TSS_RESULT verify_bind_attribs(TSS_HKEY hBindingKey) { UINT32 attrib; TSS_RESULT result; // verify binding key's attribs // 1. Key Type if ((result = Tspi_GetAttribUint32(hBindingKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_USAGE, &attrib))) { print_error( "Tspi_GetAttribUint32", result ); return result; } if (attrib != TSS_KEYUSAGE_BIND) { print_verifyerr("key usage", TSS_KEYUSAGE_BIND, attrib); return TSS_E_FAIL; } // 2. Auth data usage if ((result = Tspi_GetAttribUint32(hBindingKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE, &attrib))) { print_error( "Tspi_GetAttribUint32", result ); return result; } if (attrib != TRUE) { print_verifyerr("key authdata usage", TRUE, attrib); return TSS_E_FAIL; } // 3. Key size if ((result = Tspi_GetAttribUint32(hBindingKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE, &attrib))) { print_error( "Tspi_GetAttribUint32", result ); return result; } if (attrib != TSS_KEY_SIZEVAL_2048BIT) { print_verifyerr("key size", TSS_KEY_SIZEVAL_2048BIT, attrib); return TSS_E_FAIL; } return result; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }
static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id, UI_METHOD *ui, void *cb_data) { ASN1_OCTET_STRING *blobstr; TSS_HKEY hKey; TSS_RESULT result; UINT32 authusage; RSA *rsa; EVP_PKEY *pkey; BIO *bf; DBG("%s", __FUNCTION__); if (!key_id) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER); return NULL; } if (!tpm_load_srk(ui, cb_data)) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_SRK_LOAD_FAILED); return NULL; } if ((bf = BIO_new_file(key_id, "r")) == NULL) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_FILE_NOT_FOUND); return NULL; } blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING, "TSS KEY BLOB", bf, NULL, NULL, NULL); if (!blobstr) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_FILE_READ_FAILED); BIO_free(bf); return NULL; } BIO_free(bf); DBG("Loading blob of size: %d", blobstr->length); if ((result = Tspi_Context_LoadKeyByBlob(hContext, hSRK, blobstr->length, blobstr->data, &hKey))) { TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } ASN1_OCTET_STRING_free(blobstr); if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &authusage))) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } if (authusage) { TSS_HPOLICY hPolicy; BYTE *auth; if ((auth = calloc(1, 128)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } if (!tpm_engine_get_auth(ui, (char *)auth, 128, "TPM Key Password: ", cb_data)) { Tspi_Context_CloseObject(hContext, hKey); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolicy))) { Tspi_Context_CloseObject(hContext, hKey); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Policy_AssignToObject(hPolicy, hKey))) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_CloseObject(hContext, hPolicy); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, strlen((char *)auth), auth))) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_CloseObject(hContext, hPolicy); free(auth); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return 0; } free(auth); } /* create the new objects to return */ if ((pkey = EVP_PKEY_new()) == NULL) { Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } pkey->type = EVP_PKEY_RSA; if ((rsa = RSA_new()) == NULL) { EVP_PKEY_free(pkey); Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE); return NULL; } rsa->meth = &tpm_rsa; /* call our local init function here */ rsa->meth->init(rsa); pkey->pkey.rsa = rsa; if (!fill_out_rsa_object(rsa, hKey)) { EVP_PKEY_free(pkey); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED); return NULL; } EVP_PKEY_assign_RSA(pkey, rsa); return pkey; }
int main_v1_2( char version ) { char * function = "Tspi_TPM_Delegate_GetFamily05"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HTPM hTPM, hTPM2; TSS_HPOLICY hTPMPolicy; TSS_HDELFAMILY hFamily = NULL_HDELFAMILY, hFamily2; UINT32 familyID, returnedID; TSS_RESULT result; print_begin_test( function ); result = connect_load_all(&hContext, &hSRK, &hTPM); if ( result != TSS_SUCCESS ) { print_error( "connect_load_all", result ); goto done; } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); goto done; } result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); goto done; } result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_Delegate_AddFamily", result ); goto done; } result = Tspi_GetAttribUint32(hFamily, TSS_TSPATTRIB_DELFAMILY_INFO, TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID, &familyID); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( "Tspi_TPM_GetAttribUint32", result ); } else { print_error_nonapi( "Tspi_TPM_GetAttribUint32", result ); } goto done; } /* Keep hTPM to invalidate family and then set it to NULL */ hTPM2 = hTPM; hTPM = NULL_HTPM; /* Keep family address */ hFamily2 = hFamily; result = Tspi_TPM_Delegate_GetFamily(hTPM, familyID, &hFamily); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2); print_error( function, result ); result = 1; goto done; } else { Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2); print_success( function, result ); result = 0; } done: /* Invalidate the family to avoid resource exhaustion */ if (hFamily != NULL_HDELFAMILY) Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); print_end_test( function ); exit( result ); }
