TSS_RESULT
make_fake_key(TSS_HCONTEXT hContext, TSS_HKEY *hCAKey, RSA **rsa, int padding)
{
TSS_RESULT result;
UINT32 encScheme, size_n, pub_size;
BYTE n[2048];
TCPA_PUBKEY pubkey;
UINT32 blob_size, size;
BYTE *blob, pub_blob[1024];
switch (padding) {
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
//Create CA Key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, hCAKey);
if (result != TSS_SUCCESS) {
check("Tspi_Context_CreateObject", result);
return result;
}
// generate a software key to represent the CA's key
if ((*rsa = RSA_generate_key(2048, 65537, NULL, NULL)) == NULL) {
ERR_print_errors_fp(stdout);
return 254; // ?
}
// get the pub CA key
if ((size_n = BN_bn2bin((*rsa)->n, n)) <= 0) {
fprintf(stderr, "BN_bn2bin failed\n");
ERR_print_errors_fp(stdout);
RSA_free(*rsa);
return 254; // ?
}
result = Tspi_GetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob);
if (result != TSS_SUCCESS) {
check("Tspi_GetAttribData", result);
return result;
}
pub_size = blob_pubkey(pub_blob, 1024, blob, blob_size, n, size_n);
result = Tspi_SetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pub_size, pub_blob);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribData", result);
return result;
}
// set the CA key's algorithm
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM,
TSS_ALG_RSA);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's number of primes
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_PRIMES,
2);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's encryption scheme
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
encScheme);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
return TSS_SUCCESS;
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_DefineSpace-trans03";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
TSS_RESULT result;
TSS_HKEY hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifdef NV_LOCKED
/* Get TPM object */
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS)
{
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011101);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
#ifdef CLEAR_TEST_INDEX
Tspi_NV_ReleaseSpace(hNVStore);
#endif
if (result != TSS_SUCCESS)
{
print_error("Tspi_NV_DefineSpace", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result== TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error("Tspi_NV_DefineSpace", result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
/* create a new key. we need a way to specify creation of a key with OAEP
* padding as well as PKCSv1.5, since signatures will need to be done on
* data larger than 20 bytes, which is the max size *regardless of key size*
* for an OAEP key signing using the TPM */
static int tpm_rsa_keygen(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
{
TSS_RESULT result;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY;
UINT32 encScheme, sigScheme;
TSS_HKEY hKey;
/* XXX allow this to be specified through pre commands */
sigScheme = TSS_SS_RSASSAPKCS1V15_DER;
encScheme = TSS_ES_RSAESPKCSV15;
DBG("%s", __FUNCTION__);
if (!BN_is_word(e, 65537)) {
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_INVALID_EXPONENT);
return 0;
}
/* set e in the RSA object as done in the built-in openssl function */
if (!rsa->e && ((rsa->e = BN_new()) == NULL)) {
TSSerr(TPM_F_TPM_RSA_KEYGEN, ERR_R_MALLOC_FAILURE);
return 0;
}
BN_copy(rsa->e, e);
switch (bits) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_INVALID_KEY_SIZE);
return 0;
}
/* Load the parent key (SRK) which will wrap the new key */
if (!tpm_load_srk(NULL, NULL)) {
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_SRK_LOAD_FAILED);
return 0;
}
/* Create the new key object */
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
/* set the signature scheme */
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sigScheme))) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
/* set the encryption scheme */
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
encScheme))) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
/* Call create key using the new object */
if ((result = Tspi_Key_CreateKey(hKey, hSRK, NULL_HPCRS))) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
if (!fill_out_rsa_object(rsa, hKey)) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
/* Load the key into the chip so other functions don't need to */
if ((result = Tspi_Key_LoadKey(hKey, hSRK))) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
int
main_v1_2( char version )
{
char *function = "policy_check_lifetime04";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
TSS_BOOL state;
TSS_RESULT result;
UINT32 remainingTimer;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Retrieve TPM object of context
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sets the policy Lifetime Timer
result = Tspi_SetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, TIMER );
if (result != TSS_SUCCESS){
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Sets the secret and fires the timer
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Ensure Secret usages is not always
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer);
if ( result != TSS_SUCCESS || (remainingTimer) ){
if ( remainingTimer ){
fprintf( stderr, "\tError: Policy Usage is set as always: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_Policy_SetSecret", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - first call within TIMER seconds
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(1)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sleeps for TIMER - 3 seconds
fprintf( stdout, "Sleeping for %u seconds\n", TIMER-3);
sleep( TIMER - 3 );
//Ensures the usage timer has decremented
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, &remainingTimer);
if ( result != TSS_SUCCESS || (remainingTimer <= TIMER-3)){
if ( remainingTimer <= TIMER-3 ){
fprintf( stderr, "\tError: Invalid policy timer after usage: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sets the policy Lifetime as always
result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, 0);
if (result != TSS_SUCCESS){
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Ensure Secret usages is always
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer);
if ( result != TSS_SUCCESS || (!remainingTimer) ){
if ( !remainingTimer ){
fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - second call
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(2)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - third call
