main_v1_1(void){
char *nameOfFunction = "Tspi_GetAttribData07";
TSS_HKEY hKey;
TSS_HCONTEXT hContext;
TSS_RESULT result;
BYTE* BLOB;
UINT32 BlobLength;
print_begin_test(nameOfFunction);
//Call GetAttribData
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&BlobLength, &BLOB);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
exit(0);
}
}
/* reads the RSA public key from the given TSS key.
* If psize is non-null it contains the total size of the parameters
* in bytes */
static int read_pubkey(gnutls_pubkey_t pub, TSS_HKEY key_ctx,
size_t * psize)
{
void *tdata;
UINT32 tint;
TSS_RESULT tssret;
gnutls_datum_t m, e;
int ret;
/* read the public key */
tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
&tint, (void *) &tdata);
if (tssret != 0) {
gnutls_assert();
return tss_err(tssret);
}
m.data = tdata;
m.size = tint;
tssret = Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT,
&tint, (void *) &tdata);
if (tssret != 0) {
gnutls_assert();
Tspi_Context_FreeMemory(key_ctx, m.data);
return tss_err(tssret);
}
e.data = tdata;
e.size = tint;
ret = gnutls_pubkey_import_rsa_raw(pub, &m, &e);
Tspi_Context_FreeMemory(key_ctx, m.data);
Tspi_Context_FreeMemory(key_ctx, e.data);
if (ret < 0)
return gnutls_assert_val(ret);
if (psize)
*psize = e.size + m.size;
return 0;
}
main_v1_1(void){
char *nameOfFunction = "Tspi_GetAttribData09";
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HKEY hSRK;
BYTE* BLOB;
UINT32 BlobLength;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key by UUID for SRK
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Call GetAttribData
result = Tspi_GetAttribData(hSRK, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
&BlobLength, &BLOB);
if (TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
}
void
tc_get_attribdata(TSS_HCONTEXT hContext, TSS_HOBJECT hObject, UINT32 flag, UINT32 subflag, UINT32 *blobSize, BYTE **blob)
{
TSS_RESULT result;
result = Tspi_GetAttribData(hObject, flag, subflag, blobSize, blob);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetAttribData", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
}
TSS_RESULT
util_set_public_modulus(TSS_HKEY hKey, unsigned long size_n, unsigned char *n)
{
UINT64 offset;
UINT32 blob_size;
BYTE *blob, pub_blob[1024];
TCPA_PUBKEY pub_key;
TSS_RESULT result;
/* Get the TCPA_PUBKEY blob from the key object. */
result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
&blob_size, &blob);
if (result != TSS_SUCCESS) {
OCK_LOG_DEBUG("Tspi_GetAttribData failed: rc=0x%x", result);
return result;
}
offset = 0;
result = Trspi_UnloadBlob_PUBKEY(&offset, blob, &pub_key);
if (result != TSS_SUCCESS) {
OCK_LOG_DEBUG("Tspi_GetAttribData failed: rc=0x%x", result);
return result;
}
Tspi_Context_FreeMemory(tspContext, blob);
/* Free the first dangling reference, putting 'n' in its place */
free(pub_key.pubKey.key);
pub_key.pubKey.keyLength = size_n;
pub_key.pubKey.key = n;
offset = 0;
Trspi_LoadBlob_PUBKEY(&offset, pub_blob, &pub_key);
/* Free the second dangling reference */
free(pub_key.algorithmParms.parms);
/* set the public key data in the TSS object */
result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
(UINT32)offset, pub_blob);
if (result != TSS_SUCCESS) {
OCK_LOG_DEBUG("Tspi_SetAttribData failed: rc=0x%x", result);
return result;
}
return TSS_SUCCESS;
}
int
main_v1_2( char version )
{
char *function = "Tspi_GetAttribData21";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HPOLICY hSrkPolicy;
BYTE *rgbDataToSeal = "This is a test";
BYTE rgbPcrValue[20];
TSS_HPCRS hPcrComposite;
UINT32 AttribDataSize;
BYTE* AttribData;
UINT32 ulDataLength = strlen(rgbDataToSeal);
TSS_RESULT result,resultFree;
TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 |
TSS_KEY_TYPE_STORAGE |
TSS_KEY_NO_AUTHORIZATION;
TSS_FLAG pcrsInitFlags = 0;
print_begin_test( function );
if (version == TESTSUITE_TEST_TSS_1_2) {
keyInitFlags |= TSS_KEY_STRUCT_KEY12;
pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG;
}
memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue));
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
print_end_test(function);
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key by UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags,
&hPcrComposite );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hPcrComposite)",
result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrValue", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrLocality", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Checking flag and subflags
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -",
result );
}
print_end_test(function);
Tspi_Context_Close(hContext);
exit( 0 );
}
int
main_v1_1( void )
{
char *function = "Tspi_Context_LoadKeyByBlob03";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hMSigningKey;
BYTE* migratableSignKeyBlob;
UINT32 blobLength;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy;
UINT32 exitCode = 0;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
//Get Policy Object
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Set Secret
result = Tspi_Policy_SetSecret( srkUsagePolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret (1)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
//Create Signing Key
result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_SIZE_2048 |
TSS_KEY_TYPE_SIGNING,
&hMSigningKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_CreateObject (signing key)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey( hMSigningKey, hSRK, 0 );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey (Signing Key)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// get blob
result = Tspi_GetAttribData( hMSigningKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blobLength, &migratableSignKeyBlob );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key Blob
result = Tspi_Context_LoadKeyByBlob( hContext, hSRK,
blobLength,
NULL,
&hMSigningKey );
if ( TSS_ERROR_CODE(result) != TSS_E_BAD_PARAMETER )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = result;
}
else
{
print_error_nonapi( function, result );
exitCode = result;
}
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
main_v1_1(void){
char *nameOfFunction = "Tspi_GetAttribData19";
