static int tpm_sign_fn(gnutls_privkey_t key, void *_s, const gnutls_datum_t * data, gnutls_datum_t * sig) { struct tpm_ctx_st *s = _s; TSS_HHASH hash; int err; _gnutls_debug_log("TPM sign function called for %u bytes.\n", data->size); err = Tspi_Context_CreateObject(s->tpm_ctx, TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER, &hash); if (err) { gnutls_assert(); _gnutls_debug_log("Failed to create TPM hash object: %s\n", Trspi_Error_String(err)); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_SetHashValue(hash, data->size, data->data); if (err) { gnutls_assert(); _gnutls_debug_log ("Failed to set value in TPM hash object: %s\n", Trspi_Error_String(err)); Tspi_Context_CloseObject(s->tpm_ctx, hash); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_Sign(hash, s->tpm_key, &sig->size, &sig->data); Tspi_Context_CloseObject(s->tpm_ctx, hash); if (err) { if (s->tpm_key_policy || err != TPM_E_AUTHFAIL) _gnutls_debug_log ("TPM hash signature failed: %s\n", Trspi_Error_String(err)); if (err == TPM_E_AUTHFAIL) return GNUTLS_E_TPM_KEY_PASSWORD_ERROR; else return GNUTLS_E_PK_SIGN_FAILED; } return 0; }
static int tpm_sign_fn(gnutls_privkey_t key, void *_vpninfo, const gnutls_datum_t *data, gnutls_datum_t *sig) { struct openconnect_info *vpninfo = _vpninfo; TSS_HHASH hash; int err; vpn_progress(vpninfo, PRG_TRACE, _("TPM sign function called for %d bytes.\n"), data->size); err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER, &hash); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create TPM hash object: %s\n"), Trspi_Error_String(err)); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_SetHashValue(hash, data->size, data->data); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set value in TPM hash object: %s\n"), Trspi_Error_String(err)); Tspi_Context_CloseObject(vpninfo->tpm_context, hash); return GNUTLS_E_PK_SIGN_FAILED; } err = Tspi_Hash_Sign(hash, vpninfo->tpm_key, &sig->size, &sig->data); Tspi_Context_CloseObject(vpninfo->tpm_context, hash); if (err) { if (vpninfo->tpm_key_policy || err != TPM_E_AUTHFAIL) vpn_progress(vpninfo, PRG_ERR, _("TPM hash signature failed: %s\n"), Trspi_Error_String(err)); if (err == TPM_E_AUTHFAIL) return GNUTLS_E_INSUFFICIENT_CREDENTIALS; else return GNUTLS_E_PK_SIGN_FAILED; } return 0; }
main_v1_2(char version) { TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTpmUsagePolicy; TSS_FLAG initFlags; TSS_HKEY hSrcKey; TSS_HKEY hDestKey; TSS_HKEY hMaKey[MA_KEY_COUNT]; TSS_HKEY hCmkKey; TSS_HKEY hNewKey; TSS_HMIGDATA hMigData; TSS_HHASH hHash; UINT32 blobSize; BYTE *blob; UINT32 randomSize; BYTE *random; int i; TSS_RESULT result; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); exit(result); } //Get TPM Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(hTpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create Overall Source Parent key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hSrcKey); tc_create_key(hContext, hSrcKey, hSRK, initFlags); tc_load_key(hContext, hSrcKey, hSRK); /***** Create Overall Destination Parent key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hDestKey); tc_create_key(hContext, hDestKey, hSRK, initFlags); tc_load_key(hContext, hDestKey, hSRK); /***** Create MAs and MSA list *****/ //Create MigData Object tc_create_object(hContext, TSS_OBJECT_TYPE_MIGDATA, 0, &hMigData); for (i = 0; i < MA_KEY_COUNT; i++) { //Create Key Object initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hMaKey[i]); tc_create_key(hContext, hMaKey[i], hSrcKey, initFlags); //Get PubKey Blob tc_get_attribdata(hContext, hMaKey[i], TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); //Add PubKey Blob to the MSA list tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB, blobSize, blob); } //Grant Owner Approval of MAs result = Tspi_TPM_CMKApproveMA(hTPM, hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKApproveMA", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a CMK ****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hCmkKey); //Get and Assign MA/MSA information tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA, TSS_MIGATTRIB_AUTHORITY_DIGEST, &blobSize, &blob); tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO, TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST, blobSize, blob); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA, TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC, &blobSize, &blob); tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO, TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL, blobSize, blob); tc_create_key(hContext, hCmkKey, hSrcKey, initFlags); /***** Authorize migration to the Dest key *****/ //Authorize Migration Ticket result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hDestKey, TSS_MS_RESTRICT_APPROVE_DOUBLE, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_AuthorizeMigrationTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONTICKET, 0, blobSize, blob); /***** Sign the migration ticket *****/ //Get PubKey Blob of CMK tc_get_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB, blobSize, blob); //Get PubKey Blob of destination CMK parent tc_get_attribdata(hContext, hDestKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB, blobSize, blob); //Get PubKey Blob of MA tc_get_attribdata(hContext, hMaKey[0], TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB, blobSize, blob); //Get Ticket Signature Data tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_GetHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Verify Key tc_load_key(hContext, hMaKey[0], hSrcKey); //Generate Ticket Signature result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_Sign", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket Signature tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA, TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob); //Create Ticket result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a migration blob *****/ //Create Blob result = Tspi_Key_CMKCreateBlob(hCmkKey, hSrcKey, hMigData, &randomSize, &random); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateBlob", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a CMK ticket for the destination TPM *****/ //We are using the same TPM so the next steps are not necessary, but are //done for procedural info //Get Ticket Signature Data tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_GetHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Verify Key tc_load_key(hContext, hMaKey[0], hSrcKey); //Generate Ticket Signature result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_Sign", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket Signature tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA, TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob); //Create Ticket result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Migrate the key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hNewKey); result = Tspi_Key_CMKConvertMigration(hNewKey, hDestKey, hMigData, randomSize, random); if (result != TSS_SUCCESS) { if (!checkNonAPI(result)) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else { print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } } tc_load_key(hContext, hNewKey, hDestKey); print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); }
static int tpm_rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data); TSS_RESULT result; UINT32 sig_len; BYTE *sig; int rv; DBG("%s", __FUNCTION__); if (!app_data) { DBG("No app data found for RSA object %p. Calling software.", rsa); if ((rv = RSA_PKCS1_SSLeay()->rsa_priv_enc(flen, from, to, rsa, padding)) < 0) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); } return rv; } if (padding != RSA_PKCS1_PADDING) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_PADDING_TYPE); return 0; } if (app_data->hKey == NULL_HKEY) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_KEY); return 0; } if (app_data->hHash == NULL_HHASH) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_OTHER, &app_data->hHash))) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); return 0; } } if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_SHA1) { if (flen != SHA_DIGEST_LENGTH) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE); return 0; } } else if (app_data->sigScheme == TSS_SS_RSASSAPKCS1V15_DER) { if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_MSG_SIZE); return 0; } } else { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_INVALID_ENC_SCHEME); return 0; } if ((result = Tspi_Hash_SetHashValue(app_data->hHash, flen, from))) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Hash_Sign(app_data->hHash, app_data->hKey, &sig_len, &sig))) { TSSerr(TPM_F_TPM_RSA_PRIV_ENC, TPM_R_REQUEST_FAILED); DBG("result = 0x%x (%s)", result, Trspi_Error_String(result)); return 0; } DBG("%s: writing out %d bytes as a signature", __FUNCTION__, sig_len); memcpy(to, sig, sig_len); Tspi_Context_FreeMemory(hContext, sig); return sig_len; }
int main_v1_1(void) { char *function = "Tspi_Hash_Sign03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hMSigningKey; TSS_HKEY hKey; TSS_UUID SRKUUID = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; TSS_UUID migratableSignUUID = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 2 }; TSS_HHASH hHash; BYTE *prgbSignature; // UINT32 pulSignatureLength; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy; TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; UINT32 exitCode = 0; print_begin_test(function); // Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } // Connect to Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif //Create Signing Key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING, &hMSigningKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (signing key)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_CreateKey(hMSigningKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey (signing key)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_RegisterKey(hContext, hMSigningKey, TSS_PS_TYPE_SYSTEM, migratableSignUUID, TSS_PS_TYPE_SYSTEM, SRKUUID); if ((result != TSS_SUCCESS) && (TSS_ERROR_CODE(result) != TSS_E_KEY_ALREADY_REGISTERED)) { print_error("Tspi_Context_RegisterKey (signing key)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, migratableSignUUID, &hMSigningKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (signing key)", result ); Tspi_Context_UnregisterKey( hContext, TSS_PS_TYPE_SYSTEM, migratableSignUUID, &hMSigningKey ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hash)", result); Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, migratableSignUUID, &hMSigningKey); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_SetHashValue(hHash, 20, "Je pense, danc je suis."); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_SetHashValue", result); Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, migratableSignUUID, &hMSigningKey); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } //Load Key Blob result = Tspi_Hash_Sign(hHash, hMSigningKey, NULL, &prgbSignature); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } exitCode = result; } else { print_success(function, result); } print_end_test(function); Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, migratableSignUUID, &hMSigningKey); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(exitCode); }
