static TPM_RESULT execute_TPM_LoadKey(TPM_REQUEST *req, TPM_RESPONSE *rsp) { BYTE *ptr; UINT32 len; TPM_KEY_HANDLE parentHandle; TPM_KEY inKey; TPM_KEY_HANDLE inkeyHandle; TPM_RESULT res; /* compute parameter digest */ tpm_compute_in_param_digest(req); /* unmarshal input */ ptr = req->param; len = req->paramSize; if (tpm_unmarshal_TPM_KEY_HANDLE(&ptr, &len, &parentHandle) || tpm_unmarshal_TPM_KEY(&ptr, &len, &inKey) || len != 0) return TPM_BAD_PARAMETER; /* execute command */ res = TPM_LoadKey(parentHandle, &inKey, &req->auth1, &inkeyHandle); if (res != TPM_SUCCESS) return res; /* marshal output */ rsp->paramSize = len = 4; rsp->param = ptr = malloc(len); if (ptr == NULL || tpm_marshal_TPM_KEY_HANDLE(&ptr, &len, inkeyHandle)) { free(rsp->param); res = TPM_FAIL; } return res; }
int main(int argc, char **argv) { int fd, size, i, ret; uint32_t kh, pcrs; unsigned char buf[1024], hash[20], pass[20]; char *srkpass, *keyfile, ch; /* SHA1 hash of TPM's SRK password */ char *tpmhash = "\x71\x10\xed\xa4\xd0\x9e\x06\x2a\xa5\xe4\xa3" "\x90\xb0\xa5\x72\xac\x0d\x2c\x02\x20"; char *nonce = "\x80\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0\x0" "\x0\x0\x0\x0\x1"; keydata k; RSA *rpub; srkpass = keyfile = NULL; while ((ch = getopt(argc, argv, "hs:f:")) != -1) { switch (ch) { case 's': srkpass = optarg; break; case 'f': keyfile = optarg; break; case 'h': default: usage(argv[0]); break; } } if (!srkpass) usage(argv[0]); if (!keyfile) keyfile = "key.blob"; SHA1(srkpass, strlen(srkpass), pass); fd = open(keyfile, O_RDONLY); if (fd == -1) errx(1, "couldn't open %s\n", keyfile); size = read(fd, buf, 1024); if (size == -1) errx(1, "couldn't read\n"); size = TSS_KeyExtract(buf, &k); printf("keybuf size: %d\n", size); close(fd); printf("loading . . .\n"); /* 0x40000000 is the UID for the SRK */ if (ret = TPM_LoadKey(0x40000000, pass, &k, &kh)) { printf("%s\n", TPM_GetErrMsg(ret)); errx(1, "TPM_LoadKey\n"); } /* Quote PCR 0 */ printf("quoting . . .\n"); if (ret = TPM_Quote(kh, (0x00000001 << 0), pass, nonce, &pcomp, buf, &size)) { printf("%s\n", TPM_GetErrMsg(ret)); errx(1, "TPM_Quote\n"); } /* TPM will run out of memory if you forget to evict keys. This can be * fixed with a good ol' reboot.*/ printf("evicting. . .\n"); if (ret = TPM_EvictKey(kh)) { printf("%s\n", TPM_GetErrMsg(ret)); errx(1, "TPM_EvictKey\n"); } /* Compute composite hash */ SHA1((char*)&pcomp, sizeof(pcomp), hash); printf("slen: %d\n", ntohs(pcomp.slen)); printf("select: 0x%x\n", pcomp.s); printf("plen %d\n", ntohl(pcomp.plen)); printf("pcr hash: "); for (i = 0; i < 20; i++) printf("%02x ", pcomp.p[i]); printf("\n"); printf("composite hash: "); for (i = 0; i < 20; i++) printf("%02x ", hash[i]); printf("\n"); printf("signed blob len: %d\n", size); printf("signed blob: "); for (i = 0; i < size; i++) printf("%02x ", buf[i]); printf("\n"); /* See if the signed object matches the composite hash concatenated * with the nonce */ signedhash.fixed[0] = 1; signedhash.fixed[1] = 1; signedhash.fixed[2] = 0; signedhash.fixed[3] = 0; signedhash.fixed[4] = 'Q'; signedhash.fixed[5] = 'U'; signedhash.fixed[6] = 'O'; signedhash.fixed[7] = 'T'; memcpy(&signedhash.comphash, hash, 20); memcpy(&signedhash.nonce, nonce, 20); SHA1((char*)&signedhash, sizeof(signedhash), hash); /* Gives us an RSA public key from the TPM key */ rpub = TSS_convpubkey(&k.pub); if (!rpub) errx(1, "TSS_convpubkey\n"); if (!RSA_verify(NID_sha1, hash, 20, buf, size, rpub)) printf("SIGNATURE FAILED\n"); else printf("Signature is correct\n"); return 0; }
