libhis_getkeyblob() { //set default values init_key_size = TSS_KEY_SIZE_DEFAULT; init_key_type = TSS_KEY_TYPE_DEFAULT; init_key_authorized = TSS_KEY_AUTHORIZATION; init_key_migratable = TSS_KEY_NOT_MIGRATABLE; init_key_volatile = TSS_KEY_VOLATILE; binitialized = false; //create a context object result = Tspi_Context_Create(&hcontext); if(result != TSS_SUCCESS) throw libhis_exception("Create Context", result); //create an SRK object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); //Create SRK policy result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); //Create key policy result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); }
libhis_changeownership() { //create a context object result = Tspi_Context_Create(&hcontext); if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); //Create TPM policy result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); //Create new policy result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result); }
/*ARGSUSED*/ int cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]) { TSS_RESULT ret; TSS_HPOLICY hNewPolicy; if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP, gettext("= TPM owner passphrase ="), 0, NULL)) return (ERR_FAIL); /* policy object for new passphrase */ ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hNewPolicy); if (ret) { print_error(ret, gettext("Create policy object")); return (ERR_FAIL); } if (set_policy_options(hNewPolicy, TSS_SECRET_MODE_POPUP, gettext("= New TPM owner passphrase ="), 0, NULL)) return (ERR_FAIL); ret = Tspi_ChangeAuth(hTPM, NULL, hNewPolicy); if (ret && ret != TSP_ERROR(TSS_E_POLICY_NO_SECRET)) { print_error(ret, gettext("Change authorization")); return (ERR_FAIL); } return (0); }
/*ARGSUSED*/ int cmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]) { TSS_RESULT ret; TSS_HOBJECT hKeySRK; if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP, gettext("= TPM owner passphrase ="), 0, NULL)) return (ERR_FAIL); ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK | TSS_KEY_AUTHORIZATION, &hKeySRK); if (ret) { print_error(ret, gettext("Create storage root key")); return (ERR_FAIL); } if (set_object_policy(hKeySRK, TSS_SECRET_MODE_SHA1, NULL, sizeof (well_known), well_known)) return (ERR_FAIL); ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL); if (ret == TPM_E_NO_ENDORSEMENT) { if (createek(hContext, hTPM)) return (ERR_FAIL); ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL); } if (ret) { print_error(ret, gettext("Take ownership")); return (ERR_FAIL); } return (0); }
static int tpm_create_srk_policy(void *secret) { TSS_RESULT result; UINT32 secret_len; if (secret_mode == TSS_SECRET_MODE_SHA1) secret_len = SHA_DIGEST_LENGTH; else { secret_len = (secret == NULL) ? 0 : strlen((char *)secret); DBG("Using SRK secret = %s", (BYTE *)secret); } if (hSRKPolicy == NULL_HPOLICY) { DBG("Creating SRK policy"); if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hSRKPolicy))) { TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, TPM_R_REQUEST_FAILED); return 0; } } if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode, secret_len, (BYTE *)secret))) { TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, TPM_R_REQUEST_FAILED); return 0; } return 1; }
void initbind(unsigned int in_size) { //set the type init_key_type = TSS_KEY_TYPE_BIND; //set the key size if(in_size == 0) init_key_size = TSS_KEY_SIZE_DEFAULT; else if(in_size == 512) init_key_size = TSS_KEY_SIZE_512; else if(in_size == 1024) init_key_size = TSS_KEY_SIZE_1024; else if(in_size == 2048) init_key_size = TSS_KEY_SIZE_2048; else if(in_size == 4096) init_key_size = TSS_KEY_SIZE_4096; else if(in_size == 8192) init_key_size = TSS_KEY_SIZE_8192; else if(in_size == 16384) init_key_size = TSS_KEY_SIZE_16384; else throw libhis_exception("Invalid key size", 400); //combine the init flags init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; //Create key object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); binitialized = true; }
TPW_RESULT create_key(TSS_HCONTEXT tss_context, TSS_FLAG aflags, TSS_HKEY *user_key, TSS_HKEY p_key, char *auth, int authlen) { TSS_RESULT result; TSS_HPOLICY policy; if(!authlen) aflags |= TSS_KEY_NO_AUTHORIZATION; else aflags |= TSS_KEY_AUTHORIZATION; result = Tspi_Context_CreateObject(tss_context, TSS_OBJECT_TYPE_RSAKEY, aflags, user_key); if(TSS_SUCCESS != result) { Log_Text("create_key", TPW_KEY_ERROR); return TPW_KEY_ERROR; } if(authlen) { result = Tspi_Context_CreateObject(tss_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &policy); result = policySetSecret(policy, authlen, auth); if(TSS_SUCCESS != result) { Log_Text("setPolicy_in_create_key", TPW_POLICY_ERROR); return TPW_POLICY_ERROR; } result = policyAssign(policy, *user_key); if(TSS_SUCCESS != result) { Log_Text("assignPolicy_in_create_key", TPW_POLICY_ERROR); return TPW_KEY_ERROR; } } result = keyCreateKey(*user_key, p_key, 0); if(TSS_SUCCESS != result) { Log_Text("Create_in_create_key", TPW_KEY_ERROR); return TPW_KEY_ERROR; } return TPW_SUCCESS; }
