TSS_RESULT make_fake_key(TSS_HCONTEXT hContext, TSS_HKEY *hCAKey, RSA **rsa, int padding) { TSS_RESULT result; UINT32 encScheme, size_n, pub_size; BYTE n[2048]; TCPA_PUBKEY pubkey; UINT32 blob_size, size; BYTE *blob, pub_blob[1024]; switch (padding) { case RSA_PKCS1_PADDING: encScheme = TSS_ES_RSAESPKCSV15; break; case RSA_PKCS1_OAEP_PADDING: encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1; break; case RSA_NO_PADDING: encScheme = TSS_ES_NONE; break; default: return TSS_E_INTERNAL_ERROR; break; } //Create CA Key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, hCAKey); if (result != TSS_SUCCESS) { check("Tspi_Context_CreateObject", result); return result; } // generate a software key to represent the CA's key if ((*rsa = RSA_generate_key(2048, 65537, NULL, NULL)) == NULL) { ERR_print_errors_fp(stdout); return 254; // ? } // get the pub CA key if ((size_n = BN_bn2bin((*rsa)->n, n)) <= 0) { fprintf(stderr, "BN_bn2bin failed\n"); ERR_print_errors_fp(stdout); RSA_free(*rsa); return 254; // ? } result = Tspi_GetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob); if (result != TSS_SUCCESS) { check("Tspi_GetAttribData", result); return result; } pub_size = blob_pubkey(pub_blob, 1024, blob, blob_size, n, size_n); result = Tspi_SetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pub_size, pub_blob); if (result != TSS_SUCCESS) { check("Tspi_SetAttribData", result); return result; } // set the CA key's algorithm result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ALGORITHM, TSS_ALG_RSA); if (result != TSS_SUCCESS) { check("Tspi_SetAttribUint32", result); RSA_free(*rsa); return result; } // set the CA key's number of primes result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_PRIMES, 2); if (result != TSS_SUCCESS) { check("Tspi_SetAttribUint32", result); RSA_free(*rsa); return result; } // set the CA key's encryption scheme result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme); if (result != TSS_SUCCESS) { check("Tspi_SetAttribUint32", result); RSA_free(*rsa); return result; } return TSS_SUCCESS; }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_DefineSpace-trans03"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; TSS_RESULT result; TSS_HKEY hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifdef NV_LOCKED /* Get TPM object */ result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011101); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); #ifdef CLEAR_TEST_INDEX Tspi_NV_ReleaseSpace(hNVStore); #endif if (result != TSS_SUCCESS) { print_error("Tspi_NV_DefineSpace", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result== TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error("Tspi_NV_DefineSpace", result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } }
/* create a new key. we need a way to specify creation of a key with OAEP * padding as well as PKCSv1.5, since signatures will need to be done on * data larger than 20 bytes, which is the max size *regardless of key size* * for an OAEP key signing using the TPM */ static int tpm_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb) { TSS_RESULT result; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY; UINT32 encScheme, sigScheme; TSS_HKEY hKey; /* XXX allow this to be specified through pre commands */ sigScheme = TSS_SS_RSASSAPKCS1V15_DER; encScheme = TSS_ES_RSAESPKCSV15; DBG("%s", __FUNCTION__); if (!BN_is_word(e, 65537)) { TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_INVALID_EXPONENT); return 0; } /* set e in the RSA object as done in the built-in openssl function */ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) { TSSerr(TPM_F_TPM_RSA_KEYGEN, ERR_R_MALLOC_FAILURE); return 0; } BN_copy(rsa->e, e); switch (bits) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_INVALID_KEY_SIZE); return 0; } /* Load the parent key (SRK) which will wrap the new key */ if (!tpm_load_srk(NULL, NULL)) { TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_SRK_LOAD_FAILED); return 0; } /* Create the new key object */ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED); return 0; } /* set the signature scheme */ if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sigScheme))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED); return 0; } /* set the encryption scheme */ if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED); return 0; } /* Call create key using the new object */ if ((result = Tspi_Key_CreateKey(hKey, hSRK, NULL_HPCRS))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED); return 0; } if (!fill_out_rsa_object(rsa, hKey)) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED); return 0; } /* Load the key into the chip so other functions don't need to */ if ((result = Tspi_Key_LoadKey(hKey, hSRK))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } return 1; }
int main_v1_2( char version ) { char *function = "policy_check_lifetime04"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; TSS_BOOL state; TSS_RESULT result; UINT32 remainingTimer; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Retrieve TPM object of context result = Tspi_Context_GetTpmObject( hContext, &hTPM ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetTpmObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sets the policy Lifetime Timer result = Tspi_SetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, TIMER ); if (result != TSS_SUCCESS){ print_error("Tspi_SetAttribUint32", result); Tspi_Context_Close(hContext); exit(result); } //Sets the secret and fires the timer result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Ensure Secret usages is not always result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer); if ( result != TSS_SUCCESS || (remainingTimer) ){ if ( remainingTimer ){ fprintf( stderr, "\tError: Policy Usage is set as always: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_Policy_SetSecret", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - first call within TIMER seconds result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sleeps for TIMER - 3 seconds fprintf( stdout, "Sleeping for %u seconds\n", TIMER-3); sleep( TIMER - 3 ); //Ensures the usage timer has decremented result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, &remainingTimer); if ( result != TSS_SUCCESS || (remainingTimer <= TIMER-3)){ if ( remainingTimer <= TIMER-3 ){ fprintf( stderr, "\tError: Invalid policy timer after usage: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sets the policy Lifetime as always result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, 0); if (result != TSS_SUCCESS){ print_error("Tspi_SetAttribUint32", result); Tspi_Context_Close(hContext); exit(result); } //Ensure Secret usages is always result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer); if ( result != TSS_SUCCESS || (!remainingTimer) ){ if ( !remainingTimer ){ fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - second call result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(2)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - third call result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(3)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - fourth call result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(4)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Ensure Secret usages is always result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer); if ( result != TSS_SUCCESS || (!remainingTimer) ){ if ( !remainingTimer ){ fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } print_success( function, result); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int main_v1_2( char version ) { char * function = "Tspi_SetAttribUint3208"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTpmPolicy; UINT32 ordinal = TPM_ORD_CreateWrapKey, subCap, pulRespLen; TSS_RESULT result; BYTE* prgbRespData; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hTpmPolicy); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_createObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret(hTpmPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_AssignToObject(hTpmPolicy, hTPM); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_AssignToObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } /* Check if ordinal auditing is supported on this TPM */ result = Testsuite_Is_Ordinal_Supported(hTPM, TPM_ORD_SetOrdinalAuditStatus); if (result != TSS_SUCCESS) { fprintf(stderr, "%s: TPM doesn't support auditing, returning success\n", __FILE__); print_success( function, TSS_SUCCESS ); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); } //Call SetAttribUint32 result = Tspi_SetAttribUint32(hTPM, TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS, TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT, ordinal); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Call SetAttribUint32 result = Tspi_SetAttribUint32(hTPM, TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS, TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT, ordinal); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_ReadValue-trans03"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HOBJECT hPolObject = NULL_HOBJECT; TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; BYTE *auth = "123456"; UINT32 auth_length = 6; BYTE *policyData; UINT32 read_space = 10; TSS_RESULT result; TSS_HKEY hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifdef NV_LOCKED /* Get TPM object */ result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif /* Create policy object for the NV object*/ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_AssignToObject(hPolObject, hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData); #ifdef CLEAR_TEST_INDEX Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); Tspi_NV_ReleaseSpace(hNVStore); #endif #ifdef NV_LOCKED if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT) #else if (result != TSS_SUCCESS) #endif { print_error("Tspi_NV_ReadValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result == TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }
int main_v1_1( void ) { char *function = "Tspi_Data_Unbind05"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hKey; TSS_HPOLICY hSrkPolicy; BYTE *prgbDataToUnBind; TSS_HENCDATA hEncData; UINT32 pulDataLength; BYTE rgbDataToBind[DATA_SIZE], *rgbEncryptedData = NULL; UINT32 ulDataLength = DATA_SIZE, ulEncryptedDataLength = 0; TSS_UUID uuid; TSS_RESULT result; UINT32 exitCode; TSS_FLAG initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test( function ); memset (rgbDataToBind, 0x5a, DATA_SIZE); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // create hKey result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hEncData ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hEncData)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_SetAttribUint32( hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_SetAtttribUint32", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey( hKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Load the newly created key result = Tspi_Key_LoadKey( hKey, hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_LoadKey", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } printf("Data before binding:\n"); print_hex(rgbDataToBind, ulDataLength); result = Tspi_Data_Bind( hEncData, hKey, ulDataLength, rgbDataToBind ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Data_Bind", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &ulEncryptedDataLength, &rgbEncryptedData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } printf("Data after encrypting:\n"); print_hex(rgbEncryptedData, ulEncryptedDataLength); result = Tspi_Data_Unbind( hEncData, hKey, &pulDataLength, &prgbDataToUnBind ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { printf("Data after unbinding:\n"); print_hex(prgbDataToUnBind, pulDataLength); if (pulDataLength != ulDataLength) { printf("ERROR: Size of decrypted data does not match! " "(%u != %u)\n", pulDataLength, ulDataLength); } else if (memcmp(prgbDataToUnBind, rgbDataToBind, ulDataLength)) { printf("ERROR: Content of decrypted data does not match!