コード例 #1
0
int nvReadLock(TPMI_RH_NV_AUTH authHandle, TPMI_RH_NV_INDEX nvIndex)
{
    UINT32 rval;
    TPMS_AUTH_COMMAND sessionData;
    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_CMD_AUTHS sessionsData;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;
    TPM2B_MAX_NV_BUFFER nvData = { { sizeof(TPM2B_MAX_NV_BUFFER)-2, } };

    TPMS_AUTH_COMMAND *sessionDataArray[1];
    TPMS_AUTH_RESPONSE *sessionDataOutArray[1];

    sessionDataArray[0] = &sessionData;
    sessionDataOutArray[0] = &sessionDataOut;

    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    sessionsData.cmdAuths = &sessionDataArray[0];

    sessionsDataOut.rspAuthsCount = 1;
    sessionsData.cmdAuthsCount = 1;

    sessionData.sessionHandle = TPM_RS_PW;
    sessionData.nonce.t.size = 0;
    sessionData.hmac.t.size = 0;
    *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;

    if (strlen(handlePasswd) > 0 && !hexPasswd)
    {
        sessionData.hmac.t.size = strlen(handlePasswd);
        memcpy( &sessionData.hmac.t.buffer[0], handlePasswd, sessionData.hmac.t.size );
    }
    else if (strlen(handlePasswd) > 0 && hexPasswd)
    {
        sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
        if (hex2ByteStructure(handlePasswd, &sessionData.hmac.t.size,
                              sessionData.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for handlePasswd.\n");
            return -1;
        }
    }

    rval = Tss2_Sys_NV_ReadLock( sysContext, authHandle, nvIndex, &sessionsData, &sessionsDataOut );
    if(rval != TPM_RC_SUCCESS)
    {
        printf("\nFailed to lock NVRAM area at index 0x%x (%d).Error:0x%x\n", nvIndex, nvIndex, rval );
        return -1;
    }

    return 0;
}
コード例 #2
0
int evictControl(TPMI_RH_PROVISION auth, TPMI_DH_OBJECT objectHandle,TPMI_DH_OBJECT persistentHandle, int P_flag)
{
    UINT32 rval;
    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_CMD_AUTHS sessionsData;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;
    TPMS_AUTH_COMMAND *sessionDataArray[1];
    TPMS_AUTH_RESPONSE *sessionDataOutArray[1];

    sessionDataArray[0] = &sessionData;
    sessionDataOutArray[0] = &sessionDataOut;

    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    sessionsData.cmdAuths = &sessionDataArray[0];

    sessionsDataOut.rspAuthsCount = 1;
    sessionsData.cmdAuthsCount = 1;

    sessionData.sessionHandle = TPM_RS_PW;
    sessionData.nonce.t.size = 0;

    if(P_flag == 0)
        sessionData.hmac.t.size = 0;

    *((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
    if (sessionData.hmac.t.size > 0 && hexPasswd)
    {
        sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
        if (hex2ByteStructure((char *)sessionData.hmac.t.buffer,
                              &sessionData.hmac.t.size,
                              sessionData.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for authorization Passwd.\n");
            return -1;
        }
    }

    rval = Tss2_Sys_EvictControl(sysContext, auth, objectHandle, &sessionsData, persistentHandle,&sessionsDataOut);

    if(rval != TPM_RC_SUCCESS)
    {
        printf("\nEvictControl Failed, error code: 0x%0x\n\n",rval);
        return -1;
    }
    printf("\nEvictControl succ.\n");

    return 0;
}
コード例 #3
0
int quote(TPM_HANDLE akHandle, PCR_LIST pcrList, TPMI_ALG_HASH algorithmId)
{
    UINT32 rval;
    TPM2B_DATA qualifyingData;
    UINT8 qualDataString[] = { 0x00, 0xff, 0x55, 0xaa };
    TPMT_SIG_SCHEME inScheme;
    TPML_PCR_SELECTION  pcrSelection;
    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_CMD_AUTHS sessionsData;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;
    TPM2B_ATTEST quoted = { { sizeof(TPM2B_ATTEST)-2, } };
    TPMT_SIGNATURE signature;

    TPMS_AUTH_COMMAND *sessionDataArray[1];
    TPMS_AUTH_RESPONSE *sessionDataOutArray[1];

    sessionDataArray[0] = &sessionData;
    sessionDataOutArray[0] = &sessionDataOut;