/* create and store keys with the uuids in the @uuids parameter. Unregister * any keys in the PS that are already stored. hParentKey should already be * loaded and will become the parent of the key stored with uuids[0] */ TSS_RESULT store_keys(TSS_HCONTEXT hContext, TSS_HKEY hParentKey, TSS_UUID *uuidParent0, TSS_UUID **uuids) { int i; TSS_RESULT result; TSS_UUID *uuidParent; TSS_HKEY hKey; TSS_FLAG initFlags; for (i = 0; uuids[i]; i++) { /* unregister any keys in the PS that are in the way */ if ((result = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, *uuids[i], &hKey)) && (TSS_ERROR_CODE(result) != TSS_E_PS_KEY_NOTFOUND)) { print_error("Tspi_Context_UnregisterKey", result); return result; } } initFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE | TSS_KEY_NO_AUTHORIZATION; uuidParent = uuidParent0; for (i = 0; uuids[i]; i++) { /* create the keys and register them */ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); return result; } if ((result = Tspi_Key_CreateKey(hKey, hParentKey, 0))) { print_error("Tspi_Key_CreateKey", result); return result; } /* load key so that the child can be created */ if ((result = Tspi_Key_LoadKey(hKey, hParentKey))) { print_error("Tspi_Key_LoadKey", result); return result; } /* register the new key */ if ((result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM, *uuids[i], TSS_PS_TYPE_SYSTEM, *uuidParent))) { print_error("Tspi_Context_RegisterKey", result); return result; } hParentKey = hKey; uuidParent = uuids[i]; } return TSS_SUCCESS; }
int main_v1_1(void){ char *nameOfFunction = "Tspi_Context_CreateObject02"; TSS_HCONTEXT hContext; TSS_HKEY hSignatureKey; TSS_RESULT result; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect ", result); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING | TSS_KEY_MIGRATABLE, &hSignatureKey); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_OBJECT_INITFLAG){ if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hSignatureKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hSignatureKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hSignatureKey); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_1(void) { char *function = "Tspi_Hash_GetHashValue04"; TSS_HCONTEXT hContext; TSS_HHASH hHash; UINT32 ulHashValueLength, exitCode = 0; BYTE *rgbHashValue, hashBuf[20]; TSS_RESULT result; print_begin_test(function); // Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } // Connect to Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hash)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &ulHashValueLength, &rgbHashValue); if (TSS_ERROR_CODE(result) != TSS_E_HASH_NO_DATA) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } exitCode = result; } else { print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(exitCode); }
void tc_create_object(TSS_HCONTEXT hContext, UINT32 type, UINT32 flags, TSS_HOBJECT *hObject) { TSS_RESULT result; //Create Object result = Tspi_Context_CreateObject(hContext, type, flags, hObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } }
void initidentity() { //set the type init_key_type = TSS_KEY_TYPE_IDENTITY; //set the key size init_key_size = TSS_KEY_SIZE_DEFAULT; //combine the init flags init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; //Create key object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); binitialized = true; }
static int tpm_sign_fn(gnutls_privkey_t key, void *_s, const gnutls_datum_t * data, gnutls_datum_t * sig) { struct tpm_ctx_st *s = _s; TSS_HHASH hash; int err; _gnutls_debug_log("TPM sign function called for %u bytes.\n", data->size); err = Tspi_Context_CreateObject(s->tpm_ctx, TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER, &hash); if (err) { gnutls_assert(); _gnutls_debug_log("Failed to create TPM hash object: %s\n", Trspi_Error_String(err)); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_SetHashValue(hash, data->size, data->data); if (err) { gnutls_assert(); _gnutls_debug_log ("Failed to set value in TPM hash object: %s\n", Trspi_Error_String(err)); Tspi_Context_CloseObject(s->tpm_ctx, hash); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_Sign(hash, s->tpm_key, &sig->size, &sig->data); Tspi_Context_CloseObject(s->tpm_ctx, hash); if (err) { if (s->tpm_key_policy || err != TPM_E_AUTHFAIL) _gnutls_debug_log ("TPM hash signature failed: %s\n", Trspi_Error_String(err)); if (err == TPM_E_AUTHFAIL) return GNUTLS_E_TPM_KEY_PASSWORD_ERROR; else return GNUTLS_E_PK_SIGN_FAILED; } return 0; }
