Esempio n. 1
0
static uint32_t swapOutKey(uint32_t handle)
{	
	unsigned char labelhash[20];
	char *filename = createKeyFilename(handle);
	STACK_TPM_BUFFER(context);
	uint32_t ret = 0;

	if (NULL == filename) {
		ret = ERR_MEM_ERR;
	}

#if 0
	printf("Swapping OUT key with handle %08x\n",handle);
#endif
	
	TSS_sha1("KEY",3,labelhash);


	if (ret == 0) {
		ret = TPM_SaveContext(handle,
		                      TPM_RT_KEY,
		                      (char *)labelhash,
		                      &context);
	}

	if (ret == 0) {
		FILE * f = fopen(filename, "w+");
		if (f) {
			fwrite(context.buffer, context.used, 1, f);
			fclose(f);
		} else {
			ret = ERR_BAD_FILE;
		}
	}
	
	if (ret == 0) {
		ret = TPM_EvictKey(handle);
#if 0
		printf("Evicted key with handle 0x%08x\n",handle);
	} else {
		printf("DID NOT Evicted key with handle 0x%08x\n",handle);
#endif
	}

#if 0
	if (ret == 0) {
		printf("Swapped out key with handle %08x.\n",handle);
	} else {
		printf("Could NOT swap out key with handle %08x.\n",handle);
	}
#endif
	
	return ret;
}
Esempio n. 2
0
int main(int argc, char **argv)
{
	int fd, size, i, ret;
	uint32_t kh, pcrs;

	unsigned char buf[1024], hash[20], pass[20];
	char *srkpass, *keyfile, ch;

	/* SHA1 hash of TPM's SRK password */
	char *tpmhash = "\x71\x10\xed\xa4\xd0\x9e\x06\x2a\xa5\xe4\xa3"
			"\x90\xb0\xa5\x72\xac\x0d\x2c\x02\x20";
	char *nonce =	"\x80\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0"
			"\x0\x0\x0\x0\x1";
	keydata k;
	RSA *rpub;

	srkpass = keyfile = NULL;
	while ((ch = getopt(argc, argv, "hs:f:")) != -1) {
		switch (ch) {
			case 's':
				srkpass = optarg;
				break;
			case 'f':
				keyfile = optarg;
				break;
			case 'h':
			default:
				usage(argv[0]);
				break;
		}
	}

	if (!srkpass)
		usage(argv[0]);
	if (!keyfile)
		keyfile = "key.blob";

	SHA1(srkpass, strlen(srkpass), pass);

	fd = open(keyfile, O_RDONLY);
	if (fd == -1)
		errx(1, "couldn't open %s\n", keyfile);

	size = read(fd, buf, 1024);
	if (size == -1)
		errx(1, "couldn't read\n");

	size = TSS_KeyExtract(buf, &k);
	printf("keybuf size: %d\n", size);

	close(fd);

	printf("loading . . .\n");
	/* 0x40000000 is the UID for the SRK */
	if (ret = TPM_LoadKey(0x40000000, pass, &k, &kh)) {
		printf("%s\n", TPM_GetErrMsg(ret));
		errx(1, "TPM_LoadKey\n");
	}

	/* Quote PCR 0 */
	printf("quoting . . .\n");
	if (ret = TPM_Quote(kh, (0x00000001 << 0), pass, nonce, &pcomp, buf,
	    &size)) {
		printf("%s\n", TPM_GetErrMsg(ret));
		errx(1, "TPM_Quote\n");
	}

	/* TPM will run out of memory if you forget to evict keys.  This can be
	 * fixed with a good ol' reboot.*/
	printf("evicting. . .\n");
	if (ret = TPM_EvictKey(kh)) {
		printf("%s\n", TPM_GetErrMsg(ret));
		errx(1, "TPM_EvictKey\n");
	}

	/* Compute composite hash */
	SHA1((char*)&pcomp, sizeof(pcomp), hash);

	printf("slen: %d\n", ntohs(pcomp.slen));
	printf("select: 0x%x\n", pcomp.s);
	printf("plen %d\n", ntohl(pcomp.plen));
	printf("pcr hash: ");
	for (i = 0; i < 20; i++)
		printf("%02x ", pcomp.p[i]);
	printf("\n");
	printf("composite hash: ");
	for (i = 0; i < 20; i++)
		printf("%02x ", hash[i]);
	printf("\n");
	printf("signed blob len: %d\n", size);
	printf("signed blob: ");
	for (i = 0; i < size; i++)
		printf("%02x ", buf[i]);
	printf("\n");

	/* See if the signed object matches the composite hash concatenated
	 * with the nonce */
	signedhash.fixed[0] = 1; signedhash.fixed[1] = 1;
	signedhash.fixed[2] = 0; signedhash.fixed[3] = 0;
	signedhash.fixed[4] = 'Q'; signedhash.fixed[5] = 'U';
	signedhash.fixed[6] = 'O'; signedhash.fixed[7] = 'T';
	memcpy(&signedhash.comphash, hash, 20);
	memcpy(&signedhash.nonce, nonce, 20);

	SHA1((char*)&signedhash, sizeof(signedhash), hash);
	/* Gives us an RSA public key from the TPM key */
	rpub = TSS_convpubkey(&k.pub);
	if (!rpub)
		errx(1, "TSS_convpubkey\n");

	if (!RSA_verify(NID_sha1, hash, 20, buf, size, rpub))
		printf("SIGNATURE FAILED\n");
	else
		printf("Signature is correct\n");

	return 0;
}