main_v1_1(void){ char *nameOfFunction = "Tspi_GetAttribData07"; TSS_HKEY hKey; TSS_HCONTEXT hContext; TSS_RESULT result; BYTE* BLOB; UINT32 BlobLength; print_begin_test(nameOfFunction); //Call GetAttribData result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &BlobLength, &BLOB); if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); exit(0); } }
/* reads the RSA public key from the given TSS key. * If psize is non-null it contains the total size of the parameters * in bytes */ static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx, size_t * psize) { void *tdata; UINT32 tint; TSS_RESULT tssret; gnutls_datum_t m, e; int ret; /* read the public key */ tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &tint, (void *) &tdata); if (tssret != 0) { gnutls_assert(); return tss_err(tssret); } m.data = tdata; m.size = tint; tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &tint, (void *) &tdata); if (tssret != 0) { gnutls_assert(); Tspi_Context_FreeMemory(key_ctx, m.data); return tss_err(tssret); } e.data = tdata; e.size = tint; ret = gnutls_pubkey_import_rsa_raw(pub, &m, &e); Tspi_Context_FreeMemory(key_ctx, m.data); Tspi_Context_FreeMemory(key_ctx, e.data); if (ret < 0) return gnutls_assert_val(ret); if (psize) *psize = e.size + m.size; return 0; }
main_v1_1(void){ char *nameOfFunction = "Tspi_GetAttribData09"; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HKEY hSRK; BYTE* BLOB; UINT32 BlobLength; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key by UUID for SRK result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_Close(hContext); exit(result); } //Call GetAttribData result = Tspi_GetAttribData(hSRK, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &BlobLength, &BLOB); if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } }
void tc_get_attribdata(TSS_HCONTEXT hContext, TSS_HOBJECT hObject, UINT32 flag, UINT32 subflag, UINT32 *blobSize, BYTE **blob) { TSS_RESULT result; result = Tspi_GetAttribData(hObject, flag, subflag, blobSize, blob); if (result != TSS_SUCCESS) { print_error("Tspi_GetAttribData", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } }
TSS_RESULT util_set_public_modulus(TSS_HKEY hKey, unsigned long size_n, unsigned char *n) { UINT64 offset; UINT32 blob_size; BYTE *blob, pub_blob[1024]; TCPA_PUBKEY pub_key; TSS_RESULT result; /* Get the TCPA_PUBKEY blob from the key object. */ result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob); if (result != TSS_SUCCESS) { OCK_LOG_DEBUG("Tspi_GetAttribData failed: rc=0x%x", result); return result; } offset = 0; result = Trspi_UnloadBlob_PUBKEY(&offset, blob, &pub_key); if (result != TSS_SUCCESS) { OCK_LOG_DEBUG("Tspi_GetAttribData failed: rc=0x%x", result); return result; } Tspi_Context_FreeMemory(tspContext, blob); /* Free the first dangling reference, putting 'n' in its place */ free(pub_key.pubKey.key); pub_key.pubKey.keyLength = size_n; pub_key.pubKey.key = n; offset = 0; Trspi_LoadBlob_PUBKEY(&offset, pub_blob, &pub_key); /* Free the second dangling reference */ free(pub_key.algorithmParms.parms); /* set the public key data in the TSS object */ result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, (UINT32)offset, pub_blob); if (result != TSS_SUCCESS) { OCK_LOG_DEBUG("Tspi_SetAttribData failed: rc=0x%x", result); return result; } return TSS_SUCCESS; }
int main_v1_2( char version ) { char *function = "Tspi_GetAttribData21"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HPOLICY hSrkPolicy; BYTE *rgbDataToSeal = "This is a test"; BYTE rgbPcrValue[20]; TSS_HPCRS hPcrComposite; UINT32 AttribDataSize; BYTE* AttribData; UINT32 ulDataLength = strlen(rgbDataToSeal); TSS_RESULT result,resultFree; TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE | TSS_KEY_NO_AUTHORIZATION; TSS_FLAG pcrsInitFlags = 0; print_begin_test( function ); if (version == TESTSUITE_TEST_TSS_1_2) { keyInitFlags |= TSS_KEY_STRUCT_KEY12; pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG; } memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue)); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_end_test(function); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key by UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags, &hPcrComposite ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hPcrComposite)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrValue", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrLocality", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Checking flag and subflags //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -", result ); } print_end_test(function); Tspi_Context_Close(hContext); exit( 0 ); }
int main_v1_1( void ) { char *function = "Tspi_Context_LoadKeyByBlob03"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hMSigningKey; BYTE* migratableSignKeyBlob; UINT32 blobLength; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy; UINT32 exitCode = 0; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK //Get Policy Object result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &srkUsagePolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set Secret result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret (1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif //Create Signing Key result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_SIGNING, &hMSigningKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_CreateObject (signing key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey (Signing Key)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // get blob result = Tspi_GetAttribData( hMSigningKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLength, &migratableSignKeyBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key Blob result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, blobLength, NULL, &hMSigningKey ); if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = result; } else { print_error_nonapi( function, result ); exitCode = result; } } else { print_success( function, result ); } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
main_v1_1(void){ char *nameOfFunction = "Tspi_GetAttribData19"; TSS_FLAG initFlags; TSS_HKEY hKey; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HKEY hSRK; BYTE* uuid; UINT32 uuidLength; int rc; TSS_UUID null_uuid, key_uuid; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; memset(&null_uuid, 0, sizeof(TSS_UUID)); memset(&key_uuid, 0x7f, sizeof(TSS_UUID)); print_begin_test(nameOfFunction); //Create Context and connect result = connect_load_srk(&hContext, &hSRK); if (result != TSS_SUCCESS) { print_error("connect_load_srk", result); print_error_exit(nameOfFunction, err_string(result)); exit(result); } //Create Key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Create Key in the TPM result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Call GetAttribData, uuid should be all 0's result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_UUID, 0, &uuidLength, &uuid); if (result != TSS_SUCCESS) { print_error("Tspi_GetAttribData", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Check length and data if (uuidLength != sizeof(TSS_UUID)) { print_verifyerr("uuid length from Tspi_GetAttribData", 0, 1); print_error("uuid length from Tspi_GetAttribData", TSS_E_FAIL); Tspi_Context_Close(hContext); exit(result); } if ((rc = memcmp(uuid, &null_uuid, uuidLength))) { print_verifyerr("a null uuid from Tspi_GetAttribData", 0, rc); print_hex(uuid, sizeof(TSS_UUID)); print_error("uuid NULL from Tspi_GetAttribData", TSS_E_FAIL); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, uuid); register_key: //Register Key result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM, key_uuid, TSS_PS_TYPE_SYSTEM, SRK_UUID); if (TSS_ERROR_CODE(result) == TSS_E_KEY_ALREADY_REGISTERED) { result = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, key_uuid, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_UnregisterKey", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } goto register_key; } else if (result != TSS_SUCCESS) { print_error("Tspi_Context_RegisterKey", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Close the object result = Tspi_Context_CloseObject(hContext, hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CloseObject", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } hKey = 0; //Load the key by UUID from PS result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, key_uuid, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Call GetAttribData, uuid should be equal to key_uuid result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_UUID, 0, &uuidLength, &uuid); if (result != TSS_SUCCESS) { print_error("Tspi_GetAttribData", result); print_error_exit(nameOfFunction, err_string(result)); Tspi_Context_Close(hContext); exit(result); } //Check length and data if (uuidLength != sizeof(TSS_UUID)) { print_verifyerr("uuid length from Tspi_GetAttribData", 0, 1); print_error("uuid length from Tspi_GetAttribData", TSS_E_FAIL); Tspi_Context_Close(hContext); exit(result); } if ((rc = memcmp(uuid, &key_uuid, uuidLength))) { print_verifyerr("key's uuid from Tspi_GetAttribData", 0, rc); print_hex((BYTE *)&key_uuid, sizeof(TSS_UUID)); print_error("key's uuid from Tspi_GetAttribData", TSS_E_FAIL); Tspi_Context_Close(hContext); exit(result); } print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_Close(hContext); exit(0); }
int main_v1_2( char version ) { char *function = "Tspi_DecodeBER_TssBlob01"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HPOLICY hSrkPolicy; TSS_HKEY hKey; BYTE* rgbBlob; UINT32 ulBlobLength; BYTE* rgbEncBlob = NULL; UINT32 ulEncBlobLength; UINT32 ulBlobType; BYTE* rgbDecBlob = NULL; UINT32 ulDecBlobLength; TSS_RESULT result; print_begin_test( function ); result = connect_load_srk(&hContext, &hSRK); if ( result != TSS_SUCCESS ) { print_error( "connect_load_srk", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = create_key(hContext, TSS_KEY_TYPE_BIND, hSRK, &hKey); if ( result != TSS_SUCCESS ) { print_error( "create_key", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Call GetAttribData result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &ulBlobLength, &rgbBlob); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // EncodeDER_TssBlob (32 bytes extra is enough for the encoding) ulEncBlobLength = ulBlobLength + 32; rgbEncBlob = calloc(1, ulEncBlobLength); result = Tspi_EncodeDER_TssBlob( ulBlobLength, rgbBlob, TSS_BLOB_TYPE_KEY, &ulEncBlobLength, rgbEncBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_EncodeDER_TssBlob", result ); free(rgbEncBlob); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // DecodeBER_TssBlob (determine length first) ulDecBlobLength = 0; rgbDecBlob = NULL; result = Tspi_DecodeBER_TssBlob( ulEncBlobLength, rgbEncBlob, &ulBlobType, &ulDecBlobLength, rgbDecBlob ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); } else { print_error_nonapi( function, result ); } free(rgbEncBlob); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // DecodeBER_TssBlob rgbDecBlob = calloc(1, ulDecBlobLength); result = Tspi_DecodeBER_TssBlob( ulEncBlobLength, rgbEncBlob, &ulBlobType, &ulDecBlobLength, rgbDecBlob ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); } else { print_error_nonapi( function, result ); } free(rgbEncBlob); free(rgbDecBlob); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Compare the blobs if ( (ulBlobLength != ulDecBlobLength) || (memcmp(rgbBlob, rgbDecBlob, ulDecBlobLength) != 0) ) { if ( ulBlobLength != ulDecBlobLength ) { //Original blob length does not equal decoded blob length result = TSS_E_ENC_INVALID_LENGTH; print_error( function, result ); } else { //Original blob does not equal decoded blob result = TSS_E_FAIL; print_error( function, result ); } } else { print_success( function, result ); result = 0; } print_end_test( function ); free(rgbEncBlob); free(rgbDecBlob); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }
int TSPI_SealCurrPCR(TSS_HCONTEXT c, uint32_t keyhandle, uint32_t pcrmap, unsigned char *keyauth, unsigned char *dataauth, unsigned char *data, unsigned int datalen, unsigned char *blob, unsigned int *bloblen) { #define CHECK_ERROR(r,m) if (r != TSS_SUCCESS) { fprintf(stderr, m ": 0x%08x\n", r); return -1;} TSS_RESULT r = 0; TSS_HTPM tpm; TSS_HPCRS pcrComposite; TSS_UUID uuid; TSS_UUID srk_uuid = TSS_UUID_SRK; TSS_HKEY key; TSS_HENCDATA seal; TSS_HPOLICY key_policy, seal_policy; unsigned char *cipher; unsigned int cipher_len; /* Get the PCR values into composite object */ r = Tspi_Context_GetTpmObject(c, &tpm); CHECK_ERROR(r, "Error Getting TPM"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &pcrComposite); CHECK_ERROR(r, "Error Creating PCR-Composite"); r = Tspi_PcrComposite_SetPcrLocality(pcrComposite, TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR); CHECK_ERROR(r, "Error Setting Localities"); for (uint32_t pcrmask = 1, pcr = 0; pcr < NUM_PCRS; pcr++, pcrmask <<= 1) { if ((pcrmap & pcrmask) != 0) { uint32_t pcrval_size; uint8_t *pcrval; if (pcrvals[pcr] == NULL) { r = Tspi_TPM_PcrRead(tpm, pcr, &pcrval_size, &pcrval); CHECK_ERROR(r, "Error Reading PCR"); r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, pcrval_size, pcrval); CHECK_ERROR(r, "Error Setting Composite"); r = Tspi_Context_FreeMemory(c, pcrval); CHECK_ERROR(r, "Error Freeing Memory"); } else { pcrval = pcrvals[pcr]; r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, LEN, pcrval); CHECK_ERROR(r, "Error Setting Composite"); } } } /* Get the SRK and Policy Ready */ if (keyhandle = 0x40000000) { uuid = srk_uuid; } else { fprintf(stderr, "Error, only SRK currently supported\n"); r = 1; return -1; } r = Tspi_Context_LoadKeyByUUID(c, TSS_PS_TYPE_SYSTEM, uuid, &key); CHECK_ERROR(r, "Error Loading Key"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &key_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(key_policy, TSS_SECRET_MODE_SHA1, keylen, keyauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(key_policy, key); CHECK_ERROR(r, "Error Assigning Policy"); /* Get the Encdata Ready */ r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &seal); CHECK_ERROR(r, "Error Creating EncData"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &seal_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(seal_policy, TSS_SECRET_MODE_SHA1, keylen, dataauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(seal_policy, seal); CHECK_ERROR(r, "Error Assigning Policy"); /* Seal the Data */ r = Tspi_Data_Seal(seal, key, datalen, data, pcrComposite); CHECK_ERROR(r, "Error Sealing Data"); r = Tspi_GetAttribData(seal, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &cipher_len, &cipher); CHECK_ERROR(r, "Error Getting Sealed Data"); /* Return that stuff */ if (cipher_len > bloblen) { sprintf(stderr, "Internal Error, cipher too long"); r = 1; return -1; } memcpy(blob, cipher, cipher_len); *bloblen = cipher_len; /* Note: Do not even bother to return cipher directly. Would be freed during Context_Close anyways */ Tspi_Context_FreeMemory(c, cipher); return (r == 0)? 0 : -1; }
int main_v1_1( void ) { char *function = "Tspi_Data_Unbind05"; TSS_HCONTEXT hContext; TSS_HKEY hSRK; TSS_HKEY hKey; TSS_HPOLICY hSrkPolicy; BYTE *prgbDataToUnBind; TSS_HENCDATA hEncData; UINT32 pulDataLength; BYTE rgbDataToBind[DATA_SIZE], *rgbEncryptedData = NULL; UINT32 ulDataLength = DATA_SIZE, ulEncryptedDataLength = 0; TSS_UUID uuid; TSS_RESULT result; UINT32 exitCode; TSS_FLAG initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test( function ); memset (rgbDataToBind, 0x5a, DATA_SIZE); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // create hKey result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hEncData ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hEncData)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_SetAttribUint32( hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_SetAtttribUint32", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey( hKey, hSRK, 0 ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Load the newly created key result = Tspi_Key_LoadKey( hKey, hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_LoadKey", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } printf("Data before binding:\n"); print_hex(rgbDataToBind, ulDataLength); result = Tspi_Data_Bind( hEncData, hKey, ulDataLength, rgbDataToBind ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Data_Bind", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &ulEncryptedDataLength, &rgbEncryptedData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } printf("Data after encrypting:\n"); print_hex(rgbEncryptedData, ulEncryptedDataLength); result = Tspi_Data_Unbind( hEncData, hKey, &pulDataLength, &prgbDataToUnBind ); if ( result != TSS_SUCCESS ) { if( !(checkNonAPI(result)) ) { print_error( function, result ); exitCode = 1; } else { print_error_nonapi( function, result ); exitCode = 1; } } else { printf("Data after unbinding:\n"); print_hex(prgbDataToUnBind, pulDataLength); if (pulDataLength != ulDataLength) { printf("ERROR: Size of decrypted data does not match! " "(%u != %u)\n", pulDataLength, ulDataLength); } else if (memcmp(prgbDataToUnBind, rgbDataToBind, ulDataLength)) { printf("ERROR: Content of decrypted data does not match!\n"); } else { print_success( function, result ); exitCode = 0; } } print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( exitCode ); }
int main(int argc, char ** argv) { FILE * file; size_t res; rom_hdr_t hdr; TSS_RESULT result; char pathrom[256] = ""; TSS_HKEY hSRK; TSS_HPOLICY pSRK; TSS_HKEY hKey; BYTE * pubInfo; UINT32 pubInfoSize; int i; for(i = 1 ; i < argc ; i++) { if(strncmp("-f", argv[i], sizeof("-f")) == 0) { if(i + 1 >= argc) { usage(); return 1; } snprintf(pathrom, sizeof(pathrom), "%s", argv[i + 1]); pathrom[sizeof(pathrom) - 1] = 0; i++; } else { usage(); return 1; } } if(pathrom[0] == 0) { char * home=getenv("HOME"); if(home == NULL) { fprintf(stderr, "No $HOME environment variable defined\n"); return 1; } snprintf(pathrom, sizeof(pathrom), "%s/.dtex/rom.bin", home); pathrom[sizeof(pathrom) - 1] = 0; } file = fopen(pathrom, "rb"); if(file == NULL) { fprintf(stderr, "Can't open rom file\n"); return 1; } res = fread(&hdr, sizeof(hdr), 1, file); if(res != 1) { fprintf(stderr, "Can't read rom file\n"); fclose(file); return 1; } fclose(file); //Creation of the TSS Context result = Tspi_Context_Create(&hContext); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_Create", result); res = 1; goto err; } //Connection to the TSS Context result = Tspi_Context_Connect(hContext, NULL); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_Connext", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); res = 1; goto err; } // Create object key in order to put the public key result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_EMPTY_KEY, &hKey); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_LoadKeyByBlob", result); res = 1; goto err; } result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, hdr.tpmsignkey_size, hdr.tpmsignkey_blob); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_SetAttribData", result); res = 1; goto err; } result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &pubInfoSize, &pubInfo); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_GetAttribData", result); res = 1; goto err; } if(fwrite(pubInfo, pubInfoSize, 1, stdout) != 1) { fprintf(stderr, "Write error\n"); res = 1; goto err; } result = Tspi_Context_FreeMemory(hContext, pubInfo); if(result != TSS_SUCCESS) { tspiError("Echec Tspi_Context_FreeMemory", result); res = 1; goto err; } res = 0; err: //Close TSS session Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return res; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext=0; TSS_HTPM hTPM = 0; TSS_RESULT result; TSS_HKEY hSRK = 0; TSS_HPOLICY hSRKPolicy=0; TSS_UUID SRK_UUID = TSS_UUID_SRK; BYTE wks[20]; memset(wks,0,20); TSS_HKEY hESS_Bind_Key; TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID; TSS_HPOLICY hESS_Policy; TSS_FLAG initFlags; BYTE *pubKey; UINT32 pubKeySize; FILE *fout, *fin; result =Tspi_Context_Create(&hContext); DBG("Create a context", result); result=Tspi_Context_Connect(hContext, NULL); DBG("Connect to TPM", result); result=Tspi_Context_GetTpmObject(hContext, &hTPM); DBG("Get TPM handle", result); result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); DBG("Get SRK handle", result); result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); DBG("Get SRK Policy", result); result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks); DBG("Tspi_Policy_SetSecret", result); result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hESS_Policy); DBG("Create a key policy object", result); result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1, 20, wks); DBG("Set key policy object secret", result); initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hESS_Bind_Key); DBG("Create the key object", result); result = Tspi_SetAttribUint32(hESS_Bind_Key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15); DBG("Set the keys's padding type", result); result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key); DBG("Assign the key's policy to the key", result); printf("Creating the key could take a while\n"); result = Tspi_Key_CreateKey(hESS_Bind_Key, hSRK, 0); DBG("Asking TPM to create the key", result); result = Tspi_Context_RegisterKey(hContext, hESS_Bind_Key, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, TSS_PS_TYPE_SYSTEM, SRK_UUID); DBG("Registering the key for later retrieval", result); printf("Registering the key blob for later retrieval\r\n"); result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK); DBG("Loading key in TPM", result); result = Tspi_Key_GetPubKey(hESS_Bind_Key, &pubKeySize, &pubKey); DBG("Get Public portion of key", result); fout = fopen("BackupESSBindKey.pub", "wb"); if(fout != NULL) { write(fileno(fout), pubKey, pubKeySize); printf("Finished