    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    sessionsData.cmdAuths = &sessionDataArray[0];

    sessionsDataOut.rspAuthsCount = 1;
    sessionsData.cmdAuthsCount = 1;

    sessionData.sessionHandle = TPM_RS_PW;
    sessionData.nonce.t.size = 0;
    *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
    if (sessionData.hmac.t.size > 0 && hexPasswd)
    {
        sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
        if (hex2ByteStructure((char *)sessionData.hmac.t.buffer,
                              &sessionData.hmac.t.size,
                              sessionData.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for AK Passwd.\n");
            return -1;
        }
    }

    if(!qualifedData.t.size)
    {
      qualifyingData.t.size = sizeof( qualDataString );
      memcpy( &qualifyingData.t.buffer[0], qualDataString, sizeof( qualDataString ) );
    }
    else
    {
      qualifyingData = qualifedData; // shallow copy ok since there are no pointers
    }


    inScheme.scheme = TPM_ALG_NULL;

    pcrSelection.count = 1;
    pcrSelection.pcrSelections[0].hash = algorithmId;
    pcrSelection.pcrSelections[0].sizeofSelect = 3;

    // Clear out PCR select bit field
    pcrSelection.pcrSelections[0].pcrSelect[0] = 0;
    pcrSelection.pcrSelections[0].pcrSelect[1] = 0;
    pcrSelection.pcrSelections[0].pcrSelect[2] = 0;

    // Now set the PCR you want
    for(int l=0;l<pcrList.size; l++)
    {
        UINT32 pcrId = pcrList.id[l];
        pcrSelection.pcrSelections[0].pcrSelect[( pcrId/8 )] |= ( 1 << ( pcrId) % 8);
    }

    memset( (void *)&signature, 0, sizeof(signature) );

    rval = Tss2_Sys_Quote(sysContext, akHandle, &sessionsData,
            &qualifyingData, &inScheme, &pcrSelection,  &quoted,
            &signature, &sessionsDataOut );
    if(rval != TPM_RC_SUCCESS)
    {
        printf("\nQuote Failed ! ErrorCode: 0x%0x\n\n", rval);
        return -1;
    }

    printf( "\nquoted:\n " );
    PrintSizedBuffer( (TPM2B *)&quoted );
    //PrintTPM2B_ATTEST(&quoted);
    printf( "\nsignature:\n " );
    PrintBuffer( (UINT8 *)&signature, sizeof(signature) );
    //PrintTPMT_SIGNATURE(&signature);

    FILE *fp = fopen(outFilePath,"w+");
    if(NULL == fp)
    {
        printf("OutFile: %s Can Not Be Created !\n",outFilePath);
        return -2;
    }
    if(fwrite(&quoted, calcSizeofTPM2B_ATTEST(&quoted), 1 ,fp) != 1)
    {
        fclose(fp);
        printf("OutFile: %s Write quoted Data In Error!\n",outFilePath);
        return -3;
    }
    if(fwrite(&signature, calcSizeofTPMT_SIGNATURE(&signature), 1, fp) != 1)
    {
        fclose(fp);
        printf("OutFile: %s Write signature Data In Error!\n",outFilePath);
        return -4;
    }

    fclose(fp);
    return 0;
}
コード例 #4
0
int createEKHandle()
{
    UINT32 rval;
    TPMS_AUTH_COMMAND sessionData;
    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_CMD_AUTHS sessionsData;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;
    TPMS_AUTH_COMMAND *sessionDataArray[1];
    TPMS_AUTH_RESPONSE *sessionDataOutArray[1];

    TPM2B_SENSITIVE_CREATE    inSensitive = { { sizeof(TPM2B_SENSITIVE_CREATE) - 2, } };
    TPM2B_PUBLIC                        inPublic = { { sizeof(TPM2B_PUBLIC) - 2, } };
    TPM2B_DATA                            outsideInfo = { { 0, } };
    TPML_PCR_SELECTION            creationPCR;

    TPM2B_NAME                            name = { { sizeof(TPM2B_NAME) - 2, } };