static int tpm_sign_fn(gnutls_privkey_t key, void *_vpninfo, const gnutls_datum_t *data, gnutls_datum_t *sig) { struct openconnect_info *vpninfo = _vpninfo; TSS_HHASH hash; int err; vpn_progress(vpninfo, PRG_TRACE, _("TPM sign function called for %d bytes.\n"), data->size); err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER, &hash); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create TPM hash object: %s\n"), Trspi_Error_String(err)); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_SetHashValue(hash, data->size, data->data); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set value in TPM hash object: %s\n"), Trspi_Error_String(err)); Tspi_Context_CloseObject(vpninfo->tpm_context, hash); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_Sign(hash, vpninfo->tpm_key, &sig->size, &sig->data); Tspi_Context_CloseObject(vpninfo->tpm_context, hash); if (err) { if (vpninfo->tpm_key_policy || err != TPM_E_AUTHFAIL) vpn_progress(vpninfo, PRG_ERR, _("TPM hash signature failed: %s\n"), Trspi_Error_String(err)); if (err == TPM_E_AUTHFAIL) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; else return GNUTLS_E_PK_SIGN_FAILED; } return 0; }
static int createek(TSS_HCONTEXT hContext, TSS_HTPM hTPM) { TSS_RESULT ret; TSS_HOBJECT hKeyEK; TSS_VALIDATION ValidationData; TPM_NONCE nonce; TPM_DIGEST digest; /* Create the empty key struct for EK */ ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, (TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NON_VOLATILE | TSS_KEY_NOT_MIGRATABLE | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_NOT_CERTIFIED_MIGRATABLE | TSS_KEY_STRUCT_KEY12 | TSS_KEY_EMPTY_KEY), &hKeyEK); if (ret) { print_error(ret, gettext("Create endorsement key object")); return (ERR_FAIL); } ValidationData.ulExternalDataLength = sizeof (nonce); ValidationData.rgbExternalData = (BYTE *) &nonce; ret = get_random(sizeof (nonce), (BYTE *) &nonce); if (ret) return (ERR_FAIL); ValidationData.ulValidationDataLength = sizeof (digest); ValidationData.rgbValidationData = (BYTE *) &digest; ret = Tspi_TPM_CreateEndorsementKey(hTPM, hKeyEK, &ValidationData); if (ret) { print_error(ret, gettext("Create endorsement key")); return (ERR_FAIL); } return (0); }
int main(int argc, char ** argv) { FILE * file; size_t res; rom_hdr_t hdr; TSS_RESULT result; char pathrom[256] = ""; TSS_HKEY hSRK; TSS_HPOLICY pSRK; TSS_HKEY hKey; BYTE * pubInfo; UINT32 pubInfoSize; int i; for(i = 1 ; i < argc ; i++) { if(strncmp("-f", argv[i], sizeof("-f")) == 0) { if(i + 1 >= argc) { usage(); return 1; } snprintf(pathrom, sizeof(pathrom), "%s", argv[i + 1]); pathrom[sizeof(pathrom) - 1] = 0; i++; } else { usage(); return 1; } } if(pathrom[0] == 0) { char * home=getenv("HOME"); if(home == NULL) { fprintf(stderr, "No $HOME environment variable defined\n"); return 1; } snprintf(pathrom, sizeof(pathrom), "%s/.dtex/rom.bin", home); pathrom[sizeof(pathrom) - 1] = 0; } file = fopen(pathrom, "rb"); if(file == NULL) { fprintf(stderr, "Can't open rom file\n"); return 1; } res = fread(&hdr, sizeof(hdr), 1, file); if(res != 1) { fprintf(stderr, "Can't read rom file\n"); fclose(file); return 1; } fclose(file); //Creation of the TSS Context result = Tspi_Context_Create(&hContext); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_Create", result); res = 1; goto err; } //Connection to the TSS Context result = Tspi_Context_Connect(hContext, NULL); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_Connext", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); res = 1; goto err; } // Create object key in order to put the public key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_EMPTY_KEY, &hKey); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_LoadKeyByBlob", result); res = 1; goto err; } result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, hdr.tpmsignkey_size, hdr.tpmsignkey_blob); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_SetAttribData", result); res = 1; goto err; } result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &pubInfoSize, &pubInfo); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_GetAttribData", result); res = 1; goto err; } if(fwrite(pubInfo, pubInfoSize, 1, stdout) != 1) { fprintf(stderr, "Write error\n"); res = 1; goto err; } result = Tspi_Context_FreeMemory(hContext, pubInfo); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_FreeMemory", result); res = 1; goto err; } res = 0; err: //Close TSS session Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return res; }
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig) { static const TSS_UUID SRK_UUID = TSS_UUID_SRK; gnutls_datum_t asn1; unsigned int tss_len; char *pass; int ofs, err; err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Error decoding TSS key blob: %s\n"), gnutls_strerror(err)); return -EINVAL; } /* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */ if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = asn1.data[1]; ofs = 2; if (tss_len & 0x80) { int lenlen = tss_len & 0x7f; if (asn1.size < 2 + lenlen || lenlen > 3) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = 0; while (lenlen) { tss_len <<= 8; tss_len |= asn1.data[ofs++]; lenlen--; } } if (tss_len + ofs != asn1.size) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } err = Tspi_Context_Create(&vpninfo->tpm_context); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create TPM context: %s\n"), Trspi_Error_String(err)); goto out_blob; } err = Tspi_Context_Connect(vpninfo->tpm_context, NULL); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to connect TPM context: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM, SRK_UUID, &vpninfo->srk); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK key: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK policy object: %s\n"), Trspi_Error_String(err)); goto out_srk; } pass = vpninfo->cert_password; vpninfo->cert_password = NULL; while (1) { static const char nullpass[20]; /* We don't seem to get the error here... */ if (pass) err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (BYTE *)pass); else /* Well-known NULL key */ err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_SHA1, sizeof(nullpass), (BYTE *)nullpass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM PIN: %s\n"), Trspi_Error_String(err)); goto out_srkpol; } free(pass); /* ... we get it here instead. */ err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk, tss_len, asn1.data + ofs, &vpninfo->tpm_key); if (!err) break; if (pass) vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM key blob: %s\n"), Trspi_Error_String(err)); if (err != TPM_E_AUTHFAIL) goto out_srkpol; err = request_passphrase(vpninfo, "openconnect_tpm_srk", &pass, _("Enter TPM SRK PIN:")); if (err) goto out_srkpol; } #ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY gnutls_privkey_init(pkey); /* This would be nicer if there was a destructor callback. I could allocate a data structure with the TPM handles and the vpninfo pointer, and destroy that properly when the key is destroyed. */ gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0); #else *pkey = OPENCONNECT_TPM_PKEY; #endif retry_sign: err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig); if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) { if (!vpninfo->tpm_key_policy) { err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &vpninfo->tpm_key_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create key policy object: %s\n"), Trspi_Error_String(err)); goto out_key; } err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy, vpninfo->tpm_key); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to assign policy to key: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } } err = request_passphrase(vpninfo, "openconnect_tpm_key", &pass, _("Enter TPM key PIN:")); if (err) goto out_key_policy; err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (void *)pass); free (pass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set key PIN: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } goto retry_sign; } free (asn1.data); return 0; out_key_policy: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy); vpninfo->tpm_key_policy = 0; out_key: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key); vpninfo->tpm_key = 0; out_srkpol: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy); vpninfo->srk_policy = 0; out_srk: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk); vpninfo->srk = 0; out_context: Tspi_Context_Close(vpninfo->tpm_context); vpninfo->tpm_context = 0; out_blob: free (asn1.data); return -EIO; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }
int main_v1_2(char version) { char *function = "Tspi_Data_Unbind-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hKey, hWrappingKey; TSS_HPOLICY hSrkPolicy; BYTE *prgbDataToUnBind; TSS_HENCDATA hEncData; UINT32 pulDataLength; BYTE rgbDataToBind[32] = { 0, 1, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 }; UINT32 ulDataLength = 32; TSS_UUID uuid; TSS_RESULT result; TSS_HTPM hTPM; TSS_FLAG initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(function); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } // create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hEncData); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hEncData)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Load the newly created key result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Key_LoadKey", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Data_Bind(hEncData, hKey, ulDataLength, rgbDataToBind); if (result != TSS_SUCCESS) { print_error("Tspi_Data_Bind", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Data_Unbind(hEncData, hKey, &pulDataLength, &prgbDataToUnBind); if (result != TSS_SUCCESS) { print_error("Tspi_Data_Unbind", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result != TSS_SUCCESS) { if (!(checkNonAPI(result))) print_error(function, result); else print_error_nonapi(function, result); } else { result = Tspi_Context_FreeMemory(hContext, prgbDataToUnBind); if (result != TSS_SUCCESS) { print_error("Tspi_Context_FreeMemory ", result); Tspi_Context_Close(hContext); exit(result); } print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); }
main_v1_1(void){ char *nameOfFunction = "Tspi_Key_LoadKey01"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_UUID uuid; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #endif //Create Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_Create Key", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key (hKey) result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS){ if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
main_v1_1(void){ char *nameOfFunction = "Tspi_Key_CreateMigrationBlob03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hKey; UINT32 TargetPubKeyLength; BYTE *TargetPublicKeyData; BYTE *MigTicket; UINT32 TicketLength; BYTE *randomData; UINT32 randomLength; UINT32 migBlobLength; BYTE *migBlob; UINT32 blobLength; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID for hSRK", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } #endif //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Signing Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); Tspi_Context_CloseObject(hContext, hKey); exit(result); } //Authorize Migration Ticket result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hKey, TSS_MS_REWRAP, &TicketLength, &MigTicket); if (result != TSS_SUCCESS) { print_error("Tpsi_TPM_AuthorizeMigrationTicket ", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); Tspi_Context_CloseObject(hContext, hKey); exit(result); } //Create Migration Blob result = Tspi_Key_CreateMigrationBlob(-1, hSRK, TicketLength, MigTicket, &randomLength, &randomData, &migBlobLength, &migBlob); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_2(char version) { char *function = "Tspi_PcrComposite_GetPcrLocality01"; TSS_HCONTEXT hContext; TSS_HPCRS hPcrComposite; TSS_RESULT result; UINT32 pLocalityValue; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_error_exit( function, err_string(result) ); exit( result ); } // create object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hPcrComposite)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_GetPcrLocality( hPcrComposite, &pLocalityValue ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit(result); } else { print_error_nonapi( function, result ); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit(result); } } else { print_success( function, result ); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); } }
int main_v1_2( char version ) { char *function = "Tspi_GetAttribData21"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HPOLICY hSrkPolicy; BYTE *rgbDataToSeal = "This is a test"; BYTE rgbPcrValue[20]; TSS_HPCRS hPcrComposite; UINT32 AttribDataSize; BYTE* AttribData; UINT32 ulDataLength = strlen(rgbDataToSeal); TSS_RESULT result,resultFree; TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE | TSS_KEY_NO_AUTHORIZATION; TSS_FLAG pcrsInitFlags = 0; print_begin_test( function ); if (version == TESTSUITE_TEST_TSS_1_2) { keyInitFlags |= TSS_KEY_STRUCT_KEY12; pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG; } memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue)); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_end_test(function); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key by UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags, &hPcrComposite ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hPcrComposite)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrValue", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrLocality", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Checking flag and subflags //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -", result ); } print_end_test(function); Tspi_Context_Close(hContext); exit( 0 ); }
int main(int argc, char *argv[]) { TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; char *credential_filename = DEFAULT_CREDENTIAL_FILENAME; UINT32 nonceVerifierLength; BYTE *nonceVerifier; TSS_HDAA hDAA; TSS_DAA_CREDENTIAL *hDaaCredential; TSS_DAA_SIGN_DATA signData; TSS_DAA_SIGNATURE daaSignature; TSS_DAA_SELECTED_ATTRIB revealAttributes; char *szTpmPasswd = DEFAULT_OWN_PASSWD; char *message = NULL; BYTE **attributes = NULL; FILE *file; char *param; int i, length, rv; bi_ptr random = NULL; TSS_BOOL isCorrect; EVP_MD_CTX *mdctx; TSS_HKEY hKEY; init_tss_version( &signData); init_tss_version( &daaSignature); init_tss_version( &revealAttributes); i = 1; while( i < argc) { param = argv[ i]; if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) { i++; if( i == argc) return print_usage( argv[0]); message = argv[i]; } else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){ i++; if( i == argc) return print_usage( argv[0]); credential_filename = argv[i]; } else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){ i++; if( i == argc) return print_usage( argv[0]); szTpmPasswd = argv[i]; } else { fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param); return print_usage( argv[0]); } i++; } bi_init( NULL); printf("Loading credential: %s ", credential_filename); file = fopen( credential_filename, "r"); if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) { LogError( "[test_join]: Error when loading \'%s\': %s\n", credential_filename, strerror( errno)); result = TSS_E_FAIL; goto out_close; } fclose( file); printf("Done\n"); // Create Context LogDebug("Create Context"); result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { LogError( "Tspi_Context_Create %d\n", result ); goto out; } // Connect to Context result = Tspi_Context_Connect( hContext, NULL ); if ( result != TSS_SUCCESS) goto out_close; printf("\nConnect to the context: %X\n", hContext); if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS) goto out_close; // Get the correct policy using the TPM ownership PASSWD if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS) goto out_close; if( (result = Tspi_Policy_SetSecret( hPolicy, TSS_SECRET_MODE_PLAIN, strlen( szTpmPasswd), szTpmPasswd)) != TSS_SUCCESS) goto out_close; LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy); //Create Object result = obj_daa_add( hContext, &hDAA); if (result != TSS_SUCCESS) { LogError("Tspi_Context_CreateObject:%d", result); Tspi_Context_Close(hContext); LogError("%s: %s", argv[0], err_string(result)); exit(result); } LogDebug("created DAA object:%X", hDAA); // TODO: verifier base name ?? result = Tspi_DAA_VerifyInit( hDAA, // in &nonceVerifierLength, // out &nonceVerifier, // out 0, //baseNameLength, // out NULL //baseName // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("Verify Init return nonceVerifier [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0); mdctx = EVP_MD_CTX_create(); // create the TSS_DAA_SIGN_DATA struct // .selector: 0 -> payload contains a handle to an AIK // 1 -> payload contains a hashed message if( message != NULL) { signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest()); EVP_DigestUpdate(mdctx, (BYTE *)message, strlen( message)); signData.payloadLength = EVP_MD_CTX_size(mdctx); signData.payload = (BYTE *)EVP_MD_CTX_create(); EVP_DigestFinal(mdctx, signData.payload, NULL); } else { signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY; result = Tspi_Context_CreateObject( hContext, // in TSS_OBJECT_TYPE_RSAKEY, // in TSS_KEY_SIZE_2048, // in &hKEY // out ); if( result != TSS_SUCCESS) goto out_close; } result = Tspi_TPM_DAA_Sign( hDAA, // in hTPM, // in (TSS_HKEY)hDaaCredential, // in revealAttributes, // in 0, // verifierBaseNameLength, // in NULL, // verifierBaseName, // in nonceVerifierLength, // in nonceVerifier, // in signData, // in &daaSignature // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("TPM_DAA_Sign return daaSignature [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); // generate attributes list but without copying the not revealed ones attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength); for( i=0; i < (int)(hDaaCredential->attributesLength); i++) { if( revealAttributes.indicesList[i]) { attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8); memcpy( attributes[i], hDaaCredential->attributes[i], DAA_PARAM_SIZE_F_I / 8); } else { attributes[i] = NULL; } } result = Tspi_DAA_VerifySignature( hDAA, // in daaSignature, // in (TSS_HKEY)&(hDaaCredential->issuerPK), // in signData, // in hDaaCredential->attributesLength, // in attributes, // in nonceVerifierLength, // in nonceVerifier, // in 0, //baseNameLength, //in NULL, // in &isCorrect // out ); printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no")); out_close: EVP_MD_CTX_destroy(mdctx); if( attributes != NULL) { for( i=0; i<(int)hDaaCredential->attributesLength; i++) { if( attributes[i] != NULL) free( attributes[i]); } free( attributes); } if( random != NULL) bi_free_ptr( random); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); out: bi_release(); LogDebug("THE END result=%d:%s",result, err_string( result) );; return result; }
TSS_RESULT MyFunc_CreatePubKey(RSA *rsa, int padding, TSS_HKEY *hKey){ TSS_HCONTEXT hContext; TSS_RESULT result; UINT32 encScheme, sizeN, keySize; BYTE n[2048]; switch(padding){ case RSA_PKCS1_PADDING: encScheme = TSS_ES_RSAESPKCSV15; break; case RSA_PKCS1_OAEP_PADDING: encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1; break; case RSA_NO_PADDING: encScheme = TSS_ES_NONE; break; default: return TSS_E_INTERNAL_ERROR; break; } if((keySize = get_tss_key_size(RSA_size(rsa) * 8 )) == 0){ return TSS_E_BAD_PARAMETER; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_LEGACY | keySize, hKey); if(result != TSS_SUCCESS){ LogError("Tspi_Context_CreateObject failed:%s", strresult(result)); return result; } if((sizeN = BN_bn2bin(rsa->n, n)) <= 0){ LogError("BN_bn2bin failed"); ERR_print_errors_fp(stdout); Tspi_Context_CloseObject(hContext, *hKey); return TSS_E_FAIL; } result = Tspi_SetAttribData(*hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, sizeN, n); if(result != TSS_SUCCESS){ LogError("Tspi_SetAttribData failed:%s", strresult(result)); Tspi_Context_CloseObject(hContext, *hKey); return result; } result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ALGORITHM, TSS_ALG_RSA ); if(result != TSS_SUCCESS){ LogError("Tspi_SetAttribUnit32 failed:%s", strresult(result)); Tspi_Context_CloseObject(hContext, *hKey); return result; } result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_PRIMES, 2); if(result != TSS_SUCCESS){ LogError("Tspi_SetAttribUnit32 failed:%s", strresult(result)); Tspi_Context_CloseObject(hContext, *hKey); return result; } result = Tspi_SetAttribUnit32(*hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme); if(result != TSS_SUCCESS){ LogError("Tspi_Setattribunit32 failed:%s", strresult(result)); Tspi_Context_CloseObject(hContext,*hKey); return result; } return TSS_SUCCESS; }
main_v1_1(void){ char *nameOfFunction = "policy_no_secret"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_BOOL allowMaint = FALSE; BYTE *randomData; TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); #ifdef TESTSUITE_NOAUTH_SRK print_NA(); print_end_test(nameOfFunction); exit(0); #endif //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Policy Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Assign new policy w/o secret to the SRK object result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create child key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND| TSS_KEY_NO_AUTHORIZATION, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } // Attempt to use the SRK w/o putting a secret in its policy result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Key creation w/o parent secret set", result); print_error(nameOfFunction, result); Tspi_Context_Close(hContext); exit(result); } else { print_success("Key creation w/o parent secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } // With a secret set, this should work OK result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_Close(hContext); exit(result); } // Try an owner auth'd command w/o secret result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_Close(hContext); exit(result); } //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Tspi_TPM_GetStatus w/o owner secret set", result); Tspi_Context_Close(hContext); exit(result); } else { print_success("TPM_GetStatus w/o owner secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_GetStatus", result); Tspi_Context_Close(hContext); exit(result); } print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_ReadValue-trans03"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HOBJECT hPolObject = NULL_HOBJECT; TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; BYTE *auth = "123456"; UINT32 auth_length = 6; BYTE *policyData; UINT32 read_space = 10; TSS_RESULT result; TSS_HKEY hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifdef NV_LOCKED /* Get TPM object */ result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif /* Create policy object for the NV object*/ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_AssignToObject(hPolObject, hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData); #ifdef CLEAR_TEST_INDEX Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); Tspi_NV_ReleaseSpace(hNVStore); #endif #ifdef NV_LOCKED if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT) #else if (result != TSS_SUCCESS) #endif { print_error("Tspi_NV_ReadValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result == TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_ReleaseSpace-trans02"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; TSS_RESULT result; TSS_HKEY hSigningKey, hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, &hSigningKey); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011111); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); if (result != TSS_SUCCESS) { print_error("Tspi_NV_DefineSpace", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0x0); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Release NV space*/ result = Tspi_NV_ReleaseSpace(hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_NV_ReleaseSpace", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, hSigningKey); if (result== TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_CreateDelegation02"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); goto done; } result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(0xffffffff, 'b', 0, NULL_HPCRS, hFamily, hDelegation); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main_v1_1(void) { TSS_RESULT result; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HCONTEXT hContext; TSS_HENCDATA hEncData; TSS_HPOLICY hEncPolicy; UINT32 ulEncDataLen, ulDataUnsealedLen; BYTE *rgbDataUnsealed, *dataBuf; int i, exitCode; FILE *fEncData = NULL; char *file_name = "sealedData"; BYTE *rgbDataToSeal = "0123456789ABCDEF0123456789ABCDEF"; UINT32 ulDataToSealLen = 32; // load Context, SRK, TPM result = connect_load_all(&hContext, &hSRK, &hTPM); if (result) { printf("connect_load_all failed\n"); return result; } // Create Encrypted Data Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); if (TSS_SUCCESS != result) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = set_secret(hContext, hEncData, &hEncPolicy); if (result) { printf("set_secret failed\n"); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } fEncData = fopen(file_name, "rb"); if (!fEncData) { printf("open %s failed\n", file_name); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(-1); } // Get file size fseek(fEncData, 0L, SEEK_END); ulEncDataLen = ftell(fEncData); fseek(fEncData, 0L, SEEK_SET); dataBuf = malloc(ulEncDataLen); if (fread(dataBuf, 1, ulEncDataLen, fEncData) != ulEncDataLen) { printf("fread failed\n"); free(dataBuf); fclose(fEncData); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(-1); } fclose(fEncData); printf("Sealed data:\n"); print_hex(dataBuf, ulEncDataLen); result = Tspi_SetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, ulEncDataLen, dataBuf); if (TSS_SUCCESS != result) { print_error("Tspi_SetAttribData", result); free(dataBuf); dataBuf = NULL; Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } free(dataBuf); dataBuf = NULL; result = Tspi_Data_Unseal(hEncData, hSRK, &ulDataUnsealedLen, &rgbDataUnsealed); if (TSS_SUCCESS != result) { print_error("Tspi_Data_Unseal", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } printf("Unsealed Data:\n"); print_hex(rgbDataUnsealed, ulDataUnsealedLen); if (ulDataUnsealedLen != ulDataToSealLen || memcmp(rgbDataToSeal, rgbDataUnsealed, ulDataToSealLen)) { printf("\nFailed\n"); } else { printf("\nSuccess\n"); } Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return 0; }