\n"); } else { print_success( function, result ); exitCode = 0; } } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main (int argc, char **argv) { TSS_HCONTEXT hContext; TSS_HNVSTORE hNV; FILE *f_out; UINT32 blobLen; UINT32 nvIndex = TSS_NV_DEFINED|TPM_NV_INDEX_EKCert; UINT32 offset; UINT32 ekOffset; UINT32 ekbufLen; BYTE *ekbuf; BYTE *blob; UINT32 tag, certType; int result; if (argc != 2) { printf ("Usage: %s outfilename\n", argv[0]); exit (1); } if ((f_out = fopen (argv[1], "wb")) == NULL) { printf ("Unable to open '%s' for output\n", argv[1]); exit (1); } result = Tspi_Context_Create(&hContext); CKERR; result = Tspi_Context_Connect(hContext, NULL); CKERR; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0, &hNV); CKERR; result = Tspi_SetAttribUint32(hNV, TSS_TSPATTRIB_NV_INDEX, 0, nvIndex); CKERR; /* Try reading certificate header from NV memory */ blobLen = 5; result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob); if (result != TSS_SUCCESS) { /* Try again with authorization */ TSS_HPOLICY hNVPolicy; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hNVPolicy); CKERR; result = Tspi_Policy_SetSecret(hNVPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); CKERR; result = Tspi_Policy_AssignToObject(hNVPolicy, hNV); CKERR; blobLen = 5; result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob); } if (result != TSS_SUCCESS) { printf ("Unable to read EK Certificate from TPM\n"); goto error; } if (blobLen < 5) goto parseerr; tag = (blob[0]<<8) | blob[1]; if (tag != TCG_TAG_PCCLIENT_STORED_CERT) goto parseerr; certType = blob[2]; if (certType != TCG_FULL_CERT) goto parseerr; ekbufLen = (blob[3]<<8) | blob[4]; /* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */ offset = 5; blobLen = 2; result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR; if (blobLen < 2) goto parseerr; tag = (blob[0]<<8) | blob[1]; if (tag == TCG_TAG_PCCLIENT_FULL_CERT) { offset += 2; ekbufLen -= 2; } else if (blob[0] != 0x30) /* Marker of cert structure */ goto parseerr; /* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */ /* Read cert from chip in pieces - too large requests may fail */ ekbuf = malloc(ekbufLen); ekOffset = 0; while (ekOffset < ekbufLen) { blobLen = ekbufLen-ekOffset; if (blobLen > BSIZE) blobLen = BSIZE; result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR; memcpy (ekbuf+ekOffset, blob, blobLen); /* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */ offset += blobLen; ekOffset += blobLen; } fwrite (ekbuf, 1, ekbufLen, f_out); fclose (f_out); printf ("Success!\n"); return 0; error: printf ("Failure, error code: 0x%x\n", result); return 1; parseerr: printf ("Failure, unable to parse certificate store structure\n"); return 2; }
int main_v1_1( void ) { char *function = "Tspi_SetAttribUint3205"; TSS_HKEY hParentKey; TSS_HCONTEXT hContext; TSS_RESULT result; UINT32 exitCode; TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Create and initialize empty object result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hParentKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (parent key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Set uint, no encryption, key enc scheme result = Tspi_SetAttribUint32( hParentKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_USAGE, -1 ); if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_ATTRIB_DATA ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { print_success( function, result ); exitCode = 0; } // Set uint, key sig scheme result = Tspi_SetAttribUint32( hParentKey, TSS_TSPATTRIB_KEY_REGISTER, 0, -1 ); if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_ATTRIB_DATA ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_CacheOwnerDelegation-trans01"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hSigningKey, hWrappingKey; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error("connect_load_all", result); goto done; } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, FALSE, &hWrappingKey, &hSigningKey); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); goto done; } result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_SetAttribUint32(hFamily, TSS_TSPATTRIB_DELFAMILY_STATE, TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED, TRUE); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', 0, NULL_HPCRS, hFamily, hDelegation); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CreateDelegation", result ); goto done; } /* Cache the owner delegation in row 0 */ result = Tspi_TPM_Delegate_CacheOwnerDelegation(hTPM, hDelegation, 0, TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CacheOwnerDelegation", result ); goto done; } result = Testsuite_Transport_Final(hContext, hSigningKey); if ( result != TSS_SUCCESS ) { print_error( "Testsuite_Transport_Final", result ); goto done; } else { print_success( function, result ); } print_end_test( function ); done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int