Пример #1
0
static long getPhysicalCMDEnable(TPM_BOOL *physicalPresenceCMDEnable)
{
    uint32_t ret = 0;
    STACK_TPM_BUFFER( subcap );
    STACK_TPM_BUFFER( resp );
    STACK_TPM_BUFFER( tb );
    TPM_PERMANENT_FLAGS permanentFlags;
    
    if (ret == 0) {
	STORE32(subcap.buffer, 0, TPM_CAP_FLAG_PERMANENT  );
	subcap.used = 4;
	ret = TPM_GetCapability(TPM_CAP_FLAG,
				&subcap,
				&resp);
	if (ret != 0) {
	    printf("Error %s from TPM_GetCapability\n",
		   TPM_GetErrMsg(ret));
	}
    }
    if (ret == 0) {
	TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);
	ret = TPM_ReadPermanentFlags(&tb, 0, &permanentFlags, resp.used);
	if ( ( ret & ERR_MASK ) != 0 || ret > resp.used) {
	    printf("TPM_ReadPermanentFlags: ret %08x, responselen %d\n", ret, resp.used);
	    printf("TPM_ReadPermanentFlags: Error parsing response!\n");
	}
	else {
	    ret = 0;
	}
    }
    if (ret == 0) {
	*physicalPresenceCMDEnable = permanentFlags.physicalPresenceCMDEnable;
    }
    return ret;
}
Пример #2
0
/* 
 * Validate the signature over a PCR composite structure.
 * Returns '0' on success, an error code otherwise.
 */
uint32_t TPM_ValidatePCRCompositeSignature(TPM_PCR_COMPOSITE *tpc,
                                           unsigned char *antiReplay,
                                           pubkeydata *pk,
                                           struct tpm_buffer *signature,
                                           uint16_t sigscheme)
{
	uint32_t ret;
	RSA *rsa;			/* openssl RSA public key */
	TPM_QUOTE_INFO tqi;
	STACK_TPM_BUFFER (ser_tqi);
	STACK_TPM_BUFFER(response);
	STACK_TPM_BUFFER (ser_tpc);
	/*
	** Convert to an OpenSSL RSA public key
	*/
	rsa = TSS_convpubkey(pk);

	ret = TPM_GetCapability(TPM_CAP_VERSION, NULL,
	                        &response);
	if (ret != 0) {
		RSA_free(rsa);
		return ret;
	}

	memcpy(&(tqi.version), response.buffer, response.used);
	memcpy(&(tqi.fixed), "QUOT", 4);
	memcpy(&(tqi.externalData), antiReplay, TPM_NONCE_SIZE);
	ret = TPM_WritePCRComposite(&ser_tpc, tpc);
	if ((ret & ERR_MASK)) {
		RSA_free(rsa);
		return ret;
	}
	/* create the hash of the PCR_composite data for the quoteinfo structure */
	TSS_sha1(ser_tpc.buffer, ser_tpc.used, tqi.digestValue);

	ret = TPM_WriteQuoteInfo(&ser_tqi, &tqi);
	if ((ret & ERR_MASK)) {
		RSA_free(rsa);
		return ret;
	}
	
	ret = TPM_ValidateSignature(sigscheme,
	                            &ser_tqi,
	                            signature,
	                            rsa);
	RSA_free(rsa);
	return ret;
}
Пример #3
0
uint32_t TPM_DirRead(uint32_t dirIndex,
                     unsigned char * dirValueBuffer) 
{
	uint32_t ret;
	uint32_t ordinal_no = htonl(TPM_ORD_DirRead);
	STACK_TPM_BUFFER(tpmdata)
	uint32_t dirIndex_no = htonl(dirIndex);
	
	ret = TSS_buildbuff("00 c1 T l l",&tpmdata,
	                             ordinal_no,
	                               dirIndex_no);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	
	ret = TPM_Transmit(&tpmdata,"DirRead");
	
	if (ret != 0) {
		return ret;
	}

	if (tpmdata.used != 30) {
		ret = ERR_BAD_RESP;
	}

	if (NULL != dirValueBuffer) {
		memcpy(dirValueBuffer, 
		       &tpmdata.buffer[TPM_DATA_OFFSET], 
		       20);
	}
	
	return ret;
}
Пример #4
0
uint32_t TPM_SHA1CompleteExtend(void *data, uint32_t datalen,
                                uint32_t pcrNum,
                                unsigned char * hash,
                                unsigned char * pcrValue) 
{
	uint32_t ordinal_no;
	uint32_t pcrNum_no = htonl(pcrNum);
	uint32_t ret;
	STACK_TPM_BUFFER(tpmdata)

	/* move Network byte order data to varaible for hmac calcualtion */
	ordinal_no = htonl(TPM_ORD_SHA1CompleteExtend);

	TSS_buildbuff("00 c1 T l l @", &tpmdata,
	                       ordinal_no,
	                         pcrNum_no,
	                           datalen, data);

	/* transmit the request buffer to the TPM device and read the reply */
	ret = TPM_Transmit(&tpmdata,"SHA1CompleteExtend");

	if (0 != ret) {
		return ret;
	}
	
	memcpy(hash, 
	       &tpmdata.buffer[TPM_DATA_OFFSET],
	       TPM_HASH_SIZE);
	       
	memcpy(pcrValue,
	       &tpmdata.buffer[TPM_DATA_OFFSET + TPM_HASH_SIZE],
	       TPM_HASH_SIZE);

	return ret;
}
Пример #5
0
uint32_t TPM_GetRandom(uint32_t bytesreq,
                       unsigned char * buffer, uint32_t * bytesret)
{
	uint32_t ret;
	STACK_TPM_BUFFER( tpmdata )
	
	uint32_t ordinal_no = htonl(TPM_ORD_GetRandom);
	uint32_t numbytes_no = htonl(bytesreq);

	TSS_buildbuff("00 c1 T l l",&tpmdata,
	                       ordinal_no,
	                         numbytes_no);

	ret = TPM_Transmit(&tpmdata,"GetRandom");

	if (0 != ret) {
		return ret;
	}
	
	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, bytesret);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	memcpy(buffer,
	       &tpmdata.buffer[TPM_DATA_OFFSET + TPM_U32_SIZE],
	       *bytesret);
	
	return ret;
}
Пример #6
0
uint32_t TPM_LoadKeyContext(struct tpm_buffer *context,
                            uint32_t *keyhandle)
{
	uint32_t ret;
	uint32_t ordinal_no = htonl(TPM_ORD_LoadKeyContext);
	STACK_TPM_BUFFER(tpmdata);

	ret = TSS_buildbuff("00 c1 T l @",&tpmdata,
	                             ordinal_no,
	                               context->used, context->buffer);
	if ((ret & ERR_MASK) != 0) {
		return ret;
	}
	
	ret = TPM_Transmit(&tpmdata,"LoadKeyContext");
	
	if (ret != 0) {
		return ret;
	}
	
	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, keyhandle);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	
	return ret;
}
Пример #7
0
uint32_t TPM_LoadAuthContext(unsigned char *authContextBlob, uint32_t authContextSize,
                             uint32_t *authhandle)
{
	uint32_t ret;
	uint32_t ordinal_no = htonl(TPM_ORD_LoadAuthContext);
	STACK_TPM_BUFFER(tpmdata);

	ret = TSS_buildbuff("00 c1 T l @",&tpmdata,
	                             ordinal_no,
	                               authContextSize, authContextBlob);
	if ( ( ret & ERR_MASK ) != 0) {
		return ret;
	}
	
	ret = TPM_Transmit(&tpmdata,"LoadAuthContext");
	
	if (ret != 0) {
		return ret;
	}
	
	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, authhandle);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	
	return ret;
}
Пример #8
0
int main(int argc, char *argv[])
{
	int ret = 0;
	char *filename = NULL;
	int i = 1;
	unsigned char * buffer;
	uint32_t buffersize;
	TPM_CONTEXT_BLOB context;
	STACK_TPM_BUFFER(tpmbuffer)

