int encryptDecrypt(TPMI_DH_OBJECT keyHandle, TPMI_YES_NO decryptVal, TPM2B_MAX_BUFFER *inData, const char *outFilePath)
{
UINT32 rval;
// Inputs
TPMI_ALG_SYM_MODE mode;
TPM2B_IV ivIn;
// Outputs
TPM2B_MAX_BUFFER outData = { { sizeof(TPM2B_MAX_BUFFER)-2, } };
TPM2B_IV ivOut = { { sizeof(TPM2B_IV)-2, } };
TSS2_SYS_CMD_AUTHS sessionsData;
TPMS_AUTH_RESPONSE sessionDataOut;
TSS2_SYS_RSP_AUTHS sessionsDataOut;
TPMS_AUTH_COMMAND *sessionDataArray[1];
TPMS_AUTH_RESPONSE *sessionDataOutArray[1];
sessionDataArray[0] = &sessionData;
sessionsData.cmdAuths = &sessionDataArray[0];
sessionDataOutArray[0] = &sessionDataOut;
sessionsDataOut.rspAuths = &sessionDataOutArray[0];
sessionsDataOut.rspAuthsCount = 1;
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
*((UINT8 *)((void *)&sessionData.sessionAttributes)) = 0;
sessionsData.cmdAuthsCount = 1;
sessionsData.cmdAuths[0] = &sessionData;
mode = TPM_ALG_NULL;
ivIn.t.size = MAX_SYM_BLOCK_SIZE;
memset(ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE);
if(decryptVal == NO)
printf("\nENCRYPTDECRYPT: ENCRYPT\n");
if(decryptVal == YES)
printf("\nENCRYPTDECRYPT: DECRYPT\n");
rval = Tss2_Sys_EncryptDecrypt(sysContext, keyHandle, &sessionsData, decryptVal, mode, &ivIn, inData, &outData, &ivOut, &sessionsDataOut);
if(rval != TPM_RC_SUCCESS)
{
printf("EncryptDecrypt failed, error code: 0x%x\n", rval);
return -1;
}
printf("\nEncryptDecrypt succ.\n");
if(saveDataToFile(outFilePath, (UINT8 *)outData.t.buffer, outData.t.size))
return -2;
printf("OutFile %s completed!\n", outFilePath);
return 0;
}
TSS2_RC EncryptCFB( SESSION *session, TPM2B_MAX_BUFFER *encryptedData, TPM2B_MAX_BUFFER *clearData, TPM2B_AUTH *authValue )
{
TSS2_RC rval = TSS2_RC_SUCCESS;
TPM2B_MAX_BUFFER encryptKey;
TPM2B_IV ivIn, ivOut;
TPM_HANDLE keyHandle;
TPM2B_NAME keyName;
TSS2_SYS_CONTEXT *sysContext;
// Authorization structure for command.
TPMS_AUTH_COMMAND sessionData;
// Create and init authorization area for command:
// only 1 authorization area.
TPMS_AUTH_COMMAND *sessionDataArray[1] = { &sessionData };
// Authorization array for command (only has one auth structure).
TSS2_SYS_CMD_AUTHS sessionsData = { 1, &sessionDataArray[0] };
sysContext = InitSysContext( 1000, resMgrTctiContext, &abiVersion );
if( sysContext == 0 )
{
TeardownSysContext( &sysContext );
return TSS2_APP_RC_TEARDOWN_SYS_CONTEXT_FAILED;
}
rval = GenerateSessionEncryptDecryptKey( session, &encryptKey, &ivIn, authValue );
if( rval == TSS2_RC_SUCCESS )
{
rval = LoadSessionEncryptDecryptKey( &session->symmetric, &encryptKey, &keyHandle, &keyName );
if( rval == TSS2_RC_SUCCESS )
{
// Encrypt the data.
sessionData.sessionHandle = TPM_RS_PW;
sessionData.nonce.t.size = 0;
*( (UINT8 *)((void *)&sessionData.sessionAttributes ) ) = 0;
sessionData.hmac.t.size = 0;
encryptedData->t.size = sizeof( *encryptedData ) - 1;
ivOut.t.size = sizeof( ivOut ) - 2;
rval = Tss2_Sys_EncryptDecrypt( sysContext, keyHandle, &sessionsData, NO, TPM_ALG_CFB, &ivIn,
clearData, encryptedData, &ivOut, 0 );
if( rval == TSS2_RC_SUCCESS )
{
rval = Tss2_Sys_FlushContext( sysContext, keyHandle );
}
}
}
TeardownSysContext( &sysContext );
return rval;
}