int tpm_load_srk(UI_METHOD *ui, void *cb_data) { TSS_RESULT result; UINT32 authusage; BYTE *auth; UINT32 auth_size; UINT32 srk_secret_mode = secret_mode; BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; if (hSRK != NULL_HKEY) { DBGFN("SRK is already loaded."); return 1; } if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &authusage))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if (!authusage) { DBG("SRK has no auth associated with it."); return 1; } /* If hSRKPolicy is non 0, then a policy object for the SRK has already * been set up by engine pre/post commands. Just assign it to the SRK. * Otherwise, we need to get the SRK's implicit policy and prompt for a * secret */ if (hSRKPolicy) { DBG("Found an already initialized SRK policy, using it"); if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, hSRK))) { TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } return 1; } if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy))) { Tspi_Context_CloseObject(hContext, hSRK); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } if ((auth = calloc(1, 128)) == NULL) { TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE); return 0; } if (!srk_zeroed) { if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ", cb_data)) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); } auth_size = strlen((char *)auth); } else { auth_size = sizeof(well_known_secret); memcpy(auth, well_known_secret, auth_size); srk_secret_mode = TSS_SECRET_MODE_SHA1; } /* secret_mode is a global that may be set by engine ctrl * commands. By default, its set to TSS_SECRET_MODE_PLAIN */ if ((result = Tspi_Policy_SetSecret(hSRKPolicy, srk_secret_mode, auth_size, auth))) { Tspi_Context_CloseObject(hContext, hSRK); free(auth); TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED); return 0; } free(auth); return 1; }
int fill_out_rsa_object(RSA *rsa, TSS_HKEY hKey) { TSS_RESULT result; UINT32 pubkey_len, encScheme, sigScheme; BYTE *pubkey; struct rsa_app_data *app_data; DBG("%s", __FUNCTION__); if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &encScheme))) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &sigScheme))) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); return 0; } /* pull out the public key and put it into the RSA object */ if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &pubkey_len, &pubkey))) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); return 0; } if ((rsa->n = BN_bin2bn(pubkey, pubkey_len, rsa->n)) == NULL) { Tspi_Context_FreeMemory(hContext, pubkey); TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_BN_CONVERSION_FAILED); return 0; } Tspi_Context_FreeMemory(hContext, pubkey); /* set e in the RSA object */ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE); return 0; } if (!BN_set_word(rsa->e, 65537)) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); BN_free(rsa->e); rsa->e = NULL; return 0; } if ((app_data = OPENSSL_malloc(sizeof(struct rsa_app_data))) == NULL) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE); BN_free(rsa->e); rsa->e = NULL; return 0; } DBG("Setting hKey(0x%x) in RSA object", hKey); DBG("Setting encScheme(0x%x) in RSA object", encScheme); DBG("Setting sigScheme(0x%x) in RSA object", sigScheme); memset(app_data, 0, sizeof(struct rsa_app_data)); app_data->hKey = hKey; app_data->encScheme = encScheme; app_data->sigScheme = sigScheme; RSA_set_ex_data(rsa, ex_app_data, app_data); return 1; }
static void print_key_info(TSS_HCONTEXT hContext, TSS_HOBJECT hKey) { TSS_RESULT ret; UINT32 attrib; UINT32 keyInfoSize; BYTE *keyInfo; /* Key size */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIZE, &attrib); if (ret) { print_error(ret, gettext("Get key size")); } (void) printf(gettext("Key Size: %d bits\n"), attrib); /* Key usage */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_USAGE, &attrib); if (ret) { print_error(ret, gettext("Get key usage")); } (void) printf(gettext("Key Usage: %s\n"), decode(key_usage, attrib)); /* Algorithm */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ALGORITHM, &attrib); if (ret) { print_error(ret, gettext("Get key algorithm")); } (void) printf(gettext("Algorithm: %s\n"), decode(key_algorithm, attrib)); /* Authorization required */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &attrib); if (ret) { print_error(ret, gettext("Get key authusage")); } (void) printf(gettext("Authorization required: %s\n"), attrib ? gettext("Yes") : gettext("No")); /* Signature scheme */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &attrib); if (ret) { print_error(ret, gettext("Get key signature scheme")); } (void) printf(gettext("Signature scheme: %s\n"), decode(key_sigscheme, attrib)); /* Encoding scheme */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &attrib); if (ret) { print_error(ret, gettext("Get key encoding scheme")); } (void) printf(gettext("Encoding scheme: %s\n"), decode(key_encscheme, attrib)); /* Key blob */ ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &keyInfoSize, &keyInfo); if (ret) { print_error(ret, gettext("Get key blob")); } (void) printf(gettext("TPM Key Blob:\n")); print_bytes(keyInfo, keyInfoSize, TRUE); ret = Tspi_Context_FreeMemory(hContext, keyInfo); if (ret) { print_error(ret, gettext("Free key info buffer")); } }
