TSS_RESULT
verify_bind_attribs(TSS_HKEY hBindingKey)
{
UINT32 attrib;
TSS_RESULT result;
// verify binding key's attribs
// 1. Key Type
if ((result = Tspi_GetAttribUint32(hBindingKey,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_USAGE,
&attrib))) {
print_error( "Tspi_GetAttribUint32", result );
return result;
}
if (attrib != TSS_KEYUSAGE_BIND) {
print_verifyerr("key usage", TSS_KEYUSAGE_BIND, attrib);
return TSS_E_FAIL;
}
// 2. Auth data usage
if ((result = Tspi_GetAttribUint32(hBindingKey,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHDATAUSAGE,
&attrib))) {
print_error( "Tspi_GetAttribUint32", result );
return result;
}
if (attrib != TRUE) {
print_verifyerr("key authdata usage", TRUE, attrib);
return TSS_E_FAIL;
}
// 3. Key size
if ((result = Tspi_GetAttribUint32(hBindingKey,
TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_KEYSIZE,
&attrib))) {
print_error( "Tspi_GetAttribUint32", result );
return result;
}
if (attrib != TSS_KEY_SIZEVAL_2048BIT) {
print_verifyerr("key size", TSS_KEY_SIZEVAL_2048BIT, attrib);
return TSS_E_FAIL;
}
return result;
}
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext;
TSS_FLAG initFlags = TSS_KEY_TYPE_LEGACY | TSS_KEY_VOLATILE;
TSS_HKEY hKey;
TSS_HKEY hSRK;
TSS_RESULT result;
TSS_HPOLICY srkUsagePolicy, keyUsagePolicy, keyMigrationPolicy;
BYTE *blob;
UINT32 blob_size, srk_authusage;
BIO *outb;
ASN1_OCTET_STRING *blob_str;
unsigned char *blob_asn1 = NULL;
int asn1_len;
char *filename, c, *openssl_key = NULL;
int option_index, auth = 0, popup = 0, wrap = 0, well_known = 0;
UINT32 enc_scheme = TSS_ES_RSAESPKCSV15;
UINT32 sig_scheme = TSS_SS_RSASSAPKCS1V15_DER;
UINT32 key_size = 2048;
RSA *rsa;
while (1) {
option_index = 0;
c = getopt_long(argc, argv, "pe:q:s:azhw:",
long_options, &option_index);
if (c == -1)
break;
switch (c) {
case 'a':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
break;
case 'h':
usage(argv[0]);
break;
case 's':
key_size = atoi(optarg);
break;
case 'e':
if (!strncasecmp("oaep", optarg, 4)) {
enc_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
} else if (strncasecmp("pkcs", optarg, 4)) {
usage(argv[0]);
}
break;
case 'q':
if (!strncasecmp("der", optarg, 3)) {
sig_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
} else if (strncasecmp("sha", optarg, 3)) {
usage(argv[0]);
}
break;
case 'p':
initFlags |= TSS_KEY_AUTHORIZATION;
auth = 1;
popup = 1;
break;
case 'w':
initFlags |= TSS_KEY_MIGRATABLE;
wrap = 1;
openssl_key = optarg;
break;
case 'z':
well_known = 1;
break;
default:
usage(argv[0]);
break;
}
}
/* set up the key option flags */
switch (key_size) {
case 512:
initFlags |= TSS_KEY_SIZE_512;
break;
case 1024:
initFlags |= TSS_KEY_SIZE_1024;
break;
case 2048:
initFlags |= TSS_KEY_SIZE_2048;
break;
case 4096:
initFlags |= TSS_KEY_SIZE_4096;
break;
case 8192:
initFlags |= TSS_KEY_SIZE_8192;
break;
case 16384:
initFlags |= TSS_KEY_SIZE_16384;
break;
default:
usage(argv[0]);
break;
}
#if 0
while (argc--) {
printf("argv[%d] = \"%s\"\n", argc, argv[argc]);
}
exit(1);
#endif
filename = argv[argc - 1];
if (argc < 2 || filename[0] == '-')
usage(argv[0]);
//Create Context
if ((result = Tspi_Context_Create(&hContext))) {
print_error("Tspi_Context_Create", result);
exit(result);
}
//Connect Context
if ((result = Tspi_Context_Connect(hContext, NULL))) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Create Object
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
sig_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_SetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
enc_scheme))) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
print_error("Tspi_Context_LoadKeyByUUID", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&srk_authusage))) {
print_error("Tspi_GetAttribUint32", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (srk_authusage) {
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&srkUsagePolicy))) {
print_error("Tspi_GetPolicyObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if (well_known) {
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
//Set Well Known Secret
if ((result = Tspi_Policy_SetSecret(srkUsagePolicy,
TSS_SECRET_MODE_SHA1,
sizeof(well_known_secret),
(BYTE *)well_known_secret))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128, "SRK Password: "******"Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
}
if (auth) {
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&keyUsagePolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (popup) {