TSS_FLAG initFlags;
TSS_HKEY hKey;
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HKEY hSRK;
BYTE* uuid;
UINT32 uuidLength;
int rc;
TSS_UUID null_uuid, key_uuid;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
memset(&null_uuid, 0, sizeof(TSS_UUID));
memset(&key_uuid, 0x7f, sizeof(TSS_UUID));
print_begin_test(nameOfFunction);
//Create Context and connect
result = connect_load_srk(&hContext, &hSRK);
if (result != TSS_SUCCESS) {
print_error("connect_load_srk", result);
print_error_exit(nameOfFunction, err_string(result));
exit(result);
}
//Create Key Object
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Create Key in the TPM
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Call GetAttribData, uuid should be all 0's
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_UUID, 0,
&uuidLength, &uuid);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetAttribData", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Check length and data
if (uuidLength != sizeof(TSS_UUID)) {
print_verifyerr("uuid length from Tspi_GetAttribData", 0, 1);
print_error("uuid length from Tspi_GetAttribData", TSS_E_FAIL);
Tspi_Context_Close(hContext);
exit(result);
}
if ((rc = memcmp(uuid, &null_uuid, uuidLength))) {
print_verifyerr("a null uuid from Tspi_GetAttribData", 0, rc);
print_hex(uuid, sizeof(TSS_UUID));
print_error("uuid NULL from Tspi_GetAttribData", TSS_E_FAIL);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, uuid);
register_key:
//Register Key
result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM,
key_uuid, TSS_PS_TYPE_SYSTEM,
SRK_UUID);
if (TSS_ERROR_CODE(result) == TSS_E_KEY_ALREADY_REGISTERED) {
result = Tspi_Context_UnregisterKey(hContext,
TSS_PS_TYPE_SYSTEM,
key_uuid, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_UnregisterKey", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
goto register_key;
} else if (result != TSS_SUCCESS) {
print_error("Tspi_Context_RegisterKey", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Close the object
result = Tspi_Context_CloseObject(hContext, hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CloseObject", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
hKey = 0;
//Load the key by UUID from PS
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
key_uuid, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Call GetAttribData, uuid should be equal to key_uuid
result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_UUID, 0,
&uuidLength, &uuid);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetAttribData", result);
print_error_exit(nameOfFunction, err_string(result));
Tspi_Context_Close(hContext);
exit(result);
}
//Check length and data
if (uuidLength != sizeof(TSS_UUID)) {
print_verifyerr("uuid length from Tspi_GetAttribData", 0, 1);
print_error("uuid length from Tspi_GetAttribData", TSS_E_FAIL);
Tspi_Context_Close(hContext);
exit(result);
}
if ((rc = memcmp(uuid, &key_uuid, uuidLength))) {
print_verifyerr("key's uuid from Tspi_GetAttribData", 0, rc);
print_hex((BYTE *)&key_uuid, sizeof(TSS_UUID));
print_error("key's uuid from Tspi_GetAttribData", TSS_E_FAIL);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_Close(hContext);
exit(0);
}
int
main_v1_2( char version )
{
char *function = "Tspi_DecodeBER_TssBlob01";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HPOLICY hSrkPolicy;
TSS_HKEY hKey;
BYTE* rgbBlob;
UINT32 ulBlobLength;
BYTE* rgbEncBlob = NULL;
UINT32 ulEncBlobLength;
UINT32 ulBlobType;
BYTE* rgbDecBlob = NULL;
UINT32 ulDecBlobLength;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_srk(&hContext, &hSRK);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_srk", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = create_key(hContext, TSS_KEY_TYPE_BIND, hSRK, &hKey);
if ( result != TSS_SUCCESS )
{
print_error( "create_key", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Call GetAttribData
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&ulBlobLength, &rgbBlob);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// EncodeDER_TssBlob (32 bytes extra is enough for the encoding)
ulEncBlobLength = ulBlobLength + 32;
rgbEncBlob = calloc(1, ulEncBlobLength);
result = Tspi_EncodeDER_TssBlob( ulBlobLength, rgbBlob, TSS_BLOB_TYPE_KEY, &ulEncBlobLength, rgbEncBlob );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_EncodeDER_TssBlob", result );
free(rgbEncBlob);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// DecodeBER_TssBlob (determine length first)
ulDecBlobLength = 0;
rgbDecBlob = NULL;
result = Tspi_DecodeBER_TssBlob( ulEncBlobLength, rgbEncBlob, &ulBlobType, &ulDecBlobLength, rgbDecBlob );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
}
else
{
print_error_nonapi( function, result );
}
free(rgbEncBlob);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// DecodeBER_TssBlob
rgbDecBlob = calloc(1, ulDecBlobLength);
result = Tspi_DecodeBER_TssBlob( ulEncBlobLength, rgbEncBlob, &ulBlobType, &ulDecBlobLength, rgbDecBlob );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
}
else
{
print_error_nonapi( function, result );
}
free(rgbEncBlob);
free(rgbDecBlob);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Compare the blobs
if ( (ulBlobLength != ulDecBlobLength) || (memcmp(rgbBlob, rgbDecBlob, ulDecBlobLength) != 0) ) {
if ( ulBlobLength != ulDecBlobLength )
{
//Original blob length does not equal decoded blob length
result = TSS_E_ENC_INVALID_LENGTH;
print_error( function, result );
}
else
{
//Original blob does not equal decoded blob
result = TSS_E_FAIL;
print_error( function, result );
}
}
else
{
print_success( function, result );
result = 0;
}
print_end_test( function );
free(rgbEncBlob);
free(rgbDecBlob);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
int TSPI_SealCurrPCR(TSS_HCONTEXT c, uint32_t keyhandle, uint32_t pcrmap,
unsigned char *keyauth,
unsigned char *dataauth,
unsigned char *data, unsigned int datalen,
unsigned char *blob, unsigned int *bloblen)
{
#define CHECK_ERROR(r,m) if (r != TSS_SUCCESS) { fprintf(stderr, m ": 0x%08x\n", r); return -1;}
TSS_RESULT r = 0;
TSS_HTPM tpm;
TSS_HPCRS pcrComposite;
TSS_UUID uuid;
TSS_UUID srk_uuid = TSS_UUID_SRK;
TSS_HKEY key;
TSS_HENCDATA seal;
TSS_HPOLICY key_policy, seal_policy;