	TPM_setlog(0);
	while (i  < argc) {
	    if (!strcmp("-if",argv[i])) {
		i++;
		if (i < argc) {
		    filename = argv[i];
		} else {
		    printf("Missing parameter for -if.\n");
		    print_usage();
		}
	    }
	    else if (!strcmp(argv[i],"-v")) {
		TPM_setlog(1);
	    }
	    else if (!strcmp("-h",argv[i])) {
		print_usage();
	    }
	    else if (!strcmp(argv[i],"-h")) {
		print_usage();
	    }
	    else {
		printf("\n%s is not a valid option\n", argv[i]);
		print_usage();
	    }
	    i++;
	}
	if (NULL == filename) {
	    printf("Missing -if argument.\n");
	    print_usage();
	}

	ret = TPM_ReadFile(filename, &buffer, &buffersize);
	
	if (ret != 0) {
	        printf("Error while reading file '%s'.\n",filename);
	        exit(-1);
	}

	SET_TPM_BUFFER(&tpmbuffer, buffer, buffersize);
	ret = TPM_ReadContextBlob(&tpmbuffer, 0, &context);
	if ((ret & ERR_MASK)) {
	        printf("Error while parsing the context blob.\n");
	        exit(-1);
	}
	
	printf("ContextCount: 0x%08X\n",context.contextCount);
	ret = 0;

 	exit(ret);
}
Пример #9
0
uint32_t TPM_Extend(uint32_t pcrIndex,
                    unsigned char * event,
                    unsigned char * outDigest) {
	uint32_t ret;
	uint32_t ordinal_no = htonl(TPM_ORD_Extend);
	uint32_t pcrIndex_no = htonl(pcrIndex);
	STACK_TPM_BUFFER(tpmdata)
	
	ret = TSS_buildbuff("00 c1 T l l %",&tpmdata,
	                             ordinal_no,
	                               pcrIndex_no,
	                                 TPM_HASH_SIZE, event);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	
	ret = TPM_Transmit(&tpmdata,"Extend");
	
	if (0 != ret) {
		return ret;
	}
	
	if (NULL != outDigest) {
		memcpy(outDigest, 
		       &tpmdata.buffer[TPM_DATA_OFFSET], 
		       TPM_HASH_SIZE);
	}
	
	return ret;
}
Пример #10
0
uint32_t TPM_HashPubKey(keydata * pubkey, unsigned char *digest)
{
    STACK_TPM_BUFFER(buffer)
    uint32_t len = TPM_WriteKeyPub(&buffer, pubkey);
    if ((len & ERR_MASK) == 0)
	TSS_sha1(buffer.buffer, len, digest);
    return len;
}
Пример #11
0
static uint32_t swapOutKey(uint32_t handle)
{	
	unsigned char labelhash[20];
	char *filename = createKeyFilename(handle);
	STACK_TPM_BUFFER(context);
	uint32_t ret = 0;

	if (NULL == filename) {
		ret = ERR_MEM_ERR;
	}

#if 0
	printf("Swapping OUT key with handle %08x\n",handle);
#endif
	
	TSS_sha1("KEY",3,labelhash);


	if (ret == 0) {
		ret = TPM_SaveContext(handle,
		                      TPM_RT_KEY,
		                      (char *)labelhash,
		                      &context);
	}

	if (ret == 0) {
		FILE * f = fopen(filename, "w+");
		if (f) {
			fwrite(context.buffer, context.used, 1, f);
			fclose(f);
		} else {
			ret = ERR_BAD_FILE;
		}
	}
	
	if (ret == 0) {
		ret = TPM_EvictKey(handle);
#if 0
		printf("Evicted key with handle 0x%08x\n",handle);
	} else {
		printf("DID NOT Evicted key with handle 0x%08x\n",handle);
#endif
	}

#if 0
	if (ret == 0) {
		printf("Swapped out key with handle %08x.\n",handle);
	} else {
		printf("Could NOT swap out key with handle %08x.\n",handle);
	}
#endif
	
	return ret;
}
Пример #12
0
static uint32_t swapInKey(uint32_t handle)
{	
	char *filename = createKeyFilename(handle);
	STACK_TPM_BUFFER(context);
	unsigned char * mycontext = NULL;
	uint32_t contextSize;
	uint32_t newhandle;
	uint32_t ret;

	if (NULL == filename) {
		ret = ERR_MEM_ERR;
	}
	
	ret = TPM_ReadFile(filename,&mycontext,&contextSize);
	if ((ret & ERR_MASK)) {
#if 0
		printf("level: %d\n",g_num_transports);
#endif
		printf("Could not read from keyfile %s.\n",filename);
		return ret;
	}
	SET_TPM_BUFFER(&context, mycontext, contextSize);
	free(mycontext);
	
	ret = TPM_LoadContext(handle,
		              1,
		              &context,
		              &newhandle);

	if (ret != 0) {
		printf("Got error '%s' while swapping in key 0x%08x.\n",
		       TPM_GetErrMsg(ret),
		       handle);
	}
	if (handle != newhandle) {
		printf("keyswap: "
		       "new handle 0x%08x not the same as old one 0x%08x.\n",
		       newhandle, handle);
	}
	if (ret == 0) {
		unlink(filename);
	}
	free(filename);
#if 0
	if (ret == 0) {
		printf("Swapped in key with handle %08x.\n",handle);
	} else {
		printf("Could NOT swap in key with handle %08x.\n",handle);
	}
#endif
	
	return ret;
}
Пример #13
0
uint32_t TPM_HashCMKAuth(TPM_CMK_AUTH * auth, unsigned char *hash)
{
    STACK_TPM_BUFFER(buffer)
    uint32_t len;
    uint32_t ret = TPM_WriteCMKAuth(&buffer, auth);
    if (ret & ERR_MASK)
	return ret;
    len = ret;

    TSS_sha1(buffer.buffer, len, hash);
    return 0;
}
Пример #14
0
uint32_t TPM_StirRandom(unsigned char * data, uint32_t datalen) 
{
	uint32_t ret;
	STACK_TPM_BUFFER(tpmdata)
	uint32_t ordinal_no = htonl(TPM_ORD_StirRandom);

