void changeownership( unsigned char *auth_tpm_value, unsigned long auth_tpm_size, bool auth_tpm_sha1, unsigned char *auth_new_value, unsigned long auth_new_size, bool auth_new_sha1) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //set up TPM auth if(auth_tpm_sha1) { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); } //assign the TPM auth result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); //set up new auth if(auth_new_sha1) { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); } //change the TPM secret result = Tspi_ChangeAuth(htpm, 0, hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result); return; }
int set_policy_options(TSS_HPOLICY hPolicy, TSS_FLAG mode, char *prompt, UINT32 secret_len, BYTE *secret) { TSS_RESULT ret; BYTE *unicode_prompt; UINT32 len; ret = Tspi_Policy_SetSecret(hPolicy, mode, secret_len, secret); if (ret) { print_error(ret, gettext("Set policy secret")); return (ERR_FAIL); } if (prompt != NULL) { unicode_prompt = Trspi_Native_To_UNICODE((BYTE *)prompt, &len); ret = Tspi_SetAttribData(hPolicy, TSS_TSPATTRIB_POLICY_POPUPSTRING, NULL, len, unicode_prompt); if (ret) { print_error(ret, gettext("Set policy prompt")); return (ERR_FAIL); } } return (0); }
static int tpm_create_srk_policy(void *secret) { TSS_RESULT result; UINT32 secret_len; if (secret_mode == TSS_SECRET_MODE_SHA1) secret_len = SHA_DIGEST_LENGTH; else { secret_len = (secret == NULL) ? 0 : strlen((char *)secret); DBG("Using SRK secret = %s", (BYTE *)secret); } if (hSRKPolicy == NULL_HPOLICY) { DBG("Creating SRK policy"); if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hSRKPolicy))) { TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, TPM_R_REQUEST_FAILED); return 0; } } if ((result = Tspi_Policy_SetSecret(hSRKPolicy, secret_mode, secret_len, (BYTE *)secret))) { TSSerr(TPM_F_TPM_CREATE_SRK_POLICY, TPM_R_REQUEST_FAILED); return 0; } return 1; }
void tc_create_policy(TSS_HCONTEXT hContext, UINT32 type, UINT32 flags, TSS_HOBJECT hObject) { TSS_HPOLICY hPolicy; TSS_RESULT result; //Create Policy Object tc_create_object(hContext, type, flags, &hPolicy); //Set Policy Secret result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Assign Policy to Object (Key) result = Tspi_Policy_AssignToObject(hPolicy, hObject); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } }
main_v1_2(char version){ char *nameOfFunction = "Tspi_TPM_OwnerGetSRKPubKey01"; TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HKEY hSRK; TSS_HPOLICY hPolicy; UINT32 pulPubKeyLength; BYTE *prgbPubKey; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); return result; } result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); return result; } //Get SRK Public Key result = Tspi_TPM_OwnerGetSRKPubKey(hTPM, &pulPubKeyLength, &prgbPubKey); if (result != TSS_SUCCESS) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); } }
static TSS_RESULT myTspi_Policy_SetSecret(TSS_HPOLICY hPolicy, UINT32 ulSecretLength, BYTE * rgbSecret) { if (rgbSecret == NULL) { /* Well known NULL key */ return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_SHA1, sizeof(nullpass), (BYTE *) nullpass); } else { /* key is given */ return Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, ulSecretLength, rgbSecret); } }
int main(int argc,char **argv) { TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_RESULT result; TSS_HKEY hSRK=0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID=TSS_UUID_SRK; BYTE wks[20]; //For the well known secret // Set wks to the well known secret: 20 bytes of all 0’s memset(wks,0,20); //Pick the TPM you are talking to. // In this case, it is the system TPM (indicated with NULL). result = Tspi_Context_Create( &hContext); DBG("Create Context",result); result = Tspi_Context_Connect(hContext, NULL); DBG("Context Connect�",result); // Get the TPM handle result=Tspi_Context_GetTpmObject(hContext,&hTPM); DBG("Get TPM Handle",result); // Get the SRK handle result=Tspi_Context_LoadKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,SRK_UUID,&hSRK); DBG("Got the SRK handle�", result); //Get the SRK policy result = Tspi_GetPolicyObject(hSRK,TSS_POLICY_USAGE,&hSRKPolicy); DBG("Got the SRK policy",result); //Then set the SRK policy to be the well known secret result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20,wks); //Note: TSS SECRET MODE SHA1 says ”Don’t hash this. // Use the 20 bytes as they are. DBG("Set the SRK secret in its policy",result); //Do something usefull TSS_UUID MY_UUID=BACKUP_KEY_UUID; TSS_HKEY hESS_Bind_Key; result=Tspi_Context_GetKeyByUUID(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key); DBG("Get key handle", result); printf("Unregistering key\r\n"); result=Tspi_Context_UnregisterKey(hContext,TSS_PS_TYPE_SYSTEM,MY_UUID,&hESS_Bind_Key); DBG("Unregister key",result); //Done doing something usefull // Context Close(hobjects you have created); Tspi_Context_FreeMemory(hContext,NULL); // This frees up memory automatically allocated for you. Tspi_Context_Close(hContext); return 0; }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_UpdateVerificationCount03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, -1); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main(int argc, char **argv) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; //By default SRK is 20bytes 0 //takeownership -z BYTE wks[20]; memset(wks,0,20); //At the beginning //Create context and get tpm handle result =Tspi_Context_Create(&hContext); DBG("Create a context\n", result); result=Tspi_Context_Connect(hContext, NULL); DBG("Connect to TPM\n", result); result=Tspi_Context_GetTpmObject(hContext, &hTPM); DBG("Get TPM handle\n", result); //Get SRK handle //This operation need SRK secret when you takeownership //if takeownership -z the SRK is wks by default result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); DBG("Get SRK handle\n", result); result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); DBG("Get SRK Policy\n", result); result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1,20, wks); DBG("Tspi_Policy_SetSecret\n", result); //At the end of program //Cleanup some object result = Tspi_Context_FreeMemory(hContext, NULL); DBG("Tspi Context Free Memory\n", result); result = Tspi_Context_Close(hContext); DBG("Tspi Context Close\n", result); return 0; }