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_POPUP,
0, NULL))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Usage Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
//Set Secret
if ((result = Tspi_Policy_SetSecret(keyUsagePolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyUsagePolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
// Create or Wrap Key
if (wrap) {
char n[256], p[128];
unsigned int size_n, size_p;
BYTE *pubSRK;
/*Set migration policy needed to wrap the key*/
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_MIGRATION,
&keyMigrationPolicy))) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_Close(hContext);
exit(result);
}
if (auth) {
char *authdata = calloc(1, 128);
if (!authdata) {
fprintf(stderr, "malloc failed.\n");
Tspi_Context_Close(hContext);
exit(result);
}
if (EVP_read_pw_string(authdata, 128,
"Enter Key Migration Password: "******"Passwords do not match.\n");
free(authdata);
Tspi_Context_Close(hContext);
exit(result);
}
if ((result = Tspi_Policy_SetSecret(keyMigrationPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(authdata),
(BYTE *)authdata))) {
print_error("Tspi_Policy_SetSecret", result);
Tspi_Context_Close(hContext);
exit(result);
}
free(authdata);
}
if ((result = Tspi_Policy_AssignToObject(keyMigrationPolicy, hKey))) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
/* Pull the PubKRK out of the TPM */
if ((result = Tspi_Key_GetPubKey(hSRK, &size_n, &pubSRK))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
Tspi_Context_FreeMemory(hContext, pubSRK);
if ((rsa = openssl_read_key(openssl_key)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (RSA_size(rsa) != key_size / 8) {
fprintf(stderr,
"Error, key size is incorrect, please use the '-s' option\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if (openssl_get_modulus_and_prime(rsa, &size_n, (unsigned char *)n,
&size_p, (unsigned char *)p)) {
fprintf(stderr, "Error getting modulus and prime!\n");
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
size_n, (BYTE *)n))) {
print_error("Tspi_SetAttribData (RSA modulus)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_SetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PRIVATE_KEY,
size_p, (BYTE *)p))) {
print_error("Tspi_SetAttribData (private key)", result);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
if ((result = Tspi_Key_WrapKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_WrapKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
} else {
if ((result = Tspi_Key_CreateKey(hKey, hSRK, 0))) {
print_error("Tspi_Key_CreateKey", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
}
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB,
&blob_size, &blob))) {
print_error("Tspi_GetAttribData", result);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(result);
}
if ((outb = BIO_new_file(filename, "w")) == NULL) {
fprintf(stderr, "Error opening file for write: %s\n", filename);
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
blob_str = ASN1_OCTET_STRING_new();
if (!blob_str) {
fprintf(stderr, "Error allocating ASN1_OCTET_STRING\n");
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_Close(hContext);
exit(-1);
}
ASN1_STRING_set(blob_str, blob, blob_size);
asn1_len = i2d_ASN1_OCTET_STRING(blob_str, &blob_asn1);
PEM_write_bio(outb, "TSS KEY BLOB", "", blob_asn1, asn1_len);
BIO_free(outb);
Tspi_Context_Close(hContext);
printf("Success.\n");
return 0;
}
static EVP_PKEY *tpm_engine_load_key(ENGINE *e, const char *key_id,
UI_METHOD *ui, void *cb_data)
{
ASN1_OCTET_STRING *blobstr;
TSS_HKEY hKey;
TSS_RESULT result;
UINT32 authusage;
RSA *rsa;
EVP_PKEY *pkey;
BIO *bf;
DBG("%s", __FUNCTION__);
if (!key_id) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_PASSED_NULL_PARAMETER);
return NULL;
}
if (!tpm_load_srk(ui, cb_data)) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_SRK_LOAD_FAILED);
return NULL;
}
if ((bf = BIO_new_file(key_id, "r")) == NULL) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_FILE_NOT_FOUND);
return NULL;
}
blobstr = PEM_ASN1_read_bio((void *)d2i_ASN1_OCTET_STRING,
"TSS KEY BLOB", bf, NULL, NULL, NULL);
if (!blobstr) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_FILE_READ_FAILED);
BIO_free(bf);
return NULL;
}
BIO_free(bf);
DBG("Loading blob of size: %d", blobstr->length);
if ((result = Tspi_Context_LoadKeyByBlob(hContext, hSRK,
blobstr->length,
blobstr->data, &hKey))) {
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_REQUEST_FAILED);