	TSS_buildbuff("00 c1 T l @",&tpmdata,
	                       ordinal_no,
	                         (datalen & 0xff), data);

	ret = TPM_Transmit(&tpmdata,"StirRandom");
	return ret;
}
Пример #15
0
uint32_t TPM_ReadPubKeyfile(const char *filename, pubkeydata * pubk)
{
    unsigned char *buffer = NULL;
    uint32_t buffersize = 0;
    uint32_t ret = TPM_ReadFile(filename, &buffer, &buffersize);

    if ((ret & ERR_MASK) == 0) {
	STACK_TPM_BUFFER(buf);
	SET_TPM_BUFFER(&buf, buffer, buffersize);
	memset(pubk, 0x0, sizeof(*pubk));
	if (buffersize != TSS_PubKeyExtract(&buf, 0, pubk))
	    ret = ERR_BAD_FILE;
	free(buffer);
    }
    return ret;
}
Пример #16
0
static uint32_t TPM_GetCapability_Internal(uint32_t caparea,
					   struct tpm_buffer *scap,
					   struct tpm_buffer *response,
					   int allowTransport)
{
    uint32_t ret;
    uint32_t rlen;
    uint32_t ordinal_no = htonl(TPM_ORD_GetCapability);
    STACK_TPM_BUFFER(tpmdata)	/* request/response buffer */
    uint32_t scaplen = 0;
    unsigned char *buffer = NULL;

    /* check arguments */
    if (scap) {
	scaplen = scap->used;
	buffer = scap->buffer;
    }
    if (response == NULL)
	return ERR_NULL_ARG;

    ret = TSS_buildbuff("00 c1 T l L @", &tpmdata,
			ordinal_no, caparea, scaplen, buffer);
    if (ret & ERR_MASK)
	return ret;

    /* transmit the request buffer to the TPM device and read the reply */
    if (allowTransport)
	ret = TPM_Transmit(&tpmdata, "GetCapability");
    else
	ret = TPM_Transmit_NoTransport(&tpmdata, "GetCapability");
    if (ret)
	return ret;

    ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, &rlen);
    if (ret & ERR_MASK)
	return ret;
    if (response)
	SET_TPM_BUFFER(response,
		       &tpmdata.buffer[TPM_DATA_OFFSET + TPM_U32_SIZE],
		       rlen);
    return 0;
}
Пример #17
0
uint32_t TPM_SHA1Start(uint32_t *maxNumBytes) {
	uint32_t ordinal_no;
	uint32_t ret;
	STACK_TPM_BUFFER(tpmdata)
	/* move Network byte order data to varaible for hmac calcualtion */
	ordinal_no = htonl(TPM_ORD_SHA1Start);

	TSS_buildbuff("00 c1 T l", &tpmdata,
	                       ordinal_no);
	/* transmit the request buffer to the TPM device and read the reply */
	ret = TPM_Transmit(&tpmdata,"SHA1Start");

	if (ret != 0) {
		return ret;
	}
	
	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, maxNumBytes);

	return ret;
}
Пример #18
0
uint32_t TPM_SetOwnerInstall(TPM_BOOL state)
{
	uint32_t ret;
	uint32_t ordinal_no = htonl(TPM_ORD_SetOwnerInstall);
	STACK_TPM_BUFFER(tpmdata)

	ret = TSS_buildbuff("00 c1 T l o",&tpmdata,
	                             ordinal_no,
	                               state);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	
	ret = TPM_Transmit(&tpmdata,"SetOwnerInstall");

	if (ret == 0 && tpmdata.used != 10) {
		ret = ERR_BAD_RESP;
	}
	
	return ret;
}
Пример #19
0
uint32_t TPM_SaveKeyContext(uint32_t keyhandle,
                            struct tpm_buffer *context)
{
	uint32_t ret;
	uint32_t ordinal_no = htonl(TPM_ORD_SaveKeyContext);
	STACK_TPM_BUFFER(tpmdata)
	uint32_t keyhandle_no = htonl(keyhandle);
	uint32_t len;
	
	ret = needKeysRoom(keyhandle, 0, 0, 0);
	if (ret != 0) {
		return ret;
	}

	ret = TSS_buildbuff("00 c1 T l l",&tpmdata,
	                             ordinal_no,
	                               keyhandle_no);
	if (( ret & ERR_MASK )!= 0) {
		return ret;
	}
	
	ret = TPM_Transmit(&tpmdata,"SaveKeyContext");
	
	if (ret != 0) {
		return ret;
	}
	
	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, &len);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	
	if (NULL != context) {
		SET_TPM_BUFFER(context,
			       &tpmdata.buffer[TPM_DATA_OFFSET+TPM_U32_SIZE],
			       len);
	}
	
	return ret;
}
Пример #20
0
int main(int argc, char *argv[])
   {
   int ret = 0;
   uint32_t handle;
   int listsize;
   int offset;
   int	i;		/* argc iterator */
   TPM_setlog(0);      	/* turn off verbose output */
   
   for (i=1 ; i<argc ; i++) {
       if (!strcmp(argv[i], "-h")) {
	   printUsage();
       }
       else if (!strcmp(argv[i], "-v")) {
	   TPM_setlog(1);
       }
       else {
	   printf("\n%s is not a valid option\n", argv[i]);
	   printUsage();
       }
   }
   STACK_TPM_BUFFER(response);
   if (ret == 0) {
       ret = TPM_GetCapability(0x0000007,NULL,&response);
       if (ret != 0)
           {
               printf("Error %s from TPM_GetCapability\n",TPM_GetErrMsg(ret));
               exit(1);
           }
       listsize = LOAD16(response.buffer,0);
       offset = 2;
       for (i = 0; i < listsize; ++i)
           {
               handle = LOAD32(response.buffer,offset);
               printf("Key handle %02d %08x\n",i,handle);
               offset += 4;
           }
   }
   exit(0);
   }
Пример #21
0
static int loadKey(char * filename, keydata * key)
{
    int ret = 0;
    FILE * kinfile;
    kinfile = fopen(filename,"rb");
    if (kinfile == NULL) {
        printf("Could not open key file.\n");
        ret = -1;
    } else {
        struct stat sbuf;
        if (0 ==stat(filename,&sbuf)) {
            unsigned int keyblen;
            unsigned char * keyblob = NULL;
            keyblen = (int)sbuf.st_size;
            keyblob = malloc(keyblen);
            if (NULL != keyblob) {
                ret = fread(keyblob,1,keyblen,kinfile);
                if (ret != (int)keyblen) {
                    printf("Unable to read key file\n");
                    ret = -1;
                } else {
                    STACK_TPM_BUFFER(tb)
                    SET_TPM_BUFFER(&tb, keyblob, keyblen);
                    TSS_KeyExtract(&tb,0,key);
                    ret = 0;
                }
                fclose(kinfile);
                free(keyblob);
            } else {
                printf("Could not allocate memory.\n");
                ret = -1;
            }
        } else {
            printf("Could not determine size of key file.\n");
            ret = -1;
        }
    }
    return ret;
}
Пример #22
0
uint32_t TPM_SaveAuthContext(uint32_t authhandle,
                             unsigned char * authContextBlob, uint32_t * authContextSize)
{
	uint32_t ret;
	uint32_t ordinal_no = htonl(TPM_ORD_SaveAuthContext);
	STACK_TPM_BUFFER(tpmdata)
	uint32_t authhandle_no = htonl(authhandle);
	uint32_t len;

