TPW_RESULT create_key(TSS_HCONTEXT tss_context, TSS_FLAG aflags, TSS_HKEY *user_key, TSS_HKEY p_key, char *auth, int authlen) { TSS_RESULT result; TSS_HPOLICY policy; if(!authlen) aflags |= TSS_KEY_NO_AUTHORIZATION; else aflags |= TSS_KEY_AUTHORIZATION; result = Tspi_Context_CreateObject(tss_context, TSS_OBJECT_TYPE_RSAKEY, aflags, user_key); if(TSS_SUCCESS != result) { Log_Text("create_key", TPW_KEY_ERROR); return TPW_KEY_ERROR; } if(authlen) { result = Tspi_Context_CreateObject(tss_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &policy); result = policySetSecret(policy, authlen, auth); if(TSS_SUCCESS != result) { Log_Text("setPolicy_in_create_key", TPW_POLICY_ERROR); return TPW_POLICY_ERROR; } result = policyAssign(policy, *user_key); if(TSS_SUCCESS != result) { Log_Text("assignPolicy_in_create_key", TPW_POLICY_ERROR); return TPW_KEY_ERROR; } } result = keyCreateKey(*user_key, p_key, 0); if(TSS_SUCCESS != result) { Log_Text("Create_in_create_key", TPW_KEY_ERROR); return TPW_KEY_ERROR; } return TPW_SUCCESS; }
TPW_RESULT load_key_and_auth(TSS_HCONTEXT tss_context, TSS_HKEY *h_srk, TSS_UUID key_uuid, TSS_FLAG aflags, BYTE *auth, int len) { TSS_RESULT result; TSS_HPOLICY h_policy; result = keyLoadKeyByUUID(tss_context, aflags, key_uuid, h_srk); if(TSS_SUCCESS != result) return TPW_KEY_ERROR; result = policyGet(*h_srk, &h_policy); if(TSS_SUCCESS != result) return TPW_KEY_ERROR; result = policySetSecret(h_policy, len, auth); if(TSS_SUCCESS != result) return TPW_KEY_ERROR; }
/* * Affect: Change owner or srk password * Default: No action * Required: Owner authentication */ int main(int argc, char **argv) { int i = 0, iRc = -1; char *passwd = NULL; int pswd_len; TSS_HPOLICY hTpmPolicy, hNewPolicy; TSS_HTPM hTpm; TSS_HTPM hSrk; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; struct option opts[] = { {"owner", no_argument, NULL, 'o'}, {"srk", no_argument, NULL, 's'}, {"original_password_unicode", no_argument, NULL, 'g'}, {"new_password_unicode", no_argument, NULL, 'n'}, {"well-known", no_argument, NULL, 'z'}, {"set-well-known", no_argument, NULL, 'r'}, }; initIntlSys(); if (genericOptHandler (argc, argv, "zrsogn", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) goto out; //nothing selected if ((!changeRequested && wellKnown) || (!changeRequested)) { help(argv[0]); goto out; } //Connect to TSS and TPM if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; if (wellKnown) { passwd = (char *)well_known_secret; pswd_len = TCPA_SHA1_160_HASH_LEN; } else { passwd = _GETPASSWD(_("Enter owner password: "******"Failed to get owner password\n")); goto out_close; } } if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if (policySetSecret(hTpmPolicy, pswd_len, (BYTE *)passwd) != TSS_SUCCESS) goto out_close; if (!wellKnown && !setWellKnown) { shredPasswd(passwd); passwd = NULL; } do { if (auths[i].change) { logInfo(_("Changing password for: %s.\n"), _(auths[i].name)); if (setWellKnown) { passwd = (char *)well_known_secret; pswd_len = TCPA_SHA1_160_HASH_LEN; } else { passwd = _GETPASSWD(_(auths[i].prompt), &pswd_len, TRUE, newUnicode || useUnicode ); if (!passwd) { logError(_("Failed to get new password.\n")); goto out_close; } } if (contextCreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hNewPolicy) != TSS_SUCCESS) goto out_close; if (policySetSecret (hNewPolicy, pswd_len, (BYTE *)passwd) != TSS_SUCCESS) goto out_close; if (i == owner) { if (tpmChangeAuth(hTpm, NULL_HOBJECT, hNewPolicy) != TSS_SUCCESS) goto out_close; } else if (i == srk) { if (keyLoadKeyByUUID (hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSrk) != TSS_SUCCESS) goto out_close; if (tpmChangeAuth(hSrk, hTpm, hNewPolicy) != TSS_SUCCESS) goto out_close; } logInfo(_("Change of %s password successful.\n"), _(auths[i].name)); if (!wellKnown && !setWellKnown) { shredPasswd(passwd); passwd = NULL; } } } while (auths[++i].name); iRc = 0; out_close: contextClose(hContext); out: if (passwd && !wellKnown && !setWellKnown) shredPasswd(passwd); return iRc; }