return NULL;
}
ASN1_OCTET_STRING_free(blobstr);
if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&authusage))) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY,
TPM_R_REQUEST_FAILED);
return NULL;
}
if (authusage) {
TSS_HPOLICY hPolicy;
BYTE *auth;
if ((auth = calloc(1, 128)) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
if (!tpm_engine_get_auth(ui, (char *)auth, 128,
"TPM Key Password: ",
cb_data)) {
Tspi_Context_CloseObject(hContext, hKey);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return NULL;
}
if ((result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE,
&hPolicy))) {
Tspi_Context_CloseObject(hContext, hKey);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Policy_AssignToObject(hPolicy, hKey))) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_CloseObject(hContext, hPolicy);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_Policy_SetSecret(hPolicy,
TSS_SECRET_MODE_PLAIN,
strlen((char *)auth), auth))) {
Tspi_Context_CloseObject(hContext, hKey);
Tspi_Context_CloseObject(hContext, hPolicy);
free(auth);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return 0;
}
free(auth);
}
/* create the new objects to return */
if ((pkey = EVP_PKEY_new()) == NULL) {
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
pkey->type = EVP_PKEY_RSA;
if ((rsa = RSA_new()) == NULL) {
EVP_PKEY_free(pkey);
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, ERR_R_MALLOC_FAILURE);
return NULL;
}
rsa->meth = &tpm_rsa;
/* call our local init function here */
rsa->meth->init(rsa);
pkey->pkey.rsa = rsa;
if (!fill_out_rsa_object(rsa, hKey)) {
EVP_PKEY_free(pkey);
RSA_free(rsa);
Tspi_Context_CloseObject(hContext, hKey);
TSSerr(TPM_F_TPM_ENGINE_LOAD_KEY, TPM_R_REQUEST_FAILED);
return NULL;
}
EVP_PKEY_assign_RSA(pkey, rsa);
return pkey;
}
int
main_v1_2( char version )
{
char * function = "Tspi_TPM_Delegate_GetFamily05";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK;
TSS_HTPM hTPM, hTPM2;
TSS_HPOLICY hTPMPolicy;
TSS_HDELFAMILY hFamily = NULL_HDELFAMILY, hFamily2;
UINT32 familyID, returnedID;
TSS_RESULT result;
print_begin_test( function );
result = connect_load_all(&hContext, &hSRK, &hTPM);
if ( result != TSS_SUCCESS )
{
print_error( "connect_load_all", result );
goto done;
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hTPMPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
goto done;
}
result = Tspi_Policy_SetSecret( hTPMPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
goto done;
}
result = Tspi_TPM_Delegate_AddFamily(hTPM, 'a', &hFamily);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_Delegate_AddFamily", result );
goto done;
}
result = Tspi_GetAttribUint32(hFamily, TSS_TSPATTRIB_DELFAMILY_INFO,
TSS_TSPATTRIB_DELFAMILYINFO_FAMILYID, &familyID);
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( "Tspi_TPM_GetAttribUint32", result );
}
else
{
print_error_nonapi( "Tspi_TPM_GetAttribUint32", result );
}
goto done;
}
/* Keep hTPM to invalidate family and then set it to NULL */
hTPM2 = hTPM;
hTPM = NULL_HTPM;
/* Keep family address */
hFamily2 = hFamily;
result = Tspi_TPM_Delegate_GetFamily(hTPM, familyID, &hFamily);
if (TSS_ERROR_CODE(result) != TSS_E_INVALID_HANDLE)
{
Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2);
print_error( function, result );
result = 1;
goto done;
}
else
{
Tspi_TPM_Delegate_InvalidateFamily(hTPM2, hFamily2);
print_success( function, result );
result = 0;
}
done:
/* Invalidate the family to avoid resource exhaustion */
if (hFamily != NULL_HDELFAMILY)
Tspi_TPM_Delegate_InvalidateFamily(hTPM, hFamily);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
print_end_test( function );
exit( result );
}
int tpm_load_srk(UI_METHOD *ui, void *cb_data)
{
TSS_RESULT result;
UINT32 authusage;
BYTE *auth;
UINT32 auth_size;
UINT32 srk_secret_mode = secret_mode;
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
if (hSRK != NULL_HKEY) {
DBGFN("SRK is already loaded.");
return 1;
}
if ((result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK))) {
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_GetAttribUint32(hSRK, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE,
&authusage))) {
Tspi_Context_CloseObject(hContext, hSRK);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if (!authusage) {
DBG("SRK has no auth associated with it.");
return 1;
}
/* If hSRKPolicy is non 0, then a policy object for the SRK has already
* been set up by engine pre/post commands. Just assign it to the SRK.