	ret = TSS_buildbuff("00 c1 T l l",&tpmdata,
	                             ordinal_no,
	                               authhandle_no);
	if (( ret & ERR_MASK )!= 0) {
		return ret;
	}
	
	ret = TPM_Transmit(&tpmdata,"SaveAuthContext");
	
	if (ret != 0) {
		return ret;
	}
	
	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET, &len);
	if ((ret & ERR_MASK)) {
		return ret;
	}
	
	if (NULL != authContextBlob) {
		*authContextSize = MIN(*authContextSize, len);
		memcpy(authContextBlob,
		       &tpmdata.buffer[TPM_DATA_OFFSET+TPM_U32_SIZE],
		       *authContextSize);
	}
	
	return ret;
}
Пример #23
0
int main(int argc, char *argv[])
{
    uint32_t ret;
    STACK_TPM_BUFFER(resp);
    int index = 0;
    STACK_TPM_BUFFER( subcap );;
	
    TPM_setlog(0);		/* turn off verbose output */

    ParseArgs(argc, argv);

    while ((int)matrx[index].cap != -1) {
	if (cap == matrx[index].cap) {
	    break;
	}
	index++;
    }
    if (-1 == (int)matrx[index].cap) {
	printf("Unknown or unsupported capability!\n");
	exit(-1);
    }
	
    subcap.used = 0;
    if (matrx[index].subcap_size > 0) {
	if ((int)scap == -1) {
	    printf("Need subcap parameter for this capability!\n");
	    exit(-1);
	}
	if (0 == prepare_subcap(cap, &subcap, scap)) {
	    if (2 == matrx[index].subcap_size) {
		STORE16(subcap.buffer,0,scap);
		subcap.used = 2;
	    } else
		if (matrx[index].subcap_size >= 4) {
		    STORE32(subcap.buffer,0,scap);
		    subcap.used  = 4;
		}
	}
    }
	
#if 0
    /* This was for VTPM extensions and needs retest */
    if (cap == TPM_CAP_MFR) {
	int idx2 = 0;
	while ((int)mfr_matrix[idx2].cap != -1) {
	    if (mfr_matrix[idx2].cap == scap) {
		break;
	    }
	    idx2++;
	}
	if (mfr_matrix[idx2].subcap_size > 0) {
	    uint32_t used = subcap.used +
			    mfr_matrix[idx2].subcap_size;
	    while (subcap.used < used) {
		if (argc <= nxtarg) {
		    printf("Need one more parameter for this "
			   "capability!\n");
		    exit(-1);
		}
		if (!strncmp("0x",argv[nxtarg],2)) {
		    sscanf(argv[nxtarg],"%x",&sscap);
		} else {
		    sscanf(argv[nxtarg],"%d",&sscap);
		}
		nxtarg++;
		if (2 == matrx[index].subcap_size) {
		    STORE16(subcap.buffer,
			    subcap.used,sscap);
		    subcap.used += 2;
		} else
		    if (matrx[index].subcap_size >= 4) {
			STORE32(subcap.buffer,
				subcap.used,sscap);
			subcap.used += 4;
		    }
	    }
	}
    }


#endif
    if (0 == sikeyhandle) {
	ret = TPM_GetCapability(cap,
				&subcap,
				&resp);

	if (0 != ret) {
	    printf("TPM_GetCapability returned %s.\n",
		   TPM_GetErrMsg(ret));
	    exit(ret);
	}
    } else {
	unsigned char antiReplay[TPM_HASH_SIZE];
	unsigned char signature[2048];
	uint32_t signaturelen = sizeof(signature);
	pubkeydata pubkey;
	RSA * rsa;
	unsigned char sighash[TPM_HASH_SIZE];
	unsigned char * buffer = NULL;
	unsigned char * sigkeyhashptr = NULL;
	unsigned char sigkeypasshash[TPM_HASH_SIZE];

	if (NULL != sikeypass) {
	    TSS_sha1(sikeypass,strlen(sikeypass),sigkeypasshash);
	    sigkeyhashptr = sigkeypasshash;
	}

	TSS_gennonce(antiReplay);
		
	ret = TPM_GetPubKey(sikeyhandle,
			    sigkeyhashptr,
			    &pubkey);

	if (0 != ret) {
	    printf("Error while trying to access the signing key's public key.\n");
	    exit(-1);
	}
		
	rsa = TSS_convpubkey(&pubkey);
		
	ret = TPM_GetCapabilitySigned(sikeyhandle,
				      sigkeyhashptr,
				      antiReplay,
				      cap,
				      &subcap,
				      &resp,
				      signature, &signaturelen);

	if (0 != ret) {
	    printf("TPM_GetCapabilitySigned returned %s.\n",
		   TPM_GetErrMsg(ret));
	    exit(ret);
	}

	buffer = malloc(resp.used+TPM_NONCE_SIZE);
	if (NULL == buffer) {
	    printf("Could not allocate buffer.\n");
	    exit(-1);
	}
	memcpy(&buffer[0], resp.buffer, resp.used);
	memcpy(&buffer[resp.used], antiReplay, TPM_NONCE_SIZE);

	TSS_sha1(buffer,
		 resp.used+TPM_NONCE_SIZE,
		 sighash);
	free(buffer);

	ret = RSA_verify(NID_sha1,
			 sighash,TPM_HASH_SIZE,
			 signature,signaturelen,
			 rsa);
	if (1 != ret) {
	    printf("Error: Signature verification failed.\n");
	    exit(-1);
	}
    }

    if (0 == resp.used) {
	printf("Empty response.\n");
    } else {

	if (-1 == (int)scap) {
	    printf("Result for capability 0x%x is : ",cap);
	} else {
	    printf("Result for capability 0x%x, subcapability 0x%x is : ",cap,scap);
	}
	if (TYPE_BOOL == matrx[index].result_size) {
	    if (resp.buffer[0] == 0) {
		printf("FALSE\n");
	    } else {
		printf("TRUE\n");
	    }
	} else
	    if (TYPE_UINT32 == matrx[index].result_size) {
		uint32_t rsp;
		rsp = LOAD32(resp.buffer,0);
		printf("0x%08X  = %d\n",rsp,rsp);
	    } else
		if (TYPE_UINT32_ARRAY == matrx[index].result_size) {
		    int i = 0;
		    printf("\n");
		    while (i+3 < (int)resp.used) {
			uint32_t rsp = LOAD32(resp.buffer,i);
			i+=4;
			if (TPM_CAP_NV_LIST == cap) {
			    /* don't zero extend, grep needs the exact value for test suite */
			    printf("%d. Index : %d = 0x%x.\n",
				   i/4,
				   rsp,
				   rsp);
			} else
			    if (TPM_CAP_KEY_HANDLE == cap) {
				printf("%d. keyhandle : %d.\n",
				       i/4,
				       rsp);
				} else {
				    printf("%d. item : %d.\n",
					   i/4,
					   rsp);
				}
		    }
		} else
		    if (TYPE_STRUCTURE == matrx[index].result_size) {
			switch(cap) {
			  case TPM_CAP_FLAG:
			      {
				  if (scap == TPM_CAP_FLAG_PERMANENT) {
				      TPM_PERMANENT_FLAGS pf;
				      STACK_TPM_BUFFER(tb)
					  TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);
				      ret = TPM_ReadPermanentFlags(&tb, 0, &pf, resp.used);
				      if ( ( ret & ERR_MASK ) != 0 || ret > resp.used) {
					  printf("ret=%x, responselen=%d\n",ret,resp.used);
					  printf("Error parsing response!\n");
					  exit(-1);
				      }
						