main_v1_1(void){ char *nameOfFunction = "Tspi_Key_LoadKey01"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_UUID uuid; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } #endif //Create Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_Create Key", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key (hKey) result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS){ if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
main_v1_1(void){ char *nameOfFunction = "Tspi_Key_CreateMigrationBlob03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hKey; UINT32 TargetPubKeyLength; BYTE *TargetPublicKeyData; BYTE *MigTicket; UINT32 TicketLength; BYTE *randomData; UINT32 randomLength; UINT32 migBlobLength; BYTE *migBlob; UINT32 blobLength; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigPolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID for hSRK", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } #endif //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Signing Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); Tspi_Context_CloseObject(hContext, hKey); exit(result); } //Authorize Migration Ticket result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hKey, TSS_MS_REWRAP, &TicketLength, &MigTicket); if (result != TSS_SUCCESS) { print_error("Tpsi_TPM_AuthorizeMigrationTicket ", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); Tspi_Context_CloseObject(hContext, hKey); exit(result); } //Create Migration Blob result = Tspi_Key_CreateMigrationBlob(-1, hSRK, TicketLength, MigTicket, &randomLength, &randomData, &migBlobLength, &migBlob); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(0); } }
int main_v1_2( char version ) { char *function = "Tspi_GetAttribData21"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HPOLICY hSrkPolicy; BYTE *rgbDataToSeal = "This is a test"; BYTE rgbPcrValue[20]; TSS_HPCRS hPcrComposite; UINT32 AttribDataSize; BYTE* AttribData; UINT32 ulDataLength = strlen(rgbDataToSeal); TSS_RESULT result,resultFree; TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE | TSS_KEY_NO_AUTHORIZATION; TSS_FLAG pcrsInitFlags = 0; print_begin_test( function ); if (version == TESTSUITE_TEST_TSS_1_2) { keyInitFlags |= TSS_KEY_STRUCT_KEY12; pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG; } memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue)); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_end_test(function); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key by UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags, &hPcrComposite ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hPcrComposite)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrValue", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrLocality", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Checking flag and subflags //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -", result ); } print_end_test(function); Tspi_Context_Close(hContext); exit( 0 ); }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_ReadTables-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hWrappingKey; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; UINT32 familyTableSize, delegateTableSize; TSS_FAMILY_TABLE_ENTRY *familyTable; TSS_DELEGATION_TABLE_ENTRY *delegateTable; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", (result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", (result) ); goto done; } result = Tspi_TPM_Delegate_ReadTables(hContext, &familyTableSize, &familyTable, &delegateTableSize, &delegateTable); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_ReadTables", (result) ); goto done; } result = Testsuite_Transport_Final(hContext, 0); if ( result != TSS_SUCCESS ) { print_error( "Testsuite_Transport_Final", (result) ); goto done; } else { result = Tspi_Context_FreeMemory(hContext, (BYTE *)familyTable); if (result != TSS_SUCCESS) { print_error( "Tspi_Context_FreeMemory", result ); goto done; } result = Tspi_Context_FreeMemory(hContext, (BYTE *)delegateTable); if (result != TSS_SUCCESS) { print_error( "Tspi_Context_FreeMemory", result ); goto done; } else { print_success( function, result ); } } print_end_test( function ); done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( 0 ); }
int main(int argc, char *argv[]) { TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; char *credential_filename = DEFAULT_CREDENTIAL_FILENAME; UINT32 nonceVerifierLength; BYTE *nonceVerifier; TSS_HDAA hDAA; TSS_DAA_CREDENTIAL *hDaaCredential; TSS_DAA_SIGN_DATA signData; TSS_DAA_SIGNATURE daaSignature; TSS_DAA_SELECTED_ATTRIB revealAttributes; char *szTpmPasswd = DEFAULT_OWN_PASSWD; char *message = NULL; BYTE **attributes = NULL; FILE *file; char *param; int i, length, rv; bi_ptr random = NULL; TSS_BOOL isCorrect; EVP_MD_CTX *mdctx; TSS_HKEY hKEY; init_tss_version( &signData); init_tss_version( &daaSignature); init_tss_version( &revealAttributes); i = 1; while( i < argc) { param = argv[ i]; if ( strcmp( param, "-m") == 0 || strcmp( param, "--message") == 0) { i++; if( i == argc) return print_usage( argv[0]); message = argv[i]; } else if( strcmp( param, "-cr") == 0 || strcmp( param, "--credential") == 0){ i++; if( i == argc) return print_usage( argv[0]); credential_filename = argv[i]; } else if( strcmp( param, "-pw") == 0 || strcmp( param, "--passwd") == 0){ i++; if( i == argc) return print_usage( argv[0]); szTpmPasswd = argv[i]; } else { fprintf(stderr, "%s:unrecognized option `%s'\n", argv[0], param); return print_usage( argv[0]); } i++; } bi_init( NULL); printf("Loading credential: %s ", credential_filename); file = fopen( credential_filename, "r"); if( (hDaaCredential = load_TSS_DAA_CREDENTIAL( file)) == 0) { LogError( "[test_join]: Error when loading \'%s\': %s\n", credential_filename, strerror( errno)); result = TSS_E_FAIL; goto out_close; } fclose( file); printf("Done\n"); // Create Context LogDebug("Create Context"); result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { LogError( "Tspi_Context_Create %d\n", result ); goto out; } // Connect