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(3)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - fourth call
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(4)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Ensure Secret usages is always
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer);
if ( result != TSS_SUCCESS || (!remainingTimer) ){
if ( !remainingTimer ){
fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
print_success( function, result);
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
int
main_v1_2( char version )
{
char * function = "Tspi_SetAttribUint3208";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTpmPolicy;
UINT32 ordinal = TPM_ORD_CreateWrapKey, subCap, pulRespLen;
TSS_RESULT result;
BYTE* prgbRespData;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hTpmPolicy);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_createObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret(hTpmPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_AssignToObject(hTpmPolicy, hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_AssignToObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
/* Check if ordinal auditing is supported on this TPM */
result = Testsuite_Is_Ordinal_Supported(hTPM, TPM_ORD_SetOrdinalAuditStatus);
if (result != TSS_SUCCESS) {
fprintf(stderr, "%s: TPM doesn't support auditing, returning success\n", __FILE__);
print_success( function, TSS_SUCCESS );
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
//Call SetAttribUint32
result = Tspi_SetAttribUint32(hTPM,
TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS,
TPM_CAP_PROP_TPM_SET_ORDINAL_AUDIT,
ordinal);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Call SetAttribUint32
result = Tspi_SetAttribUint32(hTPM,
TSS_TSPATTRIB_TPM_ORDINAL_AUDIT_STATUS,
TPM_CAP_PROP_TPM_CLEAR_ORDINAL_AUDIT,
ordinal);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( 0 );
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_ReadValue-trans03";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HOBJECT hPolObject = NULL_HOBJECT;
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
BYTE *auth = "123456";
UINT32 auth_length = 6;
BYTE *policyData;
UINT32 read_space = 10;
TSS_RESULT result;
TSS_HKEY hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifdef NV_LOCKED
/* Get TPM object */
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
if (result != TSS_SUCCESS)
{
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
/* Create policy object for the NV object*/
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_AssignToObject(hPolObject, hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x42000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext,NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011141);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_NV_ReadValue(hNVStore,/*read_offset*/0, &read_space, &policyData);
#ifdef CLEAR_TEST_INDEX
Tspi_Context_GetTpmObject(hContext, &hTPM);
Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
Tspi_NV_ReleaseSpace(hNVStore);
#endif
#ifdef NV_LOCKED
if (TSS_ERROR_CODE(result) != TPM_E_AUTH_CONFLICT)
#else
if (result != TSS_SUCCESS)
#endif
{
print_error("Tspi_NV_ReadValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, 0);
if (result == TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
int
main_v1_1( void )
{
char *function = "Tspi_Data_Unbind05";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hKey;
TSS_HPOLICY hSrkPolicy;
BYTE *prgbDataToUnBind;
TSS_HENCDATA hEncData;
UINT32 pulDataLength;
BYTE rgbDataToBind[DATA_SIZE], *rgbEncryptedData = NULL;
UINT32 ulDataLength = DATA_SIZE, ulEncryptedDataLength = 0;
TSS_UUID uuid;
TSS_RESULT result;
UINT32 exitCode;
TSS_FLAG initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test( function );
memset (rgbDataToBind, 0x5a, DATA_SIZE);
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// create hKey
result = Tspi_Context_CreateObject( hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject( hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND, &hEncData );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hEncData)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
result = Tspi_SetAttribUint32( hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
TSS_ES_RSAESPKCSV15 );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_SetAtttribUint32", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey( hKey, hSRK, 0 );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Load the newly created key
result = Tspi_Key_LoadKey( hKey, hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_LoadKey", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
printf("Data before binding:\n");
print_hex(rgbDataToBind, ulDataLength);
result = Tspi_Data_Bind( hEncData, hKey, ulDataLength, rgbDataToBind );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Data_Bind", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&ulEncryptedDataLength, &rgbEncryptedData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
printf("Data after encrypting:\n");
print_hex(rgbEncryptedData, ulEncryptedDataLength);
result = Tspi_Data_Unbind( hEncData, hKey, &pulDataLength,
&prgbDataToUnBind );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
printf("Data after unbinding:\n");
print_hex(prgbDataToUnBind, pulDataLength);
if (pulDataLength != ulDataLength) {
printf("ERROR: Size of decrypted data does not match! "
"(%u != %u)\n", pulDataLength, ulDataLength);
} else if (memcmp(prgbDataToUnBind, rgbDataToBind, ulDataLength)) {
printf("ERROR: Content of decrypted data does not match!\n");
} else {
print_success( function, result );
exitCode = 0;
}
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int
main (int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_HNVSTORE hNV;
FILE *f_out;
UINT32 blobLen;
UINT32 nvIndex = TSS_NV_DEFINED|TPM_NV_INDEX_EKCert;
UINT32 offset;
UINT32 ekOffset;
UINT32 ekbufLen;
BYTE *ekbuf;
BYTE *blob;
UINT32 tag, certType;
int result;
if (argc != 2) {
printf ("Usage: %s outfilename\n", argv[0]);
exit (1);
}
if ((f_out = fopen (argv[1], "wb")) == NULL) {
printf ("Unable to open '%s' for output\n", argv[1]);
exit (1);
}
result = Tspi_Context_Create(&hContext); CKERR;
result = Tspi_Context_Connect(hContext, NULL); CKERR;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0, &hNV); CKERR;
result = Tspi_SetAttribUint32(hNV, TSS_TSPATTRIB_NV_INDEX, 0, nvIndex); CKERR;
/* Try reading certificate header from NV memory */
blobLen = 5;