				      printf("\n");
				      showPermanentFlags(&pf, resp.used);
				  } else 
				      if (scap == TPM_CAP_FLAG_VOLATILE) {
					  TPM_STCLEAR_FLAGS sf;
					  STACK_TPM_BUFFER(tb);
					  TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);
					  ret = TPM_ReadSTClearFlags(&tb, 0, &sf);
					  if ( ( ret & ERR_MASK ) != 0 || ret > resp.used) {
					      printf("ret=%x, responselen=%d\n",ret,resp.used);
					      printf("Error parsing response!\n");
					      exit(-1);
					  }
						
					  printf("\n");
					  showVolatileFlags(&sf);
						
				      }
			      }
			      break;
				
			  case TPM_CAP_KEY_HANDLE:
			      {
				  uint16_t num = LOAD16(resp.buffer, 0);
				  uint32_t i = 0;
				  uint32_t handle;
				  printf("\n");
				  while (i < num) {
				      handle = LOAD32(resp.buffer,2+i*4);
				      printf("%d. handle: 0x%08X\n",
					     i,
					     handle);
				      i++;
				  }
			      }
			      break;
			  case TPM_CAP_NV_INDEX:
			      {
				  //char scratch_info[256];
				  unsigned char scratch_info[256];
				  uint32_t scratch_info_len;
				  TPM_NV_DATA_PUBLIC ndp;
				  uint32_t i, c;
				  STACK_TPM_BUFFER(tb)
				      TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);
				  ret = TPM_ReadNVDataPublic(&tb,
							     0,
							     &ndp);
				  if ( ( ret & ERR_MASK) != 0) {
				      printf("Could not deserialize the TPM_NV_DATA_PUBLIC structure.\n");
				      exit(-1);
				  }
				  printf("permission.attributes : %08X\n",(unsigned int)ndp.permission.attributes);
				  printf("ReadSTClear           : %02X\n",ndp.bReadSTClear);
				  printf("WriteSTClear          : %02X\n",ndp.bWriteSTClear);
				  printf("WriteDefine           : %02X\n",ndp.bWriteDefine);
				  printf("dataSize              : %08X = %d",(unsigned int)ndp.dataSize,
					 (unsigned int)ndp.dataSize);

				  c = 0;
				  for (i = 0; i < ndp.pcrInfoRead.pcrSelection.sizeOfSelect*8; i++) {
				      if (ndp.pcrInfoRead.pcrSelection.pcrSelect[(i / 8)] & (1 << (i & 0x7))) {
					      if (!c)
						  printf("\nRead PCRs selected: ");
					      else
						  printf(", ");
					      printf("%d", i);
					      c++;

				      }
				  }

				  if (c) {
				      char pcrmap[4], *pf;

				      memcpy(pcrmap, ndp.pcrInfoRead.pcrSelection.pcrSelect,
					     ndp.pcrInfoRead.pcrSelection.sizeOfSelect);

				 //     printf("\npcrmap: %02x%02x%02x%02x\n", pcrmap[0], pcrmap[1],
				//	     pcrmap[2], pcrmap[3]);

				      ret = TSS_GenPCRInfo(*(uint32_t *)pcrmap,
							   scratch_info,
							   &scratch_info_len);

				      printf("\nRead PCR Composite: ");
				      for (i = 0; i < 20; i++)
					  printf("%02x", ndp.pcrInfoRead.digestAtRelease[i] & 0xff);
				      printf("\n");
#if 1
				      pf = &scratch_info[5];
				      printf("\nCurrent PCR composite: ");
				      for (i = 0; i < 20; i++)
					  //printf("%02x", scratch_info.digestAtRelease[i] & 0xff);
					  printf("%02x", pf[i] & 0xff);
				      printf("\n");
#endif
				      if (!ret) {
					      printf("Matches current TPM state: ");

					      if (!memcmp(&scratch_info[5],
							  &ndp.pcrInfoRead.digestAtRelease,
							  20)) {
						      printf("Yes\n");
					      } else {
						      printf("No\n");
					      }
				      }
				  }


				  c = 0;
				  for (i = 0; i < ndp.pcrInfoWrite.pcrSelection.sizeOfSelect*8; i++) {
				      if (ndp.pcrInfoWrite.pcrSelection.pcrSelect[(i / 8)] & (1 << (i & 0x7))) {
					      if (!c)
						  printf("\nWrite PCRs selected: ");
					      else
						  printf(", ");
					      printf("%d", i);
					      c++;

				      }
				  }

				  if (c) {
				      printf("\nWrite PCR Composite: ");
				      for (i = 0; i < 20; i++)
					  printf("%02x", ndp.pcrInfoWrite.digestAtRelease[i] & 0xff);
				      printf("\n");
				  }
			      }
			      break;
			  case TPM_CAP_HANDLE:
			      {
				  uint16_t num = LOAD16(resp.buffer, 0);
				  uint16_t x = 0;
				  while (x < num) {
				      uint32_t handle = LOAD32(resp.buffer,
							       sizeof(num)+4*x);
				      printf("%02d. 0x%08X\n",x,handle);
				      x++;
				  }
			      }
			      break;
			  case TPM_CAP_VERSION_VAL:
			      {
				  int i = 0;
				  TPM_CAP_VERSION_INFO cvi;
				  STACK_TPM_BUFFER(tb)
				      TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);
				  ret = TPM_ReadCapVersionInfo(&tb,
							       0,
							       &cvi);
				  if ( ( ret & ERR_MASK) != 0) {
				      printf("Could not read the version info structure.\n");
				      exit(-1);
				  }
					
				  printf("\n");
				  printf("major      : 0x%02X\n",cvi.version.major);
				  printf("minor      : 0x%02X\n",cvi.version.minor);
				  printf("revMajor   : 0x%02X\n",cvi.version.revMajor);
				  printf("revMinor   : 0x%02X\n",cvi.version.revMinor);
				  printf("specLevel  : 0x%04X\n",cvi.specLevel);
				  printf("errataRev  : 0x%02X\n",cvi.errataRev);
	
