;
UINT32 blobLen;
UINT32 nvIndex = TSS_NV_DEFINED|TPM_NV_INDEX_EKCert;
UINT32 offset;
UINT32 ekOffset;
UINT32 ekbufLen;
BYTE *ekbuf;
BYTE *blob;
UINT32 tag, certType;
int result;
if (argc != 2) {
printf ("Usage: %s outfilename\n", argv[0]);
exit (1);
}
if ((f_out = fopen (argv[1], "wb")) == NULL) {
printf ("Unable to open '%s' for output\n", argv[1]);
exit (1);
}
result = Tspi_Context_Create(&hContext); CKERR;
result = Tspi_Context_Connect(hContext, NULL); CKERR;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0, &hNV); CKERR;
result = Tspi_SetAttribUint32(hNV, TSS_TSPATTRIB_NV_INDEX, 0, nvIndex); CKERR;
/* Try reading certificate header from NV memory */
blobLen = 5;
result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob);
if (result != TSS_SUCCESS) {
/* Try again with authorization */
TSS_HPOLICY hNVPolicy;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hNVPolicy); CKERR;
result = Tspi_Policy_SetSecret(hNVPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); CKERR;
result = Tspi_Policy_AssignToObject(hNVPolicy, hNV); CKERR;
blobLen = 5;
result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob);
}
if (result != TSS_SUCCESS) {
printf ("Unable to read EK Certificate from TPM\n");
goto error;
}
if (blobLen < 5)
goto parseerr;
tag = (blob[0]<<8) | blob[1];
if (tag != TCG_TAG_PCCLIENT_STORED_CERT)
goto parseerr;
certType = blob[2];
if (certType != TCG_FULL_CERT)
goto parseerr;
ekbufLen = (blob[3]<<8) | blob[4];
/* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */
offset = 5;
blobLen = 2;
result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR;
if (blobLen < 2)
goto parseerr;
tag = (blob[0]<<8) | blob[1];
if (tag == TCG_TAG_PCCLIENT_FULL_CERT) {
offset += 2;
ekbufLen -= 2;
} else if (blob[0] != 0x30) /* Marker of cert structure */
goto parseerr;
/* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */
/* Read cert from chip in pieces - too large requests may fail */
ekbuf = malloc(ekbufLen);
ekOffset = 0;
while (ekOffset < ekbufLen) {
blobLen = ekbufLen-ekOffset;
if (blobLen > BSIZE)
blobLen = BSIZE;
result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR;
memcpy (ekbuf+ekOffset, blob, blobLen);
/* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */
offset += blobLen;
ekOffset += blobLen;
}
fwrite (ekbuf, 1, ekbufLen, f_out);
fclose (f_out);
printf ("Success!\n");
return 0;
error:
printf ("Failure, error code: 0x%x\n", result);
return 1;
parseerr:
printf ("Failure, unable to parse certificate store structure\n");
return 2;
}
int main(int argc,char **argv)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_RESULT result;
TSS_HKEY hSRK=0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID=TSS_UUID_SRK;
BYTE wks[20]; //For the well known secret
// Set wks to the well known secret: 20 bytes of all 0’s
memset(wks,0,20);
//Pick the TPM you are talking to.
// In this case, it is the system TPM (indicated with NULL).
result = Tspi_Context_Create( &hContext);
DBG("Create Context",result);
result = Tspi_Context_Connect(hContext, NULL);
DBG("Context Connect�",result);
// Get the TPM handle
result=Tspi_Context_GetTpmObject(hContext,&hTPM);
DBG("Get TPM Handle",result);
// Get the SRK handle
result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK);
DBG("Got the SRK handle�", result);
//Get the SRK policy
result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy);
DBG("Got the SRK policy",result);
//Then set the SRK policy to be the well known secret
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks);
//Note: TSS SECRET MODE SHA1 says ”Don’t hash this.
// Use the 20 bytes as they are.
DBG("Set the SRK secret in its policy",result);
//Do something usefull
UINT32 ulDataLength;
TSS_HKEY hESS_Bind_Key;
FILE * fin;
FILE * fout;
TSS_HENCDATA hEncData;
TSS_UUID MY_UUID=BACKUP_KEY_UUID;
BYTE encryptedData[256];
BYTE * decryptedData;
BYTE pass123[3];
memset(pass123,0,3);
//Read in the encrypted data from the file
fin=fopen("data/AES.key.enc","rb");
read(fileno(fin),encryptedData,ulDataLength);
fclose(fin);
// Create a data object , fill it with clear text and then bind it.
result=Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_ENCDATA,TSS_ENCDATA_BIND,&hEncData);
DBG("Create Data object",result);
result = Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key);
DBG("Get unbinding key",result);
result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
DBG("Loaded Key",result);
TSS_HPOLICY hBackup_Policy;
// Create a policy for the new key. Set its password to ?~@~\123?~@~]
result=Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,TSS_POLICY_USAGE, &hBackup_Policy);
DBG("Create a backup policy object",result);
result=Tspi_Policy_SetSecret(hBackup_Policy,TSS_SECRET_MODE_PLAIN,3,pass123);
DBG("Set backup policy object secret",result);
// Assign the key?~@~Ys policy to the key object
result=Tspi_Policy_AssignToObject( hBackup_Policy,hESS_Bind_Key);
DBG("Assign the keys policy to the key", result);
result = Tspi_SetAttribData(hEncData,TSS_TSPATTRIB_ENCDATA_BLOB,TSS_TSPATTRIB_ENCDATABLOB_BLOB,256,encryptedData);
DBG("Load Data",result);
// Use the Unbinding key to decrypt the encrypted data
// in the BindData object, and return it
result=Tspi_Data_Unbind(hEncData,hESS_Bind_Key,&ulDataLength,&decryptedData);
DBG("Unbind",result);
fout=fopen("data/originalAES.key", "wb");
write(fileno(fout),decryptedData,ulDataLength);
fclose(fout);
//Done doing something usefull
// Context Close(hobjects you have created);
Tspi_Context_FreeMemory(hContext,NULL);
// This frees up memory automatically allocated for you.
Tspi_Context_Close(hContext);
return 0;
}
void getkeyblob(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//get the keyblob
UINT32 size;
BYTE *value;
result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Get keyblob", result);
//copy out the results
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result);
return;
}
int main(int argc, char **argv)
{
TSS_HTPM hTpm;
TSS_HNVSTORE nvObject;
TSS_FLAG fNvAttrs;
TSS_HPOLICY hTpmPolicy, hDataPolicy;
int iRc = -1;
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
int opswd_len = -1;
int dpswd_len = -1;
struct option hOpts[] = {
{"index" , required_argument, NULL, 'i'},
{"size" , required_argument, NULL, 's'},
{"permissions" , required_argument, NULL, 'p'},
{"pwdo" , optional_argument, NULL, 'o'},
{"pwda" , optional_argument, NULL, 'a'},
{"use-unicode" , no_argument, NULL, 'u'},
{"data-well-known" , no_argument, NULL, 'z'},
{"owner-well-known", no_argument, NULL, 'y'},
{NULL , no_argument, NULL, 0},
};
initIntlSys();
if (genericOptHandler
(argc, argv, "i:s:p:o:a:yzu", hOpts,
sizeof(hOpts) / sizeof(struct option), parse, help) != 0)
goto out;
if (end) {
iRc = 0;
goto out;
}
if (!nvindex_set) {
logError(_("You must provide an index for the NVRAM area.\n"));
goto out;
}
if (nvperm == 0 &&
(UINT32)nvindex != TPM_NV_INDEX_LOCK &&
(UINT32)nvindex != TPM_NV_INDEX0) {
logError(_("You must provide permission bits for the NVRAM area.\n"));
goto out;
}
logDebug("permissions = 0x%08x\n", nvperm);
if (contextCreate(&hContext) != TSS_SUCCESS)
goto out;
if (contextConnect(hContext) != TSS_SUCCESS)
goto out_close;
if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
goto out_close;
fNvAttrs = 0;
if (contextCreateObject(hContext,
TSS_OBJECT_TYPE_NV,
fNvAttrs,
&nvObject) != TSS_SUCCESS)
goto out_close;
if (askOwnerPass) {
ownerpass = _GETPASSWD(_("Enter owner password: "******"Failed to get owner password\n"));
goto out_close;
}
}
if (ownerpass || ownerWellKnown) {
if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
goto out_close;
if (ownerpass) {
if (opswd_len < 0)
opswd_len = strlen(ownerpass);
if (policySetSecret(hTpmPolicy, opswd_len,
(BYTE *)ownerpass) != TSS_SUCCESS)
goto out_close;
} else {
if (policySetSecret(hTpmPolicy, TCPA_SHA1_160_HASH_LEN,
(BYTE *)well_known_secret) != TSS_SUCCESS)
goto out_close;
}
}
if (askDataPass) {
datapass = _GETPASSWD(_("Enter NVRAM data password: "******"Failed to get NVRAM data password\n"));
goto out_close;
}
}
if (datapass || dataWellKnown) {
if (contextCreateObject
(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hDataPolicy) != TSS_SUCCESS)
goto out_close;
if (datapass) {
if (dpswd_len < 0)
dpswd_len = strlen(datapass);
if (policySetSecret(hDataPolicy, dpswd_len,
(BYTE *)datapass) != TSS_SUCCESS)
goto out_close;
} else {
if (policySetSecret(hDataPolicy, TCPA_SHA1_160_HASH_LEN,
(BYTE *)well_known_secret) != TSS_SUCCESS)
goto out_close;
}
if (Tspi_Policy_AssignToObject(hDataPolicy, nvObject) !=
TSS_SUCCESS)
goto out_close;
}
if (Tspi_SetAttribUint32(nvObject,
TSS_TSPATTRIB_NV_INDEX,
0,
nvindex) != TSS_SUCCESS)
goto out_close_obj;
if (Tspi_SetAttribUint32(nvObject,
TSS_TSPATTRIB_NV_PERMISSIONS,
0,
nvperm) != TSS_SUCCESS)
goto out_close_obj;
if (Tspi_SetAttribUint32(nvObject,
TSS_TSPATTRIB_NV_DATASIZE,
0,
nvsize) != TSS_SUCCESS)
goto out_close_obj;
if (NVDefineSpace(nvObject, (TSS_HPCRS)0, (TSS_HPCRS)0) !=
TSS_SUCCESS)
goto out_close;
logMsg(_("Successfully created NVRAM area at index 0x%x (%u).\n"),
nvindex, nvindex);
iRc = 0;
goto out_close;
out_close_obj:
contextCloseObject(hContext, nvObject);
out_close:
contextClose(hContext);
out:
return iRc;
}
int
main (int ac, char **av)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HKEY hSRK;
TSS_HKEY hAIK;
TSS_HPOLICY hTPMPolicy;
TSS_HPOLICY hSrkPolicy;
TSS_HPOLICY hAIKPolicy;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE srkSecret[] = TSS_WELL_KNOWN_SECRET;
FILE *f_in;
FILE *f_out;
char *pass = NULL;
BYTE *response;
UINT32 responseLen;
BYTE *buf;
UINT32 bufLen;
BYTE *asym;
UINT32 asymLen;
BYTE *sym;
UINT32 symLen;
int i;
int result;
if ((ac<2) || ((0==strcmp(av[1],"-p")) ? (ac!=6) : (ac!=4))) {
fprintf (stderr, "Usage: %s [-p password] aikblobfile challengefile outresponsefile\n", av[0]);
exit (1);
}
if (0 == strcmp(av[1], "-p")) {
pass = av[2];
for (i=3; i<ac; i++)
av[i-2] = av[i];
ac -= 2;
}
result = Tspi_Context_Create(&hContext); CKERR;
result = Tspi_Context_Connect(hContext, NULL); CKERR;
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); CKERR;
result = Tspi_GetPolicyObject (hSRK, TSS_POLICY_USAGE, &hSrkPolicy); CKERR;
result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1,
sizeof(srkSecret), srkSecret); CKERR;