int main(int argc, char **argv) { char *szTpmPasswd = NULL; int pswd_len; TSS_HTPM hTpm; TSS_HPOLICY hTpmPolicy; int iRc = -1; struct option opts[] = { {"force", no_argument, NULL, 'f'}, {"well-known", no_argument, NULL, 'z'}, }; BYTE well_known[] = TSS_WELL_KNOWN_SECRET; initIntlSys(); if (genericOptHandler (argc, argv, "fz", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) goto out; if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; if (!bValue) { if (isWellKnown){ szTpmPasswd = (char *)well_known; pswd_len = sizeof(well_known); }else{ szTpmPasswd = GETPASSWD(_("Enter owner password: "******"Failed to get password\n")); goto out_close; } } if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if (policySetSecret(hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) goto out_close; } //Setup complete attempt command if (tpmClearOwner(hTpm, bValue) != TSS_SUCCESS) goto out_close; //Command successful iRc = 0; logSuccess(argv[0]); logMsg( _("TPM Successfuly Cleared. You need to reboot to complete this operation. After reboot the TPM will be in the default state: unowned, disabled and inactive.\n") ); //Cleanup out_close: if (szTpmPasswd && !isWellKnown) shredPasswd(szTpmPasswd); contextClose(hContext); out: return iRc; }
int main(int argc, char **argv) { char *szTpmPasswd = NULL; int pswd_len; TSS_HPOLICY hTpmPolicy; TSS_HTPM hTpm; int iRc = -1; struct option opts[] = { {"allow", no_argument, NULL, 'a'}, {"status", no_argument, NULL, 's'}, {"restrict", no_argument, NULL, 'r'}, {"well-known", no_argument, NULL, 'z'}, }; BYTE well_known[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; initIntlSys(); if (genericOptHandler (argc, argv, "asrz", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) goto out; /* If no args are given, the default should be to give status */ if (argc == 1) bCheck = TRUE; //Connect to TSS and TPM if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; if (isWellKnown) { szTpmPasswd = (char *)well_known; pswd_len = sizeof(well_known); } else { // Prompt for owner password szTpmPasswd = GETPASSWD(_("Enter owner password: "******"Failed to get password\n")); goto out_close; } } if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if (policySetSecret (hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) goto out_close; if (bCheck) { TSS_BOOL bValue; if (tpmGetStatus (hTpm, TSS_TPMSTATUS_DISABLEPUBSRKREAD, &bValue) != TSS_SUCCESS) goto out; logMsg(_("Storage Root Key readable with: %s\n"), bValue ? _("owner auth") : _("SRK auth")); } else { if (tpmSetStatus(hTpm, TSS_TPMSTATUS_DISABLEPUBSRKREAD, bRestrict) != TSS_SUCCESS) goto out_close; } iRc = 0; logSuccess(argv[0]); out_close: contextClose(hContext); out: if (szTpmPasswd && !isWellKnown) shredPasswd(szTpmPasswd); return iRc; }
int main( int argc, char **argv ) { char *szTpmPasswd = NULL; int tpm_len; TSS_HTPM hTpm; TSS_HPOLICY hTpmPolicy; TSS_BOOL bValue = TRUE; int iRc = -1; struct option opts[] = { {"use-hex", no_argument, NULL, 'x'}, {"well-known", no_argument, NULL, 'z'}, }; BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; BYTE* pTpmPasswd = NULL; int iTpmPasswdLen; initIntlSys(); if (genericOptHandler(argc, argv, "xz", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) goto out; if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (!isWellKnown) { // Prompt for owner password szTpmPasswd = GETPASSWD(_("Enter