//---------------------------------------------------------------------- // Performs a Compute Next SHA-256 calculation given the provided 32-bytes // of binding data and 8 byte partial secret. The first 8 bytes of the // resulting MAC is set as the new secret. // // 'binding' - 32 byte buffer containing the binding data // 'partial' - 8 byte buffer with new partial secret // 'page_num' - page number that the compute is calculated on // 'manid' - manufacturer ID // // Globals used : secret used in calculation and set to new secret // // Returns: TRUE if compute successful // FALSE failed to do compute // int calculate_nextsecret256(uchar* binding, uchar* partial, int page_num, uchar* manid) { uchar MT[128]; uchar MAC[64]; // clear memset(MT,0,128); // insert page data memcpy(&MT[0],binding,32); // insert challenge memcpy(&MT[32],partial,32); // insert ROM number or FF memcpy(&MT[96],rom_no,8); MT[106] = page_num; MT[105] = manid[0]; MT[104] = manid[1]; compute_mac256(MT, 119, MAC); // set the new secret to the first 32 bytes of MAC set_secret(MAC); return TRUE; }
int main_v1_1( void ) { char *function = "Tspi_Context_LoadKeyByBlob04"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hSigningKey, hBindingKey; TSS_HPOLICY hPolicy; TSS_RESULT result; UINT32 exitCode, attrib; TSS_FLAG initFlags; BYTE *signBlob, *bindBlob; UINT32 signBlobLen, bindBlobLen; print_begin_test( function ); // Create Context if ((result = connect_load_srk(&hContext, &hSRK))) { print_error( "connect_load_srk", result ); exit( result ); } // create a no-auth, signing key initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION; if ((result = create_load_key(hContext, initFlags, hSRK, &hSigningKey))) { print_error( "create_load_key(Signing Key)", result ); Tspi_Context_Close( hContext ); exit( result ); } print_success("Signing key created successfully", TSS_SUCCESS); // get blob result = Tspi_GetAttribData( hSigningKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &signBlobLen, &signBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_Close( hContext ); exit( result ); } // create a auth, binding key initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_AUTHORIZATION; if ((result = create_load_key(hContext, initFlags, hSRK, &hBindingKey))) { print_error( "create_load_key(Binding Key)", result ); Tspi_Context_Close( hContext ); exit( result ); } print_success("Binding key created successfully", TSS_SUCCESS); // get blob result = Tspi_GetAttribData( hBindingKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &bindBlobLen, &bindBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs before we close the context if ((result = verify_sign_attribs(hSigningKey))) { print_error( "verify_sign_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs before we close the context if ((result = verify_bind_attribs(hBindingKey))) { print_error( "verify_bind_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // close context, to get rid of all context state if ((result = Tspi_Context_Close(hContext))) { print_error( "Tspi_Context_Close", result ); exit( result ); } // re-connect if ((result = connect_load_srk(&hContext, &hSRK))) { print_error( "connect_load_srk", result ); Tspi_Context_Close( hContext ); exit( result ); } // Load both Keys by blob if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, signBlobLen, signBlob, &hSigningKey ))) { print_error( "Tspi_Context_LoadKeyByBlob", result ); Tspi_Context_Close( hContext ); exit( result ); } if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, bindBlobLen, bindBlob, &hBindingKey ))) { print_error( "Tspi_Context_LoadKeyByBlob", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs after we've re-loaded by blob if ((result = verify_sign_attribs(hSigningKey))) { print_error( "verify_sign_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs after we've re-loaded by blob if ((result = verify_bind_attribs(hBindingKey))) { print_error( "verify_bind_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // Do a sign/verify test if ((result = sign_and_verify(hContext, hSigningKey))) { print_error( "sign_and_verify", result ); Tspi_Context_Close( hContext ); exit( result ); } // Do a bind/unbind test result = bind_and_unbind(hContext, hBindingKey); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_verifyerr("bind and unbind", TSS_E_POLICY_NO_SECRET, result); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } // set up policies if ((result = set_secret(hContext, hBindingKey, &hPolicy))) { print_error("set_secret", result); Tspi_Context_Close( hContext ); exit( result ); } if ((result = bind_and_unbind(hContext, hBindingKey))) { print_error( "bind_and_unbind", result ); Tspi_Context_Close( hContext ); exit( result ); } exitCode = 0; print_success(function, TSS_SUCCESS); print_end_test( function ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main_v1_1(void) { TSS_RESULT result; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HCONTEXT hContext; TSS_HENCDATA hEncData; TSS_HPOLICY hEncPolicy; UINT32 ulEncDataLen, ulDataUnsealedLen; BYTE *rgbDataUnsealed, *dataBuf; int i, exitCode; FILE *fEncData = NULL; char *file_name = "sealedData"; BYTE *rgbDataToSeal = "0123456789ABCDEF0123456789ABCDEF"; UINT32 ulDataToSealLen = 32; // load Context, SRK, TPM result = connect_load_all(&hContext, &hSRK, &hTPM); if (result) { printf("connect_load_all failed\n"); return result; } // Create Encrypted Data Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); if (TSS_SUCCESS != result) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = set_secret(hContext, hEncData, &hEncPolicy); if (result) { printf("set_secret failed\n"); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } fEncData = fopen(file_name, "rb"); if (!fEncData) { printf("open %s failed\n", file_name); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(-1); } // Get file size fseek(fEncData, 0L, SEEK_END); ulEncDataLen = ftell(fEncData); fseek(fEncData, 0L, SEEK_SET); dataBuf = malloc(ulEncDataLen); if (fread(dataBuf, 1, ulEncDataLen, fEncData) != ulEncDataLen) { printf("fread failed\n"); free(dataBuf); fclose(fEncData); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(-1); } fclose(fEncData); printf("Sealed data:\n"); print_hex(dataBuf, ulEncDataLen); result = Tspi_SetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, ulEncDataLen, dataBuf); if (TSS_SUCCESS != result) { print_error("Tspi_SetAttribData", result); free(dataBuf); dataBuf = NULL; Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } free(dataBuf); dataBuf = NULL; result = Tspi_Data_Unseal(hEncData, hSRK, &ulDataUnsealedLen, &rgbDataUnsealed); if (TSS_SUCCESS != result) { print_error("Tspi_Data_Unseal", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } printf("Unsealed Data:\n"); print_hex(rgbDataUnsealed, ulDataUnsealedLen); if (ulDataUnsealedLen != ulDataToSealLen || memcmp(rgbDataToSeal, rgbDataUnsealed, ulDataToSealLen)) { printf("\nFailed\n"); } else { printf("\nSuccess\n"); } Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return 0; }
int main(int argc, char **argv) { #define BUF_LEN (1024*1024) #define KEY_SIZE 64 TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HPOLICY hPolicy; TSS_HTPM hTPM; TSS_HENCDATA hEncData; TSS_HPCRS hPcrs; UINT32 u32PcrValLen, u32EncDataLen; BYTE *rgbPcrVal, *rgbEncData; BYTE *random; FILE *fpIn = NULL, *fpOut = NULL; int len, size; char *pBufIn = NULL, *pBufOut = NULL; unsigned int salt[] = {12345, 54321}; EVP_CIPHER_CTX en; TSS_UUID UUID_K1 = {0, 0, 0, 0, 0, {8, 0, 0, 0, 0, 1}} ; if (argc < 3) { usage(argv[0]); return 0; } result = Tspi_Context_Create(&hContext); if (TSS_SUCCESS != result) { print_error("Tspi_Context_Create", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (TSS_SUCCESS != result) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (TSS_SUCCESS != result) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (TSS_SUCCESS != result) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_Close(hContext); return result; } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hPolicy); if (TSS_SUCCESS != result) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (TSS_SUCCESS != result) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); return result; } #endif // #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0, &hPcrs); if (TSS_SUCCESS != result) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); if (TSS_SUCCESS != result) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); return result; } result = set_secret(hContext, hEncData, &hPolicy); if (TSS_SUCCESS != result) { print_error("set_secret", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, UUID_K1, &hKey); if (TSS_SUCCESS != result) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_Close(hContext); return -1; } result = set_popup_secret(hContext, hKey, TSS_POLICY_USAGE, "Input K1's Pin\n", 0); if (TSS_SUCCESS != result) { print_error("set_popup_secret", result); Tspi_Context_Close(hContext); return result; } /*result = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hPolicy); if (TSS_SUCCESS != result) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (TSS_SUCCESS != result) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); return result; }*/ result = Tspi_TPM_GetRandom(hTPM, KEY_SIZE, &random); if (TSS_SUCCESS != result) { print_error("Tspi_TPM_GetRandom", result); Tspi_Context_Close(hContext); return result; } result = Tspi_TPM_PcrRead(hTPM, 15, &u32PcrValLen, &rgbPcrVal); if (TSS_SUCCESS != result) { print_error("Tspi_TPM_PcrRead", result); Tspi_Context_Close(hContext); return result; } result = Tspi_PcrComposite_SetPcrValue(hPcrs, 15, u32PcrValLen, rgbPcrVal); if (TSS_SUCCESS != result) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Data_Seal(hEncData, hKey, KEY_SIZE, random, hPcrs); if (TSS_SUCCESS != result) { print_error("Tspi_Data_Seal", result); Tspi_Context_Close(hContext); return result; } result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &u32EncDataLen, &rgbEncData); if (TSS_SUCCESS != result) { print_error("Tspi_GetAttribData", result); Tspi_Context_Close(hContext); return result; } fpIn = fopen(argv[1], "rb"); if (!fpIn) { printf("open file: %s failed\n", argv[1]); Tspi_Context_Close(hContext); return result; } fseek(fpIn, 0, SEEK_END); size = ftell(fpIn); if (size > BUF_LEN) { printf("file is more than 1MB, too big !