    TPM2B_PUBLIC                        outPublic = { { 0, } };
    TPM2B_CREATION_DATA         creationData = { { 0, } };
    TPM2B_DIGEST                        creationHash = { { sizeof(TPM2B_DIGEST) - 2, } };
    TPMT_TK_CREATION                creationTicket = { 0, };

    TPM_HANDLE handle2048ek;

    sessionDataArray[0] = &sessionData;
    sessionDataOutArray[0] = &sessionDataOut;

    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    sessionsData.cmdAuths = &sessionDataArray[0];

    sessionsDataOut.rspAuthsCount = 1;
    sessionsData.cmdAuthsCount = 1;

    sessionData.sessionHandle = TPM_RS_PW;
    sessionData.nonce.t.size = 0;
    sessionData.hmac.t.size = 0;
    *((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;

    // use enAuth in Tss2_Sys_CreatePrimary
    if (strlen(endorsePasswd) > 0 && !hexPasswd)
    {
        sessionData.hmac.t.size = strlen(endorsePasswd);
        memcpy( &sessionData.hmac.t.buffer[0], endorsePasswd, sessionData.hmac.t.size );
    }
    else if (strlen(endorsePasswd) > 0 && hexPasswd)
    {
        sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
        if (hex2ByteStructure(endorsePasswd, &sessionData.hmac.t.size,
                              sessionData.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for endorsePasswd.\n");
            return -1;
        }
    }

    if (strlen(ekPasswd) > 0 && !hexPasswd)
    {
        sessionData.hmac.t.size = strlen(ekPasswd);
        memcpy( &sessionData.hmac.t.buffer[0], ekPasswd, sessionData.hmac.t.size );
    }
    else if (strlen(ekPasswd) > 0 && hexPasswd)
    {
        inSensitive.t.sensitive.userAuth.t.size = sizeof(inSensitive.t.sensitive.userAuth) - 2;
        if (hex2ByteStructure(ekPasswd,
                              &inSensitive.t.sensitive.userAuth.t.size,
                              inSensitive.t.sensitive.userAuth.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for ekPasswd.\n");
            return -1;
        }
    }
    inSensitive.t.sensitive.data.t.size = 0;
    inSensitive.t.size = inSensitive.t.sensitive.userAuth.b.size + 2;

    if ( setKeyAlgorithm(algorithmType, inSensitive, inPublic) )
        return -1;

    creationPCR.count = 0;

    /*To Create EK*/
    rval = Tss2_Sys_CreatePrimary(sysContext, TPM_RH_ENDORSEMENT, &sessionsData, &inSensitive, &inPublic,
                                                                &outsideInfo, &creationPCR, &handle2048ek, &outPublic, &creationData, &creationHash,
                                                                &creationTicket, &name, &sessionsDataOut);
    if ( rval != TPM_RC_SUCCESS )
    {
        printf("\n......TPM2_CreatePrimary Error. TPM Error:0x%x......\n", rval);
        return -2;
    }
    printf("\nEK create succ.. Handle: 0x%8.8x\n", handle2048ek);

    if (!nonPersistentRead) 
    {
        // To make EK persistent, use own auth
        sessionData.hmac.t.size = 0;
        if (strlen(ownerPasswd) > 0 && !hexPasswd)
        {
            sessionData.hmac.t.size = strlen(ownerPasswd);
            memcpy( &sessionData.hmac.t.buffer[0], ownerPasswd, sessionData.hmac.t.size );
        }
        else if (strlen(ownerPasswd) > 0 && hexPasswd)
        {
            sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
            if (hex2ByteStructure(ownerPasswd, &sessionData.hmac.t.size,
                                  sessionData.hmac.t.buffer) != 0)
            {
                printf( "Failed to convert Hex format password for ownerPasswd.\n");
                return -1;
            }
        }

        rval = Tss2_Sys_EvictControl(sysContext, TPM_RH_OWNER, handle2048ek, &sessionsData, persistentHandle, &sessionsDataOut);
        if ( rval != TPM_RC_SUCCESS )
        {
            printf("\n......EvictControl:Make EK persistent Error. TPM Error:0x%x......\n", rval);
            return -3;
        }
        printf("EvictControl EK persistent succ.\n");
    }

    rval = Tss2_Sys_FlushContext(sysContext, handle2048ek);
    if ( rval != TPM_RC_SUCCESS )
    {
        printf("\n......Flush transient EK failed. TPM Error:0x%x......\n", rval);
        return -4;
    }
    printf("Flush transient EK succ.\n");