to Context result = Tspi_Context_Connect( hContext, NULL ); if ( result != TSS_SUCCESS) goto out_close; printf("\nConnect to the context: %X\n", hContext); if( (result = Tspi_Context_GetTpmObject( hContext, &hTPM)) != TSS_SUCCESS) goto out_close; // Get the correct policy using the TPM ownership PASSWD if( (result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy)) != TSS_SUCCESS) goto out_close; if( (result = Tspi_Policy_SetSecret( hPolicy, TSS_SECRET_MODE_PLAIN, strlen( szTpmPasswd), szTpmPasswd)) != TSS_SUCCESS) goto out_close; LogDebug("Tspi_Policy_SetSecret hPolicy received;%d", hPolicy); //Create Object result = obj_daa_add( hContext, &hDAA); if (result != TSS_SUCCESS) { LogError("Tspi_Context_CreateObject:%d", result); Tspi_Context_Close(hContext); LogError("%s: %s", argv[0], err_string(result)); exit(result); } LogDebug("created DAA object:%X", hDAA); // TODO: verifier base name ?? result = Tspi_DAA_VerifyInit( hDAA, // in &nonceVerifierLength, // out &nonceVerifier, // out 0, //baseNameLength, // out NULL //baseName // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("Verify Init return nonceVerifier [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); create_TSS_DAA_SELECTED_ATTRIB( &revealAttributes, 5, 0, 1, 1, 0, 0); mdctx = EVP_MD_CTX_create(); // create the TSS_DAA_SIGN_DATA struct // .selector: 0 -> payload contains a handle to an AIK // 1 -> payload contains a hashed message if( message != NULL) { signData.selector = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; signData.payloadFlag = TSS_FLAG_DAA_SIGN_MESSAGE_HASH; EVP_DigestInit(mdctx, DAA_PARAM_get_message_digest()); EVP_DigestUpdate(mdctx, (BYTE *)message, strlen( message)); signData.payloadLength = EVP_MD_CTX_size(mdctx); signData.payload = (BYTE *)EVP_MD_CTX_create(); EVP_DigestFinal(mdctx, signData.payload, NULL); } else { signData.selector = TSS_FLAG_DAA_SIGN_IDENTITY_KEY; result = Tspi_Context_CreateObject( hContext, // in TSS_OBJECT_TYPE_RSAKEY, // in TSS_KEY_SIZE_2048, // in &hKEY // out ); if( result != TSS_SUCCESS) goto out_close; } result = Tspi_TPM_DAA_Sign( hDAA, // in hTPM, // in (TSS_HKEY)hDaaCredential, // in revealAttributes, // in 0, // verifierBaseNameLength, // in NULL, // verifierBaseName, // in nonceVerifierLength, // in nonceVerifier, // in signData, // in &daaSignature // out ); if (result != TSS_SUCCESS) goto out_close; LogDebug("TPM_DAA_Sign return daaSignature [%s]", dump_byte_array( nonceVerifierLength, nonceVerifier)); // generate attributes list but without copying the not revealed ones attributes = malloc( sizeof(BYTE *) * hDaaCredential->attributesLength); for( i=0; i < (int)(hDaaCredential->attributesLength); i++) { if( revealAttributes.indicesList[i]) { attributes[i] = (BYTE *)malloc( DAA_PARAM_SIZE_F_I / 8); memcpy( attributes[i], hDaaCredential->attributes[i], DAA_PARAM_SIZE_F_I / 8); } else { attributes[i] = NULL; } } result = Tspi_DAA_VerifySignature( hDAA, // in daaSignature, // in (TSS_HKEY)&(hDaaCredential->issuerPK), // in signData, // in hDaaCredential->attributesLength, // in attributes, // in nonceVerifierLength, // in nonceVerifier, // in 0, //baseNameLength, //in NULL, // in &isCorrect // out ); printf("Signature correct:%s\n", ( isCorrect ? "yes" : "no")); out_close: EVP_MD_CTX_destroy(mdctx); if( attributes != NULL) { for( i=0; i<(int)hDaaCredential->attributesLength; i++) { if( attributes[i] != NULL) free( attributes[i]); } free( attributes); } if( random != NULL) bi_free_ptr( random); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); out: bi_release(); LogDebug("THE END result=%d:%s",result, err_string( result) );; return result; }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_ReadTables06"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; UINT32 familyTableSize, delegateTableSize; TSS_FAMILY_TABLE_ENTRY *familyTable; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_TPM_Delegate_ReadTables(hContext, &familyTableSize, &familyTable, &delegateTableSize, NULL); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main_v1_2( char version ) { char *function = "Tspi_TPM_SetOperatorAuth01"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HKEY hSRK; TSS_HPOLICY hOperatorPolicy; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_OPERATOR, &hOperatorPolicy); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hOperatorPolicy, TESTSUITE_OPERATOR_SECRET_MODE, TESTSUITE_OPERATOR_SECRET_LEN, TESTSUITE_OPERATOR_SECRET); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_TPM_SetOperatorAuth( hTPM, hOperatorPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_SetOperatorAuth", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); }
int main_v1_1( void ) { char *function = "Tspi_Context_LoadKeyByBlob03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hMSigningKey; BYTE* migratableSignKeyBlob; UINT32 blobLength; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy; UINT32 exitCode = 0; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &srkUsagePolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set Secret result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret (1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif //Create Signing Key result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING, &hMSigningKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_CreateObject (signing key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey (Signing Key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // get blob result = Tspi_GetAttribData( hMSigningKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLength, &migratableSignKeyBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key Blob result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, blobLength, NULL, &hMSigningKey ); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = result; } else { print_error_nonapi( function, result ); exitCode = result; } } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