int main_v1_1( void ) { char *function = "Tspi_GetAttribUint3201"; TSS_HKEY hParentKey; TSS_HCONTEXT hContext; UINT32 ES; UINT32 SS; TSS_RESULT result; TSS_HPOLICY hPolicy; UINT32 exitCode; TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Create and initialize empty object result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hParentKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (parent key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (parent key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Set uint, no encryption, key enc scheme result = Tspi_GetAttribUint32( hParentKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &ES ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { print_success( function, result ); exitCode = 0; } // Set uint, key sig scheme result = Tspi_GetAttribUint32( hParentKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &SS ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { print_success( function, result ); } result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS, &ES ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { print_success( function, result ); } result = Tspi_GetAttribUint32( hContext, TSS_TSPATTRIB_CONTEXT_SILENT_MODE, 0, &SS ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main_v1_1( void ) { char *function = "Tspi_PolicyChecking01"; char *function1 = "Tspi_GetAttribUint32"; TSS_RESULT result; TSS_HPOLICY hPolicy; TSS_HCONTEXT hContext; TSS_HOBJECT hObject; UINT32 ES, exitCode1; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_error_exit( function, err_string(result) ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, NULL ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // get policy result = Tspi_Context_GetDefaultPolicy ( hContext, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetDefaultPolicy", result ); print_error_exit( function, err_string(result) ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } /* ################# CHECKING DEFAULTS ################### */ result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_CALLBACK_HMAC, 0, &ES ); if ( result != TSS_SUCCESS ) { print_error( function1, result ); exitCode1 = 1; } else { if( ES != 0 ) { print_error( function1, result ); exitCode1 = 1; } else { print_success( function1, result); } } fprintf( stderr, "\t\tAddress of callback hmac: %x\n", ES ); result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC, 0, &ES ); if ( result != TSS_SUCCESS ) { print_error( function1, result ); exitCode1 = 1; } else { if( ES != 0 ) { print_error( function1, result ); exitCode1 = 1; } else { print_success( function1, result); } } fprintf( stderr, "\t\tAddress of callback xor enc: %x\n", ES ); result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP, 0, &ES ); if ( result != TSS_SUCCESS ) { print_error( function1, result ); exitCode1 = 1; } else { if( ES != 0 ) { print_error( function1, result ); exitCode1 = 1; } else { print_success( function1, result); exitCode1 = 0; } } fprintf( stderr, "\t\tAddress of callback take ownership: %x\n", ES ); result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM, 0, &ES ); if ( result != TSS_SUCCESS ) { print_error( function1, result ); exitCode1 = 1; } else { if( ES != 0 ) { print_error( function1, result ); exitCode1 = 1; } else { print_success( function1, result); } } fprintf( stderr, "\t\tAddress of callback change auth asym: %x\n", ES ); result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS, &ES ); if ( result != TSS_SUCCESS ) { print_error( function1, result ); exitCode1 = 1; } else { /* flag not set by default */ if( ES == FALSE ) { print_error( function1, result ); exitCode1 = 1; } else { print_success( function1, result); } } fprintf( stderr, "\t\tFlag set in policy object?: %x\n", ES ); if( exitCode1 == 0 ) print_success( function, result ); else print_error( function, result ); result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER, &ES ); /* TSS_TSPATTRIB_POLICY_SECRET_LIFETIME Not set by default so TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER should return error */ if ( result == TSS_SUCCESS ) { print_error( function1, result ); fprintf( stderr, "\t\tCounter value: %x\n", ES ); exitCode1 = 1; } else { print_success( function1, result); } result = Tspi_GetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER, &ES ); /* TSS_TSPATTRIB_POLICY_SECRET_LIFETIME Not set by default so TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER should return error */ if ( result == TSS_SUCCESS ) { print_error( function1, result ); fprintf( stderr, "\t\tTime value in seconds: %x\n", ES ); exitCode1 = 1; } else { print_success( function1, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode1 ); }
