main_v1_2(char version){ char *nameOfFunction = "Tspi_TPM_OwnerGetSRKPubKey01"; TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HKEY hSRK; TSS_HPOLICY hPolicy; UINT32 pulPubKeyLength; BYTE *prgbPubKey; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); return result; } result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); return result; } //Get SRK Public Key result = Tspi_TPM_OwnerGetSRKPubKey(hTPM, &pulPubKeyLength, &prgbPubKey); if (result != TSS_SUCCESS) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); } }
int main(int argc,char **argv) { TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; TSS_HKEY hSRK=0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID=TSS_UUID_SRK; BYTE wks[20]; //For the well known secret // Set wks to the well known secret: 20 bytes of all 0’s memset(wks,0,20); //Pick the TPM you are talking to. // In this case, it is the system TPM (indicated with NULL). result = Tspi_Context_Create( &hContext); DBG("Create Context",result); result = Tspi_Context_Connect(hContext, NULL); DBG("Context Connect�",result); // Get the TPM handle result=Tspi_Context_GetTpmObject(hContext,&hTPM); DBG("Get TPM Handle",result); // Get the SRK handle result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK); DBG("Got the SRK handle�", result); //Get the SRK policy result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy); DBG("Got the SRK policy",result); //Then set the SRK policy to be the well known secret result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks); //Note: TSS SECRET MODE SHA1 says ”Don’t hash this. // Use the 20 bytes as they are. DBG("Set the SRK secret in its policy",result); //Do something usefull TSS_UUID MY_UUID=BACKUP_KEY_UUID; TSS_HKEY hESS_Bind_Key; result=Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key); DBG("Get key handle", result); printf("Unregistering key\r\n"); result=Tspi_Context_UnregisterKey(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key); DBG("Unregister key",result); //Done doing something usefull // Context Close(hobjects you have created); Tspi_Context_FreeMemory(hContext,NULL); // This frees up memory automatically allocated for you. Tspi_Context_Close(hContext); return 0; }
static int tpm_open_session(struct tpm_ctx_st *s, const char *srk_password) { int err, ret; err = Tspi_Context_Create(&s->tpm_ctx); if (err) { gnutls_assert(); return tss_err(err); } err = Tspi_Context_Connect(s->tpm_ctx, NULL); if (err) { gnutls_assert(); ret = tss_err(err); goto out_tspi_ctx; } err = Tspi_Context_LoadKeyByUUID(s->tpm_ctx, TSS_PS_TYPE_SYSTEM, srk_uuid, &s->srk); if (err) { gnutls_assert(); ret = tss_err(err); goto out_tspi_ctx; } err = Tspi_GetPolicyObject(s->srk, TSS_POLICY_USAGE, &s->srk_policy); if (err) { gnutls_assert(); ret = tss_err(err); goto out_srk; } err = myTspi_Policy_SetSecret(s->srk_policy, SAFE_LEN(srk_password), (BYTE *) srk_password); if (err) { gnutls_assert(); ret = tss_err(err); goto out_srkpol; } return 0; out_srkpol: Tspi_Context_CloseObject(s->tpm_ctx, s->srk_policy); s->srk_policy = 0; out_srk: Tspi_Context_CloseObject(s->tpm_ctx, s->srk); s->srk = 0; out_tspi_ctx: Tspi_Context_Close(s->tpm_ctx); s->tpm_ctx = 0; return ret; }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_UpdateVerificationCount03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, -1); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int set_object_policy(TSS_HOBJECT handle, TSS_FLAG mode, char *prompt, UINT32 secret_len, BYTE *secret) { TSS_HPOLICY hPolicy; TSS_RESULT ret; ret = Tspi_GetPolicyObject(handle, TSS_POLICY_USAGE, &hPolicy); if (ret) { print_error(ret, gettext("Get object policy")); return (ERR_FAIL); } return (set_policy_options(hPolicy, mode, prompt, secret_len, secret)); }
TSS_RESULT extend_pcr (const char * buf, const int len) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_HPOLICY hOwnerPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; BYTE passcode[20]; memset(passcode,0,20); memcpy (passcode, buf, len); UINT32 ulNewPcrValueLength; BYTE* NewPcrValue; result = Tspi_Context_Create (&hContext); DBG(" Create a Context\n",result); result = Tspi_Context_Connect (hContext, NULL); DBG(" Connect to TPM\n", result); // Get the TPM handle result = Tspi_Context_GetTpmObject (hContext, &hTPM); DBG(" Get TPM Handle\n",result); result = Tspi_GetPolicyObject (hTPM, TSS_POLICY_USAGE, &hOwnerPolicy); DBG( " Owner Policy\n", result); result = Tspi_TPM_PcrExtend (hTPM, 9, sizeof(passcode), passcode, NULL, &ulNewPcrValueLength, &NewPcrValue); DBG(" extend\n",result); return result; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; //By default SRK is 20bytes 0 //takeownership -z BYTE wks[20]; memset(wks,0,20); //At the beginning //Create context and get tpm handle result =Tspi_Context_Create(&hContext); DBG("Create a context\n", result); result=Tspi_Context_Connect(hContext, NULL); DBG("Connect to TPM\n", result); result=Tspi_Context_GetTpmObject(hContext, &hTPM); DBG("Get TPM handle\n", result); //Get SRK handle //This operation need SRK secret when you takeownership //if takeownership -z the SRK is wks by default result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); DBG("Get SRK handle\n", result); result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); DBG("Get SRK Policy\n", result); result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20, wks); DBG("Tspi_Policy_SetSecret\n", result); //At the end of program //Cleanup some object result = Tspi_Context_FreeMemory(hContext, NULL); DBG("Tspi Context Free Memory\n", result); result = Tspi_Context_Close(hContext); DBG("Tspi Context Close\n", result); return 0; }