    // save ek public
    if ( saveDataToFile(outputFile, (UINT8 *)&outPublic, sizeof(outPublic)) )
    {
        printf("\n......Failed to save EK pub key into file(%s)......\n", outputFile);
        return -5;
    }

    return 0;
}
コード例 #5
0
int encryptDecrypt(TPMI_DH_OBJECT keyHandle, TPMI_YES_NO decryptVal, TPM2B_MAX_BUFFER *inData, const char *outFilePath)
{
    UINT32 rval;

    // Inputs
    TPMI_ALG_SYM_MODE mode;
    TPM2B_IV ivIn;
    // Outputs
    TPM2B_MAX_BUFFER outData = { { sizeof(TPM2B_MAX_BUFFER)-2, } };
    TPM2B_IV ivOut = { { sizeof(TPM2B_IV)-2, } };

    TSS2_SYS_CMD_AUTHS sessionsData;

    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;

    TPMS_AUTH_COMMAND *sessionDataArray[1];
    TPMS_AUTH_RESPONSE *sessionDataOutArray[1];

    sessionDataArray[0] = &sessionData;
    sessionsData.cmdAuths = &sessionDataArray[0];
    sessionDataOutArray[0] = &sessionDataOut;
    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    sessionsDataOut.rspAuthsCount = 1;

    sessionData.sessionHandle = TPM_RS_PW;
    sessionData.nonce.t.size = 0;
    *((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
    if (sessionData.hmac.t.size > 0 && hexPasswd)
    {
        sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
        if (hex2ByteStructure((char *)sessionData.hmac.t.buffer,
                              &sessionData.hmac.t.size,
                              sessionData.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for key Passwd.\n");
            return -1;
        }
    }

    sessionsData.cmdAuthsCount = 1;
    sessionsData.cmdAuths[0] = &sessionData;

    mode = TPM_ALG_NULL;
    ivIn.t.size = MAX_SYM_BLOCK_SIZE;
    memset(ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE);

    if(decryptVal == NO)
        printf("\nENCRYPTDECRYPT: ENCRYPT\n");
    if(decryptVal == YES)
        printf("\nENCRYPTDECRYPT: DECRYPT\n");

    rval = Tss2_Sys_EncryptDecrypt(sysContext, keyHandle, &sessionsData, decryptVal, mode, &ivIn, inData, &outData, &ivOut, &sessionsDataOut);

    if(rval != TPM_RC_SUCCESS)
    {
        printf("EncryptDecrypt failed, error code: 0x%x\n", rval);
        return -1;
    }
    printf("\nEncryptDecrypt succ.\n");

    if(saveDataToFile(outFilePath, (UINT8 *)outData.t.buffer, outData.t.size))
        return -2;

    printf("OutFile %s completed!\n", outFilePath);
    return 0;
}
コード例 #6
0
int nvSpaceDefine()
{
    UINT32 rval;
    TPM2B_AUTH nvAuth;
    TPM2B_NV_PUBLIC publicInfo;
    TPMS_AUTH_COMMAND sessionData;
    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_CMD_AUTHS sessionsData;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;

    TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
    TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };

    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    sessionsData.cmdAuths = &sessionDataArray[0];

    sessionsDataOut.rspAuthsCount = 1;
    sessionsData.cmdAuthsCount = 1;

    sessionData.sessionHandle = TPM_RS_PW;
    sessionData.nonce.t.size = 0;
    sessionData.hmac.t.size = 0;
    *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;

    if (strlen(handlePasswd) > 0 && !hexPasswd)
    {
        sessionData.hmac.t.size = strlen(handlePasswd);
        memcpy( &sessionData.hmac.t.buffer[0], handlePasswd, sessionData.hmac.t.size );
    }
    else if (strlen(handlePasswd) > 0 && hexPasswd)
    {
        sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
        if (hex2ByteStructure(handlePasswd, &sessionData.hmac.t.size,
                              sessionData.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for handlePasswd.\n");
            return -1;
        }
    }

    publicInfo.t.size = sizeof( TPMI_RH_NV_INDEX ) +
            sizeof( TPMI_ALG_HASH ) + sizeof( TPMA_NV ) + sizeof( UINT16) +
            sizeof( UINT16 );
    publicInfo.t.nvPublic.nvIndex = nvIndex;
    publicInfo.t.nvPublic.nameAlg = TPM_ALG_SHA256;

    // Now set the attributes.
    publicInfo.t.nvPublic.attributes.val = nvAttribute;
    publicInfo.t.nvPublic.authPolicy.t.size = 0;
    publicInfo.t.nvPublic.dataSize = size;

    nvAuth.t.size = 0;
    if (strlen(indexPasswd) > 0 && !hexPasswd)
    {
        nvAuth.t.size = strlen(indexPasswd);
        memcpy( &nvAuth.t.buffer[0], indexPasswd, nvAuth.t.size );
    }
    else if (strlen(indexPasswd) > 0 && hexPasswd)
    {
        nvAuth.t.size = sizeof(nvAuth) - 2;
        if (hex2ByteStructure(indexPasswd,&nvAuth.t.size,nvAuth.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for indexPasswd.\n");
            return -1;
        }
    }

    rval = Tss2_Sys_NV_DefineSpace( sysContext, authHandle, &sessionsData, &nvAuth, &publicInfo, &sessionsDataOut );
    if(rval != TPM_RC_SUCCESS)
    {
        printf( "\nFailed to define NV area at index 0x%x (%d).Error:0x%x\n", nvIndex, nvIndex, rval );
        return -1;
    }
    printf( "Success to define NV area at index 0x%x (%d).\n", nvIndex, nvIndex);

    return 0;
}
コード例 #7
0
int main(int argc, char* argv[])
{
    char hostName[200] = DEFAULT_HOSTNAME;
    int port = DEFAULT_RESMGR_TPM_PORT;
    UINT16 size;

    setbuf(stdout, NULL);
    setvbuf (stdout, NULL, _IONBF, BUFSIZ);

    int opt = -1;
    const char *optstring = "hve:s:n:o:p:d:";
    static struct option long_options[] = {
      {"help",0,NULL,'h'},
      {"version",0,NULL,'v'},
      {"encKey",1,NULL,'e'},
      {"sec",1,NULL,'s'},
      {"name",1,NULL,'n'},
      {"outFile",1,NULL,'o'},
      {"port",1,NULL,'p'},
      {"debugLevel",1,NULL,'d'},
      {0,0,0,0}
    };

    int returnVal = 0;
    int flagCnt = 0;
    int h_flag = 0,
        v_flag = 0,
        e_flag = 0,
        s_flag = 0,
        n_flag = 0,
        o_flag = 0;

    if(argc == 1)
    {
        showHelp(argv[0]);
        return 0;
    }

    while((opt = getopt_long(argc,argv,optstring,long_options,NULL)) != -1)
    {
        switch(opt)
        {
        case 'h':
            h_flag = 1;
            break;
        case 'v':
            v_flag = 1;
            break;
        case 'e':
            size = sizeof(inPublic);
            if(loadDataFromFile(optarg, (UINT8 *)&inPublic, &size) != 0)
            {
                returnVal = -1;
                break;
            }
            e_flag = 1;
            break;
        case 's':
            inCredential.t.size = sizeof(inCredential) - 2;
            if(loadDataFromFile(optarg, inCredential.t.buffer, &inCredential.t.size) != 0)
            {
                returnVal = -2;
                break;
            }
            s_flag = 1;
            break;
        case 'n':
            objectName.t.size = sizeof(objectName) - 2;
            if(hex2ByteStructure(optarg,&objectName.t.size,objectName.t.name) != 0)
            {
                returnVal = -3;
                break;
            }
            n_flag = 1;
            break;
        case 'o':
            safeStrNCpy(outFilePath, optarg, sizeof(outFilePath));
            if(checkOutFile(outFilePath) != 0)
            {
                returnVal = -4;
                break;
            }
            o_flag = 1;
            break;
        case 'p':
            if( getPort(optarg, &port) )
            {
                printf("Incorrect port number.\n");
                returnVal = -5;
            }
            break;
        case 'd':
            if( getDebugLevel(optarg, &debugLevel) )
            {
                printf("Incorrect debug level.\n");
                returnVal = -6;
            }
            break;
        case ':':
//              printf("Argument %c needs a value!\n",optopt);
            returnVal = -7;
            break;
        case '?':
//              printf("Unknown Argument: %c\n",optopt);
            returnVal = -8;
            break;
        //default:
        //  break;
        }
        if(returnVal)
            break;
    };