int main_v1_2( char version ) { char *function = "policy_check_lifetime02"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; TSS_BOOL state; TSS_RESULT result; UINT32 remainingUsages; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Retrieve TPM object of context result = Tspi_Context_GetTpmObject( hContext, &hTPM ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetTpmObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sets the policy Lifetime Counter result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, COUNTER); if (result != TSS_SUCCESS){ print_error("Tspi_SetAttribUint32", result); Tspi_Context_Close(hContext); exit(result); } //Sets the secret and fires the counter result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //First two GetStatus calls: the Policy should not be expired yet //Get status - first call (remainingUsages = COUNTER -1 result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - second call (remainingUsages = COUNTER -2) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_DISABLEPUBEKREAD, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(2)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - third call (remainingUsages = COUNTER -3) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(3)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Ensure Secret usages reached 0 result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages); if ( result != TSS_SUCCESS || (remainingUsages)){ if (remainingUsages){ fprintf( stderr, "\tError: Secret usages did not reach zero: (%u)\n", remainingUsages ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - fourth call with secret expired (remainingUsages = COUNTER -3) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( Trspi_Error_Code(result) != TSS_E_INVALID_OBJ_ACCESS ) { print_error( "Tspi_TPM_GetStatus(4)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set secret again and reset policy lifetime counter result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages); if ( result != TSS_SUCCESS || (remainingUsages != COUNTER)){ if (remainingUsages != COUNTER){ fprintf( stderr, "\tError: Secret usages counter wasn't reset: (%u)\n", remainingUsages ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(5)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } print_success( function, result); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int main_v1_2( char version ) { char *function = "policy_check_lifetime04"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; TSS_BOOL state; TSS_RESULT result; UINT32 remainingTimer; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Retrieve TPM object of context result = Tspi_Context_GetTpmObject( hContext, &hTPM ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetTpmObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sets the policy Lifetime Timer result = Tspi_SetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, TIMER ); if (result != TSS_SUCCESS){ print_error("Tspi_SetAttribUint32", result); Tspi_Context_Close(hContext); exit(result); } //Sets the secret and fires the timer result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Ensure Secret usages is not always result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer); if ( result != TSS_SUCCESS || (remainingTimer) ){ if ( remainingTimer ){ fprintf( stderr, "\tError: Policy Usage is set as always: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_Policy_SetSecret", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - first call within TIMER seconds result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sleeps for TIMER - 3 seconds fprintf( stdout, "Sleeping for %u seconds\n", TIMER-3); sleep( TIMER - 3 ); //Ensures the usage timer has decremented result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, &remainingTimer); if ( result != TSS_SUCCESS || (remainingTimer <= TIMER-3)){ if ( remainingTimer <= TIMER-3 ){ fprintf( stderr, "\tError: Invalid policy timer after usage: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sets the policy Lifetime as always result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, 0); if (result != TSS_SUCCESS){ print_error("Tspi_SetAttribUint32", result); Tspi_Context_Close(hContext); exit(result); } //Ensure Secret usages is always result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer); if ( result != TSS_SUCCESS || (!remainingTimer) ){ if ( !remainingTimer ){ fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - second call result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(2)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - third call result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(3)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - fourth call result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(4)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Ensure Secret usages is always result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer); if ( result != TSS_SUCCESS || (!remainingTimer) ){ if ( !remainingTimer ){ fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n", remainingTimer ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } print_success( function, result); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }