int
set_policy_options(TSS_HPOLICY hPolicy, TSS_FLAG mode, char *prompt,
UINT32 secret_len, BYTE *secret)
{
TSS_RESULT ret;
BYTE *unicode_prompt;
UINT32 len;
ret = Tspi_Policy_SetSecret(hPolicy, mode, secret_len, secret);
if (ret) {
print_error(ret, gettext("Set policy secret"));
return (ERR_FAIL);
}
if (prompt != NULL) {
unicode_prompt = Trspi_Native_To_UNICODE((BYTE *)prompt, &len);
ret = Tspi_SetAttribData(hPolicy,
TSS_TSPATTRIB_POLICY_POPUPSTRING,
NULL, len, unicode_prompt);
if (ret) {
print_error(ret, gettext("Set policy prompt"));
return (ERR_FAIL);
}
}
return (0);
}
void
tc_set_attribdata(TSS_HCONTEXT hContext, TSS_HOBJECT hObject, UINT32 flag, UINT32 subflag, UINT32 blobSize, BYTE *blob)
{
TSS_RESULT result;
result = Tspi_SetAttribData(hObject, flag, subflag, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_SetAttribData", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
}
TSS_RESULT
util_set_public_modulus(TSS_HKEY hKey, unsigned long size_n, unsigned char *n)
{
UINT64 offset;
UINT32 blob_size;
BYTE *blob, pub_blob[1024];
TCPA_PUBKEY pub_key;
TSS_RESULT result;
/* Get the TCPA_PUBKEY blob from the key object. */
result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
&blob_size, &blob);
if (result != TSS_SUCCESS) {
OCK_LOG_DEBUG("Tspi_GetAttribData failed: rc=0x%x", result);
return result;
}
offset = 0;
result = Trspi_UnloadBlob_PUBKEY(&offset, blob, &pub_key);
if (result != TSS_SUCCESS) {
OCK_LOG_DEBUG("Tspi_GetAttribData failed: rc=0x%x", result);
return result;
}
Tspi_Context_FreeMemory(tspContext, blob);
/* Free the first dangling reference, putting 'n' in its place */
free(pub_key.pubKey.key);
pub_key.pubKey.keyLength = size_n;
pub_key.pubKey.key = n;
offset = 0;
Trspi_LoadBlob_PUBKEY(&offset, pub_blob, &pub_key);
/* Free the second dangling reference */
free(pub_key.algorithmParms.parms);
/* set the public key data in the TSS object */
result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
(UINT32)offset, pub_blob);
if (result != TSS_SUCCESS) {
OCK_LOG_DEBUG("Tspi_SetAttribData failed: rc=0x%x", result);
return result;
}
return TSS_SUCCESS;
}
int main(int argc, char ** argv) {
FILE * file;
size_t res;
rom_hdr_t hdr;
TSS_RESULT result;
char pathrom[256] = "";
TSS_HKEY hSRK;
TSS_HPOLICY pSRK;
TSS_HKEY hKey;
BYTE * pubInfo;
UINT32 pubInfoSize;
int i;
for(i = 1 ; i < argc ; i++) {
if(strncmp("-f", argv[i], sizeof("-f")) == 0) {
if(i + 1 >= argc) {
usage();
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s", argv[i + 1]);
pathrom[sizeof(pathrom) - 1] = 0;
i++;
} else {
usage();
return 1;
}
}
if(pathrom[0] == 0) {
char * home=getenv("HOME");
if(home == NULL) {
fprintf(stderr, "No $HOME environment variable defined\n");
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s/.dtex/rom.bin", home);
pathrom[sizeof(pathrom) - 1] = 0;
}
file = fopen(pathrom, "rb");
if(file == NULL) {
fprintf(stderr, "Can't open rom file\n");
return 1;
}
res = fread(&hdr, sizeof(hdr), 1, file);
if(res != 1) {
fprintf(stderr, "Can't read rom file\n");
fclose(file);
return 1;
}
fclose(file);
//Creation of the TSS Context
result = Tspi_Context_Create(&hContext);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Create", result);
res = 1;
goto err;
}
//Connection to the TSS Context
result = Tspi_Context_Connect(hContext, NULL);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Connext", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
res = 1;
goto err;
}
// Create object key in order to put the public key
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_EMPTY_KEY, &hKey);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_LoadKeyByBlob", result);
res = 1;
goto err;
}
result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, hdr.tpmsignkey_size, hdr.tpmsignkey_blob);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_SetAttribData", result);
res = 1;
goto err;
}
result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &pubInfoSize, &pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_GetAttribData", result);
res = 1;
goto err;
}