    if(returnVal != 0)
        return returnVal;

    flagCnt = h_flag + v_flag + e_flag + s_flag + n_flag + o_flag;
    if(flagCnt == 1)
    {
        if(h_flag == 1)
            showHelp(argv[0]);
        else if(v_flag == 1)
            showVersion(argv[0]);
        else
        {
            showArgMismatch(argv[0]);
            return -9;
        }
    }
    else if(flagCnt == 4 && h_flag != 1 && v_flag != 1)
    {
        prepareTest(hostName, port, debugLevel);

        returnVal = makeCredential();

        finishTest();

        if(returnVal)
            return -10;
    }
    else
    {
        showArgMismatch(argv[0]);
        return -11;
    }

    return 0;
}
コード例 #8
0
int activateCredential()
{
    UINT32 rval;
    TPM2B_DIGEST certInfoData = { { sizeof(certInfoData)-2, } };

    printf("\nACTIVATE CREDENTIAL TESTS:\n");

    cmdAuth.sessionHandle = TPM_RS_PW;
    cmdAuth2.sessionHandle = TPM_RS_PW;
    *((UINT8 *)((void *)&cmdAuth.sessionAttributes)) = 0;
    *((UINT8 *)((void *)&cmdAuth2.sessionAttributes)) = 0;
    *((UINT8 *)((void *)&cmdAuth3.sessionAttributes)) = 0;

    TPMS_AUTH_COMMAND *cmdSessionArray[2] = { &cmdAuth, &cmdAuth3 };
    TSS2_SYS_CMD_AUTHS cmdAuthArray = { 2, &cmdSessionArray[0] };

    TPMS_AUTH_COMMAND *cmdSessionArray1[1] = { &cmdAuth2 };
    TSS2_SYS_CMD_AUTHS cmdAuthArray1 = { 1, &cmdSessionArray1[0] };
    SESSION *session;
    TPM2B_ENCRYPTED_SECRET  encryptedSalt = { { 0, } };
    TPM2B_NONCE         nonceCaller = { { 0, } };
    TPMT_SYM_DEF symmetric;

    symmetric.algorithm = TPM_ALG_NULL;

    if (cmdAuth.hmac.t.size > 0 && hexPasswd)
    {
        cmdAuth.hmac.t.size = sizeof(cmdAuth.hmac) - 2;
        if (hex2ByteStructure((char *)cmdAuth.hmac.t.buffer,
                              &cmdAuth.hmac.t.size,
                              cmdAuth.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for handlePasswd.\n");
            return -1;
        }
    }

    if (cmdAuth2.hmac.t.size > 0 && hexPasswd)
    {
        cmdAuth2.hmac.t.size = sizeof(cmdAuth2.hmac) - 2;
        if (hex2ByteStructure((char *)cmdAuth2.hmac.t.buffer,
                              &cmdAuth2.hmac.t.size,
                              cmdAuth2.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for endorsePasswd.\n");
            return -1;
        }
    }

    rval = StartAuthSessionWithParams( &session, TPM_RH_NULL, 0, TPM_RH_NULL,
            0, &nonceCaller, &encryptedSalt, TPM_SE_POLICY, &symmetric, TPM_ALG_SHA256 );
    if( rval != TPM_RC_SUCCESS )
    {
        printf("\n......StartAuthSessionWithParams Error. TPM Error:0x%x......\n", rval);
        return -1;
    }
    printf("\nStartAuthSessionWithParams succ.......\n");

    rval = Tss2_Sys_PolicySecret(sysContext, TPM_RH_ENDORSEMENT, session->sessionHandle, &cmdAuthArray1, 0, 0, 0, 0, 0, 0, 0);
    if( rval != TPM_RC_SUCCESS )
    {
        printf("\n......Tss2_Sys_PolicySecret Error. TPM Error:0x%x......\n", rval);
        return -2;
    }
    printf("\nTss2_Sys_PolicySecret succ.......\n");

    cmdAuth3.sessionHandle = session->sessionHandle;
    cmdAuth3.sessionAttributes.continueSession = 1;
    cmdAuth3.hmac.t.size = 0;
    rval = Tss2_Sys_ActivateCredential(sysContext, activateHandle, keyHandle, &cmdAuthArray, &credentialBlob, &secret, &certInfoData, 0);
    if(rval != TPM_RC_SUCCESS)
    {
        printf("\n......ActivateCredential failed. TPM Error:0x%x......\n", rval);
        return -3;
    }
    printf("\nActivate Credential succ.\n");