unsigned char *cipher;
unsigned int cipher_len;
/* Get the PCR values into composite object */
r = Tspi_Context_GetTpmObject(c, &tpm);
CHECK_ERROR(r, "Error Getting TPM");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &pcrComposite);
CHECK_ERROR(r, "Error Creating PCR-Composite");
r = Tspi_PcrComposite_SetPcrLocality(pcrComposite, TPM_LOC_ZERO | TPM_LOC_ONE |
TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR);
CHECK_ERROR(r, "Error Setting Localities");
for (uint32_t pcrmask = 1, pcr = 0; pcr < NUM_PCRS; pcr++, pcrmask <<= 1) {
if ((pcrmap & pcrmask) != 0) {
uint32_t pcrval_size;
uint8_t *pcrval;
if (pcrvals[pcr] == NULL) {
r = Tspi_TPM_PcrRead(tpm, pcr, &pcrval_size, &pcrval);
CHECK_ERROR(r, "Error Reading PCR");
r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, pcrval_size, pcrval);
CHECK_ERROR(r, "Error Setting Composite");
r = Tspi_Context_FreeMemory(c, pcrval);
CHECK_ERROR(r, "Error Freeing Memory");
}
else {
pcrval = pcrvals[pcr];
r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, LEN, pcrval);
CHECK_ERROR(r, "Error Setting Composite");
}
}
}
/* Get the SRK and Policy Ready */
if (keyhandle = 0x40000000) {
uuid = srk_uuid;
} else {
fprintf(stderr, "Error, only SRK currently supported\n");
r = 1;
return -1;
}
r = Tspi_Context_LoadKeyByUUID(c, TSS_PS_TYPE_SYSTEM, uuid, &key);
CHECK_ERROR(r, "Error Loading Key");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &key_policy);
CHECK_ERROR(r, "Error Creating Policy");
r = Tspi_Policy_SetSecret(key_policy, TSS_SECRET_MODE_SHA1, keylen, keyauth);
CHECK_ERROR(r, "Error Setting Secret");
r = Tspi_Policy_AssignToObject(key_policy, key);
CHECK_ERROR(r, "Error Assigning Policy");
/* Get the Encdata Ready */
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &seal);
CHECK_ERROR(r, "Error Creating EncData");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &seal_policy);
CHECK_ERROR(r, "Error Creating Policy");
r = Tspi_Policy_SetSecret(seal_policy, TSS_SECRET_MODE_SHA1, keylen, dataauth);
CHECK_ERROR(r, "Error Setting Secret");
r = Tspi_Policy_AssignToObject(seal_policy, seal);
CHECK_ERROR(r, "Error Assigning Policy");
/* Seal the Data */
r = Tspi_Data_Seal(seal, key, datalen, data, pcrComposite);
CHECK_ERROR(r, "Error Sealing Data");
r = Tspi_GetAttribData(seal, TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&cipher_len, &cipher);
CHECK_ERROR(r, "Error Getting Sealed Data");
/* Return that stuff */
if (cipher_len > bloblen) {
sprintf(stderr, "Internal Error, cipher too long");
r = 1;
return -1;
}
memcpy(blob, cipher, cipher_len);
*bloblen = cipher_len;
/* Note: Do not even bother to return cipher directly. Would be freed during Context_Close anyways */
Tspi_Context_FreeMemory(c, cipher);
return (r == 0)? 0 : -1;
}
int
main_v1_1( void )
{
char *function = "Tspi_Data_Unbind05";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HKEY hKey;
TSS_HPOLICY hSrkPolicy;
BYTE *prgbDataToUnBind;
TSS_HENCDATA hEncData;
UINT32 pulDataLength;
BYTE rgbDataToBind[DATA_SIZE], *rgbEncryptedData = NULL;
UINT32 ulDataLength = DATA_SIZE, ulEncryptedDataLength = 0;
TSS_UUID uuid;
TSS_RESULT result;
UINT32 exitCode;
TSS_FLAG initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test( function );
memset (rgbDataToBind, 0x5a, DATA_SIZE);
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// create hKey
result = Tspi_Context_CreateObject( hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject( hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND, &hEncData );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hEncData)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
result = Tspi_SetAttribUint32( hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
TSS_ES_RSAESPKCSV15 );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_SetAtttribUint32", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey( hKey, hSRK, 0 );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Load the newly created key
result = Tspi_Key_LoadKey( hKey, hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_LoadKey", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
printf("Data before binding:\n");
print_hex(rgbDataToBind, ulDataLength);
result = Tspi_Data_Bind( hEncData, hKey, ulDataLength, rgbDataToBind );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Data_Bind", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&ulEncryptedDataLength, &rgbEncryptedData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
printf("Data after encrypting:\n");
print_hex(rgbEncryptedData, ulEncryptedDataLength);
result = Tspi_Data_Unbind( hEncData, hKey, &pulDataLength,
&prgbDataToUnBind );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
printf("Data after unbinding:\n");
print_hex(prgbDataToUnBind, pulDataLength);
if (pulDataLength != ulDataLength) {
printf("ERROR: Size of decrypted data does not match! "
"(%u != %u)\n", pulDataLength, ulDataLength);
} else if (memcmp(prgbDataToUnBind, rgbDataToBind, ulDataLength)) {
printf("ERROR: Content of decrypted data does not match!\n");
} else {
print_success( function, result );
exitCode = 0;
}
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int main(int argc, char ** argv) {
FILE * file;
size_t res;
rom_hdr_t hdr;
TSS_RESULT result;
char pathrom[256] = "";
TSS_HKEY hSRK;
TSS_HPOLICY pSRK;
TSS_HKEY hKey;
BYTE * pubInfo;
UINT32 pubInfoSize;
int i;
for(i = 1 ; i < argc ; i++) {
if(strncmp("-f", argv[i], sizeof("-f")) == 0) {
if(i + 1 >= argc) {
usage();
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s", argv[i + 1]);
pathrom[sizeof(pathrom) - 1] = 0;
i++;
} else {
usage();
return 1;
}
}
if(pathrom[0] == 0) {
char * home=getenv("HOME");
if(home == NULL) {
fprintf(stderr, "No $HOME environment variable defined\n");
return 1;
}
snprintf(pathrom, sizeof(pathrom), "%s/.dtex/rom.bin", home);
pathrom[sizeof(pathrom) - 1] = 0;
}
file = fopen(pathrom, "rb");
if(file == NULL) {
fprintf(stderr, "Can't open rom file\n");
return 1;
}
res = fread(&hdr, sizeof(hdr), 1, file);
if(res != 1) {
fprintf(stderr, "Can't read rom file\n");
fclose(file);
return 1;
}
fclose(file);
//Creation of the TSS Context
result = Tspi_Context_Create(&hContext);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Create", result);