owner password: "******"Failed to get Owner password\n")); goto out; } if( decodeHexPassword ) { if( hex2bytea(szTpmPasswd, &pTpmPasswd, &iTpmPasswdLen) != 0 ) { logError(_("Invalid hex owner secret\n")); goto out_close; } } } else { szTpmPasswd = (char *)wellKnown; tpm_len = sizeof(wellKnown); } if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if( decodeHexPassword ) { if( Tspi_Policy_SetSecret(hTpmPolicy, TSS_SECRET_MODE_PLAIN, iTpmPasswdLen, pTpmPasswd) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hTpmPolicy, tpm_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) goto out_close; } if (tpmSetStatus(hTpm, TSS_TPMSTATUS_RESETLOCK, bValue) != TSS_SUCCESS) goto out_close; iRc = 0; logSuccess(argv[0]); out_close: contextClose(hContext); out: if (!isWellKnown && szTpmPasswd) shredPasswd(szTpmPasswd); if( pTpmPasswd ) shredByteArray(pTpmPasswd, iTpmPasswdLen); return iRc; }
int main(int argc, char **argv) { TSS_HTPM hTpm; TSS_HNVSTORE nvObject; TSS_FLAG fNvAttrs; TSS_HPOLICY hTpmPolicy, hDataPolicy; int iRc = -1; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; int opswd_len = -1; int dpswd_len = -1; struct option hOpts[] = { {"index" , required_argument, NULL, 'i'}, {"size" , required_argument, NULL, 's'}, {"permissions" , required_argument, NULL, 'p'}, {"pwdo" , optional_argument, NULL, 'o'}, {"pwda" , optional_argument, NULL, 'a'}, {"use-unicode" , no_argument, NULL, 'u'}, {"data-well-known" , no_argument, NULL, 'z'}, {"owner-well-known", no_argument, NULL, 'y'}, {NULL , no_argument, NULL, 0}, }; initIntlSys(); if (genericOptHandler (argc, argv, "i:s:p:o:a:yzu", hOpts, sizeof(hOpts) / sizeof(struct option), parse, help) != 0) goto out; if (end) { iRc = 0; goto out; } if (!nvindex_set) { logError(_("You must provide an index for the NVRAM area.\n")); goto out; } if (nvperm == 0 && (UINT32)nvindex != TPM_NV_INDEX_LOCK && (UINT32)nvindex != TPM_NV_INDEX0) { logError(_("You must provide permission bits for the NVRAM area.\n")); goto out; } logDebug("permissions = 0x%08x\n", nvperm); if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; fNvAttrs = 0; if (contextCreateObject(hContext, TSS_OBJECT_TYPE_NV, fNvAttrs, &nvObject) != TSS_SUCCESS) goto out_close; if (askOwnerPass) { ownerpass = _GETPASSWD(_("Enter owner password: "******"Failed to get owner password\n")); goto out_close; } } if (ownerpass || ownerWellKnown) { if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) goto out_close; if (ownerpass) { if (opswd_len < 0) opswd_len = strlen(ownerpass); if (policySetSecret(hTpmPolicy, opswd_len, (BYTE *)ownerpass) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hTpmPolicy, TCPA_SHA1_160_HASH_LEN, (BYTE *)well_known_secret) != TSS_SUCCESS) goto out_close; } } if (askDataPass) { datapass = _GETPASSWD(_("Enter NVRAM data password: "******"Failed to get NVRAM data password\n")); goto out_close; } } if (datapass || dataWellKnown) { if (contextCreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDataPolicy) != TSS_SUCCESS) goto out_close; if (datapass) { if (dpswd_len < 0) dpswd_len = strlen(datapass); if (policySetSecret(hDataPolicy, dpswd_len, (BYTE *)datapass) != TSS_SUCCESS) goto out_close; } else { if (policySetSecret(hDataPolicy, TCPA_SHA1_160_HASH_LEN, (BYTE *)well_known_secret) != TSS_SUCCESS) goto out_close; } if (Tspi_Policy_AssignToObject(hDataPolicy, nvObject) != TSS_SUCCESS) goto out_close; } if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_INDEX, 0, nvindex) != TSS_SUCCESS) goto out_close_obj; if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_PERMISSIONS, 0, nvperm) != TSS_SUCCESS) goto out_close_obj; if (Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_DATASIZE, 0, nvsize) != TSS_SUCCESS) goto out_close_obj; if (NVDefineSpace(nvObject, (TSS_HPCRS)0, (TSS_HPCRS)0) != TSS_SUCCESS) goto out_close; logMsg(_("Successfully created NVRAM area at index 0x%x (%u).\n"), nvindex, nvindex); iRc = 0; goto out_close; out_close_obj: contextCloseObject(hContext, nvObject); out_close: contextClose(hContext); out: return iRc; }