int main(int argc, char * argv[]) { uint32_t ret = 0; int i = 0; int verbose = FALSE; uint32_t migkeyhandle = 0; char * filename = NULL; unsigned char * buffer = NULL; unsigned char keypasshash[TPM_HASH_SIZE]; char * keypass = NULL; uint16_t migscheme = TPM_MS_MIGRATE; unsigned char * keyhashptr = NULL; i = 1; TPM_setlog(0); while (i < argc) { if (!strcmp("-if",argv[i])) { i++; if (i < argc) { filename = argv[i]; } else { printf("Missing mandatory parameter for -if.\n"); usage(); } } else if (!strcmp("-hp",argv[i])) { i++; if (i < argc) { sscanf(argv[i],"%x",&migkeyhandle); } else { printf("Missing mandatory parameter for -hp.\n"); usage(); } } else if (!strcmp("-pwdp",argv[i])) { i++; if (i < argc) { keypass = argv[i]; } else { printf("Missing mandatory parameter for -pwdp.\n"); usage(); } } else if (!strcmp("-rewrap",argv[i])) { migscheme = TPM_MS_REWRAP; } else if (!strcmp("-v",argv[i])) { verbose = TRUE; TPM_setlog(1); } else if (!strcmp("-h",argv[i])) { usage(); } else { printf("\n%s is not a valid option\n", argv[i]); usage(); } i++; } if (0 == migkeyhandle || NULL == filename) { printf("Missing mandatory parameter.\n"); usage(); } if (NULL != keypass) { TSS_sha1(keypass,strlen(keypass),keypasshash); keyhashptr = keypasshash; } else { keyhashptr = NULL; } buffer = readFile(filename); if (NULL != buffer) { int offset = 0; unsigned char * encblob = NULL; uint32_t encsize = 0; unsigned char * rndblob = NULL; uint32_t rndsize = 0; uint32_t keysize = 0; unsigned char * keyblob = NULL; unsigned char * outblob = NULL; uint32_t outblen; keydata newkey; STACK_TPM_BUFFER( tb ); rndsize = LOAD32(buffer,offset); offset += 4; rndblob = &buffer[offset]; offset += rndsize; encsize = LOAD32(buffer,offset); offset += 4; encblob = &buffer[offset]; offset += encsize; keysize = LOAD32(buffer,offset); offset += 4; keyblob = &buffer[offset]; offset += keysize; SET_TPM_BUFFER(&tb, keyblob, keysize); TSS_KeyExtract(&tb, 0,&newkey); outblob = malloc(encsize); if (NULL == outblob) { printf("Error allocating memory for decrypted blob.\n"); exit(-1); } outblen = encsize; if (TPM_MS_REWRAP == migscheme || 0 == rndsize) { memcpy(newkey.encData.buffer, encblob, encsize); newkey.encData.size = outblen; ret = 0; } else { ret = TPM_ConvertMigrationBlob(migkeyhandle, keyhashptr, rndblob, rndsize, encblob, encsize, outblob, &outblen); if (0 == ret) { memcpy(newkey.encData.buffer, outblob, outblen); newkey.encData.size = outblen; } else { printf("ConvertMigrationBlob returned '%s' (0x%x).\n", TPM_GetErrMsg(ret), ret); } } if (0 == ret) { uint32_t newhandle; ret = TPM_LoadKey(migkeyhandle, keyhashptr, &newkey, &newhandle); if (0 == ret) { printf("Successfully loaded key into TPM.\n" "New Key Handle = %08X\n", newhandle); } else { printf("LoadKey returned '%s' (0x%x).\n", TPM_GetErrMsg(ret), ret); } } } return ret; }