res = 1;
goto err;
}
//Connection to the TSS Context
result = Tspi_Context_Connect(hContext, NULL);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_Connext", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
res = 1;
goto err;
}
// Create object key in order to put the public key
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_EMPTY_KEY, &hKey);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_LoadKeyByBlob", result);
res = 1;
goto err;
}
result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, hdr.tpmsignkey_size, hdr.tpmsignkey_blob);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_SetAttribData", result);
res = 1;
goto err;
}
result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &pubInfoSize, &pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_GetAttribData", result);
res = 1;
goto err;
}
if(fwrite(pubInfo, pubInfoSize, 1, stdout) != 1) {
fprintf(stderr, "Write error\n");
res = 1;
goto err;
}
result = Tspi_Context_FreeMemory(hContext, pubInfo);
if(result != TSS_SUCCESS) {
tspiError("Echec Tspi_Context_FreeMemory", result);
res = 1;
goto err;
}
res = 0;
err:
//Close TSS session
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return res;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext=0;
TSS_HTPM hTPM = 0;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy=0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE wks[20];
memset(wks,0,20);
TSS_HKEY hESS_Bind_Key;
TSS_UUID ESS_BIND_UUID=BACKUP_KEY_UUID;
TSS_HPOLICY hESS_Policy;
TSS_FLAG initFlags;
BYTE *pubKey;
UINT32 pubKeySize;
FILE *fout, *fin;
result =Tspi_Context_Create(&hContext);
DBG("Create a context", result);
result=Tspi_Context_Connect(hContext, NULL);
DBG("Connect to TPM", result);
result=Tspi_Context_GetTpmObject(hContext, &hTPM);
DBG("Get TPM handle", result);
result=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
DBG("Get SRK handle", result);
result=Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
DBG("Get SRK Policy", result);
result=Tspi_Policy_SetSecret(hSRKPolicy,TSS_SECRET_MODE_SHA1, 20, wks);
DBG("Tspi_Policy_SetSecret", result);
result = Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hESS_Policy);
DBG("Create a key policy object", result);
result = Tspi_Policy_SetSecret(hESS_Policy, TSS_SECRET_MODE_SHA1,
20, wks);
DBG("Set key policy object secret", result);
initFlags = TSS_KEY_TYPE_BIND |
TSS_KEY_SIZE_2048 |
TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Create the key object", result);
result = Tspi_SetAttribUint32(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
TSS_ES_RSAESPKCSV15);
DBG("Set the keys's padding type", result);
result = Tspi_Policy_AssignToObject(hESS_Policy, hESS_Bind_Key);
DBG("Assign the key's policy to the key", result);
printf("Creating the key could take a while\n");
result = Tspi_Key_CreateKey(hESS_Bind_Key,
hSRK, 0);
DBG("Asking TPM to create the key", result);
result = Tspi_Context_RegisterKey(hContext,
hESS_Bind_Key,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
TSS_PS_TYPE_SYSTEM,
SRK_UUID);
DBG("Registering the key for later retrieval", result);
printf("Registering the key blob for later retrieval\r\n");
result = Tspi_Key_LoadKey(hESS_Bind_Key,hSRK);
DBG("Loading key in TPM", result);
result = Tspi_Key_GetPubKey(hESS_Bind_Key,
&pubKeySize, &pubKey);
DBG("Get Public portion of key", result);
fout = fopen("BackupESSBindKey.pub", "wb");
if(fout != NULL) {
write(fileno(fout), pubKey, pubKeySize);
printf("Finished writing BackupESSBindKey.pub\n");
fclose(fout);
}
else {
printf("Error opening XXXXXXXXXXXX \r\n");
}
result = Tspi_Policy_FlushSecret(hESS_Policy);
DBG("Policy flush secret", result);
result = Tspi_Context_GetKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Get key handle", result);
printf("Unregistering key\r\n");
result = Tspi_Context_UnregisterKey(hContext,
TSS_PS_TYPE_SYSTEM,
ESS_BIND_UUID,
&hESS_Bind_Key);
DBG("Unregister key", result);
// Load a key and bind data
UINT32 ulDataLength;
BYTE *rbgBoundData;
BYTE newPubKey[1000], encData[1000];
TSS_HENCDATA hEncData;
fin = fopen("BackupESSBindKey.pub", "r");
read(fileno(fin), newPubKey,284);
if (fin == NULL)
return 0;
fclose(fin);
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hESS_Bind_Key);
DBG("Tspi_Context_CreateObject BindKey", result);
result = Tspi_SetAttribData(hESS_Bind_Key,
TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY,
284,newPubKey);
DBG("Set Public key into new key object", result);
fin = fopen("data", "rb");
read(fileno(fin), encData, 7);
fclose(fin);
result=Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&hEncData);
DBG("Create Data Object", result);
result = Tspi_Data_Bind(hEncData,hESS_Bind_Key,7,encData);
DBG("Bind data", result);
result = Tspi_GetAttribData(hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&ulDataLength,&rbgBoundData);
DBG("Get encrypted data", result);
fout = fopen("Bound.data", "wb");
write(fileno(fout),rbgBoundData,ulDataLength);
fclose(fout);
result = Tspi_Context_FreeMemory(hContext, NULL);
DBG("Tspi Context Free Memory", result);
result = Tspi_Context_Close(hContext);
DBG("Tspi Context Close", result);
return 0;
}
static int tpm_rsa_pub_enc(int flen,
const unsigned char *from,
unsigned char *to,
RSA *rsa,
int padding)
{
struct rsa_app_data *app_data = RSA_get_ex_data(rsa, ex_app_data);
TSS_RESULT result;
UINT32 out_len, in_len;
BYTE *out;
int rv;
DBG("%s", __FUNCTION__);
if (!app_data) {
DBG("No app data found for RSA object %p. Calling software.",
rsa);
if ((rv = RSA_PKCS1_SSLeay()->rsa_pub_enc(flen, from, to, rsa,
padding)) < 0) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
}
return rv;
}
if (app_data->hKey == NULL_HKEY) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_KEY);
return 0;
}
if (app_data->hEncData == NULL_HENCDATA) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_BIND,
&app_data->hEncData))) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("Setting hEncData(0x%x) in RSA object", app_data->hEncData);
}
DBG("flen is %d", flen);
if (padding == RSA_PKCS1_PADDING) {
if (app_data->encScheme != TSS_ES_RSAESPKCSV15) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object",
app_data->encScheme);
return 0;
}