if(fwrite(pubInfo, pubInfoSize, 1, stdout) != 1) {
fprintf(stderr, "Write error\n");
res = 1;
goto err;
}
result = Tspi_Context_FreeMemory(hContext, pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_FreeMemory", result);
res = 1;
goto err;
}
res = 0;
err:
//Close TSS session
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return res;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
int main_v1_1(void)
{
TSS_RESULT result;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HCONTEXT hContext;
TSS_HENCDATA hEncData;
TSS_HPOLICY hEncPolicy;
UINT32 ulEncDataLen, ulDataUnsealedLen;
BYTE *rgbDataUnsealed, *dataBuf;
int i, exitCode;
FILE *fEncData = NULL;
char *file_name = "sealedData";
BYTE *rgbDataToSeal = "0123456789ABCDEF0123456789ABCDEF";
UINT32 ulDataToSealLen = 32;
// load Context, SRK, TPM
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result) {
printf("connect_load_all failed\n");
return result;
}
// Create Encrypted Data Object
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_SEAL,
&hEncData);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = set_secret(hContext, hEncData, &hEncPolicy);
if (result) {
printf("set_secret failed\n");
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
fEncData = fopen(file_name, "rb");
if (!fEncData) {
printf("open %s failed\n", file_name);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(-1);
}
// Get file size
fseek(fEncData, 0L, SEEK_END);
ulEncDataLen = ftell(fEncData);
fseek(fEncData, 0L, SEEK_SET);
dataBuf = malloc(ulEncDataLen);
if (fread(dataBuf, 1, ulEncDataLen, fEncData) != ulEncDataLen) {
printf("fread failed\n");
free(dataBuf);
fclose(fEncData);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(-1);
}
fclose(fEncData);
printf("Sealed data:\n");
print_hex(dataBuf, ulEncDataLen);
result = Tspi_SetAttribData(hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
ulEncDataLen,
dataBuf);
if (TSS_SUCCESS != result) {
print_error("Tspi_SetAttribData", result);
free(dataBuf);
dataBuf = NULL;
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
free(dataBuf);
dataBuf = NULL;
result = Tspi_Data_Unseal(hEncData,
hSRK,
&ulDataUnsealedLen,
&rgbDataUnsealed);
if (TSS_SUCCESS != result) {
print_error("Tspi_Data_Unseal", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
printf("Unsealed Data:\n");
print_hex(rgbDataUnsealed, ulDataUnsealedLen);
if (ulDataUnsealedLen != ulDataToSealLen ||
memcmp(rgbDataToSeal, rgbDataUnsealed, ulDataToSealLen)) {
printf("\nFailed\n");
} else {
printf("\nSuccess\n");
}
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
TSS_RESULT MyFunc_CreatePubKey(RSA *rsa, int padding, TSS_HKEY *hKey){
TSS_HCONTEXT hContext;
TSS_RESULT result;
UINT32 encScheme, sizeN, keySize;
BYTE n[2048];
switch(padding){
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
if((keySize = get_tss_key_size(RSA_size(rsa) * 8 )) == 0){
return TSS_E_BAD_PARAMETER;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_LEGACY | keySize, hKey);
if(result != TSS_SUCCESS){
LogError("Tspi_Context_CreateObject failed:%s", strresult(result));
return result;
}
if((sizeN = BN_bn2bin(rsa->n, n)) <= 0){
LogError("BN_bn2bin failed");
ERR_print_errors_fp(stdout);
Tspi_Context_CloseObject(hContext, *hKey);
return TSS_E_FAIL;
}
result = Tspi_SetAttribData(*hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, sizeN, n);
if(result != TSS_SUCCESS){
LogError("Tspi_SetAttribData failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext, *hKey);
return result;
}
result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ALGORITHM, TSS_ALG_RSA );
if(result != TSS_SUCCESS){
LogError("Tspi_SetAttribUnit32 failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext, *hKey);
return result;
}
result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_PRIMES, 2);
if(result != TSS_SUCCESS){
LogError("Tspi_SetAttribUnit32 failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext, *hKey);
return result;
}
result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme);
if(result != TSS_SUCCESS){