int main(int argc, char **argv) { TSS_HKEY hSrk, hKey; TSS_HENCDATA hEncdata; TSS_HPOLICY hPolicy; int iRc = -1; struct option opts[] = { {"infile", required_argument, NULL, 'i'}, {"outfile", required_argument, NULL, 'o'}, {"pcr", required_argument, NULL, 'p'}, {"unicode", no_argument, NULL, 'u'}, {"well-known", no_argument, NULL, 'z'} }; unsigned char line[EVP_CIPHER_block_size(EVP_aes_256_cbc()) * 16]; int lineLen; unsigned char encData[sizeof(line) + EVP_CIPHER_block_size(EVP_aes_256_cbc())]; int encDataLen; UINT32 encLen, i; BYTE *encKey; BYTE *randKey = NULL; UINT32 sealKeyLen; BYTE *sealKey; TSS_FLAG keyFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; TSS_HPOLICY hSrkPolicy; char *passwd = NULL; int pswd_len; BYTE wellKnown[TCPA_SHA1_160_HASH_LEN] = TSS_WELL_KNOWN_SECRET; BIO *bin = NULL, *bdata=NULL, *b64=NULL; initIntlSys(); if (genericOptHandler(argc, argv, "i:o:p:uz", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) goto out; if (contextCreate(&hContext) != TSS_SUCCESS) goto out; if (contextConnect(hContext) != TSS_SUCCESS) goto out_close; if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) goto out_close; /* Create a BIO for the input file */ if ((bin = BIO_new(BIO_s_file())) == NULL) { logError(_("Unable to open input BIO\n")); goto out_close; } /* Assign the input file to the BIO */ if (strlen(in_filename) == 0) BIO_set_fp(bin, stdin, BIO_NOCLOSE); else if (!BIO_read_filename(bin, in_filename)) { logError(_("Unable to open input file: %s\n"), in_filename); goto out_close; } /* Create the PCRs object. If any PCRs above 15 are selected, this will need to be * a 1.2 TSS/TPM */ if (selectedPcrsLen) { TSS_FLAG initFlag = 0; UINT32 pcrSize; BYTE *pcrValue; for (i = 0; i < selectedPcrsLen; i++) { if (selectedPcrs[i] > 15) { #ifdef TSS_LIB_IS_12 initFlag |= TSS_PCRS_STRUCT_INFO_LONG; #else logError(_("This version of %s was compiled for a v1.1 TSS, which " "can only seal\n data to PCRs 0-15. PCR %u is out of range" "\n"), argv[0], selectedPcrs[i]); goto out_close; #endif } } if (contextCreateObject(hContext, TSS_OBJECT_TYPE_PCRS, initFlag, &hPcrs) != TSS_SUCCESS) goto out_close; for (i = 0; i < selectedPcrsLen; i++) { if (tpmPcrRead(hTpm, selectedPcrs[i], &pcrSize, &pcrValue) != TSS_SUCCESS) goto out_close; if (pcrcompositeSetPcrValue(hPcrs, selectedPcrs[i], pcrSize, pcrValue) != TSS_SUCCESS) goto out_close; } #ifdef TSS_LIB_IS_12 if (initFlag) { UINT32 localityValue = TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR; if (pcrcompositeSetPcrLocality(hPcrs, localityValue) != TSS_SUCCESS) goto out_close; } #endif } /* Retrieve random data to be used as the symmetric key (this key will encrypt the input file contents) */ if (tpmGetRandom(hTpm, EVP_CIPHER_key_length(EVP_aes_256_cbc()), &randKey) != TSS_SUCCESS) goto out_close; /* Load the SRK and set the SRK policy (no password) */ if (keyLoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSrk) != TSS_SUCCESS) goto out_close; /* Use the context's default policy for the SRK secret */ if (policyGet(hSrk, &hSrkPolicy) != TSS_SUCCESS) goto out_close; /* Prompt for SRK password */ if (!isWellKnown) { passwd = _GETPASSWD(_("Enter SRK password: "******"Failed to get SRK password\n")); goto out_close; } } else { passwd = (char *)wellKnown; pswd_len = sizeof(wellKnown); } if (policySetSecret(hSrkPolicy, (UINT32)pswd_len, (BYTE *)passwd) != TSS_SUCCESS) goto out_close; if (!isWellKnown) shredPasswd(passwd); passwd = NULL; /* Build an RSA key object that will be created by the TPM (this will encrypt and protect the symmetric key) */ if (contextCreateObject (hContext, TSS_OBJECT_TYPE_RSAKEY, keyFlags, &hKey) != TSS_SUCCESS) goto out_close; if (contextCreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolicy) != TSS_SUCCESS) goto out_close; if (policySetSecret(hPolicy, strlen(TPMSEAL_SECRET), (BYTE *)TPMSEAL_SECRET) != TSS_SUCCESS) goto out_close; if (policyAssign(hPolicy, hKey) != TSS_SUCCESS) goto out_close; /* Create the RSA key (under the SRK) */ if (keyCreateKey(hKey, hSrk, NULL_HPCRS) != TSS_SUCCESS) goto out_close; /* Load the newly created RSA key */ if (keyLoadKey(hKey, hSrk) != TSS_SUCCESS) goto out_close; /* Build an encrypted data object that will hold the encrypted version of the symmetric key */ if (contextCreateObject (hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncdata) != TSS_SUCCESS) goto out_close; if (contextCreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolicy) != TSS_SUCCESS) goto out_close; if (policySetSecret(hPolicy, strlen(TPMSEAL_SECRET), (BYTE *)TPMSEAL_SECRET) != TSS_SUCCESS) goto out_close; if (policyAssign(hPolicy, hEncdata) != TSS_SUCCESS) goto out_close; /* Encrypt and seal the symmetric key */ if (dataSeal (hEncdata, hKey, EVP_CIPHER_key_length(EVP_aes_256_cbc()), randKey, hPcrs) != TSS_SUCCESS) goto out_close; if (getAttribData(hEncdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &encLen, &encKey) != TSS_SUCCESS) goto out_close; if (getAttribData (hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &sealKeyLen, &sealKey) != TSS_SUCCESS) goto out_close; /* Create a BIO to perform base64 encoding */ if ((b64 = BIO_new(BIO_f_base64())) == NULL) { logError(_("Unable to open base64 BIO\n")); goto out_close; } /* Create a BIO for the output file */ if ((bdata = BIO_new(BIO_s_file())) == NULL) { logError(_("Unable to open output BIO\n")); goto out_close; } /* Assign the output file to the BIO */ if (strlen(out_filename) == 0) BIO_set_fp(bdata, stdout, BIO_NOCLOSE); else if (BIO_write_filename(bdata, out_filename) <= 0) { logError(_("Unable to open output file: %s\n"), out_filename); goto out_close; } /* Output the sealed data header string */ BIO_puts(bdata, TPMSEAL_HDR_STRING); /* Sealing key used on the TPM */ BIO_puts(bdata, TPMSEAL_TSS_STRING); bdata = BIO_push(b64, bdata); BIO_write(bdata, sealKey, sealKeyLen); if (BIO_flush(bdata) != 1) { logError(_("Unable to flush output\n")); goto out_close; } bdata = BIO_pop(b64); /* Sealed EVP Symmetric Key */ BIO_puts(bdata, TPMSEAL_EVP_STRING); BIO_puts(bdata, TPMSEAL_KEYTYPE_SYM); BIO_puts(bdata, TPMSEAL_CIPHER_AES256CBC); bdata = BIO_push(b64, bdata); BIO_write(bdata, encKey, encLen); if (BIO_flush(bdata) != 1) { logError(_("Unable to flush output\n")); goto out_close; } bdata = BIO_pop(b64); /* Encrypted Data */ BIO_puts(bdata, TPMSEAL_ENC_STRING); bdata = BIO_push(b64, bdata); EVP_CIPHER_CTX ctx; EVP_EncryptInit(&ctx, EVP_aes_256_cbc(), randKey, (unsigned char *)TPMSEAL_IV); while ((lineLen = BIO_read(bin, line, sizeof(line))) > 0) { EVP_EncryptUpdate(&ctx, encData, &encDataLen, line, lineLen); BIO_write(bdata, encData, encDataLen); } EVP_EncryptFinal(&ctx, encData, &encDataLen); BIO_write(bdata, encData, encDataLen); if (BIO_flush(bdata) != 1) { logError(_("Unable to flush output\n")); goto out_close; } bdata = BIO_pop(b64); BIO_puts( bdata, TPMSEAL_FTR_STRING); iRc = 0; logSuccess(argv[0]); out_close: contextClose(hContext); out: if (bin) BIO_free(bin); if (bdata) BIO_free(bdata); if (b64) BIO_free(b64); return iRc; }