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE)) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
} else if (padding == RSA_PKCS1_OAEP_PADDING) {
if (app_data->encScheme != TSS_ES_RSAESOAEP_SHA1_MGF1) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
TPM_R_INVALID_PADDING_TYPE);
DBG("encScheme(0x%x) in RSA object",
app_data->encScheme);
return 0;
}
/* subtract an extra 5 for the TCPA_BOUND_DATA structure */
if (flen > (RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE - 5)) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
} else {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_INVALID_ENC_SCHEME);
return 0;
}
in_len = flen;
DBG("Bind: hKey(0x%x) hEncData(0x%x) in_len(%u)", app_data->hKey,
app_data->hEncData, in_len);
if ((result = Tspi_Data_Bind(app_data->hEncData, app_data->hKey,
in_len, from))) {
TSSerr(TPM_F_TPM_RSA_PUB_ENC, TPM_R_REQUEST_FAILED);
DBG("result = 0x%x (%s)", result,
Trspi_Error_String(result));
return 0;
}
/* pull out the bound data and return it */
if ((result = Tspi_GetAttribData(app_data->hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&out_len, &out))) {
TSSerr(TPM_F_TPM_RSA_KEYGEN, TPM_R_REQUEST_FAILED);
return 0;
}
DBG("%s: writing out %d bytes as bound data", __FUNCTION__, out_len);
memcpy(to, out, out_len);
Tspi_Context_FreeMemory(hContext, out);
return out_len;
}
int fill_out_rsa_object(RSA *rsa, TSS_HKEY hKey)
{
TSS_RESULT result;
UINT32 pubkey_len, encScheme, sigScheme;
BYTE *pubkey;
struct rsa_app_data *app_data;
DBG("%s", __FUNCTION__);
if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
&encScheme))) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
&sigScheme))) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
return 0;
}
/* pull out the public key and put it into the RSA object */
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
&pubkey_len, &pubkey))) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
return 0;
}
if ((rsa->n = BN_bin2bn(pubkey, pubkey_len, rsa->n)) == NULL) {
Tspi_Context_FreeMemory(hContext, pubkey);
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_BN_CONVERSION_FAILED);
return 0;
}
Tspi_Context_FreeMemory(hContext, pubkey);
/* set e in the RSA object */
if (!rsa->e && ((rsa->e = BN_new()) == NULL)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!BN_set_word(rsa->e, 65537)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
BN_free(rsa->e);
rsa->e = NULL;
return 0;
}
if ((app_data = OPENSSL_malloc(sizeof(struct rsa_app_data))) == NULL) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
BN_free(rsa->e);
rsa->e = NULL;
return 0;
}
DBG("Setting hKey(0x%x) in RSA object", hKey);
DBG("Setting encScheme(0x%x) in RSA object", encScheme);
DBG("Setting sigScheme(0x%x) in RSA object", sigScheme);
memset(app_data, 0, sizeof(struct rsa_app_data));
app_data->hKey = hKey;
app_data->encScheme = encScheme;
app_data->sigScheme = sigScheme;
RSA_set_ex_data(rsa, ex_app_data, app_data);
return 1;
}
main_v1_1(void){
char *nameOfFunction = "Tspi_GetAttribData01";
TSS_FLAG initFlags;
TSS_HCONTEXT hContext;
TSS_RESULT result;
TSS_HKEY hSRK;
BYTE* BLOB;
UINT32 BlobLength;
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(nameOfFunction);
//Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create ", result);
exit(result);
}
//Connect Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key by UUID for SRK
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Call GetAttribData
result = Tspi_GetAttribData(hSRK,
TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&BlobLength, &BLOB);
if (result != TSS_SUCCESS) {
if(!checkNonAPI(result)){
print_error(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else{
print_error_nonapi(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
}
else{
print_success(nameOfFunction, result);
print_end_test(nameOfFunction);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(0);
}
}
/**
* gnutls_tpm_privkey_generate:
* @pk: the public key algorithm
* @bits: the security bits
* @srk_password: a password to protect the exported key (optional)
* @key_password: the password for the TPM (optional)
* @format: the format of the private key
* @pub_format: the format of the public key
* @privkey: the generated key
* @pubkey: the corresponding public key (may be null)
* @flags: should be a list of GNUTLS_TPM_* flags
*
* This function will generate a private key in the TPM
* chip. The private key will be generated within the chip
* and will be exported in a wrapped with TPM's master key
* form. Furthermore the wrapped key can be protected with
* the provided @password.
*
* Note that bits in TPM is quantized value. If the input value
* is not one of the allowed values, then it will be quantized to
* one of 512, 1024, 2048, 4096, 8192 and 16384.
*
* Allowed flags are:
*
* %GNUTLS_TPM_KEY_SIGNING: Generate a signing key instead of a legacy,
* %GNUTLS_TPM_REGISTER_KEY: Register the generate key in TPM. In that
* case @privkey would contain a URL with the UUID.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int
gnutls_tpm_privkey_generate(gnutls_pk_algorithm_t pk, unsigned int bits,
const char *srk_password,
const char *key_password,
gnutls_tpmkey_fmt_t format,
gnutls_x509_crt_fmt_t pub_format,
gnutls_datum_t * privkey,
gnutls_datum_t * pubkey, unsigned int flags)
{
TSS_FLAG tpm_flags = TSS_KEY_VOLATILE;
TSS_HKEY key_ctx;
TSS_RESULT tssret;
int ret;
void *tdata;
UINT32 tint;
gnutls_datum_t tmpkey = { NULL, 0 };
TSS_HPOLICY key_policy;
gnutls_pubkey_t pub;
struct tpm_ctx_st s;
TSS_FLAG storage_type;
TSS_HTPM htpm;
uint8_t buf[32];
if (flags & GNUTLS_TPM_KEY_SIGNING)
tpm_flags |= TSS_KEY_TYPE_SIGNING;
else
tpm_flags |= TSS_KEY_TYPE_LEGACY;
if (flags & GNUTLS_TPM_KEY_USER)
storage_type = TSS_PS_TYPE_USER;
else
storage_type = TSS_PS_TYPE_SYSTEM;
if (bits <= 512)
tpm_flags |= TSS_KEY_SIZE_512;
else if (bits <= 1024)
tpm_flags |= TSS_KEY_SIZE_1024;
else if (bits <= 2048)
tpm_flags |= TSS_KEY_SIZE_2048;
else if (bits <= 4096)
tpm_flags |= TSS_KEY_SIZE_4096;
else if (bits <= 8192)
tpm_flags |= TSS_KEY_SIZE_8192;
else
tpm_flags |= TSS_KEY_SIZE_16384;
ret = tpm_open_session(&s, srk_password);
if (ret < 0)
return gnutls_assert_val(ret);
/* put some randomness into TPM.
* Let's not trust it completely.