writing BackupESSBindKey.pub\n"); fclose(fout); } else { printf("Error opening XXXXXXXXXXXX \r\n"); } result = Tspi_Policy_FlushSecret(hESS_Policy); DBG("Policy flush secret", result); result = Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, &hESS_Bind_Key); DBG("Get key handle", result); printf("Unregistering key\r\n"); result = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM, ESS_BIND_UUID, &hESS_Bind_Key); DBG("Unregister key", result); // Load a key and bind data UINT32 ulDataLength; BYTE *rbgBoundData; BYTE newPubKey[1000], encData[1000]; TSS_HENCDATA hEncData; fin = fopen("BackupESSBindKey.pub", "r"); read(fileno(fin), newPubKey,284); if (fin == NULL) return 0; fclose(fin); result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hESS_Bind_Key); DBG("Tspi_Context_CreateObject BindKey", result); result = Tspi_SetAttribData(hESS_Bind_Key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, 284,newPubKey); DBG("Set Public key into new key object", result); fin = fopen("data", "rb"); read(fileno(fin), encData, 7); fclose(fin); result=Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hEncData); DBG("Create Data Object", result); result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData); DBG("Bind data", result); result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &ulDataLength,&rbgBoundData); DBG("Get encrypted data", result); fout = fopen("Bound.data", "wb"); write(fileno(fout),rbgBoundData,ulDataLength); fclose(fout); result = Tspi_Context_FreeMemory(hContext, NULL); DBG("Tspi Context Free Memory", result); result = Tspi_Context_Close(hContext); DBG("Tspi Context Close", result); return 0; }
static int tpm_rsa_pub_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data); TSS_RESULT result; UINT32 out_len, in_len; BYTE *out; int rv; DBG("%s", __FUNCTION__); if (!app_data) { DBG("No app data found for RSA object %p. Calling software.", rsa); if ((rv = RSA_PKCS1_SSLeay()->rsa_pub_enc(flen, from, to, rsa, padding)) < 0) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED); } return rv; } if (app_data->hKey == NULL_HKEY) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_KEY); return 0; } if (app_data->hEncData == NULL_HENCDATA) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &app_data->hEncData))) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED); return 0; } DBG("Setting hEncData(0x%x) in RSA object", app_data->hEncData); } DBG("flen is %d", flen); if (padding == RSA_PKCS1_PADDING) { if (app_data->encScheme != TSS_ES_RSAESPKCSV15) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_PADDING_TYPE); DBG("encScheme(0x%x) in RSA object", app_data->encScheme); return 0; } if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } } else if (padding == RSA_PKCS1_OAEP_PADDING) { if (app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_PADDING_TYPE); DBG("encScheme(0x%x) in RSA object", app_data->encScheme); return 0; } /* subtract an extra 5 for the TCPA_BOUND_DATA structure */ if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE - 5)) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } } else { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_ENC_SCHEME); return 0; } in_len = flen; DBG("Bind: hKey(0x%x) hEncData(0x%x) in_len(%u)", app_data->hKey, app_data->hEncData, in_len); if ((result = Tspi_Data_Bind(app_data->hEncData, app_data->hKey, in_len, from))) { TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED); DBG("result = 0x%x (%s)", result, Trspi_Error_String(result)); return 0; } /* pull out the bound data and return it */ if ((result = Tspi_GetAttribData(app_data->hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &out_len, &out))) { TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED); return 0; } DBG("%s: writing out %d bytes as bound data", __FUNCTION__, out_len); memcpy(to, out, out_len); Tspi_Context_FreeMemory(hContext, out); return out_len; }
int fill_out_rsa_object(RSA *rsa, TSS_HKEY hKey) { TSS_RESULT result; UINT32 pubkey_len, encScheme, sigScheme; BYTE *pubkey; struct rsa_app_data *app_data; DBG("%s", __FUNCTION__); if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &encScheme))) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); return 0; } if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &sigScheme))) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); return 0; } /* pull out the public key and put it into the RSA object */ if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &pubkey_len, &pubkey))) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); return 0; } if ((rsa->n = BN_bin2bn(pubkey, pubkey_len, rsa->n)) == NULL) { Tspi_Context_FreeMemory(hContext, pubkey); TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_BN_CONVERSION_FAILED); return 0; } Tspi_Context_FreeMemory(hContext, pubkey); /* set e in the RSA object */ if (!rsa->e && ((rsa->e = BN_new()) == NULL)) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE); return 0; } if (!BN_set_word(rsa->e, 65537)) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED); BN_free(rsa->e); rsa->e = NULL; return 0; } if ((app_data = OPENSSL_malloc(sizeof(struct rsa_app_data))) == NULL) { TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE); BN_free(rsa->e); rsa->e = NULL; return 0; } DBG("Setting hKey(0x%x) in RSA object", hKey); DBG("Setting encScheme(0x%x) in RSA object", encScheme); DBG("Setting sigScheme(0x%x) in RSA object", sigScheme); memset(app_data, 0, sizeof(struct rsa_app_data)); app_data->hKey = hKey; app_data->encScheme = encScheme; app_data->sigScheme = sigScheme; RSA_set_ex_data(rsa, ex_app_data, app_data); return 1; }
main_v1_1(void){ char *nameOfFunction = "Tspi_GetAttribData01"; TSS_FLAG initFlags; TSS_HCONTEXT hContext; TSS_RESULT result; TSS_HKEY hSRK; BYTE* BLOB; UINT32 BlobLength; initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(nameOfFunction); //Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create ", result); exit(result); } //Connect Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Load Key by UUID for SRK result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_Close(hContext); exit(result); } //Call GetAttribData result = Tspi_GetAttribData(hSRK, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &BlobLength, &BLOB); if (result != TSS_SUCCESS) { if(!checkNonAPI(result)){ print_error(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else{ print_error_nonapi(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } } else{ print_success(nameOfFunction, result); print_end_test(nameOfFunction); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(0); } }
/** * gnutls_tpm_privkey_generate: * @pk: the public key algorithm * @bits: the security bits * @srk_password: a password to protect the exported key (optional) * @key_password: the password for the TPM (optional) * @format: the format of the private key * @pub_format: the format of the public key * @privkey: the generated key * @pubkey: the corresponding public key (may be null) * @flags: should be a list of GNUTLS_TPM_* flags * * This function will generate a private key in the TPM * chip. The private key will be generated within the chip * and will be exported in a wrapped with TPM's master key * form. Furthermore the wrapped key can be protected with * the provided @password. * * Note that bits in TPM is quantized value. If the input value * is not one of the allowed values, then it will be quantized to * one of 512, 1024, 2048, 4096, 8192 and 16384. * * Allowed flags are: * * %GNUTLS_TPM_KEY_SIGNING: Generate a signing key instead of a legacy, * %GNUTLS_TPM_REGISTER_KEY: Register the generate key in TPM. In that * case @privkey would contain a URL with the UUID. * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a * negative error value. * * Since: 3.1.0 **/ int gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits, const char *srk_password, const char *key_password, gnutls_tpmkey_fmt_t format, gnutls_x509_crt_fmt_t pub_format, gnutls_datum_t * privkey, gnutls_datum_t * pubkey, unsigned int flags) { TSS_FLAG tpm_flags = TSS_KEY_VOLATILE; TSS_HKEY key_ctx; TSS_RESULT tssret; int ret; void *tdata; UINT32 tint; gnutls_datum_t tmpkey = { NULL, 0 }; TSS_HPOLICY key_policy; gnutls_pubkey_t pub; struct tpm_ctx_st s; TSS_FLAG storage_type; TSS_HTPM htpm; uint8_t buf[32]; if (flags & GNUTLS_TPM_KEY_SIGNING) tpm_flags |= TSS_KEY_TYPE_SIGNING; else tpm_flags |= TSS_KEY_TYPE_LEGACY; if (flags & GNUTLS_TPM_KEY_USER) storage_type = TSS_PS_TYPE_USER; else storage_type = TSS_PS_TYPE_SYSTEM; if (bits <= 512) tpm_flags |= TSS_KEY_SIZE_512; else if (bits <= 1024) tpm_flags |= TSS_KEY_SIZE_1024; else if (bits <= 2048) tpm_flags |= TSS_KEY_SIZE_2048; else if (bits <= 4096) tpm_flags |= TSS_KEY_SIZE_4096; else if (bits <= 8192) tpm_flags |= TSS_KEY_SIZE_8192; else tpm_flags |= TSS_KEY_SIZE_16384; ret = tpm_open_session(&s, srk_password); if (ret < 0) return gnutls_assert_val(ret); /* put some randomness into TPM. * Let's not trust it completely. */ tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_cc; } ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf)); if (ret < 0) { gnutls_assert(); goto err_cc; } tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf); if (tssret) { gnutls_assert(); } tssret = Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY, tpm_flags, &key_ctx); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_cc; } tssret = Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, TSS_SS_RSASSAPKCS1V15_DER); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } /* set the password of the actual key */ if (key_password) { tssret = Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE, &key_policy); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } tssret = myTspi_Policy_SetSecret(key_policy, SAFE_LEN(key_password), (void *) key_password); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } } tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } if (flags & GNUTLS_TPM_REGISTER_KEY) { TSS_UUID key_uuid; ret = randomize_uuid(&key_uuid); if (ret < 0) { gnutls_assert(); goto err_sa; } tssret = Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx, storage_type, key_uuid, TSS_PS_TYPE_SYSTEM, srk_uuid); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } ret = encode_tpmkey_url((char **) &privkey->data, &key_uuid, storage_type); if (ret < 0) { TSS_HKEY tkey; Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type, key_uuid, &tkey); gnutls_assert(); goto err_sa; } privkey->size = strlen((char *) privkey->data); } else { /* get the key as blob */ tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &tint, (void *) &tdata); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto err_sa; } if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) { ret = _gnutls_x509_encode_string (ASN1_ETYPE_OCTET_STRING, tdata, tint, &tmpkey); if (ret < 0) { gnutls_assert(); goto cleanup; } ret = _gnutls_fbase64_encode("TSS KEY BLOB", tmpkey.data, tmpkey.size, privkey); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { UINT32 tint2; tmpkey.size = tint + 32; /* spec says no more than 20 */ tmpkey.data = gnutls_malloc(tmpkey.size); if (tmpkey.data == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto cleanup; } tint2 = tmpkey.size; tssret = Tspi_EncodeDER_TssBlob(tint, tdata, TSS_BLOB_TYPE_PRIVATEKEY, &tint2, tmpkey.data); if (tssret != 0) { gnutls_assert(); ret = tss_err(tssret); goto cleanup; } tmpkey.size = tint2; privkey->data = tmpkey.data; privkey->size = tmpkey.size; tmpkey.data = NULL; } } /* read the public key */ if (pubkey != NULL) { size_t psize; ret = gnutls_pubkey_init(&pub); if (ret < 0) { gnutls_assert(); goto privkey_cleanup; } ret = read_pubkey(pub, key_ctx, &psize); if (ret < 0) { gnutls_assert(); goto privkey_cleanup; } psize += 512; pubkey->data = gnutls_malloc(psize); if (pubkey->data == NULL) { gnutls_assert(); ret = GNUTLS_E_MEMORY_ERROR; goto pubkey_cleanup; } ret = gnutls_pubkey_export(pub, pub_format, pubkey->data, &psize); if (ret < 0) { gnutls_assert(); goto pubkey_cleanup; } pubkey->size = psize; gnutls_pubkey_deinit(pub); } ret = 0; goto cleanup; pubkey_cleanup: gnutls_pubkey_deinit(pub); privkey_cleanup: gnutls_free(privkey->data); privkey->data = NULL; cleanup: gnutls_free(tmpkey.data); tmpkey.data = NULL; err_sa: Tspi_Context_CloseObject(s.tpm_ctx, key_ctx); err_cc: tpm_close_session(&s); return ret; }
int main(int argc, char **argv) { #define BUF_LEN (1024*1024) #define KEY_SIZE 64 TSS_RESULT result; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HPOLICY hPolicy; TSS_HTPM hTPM; TSS_HENCDATA hEncData; TSS_HPCRS hPcrs; UINT32 u32PcrValLen, u32EncDataLen; BYTE *rgbPcrVal, *rgbEncData; BYTE *random; FILE *fpIn = NULL, *fpOut = NULL; int len, size; char *pBufIn = NULL, *pBufOut = NULL; unsigned int salt[] = {12345, 54321}; EVP_CIPHER_CTX en; TSS_UUID UUID_K1 = {0, 0, 0, 0, 0, {8, 0, 0, 0, 0, 1}} ; if (argc < 3) { usage(argv[0]); return 0; } result = Tspi_Context_Create(&hContext); if (TSS_SUCCESS != result) { print_error("Tspi_Context_Create", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (TSS_SUCCESS != result) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (TSS_SUCCESS != result) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (TSS_SUCCESS != result) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_Close(hContext); return result; } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hPolicy); if (TSS_SUCCESS != result) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (TSS_SUCCESS != result) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); return result; } #endif // #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0, &hPcrs); if (TSS_SUCCESS != result) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); if (TSS_SUCCESS != result) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); return result; } result = set_secret(hContext, hEncData, &hPolicy); if (TSS_SUCCESS != result) { print_error("set_secret", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, UUID_K1, &hKey); if (TSS_SUCCESS != result) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_Close(hContext); return -1; } result = set_popup_secret(hContext, hKey, TSS_POLICY_USAGE, "Input K1's Pin\n", 0); if (TSS_SUCCESS != result) { print_error("set_popup_secret", result); Tspi_Context_Close(hContext); return result; } /*result = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hPolicy); if (TSS_SUCCESS != result) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Policy_SetSecret(hPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (TSS_SUCCESS != result) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); return result; }*/ result = Tspi_TPM_GetRandom(hTPM, KEY_SIZE, &random); if (TSS_SUCCESS != result) { print_error("Tspi_TPM_GetRandom", result); Tspi_Context_Close(hContext); return result; } result = Tspi_TPM_PcrRead(hTPM, 15, &u32PcrValLen, &rgbPcrVal); if (TSS_SUCCESS != result) { print_error("Tspi_TPM_PcrRead", result); Tspi_Context_Close(hContext); return result; } result = Tspi_PcrComposite_SetPcrValue(hPcrs, 15, u32PcrValLen, rgbPcrVal); if (TSS_SUCCESS != result) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_Close(hContext); return result; } result = Tspi_Data_Seal(hEncData, hKey, KEY_SIZE, random, hPcrs); if (TSS_SUCCESS != result) { print_error("Tspi_Data_Seal", result); Tspi_Context_Close(hContext); return result; } result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &u32EncDataLen, &rgbEncData); if (TSS_SUCCESS != result) { print_error("Tspi_GetAttribData", result); Tspi_Context_Close(hContext); return result; } fpIn = fopen(argv[1], "rb"); if (!fpIn) { printf("open file: %s failed\n", argv[1]); Tspi_Context_Close(hContext); return result; } fseek(fpIn, 0, SEEK_END); size = ftell(fpIn); if (size > BUF_LEN) { printf("file is more than 1MB, too big !\n"); Tspi_Context_Close(hContext); fclose(fpIn); return -1; } pBufIn = malloc(size); if (!pBufIn) { printf("No Memmory\n"); Tspi_Context_Close(hContext); } fseek(fpIn, 0, SEEK_SET); len = fread(pBufIn, 1, size, fpIn); if (len != size) { printf("fread error"); Tspi_Context_Close(hContext); fclose(fpIn); return -1; } fclose(fpIn); if (aes_init(random, KEY_SIZE, (unsigned char *)&salt, &en)) { printf("aes_init failed\n"); Tspi_Context_Close(hContext); free(pBufIn); return -1; } pBufOut = aes_encrypt(&en, pBufIn, &size); fpOut = fopen(argv[2], "wb"); if (!fpOut) { printf("open file: %s failed\n", argv[2]); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); return -1; } len = fwrite(&u32EncDataLen, 1, sizeof(UINT32), fpOut); if (sizeof(UINT32) != len) { printf("fwrite u32EncDataLen failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } len = fwrite(rgbEncData, 1, u32EncDataLen, fpOut); if (len != u32EncDataLen) { printf("fwrite rgbEncData failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } len = fwrite(&size, 1, sizeof(int), fpOut); if (len != sizeof(int)) { printf("fwrite failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } len = fwrite(pBufOut, 1, size, fpOut); if (len != size) { printf("fwrite failed\n"); Tspi_Context_Close(hContext); free(pBufIn); free(pBufOut); fclose(fpOut); return -1; } fclose(fpOut); free(pBufIn); free(pBufOut); Tspi_Context_Close(hContext); return 0; }
int main(int argc, char **argv) { TSS_HCONTEXT hContext; TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE; TSS_HKEY hKey; TSS_HKEY hSRK; TSS_RESULT result; TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy; BYTE *blob; UINT32 blob_size, srk_authusage; BIO *outb; ASN1_OCTET_STRING *blob_str; unsigned char *blob_asn1 = NULL; int asn1_len; char *filename, c, *openssl_key = NULL; int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0; UINT32 enc_scheme = TSS_ES_RSAESPKCSV15; UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER; UINT32 key_size = 2048; RSA *rsa; while (1) { option_index = 0; c = getopt_long(argc, argv, "pe:q:s:azhw:", long_options, &option_index); if (c == -1) break; switch (c) { case 'a': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; break; case 'h': usage(argv[0]); break; case 's': key_size = atoi(optarg); break; case 'e': if (!strncasecmp("oaep", optarg, 4)) { enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; } else if (strncasecmp("pkcs", optarg, 4)) { usage(argv[0]); } break; case 'q': if (!strncasecmp("der", optarg, 3)) { sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; } else if (strncasecmp("sha", optarg, 3)) { usage(argv[0]); } break; case 'p': initFlags |= TSS_KEY_AUTHORIZATION; auth = 1; popup = 1; break; case 'w': initFlags |= TSS_KEY_MIGRATABLE; wrap = 1; openssl_key = optarg; break; case 'z': well_known = 1; break; default: usage(argv[0]); break; } } /* set up the key option flags */ switch (key_size) { case 512: initFlags |= TSS_KEY_SIZE_512; break; case 1024: initFlags |= TSS_KEY_SIZE_1024; break; case 2048: initFlags |= TSS_KEY_SIZE_2048; break; case 4096: initFlags |= TSS_KEY_SIZE_4096; break; case 8192: initFlags |= TSS_KEY_SIZE_8192; break; case 16384: initFlags |= TSS_KEY_SIZE_16384; break; default: usage(argv[0]); break; } #if 0 while (argc--) { printf("argv[%d] = \"%s\"\n", argc, argv[argc]); } exit(1); #endif filename = argv[argc - 1]; if (argc < 2 || filename[0] == '-') usage(argv[0]); //Create Context if ((result = Tspi_Context_Create(&hContext))) { print_error("Tspi_Context_Create", result); exit(result); } //Connect Context if ((result = Tspi_Context_Connect(hContext, NULL))) { print_error("Tspi_Context_Connect", result); Tspi_Context_Close(hContext); exit(result); } //Create Object if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, sig_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, enc_scheme))) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK))) { print_error("Tspi_Context_LoadKeyByUUID", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &srk_authusage))) { print_error("Tspi_GetAttribUint32", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (srk_authusage) { if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy))) { print_error("Tspi_GetPolicyObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if (well_known) { BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET; //Set Well Known Secret if ((result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, sizeof(well_known_secret), (BYTE *)well_known_secret))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } } if (auth) { if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &keyUsagePolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (popup) { //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_POPUP, 0, NULL))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } } else { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Usage Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } //Set Secret if ((result = Tspi_Policy_SetSecret(keyUsagePolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); free(authdata); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } // Create or Wrap Key if (wrap) { char n[256], p[128]; unsigned int size_n, size_p; BYTE *pubSRK; /*Set migration policy needed to wrap the key*/ if ((result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &keyMigrationPolicy))) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_Close(hContext); exit(result); } if (auth) { char *authdata = calloc(1, 128); if (!authdata) { fprintf(stderr, "malloc failed.\n"); Tspi_Context_Close(hContext); exit(result); } if (EVP_read_pw_string(authdata, 128, "Enter Key Migration Password: "******"Passwords do not match.