main_v1_2(char version){ char *nameOfFunction = "Tspi_TPM_KeyControlOwner01"; TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hSRK; TSS_HKEY hKey; TSS_HKEY hTargetPubKey; TSS_HPOLICY hTpmPolicy, hSrkPolicy; TSS_UUID Uuid; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory( hContext, NULL ); exit(result); } //Create Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Get TPM Object result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Requires Owner auth - get policy result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTpmPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject ", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Set Owner Secret result = Tspi_Policy_SetSecret(hTpmPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error("Tspi_Policy_SetSecret (Owner)", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Get SRK Key result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID ", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Requires SRK auth - get policy result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject ", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Set SRK Secret result = Tspi_Policy_SetSecret(hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error("Tspi_Policy_SetSecret (Owner)", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Create Key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Load key result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Key_LoadKey", result); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } //Set Ownerevict bit result = Tspi_TPM_KeyControlOwner(hTPM, hKey, TSS_TSPATTRIB_KEYCONTROL_OWNEREVICT, TRUE, &Uuid); if (result != TSS_SUCCESS) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(result); } else { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close(hContext); exit(0); } }
int TSPI_SealCurrPCR(TSS_HCONTEXT c, uint32_t keyhandle, uint32_t pcrmap, unsigned char *keyauth, unsigned char *dataauth, unsigned char *data, unsigned int datalen, unsigned char *blob, unsigned int *bloblen) { #define CHECK_ERROR(r,m) if (r != TSS_SUCCESS) { fprintf(stderr, m ": 0x%08x\n", r); return -1;} TSS_RESULT r = 0; TSS_HTPM tpm; TSS_HPCRS pcrComposite; TSS_UUID uuid; TSS_UUID srk_uuid = TSS_UUID_SRK; TSS_HKEY key; TSS_HENCDATA seal; TSS_HPOLICY key_policy, seal_policy; unsigned char *cipher; unsigned int cipher_len; /* Get the PCR values into composite object */ r = Tspi_Context_GetTpmObject(c, &tpm); CHECK_ERROR(r, "Error Getting TPM"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &pcrComposite); CHECK_ERROR(r, "Error Creating PCR-Composite"); r = Tspi_PcrComposite_SetPcrLocality(pcrComposite, TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR); CHECK_ERROR(r, "Error Setting Localities"); for (uint32_t pcrmask = 1, pcr = 0; pcr < NUM_PCRS; pcr++, pcrmask <<= 1) { if ((pcrmap & pcrmask) != 0) { uint32_t pcrval_size; uint8_t *pcrval; if (pcrvals[pcr] == NULL) { r = Tspi_TPM_PcrRead(tpm, pcr, &pcrval_size, &pcrval); CHECK_ERROR(r, "Error Reading PCR"); r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, pcrval_size, pcrval); CHECK_ERROR(r, "Error Setting Composite"); r = Tspi_Context_FreeMemory(c, pcrval); CHECK_ERROR(r, "Error Freeing Memory"); } else { pcrval = pcrvals[pcr]; r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, LEN, pcrval); CHECK_ERROR(r, "Error Setting Composite"); } } } /* Get the SRK and Policy Ready */ if (keyhandle = 0x40000000) { uuid = srk_uuid; } else { fprintf(stderr, "Error, only SRK currently supported\n"); r = 1; return -1; } r = Tspi_Context_LoadKeyByUUID(c, TSS_PS_TYPE_SYSTEM, uuid, &key); CHECK_ERROR(r, "Error Loading Key"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &key_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(key_policy, TSS_SECRET_MODE_SHA1, keylen, keyauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(key_policy, key); CHECK_ERROR(r, "Error Assigning Policy"); /* Get the Encdata Ready */ r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &seal); CHECK_ERROR(r, "Error Creating EncData"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &seal_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(seal_policy, TSS_SECRET_MODE_SHA1, keylen, dataauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(seal_policy, seal); CHECK_ERROR(r, "Error Assigning Policy"); /* Seal the Data */ r = Tspi_Data_Seal(seal, key, datalen, data, pcrComposite); CHECK_ERROR(r, "Error Sealing Data"); r = Tspi_GetAttribData(seal, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &cipher_len, &cipher); CHECK_ERROR(r, "Error Getting Sealed Data"); /* Return that stuff */ if (cipher_len > bloblen) { sprintf(stderr, "Internal Error, cipher too long"); r = 1; return -1; } memcpy(blob, cipher, cipher_len); *bloblen = cipher_len; /* Note: Do not even bother to return cipher directly. Would be freed during Context_Close anyways */ Tspi_Context_FreeMemory(c, cipher); return (r == 0)? 0 : -1; }
int main(int argc, char **argv) { RSA *rsa = NULL; TSS_HCONTEXT hContext; TSS_HKEY hKey, hSRK, hCAKey; TSS_HPOLICY hTPMPolicy, hidpol; TSS_UUID srkUUID = TSS_UUID_SRK; TSS_HPOLICY srkpol; TSS_HTPM hTPM; UINT32 idbloblen, ch; int ret,i, blobos, fd; BYTE *srkpass, *tpmpass; BYTE *blobo, *idblob; srkpass = tpmpass = NULL; while ((ch = getopt(argc, argv, "hs:t:")) != -1) { switch (ch) { case 's': srkpass = optarg; break; case 't': tpmpass = optarg; break; case 'h': default: usage(argv[0]); break; } } if (!srkpass || !tpmpass) usage(argv[0]); /* create context and connect */ ret = Tspi_Context_Create(&hContext); check_fail("context create", ret); ret = Tspi_Context_Connect(hContext, NULL); check_fail("context connect", ret); ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID, &hSRK); check_fail("loadkeybyuuid", ret); ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol); check_fail("get policy object", ret); //ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234"); ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, strlen(srkpass), srkpass); check_fail("policy set secret", ret); ret = Tspi_Context_GetTpmObject(hContext, &hTPM); check_fail("get policy object", ret); //Insert the owner auth into the TPM's policy ret = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy); check_fail("get tpm policy", ret); ret = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN, strlen(tpmpass), tpmpass); check_fail("set