*/
tssret = Tspi_Context_GetTpmObject(s.tpm_ctx, &htpm);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_cc;
}
ret = _gnutls_rnd(GNUTLS_RND_RANDOM, buf, sizeof(buf));
if (ret < 0) {
gnutls_assert();
goto err_cc;
}
tssret = Tspi_TPM_StirRandom(htpm, sizeof(buf), buf);
if (tssret) {
gnutls_assert();
}
tssret =
Tspi_Context_CreateObject(s.tpm_ctx, TSS_OBJECT_TYPE_RSAKEY,
tpm_flags, &key_ctx);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_cc;
}
tssret =
Tspi_SetAttribUint32(key_ctx, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
TSS_SS_RSASSAPKCS1V15_DER);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
/* set the password of the actual key */
if (key_password) {
tssret =
Tspi_GetPolicyObject(key_ctx, TSS_POLICY_USAGE,
&key_policy);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
tssret = myTspi_Policy_SetSecret(key_policy,
SAFE_LEN(key_password),
(void *) key_password);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
}
tssret = Tspi_Key_CreateKey(key_ctx, s.srk, 0);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
if (flags & GNUTLS_TPM_REGISTER_KEY) {
TSS_UUID key_uuid;
ret = randomize_uuid(&key_uuid);
if (ret < 0) {
gnutls_assert();
goto err_sa;
}
tssret =
Tspi_Context_RegisterKey(s.tpm_ctx, key_ctx,
storage_type, key_uuid,
TSS_PS_TYPE_SYSTEM, srk_uuid);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
ret =
encode_tpmkey_url((char **) &privkey->data, &key_uuid,
storage_type);
if (ret < 0) {
TSS_HKEY tkey;
Tspi_Context_UnregisterKey(s.tpm_ctx, storage_type,
key_uuid, &tkey);
gnutls_assert();
goto err_sa;
}
privkey->size = strlen((char *) privkey->data);
} else { /* get the key as blob */
tssret =
Tspi_GetAttribData(key_ctx, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &tint,
(void *) &tdata);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto err_sa;
}
if (format == GNUTLS_TPMKEY_FMT_CTK_PEM) {
ret =
_gnutls_x509_encode_string
(ASN1_ETYPE_OCTET_STRING, tdata, tint,
&tmpkey);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret =
_gnutls_fbase64_encode("TSS KEY BLOB",
tmpkey.data,
tmpkey.size, privkey);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
UINT32 tint2;
tmpkey.size = tint + 32; /* spec says no more than 20 */
tmpkey.data = gnutls_malloc(tmpkey.size);
if (tmpkey.data == NULL) {
gnutls_assert();
ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
tint2 = tmpkey.size;
tssret =
Tspi_EncodeDER_TssBlob(tint, tdata,
TSS_BLOB_TYPE_PRIVATEKEY,
&tint2, tmpkey.data);
if (tssret != 0) {
gnutls_assert();
ret = tss_err(tssret);
goto cleanup;
}
tmpkey.size = tint2;
privkey->data = tmpkey.data;
privkey->size = tmpkey.size;
tmpkey.data = NULL;
}
}
/* read the public key */
if (pubkey != NULL) {
size_t psize;
ret = gnutls_pubkey_init(&pub);
if (ret < 0) {
gnutls_assert();
goto privkey_cleanup;
}
ret = read_pubkey(pub, key_ctx, &psize);
if (ret < 0) {
gnutls_assert();
goto privkey_cleanup;
}
psize += 512;
pubkey->data = gnutls_malloc(psize);
if (pubkey->data == NULL) {
gnutls_assert();
ret = GNUTLS_E_MEMORY_ERROR;
goto pubkey_cleanup;
}
ret =
gnutls_pubkey_export(pub, pub_format, pubkey->data,
&psize);
if (ret < 0) {
gnutls_assert();
goto pubkey_cleanup;
}
pubkey->size = psize;
gnutls_pubkey_deinit(pub);
}
ret = 0;
goto cleanup;
pubkey_cleanup:
gnutls_pubkey_deinit(pub);
privkey_cleanup:
gnutls_free(privkey->data);
privkey->data = NULL;
cleanup:
gnutls_free(tmpkey.data);
tmpkey.data = NULL;
err_sa:
Tspi_Context_CloseObject(s.tpm_ctx, key_ctx);
err_cc:
tpm_close_session(&s);
return ret;
}
int
main(int argc, char **argv)
{
#define BUF_LEN (1024*1024)
#define KEY_SIZE 64
TSS_RESULT result;
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HPOLICY hPolicy;
TSS_HTPM hTPM;
TSS_HENCDATA hEncData;
TSS_HPCRS hPcrs;
UINT32 u32PcrValLen, u32EncDataLen;
BYTE *rgbPcrVal, *rgbEncData;
BYTE *random;
FILE *fpIn = NULL, *fpOut = NULL;
int len, size;
char *pBufIn = NULL, *pBufOut = NULL;
unsigned int salt[] = {12345, 54321};
EVP_CIPHER_CTX en;
TSS_UUID UUID_K1 = {0, 0, 0, 0, 0, {8, 0, 0, 0, 0, 1}} ;
if (argc < 3) {
usage(argv[0]);
return 0;
}
result = Tspi_Context_Create(&hContext);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_Create", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
SRK_UUID,
&hSRK);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_Close(hContext);
return result;
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hPolicy);
if (TSS_SUCCESS != result) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Policy_SetSecret(hPolicy,
TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN,
TESTSUITE_SRK_SECRET);
if (TSS_SUCCESS != result) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
return result;
}
#endif // #ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_PCRS,
0,
&hPcrs);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_SEAL,
&hEncData);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
return result;
}
result = set_secret(hContext, hEncData, &hPolicy);
if (TSS_SUCCESS != result) {
print_error("set_secret", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Context_LoadKeyByUUID(hContext,
TSS_PS_TYPE_SYSTEM,
UUID_K1,
&hKey);
if (TSS_SUCCESS != result) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_Close(hContext);
return -1;
}
result = set_popup_secret(hContext,
hKey,
TSS_POLICY_USAGE,
"Input K1's Pin\n",
0);
if (TSS_SUCCESS != result) {
print_error("set_popup_secret", result);
Tspi_Context_Close(hContext);
return result;
}
/*result = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hPolicy);