main_v1_1(void){ char *nameOfFunction = "Tspi_Key_LoadKey01"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_UUID uuid; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #endif //Create Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_Create Key", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key (hKey) result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS){ if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
main_v1_1(void){ char *nameOfFunction = "Tspi_Key_CreateMigrationBlob03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hKey; UINT32 TargetPubKeyLength; BYTE *TargetPublicKeyData; BYTE *MigTicket; UINT32 TicketLength; BYTE *randomData; UINT32 randomLength; UINT32 migBlobLength; BYTE *migBlob; UINT32 blobLength; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID for hSRK", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } #endif //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Signing Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); Tspi_Context_CloseObject(hContext, hKey); exit(result); } //Authorize Migration Ticket result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hKey, TSS_MS_REWRAP, &TicketLength, &MigTicket); if (result != TSS_SUCCESS) { print_error("Tpsi_TPM_AuthorizeMigrationTicket ", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); Tspi_Context_CloseObject(hContext, hKey); exit(result); } //Create Migration Blob result = Tspi_Key_CreateMigrationBlob(-1, hSRK, TicketLength, MigTicket, &randomLength, &randomData, &migBlobLength, &migBlob); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_ReadTables-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hWrappingKey; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; UINT32 familyTableSize, delegateTableSize; TSS_FAMILY_TABLE_ENTRY *familyTable; TSS_DELEGATION_TABLE_ENTRY *delegateTable; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", (result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", (result) ); goto done; } result = Tspi_TPM_Delegate_ReadTables(hContext, &familyTableSize, &familyTable, &delegateTableSize, &delegateTable); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_ReadTables", (result) ); goto done; } result = Testsuite_Transport_Final(hContext, 0); if ( result != TSS_SUCCESS ) { print_error( "Testsuite_Transport_Final", (result) ); goto done; } else { result = Tspi_Context_FreeMemory(hContext, (BYTE *)familyTable); if (result != TSS_SUCCESS) { print_error( "Tspi_Context_FreeMemory", result ); goto done; } result = Tspi_Context_FreeMemory(hContext, (BYTE *)delegateTable); if (result != TSS_SUCCESS) { print_error( "Tspi_Context_FreeMemory", result ); goto done; } else { print_success( function, result ); } } print_end_test( function ); done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); }
int main_v1_2( char version ) { char *function = "Tspi_GetAttribData21"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HPOLICY hSrkPolicy; BYTE *rgbDataToSeal = "This is a test"; BYTE rgbPcrValue[20]; TSS_HPCRS hPcrComposite; UINT32 AttribDataSize; BYTE* AttribData; UINT32 ulDataLength = strlen(rgbDataToSeal); TSS_RESULT result,resultFree; TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE | TSS_KEY_NO_AUTHORIZATION; TSS_FLAG pcrsInitFlags = 0; print_begin_test( function ); if (version == TESTSUITE_TEST_TSS_1_2) { keyInitFlags |= TSS_KEY_STRUCT_KEY12; pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG; } memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue)); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_end_test(function); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key by UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags, &hPcrComposite ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hPcrComposite)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrValue", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrLocality", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Checking flag and subflags //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -", result ); } print_end_test(function); Tspi_Context_Close(hContext); exit( 0 ); }
int main_v1_1( void ) { char *function = "Tspi_GetPolicyObject01"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_RESULT result; UINT32 exitCode; TSS_HPOLICY srkUsagePolicy; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); Tspi_Context_Close( hContext ); exit( result ); } //Get Policy Object result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &srkUsagePolicy ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); print_end_test( function ); Tspi_Context_Close( hContext ); exit(result); } else { print_error_nonapi( function, result ); print_end_test( function ); Tspi_Context_Close( hContext ); exit(result); } } else { print_success( function, result ); exitCode = 0; } print_end_test( function ); Tspi_Context_Close( hContext ); exit( exitCode ); }