LogError("Tspi_Setattribunit32 failed:%s", strresult(result));
Tspi_Context_CloseObject(hContext,*hKey);
return result;
}
return TSS_SUCCESS;
}
TSS_RESULT
make_fake_key(TSS_HCONTEXT hContext, TSS_HKEY *hCAKey, RSA **rsa, int padding)
{
TSS_RESULT result;
UINT32 encScheme, size_n, pub_size;
BYTE n[2048];
TCPA_PUBKEY pubkey;
UINT32 blob_size, size;
BYTE *blob, pub_blob[1024];
switch (padding) {
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
//Create CA Key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, hCAKey);
if (result != TSS_SUCCESS) {
check("Tspi_Context_CreateObject", result);
return result;
}
// generate a software key to represent the CA's key
if ((*rsa = RSA_generate_key(2048, 65537, NULL, NULL)) == NULL) {
ERR_print_errors_fp(stdout);
return 254; // ?
}
// get the pub CA key
if ((size_n = BN_bn2bin((*rsa)->n, n)) <= 0) {
fprintf(stderr, "BN_bn2bin failed\n");
ERR_print_errors_fp(stdout);
RSA_free(*rsa);
return 254; // ?
}
result = Tspi_GetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob);
if (result != TSS_SUCCESS) {
check("Tspi_GetAttribData", result);
return result;
}
pub_size = blob_pubkey(pub_blob, 1024, blob, blob_size, n, size_n);
result = Tspi_SetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pub_size, pub_blob);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribData", result);
return result;
}
// set the CA key's algorithm
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM,
TSS_ALG_RSA);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's number of primes
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_PRIMES,
2);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's encryption scheme
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
encScheme);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
return TSS_SUCCESS;
}
static int tpm_rsa_priv_dec(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 out_len, in_len;
BYTE *out;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_dec(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hEncData == NULL_HENCDATA) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&app_data->hEncData))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
}
if (padding == RSA_PKCS1_PADDING &&
app_data->encScheme != TSS_ES_RSAESPKCSV15) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object", app_data->encScheme);
return 0;
} else if (padding == RSA_PKCS1_OAEP_PADDING &&
app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object", app_data->encScheme);
return 0;
}
in_len = flen;
if ((result = Tspi_SetAttribData(app_data->hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
in_len, from))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Data_Unbind(app_data->hEncData, app_data->hKey,
&out_len, &out))) {
TSSerr(TPM_F_TPM_RSA_PRIV_DEC, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("%s: writing out %d bytes as a signature", __FUNCTION__, out_len);
memcpy(to, out, out_len);
Tspi_Context_FreeMemory(hContext, out);
return out_len;
}
int main(int argc,char **argv)
{
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_RESULT result;
TSS_HKEY hSRK=0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID=TSS_UUID_SRK;
BYTE wks[20]; //For the well known secret
// Set wks to the well known secret: 20 bytes of all 0’s
memset(wks,0,20);
//Pick the TPM you are talking to.
// In this case, it is the system TPM (indicated with NULL).
result = Tspi_Context_Create( &hContext);
DBG("Create Context",result);
result = Tspi_Context_Connect(hContext, NULL);
DBG("Context Connect�",result);
// Get the TPM handle
result=Tspi_Context_GetTpmObject(hContext,&hTPM);
DBG("Get TPM Handle",result);
// Get the SRK handle
result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK);
DBG("Got the SRK handle�", result);
//Get the SRK policy
result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy);
DBG("Got the SRK policy",result);
//Then set the SRK policy to be the well known secret
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks);
//Note: TSS SECRET MODE SHA1 says ”Don’t hash this.