if (TSS_SUCCESS != result) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Policy_SetSecret(hPolicy,
TESTSUITE_KEY_SECRET_MODE,
TESTSUITE_KEY_SECRET_LEN,
TESTSUITE_KEY_SECRET);
if (TSS_SUCCESS != result) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
return result;
}*/
result = Tspi_TPM_GetRandom(hTPM, KEY_SIZE, &random);
if (TSS_SUCCESS != result) {
print_error("Tspi_TPM_GetRandom", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_TPM_PcrRead(hTPM, 15, &u32PcrValLen, &rgbPcrVal);
if (TSS_SUCCESS != result) {
print_error("Tspi_TPM_PcrRead", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_PcrComposite_SetPcrValue(hPcrs, 15, u32PcrValLen, rgbPcrVal);
if (TSS_SUCCESS != result) {
print_error("Tspi_PcrComposite_SetPcrValue", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_Data_Seal(hEncData,
hKey,
KEY_SIZE,
random,
hPcrs);
if (TSS_SUCCESS != result) {
print_error("Tspi_Data_Seal", result);
Tspi_Context_Close(hContext);
return result;
}
result = Tspi_GetAttribData(hEncData,
TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&u32EncDataLen,
&rgbEncData);
if (TSS_SUCCESS != result) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_Close(hContext);
return result;
}
fpIn = fopen(argv[1], "rb");
if (!fpIn) {
printf("open file: %s failed\n", argv[1]);
Tspi_Context_Close(hContext);
return result;
}
fseek(fpIn, 0, SEEK_END);
size = ftell(fpIn);
if (size > BUF_LEN) {
printf("file is more than 1MB, too big !\n");
Tspi_Context_Close(hContext);
fclose(fpIn);
return -1;
}
pBufIn = malloc(size);
if (!pBufIn) {
printf("No Memmory\n");
Tspi_Context_Close(hContext);
}
fseek(fpIn, 0, SEEK_SET);
len = fread(pBufIn, 1, size, fpIn);
if (len != size) {
printf("fread error");
Tspi_Context_Close(hContext);
fclose(fpIn);
return -1;
}
fclose(fpIn);
if (aes_init(random, KEY_SIZE, (unsigned char *)&salt, &en)) {
printf("aes_init failed\n");
Tspi_Context_Close(hContext);
free(pBufIn);
return -1;
}
pBufOut = aes_encrypt(&en, pBufIn, &size);
fpOut = fopen(argv[2], "wb");
if (!fpOut) {
printf("open file: %s failed\n", argv[2]);
Tspi_Context_Close(hContext);
free(pBufIn);
free(pBufOut);
return -1;
}
len = fwrite(&u32EncDataLen, 1, sizeof(UINT32), fpOut);
if (sizeof(UINT32) != len) {
printf("fwrite u32EncDataLen failed\n");
Tspi_Context_Close(hContext);
free(pBufIn);
free(pBufOut);
fclose(fpOut);
return -1;
}
len = fwrite(rgbEncData, 1, u32EncDataLen, fpOut);
if (len != u32EncDataLen) {
printf("fwrite rgbEncData failed\n");
Tspi_Context_Close(hContext);
free(pBufIn);
free(pBufOut);
fclose(fpOut);
return -1;
}
len = fwrite(&size, 1, sizeof(int), fpOut);
if (len != sizeof(int)) {
printf("fwrite failed\n");
Tspi_Context_Close(hContext);
free(pBufIn);
free(pBufOut);
fclose(fpOut);
return -1;
}
len = fwrite(pBufOut, 1, size, fpOut);
if (len != size) {
printf("fwrite failed\n");
Tspi_Context_Close(hContext);
free(pBufIn);
free(pBufOut);
fclose(fpOut);
return -1;
}
fclose(fpOut);
free(pBufIn);
free(pBufOut);
Tspi_Context_Close(hContext);
return 0;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
int
main(int argc, char **argv)
{
RSA *rsa = NULL;
TSS_HCONTEXT hContext;
TSS_HKEY hKey, hSRK, hCAKey;
TSS_HPOLICY hTPMPolicy, hidpol;
TSS_UUID srkUUID = TSS_UUID_SRK;
TSS_HPOLICY srkpol;
TSS_HTPM hTPM;
UINT32 idbloblen, ch;
int ret,i, blobos, fd;
BYTE *srkpass, *tpmpass;
BYTE *blobo, *idblob;
srkpass = tpmpass = NULL;
while ((ch = getopt(argc, argv, "hs:t:")) != -1) {
switch (ch) {
case 's':
srkpass = optarg;
break;
case 't':
tpmpass = optarg;
break;
case 'h':
default:
usage(argv[0]);
break;
}
}
if (!srkpass || !tpmpass)
usage(argv[0]);
/* create context and connect */
ret = Tspi_Context_Create(&hContext);
check_fail("context create", ret);
ret = Tspi_Context_Connect(hContext, NULL);
check_fail("context connect", ret);
ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID,
&hSRK);
check_fail("loadkeybyuuid", ret);
ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol);
check_fail("get policy object", ret);
//ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234");
ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN,
strlen(srkpass), srkpass);
check_fail("policy set secret", ret);
ret = Tspi_Context_GetTpmObject(hContext, &hTPM);
check_fail("get policy object", ret);
//Insert the owner auth into the TPM's policy
ret = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
check_fail("get tpm policy", ret);
ret = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
strlen(tpmpass), tpmpass);
check_fail("set owner secret", ret);
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
//TSS_KEY_TYPE_STORAGE
TSS_KEY_TYPE_IDENTITY
//TSS_KEY_TYPE_SIGNING
| TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION
| TSS_KEY_NOT_MIGRATABLE | TSS_KEY_VOLATILE
, &hKey);
check_fail("create object - key", ret);
ret = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hidpol);
check_fail("get id key policy", ret);
ret = Tspi_Policy_SetSecret(hidpol, TSS_SECRET_MODE_PLAIN,
strlen(srkpass), srkpass);
check_fail("set idkey secret", ret);
/* We must create this fake privacy CA key in software so that
* Tspi_TPM_CollateIdentityRequest will happily work. It needs it to
* create the cert request which is required in a normal remote
* attestion procedure. It is not needed in our setup though.
*/
ret = make_fake_key(hContext, &hCAKey, &rsa, RSA_PKCS1_OAEP_PADDING);
check_fail("ca nonsense", ret);
/* We do not care about idblob - that is the certificate request that
* we are supposed to send to our CA in normal remote attestation. The
* fifth argument is our identity label (it is supposed to be unicode).