main_v1_1(void){ char *nameOfFunction = "Tspi_ChangeAuth04"; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_HPOLICY hPolicy; TSS_HKEY hMStorageKey; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_FLAG initFlags; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; TSS_HPOLICY srkUsagePolicy; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID for hSRK", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #endif //Create Storage Key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hMStorageKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_CreateKey(hMStorageKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Call Change Auth result = Tspi_ChangeAuth(0xffffffff, hMStorageKey, hPolicy); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
main_v1_1(void){ char *nameOfFunction = "policy_no_secret"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_BOOL allowMaint = FALSE; BYTE *randomData; TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); #ifdef TESTSUITE_NOAUTH_SRK print_NA(); print_end_test(nameOfFunction); exit(0); #endif //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Policy Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Assign new policy w/o secret to the SRK object result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create child key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND| TSS_KEY_NO_AUTHORIZATION, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } // Attempt to use the SRK w/o putting a secret in its policy result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Key creation w/o parent secret set", result); print_error(nameOfFunction, result); Tspi_Context_Close(hContext); exit(result); } else { print_success("Key creation w/o parent secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } // With a secret set, this should work OK result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_Close(hContext); exit(result); } // Try an owner auth'd command w/o secret result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_Close(hContext); exit(result); } //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Tspi_TPM_GetStatus w/o owner secret set", result); Tspi_Context_Close(hContext); exit(result); } else { print_success("TPM_GetStatus w/o owner secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_GetStatus", result); Tspi_Context_Close(hContext); exit(result); } print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); }
int main(int argc, char *argv[]) { TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; char *credential_filename = DEFAULT_CREDENTIAL_FILENAME; UINT32 nonceVerifierLength; BYTE *nonceVerifier; TSS_HDAA hDAA; TSS_DAA_CREDENTIAL *hDaaCredential; TSS_DAA_SIGN_DATA signData; TSS_DAA_SIGNATURE daaSignature; TSS_DAA_SELECTED_ATTRIB revealAttributes; char *szTpmPasswd = DEFAULT_OWN_PASSWD; char *message = NULL; BYTE **attributes = NULL; FILE *file; char *param; int i, length, rv; bi_ptr random = NULL; TSS_BOOL isCorrect; EVP_MD_CTX *mdctx; TSS_HKEY hKEY; init_tss_version( &signData); init_tss_version( &daaSignature); init_tss_version( &revealAttributes); i = 1; while( i < argc) { param = argv[ i]; if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) { i++; if( i == argc) return print_usage( argv[0]); message = argv[i]; } else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){ i++; if( i == argc) return print_usage( argv[0]); credential_filename = argv[i]; } else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){ i++; if( i == argc) return print_usage( argv[0]); szTpmPasswd = argv[i]; } else { fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param); return print_usage( argv[0]); } i++; } bi_init( NULL); printf("Loading credential: %s ", credential_filename); file = fopen( credential_filename, "r"); if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) { LogError( "[test_join]: Error when loading \'%s\': %s\n", credential_filename, strerror( errno)); result = TSS_E_FAIL; goto out_close; } fclose( file); printf("Done\n"); // Create Context LogDebug("Create Context"); result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { LogError( "Tspi_Context_Create %d\n", result ); goto out; } // Connect to Context result = Tspi_Context_Connect( hContext, NULL ); if ( result != TSS_SUCCESS) goto out_close; printf("\nConnect to the context: %X\n", hContext); if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS) goto out_close; // Get the correct policy using the TPM ownership PASSWD if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS) goto out_close; if( (result = Tspi_Policy_SetSecret( hPolicy, TSS_SECRET_MODE_PLAIN, strlen( szTpmPasswd), szTpmPasswd)) != TSS_SUCCESS) goto out_close; LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy); //Create Object result = obj_daa_add( hContext, &hDAA); if (result != TSS_SUCCESS) { LogError("Tspi_Context_CreateObject:%d", result); Tspi_Context_Close(hContext); LogError("%s: %s", argv[0], err_string(result)); exit(result); } LogDebug("created DAA object:%X", hDAA); // TODO: verifier base name ?? result = Tspi_DAA_VerifyInit( hDAA, // in &nonceVerifierLength, // out &nonceVerifier, // out 0, //baseNameLength, // out NULL //baseName // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("Verify Init return nonceVerifier [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0); mdctx = EVP_MD_CTX_create(); // create the TSS_DAA_SIGN_DATA struct // .selector: 0 -> payload contains a handle to an AIK // 1 -> payload contains a hashed message if( message != NULL) { signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest()); EVP_DigestUpdate(mdctx, (BYTE *)message, strlen( message)); signData.payloadLength = EVP_MD_CTX_size(mdctx); signData.payload = (BYTE *)EVP_MD_CTX_create(); EVP_DigestFinal(mdctx, signData.payload, NULL); } else { signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY; result = Tspi_Context_CreateObject( hContext, // in TSS_OBJECT_TYPE_RSAKEY, // in TSS_KEY_SIZE_2048, // in &hKEY // out ); if( result != TSS_SUCCESS) goto out_close; } result = Tspi_TPM_DAA_Sign( hDAA, // in hTPM, // in (TSS_HKEY)hDaaCredential, // in revealAttributes, // in 0, // verifierBaseNameLength, // in NULL, // verifierBaseName, // in nonceVerifierLength, // in nonceVerifier, // in signData, // in &daaSignature // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("TPM_DAA_Sign return daaSignature [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); // generate attributes list but without copying the not revealed ones attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength); for( i=0; i < (int)(hDaaCredential->attributesLength); i++) { if( revealAttributes.indicesList[i]) { attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8); memcpy( attributes[i], hDaaCredential->attributes[i], DAA_PARAM_SIZE_F_I / 8); } else { attributes[i] = NULL; } } result = Tspi_DAA_VerifySignature( hDAA, // in daaSignature, // in (TSS_HKEY)&(hDaaCredential->issuerPK), // in signData, // in hDaaCredential->attributesLength, // in attributes, // in nonceVerifierLength, // in nonceVerifier, // in 0, //baseNameLength, //in NULL, // in &isCorrect // out ); printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no")); out_close: EVP_MD_CTX_destroy(mdctx); if( attributes != NULL) { for( i=0; i<(int)hDaaCredential->attributesLength; i++) { if( attributes[i] != NULL) free( attributes[i]); } free( attributes); } if( random != NULL) bi_free_ptr( random); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); out: bi_release(); LogDebug("THE END result=%d:%s",result, err_string( result) );; return result; }
main_v1_2(char version){ char *nameOfFunction = "Tspi_TPM_KeyControlOwner01"; TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hSRK; TSS_HKEY hKey; TSS_HKEY hTargetPubKey; TSS_HPOLICY hTpmPolicy, hSrkPolicy; TSS_UUID Uuid; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory( hContext, NULL ); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Requires Owner auth - get policy result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTpmPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject ", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Set Owner Secret result = Tspi_Policy_SetSecret(hTpmPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error("Tspi_Policy_SetSecret (Owner)", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Get SRK Key result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID ", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Requires SRK auth - get policy result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject ", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Set SRK Secret result = Tspi_Policy_SetSecret(hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error("Tspi_Policy_SetSecret (Owner)", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Create Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Load key result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Key_LoadKey", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Set Ownerevict bit result = Tspi_TPM_KeyControlOwner(hTPM, hKey, TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT, TRUE, &Uuid); if (result != TSS_SUCCESS) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_1( void ) { char *function = "Tspi_Context_LoadKeyByBlob03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hMSigningKey; BYTE* migratableSignKeyBlob; UINT32 blobLength; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy; UINT32 exitCode = 0; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &srkUsagePolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set Secret result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret (1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif //Create Signing Key result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING, &hMSigningKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_CreateObject (signing key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey (Signing Key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // get blob result = Tspi_GetAttribData( hMSigningKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLength, &migratableSignKeyBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key Blob result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, blobLength, NULL, &hMSigningKey ); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = result; } else { print_error_nonapi( function, result ); exitCode = result; } } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main(int argc, char **argv) { RSA *rsa = NULL; TSS_HCONTEXT hContext; TSS_HKEY hKey, hSRK, hCAKey; TSS_HPOLICY hTPMPolicy, hidpol; TSS_UUID srkUUID = TSS_UUID_SRK; TSS_HPOLICY srkpol; TSS_HTPM hTPM; UINT32 idbloblen, ch; int ret,i, blobos, fd; BYTE *srkpass, *tpmpass; BYTE *blobo, *idblob; srkpass = tpmpass = NULL; while ((ch = getopt(argc, argv, "hs:t:")) != -1) { switch (ch) { case 's': srkpass = optarg; break; case 't': tpmpass = optarg; break; case 'h': default: usage(argv[0]); break; } } if (!srkpass || !tpmpass) usage(argv[0]); /* create context and connect */ ret = Tspi_Context_Create(&hContext); check_fail("context create", ret); ret = Tspi_Context_Connect(hContext, NULL); check_fail("context