int main_v1_2(char version) { char *function = "Tspi_Hash_Sign-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hMSigningKey, hWrappingKey; TSS_UUID SRKUUID = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; TSS_UUID migratableSignUUID = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 2 }; TSS_HHASH hHash; BYTE *prgbSignature; UINT32 pulSignatureLength; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy; TSS_HTPM hTPM; print_begin_test(function); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } //Create Signing Key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING | TSS_KEY_NO_AUTHORIZATION, &hMSigningKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (signing key)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_CreateKey(hMSigningKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey (signing key)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_LoadKey(hMSigningKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKey (hMSigningKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create hash result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hash)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_SetHashValue(hHash, 20, "Je pense, danc je s"); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_SetHashValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_Sign(hHash, hMSigningKey, &pulSignatureLength, &prgbSignature); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_Sign", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result != TSS_SUCCESS) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } } else { print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); }
int main_v1_1( void ) { char *function = "key_auth_check01"; TSS_HCONTEXT hContext; UINT32 exitCode; TSS_HKEY hSRK; TSS_HKEY hMSigningKey; TSS_UUID migratableSignUUID = {0x1, 0x55, 0x67, 0x8, 0x5, { 6, 7, 8, 9, 10, 2 } }; TSS_HHASH hHash; BYTE *prgbSignature; UINT32 pulSignatureLength; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_error_exit( function, err_string(result) ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &srkUsagePolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set Secret result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif //Create Signing Key result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING | TSS_KEY_AUTHORIZATION, &hMSigningKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (signing key)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // get signing key's policy result = Tspi_GetPolicyObject( hMSigningKey, TSS_POLICY_USAGE, &keyUsagePolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set Secret result = Tspi_Policy_SetSecret( keyUsagePolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey (signing key)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_LoadKey( hMSigningKey, hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKey (hMSigningKey)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // create hash result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hash)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Hash_UpdateHashValue( hHash, 20, "Je pense, danc je s" ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Hash_SetHashValue", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Hash_Sign( hHash, hMSigningKey, &pulSignatureLength, &prgbSignature ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { result = Tspi_Context_RegisterKey(hContext, hMSigningKey, TSS_PS_TYPE_SYSTEM, migratableSignUUID, TSS_PS_TYPE_SYSTEM, SRK_UUID); if (result != TSS_SUCCESS) { print_error( "Tspi_Context_RegisterKey", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } print_success( function, result ); exitCode = 0; } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main_v1_1( void ) { char *function = "Tspi_PolicyPopup02"; char *hashData = "09876543210987654321"; TSS_RESULT result; TSS_HKEY hSRK, hKey; TSS_UUID SRKUUID = {0,0,0,0,0,0,0,0,0,0,1}; TSS_HPOLICY hPolicy; TSS_HCONTEXT hContext; TSS_HHASH hHash; BYTE *popupMsg = NULL; BYTE *msg = "Enter a password for a new key:"; UINT32 msg_len; TSS_HPOLICY srkUsagePolicy; TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; UINT32 ulSignatureLen; BYTE *signature; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_error_exit( function, err_string(result) ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, NULL ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &srkUsagePolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_Context_CreateObject ( hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject ( hKey, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } popupMsg = char_to_unicode(msg, &msg_len); result = Tspi_SetAttribData( hPolicy, TSS_TSPATTRIB_POLICY_POPUPSTRING, 0, msg_len, popupMsg ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribData", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } free(popupMsg); result = Tspi_Policy_SetSecret( hPolicy, TSS_SECRET_MODE_POPUP, 0, NULL ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey( hKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey (hKey)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_LoadKey( hKey, hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_LaodKey", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #if 0 result = Tspi_Policy_FlushSecret( hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } popupMsg = char_to_unicode("Re-enter the new key's password:"******"Tspi_SetAttribData", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } free(popupMsg); result = Tspi_Policy_SetSecret( hPolicy, TSS_SECRET_MODE_POPUP, 0, NULL ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif /* now sign some data to test the key's auth data */ result = Tspi_Context_CreateObject ( hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Hash_SetHashValue ( hHash, strlen(hashData), hashData ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Hash_SetHashValue", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Hash_Sign ( hHash, hKey, &ulSignatureLen, &signature ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Hash_Sign", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } print_success( function, result ); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); }