main(int argc, char **argv) { TSS_HTPM hTpm; TSS_HNVSTORE nvObject; TSS_FLAG fNvAttrs; TSS_HPOLICY hTpmPolicy, hDataPolicy; int iRc = -1; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; int opswd_len = -1; int dpswd_len = -1; struct option hOpts[] = { {"index" , required_argument, NULL, 'i'}, {"size" , required_argument, NULL, 's'}, {"permissions" , required_argument, NULL, 'p'}, {"pwdo" , optional_argument, NULL, 'o'}, {"pwda" , optional_argument, NULL, 'a'}, {"use-unicode" , no_argument, NULL, 'u'}, {"data-well-known" , no_argument, NULL, 'z'}, {"owner-well-known", no_argument, NULL, 'y'}, {NULL , no_argument, NULL, 0}, }; initIntlSys(); if (genericOptHandler (argc, argv, "i:s:p:o:a:yzu", hOpts, sizeof(hOpts) / sizeof(struct option), parse, help) != 0) goto out; if (end) { iRc = 0; goto out; } if (!nvindex_set) { logError(_("You must provide an index for the NVRAM area.\n")); goto out; } if (nvperm == 0 && (UINT32)nvindex != TPM_NV_INDEX_LOCK && (UINT32)nvindex != TPM_NV_INDEX0) { logError(_("You must provide permission bits for the NVRAM area.\n")); goto out; } logDebug("permissions = 0x%08x\n", nvperm); if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; fNvAttrs = 0; if (contextCreateObject(hContext, TSS_OBJECT_TYPE_NV, fNvAttrs, &nvObject) != TSS_SUCCESS) goto out_close; if (askOwnerPass) { ownerpass = _GETPASSWD(_("Enter owner password: "******"Failed to get owner password\n")); goto out_close; } } if (ownerpass || ownerWellKnown) { if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if (ownerpass) { if (opswd_len < 0) opswd_len = strlen(ownerpass); if (policySetSecret(hTpmPolicy, opswd_len, (BYTE *)ownerpass) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hTpmPolicy, TCPA_SHA1_160_HASH_LEN, (BYTE *)well_known_secret) != TSS_SUCCESS) goto out_close; } } if (askDataPass) { datapass = _GETPASSWD(_("Enter NVRAM data password: "******"Failed to get NVRAM data password\n")); goto out_close; } } if (datapass || dataWellKnown) { if (contextCreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDataPolicy) != TSS_SUCCESS) goto out_close; if (datapass) { if (dpswd_len < 0) dpswd_len = strlen(datapass); if (policySetSecret(hDataPolicy, dpswd_len, (BYTE *)datapass) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hDataPolicy, TCPA_SHA1_160_HASH_LEN, (BYTE *)well_known_secret) != TSS_SUCCESS) goto out_close; } if (Tspi_Policy_AssignToObject(hDataPolicy, nvObject) != TSS_SUCCESS) goto out_close; } if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_INDEX, 0, nvindex) != TSS_SUCCESS) goto out_close_obj; if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_PERMISSIONS, 0, nvperm) != TSS_SUCCESS) goto out_close_obj; if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_DATASIZE, 0, nvsize) != TSS_SUCCESS) goto out_close_obj; if (NVDefineSpace(nvObject, (TSS_HPCRS)0, (TSS_HPCRS)0) != TSS_SUCCESS) goto out_close; logMsg(_("Successfully created NVRAM area at index 0x%x (%u).\n"), nvindex, nvindex); iRc = 0; goto out_close; out_close_obj: contextCloseObject(hContext, nvObject); out_close: contextClose(hContext); out: return iRc; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; BYTE wks[20]; memset(wks,0,20); TSS_HKEY hESS_Bind_Key; TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID; TSS_HPOLICY hESS_Policy; TSS_FLAG initFlags; BYTE *pubKey; UINT32 pubKeySize; FILE *fout, *fin; result =Tspi_Context_Create(&hContext); DBG("Create a context", result); result=Tspi_Context_Connect(hContext, NULL); DBG("Connect to TPM", result); result=Tspi_Context_GetTpmObject(hContext, &hTPM); DBG("Get TPM handle", result); result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); DBG("Get SRK handle", result); result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); DBG("Get SRK Policy", result); result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks); DBG("Tspi_Policy_SetSecret", result); result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hESS_Policy); DBG("Create a key policy object", result); result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1, 20, wks); DBG("Set key policy object secret", result); initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hESS_Bind_Key); DBG("Create the key object", result); result = Tspi_SetAttribUint32(hESS_Bind_Key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15); DBG("Set the keys's padding type", result); result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key); DBG("Assign the key's policy to the key", result); printf("Creating the key could take a while\n"); result = Tspi_Key_CreateKey(hESS_Bind_Key, hSRK, 0); DBG("Asking TPM to create the key", result); result = Tspi_Context_RegisterKey(hContext, hESS_Bind_Key, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, TSS_PS_TYPE_SYSTEM, SRK_UUID); DBG("Registering the key for later retrieval", result); printf("Registering the key blob for later retrieval\r\n"); result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK); DBG("Loading key in TPM", result); result = Tspi_Key_GetPubKey(hESS_Bind_Key, &pubKeySize, &pubKey); DBG("Get Public portion of key", result); fout = fopen("BackupESSBindKey.pub", "wb"); if(fout != NULL) { write(fileno(fout), pubKey, pubKeySize); printf("Finished writing BackupESSBindKey.pub\n"); fclose(fout); } else { printf("Error opening XXXXXXXXXXXX \r\n"); } result = Tspi_Policy_FlushSecret(hESS_Policy); DBG("Policy flush secret", result); result = Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, &hESS_Bind_Key); DBG("Get key handle", result); printf("Unregistering key\r\n"); result = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, &hESS_Bind_Key); DBG("Unregister key", result); // Load