connect", ret); ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID, &hSRK); check_fail("loadkeybyuuid", ret); ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol); check_fail("get policy object", ret); //ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234"); ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, strlen(srkpass), srkpass); check_fail("policy set secret", ret); ret = Tspi_Context_GetTpmObject(hContext, &hTPM); check_fail("get policy object", ret); //Insert the owner auth into the TPM's policy ret = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy); check_fail("get tpm policy", ret); ret = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN, strlen(tpmpass), tpmpass); check_fail("set owner secret", ret); ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, //TSS_KEY_TYPE_STORAGE TSS_KEY_TYPE_IDENTITY //TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE | TSS_KEY_VOLATILE , &hKey); check_fail("create object - key", ret); ret = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hidpol); check_fail("get id key policy", ret); ret = Tspi_Policy_SetSecret(hidpol, TSS_SECRET_MODE_PLAIN, strlen(srkpass), srkpass); check_fail("set idkey secret", ret); /* We must create this fake privacy CA key in software so that * Tspi_TPM_CollateIdentityRequest will happily work. It needs it to * create the cert request which is required in a normal remote * attestion procedure. It is not needed in our setup though. */ ret = make_fake_key(hContext, &hCAKey, &rsa, RSA_PKCS1_OAEP_PADDING); check_fail("ca nonsense", ret); /* We do not care about idblob - that is the certificate request that * we are supposed to send to our CA in normal remote attestation. The * fifth argument is our identity label (it is supposed to be unicode). */ ret = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hCAKey, 8, "id label", hKey, TSS_ALG_3DES, &idbloblen, &idblob); check_fail("collate id", ret); blobo = NULL; /*ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobos, &blobo);*/ ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blobos, &blobo); check_fail("get blob", ret); if (!blobo) { Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); FATAL("no blobo"); } printf("size: %d\n", blobos); for (i = 0;i < blobos; i++) { printf("\\x%x", blobo[i]); } printf("\n"); fd = open("key.blob", O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd == -1) { Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); FATAL("Open\n"); } ret = write(fd, blobo, blobos); if (ret != blobos) printf("Warning: couldn't write the whole key\n"); close(fd); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return 0; }
int tpm_load_srk(UI_METHOD *ui, void *cb_data) { TSS_RESULT result; UINT32 authusage; BYTE *auth; UINT32 auth_size; UINT32 srk_secret_mode = secret_mode; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); return 1; } if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &authusage))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if (!authusage) { DBG("SRK has no auth associated with it."); return 1; } /* If hSRKPolicy is non 0, then a policy object for the SRK has already * been set up by engine pre/post commands. Just assign it to the SRK. * Otherwise, we need to get the SRK's implicit policy and prompt for a * secret */ if (hSRKPolicy) { DBG("Found an already initialized SRK policy, using it"); if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } return 1; } if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((auth = calloc(1, 128)) == NULL) { TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); return 0; } if (!srk_zeroed) { if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", cb_data)) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); } auth_size = strlen((char *)auth); } else { auth_size = sizeof(well_known_secret); memcpy(auth, well_known_secret, auth_size); srk_secret_mode = TSS_SECRET_MODE_SHA1; } /* secret_mode is a global that may be set by engine ctrl * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, srk_secret_mode, auth_size, auth))) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } free(auth); return 1; }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_DefineSpace-trans03"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; TSS_RESULT result; TSS_HKEY hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifdef NV_LOCKED /* Get TPM object */ result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011101); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); #ifdef CLEAR_TEST_INDEX Tspi_NV_ReleaseSpace(hNVStore); #endif if (result != TSS_SUCCESS) { print_error("Tspi_NV_DefineSpace", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result== TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error("Tspi_NV_DefineSpace", result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }
int main_v1_1(void){ char *nameOfFunction = "Tspi_Context_GetRegisteredKeysByUUID03"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_UUID migratableSignUUID={1, 2, 3, 4, 5, {6, 7, 8, 9, 10, 2}}; TSS_HPOLICY srkUsagePolicy; UINT32 pulKeyHierarchySize; TSS_KM_KEYINFO* ppKeyHierarchy; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_512 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(nameOfFunction); //Create result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect ", result); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject ", result); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject ", result); Tspi_Context_Close(hContext); exit(result); } //Load Key by UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID ", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object for the srkUsagePolicy result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject ", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret for the srkUsagePolicy result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret ", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #endif //Create the hKey with the hSRK wrapping key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Register the hKey result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM, migratableSignUUID, TSS_PS_TYPE_SYSTEM, SRK_UUID); if (result != TSS_SUCCESS && TSS_ERROR_CODE(result) != TSS_E_KEY_ALREADY_REGISTERED) { print_error("Tspi_Context_RegisterKey ", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Get Registered Keys By UUID result = Tspi_Context_GetRegisteredKeysByUUID(hContext, -1, &migratableSignUUID, &pulKeyHierarchySize, &ppKeyHierarchy); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig) { static const TSS_UUID SRK_UUID = TSS_UUID_SRK; gnutls_datum_t asn1; unsigned int tss_len; char *pass; int ofs, err; err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Error decoding TSS key blob: %s\n"), gnutls_strerror(err)); return -EINVAL; } /* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */ if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = asn1.data[1]; ofs = 2; if (tss_len & 0x80) { int lenlen = tss_len & 0x7f; if (asn1.size < 2 + lenlen || lenlen > 3) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = 0; while (lenlen) { tss_len <<= 8; tss_len |= asn1.data[ofs++]; lenlen--; } } if (tss_len + ofs != asn1.size) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } err = Tspi_Context_Create(&vpninfo->tpm_context); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create TPM context: %s\n"), Trspi_Error_String(err)); goto out_blob; } err = Tspi_Context_Connect(vpninfo->tpm_context, NULL); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to connect TPM context: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM, SRK_UUID, &vpninfo->srk); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK key: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK policy object: %s\n"), Trspi_Error_String(err)); goto out_srk; } pass = vpninfo->cert_password; vpninfo->cert_password = NULL; while (1) { static const char nullpass[20]; /* We don't seem to get the error here... */ if (pass) err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (BYTE *)pass); else /* Well-known NULL key */ err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_SHA1, sizeof(nullpass), (BYTE *)nullpass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM PIN: %s\n"), Trspi_Error_String(err)); goto out_srkpol; } free(pass); /* ... we get it here instead. */ err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk, tss_len, asn1.data + ofs, &vpninfo->tpm_key); if (!err) break; if (pass) vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM key blob: %s\n"), Trspi_Error_String(err)); if (err != TPM_E_AUTHFAIL) goto out_srkpol; err = request_passphrase(vpninfo, "openconnect_tpm_srk", &pass, _("Enter TPM SRK PIN:")); if (err) goto out_srkpol; } #ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY gnutls_privkey_init(pkey); /* This would be nicer if there was a destructor callback. I could allocate a data structure with the TPM handles and the vpninfo pointer, and destroy that properly when the key is destroyed. */ gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0); #else *pkey = OPENCONNECT_TPM_PKEY; #endif retry_sign: err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig); if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) { if (!vpninfo->tpm_key_policy) { err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &vpninfo->tpm_key_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create key policy object: %s\n"), Trspi_Error_String(err)); goto out_key; } err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy, vpninfo->tpm_key); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to assign policy to key: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } } err = request_passphrase(vpninfo, "openconnect_tpm_key", &pass, _("Enter TPM key PIN:")); if (err) goto out_key_policy; err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (void *)pass); free (pass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set key PIN: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } goto retry_sign; } free (asn1.data); return 0; out_key_policy: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy); vpninfo->tpm_key_policy = 0; out_key: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key); vpninfo->tpm_key = 0; out_srkpol: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy); vpninfo->srk_policy = 0; out_srk: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk); vpninfo->srk = 0; out_context: Tspi_Context_Close(vpninfo->tpm_context); vpninfo->tpm_context = 0; out_blob: free (asn1.data); return -EIO; }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_GetFamily05"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM, hTPM2; TSS_HPOLICY hTPMPolicy; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY, hFamily2; UINT32 