* Otherwise, we need to get the SRK's implicit policy and prompt for a
* secret */
if (hSRKPolicy) {
DBG("Found an already initialized SRK policy, using it");
if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, hSRK))) {
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
return 1;
}
if ((result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE,
&hSRKPolicy))) {
Tspi_Context_CloseObject(hContext, hSRK);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
if ((auth = calloc(1, 128)) == NULL) {
TSSerr(TPM_F_TPM_LOAD_SRK, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!srk_zeroed) {
if (!tpm_engine_get_auth(ui, (char *)auth, 128, "SRK authorization: ",
cb_data)) {
Tspi_Context_CloseObject(hContext, hSRK);
free(auth);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
}
auth_size = strlen((char *)auth);
} else {
auth_size = sizeof(well_known_secret);
memcpy(auth, well_known_secret, auth_size);
srk_secret_mode = TSS_SECRET_MODE_SHA1;
}
/* secret_mode is a global that may be set by engine ctrl
* commands. By default, its set to TSS_SECRET_MODE_PLAIN */
if ((result = Tspi_Policy_SetSecret(hSRKPolicy, srk_secret_mode,
auth_size, auth))) {
Tspi_Context_CloseObject(hContext, hSRK);
free(auth);
TSSerr(TPM_F_TPM_LOAD_SRK, TPM_R_REQUEST_FAILED);
return 0;
}
free(auth);
return 1;
}
int fill_out_rsa_object(RSA *rsa, TSS_HKEY hKey)
{
TSS_RESULT result;
UINT32 pubkey_len, encScheme, sigScheme;
BYTE *pubkey;
struct rsa_app_data *app_data;
DBG("%s", __FUNCTION__);
if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
&encScheme))) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
return 0;
}
if ((result = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
&sigScheme))) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
return 0;
}
/* pull out the public key and put it into the RSA object */
if ((result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
&pubkey_len, &pubkey))) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
return 0;
}
if ((rsa->n = BN_bin2bn(pubkey, pubkey_len, rsa->n)) == NULL) {
Tspi_Context_FreeMemory(hContext, pubkey);
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_BN_CONVERSION_FAILED);
return 0;
}
Tspi_Context_FreeMemory(hContext, pubkey);
/* set e in the RSA object */
if (!rsa->e && ((rsa->e = BN_new()) == NULL)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!BN_set_word(rsa->e, 65537)) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, TPM_R_REQUEST_FAILED);
BN_free(rsa->e);
rsa->e = NULL;
return 0;
}
if ((app_data = OPENSSL_malloc(sizeof(struct rsa_app_data))) == NULL) {
TSSerr(TPM_F_TPM_FILL_RSA_OBJECT, ERR_R_MALLOC_FAILURE);
BN_free(rsa->e);
rsa->e = NULL;
return 0;
}
DBG("Setting hKey(0x%x) in RSA object", hKey);
DBG("Setting encScheme(0x%x) in RSA object", encScheme);
DBG("Setting sigScheme(0x%x) in RSA object", sigScheme);
memset(app_data, 0, sizeof(struct rsa_app_data));
app_data->hKey = hKey;
app_data->encScheme = encScheme;
app_data->sigScheme = sigScheme;
RSA_set_ex_data(rsa, ex_app_data, app_data);
return 1;
}
static void
print_key_info(TSS_HCONTEXT hContext, TSS_HOBJECT hKey)
{
TSS_RESULT ret;
UINT32 attrib;
UINT32 keyInfoSize;
BYTE *keyInfo;
/* Key size */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIZE, &attrib);
if (ret) {
print_error(ret, gettext("Get key size"));
}
(void) printf(gettext("Key Size: %d bits\n"), attrib);
/* Key usage */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_USAGE, &attrib);
if (ret) {
print_error(ret, gettext("Get key usage"));
}
(void) printf(gettext("Key Usage: %s\n"), decode(key_usage, attrib));
/* Algorithm */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM, &attrib);
if (ret) {
print_error(ret, gettext("Get key algorithm"));
}
(void) printf(gettext("Algorithm: %s\n"),
decode(key_algorithm, attrib));
/* Authorization required */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &attrib);
if (ret) {
print_error(ret, gettext("Get key authusage"));
}
(void) printf(gettext("Authorization required: %s\n"),
attrib ? gettext("Yes") : gettext("No"));
/* Signature scheme */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &attrib);
if (ret) {
print_error(ret, gettext("Get key signature scheme"));
}
(void) printf(gettext("Signature scheme: %s\n"),
decode(key_sigscheme, attrib));
/* Encoding scheme */
ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &attrib);
if (ret) {
print_error(ret, gettext("Get key encoding scheme"));
}
(void) printf(gettext("Encoding scheme: %s\n"),
decode(key_encscheme, attrib));
/* Key blob */
ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &keyInfoSize, &keyInfo);
if (ret) {
print_error(ret, gettext("Get key blob"));
}
(void) printf(gettext("TPM Key Blob:\n"));
print_bytes(keyInfo, keyInfoSize, TRUE);
ret = Tspi_Context_FreeMemory(hContext, keyInfo);
if (ret) {
print_error(ret, gettext("Free key info buffer"));
}
}
int
main_v1_1( void )
{
char *function = "Tspi_GetAttribUint3201";
TSS_HKEY hParentKey;
TSS_HCONTEXT hContext;
UINT32 ES;