    // Need to flush the session here.
    rval = Tss2_Sys_FlushContext( sysContext, session->sessionHandle );
    if( rval != TPM_RC_SUCCESS )
    {
        printf("\n......TPM2_Sys_FlushContext Error. TPM Error:0x%x......\n", rval);
        return -4;
    }
    // And remove the session from sessions table.
    rval = EndAuthSession( session );
    if( rval != TPM_RC_SUCCESS )
    {
        printf("\n......EndAuthSession Error. TPM Error:0x%x......\n", rval);
        return -5;
    }

    printf("\nCertInfoData :\n");
    for (int k = 0; k<certInfoData.t.size; k++)
    {
        printf("0x%.2x ", certInfoData.t.buffer[k]);
    }
    printf("\n\n");

    if(saveDataToFile(outFilePath, certInfoData.t.buffer, certInfoData.t.size) == 0)
        printf("OutFile %s completed!\n",outFilePath);
    else
        return -6;

    return 0;
}
コード例 #9
0
ファイル: tpm2_nvwrite.c プロジェクト: 01org/tpm2.0-tools
int nvWrite()
{
    UINT32 rval;
    TPMS_AUTH_COMMAND sessionData;
    TPMS_AUTH_RESPONSE sessionDataOut;
    TSS2_SYS_CMD_AUTHS sessionsData;
    TSS2_SYS_RSP_AUTHS sessionsDataOut;
    UINT16 i, offset = 0;
    TPM2B_MAX_NV_BUFFER nvWriteData;

    TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
    TPMS_AUTH_RESPONSE *sessionDataOutArray[1] = { &sessionDataOut };

    sessionsDataOut.rspAuths = &sessionDataOutArray[0];
    sessionsData.cmdAuths = &sessionDataArray[0];

    sessionsDataOut.rspAuthsCount = 1;
    sessionsData.cmdAuthsCount = 1;

    sessionData.sessionHandle = TPM_RS_PW;
    sessionData.nonce.t.size = 0;
    sessionData.hmac.t.size = 0;
    *( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;

    if (strlen(handlePasswd) > 0 && !hexPasswd)
    {
        sessionData.hmac.t.size = strlen(handlePasswd);
        memcpy( &sessionData.hmac.t.buffer[0], handlePasswd, sessionData.hmac.t.size );
    }
    else if (strlen(handlePasswd) > 0 && hexPasswd)
    {
        sessionData.hmac.t.size = sizeof(sessionData.hmac) - 2;
        if (hex2ByteStructure(handlePasswd, &sessionData.hmac.t.size,
                              sessionData.hmac.t.buffer) != 0)
        {
            printf( "Failed to convert Hex format password for handlePasswd.\n");
            return -1;
        }
    }

    while (dataSize > 0)
    {
        nvWriteData.t.size = dataSize > MAX_NV_BUFFER_SIZE ? MAX_NV_BUFFER_SIZE : dataSize;
        printf("\nThe data(size=%d) to be written:\n", nvWriteData.t.size);
        for( i = 0; i<(int)nvWriteData.t.size; i++ )
        {
            nvWriteData.t.buffer[i] = nvBuffer[offset+i];
            printf("%02x ", nvBuffer[offset+i]);
        }
        printf("\n\n");

        rval = Tss2_Sys_NV_Write( sysContext, authHandle, nvIndex, &sessionsData, &nvWriteData, offset, &sessionsDataOut );
        if(rval != TSS2_RC_SUCCESS)
        {
            printf( "Failed to write NV area at index 0x%x (%d) offset 0x%x. Error:0x%x\n", nvIndex, nvIndex, offset, rval );
            return -1;
        }
        printf( "Success to write NV area at index 0x%x (%d) offset 0x%x.\n", nvIndex, nvIndex, offset );

        dataSize -= nvWriteData.t.size;
        offset += nvWriteData.t.size;
    }

    return 0;
}