familyID, returnedID; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_GetAttribUint32(hFamily, TSS_TSPATTRIB_DELFAMILY_INFO, TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID, &familyID); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( "Tspi_TPM_GetAttribUint32", result ); } else { print_error_nonapi( "Tspi_TPM_GetAttribUint32", result ); } goto done; } /* Keep hTPM to invalidate family and then set it to NULL */ hTPM2 = hTPM; hTPM = NULL_HTPM; /* Keep family address */ hFamily2 = hFamily; result = Tspi_TPM_Delegate_GetFamily(hTPM, familyID, &hFamily); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2); print_error( function, result ); result = 1; goto done; } else { Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2); print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_ReadTables06"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; UINT32 familyTableSize, delegateTableSize; TSS_FAMILY_TABLE_ENTRY *familyTable; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_TPM_Delegate_ReadTables(hContext, &familyTableSize, &familyTable, &delegateTableSize, NULL); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
main_v1_1(void) { char *nameOfFunction = "Tspi_ChangeAuthAsym02"; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_HPOLICY hPolicy; TSS_UUID migratableStorageUUID = {1,2,3,4,5,6,7,8,9,10,5}; TSS_UUID migratableSignUUID = {1,2,3,4,5,6,7,8,9,10,8}; TSS_UUID AIKUUID = {1,2,3,4,5,6,7,8,9,10,6}; TSS_HKEY hAIK; TSS_HKEY hMSigningKey; TSS_HKEY hMStorageKey; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_FLAG initFlags; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; TSS_HPOLICY srkUsagePolicy; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID ", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #endif //Create Object for the hAIK Key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hAIK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create the hAIK Key result = Tspi_Key_CreateKey(hAIK, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } // Load hAIK Key result = Tspi_Key_LoadKey(hAIK, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Object for Storage Key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hMStorageKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Storage Key result = Tspi_Key_CreateKey(hMStorageKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tpspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } // Load hMStorageKey Key result = Tspi_Key_LoadKey(hMStorageKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Object for Signing Key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 |TSS_KEY_TYPE_SIGNING, &hMSigningKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Signing Key result = Tspi_Key_CreateKey(hMSigningKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Get Default Policy result = Tspi_Context_GetDefaultPolicy(hContext, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetPolicy", result); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Call to Change Auth Asym result = Tspi_ChangeAuthAsym(-1, hMStorageKey, hAIK, hPolicy); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { if(!checkNonAPI(result)) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else { print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hMStorageKey); Tspi_Context_CloseObject(hContext, hAIK); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
main_v1_2(char version) { TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTpmUsagePolicy; TSS_FLAG initFlags; TSS_HKEY hSrcKey; TSS_HKEY hDestKey; TSS_HKEY hMaKey[MA_KEY_COUNT]; TSS_HKEY hCmkKey; TSS_HKEY hNewKey; TSS_HMIGDATA hMigData; TSS_HHASH hHash; UINT32 blobSize; BYTE *blob; UINT32 randomSize; BYTE *random; int i; TSS_RESULT result; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); exit(result); } //Get TPM Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(hTpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create Overall Source Parent key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hSrcKey); tc_create_key(hContext, hSrcKey, hSRK, initFlags); tc_load_key(hContext, hSrcKey, hSRK); /***** Create Overall Destination Parent key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hDestKey); tc_create_key(hContext, hDestKey, hSRK, initFlags); tc_load_key(hContext, hDestKey, hSRK); /***** Create MAs and MSA list *****/ //Create MigData Object tc_create_object(hContext, TSS_OBJECT_TYPE_MIGDATA, 0, &hMigData); for (i = 0; i < MA_KEY_COUNT; i++) { //Create Key Object initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hMaKey[i]); tc_create_key(hContext, hMaKey[i], hSrcKey, initFlags); //Get PubKey Blob tc_get_attribdata(hContext, hMaKey[i], TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); //Add PubKey Blob to the MSA list tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB, blobSize, blob); } //Grant Owner Approval of MAs result = Tspi_TPM_CMKApproveMA(hTPM, hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKApproveMA", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a CMK ****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hCmkKey); //Get and Assign MA/MSA information tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA, TSS_MIGATTRIB_AUTHORITY_DIGEST, &blobSize, &blob); tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO, TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST, blobSize, blob); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA, TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC, &blobSize, &blob); tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO, TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL, blobSize, blob); tc_create_key(hContext, hCmkKey, hSrcKey, initFlags); /***** Authorize