UINT32 SS;
TSS_RESULT result;
TSS_HPOLICY hPolicy;
UINT32 exitCode;
TSS_FLAG initFlags = TSS_KEY_TYPE_SIGNING |
TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Create and initialize empty object
result = Tspi_Context_CreateObject( hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hParentKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (parent key)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject( hContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (parent key)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Set uint, no encryption, key enc scheme
result = Tspi_GetAttribUint32( hParentKey,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
&ES );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
print_success( function, result );
exitCode = 0;
}
// Set uint, key sig scheme
result = Tspi_GetAttribUint32( hParentKey,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
&SS );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
print_success( function, result );
}
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS,
&ES );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
print_success( function, result );
}
result = Tspi_GetAttribUint32( hContext,
TSS_TSPATTRIB_CONTEXT_SILENT_MODE,
0, &SS );
if ( result != TSS_SUCCESS )
{
if( !(checkNonAPI(result)) )
{
print_error( function, result );
exitCode = 1;
}
else
{
print_error_nonapi( function, result );
exitCode = 1;
}
}
else
{
print_success( function, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode );
}
int
main_v1_1( void )
{
char *function = "Tspi_PolicyChecking01";
char *function1 = "Tspi_GetAttribUint32";
TSS_RESULT result;
TSS_HPOLICY hPolicy;
TSS_HCONTEXT hContext;
TSS_HOBJECT hObject;
UINT32 ES, exitCode1;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
print_error_exit( function, err_string(result) );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, NULL );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// get policy
result = Tspi_Context_GetDefaultPolicy ( hContext, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetDefaultPolicy", result );
print_error_exit( function, err_string(result) );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
/* ################# CHECKING DEFAULTS ################### */
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_CALLBACK_HMAC,
0, &ES );
if ( result != TSS_SUCCESS )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
if( ES != 0 )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
print_success( function1, result);
}
}
fprintf( stderr, "\t\tAddress of callback hmac: %x\n", ES );
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_CALLBACK_XOR_ENC,
0, &ES );
if ( result != TSS_SUCCESS )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
if( ES != 0 )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
print_success( function1, result);
}
}
fprintf( stderr, "\t\tAddress of callback xor enc: %x\n", ES );
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_CALLBACK_TAKEOWNERSHIP,
0, &ES );
if ( result != TSS_SUCCESS )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
if( ES != 0 )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
print_success( function1, result);
exitCode1 = 0;
}
}
fprintf( stderr, "\t\tAddress of callback take ownership: %x\n", ES );
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_CALLBACK_CHANGEAUTHASYM,
0, &ES );
if ( result != TSS_SUCCESS )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
if( ES != 0 )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
print_success( function1, result);
}
}
fprintf( stderr, "\t\tAddress of callback change auth asym: %x\n", ES );
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLICYSECRET_LIFETIME_ALWAYS, &ES );
if ( result != TSS_SUCCESS )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
/* flag not set by default */
if( ES == FALSE )
{
print_error( function1, result );
exitCode1 = 1;
}
else
{
print_success( function1, result);
}
}
fprintf( stderr, "\t\tFlag set in policy object?: %x\n", ES );
if( exitCode1 == 0 )
print_success( function, result );
else
print_error( function, result );
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER, &ES );
/* TSS_TSPATTRIB_POLICY_SECRET_LIFETIME Not set by default so
TSS_TSPATTRIB_POLICYSECRET_LIFETIME_COUNTER should return error */
if ( result == TSS_SUCCESS )
{
print_error( function1, result );
fprintf( stderr, "\t\tCounter value: %x\n", ES );
exitCode1 = 1;
}
else
{
print_success( function1, result);
}
result = Tspi_GetAttribUint32( hPolicy,
TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER, &ES );
/* TSS_TSPATTRIB_POLICY_SECRET_LIFETIME Not set by default so
TSS_TSPATTRIB_POLICYSECRET_LIFETIME_TIMER should return error */
if ( result == TSS_SUCCESS )
{
print_error( function1, result );
fprintf( stderr, "\t\tTime value in seconds: %x\n", ES );
exitCode1 = 1;
}
else
{
print_success( function1, result );
}
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( exitCode1 );
}
int