owner secret", ret); ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, //TSS_KEY_TYPE_STORAGE TSS_KEY_TYPE_IDENTITY //TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE | TSS_KEY_VOLATILE , &hKey); check_fail("create object - key", ret); ret = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hidpol); check_fail("get id key policy", ret); ret = Tspi_Policy_SetSecret(hidpol, TSS_SECRET_MODE_PLAIN, strlen(srkpass), srkpass); check_fail("set idkey secret", ret); /* We must create this fake privacy CA key in software so that * Tspi_TPM_CollateIdentityRequest will happily work. It needs it to * create the cert request which is required in a normal remote * attestion procedure. It is not needed in our setup though. */ ret = make_fake_key(hContext, &hCAKey, &rsa, RSA_PKCS1_OAEP_PADDING); check_fail("ca nonsense", ret); /* We do not care about idblob - that is the certificate request that * we are supposed to send to our CA in normal remote attestation. The * fifth argument is our identity label (it is supposed to be unicode). */ ret = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hCAKey, 8, "id label", hKey, TSS_ALG_3DES, &idbloblen, &idblob); check_fail("collate id", ret); blobo = NULL; /*ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobos, &blobo);*/ ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blobos, &blobo); check_fail("get blob", ret); if (!blobo) { Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); FATAL("no blobo"); } printf("size: %d\n", blobos); for (i = 0;i < blobos; i++) { printf("\\x%x", blobo[i]); } printf("\n"); fd = open("key.blob", O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd == -1) { Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); FATAL("Open\n"); } ret = write(fd, blobo, blobos); if (ret != blobos) printf("Warning: couldn't write the whole key\n"); close(fd); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return 0; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }
main_v1_2(char version) { TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTpmUsagePolicy; TSS_FLAG initFlags; TSS_HKEY hSrcKey; TSS_HKEY hDestKey; TSS_HKEY hMaKey[MA_KEY_COUNT]; TSS_HKEY hCmkKey; TSS_HKEY hNewKey; TSS_HMIGDATA hMigData; TSS_HHASH hHash; UINT32 blobSize; BYTE *blob; UINT32 randomSize; BYTE *random; int i; TSS_RESULT result; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); exit(result); } //Get TPM Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Set Secret result = Tspi_Policy_SetSecret(hTpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create Overall Source Parent key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hSrcKey); tc_create_key(hContext, hSrcKey, hSRK, initFlags); tc_load_key(hContext, hSrcKey, hSRK); /***** Create Overall Destination Parent key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hDestKey); tc_create_key(hContext, hDestKey, hSRK, initFlags); tc_load_key(hContext, hDestKey, hSRK); /***** Create MAs and MSA list *****/ //Create MigData Object tc_create_object(hContext, TSS_OBJECT_TYPE_MIGDATA, 0, &hMigData); for (i = 0; i < MA_KEY_COUNT; i++) { //Create Key Object initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hMaKey[i]); tc_create_key(hContext, hMaKey[i], hSrcKey, initFlags); //Get PubKey Blob tc_get_attribdata(hContext, hMaKey[i], TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); //Add PubKey Blob to the MSA list tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_MSALIST_PUBKEY_BLOB, blobSize, blob); } //Grant Owner Approval of MAs result = Tspi_TPM_CMKApproveMA(hTPM, hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKApproveMA", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a CMK ****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hCmkKey); //Get and Assign MA/MSA information tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA, TSS_MIGATTRIB_AUTHORITY_DIGEST, &blobSize, &blob); tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO, TSS_TSPATTRIB_KEYINFO_CMK_MA_DIGEST, blobSize, blob); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_AUTHORITY_DATA, TSS_MIGATTRIB_AUTHORITY_APPROVAL_HMAC, &blobSize, &blob); tc_set_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_CMKINFO, TSS_TSPATTRIB_KEYINFO_CMK_MA_APPROVAL, blobSize, blob); tc_create_key(hContext, hCmkKey, hSrcKey, initFlags); /***** Authorize migration to the Dest key *****/ //Authorize Migration Ticket result = Tspi_TPM_AuthorizeMigrationTicket(hTPM, hDestKey, TSS_MS_RESTRICT_APPROVE_DOUBLE, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_AuthorizeMigrationTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONTICKET, 0, blobSize, blob); /***** Sign the migration ticket *****/ //Get PubKey Blob of CMK tc_get_attribdata(hContext, hCmkKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_SOURCE_PUBKEY_BLOB, blobSize, blob); //Get PubKey Blob of destination CMK parent tc_get_attribdata(hContext, hDestKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_DESTINATION_PUBKEY_BLOB, blobSize, blob); //Get PubKey Blob of MA tc_get_attribdata(hContext, hMaKey[0], TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobSize, &blob); tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIGRATIONBLOB, TSS_MIGATTRIB_MIG_AUTHORITY_PUBKEY_BLOB, blobSize, blob); //Get Ticket Signature Data tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_GetHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Verify Key tc_load_key(hContext, hMaKey[0], hSrcKey); //Generate Ticket Signature result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_Sign", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket Signature tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA, TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob); //Create Ticket result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a migration blob *****/ //Create Blob result = Tspi_Key_CMKCreateBlob(hCmkKey, hSrcKey, hMigData, &randomSize, &random); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateBlob", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Create a CMK ticket for the destination TPM *****/ //We are using the same TPM so the next steps are