*/
ret = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hCAKey, 8, "id label",
hKey, TSS_ALG_3DES, &idbloblen, &idblob);
check_fail("collate id", ret);
blobo = NULL;
/*ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobos, &blobo);*/
ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &blobos, &blobo);
check_fail("get blob", ret);
if (!blobo) {
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
FATAL("no blobo");
}
printf("size: %d\n", blobos);
for (i = 0;i < blobos; i++) {
printf("\\x%x", blobo[i]);
}
printf("\n");
fd = open("key.blob", O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
if (fd == -1) {
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
FATAL("Open\n");
}
ret = write(fd, blobo, blobos);
if (ret != blobos)
printf("Warning: couldn't write the whole key\n");
close(fd);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
int
main_v1_1( void )
{
char *function = "Tspi_Context_LoadKeyByBlob04";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hSigningKey, hBindingKey;
TSS_HPOLICY hPolicy;
TSS_RESULT result;
UINT32 exitCode, attrib;
TSS_FLAG initFlags;
BYTE *signBlob, *bindBlob;
UINT32 signBlobLen, bindBlobLen;
print_begin_test( function );
// Create Context
if ((result = connect_load_srk(&hContext, &hSRK))) {
print_error( "connect_load_srk", result );
exit( result );
}
// create a no-auth, signing key
initFlags = TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION;
if ((result = create_load_key(hContext, initFlags, hSRK, &hSigningKey))) {
print_error( "create_load_key(Signing Key)", result );
Tspi_Context_Close( hContext );
exit( result );
}
print_success("Signing key created successfully", TSS_SUCCESS);
// get blob
result = Tspi_GetAttribData( hSigningKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&signBlobLen, &signBlob );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_Close( hContext );
exit( result );
}
// create a auth, binding key
initFlags = TSS_KEY_TYPE_BIND | TSS_KEY_SIZE_2048 |
TSS_KEY_AUTHORIZATION;
if ((result = create_load_key(hContext, initFlags, hSRK, &hBindingKey))) {
print_error( "create_load_key(Binding Key)", result );
Tspi_Context_Close( hContext );
exit( result );
}
print_success("Binding key created successfully", TSS_SUCCESS);
// get blob
result = Tspi_GetAttribData( hBindingKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&bindBlobLen, &bindBlob );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs before we close the context
if ((result = verify_sign_attribs(hSigningKey))) {
print_error( "verify_sign_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs before we close the context
if ((result = verify_bind_attribs(hBindingKey))) {
print_error( "verify_bind_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// close context, to get rid of all context state
if ((result = Tspi_Context_Close(hContext))) {
print_error( "Tspi_Context_Close", result );
exit( result );
}
// re-connect
if ((result = connect_load_srk(&hContext, &hSRK))) {
print_error( "connect_load_srk", result );
Tspi_Context_Close( hContext );
exit( result );
}
// Load both Keys by blob
if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK,
signBlobLen,
signBlob,
&hSigningKey ))) {
print_error( "Tspi_Context_LoadKeyByBlob", result );
Tspi_Context_Close( hContext );
exit( result );
}
if ((result = Tspi_Context_LoadKeyByBlob( hContext, hSRK,
bindBlobLen,
bindBlob,
&hBindingKey ))) {
print_error( "Tspi_Context_LoadKeyByBlob", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs after we've re-loaded by blob
if ((result = verify_sign_attribs(hSigningKey))) {
print_error( "verify_sign_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// verify attribs after we've re-loaded by blob
if ((result = verify_bind_attribs(hBindingKey))) {
print_error( "verify_bind_attribs", result );
Tspi_Context_Close( hContext );
exit( result );
}
// Do a sign/verify test
if ((result = sign_and_verify(hContext, hSigningKey))) {
print_error( "sign_and_verify", result );
Tspi_Context_Close( hContext );
exit( result );
}
// Do a bind/unbind test
result = bind_and_unbind(hContext, hBindingKey);
if (TSS_ERROR_CODE(result) != TSS_E_POLICY_NO_SECRET) {
print_verifyerr("bind and unbind", TSS_E_POLICY_NO_SECRET, result);
print_error( function, result );
Tspi_Context_Close( hContext );
exit( result );
}
// set up policies
if ((result = set_secret(hContext, hBindingKey, &hPolicy))) {
print_error("set_secret", result);
Tspi_Context_Close( hContext );
exit( result );
}
if ((result = bind_and_unbind(hContext, hBindingKey))) {
print_error( "bind_and_unbind", result );
Tspi_Context_Close( hContext );
exit( result );
}
exitCode = 0;
print_success(function, TSS_SUCCESS);
print_end_test( function );
Tspi_Context_Close( hContext );
exit( exitCode );
}
void getkeyblob(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//get the keyblob
UINT32 size;
BYTE *value;
result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Get keyblob", result);
//copy out the results
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result);
return;
}
TSS_RESULT
make_fake_key(TSS_HCONTEXT hContext, TSS_HKEY *hCAKey, RSA **rsa, int padding)
{
TSS_RESULT result;
UINT32 encScheme, size_n, pub_size;
BYTE n[2048];
TCPA_PUBKEY pubkey;
UINT32 blob_size, size;
BYTE *blob, pub_blob[1024];
switch (padding) {
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
//Create CA Key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, hCAKey);
if (result != TSS_SUCCESS) {
check("Tspi_Context_CreateObject", result);
return result;
}
// generate a software key to represent the CA's key
if ((*rsa = RSA_generate_key(2048, 65537, NULL, NULL)) == NULL) {
ERR_print_errors_fp(stdout);
return 254; // ?
}
// get the pub CA key
if ((size_n = BN_bn2bin((*rsa)->n, n)) <= 0) {
fprintf(stderr, "BN_bn2bin failed\n");
ERR_print_errors_fp(stdout);
RSA_free(*rsa);
return 254; // ?
}
result = Tspi_GetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob);
if (result != TSS_SUCCESS) {
check("Tspi_GetAttribData", result);
return result;
}
pub_size = blob_pubkey(pub_blob, 1024, blob, blob_size, n, size_n);
result = Tspi_SetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pub_size, pub_blob);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribData", result);
return result;
}
// set the CA key's algorithm
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM,
TSS_ALG_RSA);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's number of primes
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_PRIMES,
2);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's encryption scheme
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
encScheme);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
return TSS_SUCCESS;
}
static void
print_key_info(TSS_HCONTEXT hContext, TSS_HOBJECT hKey)
{
TSS_RESULT ret;
UINT32 attrib;
UINT32 keyInfoSize;
BYTE *keyInfo;
/* Key size */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIZE, &attrib);
if (ret) {
print_error(ret, gettext("Get key size"));
}
(void) printf(gettext("Key Size: %d bits\n"), attrib);
/* Key usage */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_USAGE, &attrib);
if (ret) {
print_error(ret, gettext("Get key usage"));
}
(void) printf(gettext("Key Usage: %s\n"), decode(key_usage, attrib));
/* Algorithm */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM, &attrib);
if (ret) {
print_error(ret, gettext("Get key algorithm"));
}
(void) printf(gettext("Algorithm: %s\n"),
decode(key_algorithm, attrib));
/* Authorization required */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &attrib);
if (ret) {
print_error(ret, gettext("Get key authusage"));
}
(void) printf(gettext("Authorization required: %s\n"),
attrib ? gettext("Yes") : gettext("No"));
/* Signature scheme */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &attrib);
if (ret) {
print_error(ret, gettext("Get key signature scheme"));
}
(void) printf(gettext("Signature scheme: %s\n"),
decode(key_sigscheme, attrib));
/* Encoding scheme */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &attrib);
if (ret) {
print_error(ret, gettext("Get key encoding scheme"));
}
(void) printf(gettext("Encoding scheme: %s\n"),
decode(key_encscheme, attrib));
/* Key blob */
ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &keyInfoSize, &keyInfo);
if (ret) {
print_error(ret, gettext("Get key blob"));
}
(void) printf(gettext("TPM Key Blob:\n"));
print_bytes(keyInfo, keyInfoSize, TRUE);
ret = Tspi_Context_FreeMemory(hContext, keyInfo);
if (ret) {
print_error(ret, gettext("Free key info buffer"));
}
}