				  printf("VendorID   : ");
				  while (i < 4) {
				      printf("%02X ",cvi.tpmVendorID[i]);
				      i++;
				  }
				  printf("\n");
				  /* Print vendor ID in text if printable */
				  for (i=0 ; i<4 ; i++) {
				      if (isprint(cvi.tpmVendorID[i])) {
					  if (i == 0) {
					      printf("VendorID   : ");
					  }
					  printf("%c", cvi.tpmVendorID[i]);
				      }
				      else {
					  break;
				      }
				  }	    
				  printf("\n");

				  printf("[not displaying vendor specific information]\n");
			      }
			      break;
#if 0	/* kgold: I don't think these are valid cap values */
			  case TPM_CAP_FLAG_PERMANENT:
			      {
				  TPM_PERMANENT_FLAGS pf;
				  STACK_TPM_BUFFER(tb)
				      TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);

				  if (resp.used == 21) {
				      ret = TPM_ReadPermanentFlagsPre103(&tb, 0, &pf);
				  } else {
				      ret = TPM_ReadPermanentFlags(&tb, 0, &pf);
				  }
				  if ( ( ret & ERR_MASK ) != 0 || ret > resp.used) {
				      printf("ret=%x, responselen=%d\n",ret,resp.used);
				      printf("Error parsing response!\n");
				      exit(-1);
				  }
						
				  printf("\n");
				  showPermanentFlags(&pf, resp.used);
			      }
			      break;
				
			  case TPM_CAP_FLAG_VOLATILE:
			      {
				  TPM_STCLEAR_FLAGS sf;
				  STACK_TPM_BUFFER(tb);
				  TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);
				  ret = TPM_ReadSTClearFlags(&tb, 0, &sf);
				  if ( ( ret & ERR_MASK ) != 0 || ret > resp.used) {
				      printf("ret=%x, responselen=%d\n",ret,resp.used);
				      printf("Error parsing response!\n");
				      exit(-1);
				  }
						
				  printf("\n");
				  showVolatileFlags(&sf);
			      }
			      break;
#endif
			  case TPM_CAP_DA_LOGIC:
			      {
				  uint32_t ctr;
				  TPM_BOOL lim = FALSE;
				  TPM_DA_INFO dainfo;
				  TPM_DA_INFO_LIMITED dainfo_lim;
				  STACK_TPM_BUFFER(tb);
				  TSS_SetTPMBuffer(&tb, resp.buffer, resp.used);
				  ret = TPM_ReadDAInfo(&tb, 0, &dainfo);
				  if ( ( ret & ERR_MASK) != 0 || ret > resp.used) {
				      ret = TPM_ReadDAInfoLimited(&tb, 0, &dainfo_lim);
				      if ( (ret & ERR_MASK ) != 0 || ret > resp.used) {
					  printf("ret=%x, responselen=%d\n",ret,resp.used);
					  printf("Error parsing response!\n");
					  exit(-1);
				      } else {
					  lim = TRUE;
				      }
				  }
					
				  printf("\n");
				  if (lim) {
				      printf("State      : %d\n",dainfo_lim.state);
				      printf("Actions    : 0x%08x\n",dainfo_lim.actionAtThreshold.actions);
						
				      ctr = 0;
				      while (ctr < dainfo_lim.vendorData.size) {
					  printf("%02x ",(unsigned char)dainfo_lim.vendorData.buffer[ctr]);
					  ctr++;
				      }
				  } else {
				      printf("State              : %d\n",dainfo.state);
				      printf("currentCount       : %d\n",dainfo.currentCount);
				      printf("thresholdCount     : %d\n",dainfo.thresholdCount);
				      printf("Actions            : 0x%08x\n",dainfo.actionAtThreshold.actions);
				      printf("actionDependValue  : %d\n",dainfo.actionDependValue);
						
#if 0
				      ctr = 0;
				      while (ctr < dainfo_lim.vendorData.size) {
					  printf("%02x ",(unsigned char)dainfo_lim.vendorData.buffer[ctr]);
					  ctr++;
				      }
#endif
				  }
			      }
			      break;
			}
		    } else
			if (TYPE_VARIOUS == matrx[index].result_size) {
			    switch(cap) {
			
			      case TPM_CAP_MFR:
				switch (scap) {
				  case TPM_CAP_PROCESS_ID:
				      {
					  uint32_t rsp;
					  rsp = LOAD32(resp.buffer,0);
					  printf("%d\n",rsp);
				      }
				      break;
				}
				break; /* TPM_CAP_MFR */
			
			      default:
				/* Show booleans */
				if (scap == TPM_CAP_PROP_OWNER ||
				    scap == TPM_CAP_PROP_DAA_INTERRUPT
				    ) {
				    if (0 == resp.buffer[0]) {
					printf("FALSE\n");
				    } else {
					printf("TRUE\n");
				    }
				} else /* check for array of 4 UINTs */
				    if (scap == TPM_CAP_PROP_TIS_TIMEOUT /* ||
									    scap == TPM_CAP_PROP_TIMEOUTS      */) {
					int i = 0;
					while (i < 4) {
					    uint32_t val = LOAD32(resp.buffer,i * 4);
					    printf("%d ",
						   val);
					    i++;
					}
					printf("\n");
				    } else /* check for TPM_STARTUP_EFFECTS */
					if (scap == TPM_CAP_PROP_STARTUP_EFFECT) {
					    TPM_STARTUP_EFFECTS se = 0;
					    ret = TPM_ReadStartupEffects(resp.buffer, 
									 &se);
					    if ( ( ret & ERR_MASK ) != 0 ) {
						printf("Could not read startup effects structure.\n");
						exit(-1);
					    }
					    printf("0x%08X=%d\n",
						   (unsigned int)se,
						   (unsigned int)se);
					    printf("\n");
					    printf("Startup effects:\n");
					    printf("Effect on audit digest: %s\n", (se & (1 << 7)) 
						   ? "none"
						   : "active");
					    printf("Audit Digest on TPM_Startup(ST_CLEAR): %s\n", ( se & (1 << 6)) 
						   ? "set to NULL" 
						   : "not set to NULL" );
		