// Use the 20 bytes as they are.
DBG("Set the SRK secret in its policy",result);
//Do something usefull
UINT32 ulDataLength;
TSS_HKEY hESS_Bind_Key;
FILE * fin;
FILE * fout;
TSS_HENCDATA hEncData;
TSS_UUID MY_UUID=BACKUP_KEY_UUID;
BYTE encryptedData[256];
BYTE * decryptedData;
BYTE pass123[3];
memset(pass123,0,3);
//Read in the encrypted data from the file
fin=fopen("data/AES.key.enc","rb");
read(fileno(fin),encryptedData,ulDataLength);
fclose(fin);
// Create a data object , fill it with clear text and then bind it.
result=Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_ENCDATA,TSS_ENCDATA_BIND,&hEncData);
DBG("Create Data object",result);
result = Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key);
DBG("Get unbinding key",result);
result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
DBG("Loaded Key",result);
TSS_HPOLICY hBackup_Policy;
// Create a policy for the new key. Set its password to ?~@~\123?~@~]
result=Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,TSS_POLICY_USAGE, &hBackup_Policy);
DBG("Create a backup policy object",result);
result=Tspi_Policy_SetSecret(hBackup_Policy,TSS_SECRET_MODE_PLAIN,3,pass123);
DBG("Set backup policy object secret",result);
// Assign the key?~@~Ys policy to the key object
result=Tspi_Policy_AssignToObject( hBackup_Policy,hESS_Bind_Key);
DBG("Assign the keys policy to the key", result);
result = Tspi_SetAttribData(hEncData,TSS_TSPATTRIB_ENCDATA_BLOB,TSS_TSPATTRIB_ENCDATABLOB_BLOB,256,encryptedData);
DBG("Load Data",result);
// Use the Unbinding key to decrypt the encrypted data
// in the BindData object, and return it
result=Tspi_Data_Unbind(hEncData,hESS_Bind_Key,&ulDataLength,&decryptedData);
DBG("Unbind",result);
fout=fopen("data/originalAES.key", "wb");
write(fileno(fout),decryptedData,ulDataLength);
fclose(fout);
//Done doing something usefull
// Context Close(hobjects you have created);
Tspi_Context_FreeMemory(hContext,NULL);
// This frees up memory automatically allocated for you.
Tspi_Context_Close(hContext);
return 0;
}
int
main_v1_1( void )
{
char *function = "Tspi_PolicyPopup02";
char *hashData = "09876543210987654321";
TSS_RESULT result;
TSS_HKEY hSRK, hKey;
TSS_UUID SRKUUID = {0,0,0,0,0,0,0,0,0,0,1};
TSS_HPOLICY hPolicy;
TSS_HCONTEXT hContext;
TSS_HHASH hHash;
BYTE *popupMsg = NULL;
BYTE *msg = "Enter a password for a new key:";
UINT32 msg_len;
TSS_HPOLICY srkUsagePolicy;
TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING |
TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE |
TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
UINT32 ulSignatureLen;
BYTE *signature;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
print_error_exit( function, err_string(result) );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, NULL );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
result = Tspi_Context_CreateObject ( hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject ( hKey, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
popupMsg = char_to_unicode(msg, &msg_len);
result = Tspi_SetAttribData( hPolicy,
TSS_TSPATTRIB_POLICY_POPUPSTRING,
0, msg_len, popupMsg );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribData", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
free(popupMsg);
result = Tspi_Policy_SetSecret( hPolicy,
TSS_SECRET_MODE_POPUP,
0, NULL );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey( hKey, hSRK, 0 );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey (hKey)", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_LoadKey( hKey, hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_LaodKey", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#if 0
result = Tspi_Policy_FlushSecret( hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
popupMsg = char_to_unicode("Re-enter the new key's password:"******"Tspi_SetAttribData", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
free(popupMsg);