a key and bind data UINT32 ulDataLength; BYTE *rbgBoundData; BYTE newPubKey[1000], encData[1000]; TSS_HENCDATA hEncData; fin = fopen("BackupESSBindKey.pub", "r"); read(fileno(fin), newPubKey,284); if (fin == NULL) return 0; fclose(fin); result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hESS_Bind_Key); DBG("Tspi_Context_CreateObject BindKey", result); result = Tspi_SetAttribData(hESS_Bind_Key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, 284,newPubKey); DBG("Set Public key into new key object", result); fin = fopen("data", "rb"); read(fileno(fin), encData, 7); fclose(fin); result=Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hEncData); DBG("Create Data Object", result); result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData); DBG("Bind data", result); result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &ulDataLength,&rbgBoundData); DBG("Get encrypted data", result); fout = fopen("Bound.data", "wb"); write(fileno(fout),rbgBoundData,ulDataLength); fclose(fout); result = Tspi_Context_FreeMemory(hContext, NULL); DBG("Tspi Context Free Memory", result); result = Tspi_Context_Close(hContext); DBG("Tspi Context Close", result); return 0; }
int main_v1_2( char version ) { char *function = "policy_check_lifetime02"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; TSS_BOOL state; TSS_RESULT result; UINT32 remainingUsages; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Retrieve TPM object of context result = Tspi_Context_GetTpmObject( hContext, &hTPM ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetTpmObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sets the policy Lifetime Counter result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, COUNTER); if (result != TSS_SUCCESS){ print_error("Tspi_SetAttribUint32", result); Tspi_Context_Close(hContext); exit(result); } //Sets the secret and fires the counter result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //First two GetStatus calls: the Policy should not be expired yet //Get status - first call (remainingUsages = COUNTER -1 result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - second call (remainingUsages = COUNTER -2) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_DISABLEPUBEKREAD, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(2)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - third call (remainingUsages = COUNTER -3) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(3)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Ensure Secret usages reached 0 result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages); if ( result != TSS_SUCCESS || (remainingUsages)){ if (remainingUsages){ fprintf( stderr, "\tError: Secret usages did not reach zero: (%u)\n", remainingUsages ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - fourth call with secret expired (remainingUsages = COUNTER -3) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( Trspi_Error_Code(result) != TSS_E_INVALID_OBJ_ACCESS ) { print_error( "Tspi_TPM_GetStatus(4)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set secret again and reset policy lifetime counter result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages); if ( result != TSS_SUCCESS || (remainingUsages != COUNTER)){ if (remainingUsages != COUNTER){ fprintf( stderr, "\tError: Secret usages counter wasn't reset: (%u)\n", remainingUsages ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(5)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } print_success( function, result); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int main(int argc, char *argv[]) { int ret; char base32_key[BASE32_LEN(keylen)+1]; unsigned char uefiblob[4100]; unsigned char blob[4096]; /* resulting sealed blob */ unsigned int bloblen; /* blob length */ unsigned char wellknown[20] = {0}; unsigned char totpstring[64]; uint32_t pcrmask = 0x000003BF; // PCRs 0-5 and 7-9 const char * hostname = "TPMTOTP"; char *outfile_name; FILE *infile; FILE *outfile; QRcode *qrcode; #ifdef CONFIG_TSS TSS_HCONTEXT context; #endif if (generate_key()) { return -1; } pcrvals = malloc(NUM_PCRS * sizeof(uint8_t*)); CHECK_MALLOC(pcrvals); static int base32_flag = 0; static int qr_flag = 1; static int nvram_flag = 0; int option_index = 0; static struct option long_options[] = { {"pcrs", required_argument, 0, 'p'}, {"nvram", no_argument, &nvram_flag, 1}, {"no-qrcode", no_argument, &qr_flag, 0}, {"base32", no_argument, &base32_flag, 1}, {"help", no_argument, 0, 'h'}, {0,0,0,0} }; if (argc == 1) { print_help(); return -1; } int c; while ((c = getopt_long(argc, argv, "p:nbh", long_options, &option_index)) != -1) { switch (c) { case 0: // Flag only break; case 'p': pcrmask = parse_pcrs(optarg); if (pcrmask == (uint32_t) -1) return -1; break; case 'h': print_help(); return 0; case 'b': base32_flag = 1; break; case 'n': nvram_flag = 1; break; case 's': qr_flag = 0; break; case '?': // Unrecognized Option print_help(); return -1; default: print_help(); } } if (!nvram_flag) { if (optind == argc) { fprintf(stderr, "Output name required!\n"); print_help(); return -1; } else { outfile_name = argv[optind]; } } base32_encode(key, keylen, base32_key); base32_key[BASE32_LEN(keylen)] = NULL; #ifdef CONFIG_TSS ret = Tspi_Context_Create(&context); if (ret != TSS_SUCCESS) { fprintf(stderr, "Unable to create TPM context\n"); return -1; } ret = Tspi_Context_Connect(context, NULL); if (ret != TSS_SUCCESS) { fprintf(stderr, "Unable to connect to TPM\n"); return -1; } ret = TSPI_SealCurrPCR(context, // context 0x40000000, // SRK pcrmask, wellknown, // Well-known SRK secret wellknown, // Well-known SEAL secret key, keylen, /* data to be sealed */ blob, &bloblen); /* buffer to receive result */ #else ret = TPM_SealCurrPCR( 0x40000000, // SRK pcrmask, wellknown, // Well-known SRK secret wellknown, // Well-known SEAL secret key, keylen, /* data to be sealed */ blob, &bloblen); /* buffer to receive result */ #endif if (ret != 0) { fprintf(stderr, "Error %s from TPM_Seal\n", TPM_GetErrMsg(ret)); //goto out; } sprintf(totpstring, "otpauth://totp/%s?secret=%s", hostname, base32_key); //sprintf(totpstring, "%s", base32_key); if (base32_flag) { printf("%s\n", base32_key); } printf("%s\n", totpstring); if (qr_flag) { qrcode = QRcode_encodeString(totpstring, 0, QR_ECLEVEL_L, QR_MODE_8, 1); writeANSI(qrcode); } if (nvram_flag) { uint32_t nvindex = 0x00004d47; uint32_t permissions = TPM_NV_PER_OWNERREAD|TPM_NV_PER_OWNERWRITE; #ifdef CONFIG_TSS TSS_HNVSTORE nvObject; TSS_FLAG nvattrs = 0; ret = Tspi_Context_CreateObject(context, TSS_OBJECT_TYPE_NV, nvattrs, &nvObject); if (ret != TSS_SUCCESS) { fprintf(stderr, "Unable to create nvram object: %x\n", ret); goto out; } ret = Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_INDEX, 0, nvindex); if (ret != TSS_SUCCESS) { fprintf(stderr, "Unable to set index\n"); goto out; } ret = Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_PERMISSIONS, 0, permissions); if (ret != TSS_SUCCESS) { fprintf(stderr, "Unable to set permissions\n"); goto out; } ret = Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_DATASIZE, 0, bloblen); if (ret != TSS_SUCCESS) { fprintf(stderr, "Unable to set size\n"); goto out; } ret = Tspi_NV_DefineSpace(nvObject, NULL, NULL); if (ret != TSS_SUCCESS && ret != (0x3000 | TSS_E_NV_AREA_EXIST)) { fprintf(stderr, "Unable to define space: %x\n", ret); goto out; } ret = Tspi_NV_WriteValue(nvObject, 0, bloblen, blob); if (ret != TSS_SUCCESS) { fprintf(stderr, "Unable to write to nvram\n"); goto out; } #else unsigned char * ownauth = wellknown; unsigned char * areaauth = wellknown; TPM_PCR_INFO_SHORT *pcrInfoRead = NULL; TPM_PCR_INFO_SHORT *pcrInfoWrite = NULL; ret = TPM_NV_DefineSpace2( ownauth, nvindex, bloblen, permissions, areaauth, pcrInfoRead, pcrInfoWrite); //if (ret != TPM_SUCCESS && ret != (0x3000 | TSS_E_NV_AREA_EXIST)) { if (ret != TPM_SUCCESS) { fprintf(stderr, "Unable to define space: %x\n", ret); goto out; } ret = TPM_NV_WriteValue( nvindex, 0, blob, bloblen, ownauth ); if (ret != TPM_SUCCESS) { fprintf(stderr, "Unable to write to nvram\n"); goto out; } #endif } else { outfile = fopen(outfile_name, "w"); if (outfile == NULL) { fprintf(stderr, "Unable to open output file '%s'\n", outfile_name); goto out; } if (strncmp(outfile_name, efivarfs, strlen(efivarfs)) == 0) { int attributes = 7; // NV, RT, BS memcpy(uefiblob, &attributes, sizeof(int)); memcpy(uefiblob + sizeof(int), blob, bloblen); bloblen += sizeof(int); ret = fwrite(uefiblob, 1, bloblen, outfile); } else { ret = fwrite(blob, 1, bloblen, outfile); } if (ret != bloblen) { fprintf(stderr, "I/O Error while writing output file '%s'\n", outfile_name); goto out; } } out: #ifdef CONFIG_TSS Tspi_Context_FreeMemory(context, NULL); Tspi_Context_Close(context); #endif exit(ret); }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_DefineSpace12"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; TSS_RESULT result; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x0000d); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); #ifdef NV_LOCKED if (TSS_ERROR_CODE(result)== TPM_E_OWNER_SET||TSS_ERROR_CODE(result)==TPM_E_BAD_PRESENCE ) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else{ print_error("Tspi_NV_DefineSpace", result); print_end_test(nameOfFunction); if ( result == TSS_SUCCESS ) { #ifdef CLEAR_TEST_INDEX Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); Tspi_NV_ReleaseSpace(hNVStore); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); #endif exit(-1); } Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #else if (result== TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); #ifdef CLEAR_TEST_INDEX Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); Tspi_NV_ReleaseSpace(hNVStore); #endif Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else{ print_error("Tspi_NV_DefineSpace", result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_UpdateVerificationCount-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hWrappingKey; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation1 = NULL_HPOLICY; TSS_HPOLICY hDelegation2 = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", (result) ); goto done; } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", (result) ); goto done; } result = Tspi_Policy_SetSecret( hDelegation1, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", (result) ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', 0, NULL_HPCRS, hFamily, hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation2); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", (result) ); goto done; } result = Tspi_Policy_SetSecret( hDelegation2, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT, NULL_HPCRS, hFamily, hDelegation2); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) ); goto done; } result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_UpdateVerificationCount", (result) ); goto done; } result = Testsuite_Transport_Final(hContext, 0); if ( result != TSS_SUCCESS ) { print_error( "Testsuite_Transport_Final", (result) ); goto done; } else { print_success( function, result ); } print_end_test( function ); done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_WriteValue04"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HOBJECT hPolObject = NULL_HOBJECT; BYTE *auth = "123456"; UINT32 auth_length = 6; BYTE *data = "1234567890"; TSS_RESULT result; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create policy object for the NV object*/ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_AssignToObject(hPolObject, hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00050001); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_NV_WriteValue(hNVStore, /*offset*/0,/*datalength*/10, data); #ifdef NV_LOCKED if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else{ print_error("Tspi_NV_WriteValue", result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } #else if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else{ print_error("Tspi_NV_WriteValue", result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } #endif }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_ReleaseSpace-trans02"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; TSS_RESULT result; TSS_HKEY hSigningKey, hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, &hSigningKey); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011111); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); if (result != TSS_SUCCESS) { print_error("Tspi_NV_DefineSpace", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0x0); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Release NV space*/ result = Tspi_NV_ReleaseSpace(hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_NV_ReleaseSpace", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, hSigningKey); if (result== TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } }
/** * gnutls_tpm_privkey_generate: * @pk: the public key algorithm * @bits: the security bits * @srk_password: a password to protect the exported key (optional) * @key_password: the password for the TPM (optional) * @format: the format of the private key * @pub_format: the format of the public key * @privkey: the generated key * @pubkey: the corresponding public key (may be null) * @flags: should be a list of GNUTLS_TPM_* flags * * This function will generate a private key in the TPM * chip. The private key will be generated within the chip * and will be exported in a wrapped with TPM's master key * form. Furthermore the wrapped key can be protected with * the provided @password. * * Note that bits in TPM is quantized value. If the input value * is not one of the allowed values, then it will be quantized to * one of 512, 1024, 2048, 4096, 8192 and 16384. * * Allowed flags are: * * %GNUTLS_TPM_KEY_SIGNING: Generate a signing key instead of a legacy, * %GNUTLS_TPM_REGISTER_KEY: Register the generate key in TPM. In that * case @privkey would contain a URL with the UUID. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.1.0 **/ int gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits, const char *srk_password, const char *key_password, gnutls_tpmkey_fmt_t format, gnutls_x509_crt_fmt_t pub_format, gnutls_datum_t * privkey, gnutls_datum_t * pubkey, unsigned int flags) { TSS_FLAG tpm_flags = TSS_KEY_VOLATILE; TSS_HKEY key_ctx; TSS_RESULT tssret; int ret; void *tdata; UINT32 tint; gnutls_datum_t tmpkey = { NULL, 0 }; TSS_HPOLICY key_policy; gnutls_pubkey_t pub; struct tpm_ctx_st s; TSS_FLAG storage_type; TSS_HTPM htpm; uint8_t buf[32]; if (flags & GNUTLS_TPM_KEY_SIGNING) tpm_flags |= TSS_KEY_TYPE_SIGNING; else tpm_flags |= TSS_KEY_TYPE_LEGACY; if (flags & GNUTLS_TPM_KEY_USER) storage_type = TSS_PS_TYPE_USER; else storage_type = TSS_PS_TYPE_SYSTEM; if (bits <= 512) tpm_flags |= TSS_KEY_SIZE_512; else if (bits <= 1024) tpm_flags |= TSS_KEY_SIZE_1024; else if (bits <= 2048) tpm_flags |= TSS_KEY_SIZE_2048; else if (bits <= 4096) tpm_flags |= TSS_KEY_SIZE_4096; else if (bits <= 8192) tpm_flags |= TSS_KEY_SIZE_8192; else tpm_flags |= TSS_KEY_SIZE_16384; ret = tpm_open_session(&s, srk_password); if (ret < 0) return gnutls_assert_val(ret); /* put some randomness into TPM. * Let's not trust it completely. */ tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_cc; } ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf)); if (ret < 0) { gnutls_assert(); goto err_cc; } tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf); if (tssret) { gnutls_assert(); } tssret = Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY, tpm_flags, &key_ctx); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_cc; } tssret = Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, TSS_SS_RSASSAPKCS1V15_DER); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } /* set the password of the actual key */ if (key_password) { tssret = Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE, &key_policy); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } tssret = myTspi_Policy_SetSecret(key_policy, SAFE_LEN(key_password), (void *) key_password); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } } tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } if (flags & GNUTLS_TPM_REGISTER_KEY) { TSS_UUID key_uuid; ret = randomize_uuid(&key_uuid); if (ret < 0) { gnutls_assert(); goto err_sa; } tssret = Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx, storage_type, key_uuid, TSS_PS_TYPE_SYSTEM, srk_uuid); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } ret = encode_tpmkey_url((char **) &privkey->data, &key_uuid, storage_type); if (ret < 0) { TSS_HKEY tkey; Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type, key_uuid, &tkey); gnutls_assert(); goto err_sa; } privkey->size = strlen((char *) privkey->data); } else { /* get the key as blob */ tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &tint, (void *) &tdata); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) { ret = _gnutls_x509_encode_string (ASN1_ETYPE_OCTET_STRING, tdata, tint, &tmpkey); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_fbase64_encode("TSS KEY BLOB", tmpkey.data, tmpkey.size, privkey); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { UINT32 tint2; tmpkey.size = tint + 32; /* spec says no more than 20 */ tmpkey.data = gnutls_malloc(tmpkey.size); if (tmpkey.data == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } tint2 = tmpkey.size; tssret = Tspi_EncodeDER_TssBlob(tint, tdata, TSS_BLOB_TYPE_PRIVATEKEY, &tint2, tmpkey.data); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto cleanup; } tmpkey.size = tint2; privkey->data = tmpkey.data; privkey->size = tmpkey.size; tmpkey.data = NULL; } } /* read the public key */ if (pubkey != NULL) { size_t psize; ret = gnutls_pubkey_init(&pub); if (ret < 0) { gnutls_assert(); goto privkey_cleanup; } ret = read_pubkey(pub, key_ctx, &psize); if (ret < 0) { gnutls_assert(); goto privkey_cleanup; } psize += 512; pubkey->data = gnutls_malloc(psize); if (pubkey->data == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto pubkey_cleanup; } ret = gnutls_pubkey_export(pub, pub_format, pubkey->data, &psize); if (ret < 0) { gnutls_assert(); goto pubkey_cleanup; } pubkey->size = psize; gnutls_pubkey_deinit(pub); } ret = 0; goto cleanup; pubkey_cleanup: gnutls_pubkey_deinit(pub); privkey_cleanup: gnutls_free(privkey->data); privkey->data = NULL; cleanup: gnutls_free(tmpkey.data); tmpkey.data = NULL; err_sa: Tspi_Context_CloseObject(s.tpm_ctx, key_ctx); err_cc: tpm_close_session(&s); return ret; }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_CreateDelegation02"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); goto done; } result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(0xffffffff, 'b', 0, NULL_HPCRS, hFamily, hDelegation); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main_v1_2(char version) { char *function = "Tspi_Data_Unseal01"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HTPM hTPM; TSS_HPOLICY hKeyPolicy, hEncUsagePolicy, hSRKPolicy; BYTE rgbDataToSeal[DATA_SIZE]; BYTE *rgbPcrValue; UINT32 ulPcrLen; TSS_HENCDATA hEncData; BYTE *prgbDataToUnseal; TSS_HPCRS hPcrComposite; UINT32 BlobLength; UINT32 ulDataLength = DATA_SIZE, ulNewDataLength; TSS_UUID uuid; TSS_RESULT result; TSS_FLAG initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(function); memset(rgbDataToSeal, 0x5d, DATA_SIZE); // Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } // Connect to Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hEncData)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // get the use policy for the encrypted data to set its secret result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hEncUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hEncUsagePolicy, TESTSUITE_ENCDATA_SECRET_MODE, TESTSUITE_ENCDATA_SECRET_LEN, TESTSUITE_ENCDATA_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hEncUsagePolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Assign the use policy to the object result = Tspi_Policy_AssignToObject(hEncUsagePolicy, hEncData); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK // set the SRK auth data result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject (hSRK)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hSRKPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hSRKPolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif // set the new key's authdata result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hKeyPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hKeyPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hKeyPolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Assign the use policy to the object result = Tspi_Policy_AssignToObject(hKeyPolicy, hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create the key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Key_LoadKey (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hPcrComposite)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #define PCR_NUM 5 result = Tspi_TPM_PcrRead(hTPM, PCR_NUM, &ulPcrLen, &rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_PcrRead", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_PcrComposite_SetPcrValue(hPcrComposite, PCR_NUM, ulPcrLen, rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_FreeMemory(hContext, rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_Context_FreeMemory", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_PcrComposite_SetPcrLocality(hPcrComposite, TPM_LOC_ZERO); if (result != TSS_SUCCESS) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Tell the TSS to mask the data before sending result = Tspi_SetAttribUint32(hEncData, TSS_TSPATTRIB_ENCDATA_SEAL, TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE, TSS_TSPATTRIB_ENCDATA_SEAL_PROTECT); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Data Seal result = Tspi_Data_Seal(hEncData, hKey, ulDataLength, rgbDataToSeal, hPcrComposite); if (result != TSS_SUCCESS) { print_error("Tspi_Data_Seal", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Data_Unseal(hEncData, hKey, &ulNewDataLength, &prgbDataToUnseal); if (result != TSS_SUCCESS) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } } else { if (ulDataLength != ulNewDataLength) { printf ("ERROR length of returned data doesn't match!\n"); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else if (memcmp (prgbDataToUnseal, rgbDataToSeal, ulDataLength)) { printf ("ERROR data returned from unseal doesn't match!\n"); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_FreeMemory(hContext, prgbDataToUnseal); if (result != TSS_SUCCESS) { print_error("Tspi_Context_FreeMemory ", result); Tspi_Context_Close(hContext); exit(result); } print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); }