result = Tspi_Context_GetTpmObject (hContext, &hTPM); CKERR;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hTPMPolicy); CKERR;
result = Tspi_Policy_AssignToObject(hTPMPolicy, hTPM);
#ifdef OWNER_SECRET
result = Tspi_Policy_SetSecret (hTPMPolicy, TSS_SECRET_MODE_PLAIN,
strlen(OWNER_SECRET)+1, OWNER_SECRET); CKERR;
#else
result = Tspi_Policy_SetSecret (hTPMPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); CKERR;
#endif
/* Read AIK blob */
if ((f_in = fopen(av[1], "rb")) == NULL) {
fprintf (stderr, "Unable to open file %s\n", av[1]);
exit (1);
}
fseek (f_in, 0, SEEK_END);
bufLen = ftell (f_in);
fseek (f_in, 0, SEEK_SET);
buf = malloc (bufLen);
if (fread(buf, 1, bufLen, f_in) != bufLen) {
fprintf (stderr, "Unable to readn file %s\n", av[1]);
exit (1);
}
fclose (f_in);
result = Tspi_Context_LoadKeyByBlob (hContext, hSRK, bufLen, buf, &hAIK); CKERR;
free (buf);
if (pass) {
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hAIKPolicy); CKERR;
result = Tspi_Policy_AssignToObject(hAIKPolicy, hAIK);
result = Tspi_Policy_SetSecret (hAIKPolicy, TSS_SECRET_MODE_PLAIN,
strlen(pass)+1, pass); CKERR;
}
/* Read challenge file */
if ((f_in = fopen(av[2], "rb")) == NULL) {
fprintf (stderr, "Unable to open file %s\n", av[2]);
exit (1);
}
fseek (f_in, 0, SEEK_END);
bufLen = ftell (f_in);
fseek (f_in, 0, SEEK_SET);
buf = malloc (bufLen);
if (fread(buf, 1, bufLen, f_in) != bufLen) {
fprintf (stderr, "Unable to readn file %s\n", av[2]);
exit (1);
}
fclose (f_in);
/* Parse challenge */
if (bufLen < 8)
goto badchal;
asymLen = ntohl(*(UINT32*)buf);
asym = buf + 4;
buf += asymLen + 4;
if (bufLen < asymLen+8)
goto badchal;
symLen = ntohl(*(UINT32*)buf);
if (bufLen != asymLen + symLen + 8)
goto badchal;
sym = buf + 4;
/* Decrypt challenge data */
#ifndef OWNER_SECRET
{
/* Work around a bug in Trousers 0.3.1 - remove this block when fixed */
/* Force POPUP to activate, it is being ignored */
BYTE *dummyblob1; UINT32 dummylen1;
if (Tspi_TPM_OwnerGetSRKPubKey(hTPM, &dummylen1, &dummyblob1)
== TSS_SUCCESS) {
Tspi_Context_FreeMemory (hContext, dummyblob1);
}
}
#endif
result = Tspi_TPM_ActivateIdentity (hTPM, hAIK, asymLen, asym,
symLen, sym,
&responseLen, &response); CKERR;
/* Output response file */
if ((f_out = fopen (av[3], "wb")) == NULL) {
fprintf (stderr, "Unable to create file %s\n", av[3]);
exit (1);
}
if (fwrite (response, 1, responseLen, f_out) != responseLen) {
fprintf (stderr, "Unable to write to file %s\n", av[3]);
exit (1);
}
fclose (f_out);
printf ("Success!\n");
return 0;
error:
fprintf (stderr, "Failure, error code: 0x%x\n", result);
return 1;
badchal:
fprintf (stderr, "Challenge file format is wrong\n");
return 1;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE wks[20];
memset(wks,0,20);
TSS_HKEY hESS_Bind_Key;
TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID;
TSS_HPOLICY hESS_Policy;
TSS_FLAG initFlags;
BYTE *pubKey;
UINT32 pubKeySize;
FILE *fout, *fin;
result =Tspi_Context_Create(&hContext);
DBG("Create a context", result);
result=Tspi_Context_Connect(hContext, NULL);
DBG("Connect to TPM", result);
result=Tspi_Context_GetTpmObject(hContext, &hTPM);
DBG("Get TPM handle", result);
result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
DBG("Get SRK handle", result);
result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
DBG("Get SRK Policy", result);
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks);
DBG("Tspi_Policy_SetSecret", result);
result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hESS_Policy);
DBG("Create a key policy object", result);
result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1,
20, wks);
DBG("Set key policy object secret", result);
initFlags = TSS_KEY_TYPE_BIND |
TSS_KEY_SIZE_2048 |
TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Create the key object", result);
result = Tspi_SetAttribUint32(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
TSS_ES_RSAESPKCSV15);
DBG("Set the keys's padding type", result);
result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key);
DBG("Assign the key's policy to the key", result);
printf("Creating the key could take a while\n");
result = Tspi_Key_CreateKey(hESS_Bind_Key,
hSRK, 0);
DBG("Asking TPM to create the key", result);
result = Tspi_Context_RegisterKey(hContext,
hESS_Bind_Key,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
TSS_PS_TYPE_SYSTEM,
SRK_UUID);
DBG("Registering the key for later retrieval", result);
printf("Registering the key blob for later retrieval\r\n");
result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
DBG("Loading key in TPM", result);
result = Tspi_Key_GetPubKey(hESS_Bind_Key,
&pubKeySize, &pubKey);
DBG("Get Public portion of key", result);