result = Tspi_Policy_SetSecret( hPolicy,
TSS_SECRET_MODE_POPUP,
0, NULL );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
/* now sign some data to test the key's auth data */
result = Tspi_Context_CreateObject ( hContext,
TSS_OBJECT_TYPE_HASH,
TSS_HASH_SHA1, &hHash );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Hash_SetHashValue ( hHash, strlen(hashData), hashData );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Hash_SetHashValue", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Hash_Sign ( hHash, hKey, &ulSignatureLen, &signature );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Hash_Sign", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
print_success( function, result );
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
int main()
{
TSS_HCONTEXT hContext;
TSS_HKEY hBindKey,hSRKey;
TSS_HPOLICY hBind_Policy,hSRKey_Policy;
TSS_HENCDATA hEncData;
TSS_RESULT result;
TSS_UUID SRK_UUID=TSS_UUID_SRK,BIND_UUID=BACKUP_KEY_UUID;
UINT32 encLen=256;
BYTE encryptedData[256];
BYTE *rgbDataUnbind;
UINT32 ulDataLength;
FILE *fin;
result=Tspi_Context_Create(&hContext);
DBG("Create context",result);
result=Tspi_Context_Connect(hContext,NULL);
DBG("Connect to native TCS",result);
fin=fopen("bind.data","rb");
read(fileno(fin),encryptedData,encLen);
fclose(fin);
result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,
&hSRKey);
DBG("Load SRK",result);
result=Tspi_GetPolicyObject(hSRKey,TSS_POLICY_USAGE,&hSRKey_Policy);
DBG("Get SRK policy object",result);
result=Tspi_Policy_SetSecret(hSRKey_Policy,TSS_SECRET_MODE_PLAIN,
8,(BYTE *)"46113200");
DBG("Set secret of SRK policy",result);
result=Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,&hEncData);
DBG("Created Data object",result);
result=Tspi_SetAttribData(hEncData,TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,encLen,encryptedData);
DBG("Set hEncdata object",result);
result=Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,BIND_UUID,
&hBindKey);
DBG("Get unbinding key",result);
result=Tspi_Key_LoadKey(hBindKey,hSRKey);
DBG("Load unbinding key",result);
result=Tspi_GetPolicyObject(hSRKey,TSS_POLICY_USAGE,&hBind_Policy);
DBG("Get unbinding key policy",result);
result=Tspi_Policy_SetSecret(hBind_Policy,TSS_SECRET_MODE_PLAIN,
3,(BYTE *)"123");
DBG("Set secret of unbinding key policy",result);
result=Tspi_Data_Unbind(hEncData,hBindKey,&ulDataLength,&rgbDataUnbind);
DBG("Unbind",result);
int i;
for(i=0;i<ulDataLength;i++)
printf("%c",rgbDataUnbind[i]);
printf("\n");
result=Tspi_Context_CloseObject(hContext,hEncData);
DBG("Close hEncData",result);
result=Tspi_Context_Close(hContext);
DBG("Close context",result);
return 0;
}
main_v1_1(void){
char *nameOfFunction = "Tspi_SetAttribData03";
TSS_HKEY hKey;
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HPOLICY hPolicy;
BYTE* POPUPSTRING = "bobdbuilder";
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
//SetAttribData
result = Tspi_SetAttribData(hPolicy,
-1,
0, strlen(POPUPSTRING), POPUPSTRING);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_ATTRIB_FLAG) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hPolicy);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hPolicy);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hPolicy);
Tspi_Context_Close(hContext);
exit(0);
}
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE wks[20];
memset(wks,0,20);
TSS_HKEY hESS_Bind_Key;
TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID;
TSS_HPOLICY hESS_Policy;
TSS_FLAG initFlags;
BYTE *pubKey;
UINT32 pubKeySize;
FILE *fout, *fin;
result =Tspi_Context_Create(&hContext);
DBG("Create a context", result);
result=Tspi_Context_Connect(hContext, NULL);
DBG("Connect to TPM", result);
result=Tspi_Context_GetTpmObject(hContext, &hTPM);
DBG("Get TPM handle", result);
result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
DBG("Get SRK handle", result);
result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
DBG("Get SRK Policy", result);
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks);
DBG("Tspi_Policy_SetSecret", result);
result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hESS_Policy);
DBG("Create a key policy object", result);
result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1,
20, wks);
DBG("Set key policy object secret", result);
initFlags = TSS_KEY_TYPE_BIND |
TSS_KEY_SIZE_2048 |
TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Create the key object", result);
result = Tspi_SetAttribUint32(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
TSS_ES_RSAESPKCSV15);
DBG("Set the keys's padding type", result);
result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key);
DBG("Assign the key's policy to the key", result);
printf("Creating the key could take a while\n");
result = Tspi_Key_CreateKey(hESS_Bind_Key,
hSRK, 0);
DBG("Asking TPM to create the key", result);
result = Tspi_Context_RegisterKey(hContext,
hESS_Bind_Key,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
TSS_PS_TYPE_SYSTEM,
SRK_UUID);
DBG("Registering the key for later retrieval", result);
printf("Registering the key blob for later retrieval\r\n");
result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
DBG("Loading key in TPM", result);
result = Tspi_Key_GetPubKey(hESS_Bind_Key,
&pubKeySize, &pubKey);
DBG("Get Public portion of key", result);
fout = fopen("BackupESSBindKey.pub", "wb");
if(fout != NULL) {
write(fileno(fout), pubKey, pubKeySize);
printf("Finished writing BackupESSBindKey.pub\n");
fclose(fout);
}
else {
printf("Error opening XXXXXXXXXXXX \r\n");
}
result = Tspi_Policy_FlushSecret(hESS_Policy);
DBG("Policy flush secret", result);
result = Tspi_Context_GetKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Get key handle", result);
printf("Unregistering key\r\n");
result = Tspi_Context_UnregisterKey(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Unregister key", result);
// Load a key and bind data
UINT32 ulDataLength;
BYTE *rbgBoundData;
BYTE newPubKey[1000], encData[1000];
TSS_HENCDATA hEncData;
fin = fopen("BackupESSBindKey.pub", "r");
read(fileno(fin), newPubKey,284);
if (fin == NULL)
return 0;
fclose(fin);
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Tspi_Context_CreateObject BindKey", result);
result = Tspi_SetAttribData(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
284,newPubKey);
DBG("Set Public key into new key object", result);
fin = fopen("data", "rb");
read(fileno(fin), encData, 7);
fclose(fin);
result=Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&hEncData);
DBG("Create Data Object", result);
result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData);
DBG("Bind data", result);
result = Tspi_GetAttribData(hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&ulDataLength,&rbgBoundData);
DBG("Get encrypted data", result);
fout = fopen("Bound.data", "wb");
write(fileno(fout),rbgBoundData,ulDataLength);
fclose(fout);
result = Tspi_Context_FreeMemory(hContext, NULL);
DBG("Tspi Context Free Memory", result);
result = Tspi_Context_Close(hContext);
DBG("Tspi Context Close", result);
return 0;
}
main_v1_1(void){
char *nameOfFunction = "Tspi_SetAttribData01";
TSS_HKEY hKey;
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HPOLICY hPolicy;
BYTE *POPUPSTRING = "bobdbuilder", *utf16_popup;
UINT32 POPUPSTRINGLEN = strlen(POPUPSTRING);
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
utf16_popup = char_to_unicode(POPUPSTRING, &POPUPSTRINGLEN);
//SetAttribData
result = Tspi_SetAttribData(hPolicy,
TSS_TSPATTRIB_POLICY_POPUPSTRING,
0, POPUPSTRINGLEN, utf16_popup);
if (result != TSS_SUCCESS) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hPolicy);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hPolicy);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_CloseObject(hContext, hPolicy);
Tspi_Context_Close(hContext);
exit(0);
}
}