main_v1_2( char version )
{
char *function = "policy_check_lifetime02";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
TSS_BOOL state;
TSS_RESULT result;
UINT32 remainingUsages;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Retrieve TPM object of context
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sets the policy Lifetime Counter
result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, COUNTER);
if (result != TSS_SUCCESS){
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Sets the secret and fires the counter
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//First two GetStatus calls: the Policy should not be expired yet
//Get status - first call (remainingUsages = COUNTER -1
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(1)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - second call (remainingUsages = COUNTER -2)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_DISABLEPUBEKREAD,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(2)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - third call (remainingUsages = COUNTER -3)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(3)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Ensure Secret usages reached 0
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages);
if ( result != TSS_SUCCESS || (remainingUsages)){
if (remainingUsages){
fprintf( stderr, "\tError: Secret usages did not reach zero: (%u)\n",
remainingUsages );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - fourth call with secret expired (remainingUsages = COUNTER -3)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( Trspi_Error_Code(result) != TSS_E_INVALID_OBJ_ACCESS )
{
print_error( "Tspi_TPM_GetStatus(4)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Set secret again and reset policy lifetime counter
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages);
if ( result != TSS_SUCCESS || (remainingUsages != COUNTER)){
if (remainingUsages != COUNTER){
fprintf( stderr, "\tError: Secret usages counter wasn't reset: (%u)\n",
remainingUsages );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(5)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
print_success( function, result);
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
int
main_v1_2( char version )
{
char *function = "policy_check_lifetime04";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
TSS_BOOL state;
TSS_RESULT result;
UINT32 remainingTimer;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Retrieve TPM object of context
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sets the policy Lifetime Timer
result = Tspi_SetAttribUint32( hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, TIMER );
if (result != TSS_SUCCESS){
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Sets the secret and fires the timer
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Ensure Secret usages is not always
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer);
if ( result != TSS_SUCCESS || (remainingTimer) ){
if ( remainingTimer ){
fprintf( stderr, "\tError: Policy Usage is set as always: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_Policy_SetSecret", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - first call within TIMER seconds
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(1)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sleeps for TIMER - 3 seconds
fprintf( stdout, "Sleeping for %u seconds\n", TIMER-3);
sleep( TIMER - 3 );
//Ensures the usage timer has decremented
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_TIMER, &remainingTimer);
if ( result != TSS_SUCCESS || (remainingTimer <= TIMER-3)){
if ( remainingTimer <= TIMER-3 ){
fprintf( stderr, "\tError: Invalid policy timer after usage: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sets the policy Lifetime as always
result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, 0);
if (result != TSS_SUCCESS){
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Ensure Secret usages is always
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer);
if ( result != TSS_SUCCESS || (!remainingTimer) ){
if ( !remainingTimer ){
fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - second call
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(2)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - third call
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(3)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - fourth call
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(4)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Ensure Secret usages is always
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_ALWAYS, &remainingTimer);
if ( result != TSS_SUCCESS || (!remainingTimer) ){
if ( !remainingTimer ){
fprintf( stderr, "\tError: Policy Usage is not set as always: (%u)\n",
remainingTimer );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
print_success( function, result);
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