fout = fopen("BackupESSBindKey.pub", "wb");
if(fout != NULL) {
write(fileno(fout), pubKey, pubKeySize);
printf("Finished writing BackupESSBindKey.pub\n");
fclose(fout);
}
else {
printf("Error opening XXXXXXXXXXXX \r\n");
}
result = Tspi_Policy_FlushSecret(hESS_Policy);
DBG("Policy flush secret", result);
result = Tspi_Context_GetKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Get key handle", result);
printf("Unregistering key\r\n");
result = Tspi_Context_UnregisterKey(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Unregister key", result);
// Load a key and bind data
UINT32 ulDataLength;
BYTE *rbgBoundData;
BYTE newPubKey[1000], encData[1000];
TSS_HENCDATA hEncData;
fin = fopen("BackupESSBindKey.pub", "r");
read(fileno(fin), newPubKey,284);
if (fin == NULL)
return 0;
fclose(fin);
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Tspi_Context_CreateObject BindKey", result);
result = Tspi_SetAttribData(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
284,newPubKey);
DBG("Set Public key into new key object", result);
fin = fopen("data", "rb");
read(fileno(fin), encData, 7);
fclose(fin);
result=Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&hEncData);
DBG("Create Data Object", result);
result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData);
DBG("Bind data", result);
result = Tspi_GetAttribData(hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&ulDataLength,&rbgBoundData);
DBG("Get encrypted data", result);
fout = fopen("Bound.data", "wb");
write(fileno(fout),rbgBoundData,ulDataLength);
fclose(fout);
result = Tspi_Context_FreeMemory(hContext, NULL);
DBG("Tspi Context Free Memory", result);
result = Tspi_Context_Close(hContext);
DBG("Tspi Context Close", result);
return 0;
}
int TSPI_SealCurrPCR(TSS_HCONTEXT c, uint32_t keyhandle, uint32_t pcrmap,
unsigned char *keyauth,
unsigned char *dataauth,
unsigned char *data, unsigned int datalen,
unsigned char *blob, unsigned int *bloblen)
{
#define CHECK_ERROR(r,m) if (r != TSS_SUCCESS) { fprintf(stderr, m ": 0x%08x\n", r); return -1;}
TSS_RESULT r = 0;
TSS_HTPM tpm;
TSS_HPCRS pcrComposite;
TSS_UUID uuid;
TSS_UUID srk_uuid = TSS_UUID_SRK;
TSS_HKEY key;
TSS_HENCDATA seal;
TSS_HPOLICY key_policy, seal_policy;
unsigned char *cipher;
unsigned int cipher_len;
/* Get the PCR values into composite object */
r = Tspi_Context_GetTpmObject(c, &tpm);
CHECK_ERROR(r, "Error Getting TPM");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &pcrComposite);
CHECK_ERROR(r, "Error Creating PCR-Composite");
r = Tspi_PcrComposite_SetPcrLocality(pcrComposite, TPM_LOC_ZERO | TPM_LOC_ONE |
TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR);
CHECK_ERROR(r, "Error Setting Localities");
for (uint32_t pcrmask = 1, pcr = 0; pcr < NUM_PCRS; pcr++, pcrmask <<= 1) {
if ((pcrmap & pcrmask) != 0) {
uint32_t pcrval_size;
uint8_t *pcrval;
if (pcrvals[pcr] == NULL) {
r = Tspi_TPM_PcrRead(tpm, pcr, &pcrval_size, &pcrval);
CHECK_ERROR(r, "Error Reading PCR");
r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, pcrval_size, pcrval);
CHECK_ERROR(r, "Error Setting Composite");
r = Tspi_Context_FreeMemory(c, pcrval);
CHECK_ERROR(r, "Error Freeing Memory");
}
else {
pcrval = pcrvals[pcr];
r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, LEN, pcrval);
CHECK_ERROR(r, "Error Setting Composite");
}
}
}
/* Get the SRK and Policy Ready */
if (keyhandle = 0x40000000) {
uuid = srk_uuid;
} else {
fprintf(stderr, "Error, only SRK currently supported\n");
r = 1;
return -1;
}
r = Tspi_Context_LoadKeyByUUID(c, TSS_PS_TYPE_SYSTEM, uuid, &key);
CHECK_ERROR(r, "Error Loading Key");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &key_policy);
CHECK_ERROR(r, "Error Creating Policy");
r = Tspi_Policy_SetSecret(key_policy, TSS_SECRET_MODE_SHA1, keylen, keyauth);
CHECK_ERROR(r, "Error Setting Secret");
r = Tspi_Policy_AssignToObject(key_policy, key);
CHECK_ERROR(r, "Error Assigning Policy");
/* Get the Encdata Ready */
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &seal);
CHECK_ERROR(r, "Error Creating EncData");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &seal_policy);
CHECK_ERROR(r, "Error Creating Policy");
r = Tspi_Policy_SetSecret(seal_policy, TSS_SECRET_MODE_SHA1, keylen, dataauth);
CHECK_ERROR(r, "Error Setting Secret");
r = Tspi_Policy_AssignToObject(seal_policy, seal);
CHECK_ERROR(r, "Error Assigning Policy");
/* Seal the Data */
r = Tspi_Data_Seal(seal, key, datalen, data, pcrComposite);
CHECK_ERROR(r, "Error Sealing Data");
r = Tspi_GetAttribData(seal, TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&cipher_len, &cipher);
CHECK_ERROR(r, "Error Getting Sealed Data");
/* Return that stuff */
if (cipher_len > bloblen) {
sprintf(stderr, "Internal Error, cipher too long");
r = 1;
return -1;
}
memcpy(blob, cipher, cipher_len);
*bloblen = cipher_len;
/* Note: Do not even bother to return cipher directly. Would be freed during Context_Close anyways */
Tspi_Context_FreeMemory(c, cipher);
return (r == 0)? 0 : -1;
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_ReadValue-trans03";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HOBJECT hPolObject = NULL_HOBJECT;
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
BYTE *auth = "123456";
UINT32 auth_length = 6;
BYTE *policyData;
UINT32 read_space = 10;
TSS_RESULT result;
TSS_HKEY hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifdef NV_LOCKED
/* Get TPM object */
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS)
{
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
/* Create policy object for the NV object*/
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_AssignToObject(hPolObject, hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext,NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData);
#ifdef CLEAR_TEST_INDEX
Tspi_Context_GetTpmObject(hContext, &hTPM);
Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
Tspi_NV_ReleaseSpace(hNVStore);
#endif
#ifdef NV_LOCKED
if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT)
#else
if (result != TSS_SUCCESS)
#endif
{
print_error("Tspi_NV_ReadValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result == TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
}
int
main_v1_1( void )
{
char *function = "policy_compliance";
TSS_RESULT result;
TSS_HPOLICY hDefaultPolicy, hKeyUsagePolicy, hKeyMigPolicy;
TSS_HPOLICY hEncdataUsagePolicy, hTPMPolicy, hNewPolicy;
TSS_HCONTEXT hContext;
TSS_HKEY hKey;
TSS_HENCDATA hEncData;
TSS_HTPM hTPM;
TSS_HPCRS hPcrs;
TSS_HHASH hHash;
UINT32 trash;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
/*
* Test 1
*
* TSP's default policy object should exist.
*
*/
result = Tspi_Context_GetDefaultPolicy ( hContext, &hDefaultPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Test 1: TSP object's default policy should exist", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 1", result );
/*
* Test 2
*
* Create a key, then get its usage policy handle. It should match
* the TSP's default policy.
*
*/
result = Tspi_Context_CreateObject ( hContext,
TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_SIGNING |
TSS_KEY_SIZE_512 |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_MIGRATABLE,
&hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hKeyUsagePolicy);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
if (hKeyUsagePolicy != hDefaultPolicy) {
print_error( "Test 2: default policy should match new policies", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 2", result );
/*
* Test 3
*
* The key should have no migration policy by default.
*
*/
result = Tspi_GetPolicyObject(hKey, TSS_POLICY_MIGRATION, &hKeyMigPolicy);
if ( TSS_ERROR_CODE(result) != TSS_E_KEY_NO_MIGRATION_POLICY )
{
print_error( "Test 3: Key's migration policy shouldn't exist by default", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 3", result );
/*
* Test 4
*
* Create an encdata object, then get its usage policy handle. It should match
* the TSP's default policy.
*
*/
result = Tspi_Context_CreateObject ( hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&hEncData );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject(hEncData, TSS_POLICY_USAGE, &hEncdataUsagePolicy);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
if (hEncdataUsagePolicy != hDefaultPolicy) {
print_error( "Test 4: default policy should match new policies", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 4", result );
/*
* Test 5
*
* Connect the TSP context to a TCS and get the TPM object, then its policy. It should
* not match the TSP's default policy.
*
*/
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
if (hTPMPolicy == hDefaultPolicy) {
print_error( "Test 5: default policy should not match the TPM policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 5", result );
/*
* Test 6
*
* Create a new policy object. Its handle should not match the TSP's default policy or
* the TPM's policy.
*
*/
result = Tspi_Context_CreateObject ( hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&hNewPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
if (hNewPolicy == hTPMPolicy || hNewPolicy == hDefaultPolicy) {
print_error( "Test 6: new policy should not match any other policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 6", result );
/*
* Test 7
*
* Assign the policy object as the key's migration policy. After this, the key should have
* a migration policy.