result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob);
if (result != TSS_SUCCESS) {
/* Try again with authorization */
TSS_HPOLICY hNVPolicy;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hNVPolicy); CKERR;
result = Tspi_Policy_SetSecret(hNVPolicy, TSS_SECRET_MODE_POPUP, 0, NULL); CKERR;
result = Tspi_Policy_AssignToObject(hNVPolicy, hNV); CKERR;
blobLen = 5;
result = Tspi_NV_ReadValue(hNV, 0, &blobLen, &blob);
}
if (result != TSS_SUCCESS) {
printf ("Unable to read EK Certificate from TPM\n");
goto error;
}
if (blobLen < 5)
goto parseerr;
tag = (blob[0]<<8) | blob[1];
if (tag != TCG_TAG_PCCLIENT_STORED_CERT)
goto parseerr;
certType = blob[2];
if (certType != TCG_FULL_CERT)
goto parseerr;
ekbufLen = (blob[3]<<8) | blob[4];
/* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */
offset = 5;
blobLen = 2;
result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR;
if (blobLen < 2)
goto parseerr;
tag = (blob[0]<<8) | blob[1];
if (tag == TCG_TAG_PCCLIENT_FULL_CERT) {
offset += 2;
ekbufLen -= 2;
} else if (blob[0] != 0x30) /* Marker of cert structure */
goto parseerr;
/* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */
/* Read cert from chip in pieces - too large requests may fail */
ekbuf = malloc(ekbufLen);
ekOffset = 0;
while (ekOffset < ekbufLen) {
blobLen = ekbufLen-ekOffset;
if (blobLen > BSIZE)
blobLen = BSIZE;
result = Tspi_NV_ReadValue(hNV, offset, &blobLen, &blob); CKERR;
memcpy (ekbuf+ekOffset, blob, blobLen);
/* result = Tspi_Context_FreeMemory (hContext, blob); CKERR; */
offset += blobLen;
ekOffset += blobLen;
}
fwrite (ekbuf, 1, ekbufLen, f_out);
fclose (f_out);
printf ("Success!\n");
return 0;
error:
printf ("Failure, error code: 0x%x\n", result);
return 1;
parseerr:
printf ("Failure, unable to parse certificate store structure\n");
return 2;
}
int
main_v1_1( void )
{
char *function = "Tspi_SetAttribUint3205";
TSS_HKEY hParentKey;
TSS_HCONTEXT hContext;
TSS_RESULT result;
UINT32 exitCode;
TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING |
TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Create and initialize empty object
result = Tspi_Context_CreateObject( hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hParentKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (parent key)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Set uint, no encryption, key enc scheme
result = Tspi_SetAttribUint32( hParentKey,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_USAGE,
-1 );
if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_ATTRIB_DATA )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
print_success( function, result );
exitCode = 0;
}
// Set uint, key sig scheme
result = Tspi_SetAttribUint32( hParentKey,
TSS_TSPATTRIB_KEY_REGISTER,
0, -1 );
if ( TSS_ERROR_CODE(result) != TSS_E_INVALID_ATTRIB_DATA )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_CacheOwnerDelegation-trans01";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hSigningKey, hWrappingKey;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HPOLICY hDelegation = NULL_HPOLICY;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error("connect_load_all", result);
goto done;
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, FALSE, &hWrappingKey,
&hSigningKey);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", result );
goto done;
}
result = Tspi_SetAttribUint32(hFamily, TSS_TSPATTRIB_DELFAMILY_STATE,
TSS_TSPATTRIB_DELFAMILYSTATE_ENABLED, TRUE);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', 0, NULL_HPCRS, hFamily, hDelegation);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_CreateDelegation", result );
goto done;
}
/* Cache the owner delegation in row 0 */
result = Tspi_TPM_Delegate_CacheOwnerDelegation(hTPM, hDelegation, 0,
TSS_DELEGATE_CACHEOWNERDELEGATION_OVERWRITEEXISTING);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_CacheOwnerDelegation", result );
goto done;
}
result = Testsuite_Transport_Final(hContext, hSigningKey);
if ( result != TSS_SUCCESS )
{
print_error( "Testsuite_Transport_Final", result );
goto done;
}
else
{
print_success( function, result );
}
print_end_test( function );
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
int main(int argc, char **argv)
{
TSS_HTPM hTpm;
TSS_HNVSTORE nvObject;
TSS_FLAG fNvAttrs;
TSS_HPOLICY hTpmPolicy, hDataPolicy;
int iRc = -1;
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
int opswd_len = -1;
int dpswd_len = -1;
struct option hOpts[] = {
{"index" , required_argument, NULL, 'i'},
{"size" , required_argument, NULL, 's'},
{"permissions" , required_argument, NULL, 'p'},
{"pwdo" , optional_argument, NULL, 'o'},
{"pwda" , optional_argument, NULL, 'a'},
{"use-unicode" , no_argument, NULL, 'u'},
{"data-well-known" , no_argument, NULL, 'z'},
{"owner-well-known", no_argument, NULL, 'y'},
{NULL , no_argument, NULL, 0},
};
initIntlSys();
if (genericOptHandler
(argc, argv, "i:s:p:o:a:yzu", hOpts,
sizeof(hOpts) / sizeof(struct option), parse, help) != 0)
goto out;
if (end) {
iRc = 0;
goto out;
}
if (!nvindex_set) {
logError(_("You must provide an index for the NVRAM area.\n"));
goto out;
}
if (nvperm == 0 &&
(UINT32)nvindex != TPM_NV_INDEX_LOCK &&
(UINT32)nvindex != TPM_NV_INDEX0) {
logError(_("You must provide permission bits for the NVRAM area.\n"));
goto out;
}
logDebug("permissions = 0x%08x\n", nvperm);
if (contextCreate(&hContext) != TSS_SUCCESS)
goto out;
if (contextConnect(hContext) != TSS_SUCCESS)
goto out_close;
if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
goto out_close;
fNvAttrs = 0;
if (contextCreateObject(hContext,
TSS_OBJECT_TYPE_NV,
fNvAttrs,
&nvObject) != TSS_SUCCESS)
goto out_close;
if (askOwnerPass) {
ownerpass = _GETPASSWD(_("Enter owner password: "******"Failed to get owner password\n"));
goto out_close;
}
}
if (ownerpass || ownerWellKnown) {
if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
goto out_close;
if (ownerpass) {
if (opswd_len < 0)
opswd_len = strlen(ownerpass);
if (policySetSecret(hTpmPolicy, opswd_len,
(BYTE *)ownerpass) != TSS_SUCCESS)
goto out_close;
} else {
if (policySetSecret(hTpmPolicy, TCPA_SHA1_160_HASH_LEN,
(BYTE *)well_known_secret) != TSS_SUCCESS)
goto out_close;
}
}
if (askDataPass) {
datapass = _GETPASSWD(_("Enter NVRAM data password: "******"Failed to get NVRAM data password\n"));
goto out_close;
}
}
if (datapass || dataWellKnown) {
if (contextCreateObject
(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hDataPolicy) != TSS_SUCCESS)
goto out_close;
if (datapass) {
if (dpswd_len < 0)
dpswd_len = strlen(datapass);