\n"); Tspi_Context_Close(hContext); fclose(fpIn); return -1; } pBufIn = malloc(size); if (!pBufIn) { printf("No Memmory\n"); Tspi_Context_Close(hContext); } fseek(fpIn, 0, SEEK_SET); len = fread(pBufIn, 1, size, fpIn); if (len != size) { printf("fread error"); Tspi_Context_Close(hContext); fclose(fpIn); return -1; } fclose(fpIn); if (aes_init(random, KEY_SIZE, (unsigned char *)&salt, &en)) { printf("aes_init failed\n"); Tspi_Context_Close(hContext); free(pBufIn); return -1; } pBufOut = aes_encrypt(&en, pBufIn, &size); fpOut = fopen(argv[2], "wb"); if (!fpOut) { printf("open file: %s failed\n", argv[2]); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); return -1; } len = fwrite(&u32EncDataLen, 1, sizeof(UINT32), fpOut); if (sizeof(UINT32) != len) { printf("fwrite u32EncDataLen failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } len = fwrite(rgbEncData, 1, u32EncDataLen, fpOut); if (len != u32EncDataLen) { printf("fwrite rgbEncData failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } len = fwrite(&size, 1, sizeof(int), fpOut); if (len != sizeof(int)) { printf("fwrite failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } len = fwrite(pBufOut, 1, size, fpOut); if (len != size) { printf("fwrite failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } fclose(fpOut); free(pBufIn); free(pBufOut); Tspi_Context_Close(hContext); return 0; }
int main_v1_1( void ) { char *function = "Tspi_Data_Unseal04"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HKEY hSRK, hAuthKey, hNoAuthKey; TSS_HPOLICY hAuthKeyPolicy, hAuthEncDataPolicy; BYTE *rgbPcrValue; UINT32 ulPcrLen; TSS_HENCDATA hNoAuthEncData, hAuthEncData; BYTE *prgbDataToUnseal; TSS_HPCRS hPcrs, hNullPcrs = 0; UINT32 BlobLength; TSS_RESULT result; TSS_FLAG initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NOT_MIGRATABLE; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_srk", result ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags | TSS_KEY_NO_AUTHORIZATION, &hNoAuthKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags | TSS_KEY_AUTHORIZATION, &hAuthKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hNoAuthEncData ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hAuthEncData ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } result = set_secret(hContext, hAuthKey, NULL); if ( result != TSS_SUCCESS ) { print_error( "set_secret", result ); Tspi_Context_Close( hContext ); exit( result ); } result = set_secret(hContext, hAuthEncData, NULL); if ( result != TSS_SUCCESS ) { print_error( "set_secret", result ); Tspi_Context_Close( hContext ); exit( result ); } // Create the auth key result = Tspi_Key_CreateKey( hAuthKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_LoadKey( hAuthKey, hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_LoadKey", result ); Tspi_Context_Close( hContext ); exit( result ); } // Create the noauth key result = Tspi_Key_CreateKey( hNoAuthKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_LoadKey( hNoAuthKey, hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_LoadKey", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0, &hPcrs ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); Tspi_Context_Close( hContext ); exit( result ); } #define PCR_NUM 5 result = Tspi_TPM_PcrRead( hTPM, PCR_NUM, &ulPcrLen, &rgbPcrValue ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_PcrRead", result ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrValue( hPcrs, PCR_NUM, ulPcrLen, rgbPcrValue ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrValue", result ); Tspi_Context_Close( hContext ); exit( result ); } /* Now the setup is done, run through several different tests: * * Test# Key Auth? EncData Auth? Pcr Value Set? * * 1 * 2 X * 3 X * 4 X X * 5 X * 6 X X * 7 X X * 8 X X X */ /* test 1 */ result = seal_and_unseal(hContext, hNoAuthKey, hNoAuthEncData, hNullPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 1", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 1", result ); /* test 2 */ result = seal_and_unseal(hContext, hNoAuthKey, hNoAuthEncData, hPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 2", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 2", result ); /* test 3 */ result = seal_and_unseal(hContext, hNoAuthKey, hAuthEncData, hNullPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 3", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 3", result ); /* test 4 */ result = seal_and_unseal(hContext, hNoAuthKey, hAuthEncData, hPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 4", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 4", result ); /* test 5 */ result = seal_and_unseal(hContext, hAuthKey, hNoAuthEncData, hNullPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 5", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 5", result ); /* test 6 */ result = seal_and_unseal(hContext, hAuthKey, hNoAuthEncData, hPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 6", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 6", result ); /* test 7 */ result = seal_and_unseal(hContext, hAuthKey, hAuthEncData, hNullPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 7", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 7", result ); /* test 8 */ result = seal_and_unseal(hContext, hAuthKey, hAuthEncData, hPcrs); if ( result != TSS_SUCCESS ) { print_error("Test 8", result ); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } print_success( "Test 8", result ); print_success( function, result ); print_end_test( function ); Tspi_Context_Close( hContext ); exit( result ); }