*
*/
result = Tspi_Policy_AssignToObject( hNewPolicy, hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_AssignToObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject(hKey, TSS_POLICY_MIGRATION, &hKeyMigPolicy);
if ( result != TSS_SUCCESS || hKeyMigPolicy != hNewPolicy)
{
print_error( "Test 7: Key's migration policy should match new policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 7", result );
/*
* Test 8
*
* Try to get a migration policy for the TPM
*
*/
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_MIGRATION, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 8: TPM should have no migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 8", result );
/*
* Test 9
*
* Try to get a migration policy for enc data
*
*/
result = Tspi_GetPolicyObject(hEncData, TSS_POLICY_MIGRATION, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 9: Encdata should have no migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 9", result );
/*
* Test 10
*
* Try to get a migration policy for a hash object
*
*/
result = Tspi_Context_CreateObject ( hContext,
TSS_OBJECT_TYPE_HASH,
TSS_HASH_OTHER,
&hHash );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject(hHash, TSS_POLICY_MIGRATION, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 10: Hash should have no migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 10", result );
/*
* Test 11
*
* Try to get a usage policy for a hash object
*
*/
result = Tspi_GetPolicyObject(hHash, TSS_POLICY_USAGE, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 11: Hash should have no usage policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 11", result );
/*
* Test 12
*
* Try to get a migration policy for a pcrs object
*
*/
result = Tspi_Context_CreateObject ( hContext,
TSS_OBJECT_TYPE_PCRS,
0,
&hPcrs );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject(hPcrs, TSS_POLICY_MIGRATION, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 12: Pcrs should have no migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 12", result );
/*
* Test 13
*
* Try to get a usage policy for a pcrs object
*
*/
result = Tspi_GetPolicyObject(hPcrs, TSS_POLICY_USAGE, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 13: Pcrs should have no usage policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 13", result );
/*
* Test 14
*
* Try to get a migration policy for a policy object
*
*/
result = Tspi_GetPolicyObject(hEncdataUsagePolicy, TSS_POLICY_MIGRATION, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 14: Policies should have no migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 14", result );
/*
* Test 15
*
* Try to get a usage policy for a policy object
*
*/
result = Tspi_GetPolicyObject(hEncdataUsagePolicy, TSS_POLICY_USAGE, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 15: Policies should have no usage policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 15", result );
/*
* Test 16
*
* Try to get a migration policy for a context object
*
*/
result = Tspi_GetPolicyObject(hContext, TSS_POLICY_MIGRATION, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 16: Contexts should have no migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 16", result );
/*
* Test 17
*
* Try to get a usage policy for a context object
*
*/
result = Tspi_GetPolicyObject(hContext, TSS_POLICY_USAGE, &trash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 17: Context's policies should not be accessible by "
"Tspi_GetPolicyObject", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 17", result );
/*
* Test 18
*
* Try to assign a migration policy for the TPM
*
*/
result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hTPM);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 18: TPM should not be assigned a migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 18", result );
/*
* Test 19
*
* Try to assign a migration policy for enc data
*
*/
result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hEncData);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 19: Encdata should not be assigned a migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 19", result );
/*
* Test 20
*
* Try to assign a migration policy to a hash object
*
*/
result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hHash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 20: Hash should not be assigned a migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 20", result );
/*
* Test 21
*
* Try to assign a usage policy for a hash object
*
*/
result = Tspi_Policy_AssignToObject(hKeyUsagePolicy, hHash);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER)
{
print_error( "Test 21: Hash should not be assigned a usage policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 21", result );
/*
* Test 22
*
* Try to assign a migration policy for a pcrs object
*
*/
result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hPcrs);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 22: Pcrs should not be assigned a migration policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 22", result );
/*
* Test 23
*
* Try to assign a usage policy for a pcrs object
*
*/
result = Tspi_Policy_AssignToObject(hKeyUsagePolicy, hPcrs);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 23: Pcrs should not be assigned a usage policy", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 23", result );
/*
* Test 24
*
* Try to assign a migration policy for a policy object
*
*/
result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hKeyUsagePolicy);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 24: Policies should not be assigned migration policies",
result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 24", result );
/*
* Test 25
*
* Try to assign a usage policy for a policy object
*
*/
result = Tspi_Policy_AssignToObject(hKeyUsagePolicy, hEncdataUsagePolicy);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 25: Policies should not be assigned usage policies", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 25", result );
/*
* Test 26
*
* Try to assign a migration policy for a context object
*
*/
result = Tspi_Policy_AssignToObject(hKeyMigPolicy, hContext);
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
print_error( "Test 26: Contexts should not be assigned migration policies",
result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 26", result );
/*
* Test 27
*
* Close hKey's usage policy and make sure getPolicyObject returns correctly
*
*/
result = Tspi_Context_CloseObject(hContext, hKeyUsagePolicy);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CloseObject", result );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hNewPolicy);
if ( TSS_ERROR_CODE(result) != TSS_E_INTERNAL_ERROR )
{
print_error( "Test 27: Accessing a closed policy should trigger"
" TSS_E_INTERNAL_ERROR", result );
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
} else
print_success( "Test 27", result );
print_success(function, TSS_SUCCESS);
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata,
gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig)
{
static const TSS_UUID SRK_UUID = TSS_UUID_SRK;
gnutls_datum_t asn1;
unsigned int tss_len;
char *pass;
int ofs, err;
err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Error decoding TSS key blob: %s\n"),
gnutls_strerror(err));
return -EINVAL;
}
/* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */
if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = asn1.data[1];
ofs = 2;
if (tss_len & 0x80) {
int lenlen = tss_len & 0x7f;
if (asn1.size < 2 + lenlen || lenlen > 3) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
tss_len = 0;
while (lenlen) {
tss_len <<= 8;
tss_len |= asn1.data[ofs++];
lenlen--;
}
}
if (tss_len + ofs != asn1.size) {
vpn_progress(vpninfo, PRG_ERR,
_("Error in TSS key blob\n"));
goto out_blob;
}
err = Tspi_Context_Create(&vpninfo->tpm_context);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create TPM context: %s\n"),
Trspi_Error_String(err));
goto out_blob;
}
err = Tspi_Context_Connect(vpninfo->tpm_context, NULL);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to connect TPM context: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &vpninfo->srk);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK key: %s\n"),
Trspi_Error_String(err));
goto out_context;
}
err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM SRK policy object: %s\n"),
Trspi_Error_String(err));
goto out_srk;
}
pass = vpninfo->cert_password;
vpninfo->cert_password = NULL;
while (1) {
static const char nullpass[20];
/* We don't seem to get the error here... */
if (pass)
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (BYTE *)pass);
else /* Well-known NULL key */
err = Tspi_Policy_SetSecret(vpninfo->srk_policy,
TSS_SECRET_MODE_SHA1,
sizeof(nullpass), (BYTE *)nullpass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set TPM PIN: %s\n"),
Trspi_Error_String(err));
goto out_srkpol;
}
free(pass);
/* ... we get it here instead. */
err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk,
tss_len, asn1.data + ofs,
&vpninfo->tpm_key);
if (!err)
break;
if (pass)
vpn_progress(vpninfo, PRG_ERR,
_("Failed to load TPM key blob: %s\n"),
Trspi_Error_String(err));
if (err != TPM_E_AUTHFAIL)
goto out_srkpol;
err = request_passphrase(vpninfo, "openconnect_tpm_srk",
&pass, _("Enter TPM SRK PIN:"));
if (err)
goto out_srkpol;
}
#ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY
gnutls_privkey_init(pkey);
/* This would be nicer if there was a destructor callback. I could
allocate a data structure with the TPM handles and the vpninfo
pointer, and destroy that properly when the key is destroyed. */
gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0);
#else
*pkey = OPENCONNECT_TPM_PKEY;
#endif
retry_sign:
err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig);
if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) {
if (!vpninfo->tpm_key_policy) {
err = Tspi_Context_CreateObject(vpninfo->tpm_context,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&vpninfo->tpm_key_policy);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to create key policy object: %s\n"),
Trspi_Error_String(err));
goto out_key;
}
err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy,
vpninfo->tpm_key);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to assign policy to key: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
}
err = request_passphrase(vpninfo, "openconnect_tpm_key",
&pass, _("Enter TPM key PIN:"));
if (err)
goto out_key_policy;
err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy,
TSS_SECRET_MODE_PLAIN,
strlen(pass), (void *)pass);
free (pass);
if (err) {
vpn_progress(vpninfo, PRG_ERR,
_("Failed to set key PIN: %s\n"),
Trspi_Error_String(err));
goto out_key_policy;
}
goto retry_sign;
}
free (asn1.data);
return 0;
out_key_policy:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy);
vpninfo->tpm_key_policy = 0;
out_key:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key);
vpninfo->tpm_key = 0;
out_srkpol:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy);
vpninfo->srk_policy = 0;
out_srk:
Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk);
vpninfo->srk = 0;
out_context:
Tspi_Context_Close(vpninfo->tpm_context);
vpninfo->tpm_context = 0;
out_blob:
free (asn1.data);
return -EIO;
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_WriteValue04";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HOBJECT hPolObject = NULL_HOBJECT;
BYTE *auth = "123456";
UINT32 auth_length = 6;
BYTE *data = "1234567890";
TSS_RESULT result;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext,NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create policy object for the NV object*/
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_AssignToObject(hPolObject, hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_AssignToObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00050001);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_NV_WriteValue(hNVStore, /*offset*/0,/*datalength*/10, data);
#ifdef NV_LOCKED
if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
else{
print_error("Tspi_NV_WriteValue", result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
#else
if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
else{
print_error("Tspi_NV_WriteValue", result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
#endif
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Key_ConvertMigrationBlob-trans03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hKeyToMigrate, hKeyToMigrateInto;
TSS_HKEY hMigrationAuthorityKey, hWrappingKey;
BYTE *MigTicket;
UINT32 TicketLength;
BYTE *randomData;
UINT32 randomLength;
UINT32 migBlobLength;
BYTE *migBlob;
TSS_RESULT result;
TSS_HTPM hTPM;
TSS_HPOLICY hUsagePolicy, hMigPolicy, tpmUsagePolicy;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Get Policy Object
result =
Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result =
Tspi_Policy_SetSecret(tpmUsagePolicy,
TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN,
TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result =
Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_STORAGE |
TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION,
&hMigrationAuthorityKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Migrate Authority's key
result = Tspi_Key_CreateKey(hMigrationAuthorityKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create key Object
result =
Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_SIGNING |
TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_MIGRATABLE, &hKeyToMigrate);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
// Create usage policy