\n"); free(authdata); Tspi_Context_Close(hContext); exit(result); } if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy, TSS_SECRET_MODE_PLAIN, strlen(authdata), (BYTE *)authdata))) { print_error("Tspi_Policy_SetSecret", result); Tspi_Context_Close(hContext); exit(result); } free(authdata); } if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } /* Pull the PubKRK out of the TPM */ if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } Tspi_Context_FreeMemory(hContext, pubSRK); if ((rsa = openssl_read_key(openssl_key)) == NULL) { Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (RSA_size(rsa) != key_size / 8) { fprintf(stderr, "Error, key size is incorrect, please use the '-s' option\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n, &size_p, (unsigned char *)p)) { fprintf(stderr, "Error getting modulus and prime!\n"); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, size_n, (BYTE *)n))) { print_error("Tspi_SetAttribData (RSA modulus)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY, size_p, (BYTE *)p))) { print_error("Tspi_SetAttribData (private key)", result); RSA_free(rsa); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) { print_error("Tspi_Key_WrapKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } else { if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) { print_error("Tspi_Key_CreateKey", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } } if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blob_size, &blob))) { print_error("Tspi_GetAttribData", result); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(result); } if ((outb = BIO_new_file(filename, "w")) == NULL) { fprintf(stderr, "Error opening file for write: %s\n", filename); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } blob_str = ASN1_OCTET_STRING_new(); if (!blob_str) { fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n"); Tspi_Context_CloseObject(hContext, hKey); Tspi_Context_Close(hContext); exit(-1); } ASN1_STRING_set(blob_str, blob, blob_size); asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1); PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len); BIO_free(outb); Tspi_Context_Close(hContext); printf("Success.\n"); return 0; }
int main(int argc, char **argv) { RSA *rsa = NULL; TSS_HCONTEXT hContext; TSS_HKEY hKey, hSRK, hCAKey; TSS_HPOLICY hTPMPolicy, hidpol; TSS_UUID srkUUID = TSS_UUID_SRK; TSS_HPOLICY srkpol; TSS_HTPM hTPM; UINT32 idbloblen, ch; int ret,i, blobos, fd; BYTE *srkpass, *tpmpass; BYTE *blobo, *idblob; srkpass = tpmpass = NULL; while ((ch = getopt(argc, argv, "hs:t:")) != -1) { switch (ch) { case 's': srkpass = optarg; break; case 't': tpmpass = optarg; break; case 'h': default: usage(argv[0]); break; } } if (!srkpass || !tpmpass) usage(argv[0]); /* create context and connect */ ret = Tspi_Context_Create(&hContext); check_fail("context create", ret); ret = Tspi_Context_Connect(hContext, NULL); check_fail("context connect", ret); ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID, &hSRK); check_fail("loadkeybyuuid", ret); ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol); check_fail("get policy object", ret); //ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234"); ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, strlen(srkpass), srkpass); check_fail("policy set secret", ret); ret = Tspi_Context_GetTpmObject(hContext, &hTPM); check_fail("get policy object", ret); //Insert the owner auth into the TPM's policy ret = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy); check_fail("get tpm policy", ret); ret = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN, strlen(tpmpass), tpmpass); check_fail("set owner secret", ret); ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, //TSS_KEY_TYPE_STORAGE TSS_KEY_TYPE_IDENTITY //TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE | TSS_KEY_VOLATILE , &hKey); check_fail("create object - key", ret); ret = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hidpol); check_fail("get id key policy", ret); ret = Tspi_Policy_SetSecret(hidpol, TSS_SECRET_MODE_PLAIN, strlen(srkpass), srkpass); check_fail("set idkey secret", ret); /* We must create this fake privacy CA key in software so that * Tspi_TPM_CollateIdentityRequest will happily work. It needs it to * create the cert request which is required in a normal remote * attestion procedure. It is not needed in our setup though. */ ret = make_fake_key(hContext, &hCAKey, &rsa, RSA_PKCS1_OAEP_PADDING); check_fail("ca nonsense", ret); /* We do not care about idblob - that is the certificate request that * we are supposed to send to our CA in normal remote attestation. The * fifth argument is our identity label (it is supposed to be unicode). */ ret = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hCAKey, 8, "id label", hKey, TSS_ALG_3DES, &idbloblen, &idblob); check_fail("collate id", ret); blobo = NULL; /*ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobos, &blobo);*/ ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &blobos, &blobo); check_fail("get blob", ret); if (!blobo) { Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); FATAL("no blobo"); } printf("size: %d\n", blobos); for (i = 0;i < blobos; i++) { printf("\\x%x", blobo[i]); } printf("\n"); fd = open("key.blob", O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); if (fd == -1) { Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); FATAL("Open\n"); } ret = write(fd, blobo, blobos); if (ret != blobos) printf("Warning: couldn't write the whole key\n"); close(fd); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); return 0; }
int main_v1_1( void ) { char *function = "Tspi_Context_LoadKeyByBlob04"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hSigningKey, hBindingKey; TSS_HPOLICY hPolicy; TSS_RESULT result; UINT32 exitCode, attrib; TSS_FLAG initFlags; BYTE *signBlob, *bindBlob; UINT32 signBlobLen, bindBlobLen; print_begin_test( function ); // Create Context if ((result = connect_load_srk(&hContext, &hSRK))) { print_error( "connect_load_srk", result ); exit( result ); } // create a no-auth, signing key initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION; if ((result = create_load_key(hContext, initFlags, hSRK, &hSigningKey))) { print_error( "create_load_key(Signing Key)", result ); Tspi_Context_Close( hContext ); exit( result ); } print_success("Signing key created successfully", TSS_SUCCESS); // get blob result = Tspi_GetAttribData( hSigningKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &signBlobLen, &signBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_Close( hContext ); exit( result ); } // create a auth, binding key initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 | TSS_KEY_AUTHORIZATION; if ((result = create_load_key(hContext, initFlags, hSRK, &hBindingKey))) { print_error( "create_load_key(Binding Key)", result ); Tspi_Context_Close( hContext ); exit( result ); } print_success("Binding key created successfully", TSS_SUCCESS); // get blob result = Tspi_GetAttribData( hBindingKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &bindBlobLen, &bindBlob ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs before we close the context if ((result = verify_sign_attribs(hSigningKey))) { print_error( "verify_sign_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs before we close the context if ((result = verify_bind_attribs(hBindingKey))) { print_error( "verify_bind_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // close context, to get rid of all context state if ((result = Tspi_Context_Close(hContext))) { print_error( "Tspi_Context_Close", result ); exit( result ); } // re-connect if ((result = connect_load_srk(&hContext, &hSRK))) { print_error( "connect_load_srk", result ); Tspi_Context_Close( hContext ); exit( result ); } // Load both Keys by blob if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, signBlobLen, signBlob, &hSigningKey ))) { print_error( "Tspi_Context_LoadKeyByBlob", result ); Tspi_Context_Close( hContext ); exit( result ); } if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK, bindBlobLen, bindBlob, &hBindingKey ))) { print_error( "Tspi_Context_LoadKeyByBlob", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs after we've re-loaded by blob if ((result = verify_sign_attribs(hSigningKey))) { print_error( "verify_sign_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // verify attribs after we've re-loaded by blob if ((result = verify_bind_attribs(hBindingKey))) { print_error( "verify_bind_attribs", result ); Tspi_Context_Close( hContext ); exit( result ); } // Do a sign/verify test if ((result = sign_and_verify(hContext, hSigningKey))) { print_error( "sign_and_verify", result ); Tspi_Context_Close( hContext ); exit( result ); } // Do a bind/unbind test result = bind_and_unbind(hContext, hBindingKey); if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) { print_verifyerr("bind and unbind", TSS_E_POLICY_NO_SECRET, result); print_error( function, result ); Tspi_Context_Close( hContext ); exit( result ); } // set up policies if ((result = set_secret(hContext, hBindingKey, &hPolicy))) { print_error("set_secret", result); Tspi_Context_Close( hContext ); exit( result ); } if ((result = bind_and_unbind(hContext, hBindingKey))) { print_error( "bind_and_unbind", result ); Tspi_Context_Close( hContext ); exit( result ); } exitCode = 0; print_success(function, TSS_SUCCESS); print_end_test( function ); Tspi_Context_Close( hContext ); exit( exitCode ); }
void getkeyblob( unsigned char *auth_srk_value, unsigned long auth_srk_size, bool auth_srk_sha1, unsigned char *auth_key_value, unsigned long auth_key_size, bool auth_key_sha1, unsigned char *uuid_key_value, unsigned char *&output_value, unsigned long &output_size) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //load the SRK TSS_UUID uuid_srk = TSS_UUID_SRK; result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); //set up SRK auth if(auth_srk_sha1) { result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); } //assign the SRK auth result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); //Set up the key UUID hextouuid(uuid_key_value, uuid_key); //Get the key by UUID result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); //set up key auth if(auth_key_sha1) { result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); } //assign the key auth result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); //Unwrap the key result = Tspi_Key_LoadKey(hkey_key, hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); //get the keyblob UINT32 size; BYTE *value; result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &size, &value); if(result != TSS_SUCCESS) throw libhis_exception("Get keyblob", result); //copy out the results output_size = size; output_value = new unsigned char[size]; for(unsigned long i = 0; i < size; i++) output_value[i] = value[i]; //clean up dynamic memory result = Tspi_Context_FreeMemory(hcontext, value); if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result); return; }
TSS_RESULT make_fake_key(TSS_HCONTEXT hContext, TSS_HKEY *hCAKey, RSA **rsa, int padding) { TSS_RESULT result; UINT32 encScheme, size_n, pub_size; BYTE n[2048]; TCPA_PUBKEY pubkey; UINT32 blob_size, size; BYTE *blob, pub_blob[1024]; switch (padding) { case RSA_PKCS1_PADDING: encScheme = TSS_ES_RSAESPKCSV15; break; case RSA_PKCS1_OAEP_PADDING: encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1; break; case RSA_NO_PADDING: encScheme = TSS_ES_NONE; break; default: return TSS_E_INTERNAL_ERROR; break; } //Create CA Key Object result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, hCAKey); if (result != TSS_SUCCESS) { check("Tspi_Context_CreateObject", result); return result; } // generate a software key to represent the CA's key if ((*rsa = RSA_generate_key(2048, 65537, NULL, NULL)) == NULL) { ERR_print_errors_fp(stdout); return 254; // ? } // get the pub CA key if ((size_n = BN_bn2bin((*rsa)->n, n)) <= 0) { fprintf(stderr, "BN_bn2bin failed\n"); ERR_print_errors_fp(stdout); RSA_free(*rsa); return 254; // ? } result = Tspi_GetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob); if (result != TSS_SUCCESS) { check("Tspi_GetAttribData", result); return result; } pub_size = blob_pubkey(pub_blob, 1024, blob, blob_size, n, size_n); result = Tspi_SetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pub_size, pub_blob); if (result != TSS_SUCCESS) { check("Tspi_SetAttribData", result); return result; } // set the CA key's algorithm result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ALGORITHM, TSS_ALG_RSA); if (result != TSS_SUCCESS) { check("Tspi_SetAttribUint32", result); RSA_free(*rsa); return result; } // set the CA key's number of primes result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_PRIMES, 2); if (result != TSS_SUCCESS) { check("Tspi_SetAttribUint32", result); RSA_free(*rsa); return result; } // set the CA key's encryption scheme result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme); if (result != TSS_SUCCESS) { check("Tspi_SetAttribUint32", result); RSA_free(*rsa); return result; } return TSS_SUCCESS; }
static void print_key_info(TSS_HCONTEXT hContext, TSS_HOBJECT hKey) { TSS_RESULT ret; UINT32 attrib; UINT32 keyInfoSize; BYTE *keyInfo; /* Key size */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIZE, &attrib); if (ret) { print_error(ret, gettext("Get key size")); } (void) printf(gettext("Key Size: %d bits\n"), attrib); /* Key usage */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_USAGE, &attrib); if (ret) { print_error(ret, gettext("Get key usage")); } (void) printf(gettext("Key Usage: %s\n"), decode(key_usage, attrib)); /* Algorithm */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ALGORITHM, &attrib); if (ret) { print_error(ret, gettext("Get key algorithm")); } (void) printf(gettext("Algorithm: %s\n"), decode(key_algorithm, attrib)); /* Authorization required */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &attrib); if (ret) { print_error(ret, gettext("Get key authusage")); } (void) printf(gettext("Authorization required: %s\n"), attrib ? gettext("Yes") : gettext("No")); /* Signature scheme */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &attrib); if (ret) { print_error(ret, gettext("Get key signature scheme")); } (void) printf(gettext("Signature scheme: %s\n"), decode(key_sigscheme, attrib)); /* Encoding scheme */ ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &attrib); if (ret) { print_error(ret, gettext("Get key encoding scheme")); } (void) printf(gettext("Encoding scheme: %s\n"), decode(key_encscheme, attrib)); /* Key blob */ ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &keyInfoSize, &keyInfo); if (ret) { print_error(ret, gettext("Get key blob")); } (void) printf(gettext("TPM Key Blob:\n")); print_bytes(keyInfo, keyInfoSize, TRUE); ret = Tspi_Context_FreeMemory(hContext, keyInfo); if (ret) { print_error(ret, gettext("Free key info buffer")); } }