if (policySetSecret(hDataPolicy, dpswd_len,
(BYTE *)datapass) != TSS_SUCCESS)
goto out_close;
} else {
if (policySetSecret(hDataPolicy, TCPA_SHA1_160_HASH_LEN,
(BYTE *)well_known_secret) != TSS_SUCCESS)
goto out_close;
}
if (Tspi_Policy_AssignToObject(hDataPolicy, nvObject) !=
TSS_SUCCESS)
goto out_close;
}
if (Tspi_SetAttribUint32(nvObject,
TSS_TSPATTRIB_NV_INDEX,
0,
nvindex) != TSS_SUCCESS)
goto out_close_obj;
if (Tspi_SetAttribUint32(nvObject,
TSS_TSPATTRIB_NV_PERMISSIONS,
0,
nvperm) != TSS_SUCCESS)
goto out_close_obj;
if (Tspi_SetAttribUint32(nvObject,
TSS_TSPATTRIB_NV_DATASIZE,
0,
nvsize) != TSS_SUCCESS)
goto out_close_obj;
if (NVDefineSpace(nvObject, (TSS_HPCRS)0, (TSS_HPCRS)0) !=
TSS_SUCCESS)
goto out_close;
logMsg(_("Successfully created NVRAM area at index 0x%x (%u).\n"),
nvindex, nvindex);
iRc = 0;
goto out_close;
out_close_obj:
contextCloseObject(hContext, nvObject);
out_close:
contextClose(hContext);
out:
return iRc;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE wks[20];
memset(wks,0,20);
TSS_HKEY hESS_Bind_Key;
TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID;
TSS_HPOLICY hESS_Policy;
TSS_FLAG initFlags;
BYTE *pubKey;
UINT32 pubKeySize;
FILE *fout, *fin;
result =Tspi_Context_Create(&hContext);
DBG("Create a context", result);
result=Tspi_Context_Connect(hContext, NULL);
DBG("Connect to TPM", result);
result=Tspi_Context_GetTpmObject(hContext, &hTPM);
DBG("Get TPM handle", result);
result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
DBG("Get SRK handle", result);
result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
DBG("Get SRK Policy", result);
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks);
DBG("Tspi_Policy_SetSecret", result);
result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hESS_Policy);
DBG("Create a key policy object", result);
result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1,
20, wks);
DBG("Set key policy object secret", result);
initFlags = TSS_KEY_TYPE_BIND |
TSS_KEY_SIZE_2048 |
TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Create the key object", result);
result = Tspi_SetAttribUint32(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
TSS_ES_RSAESPKCSV15);
DBG("Set the keys's padding type", result);
result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key);
DBG("Assign the key's policy to the key", result);
printf("Creating the key could take a while\n");
result = Tspi_Key_CreateKey(hESS_Bind_Key,
hSRK, 0);
DBG("Asking TPM to create the key", result);
result = Tspi_Context_RegisterKey(hContext,
hESS_Bind_Key,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
TSS_PS_TYPE_SYSTEM,
SRK_UUID);
DBG("Registering the key for later retrieval", result);
printf("Registering the key blob for later retrieval\r\n");
result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
DBG("Loading key in TPM", result);
result = Tspi_Key_GetPubKey(hESS_Bind_Key,
&pubKeySize, &pubKey);
DBG("Get Public portion of key", result);
fout = fopen("BackupESSBindKey.pub", "wb");
if(fout != NULL) {
write(fileno(fout), pubKey, pubKeySize);
printf("Finished writing BackupESSBindKey.pub\n");
fclose(fout);
}
else {
printf("Error opening XXXXXXXXXXXX \r\n");
}
result = Tspi_Policy_FlushSecret(hESS_Policy);
DBG("Policy flush secret", result);
result = Tspi_Context_GetKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Get key handle", result);
printf("Unregistering key\r\n");
result = Tspi_Context_UnregisterKey(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Unregister key", result);
// Load a key and bind data
UINT32 ulDataLength;
BYTE *rbgBoundData;
BYTE newPubKey[1000], encData[1000];
TSS_HENCDATA hEncData;
fin = fopen("BackupESSBindKey.pub", "r");
read(fileno(fin), newPubKey,284);
if (fin == NULL)
return 0;
fclose(fin);
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Tspi_Context_CreateObject BindKey", result);
result = Tspi_SetAttribData(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
284,newPubKey);
DBG("Set Public key into new key object", result);
fin = fopen("data", "rb");
read(fileno(fin), encData, 7);
fclose(fin);
result=Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&hEncData);
DBG("Create Data Object", result);
result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData);
DBG("Bind data", result);
result = Tspi_GetAttribData(hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&ulDataLength,&rbgBoundData);
DBG("Get encrypted data", result);
fout = fopen("Bound.data", "wb");
write(fileno(fout),rbgBoundData,ulDataLength);
fclose(fout);
result = Tspi_Context_FreeMemory(hContext, NULL);
DBG("Tspi Context Free Memory", result);
result = Tspi_Context_Close(hContext);
DBG("Tspi Context Close", result);
return 0;
}
int
main_v1_2( char version )
{
char *function = "policy_check_lifetime02";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
TSS_BOOL state;
TSS_RESULT result;
UINT32 remainingUsages;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Retrieve TPM object of context
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sets the policy Lifetime Counter
result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, COUNTER);
if (result != TSS_SUCCESS){
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Sets the secret and fires the counter
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//First two GetStatus calls: the Policy should not be expired yet
//Get status - first call (remainingUsages = COUNTER -1
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(1)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - second call (remainingUsages = COUNTER -2)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_DISABLEPUBEKREAD,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(2)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - third call (remainingUsages = COUNTER -3)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(3)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Ensure Secret usages reached 0
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages);
if ( result != TSS_SUCCESS || (remainingUsages)){
if (remainingUsages){
fprintf( stderr, "\tError: Secret usages did not reach zero: (%u)\n",
remainingUsages );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - fourth call with secret expired (remainingUsages = COUNTER -3)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( Trspi_Error_Code(result) != TSS_E_INVALID_OBJ_ACCESS )
{
print_error( "Tspi_TPM_GetStatus(4)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Set secret again and reset policy lifetime counter
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages);
if ( result != TSS_SUCCESS || (remainingUsages != COUNTER)){
if (remainingUsages != COUNTER){
fprintf( stderr, "\tError: Secret usages counter wasn't reset: (%u)\n",
remainingUsages );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(5)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
print_success( function, result);
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
int main(int argc, char *argv[])
{
int ret;
char base32_key[BASE32_LEN(keylen)+1];
unsigned char uefiblob[4100];
unsigned char blob[4096]; /* resulting sealed blob */
unsigned int bloblen; /* blob length */
unsigned char wellknown[20] = {0};
unsigned char totpstring[64];
uint32_t pcrmask = 0x000003BF; // PCRs 0-5 and 7-9
const char * hostname = "TPMTOTP";
char *outfile_name;
FILE *infile;
FILE *outfile;
QRcode *qrcode;
#ifdef CONFIG_TSS
TSS_HCONTEXT context;
#endif
if (generate_key()) {
return -1;
}
pcrvals = malloc(NUM_PCRS * sizeof(uint8_t*));
CHECK_MALLOC(pcrvals);
static int base32_flag = 0;
static int qr_flag = 1;
static int nvram_flag = 0;
int option_index = 0;
static struct option long_options[] = {
{"pcrs", required_argument, 0, 'p'},
{"nvram", no_argument, &nvram_flag, 1},
{"no-qrcode", no_argument, &qr_flag, 0},
{"base32", no_argument, &base32_flag, 1},
{"help", no_argument, 0, 'h'},
{0,0,0,0}
};
if (argc == 1) {
print_help();
return -1;
}
int c;
while ((c = getopt_long(argc, argv, "p:nbh", long_options, &option_index)) != -1) {
switch (c) {
case 0: // Flag only
break;
case 'p':
pcrmask = parse_pcrs(optarg);
if (pcrmask == (uint32_t) -1)
return -1;
break;
case 'h':
print_help();
return 0;
case 'b':
base32_flag = 1;
break;
case 'n':
nvram_flag = 1;
break;
case 's':
qr_flag = 0;
break;
case '?': // Unrecognized Option
print_help();
return -1;
default:
print_help();
}
}
if (!nvram_flag) {
if (optind == argc) {
fprintf(stderr, "Output name required!\n");
print_help();
return -1;
} else {
outfile_name = argv[optind];
}
}
base32_encode(key, keylen, base32_key);
base32_key[BASE32_LEN(keylen)] = NULL;
#ifdef CONFIG_TSS
ret = Tspi_Context_Create(&context);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "Unable to create TPM context\n");
return -1;
}
ret = Tspi_Context_Connect(context, NULL);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "Unable to connect to TPM\n");
return -1;
}
ret = TSPI_SealCurrPCR(context, // context
0x40000000, // SRK
pcrmask,
wellknown, // Well-known SRK secret
wellknown, // Well-known SEAL secret
key, keylen, /* data to be sealed */
blob, &bloblen); /* buffer to receive result */
#else
ret = TPM_SealCurrPCR(
0x40000000, // SRK
pcrmask,
wellknown, // Well-known SRK secret
wellknown, // Well-known SEAL secret
key, keylen, /* data to be sealed */
blob, &bloblen); /* buffer to receive result */
#endif
if (ret != 0) {
fprintf(stderr, "Error %s from TPM_Seal\n",
TPM_GetErrMsg(ret));
//goto out;
}
sprintf(totpstring, "otpauth://totp/%s?secret=%s", hostname, base32_key);
//sprintf(totpstring, "%s", base32_key);
if (base32_flag) {
printf("%s\n", base32_key);
}
printf("%s\n", totpstring);
if (qr_flag) {
qrcode = QRcode_encodeString(totpstring, 0, QR_ECLEVEL_L,
QR_MODE_8, 1);
writeANSI(qrcode);
}
if (nvram_flag) {
uint32_t nvindex = 0x00004d47;
uint32_t permissions = TPM_NV_PER_OWNERREAD|TPM_NV_PER_OWNERWRITE;
#ifdef CONFIG_TSS
TSS_HNVSTORE nvObject;
TSS_FLAG nvattrs = 0;
ret = Tspi_Context_CreateObject(context, TSS_OBJECT_TYPE_NV,
nvattrs, &nvObject);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "Unable to create nvram object: %x\n",
ret);
goto out;
}
ret = Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_INDEX, 0,
nvindex);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "Unable to set index\n");
goto out;
}
ret = Tspi_SetAttribUint32(nvObject,
TSS_TSPATTRIB_NV_PERMISSIONS, 0,
permissions);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "Unable to set permissions\n");
goto out;
}
ret = Tspi_SetAttribUint32(nvObject, TSS_TSPATTRIB_NV_DATASIZE,
0, bloblen);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "Unable to set size\n");
goto out;
}
ret = Tspi_NV_DefineSpace(nvObject, NULL, NULL);
if (ret != TSS_SUCCESS && ret != (0x3000 | TSS_E_NV_AREA_EXIST)) {
fprintf(stderr, "Unable to define space: %x\n", ret);
goto out;
}
ret = Tspi_NV_WriteValue(nvObject, 0, bloblen, blob);
if (ret != TSS_SUCCESS) {
fprintf(stderr, "Unable to write to nvram\n");
goto out;
}
#else
unsigned char * ownauth = wellknown;
unsigned char * areaauth = wellknown;
TPM_PCR_INFO_SHORT *pcrInfoRead = NULL;
TPM_PCR_INFO_SHORT *pcrInfoWrite = NULL;
ret = TPM_NV_DefineSpace2(
ownauth,
nvindex,
bloblen,
permissions,
areaauth,
pcrInfoRead,
pcrInfoWrite);
//if (ret != TPM_SUCCESS && ret != (0x3000 | TSS_E_NV_AREA_EXIST)) {
if (ret != TPM_SUCCESS) {
fprintf(stderr, "Unable to define space: %x\n", ret);
goto out;
}
ret = TPM_NV_WriteValue(
nvindex,
0,
blob,
bloblen,
ownauth
);
if (ret != TPM_SUCCESS) {
fprintf(stderr, "Unable to write to nvram\n");
goto out;
}
#endif
} else {
outfile = fopen(outfile_name, "w");
if (outfile == NULL) {
fprintf(stderr, "Unable to open output file '%s'\n",
outfile_name);
goto out;
}
if (strncmp(outfile_name, efivarfs, strlen(efivarfs)) == 0) {
int attributes = 7; // NV, RT, BS
memcpy(uefiblob, &attributes, sizeof(int));
memcpy(uefiblob + sizeof(int), blob, bloblen);
bloblen += sizeof(int);
ret = fwrite(uefiblob, 1, bloblen, outfile);
} else {
ret = fwrite(blob, 1, bloblen, outfile);
}
if (ret != bloblen) {
fprintf(stderr,
"I/O Error while writing output file '%s'\n",
outfile_name);
goto out;
}
}
out:
#ifdef CONFIG_TSS
Tspi_Context_FreeMemory(context, NULL);
Tspi_Context_Close(context);
#endif
exit(ret);
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_DefineSpace12";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
TSS_RESULT result;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext,NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x0000d);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
#ifdef NV_LOCKED
if (TSS_ERROR_CODE(result)== TPM_E_OWNER_SET||TSS_ERROR_CODE(result)==TPM_E_BAD_PRESENCE )
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
else{
print_error("Tspi_NV_DefineSpace", result);
print_end_test(nameOfFunction);
if ( result == TSS_SUCCESS ) {
#ifdef CLEAR_TEST_INDEX
Tspi_Context_GetTpmObject(hContext, &hTPM);
Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
Tspi_NV_ReleaseSpace(hNVStore);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
#endif
exit(-1);
}
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#else
if (result== TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
#ifdef CLEAR_TEST_INDEX
Tspi_Context_GetTpmObject(hContext, &hTPM);
Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy);
Tspi_Policy_SetSecret(hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET);
Tspi_NV_ReleaseSpace(hNVStore);
#endif
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
else{
print_error("Tspi_NV_DefineSpace", result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_UpdateVerificationCount-trans03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hWrappingKey;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HPOLICY hDelegation1 = NULL_HPOLICY;
TSS_HPOLICY hDelegation2 = NULL_HPOLICY;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", (result) );
goto done;
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
NULL);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation1);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", (result) );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation1, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation1, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", (result) );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', 0, NULL_HPCRS, hFamily, hDelegation1);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation2);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", (result) );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation2, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation2, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", (result) );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(hTPM, 'b', TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT,
NULL_HPCRS, hFamily, hDelegation2);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_CreateDelegation", (result) );
goto done;
}
result = Tspi_TPM_Delegate_UpdateVerificationCount(hTPM, hDelegation1);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_UpdateVerificationCount", (result) );
goto done;
}
result = Testsuite_Transport_Final(hContext, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Testsuite_Transport_Final", (result) );
goto done;
}
else
{
print_success( function, result );
}
print_end_test( function );
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_WriteValue04";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HOBJECT hPolObject = NULL_HOBJECT;
BYTE *auth = "123456";
UINT32 auth_length = 6;
BYTE *data = "1234567890";
TSS_RESULT result;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext,NULL);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create policy object for the NV object*/
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolObject);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_SetSecret(hPolObject, TSS_SECRET_MODE_PLAIN, auth_length, auth);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_SetSecret", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set password */
result = Tspi_Policy_AssignToObject(hPolObject, hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Policy_AssignToObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00050001);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_NV_WriteValue(hNVStore, /*offset*/0,/*datalength*/10, data);
#ifdef NV_LOCKED
if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
else{
print_error("Tspi_NV_WriteValue", result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
#else
if (TSS_ERROR_CODE(result)== TPM_E_BADINDEX)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
else{
print_error("Tspi_NV_WriteValue", result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
if ( result == TSS_SUCCESS )
exit(-1);
exit(result);
}
#endif
}
int
main_v1_2(char version)
{
char *nameOfFunction = "Tspi_Nv_ReleaseSpace-trans02";
TSS_HCONTEXT hContext = NULL_HCONTEXT;
TSS_HNVSTORE hNVStore = 0;//NULL_HNVSTORE
TSS_HPOLICY hPolicy = NULL_HPOLICY;
TSS_HTPM hTPM = NULL_HTPM;
TSS_RESULT result;
TSS_HKEY hSigningKey, hWrappingKey, hSRK;
print_begin_test(nameOfFunction);
result = connect_load_all(&hContext, &hSRK, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
result = Testsuite_Transport_Init(hContext, hSRK, hTPM, TRUE, TRUE, &hWrappingKey,
&hSigningKey);
if (result != TSS_SUCCESS) {
print_error("Testsuite_Transport_Init", result);
Tspi_Context_Close(hContext);
exit(result);
}
/* Create TPM NV object */
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_NV, 0,&hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the index to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_INDEX, 0,0x00011111);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting NV index", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the permission for the index. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, 0x2000);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting permission", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0xa);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Define NV space*/
result = Tspi_NV_DefineSpace(hNVStore, 0, 0);
if (result != TSS_SUCCESS)
{
print_error("Tspi_NV_DefineSpace", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/* Set the data size to be defined. */
result = Tspi_SetAttribUint32(hNVStore, TSS_TSPATTRIB_NV_DATASIZE, 0, 0x0);
if (result != TSS_SUCCESS)
{
print_error("Tspi_SetAttribUint32 for setting data size", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
/*Release NV space*/
result = Tspi_NV_ReleaseSpace(hNVStore);
if (result != TSS_SUCCESS)
{
print_error("Tspi_NV_ReleaseSpace", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Testsuite_Transport_Final(hContext, hSigningKey);
if (result== TSS_SUCCESS)
{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
} else {
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
/**
* gnutls_tpm_privkey_generate:
* @pk: the public key algorithm
* @bits: the security bits
* @srk_password: a password to protect the exported key (optional)
* @key_password: the password for the TPM (optional)
* @format: the format of the private key
* @pub_format: the format of the public key
* @privkey: the generated key
* @pubkey: the corresponding public key (may be null)
* @flags: should be a list of GNUTLS_TPM_* flags
*
* This function will generate a private key in the TPM
* chip. The private key will be generated within the chip
* and will be exported in a wrapped with TPM's master key
* form. Furthermore the wrapped key can be protected with
* the provided @password.
*
* Note that bits in TPM is quantized value. If the input value
* is not one of the allowed values, then it will be quantized to
* one of 512, 1024, 2048, 4096, 8192 and 16384.
*
* Allowed flags are:
*
* %GNUTLS_TPM_KEY_SIGNING: Generate a signing key instead of a legacy,
* %GNUTLS_TPM_REGISTER_KEY: Register the generate key in TPM. In that
* case @privkey would contain a URL with the UUID.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int
gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
const char *srk_password,
const char *key_password,
gnutls_tpmkey_fmt_t format,
gnutls_x509_crt_fmt_t pub_format,
gnutls_datum_t * privkey,
gnutls_datum_t * pubkey, unsigned int flags)
{
TSS_FLAG tpm_flags = TSS_KEY_VOLATILE;
TSS_HKEY key_ctx;
TSS_RESULT tssret;
int ret;
void *tdata;
UINT32 tint;
gnutls_datum_t tmpkey = { NULL, 0 };
TSS_HPOLICY key_policy;
gnutls_pubkey_t pub;
struct tpm_ctx_st s;
TSS_FLAG storage_type;
TSS_HTPM htpm;
uint8_t buf[32];
if (flags & GNUTLS_TPM_KEY_SIGNING)
tpm_flags |= TSS_KEY_TYPE_SIGNING;
else
tpm_flags |= TSS_KEY_TYPE_LEGACY;
if (flags & GNUTLS_TPM_KEY_USER)
storage_type = TSS_PS_TYPE_USER;
else
storage_type = TSS_PS_TYPE_SYSTEM;
if (bits <= 512)
tpm_flags |= TSS_KEY_SIZE_512;
else if (bits <= 1024)
tpm_flags |= TSS_KEY_SIZE_1024;
else if (bits <= 2048)
tpm_flags |= TSS_KEY_SIZE_2048;
else if (bits <= 4096)
tpm_flags |= TSS_KEY_SIZE_4096;
else if (bits <= 8192)
tpm_flags |= TSS_KEY_SIZE_8192;
else
tpm_flags |= TSS_KEY_SIZE_16384;
ret = tpm_open_session(&s, srk_password);
if (ret < 0)
return gnutls_assert_val(ret);
/* put some randomness into TPM.
* Let's not trust it completely.
*/
tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_cc;
}
ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
if (ret < 0) {
gnutls_assert();
goto err_cc;
}
tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
if (tssret) {
gnutls_assert();
}
tssret =
Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
tpm_flags, &key_ctx);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_cc;
}
tssret =
Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
TSS_SS_RSASSAPKCS1V15_DER);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
/* set the password of the actual key */
if (key_password) {
tssret =
Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE,
&key_policy);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
tssret = myTspi_Policy_SetSecret(key_policy,
SAFE_LEN(key_password),
(void *) key_password);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
}
tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
if (flags & GNUTLS_TPM_REGISTER_KEY) {
TSS_UUID key_uuid;
ret = randomize_uuid(&key_uuid);
if (ret < 0) {
gnutls_assert();
goto err_sa;
}
tssret =
Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx,
storage_type, key_uuid,
TSS_PS_TYPE_SYSTEM, srk_uuid);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
ret =
encode_tpmkey_url((char **) &privkey->data, &key_uuid,
storage_type);
if (ret < 0) {
TSS_HKEY tkey;
Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type,
key_uuid, &tkey);
gnutls_assert();
goto err_sa;
}
privkey->size = strlen((char *) privkey->data);
} else { /* get the key as blob */
tssret =
Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &tint,
(void *) &tdata);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) {
ret =
_gnutls_x509_encode_string
(ASN1_ETYPE_OCTET_STRING, tdata, tint,
&tmpkey);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
_gnutls_fbase64_encode("TSS KEY BLOB",
tmpkey.data,
tmpkey.size, privkey);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
UINT32 tint2;
tmpkey.size = tint + 32; /* spec says no more than 20 */
tmpkey.data = gnutls_malloc(tmpkey.size);
if (tmpkey.data == NULL) {
gnutls_assert();
ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
tint2 = tmpkey.size;
tssret =
Tspi_EncodeDER_TssBlob(tint, tdata,
TSS_BLOB_TYPE_PRIVATEKEY,
&tint2, tmpkey.data);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto cleanup;
}
tmpkey.size = tint2;
privkey->data = tmpkey.data;
privkey->size = tmpkey.size;
tmpkey.data = NULL;
}
}
/* read the public key */
if (pubkey != NULL) {
size_t psize;
ret = gnutls_pubkey_init(&pub);
if (ret < 0) {
gnutls_assert();
goto privkey_cleanup;
}
ret = read_pubkey(pub, key_ctx, &psize);
if (ret < 0) {
gnutls_assert();
goto privkey_cleanup;
}
psize += 512;
pubkey->data = gnutls_malloc(psize);
if (pubkey->data == NULL) {
gnutls_assert();
ret = GNUTLS_E_MEMORY_ERROR;
goto pubkey_cleanup;
}
ret =
gnutls_pubkey_export(pub, pub_format, pubkey->data,
&psize);
if (ret < 0) {
gnutls_assert();
goto pubkey_cleanup;
}
pubkey->size = psize;
gnutls_pubkey_deinit(pub);
}
ret = 0;
goto cleanup;
pubkey_cleanup:
gnutls_pubkey_deinit(pub);
privkey_cleanup:
gnutls_free(privkey->data);
privkey->data = NULL;
cleanup:
gnutls_free(tmpkey.data);
tmpkey.data = NULL;
err_sa:
Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
err_cc:
tpm_close_session(&s);
return ret;
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_CreateDelegation02";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM;
TSS_HPOLICY hTPMPolicy;
TSS_HPOLICY hDelegation = NULL_HPOLICY;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
goto done;
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hDelegation);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hDelegation, TESTSUITE_DELEGATE_SECRET_MODE,
TESTSUITE_DELEGATE_SECRET_LEN, TESTSUITE_DELEGATE_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_TYPE, TSS_DELEGATIONTYPE_OWNER);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER1, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_SetAttribUint32(hDelegation, TSS_TSPATTRIB_POLICY_DELEGATION_INFO,
TSS_TSPATTRIB_POLDEL_PER2, 0);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_SetAttribUint32", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", result );
goto done;
}
result = Tspi_TPM_Delegate_CreateDelegation(0xffffffff, 'b', 0, NULL_HPCRS, hFamily, hDelegation);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE)
{
print_error( function, result );
result = 1;
goto done;
}
else
{
print_success( function, result );
result = 0;
}
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
print_end_test( function );
exit( result );
}
int main_v1_2(char version)
{
char *function = "Tspi_Data_Unseal01";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HTPM hTPM;
TSS_HPOLICY hKeyPolicy, hEncUsagePolicy, hSRKPolicy;
BYTE rgbDataToSeal[DATA_SIZE];
BYTE *rgbPcrValue;
UINT32 ulPcrLen;
TSS_HENCDATA hEncData;
BYTE *prgbDataToUnseal;
TSS_HPCRS hPcrComposite;
UINT32 BlobLength;
UINT32 ulDataLength = DATA_SIZE, ulNewDataLength;
TSS_UUID uuid;
TSS_RESULT result;
TSS_FLAG initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(function);
memset(rgbDataToSeal, 0x5d, DATA_SIZE);
// Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
// Connect to Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// create hKey
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_SEAL, &hEncData);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hEncData)",
result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// get the use policy for the encrypted data to set its secret
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hEncUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Policy_SetSecret(hEncUsagePolicy, TESTSUITE_ENCDATA_SECRET_MODE,
TESTSUITE_ENCDATA_SECRET_LEN, TESTSUITE_ENCDATA_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hEncUsagePolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Assign the use policy to the object
result = Tspi_Policy_AssignToObject(hEncUsagePolicy, hEncData);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
// set the SRK auth data
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject (hSRK)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Policy_SetSecret(hSRKPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN,
TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hSRKPolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
// set the new key's authdata
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hKeyPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Policy_SetSecret(hKeyPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN,
TESTSUITE_KEY_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hKeyPolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Assign the use policy to the object
result = Tspi_Policy_AssignToObject(hKeyPolicy, hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// create the key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Key_LoadKey(hKey, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_LoadKey (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hPcrComposite)",
result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#define PCR_NUM 5
result = Tspi_TPM_PcrRead(hTPM, PCR_NUM, &ulPcrLen, &rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_PcrRead", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_PcrComposite_SetPcrValue(hPcrComposite, PCR_NUM, ulPcrLen,
rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_PcrComposite_SetPcrValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_FreeMemory(hContext, rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_FreeMemory", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_PcrComposite_SetPcrLocality(hPcrComposite, TPM_LOC_ZERO);
if (result != TSS_SUCCESS) {
print_error("Tspi_PcrComposite_SetPcrValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Tell the TSS to mask the data before sending
result = Tspi_SetAttribUint32(hEncData, TSS_TSPATTRIB_ENCDATA_SEAL,
TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE,
TSS_TSPATTRIB_ENCDATA_SEAL_PROTECT);
if (result != TSS_SUCCESS) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Data Seal
result =
Tspi_Data_Seal(hEncData, hKey, ulDataLength, rgbDataToSeal, hPcrComposite);
if (result != TSS_SUCCESS) {
print_error("Tspi_Data_Seal", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Data_Unseal(hEncData, hKey, &ulNewDataLength, &prgbDataToUnseal);
if (result != TSS_SUCCESS) {
if (!(checkNonAPI(result))) {
print_error(function, result);
} else {
print_error_nonapi(function, result);
}
} else {
if (ulDataLength != ulNewDataLength) {
printf
("ERROR length of returned data doesn't match!\n");
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
} else
if (memcmp
(prgbDataToUnseal, rgbDataToSeal, ulDataLength)) {
printf
("ERROR data returned from unseal doesn't match!\n");
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Context_FreeMemory(hContext, prgbDataToUnseal);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_FreeMemory ", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(function, result);
}
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