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(hUsagePolicy, TESTSUITE_KEY_SECRET_MODE,
TESTSUITE_KEY_SECRET_LEN,
TESTSUITE_KEY_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Assign migration policy
result = Tspi_Policy_AssignToObject(hUsagePolicy, hKeyToMigrate);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create migration policy
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION, &hMigPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
result = Tspi_Policy_SetSecret(hMigPolicy, TESTSUITE_KEY_SECRET_MODE,
TESTSUITE_KEY_SECRET_LEN,
TESTSUITE_KEY_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Assign migration policy
result = Tspi_Policy_AssignToObject(hMigPolicy, hKeyToMigrate);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Key To Migrate
result = Tspi_Key_CreateKey(hKeyToMigrate, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_Close(hContext);
Tspi_Context_CloseObject(hContext, hKeyToMigrate);
exit(result);
}
//Authorize Migration Ticket
result =
Tspi_TPM_AuthorizeMigrationTicket(hTPM, hMigrationAuthorityKey,
TSS_MS_MIGRATE,
&TicketLength, &MigTicket);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_AuthorizeMigrationTicket ", result);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_SIGNING |
TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_MIGRATABLE,
&hKeyToMigrateInto);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Migration Blob
result = Tspi_Key_CreateMigrationBlob(hKeyToMigrate, hSRK, TicketLength, MigTicket,
&randomLength, &randomData, &migBlobLength, &migBlob);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_AuthorizeMigrationTicket ", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Key_LoadKey(hMigrationAuthorityKey, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_AuthorizeMigrationTicket ", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Key_ConvertMigrationBlob(hKeyToMigrateInto, hMigrationAuthorityKey,
randomLength, randomData, migBlobLength, migBlob);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_ConvertMigrationBlob", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result != TSS_SUCCESS) {
if (!checkNonAPI(result)) {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
} else {
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
}
int main_v1_2(char version)
{
char *function = "Tspi_Data_Unseal01";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HTPM hTPM;
TSS_HPOLICY hKeyPolicy, hEncUsagePolicy, hSRKPolicy;
BYTE rgbDataToSeal[DATA_SIZE];
BYTE *rgbPcrValue;
UINT32 ulPcrLen;
TSS_HENCDATA hEncData;
BYTE *prgbDataToUnseal;
TSS_HPCRS hPcrComposite;
UINT32 BlobLength;
UINT32 ulDataLength = DATA_SIZE, ulNewDataLength;
TSS_UUID uuid;
TSS_RESULT result;
TSS_FLAG initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(function);
memset(rgbDataToSeal, 0x5d, DATA_SIZE);
// Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
// Connect to Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// create hKey
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_SEAL, &hEncData);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hEncData)",
result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// get the use policy for the encrypted data to set its secret
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hEncUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Policy_SetSecret(hEncUsagePolicy, TESTSUITE_ENCDATA_SECRET_MODE,
TESTSUITE_ENCDATA_SECRET_LEN, TESTSUITE_ENCDATA_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hEncUsagePolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Assign the use policy to the object
result = Tspi_Policy_AssignToObject(hEncUsagePolicy, hEncData);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
// set the SRK auth data
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject (hSRK)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Policy_SetSecret(hSRKPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN,
TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hSRKPolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
// set the new key's authdata
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hKeyPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Policy_SetSecret(hKeyPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN,
TESTSUITE_KEY_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hKeyPolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Assign the use policy to the object
result = Tspi_Policy_AssignToObject(hKeyPolicy, hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// create the key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Key_LoadKey(hKey, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_LoadKey (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hPcrComposite)",
result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#define PCR_NUM 5
result = Tspi_TPM_PcrRead(hTPM, PCR_NUM, &ulPcrLen, &rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_PcrRead", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_PcrComposite_SetPcrValue(hPcrComposite, PCR_NUM, ulPcrLen,
rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_PcrComposite_SetPcrValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_FreeMemory(hContext, rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_FreeMemory", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_PcrComposite_SetPcrLocality(hPcrComposite, TPM_LOC_ZERO);
if (result != TSS_SUCCESS) {
print_error("Tspi_PcrComposite_SetPcrValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Tell the TSS to mask the data before sending
result = Tspi_SetAttribUint32(hEncData, TSS_TSPATTRIB_ENCDATA_SEAL,
TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE,
TSS_TSPATTRIB_ENCDATA_SEAL_PROTECT);
if (result != TSS_SUCCESS) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Data Seal
result =
Tspi_Data_Seal(hEncData, hKey, ulDataLength, rgbDataToSeal, hPcrComposite);
if (result != TSS_SUCCESS) {
print_error("Tspi_Data_Seal", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Data_Unseal(hEncData, hKey, &ulNewDataLength, &prgbDataToUnseal);
if (result != TSS_SUCCESS) {
if (!(checkNonAPI(result))) {
print_error(function, result);
} else {
print_error_nonapi(function, result);
}
} else {
if (ulDataLength != ulNewDataLength) {
printf
("ERROR length of returned data doesn't match!\n");
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
} else
if (memcmp
(prgbDataToUnseal, rgbDataToSeal, ulDataLength)) {
printf
("ERROR data returned from unseal doesn't match!\n");
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Context_FreeMemory(hContext, prgbDataToUnseal);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_FreeMemory ", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(function, result);
}
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