not necessary, but are //done for procedural info //Get Ticket Signature Data tc_create_object(hContext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hHash); tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_AUTHORITY_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_DESTINATION_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } tc_get_attribdata(hContext, hMigData, TSS_MIGATTRIB_MIG_AUTH_DATA, TSS_MIGATTRIB_MIG_AUTH_SOURCE_DIGEST, &blobSize, &blob); result = Tspi_Hash_UpdateHashValue(hHash, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_UpdateHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Hash_GetHashValue(hHash, &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_GetHashValue", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Load Verify Key tc_load_key(hContext, hMaKey[0], hSrcKey); //Generate Ticket Signature result = Tspi_Hash_Sign(hHash, hMaKey[0], &blobSize, &blob); if (result != TSS_SUCCESS) { print_error("Tspi_Hash_Sign", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Save Ticket Signature tc_set_attribdata(hContext, hMigData, TSS_MIGATTRIB_TICKET_DATA, TSS_MIGATTRIB_TICKET_SIG_VALUE, blobSize, blob); //Create Ticket result = Tspi_TPM_CMKCreateTicket(hTPM, hMaKey[0], hMigData); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_CMKCreateTicket", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } /***** Migrate the key *****/ initFlags = TSS_KEY_STRUCT_KEY12 | TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_MIGRATABLE | TSS_KEY_CERTIFIED_MIGRATABLE; tc_create_object(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hNewKey); result = Tspi_Key_CMKConvertMigration(hNewKey, hDestKey, hMigData, randomSize, random); if (result != TSS_SUCCESS) { if (!checkNonAPI(result)) { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } else { print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); } } tc_load_key(hContext, hNewKey, hDestKey); print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); }
int load_tpm_key(struct openconnect_info *vpninfo, gnutls_datum_t *fdata, gnutls_privkey_t *pkey, gnutls_datum_t *pkey_sig) { static const TSS_UUID SRK_UUID = TSS_UUID_SRK; gnutls_datum_t asn1; unsigned int tss_len; char *pass; int ofs, err; err = gnutls_pem_base64_decode_alloc("TSS KEY BLOB", fdata, &asn1); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Error decoding TSS key blob: %s\n"), gnutls_strerror(err)); return -EINVAL; } /* Ick. We have to parse the ASN1 OCTET_STRING for ourselves. */ if (asn1.size < 2 || asn1.data[0] != 0x04 /* OCTET_STRING */) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = asn1.data[1]; ofs = 2; if (tss_len & 0x80) { int lenlen = tss_len & 0x7f; if (asn1.size < 2 + lenlen || lenlen > 3) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } tss_len = 0; while (lenlen) { tss_len <<= 8; tss_len |= asn1.data[ofs++]; lenlen--; } } if (tss_len + ofs != asn1.size) { vpn_progress(vpninfo, PRG_ERR, _("Error in TSS key blob\n")); goto out_blob; } err = Tspi_Context_Create(&vpninfo->tpm_context); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create TPM context: %s\n"), Trspi_Error_String(err)); goto out_blob; } err = Tspi_Context_Connect(vpninfo->tpm_context, NULL); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to connect TPM context: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_Context_LoadKeyByUUID(vpninfo->tpm_context, TSS_PS_TYPE_SYSTEM, SRK_UUID, &vpninfo->srk); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK key: %s\n"), Trspi_Error_String(err)); goto out_context; } err = Tspi_GetPolicyObject(vpninfo->srk, TSS_POLICY_USAGE, &vpninfo->srk_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM SRK policy object: %s\n"), Trspi_Error_String(err)); goto out_srk; } pass = vpninfo->cert_password; vpninfo->cert_password = NULL; while (1) { static const char nullpass[20]; /* We don't seem to get the error here... */ if (pass) err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (BYTE *)pass); else /* Well-known NULL key */ err = Tspi_Policy_SetSecret(vpninfo->srk_policy, TSS_SECRET_MODE_SHA1, sizeof(nullpass), (BYTE *)nullpass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set TPM PIN: %s\n"), Trspi_Error_String(err)); goto out_srkpol; } free(pass); /* ... we get it here instead. */ err = Tspi_Context_LoadKeyByBlob(vpninfo->tpm_context, vpninfo->srk, tss_len, asn1.data + ofs, &vpninfo->tpm_key); if (!err) break; if (pass) vpn_progress(vpninfo, PRG_ERR, _("Failed to load TPM key blob: %s\n"), Trspi_Error_String(err)); if (err != TPM_E_AUTHFAIL) goto out_srkpol; err = request_passphrase(vpninfo, "openconnect_tpm_srk", &pass, _("Enter TPM SRK PIN:")); if (err) goto out_srkpol; } #ifdef HAVE_GNUTLS_CERTIFICATE_SET_KEY gnutls_privkey_init(pkey); /* This would be nicer if there was a destructor callback. I could allocate a data structure with the TPM handles and the vpninfo pointer, and destroy that properly when the key is destroyed. */ gnutls_privkey_import_ext(*pkey, GNUTLS_PK_RSA, vpninfo, tpm_sign_fn, NULL, 0); #else *pkey = OPENCONNECT_TPM_PKEY; #endif retry_sign: err = sign_dummy_data(vpninfo, *pkey, fdata, pkey_sig); if (err == GNUTLS_E_INSUFFICIENT_CREDENTIALS) { if (!vpninfo->tpm_key_policy) { err = Tspi_Context_CreateObject(vpninfo->tpm_context, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &vpninfo->tpm_key_policy); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to create key policy object: %s\n"), Trspi_Error_String(err)); goto out_key; } err = Tspi_Policy_AssignToObject(vpninfo->tpm_key_policy, vpninfo->tpm_key); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to assign policy to key: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } } err = request_passphrase(vpninfo, "openconnect_tpm_key", &pass, _("Enter TPM key PIN:")); if (err) goto out_key_policy; err = Tspi_Policy_SetSecret(vpninfo->tpm_key_policy, TSS_SECRET_MODE_PLAIN, strlen(pass), (void *)pass); free (pass); if (err) { vpn_progress(vpninfo, PRG_ERR, _("Failed to set key PIN: %s\n"), Trspi_Error_String(err)); goto out_key_policy; } goto retry_sign; } free (asn1.data); return 0; out_key_policy: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key_policy); vpninfo->tpm_key_policy = 0; out_key: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->tpm_key); vpninfo->tpm_key = 0; out_srkpol: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk_policy); vpninfo->srk_policy = 0; out_srk: Tspi_Context_CloseObject(vpninfo->tpm_context, vpninfo->srk); vpninfo->srk = 0; out_context: Tspi_Context_Close(vpninfo->tpm_context); vpninfo->tpm_context = 0; out_blob: free (asn1.data); return -EIO; }
int tpm_load_srk(UI_METHOD *ui, void *cb_data) { TSS_RESULT result; UINT32 authusage; BYTE *auth; UINT32 auth_size; UINT32 srk_secret_mode = secret_mode; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); return 1; } if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &authusage))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if (!authusage) { DBG("SRK has no auth associated with it."); return 1; } /* If hSRKPolicy is non 0, then a policy object for the SRK has already * been set up by engine pre/post commands. Just assign it to the SRK. * Otherwise, we need to get the SRK's implicit policy and prompt for a * secret */ if (hSRKPolicy) { DBG("Found an already initialized SRK policy, using it"); if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } return 1; } if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((auth = calloc(1, 128)) == NULL) { TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); return 0; } if (!srk_zeroed) { if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", cb_data)) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); } auth_size = strlen((char *)auth); } else { auth_size = sizeof(well_known_secret); memcpy(auth, well_known_secret, auth_size); srk_secret_mode = TSS_SECRET_MODE_SHA1; } /* secret_mode is a global that may be set by engine ctrl * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, srk_secret_mode, auth_size, auth))) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } free(auth); return 1; }
main_v1_1(void){ char *nameOfFunction = "policy_no_secret"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_BOOL allowMaint = FALSE; BYTE *randomData; TSS_HPOLICY srkUsagePolicy, tpmUsagePolicy; print_begin_test(nameOfFunction); #ifdef TESTSUITE_NOAUTH_SRK print_NA(); print_end_test(nameOfFunction); exit(0); #endif //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Create Policy Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &srkUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Assign new policy w/o secret to the SRK object result = Tspi_Policy_AssignToObject(srkUsagePolicy, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_Close(hContext); exit(result); } //Create child key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_512|TSS_KEY_TYPE_BIND| TSS_KEY_NO_AUTHORIZATION, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } // Attempt to use the SRK w/o putting a secret in its policy result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Key creation w/o parent secret set", result); print_error(nameOfFunction, result); Tspi_Context_Close(hContext); exit(result); } else { print_success("Key creation w/o parent secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } // With a secret set, this should work OK result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_Close(hContext); exit(result); } // Try an owner auth'd command w/o secret result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_Close(hContext); exit(result); } //Get Policy Object result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &tpmUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Set Secret mode to none result = Tspi_Policy_SetSecret(tpmUsagePolicy, TSS_SECRET_MODE_NONE, 0, NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_error("Tspi_TPM_GetStatus w/o owner secret set", result); Tspi_Context_Close(hContext); exit(result); } else { print_success("TPM_GetStatus w/o owner secret set", result); } //Set Secret result = Tspi_Policy_SetSecret(tpmUsagePolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } result = Tspi_TPM_GetStatus(hTPM, TSS_TPMSTATUS_ALLOWMAINTENANCE, &allowMaint); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_GetStatus", result); Tspi_Context_Close(hContext); exit(result); } print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(result); }
static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, UI_METHOD *ui, void *cb_data) { ASN1_OCTET_STRING *blobstr; TSS_HKEY hKey; TSS_RESULT result; UINT32 authusage; RSA *rsa; EVP_PKEY *pkey; BIO *bf; DBG("%s", __FUNCTION__); if (!key_id) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (!tpm_load_srk(ui, cb_data)) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_SRK_LOAD_FAILED); return NULL; } if ((bf = BIO_new_file(key_id, "r")) == NULL) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_FILE_NOT_FOUND); return NULL; } blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING, "TSS KEY BLOB", bf, NULL, NULL, NULL); if (!blobstr) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_FILE_READ_FAILED); BIO_free(bf); return NULL; } BIO_free(bf); DBG("Loading blob of size: %d", blobstr->length); if ((result = Tspi_Context_LoadKeyByBlob(hContext, hSRK, blobstr->length, blobstr->data, &hKey))) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } ASN1_OCTET_STRING_free(blobstr); if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &authusage))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } if (authusage) { TSS_HPOLICY hPolicy; BYTE *auth; if ((auth = calloc(1, 128)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } if (!tpm_engine_get_auth(ui, (char *)auth, 128, "TPM Key Password: ", cb_data)) { Tspi_Context_CloseObject(hContext, hKey); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolicy))) { Tspi_Context_CloseObject(hContext, hKey); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Policy_AssignToObject(hPolicy, hKey))) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_CloseObject(hContext, hPolicy); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, strlen((char *)auth), auth))) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_CloseObject(hContext, hPolicy); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } free(auth); } /* create the new objects to return */ if ((pkey = EVP_PKEY_new()) == NULL) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } pkey->type = EVP_PKEY_RSA; if ((rsa = RSA_new()) == NULL) { EVP_PKEY_free(pkey); Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } rsa->meth = &tpm_rsa; /* call our local init function here */ rsa->meth->init(rsa); pkey->pkey.rsa = rsa; if (!fill_out_rsa_object(rsa, hKey)) { EVP_PKEY_free(pkey); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } EVP_PKEY_assign_RSA(pkey, rsa); return pkey; }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_UpdateVerificationCount-trans03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hWrappingKey; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation1 = NULL_HPOLICY; TSS_HPOLICY hDelegation2 = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", (result) ); goto done; } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", (result) ); goto done; } result = Tspi_Policy_SetSecret( hDelegation1, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", (result) ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', 0, NULL_HPCRS, hFamily, hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation2); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", (result) ); goto done; } result = Tspi_Policy_SetSecret( hDelegation2, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", (result) ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT, NULL_HPCRS, hFamily, hDelegation2); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) ); goto done; } result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, hDelegation1); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_UpdateVerificationCount", (result) ); goto done; } result = Testsuite_Transport_Final(hContext, 0); if ( result != TSS_SUCCESS ) { print_error( "Testsuite_Transport_Final", (result) ); goto done; } else { print_success( function, result ); } print_end_test( function ); done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_GetFamily05"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM, hTPM2; TSS_HPOLICY hTPMPolicy; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY, hFamily2; UINT32 familyID, returnedID; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_GetAttribUint32(hFamily, TSS_TSPATTRIB_DELFAMILY_INFO, TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID, &familyID); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( "Tspi_TPM_GetAttribUint32", result ); } else { print_error_nonapi( "Tspi_TPM_GetAttribUint32", result ); } goto done; } /* Keep hTPM to invalidate family and then set it to NULL */ hTPM2 = hTPM; hTPM = NULL_HTPM; /* Keep family address */ hFamily2 = hFamily; result = Tspi_TPM_Delegate_GetFamily(hTPM, familyID, &hFamily); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2); print_error( function, result ); result = 1; goto done; } else { Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2); print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_CreateDelegation02"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM; TSS_HPOLICY hTPMPolicy; TSS_HPOLICY hDelegation = NULL_HPOLICY; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject", result ); goto done; } result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE, TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER1, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO, TSS_TSPATTRIB_POLDEL_PER2, 0); if ( result != TSS_SUCCESS ) { print_error( "Tspi_SetAttribUint32", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_TPM_Delegate_CreateDelegation(0xffffffff, 'b', 0, NULL_HPCRS, hFamily, hDelegation); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { print_error( function, result ); result = 1; goto done; } else { print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int main_v1_2(char version) { char *nameOfFunction = "Tspi_Nv_ReadValue-trans03"; TSS_HCONTEXT hContext = NULL_HCONTEXT; TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE TSS_HOBJECT hPolObject = NULL_HOBJECT; TSS_HPOLICY hPolicy = NULL_HPOLICY; TSS_HTPM hTPM = NULL_HTPM; BYTE *auth = "123456"; UINT32 auth_length = 6; BYTE *policyData; UINT32 read_space = 10; TSS_RESULT result; TSS_HKEY hWrappingKey, hSRK; print_begin_test(nameOfFunction); result = connect_load_all(&hContext, &hSRK, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey, NULL); if (result != TSS_SUCCESS) { print_error("Testsuite_Transport_Init", result); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifdef NV_LOCKED /* Get TPM object */ result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif /* Create policy object for the NV object*/ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set password */ result = Tspi_Policy_AssignToObject(hPolObject, hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the permission for the index. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting permission", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the data size to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting data size", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /*Define NV space*/ result = Tspi_NV_DefineSpace(hNVStore, 0, 0); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext,NULL); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Create TPM NV object */ result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } /* Set the index to be defined. */ result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32 for setting NV index", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData); #ifdef CLEAR_TEST_INDEX Tspi_Context_GetTpmObject(hContext, &hTPM); Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET); Tspi_NV_ReleaseSpace(hNVStore); #endif #ifdef NV_LOCKED if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT) #else if (result != TSS_SUCCESS) #endif { print_error("Tspi_NV_ReadValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Testsuite_Transport_Final(hContext, 0); if (result == TSS_SUCCESS) { print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } else { print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); if ( result == TSS_SUCCESS ) exit(-1); exit(result); } }