migration to the Dest key *****/ //Authorize Migration Ticket result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hDestKey, TSS_MS_RESTRICT_APPROVE_DOUBLE, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_AuthorizeMigrationTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONTICKET, 0, blobSize, blob); /***** Sign the migration ticket *****/ //Get PubKey Blob of CMK tc_get_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB, blobSize, blob); //Get PubKey Blob of destination CMK parent tc_get_attribdata(hContext, hDestKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB, blobSize, blob); //Get PubKey Blob of MA tc_get_attribdata(hContext, hMaKey[0], TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB, blobSize, blob); //Get Ticket Signature Data tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_GetHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Verify Key tc_load_key(hContext, hMaKey[0], hSrcKey); //Generate Ticket Signature result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_Sign", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket Signature tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA, TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob); //Create Ticket result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a migration blob *****/ //Create Blob result = Tspi_Key_CMKCreateBlob(hCmkKey, hSrcKey, hMigData, &randomSize, &random); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateBlob", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a CMK ticket for the destination TPM *****/ //We are using the same TPM so the next steps are not necessary, but are //done for procedural info //Get Ticket Signature Data tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_GetHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Verify Key tc_load_key(hContext, hMaKey[0], hSrcKey); //Generate Ticket Signature result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_Sign", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket Signature tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA, TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob); //Create Ticket result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Migrate the key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hNewKey); result = Tspi_Key_CMKConvertMigration(hNewKey, hDestKey, hMigData, randomSize, random); if (result != TSS_SUCCESS) { if (!checkNonAPI(result)) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else { print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } } tc_load_key(hContext, hNewKey, hDestKey); print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_UpdateVerificationCount-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hWrappingKey; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation1 = NULL_HPOLICY; TSS_HPOLICY hDelegation2 = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", (result) ); goto done; } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", (result) ); goto done; } result = Tspi_Policy_SetSecret( hDelegation1, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", (result) ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', 0, NULL_HPCRS, hFamily, hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation2); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", (result) ); goto done; } result = Tspi_Policy_SetSecret( hDelegation2, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT, NULL_HPCRS, hFamily, hDelegation2); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) ); goto done; } result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_UpdateVerificationCount", (result) ); goto done; } result = Testsuite_Transport_Final(hContext, 0); if ( result != TSS_SUCCESS ) { print_error( "Testsuite_Transport_Final", (result) ); goto done; } else { print_success( function, result ); } print_end_test( function ); done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_CreateDelegation02"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); goto done; } result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(0xffffffff, 'b', 0, NULL_HPCRS, hFamily, hDelegation); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_ReadValue-trans03"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HOBJECT hPolObject = NULL_HOBJECT; TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; BYTE *auth = "123456"; UINT32 auth_length = 6; BYTE *policyData; UINT32 read_space = 10; TSS_RESULT result; TSS_HKEY hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifdef NV_LOCKED /* Get TPM object */ result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif /* Create policy object for the NV object*/ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_AssignToObject(hPolObject, hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData); #ifdef CLEAR_TEST_INDEX Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); Tspi_NV_ReleaseSpace(hNVStore); #endif #ifdef NV_LOCKED if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT) #else if (result != TSS_SUCCESS) #endif { print_error("Tspi_NV_ReadValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result == TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } }