int encryptDecrypt(TPMI_DH_OBJECT keyHandle, TPMI_YES_NO decryptVal, TPM2B_MAX_BUFFER *inData, const char *outFilePath) { UINT32 rval; // Inputs TPMI_ALG_SYM_MODE mode; TPM2B_IV ivIn; // Outputs TPM2B_MAX_BUFFER outData = { { sizeof(TPM2B_MAX_BUFFER)-2, } }; TPM2B_IV ivOut = { { sizeof(TPM2B_IV)-2, } }; TSS2_SYS_CMD_AUTHS sessionsData; TPMS_AUTH_RESPONSE sessionDataOut; TSS2_SYS_RSP_AUTHS sessionsDataOut; TPMS_AUTH_COMMAND *sessionDataArray[1]; TPMS_AUTH_RESPONSE *sessionDataOutArray[1]; sessionDataArray[0] = &sessionData; sessionsData.cmdAuths = &sessionDataArray[0]; sessionDataOutArray[0] = &sessionDataOut; sessionsDataOut.rspAuths = &sessionDataOutArray[0]; sessionsDataOut.rspAuthsCount = 1; sessionData.sessionHandle = TPM_RS_PW; sessionData.nonce.t.size = 0; *((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0; sessionsData.cmdAuthsCount = 1; sessionsData.cmdAuths[0] = &sessionData; mode = TPM_ALG_NULL; ivIn.t.size = MAX_SYM_BLOCK_SIZE; memset(ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE); if(decryptVal == NO) printf("\nENCRYPTDECRYPT: ENCRYPT\n"); if(decryptVal == YES) printf("\nENCRYPTDECRYPT: DECRYPT\n"); rval = Tss2_Sys_EncryptDecrypt(sysContext, keyHandle, &sessionsData, decryptVal, mode, &ivIn, inData, &outData, &ivOut, &sessionsDataOut); if(rval != TPM_RC_SUCCESS) { printf("EncryptDecrypt failed, error code: 0x%x\n", rval); return -1; } printf("\nEncryptDecrypt succ.\n"); if(saveDataToFile(outFilePath, (UINT8 *)outData.t.buffer, outData.t.size)) return -2; printf("OutFile %s completed!\n", outFilePath); return 0; }
TSS2_RC EncryptCFB( SESSION *session, TPM2B_MAX_BUFFER *encryptedData, TPM2B_MAX_BUFFER *clearData, TPM2B_AUTH *authValue ) { TSS2_RC rval = TSS2_RC_SUCCESS; TPM2B_MAX_BUFFER encryptKey; TPM2B_IV ivIn, ivOut; TPM_HANDLE keyHandle; TPM2B_NAME keyName; TSS2_SYS_CONTEXT *sysContext; // Authorization structure for command. TPMS_AUTH_COMMAND sessionData; // Create and init authorization area for command: // only 1 authorization area. TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData }; // Authorization array for command (only has one auth structure). TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] }; sysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion ); if( sysContext == 0 ) { TeardownSysContext( &sysContext ); return TSS2_APP_RC_TEARDOWN_SYS_CONTEXT_FAILED; } rval = GenerateSessionEncryptDecryptKey( session, &encryptKey, &ivIn, authValue ); if( rval == TSS2_RC_SUCCESS ) { rval = LoadSessionEncryptDecryptKey( &session->symmetric, &encryptKey, &keyHandle, &keyName ); if( rval == TSS2_RC_SUCCESS ) { // Encrypt the data. sessionData.sessionHandle = TPM_RS_PW; sessionData.nonce.t.size = 0; *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0; sessionData.hmac.t.size = 0; encryptedData->t.size = sizeof( *encryptedData ) - 1; ivOut.t.size = sizeof( ivOut ) - 2; rval = Tss2_Sys_EncryptDecrypt( sysContext, keyHandle, &sessionsData, NO, TPM_ALG_CFB, &ivIn, clearData, encryptedData, &ivOut, 0 ); if( rval == TSS2_RC_SUCCESS ) { rval = Tss2_Sys_FlushContext( sysContext, keyHandle ); } } } TeardownSysContext( &sysContext ); return rval; }