					    printf("Audit Digest on TPM_Startup(any)     : %s\n", ( se & (1 << 5))
						   ? "set to NULL"
						   : "not set to NULL" );
					    printf("TPM_RT_KEY resource initialized on TPM_Startup(ST_ANY)     : %s\n", (se & ( 1 << 4))
						   ? "yes"
						   : "no");
					    printf("TPM_RT_AUTH resource initialized on TPM_Startup(ST_STATE)  : %s\n", (se & ( 1 << 3))
						   ? "yes"
						   : "no");
					    printf("TPM_RT_HASH resource initialized on TPM_Startup(ST_STATE)  : %s\n", (se & ( 1 << 2))
						   ? "yes"
						   : "no");
					    printf("TPM_RT_TRANS resource initialized on TPM_Startup(ST_STATE) : %s\n", (se & ( 1 << 1))
						   ? "yes"
						   : "no");
					    printf("TPM_RT_CONTEXT session initialized on TPM_Startup(ST_STATE): %s\n", (se & ( 1 << 0))
						   ? "yes"
						   : "no");
					} else /* check for  array of 3 UINTs */
					    if (scap == TPM_CAP_PROP_DURATION) {
						int i = 0;
						while (i < 4*3) {
						    uint32_t val = LOAD32(resp.buffer,i);
						    printf("%d ",
							   val);
						    i+= 4;
						}
						printf("\n");
					    } else /* check for TPM_COUNT_ID */
						if (scap == TPM_CAP_PROP_ACTIVE_COUNTER) {
						    uint32_t val = LOAD32(resp.buffer,0);
						    printf("0x%08X=%d",val,val);
						    if (0xffffffff == val) {
							printf(" (no counter is active)");
						    }
						    printf("\n");
						} else { /* just a single UINT32 */
						    printf("%ld=0x%08lX.\n",
							   (long)LOAD32(resp.buffer, 0),
							   (long)LOAD32(resp.buffer, 0));
						}
			    }
			}
    }		
	
    printf("\n");
    exit(0);
}
Пример #24
0
uint32_t TPM_GetCapabilityOwner(unsigned char *ownpass,
				uint32_t * volflags, uint32_t * nvolflags)
{
    uint32_t ret;
    STACK_TPM_BUFFER(tpmdata)
	/* data to be inserted into Request Buffer (in Network Byte Order) */
	/* the uint32_t and uint16_t values are stored in network byte order so they
	 ** are in the correct format when being hashed by the HMAC calculation */
    uint32_t command;		/* command ordinal */
    unsigned char nonceodd[TPM_HASH_SIZE];	/* odd nonce */
    unsigned char authdata[TPM_HASH_SIZE];	/* auth data */
    session sess;

    /* check that parameters are valid */
    if (ownpass == NULL || volflags == NULL || nvolflags == NULL)
	return ERR_NULL_ARG;

    /* set up command and protocol values for TakeOwnership function */
    command = htonl(TPM_ORD_GetCapabilityOwner);
    /* generate the odd nonce */
    ret = TSS_gennonce(nonceodd);
    if (ret == 0)
	return ret;

    /* initiate the OSAP protocol */
    ret = TSS_SessionOpen(SESSION_OSAP, &sess, ownpass, TPM_OWNER_ETYPE,
			TPM_OWNER_EVALUE);
    if (ret)
	return ret;

    /* calculate the Authorization Data */
    ret = TSS_authhmac(authdata, TSS_Session_GetAuth(&sess), TPM_HASH_SIZE,
		     TSS_Session_GetENonce(&sess), nonceodd, 0,
		     TPM_U32_SIZE, &command, 0, 0);
    if (ret) {
	TSS_SessionClose(&sess);
	return ret;
    }
    /* insert all the calculated fields into the request buffer */
    ret = TSS_buildbuff("00 c2 T l L % 00 %", &tpmdata,
			command,
			TSS_Session_GetHandle(&sess),
			TPM_HASH_SIZE, nonceodd, TPM_HASH_SIZE, authdata);
    if (ret & ERR_MASK) {
	TSS_SessionClose(&sess);
	return ret;
    }

    /* transmit the request buffer to the TPM device and read the reply */
    ret = TPM_Transmit(&tpmdata, "GetCapabilityOwner");
    TSS_SessionClose(&sess);
    if (ret)
	return ret;

    ret = TSS_checkhmac1(&tpmdata, command, nonceodd,
		       TSS_Session_GetAuth(&sess), TPM_HASH_SIZE,
		       TPM_U32_SIZE, TPM_DATA_OFFSET, TPM_U32_SIZE,
		       TPM_DATA_OFFSET + TPM_U32_SIZE, TPM_U32_SIZE,
		       TPM_DATA_OFFSET + TPM_U32_SIZE + TPM_U32_SIZE, 0,
		       0);
    if (ret)
	return ret;

    ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET + 4, nvolflags);
    if (ret & ERR_MASK)
	return ret;

    ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET + 4 + TPM_U32_SIZE,
			  volflags);
    if (ret & ERR_MASK)
	return ret;

    return 0;
}
Пример #25
0
int main(int argc, char *argv[])
{
	unsigned char nonce[TPM_NONCE_SIZE];
	unsigned char digest[TPM_DIGEST_SIZE];
	unsigned char calcdigest[TPM_DIGEST_SIZE];
	uint32_t ret;
	struct keydata key;
	STACK_TPM_BUFFER(serKeyData)
	uint32_t serKeySize;
	char * pubKeyFile = NULL;
	uint32_t buffersize;
	char * buffer = NULL;
	int index = 1;

	if (argc >= 3 && 0 == strcmp(argv[index],"-v")) {
		TPM_setlog(1);
		index++;
	} else {
		TPM_setlog(0);
	}

	if (index >= argc) {
		usage();
		exit(-1);
	}

	pubKeyFile = argv[index];

	if (NULL == pubKeyFile) {
		usage();
		exit(-1);
	}

	TSS_gennonce(nonce);

	ret = TPM_ReadKeyfile(pubKeyFile, &key);

	if ( ( ret & ERR_MASK ) != 0 ) {
		printf("Error - could not read key file.\n");
		exit (-1);
	}

	ret = TPM_WriteKeyPub(&serKeyData, &key);
	if ( ( ret & ERR_MASK ) != 0 ) {
		exit (-1);
	}

	serKeySize = ret;

	ret = TPM_ReadManuMaintPub(nonce, digest);

	if ( 0 != ret ) {
		printf("Error %s from ReadManuMainPub.\n",
		       TPM_GetErrMsg(ret));
		exit(ret);
	}


	/*
	 * Now check the digest against the serialized public key
	 * and the hash.
	 */
	buffersize = serKeySize + sizeof(nonce);
	buffer = malloc(buffersize);
	if (NULL == buffer) {
		exit (-1);
	}
	
	memcpy(buffer, 
	       serKeyData.buffer, 
	       serKeySize);
	memcpy(&buffer[serKeySize],
	       nonce,
	       sizeof(nonce));

	TSS_sha1(buffer, buffersize, calcdigest);

	free(buffer);

	if (0 == memcmp(calcdigest, digest, sizeof(digest))) {
		printf("The same public key is in the TPM.\n");
		ret = 0;
	} else {
		printf("Another public key is in the TPM.\n");
		ret = -1;
	}
		
	exit(ret);
}
Пример #26
0
uint32_t TPM_GetCapabilitySigned(uint32_t keyhandle,
				 unsigned char *keypass,
				 unsigned char *antiReplay,
				 uint32_t caparea,
				 struct tpm_buffer * scap,
				 struct tpm_buffer * resp,
				 unsigned char *sig, uint32_t * siglen)
{
    uint32_t ret;
    uint32_t rlen;
    STACK_TPM_BUFFER(tpmdata)	/* request/response buffer */
    uint32_t ordinal_no = htonl(TPM_ORD_GetCapabilitySigned);
    uint32_t keyhandle_no = htonl(keyhandle);
    uint32_t caparea_no = htonl(caparea);
    unsigned char c = 0;
    unsigned char authdata[TPM_HASH_SIZE];
    uint32_t ssize;
    unsigned char *buffer = NULL;
    uint32_t subcaplen = 0;
    uint32_t subcaplen_no;

    /* check arguments */
    if (scap) {
	subcaplen = scap->used;
	buffer = scap->buffer;
    }
    subcaplen_no = htonl(subcaplen);

    ret = needKeysRoom(keyhandle, 0, 0, 0);
    if (ret)
	return ret;

    if (resp == NULL)
	return ERR_NULL_ARG;

    if (keypass) {
	unsigned char nonceodd[TPM_HASH_SIZE];
	session sess;

	ret = TSS_gennonce(nonceodd);
	if (ret == 0)
	    return ERR_CRYPT_ERR;

	ret = TSS_SessionOpen(SESSION_OSAP | SESSION_OIAP,
			      &sess, keypass, TPM_ET_KEYHANDLE, keyhandle);
	if (ret)
	    return ret;

	/* move Network byte order data to variable for hmac calculation */
	ret = TSS_authhmac(authdata, TSS_Session_GetAuth(&sess),
			 TPM_HASH_SIZE, TSS_Session_GetENonce(&sess),
			 nonceodd, c, TPM_U32_SIZE, &ordinal_no,
			 TPM_NONCE_SIZE, antiReplay, TPM_U32_SIZE,
			 &caparea_no, TPM_U32_SIZE, &subcaplen_no,
			 subcaplen, buffer, 0, 0);
	if (ret) {
	    TSS_SessionClose(&sess);
	    return ret;
	}

	ret = TSS_buildbuff("00 c2 T l l % l @ L % o %", &tpmdata,
			    ordinal_no,
			    keyhandle_no,
			    TPM_NONCE_SIZE, antiReplay,
			    caparea_no,
			    subcaplen, buffer,
			    TSS_Session_GetHandle(&sess),
			    TPM_NONCE_SIZE, nonceodd,
			    c, TPM_HASH_SIZE, authdata);
	if (ret & ERR_MASK) {
	    TSS_SessionClose(&sess);
	    return ret;
	}

	/* transmit the request buffer to the TPM device and read the reply */
	ret = TPM_Transmit(&tpmdata, "GetCapability - AUTH1");
	TSS_SessionClose(&sess);
	if (ret)
	    return ret;

	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET+TPM_U32_SIZE, &rlen);
	if (ret & ERR_MASK)
	    return ret;

	ret = tpm_buffer_load32(&tpmdata,
			      TPM_DATA_OFFSET + TPM_U32_SIZE +
			      TPM_U32_SIZE + rlen, &ssize);
	if (ret & ERR_MASK)
	    return ret;

	ret = TSS_checkhmac1(&tpmdata, ordinal_no, nonceodd,
			   TSS_Session_GetAuth(&sess), TPM_HASH_SIZE,
			   TPM_U32_SIZE + TPM_U32_SIZE + rlen +
			   TPM_U32_SIZE + ssize, TPM_DATA_OFFSET, 0, 0);
	if (ret)
	    return ret;
    } else {
	ret = TSS_buildbuff("00 c1 T l l % l @", &tpmdata,
			    ordinal_no,
			    keyhandle_no,
			    TPM_NONCE_SIZE, antiReplay,
			    caparea_no, subcaplen, buffer);
	if (ret & ERR_MASK)
	    return ret;

	/* transmit the request buffer to the TPM device and read the reply */
	ret = TPM_Transmit(&tpmdata, "GetCapability - NO AUTH");
	if (ret)
	    return ret;

	ret = tpm_buffer_load32(&tpmdata, TPM_DATA_OFFSET+TPM_U32_SIZE, &rlen);
	if (ret & ERR_MASK)
	    return ret;

	ret = tpm_buffer_load32(&tpmdata,
			      TPM_DATA_OFFSET + TPM_U32_SIZE +
			      TPM_U32_SIZE + rlen, &ssize);
	if (ret & ERR_MASK)
	    return ret;
    }
    if (resp)
	SET_TPM_BUFFER(resp,
		       &tpmdata.buffer[TPM_DATA_OFFSET + TPM_U32_SIZE +
				       TPM_U32_SIZE], rlen);

    if (sig) {
	*siglen = MIN(*siglen, ssize);
	memcpy(sig,
	       &tpmdata.buffer[TPM_DATA_OFFSET + TPM_U32_SIZE +
			       TPM_U32_SIZE + rlen + TPM_U32_SIZE],
	       *siglen);
    }

    return ret;
}
Пример #27
0
int main(int argc, char *argv[])
{
    int ret;
    char * filename = NULL;
    uint32_t keyhandle = -1;
    STACK_TPM_BUFFER(context);
    int i = 1;

    TPM_setlog(0);

    while (i < argc) {
        if (!strcmp("-of",argv[i])) {
            i++;
            if (i < argc) {
                filename = argv[i];
            } else {
                printf("Missing parameter for -of.\n");
                usage();
            }
        }
        else if (!strcmp("-hk",argv[i])) {
            i++;
            if (i < argc) {
                sscanf(argv[i],"%x",&keyhandle);
            }
            else {
                printf("Missing parameter for -hk.\n");
                usage();
            }
        }
        else if (!strcmp("-v",argv[i])) {
            TPM_setlog(1);
        }
        else if (!strcmp("-h",argv[i])) {
            usage();
        }
        else {
            printf("\n%s is not a valid option\n", argv[i]);
            usage();
        }
        i++;
    }
    if (NULL == filename || -1 == (int)keyhandle) {
        usage();
    }

    ret  = TPM_SaveKeyContext(keyhandle, &context);

    if (0 != ret) {
        printf("SaveKeyContext returned error '%s' (%d).\n",
               TPM_GetErrMsg(ret),
               ret);
    } else {
        FILE * f = fopen(filename, "wb");
        if (NULL != f) {
            fwrite(context.buffer,context.used,1,f);
            fclose(f);
        }
    }


    exit(ret);
}
Пример #28
0
int main(int argc, char *argv[])
{
	int ret;			/* general return value */
	uint32_t keyhandle = 0;		/* handle of quote key */
	unsigned int  pcrmask = 0;	/* pcr register mask */
	unsigned char passhash1[TPM_HASH_SIZE];	/* hash of key password */
	unsigned char data[TPM_HASH_SIZE];/* nonce data */
	
	STACK_TPM_BUFFER(signature);
	pubkeydata  pubkey;		/* public key structure */
	RSA *rsa;			/* openssl RSA public key */
	unsigned char *passptr;
	TPM_PCR_SELECTION selection;
	TPM_PCR_INFO_SHORT s1;
	TPM_QUOTE_INFO2 quoteinfo;
	STACK_TPM_BUFFER( serQuoteInfo )
	uint32_t pcrs;
	int i;
	uint16_t sigscheme = TPM_SS_RSASSAPKCS1v15_SHA1;
	TPM_BOOL addVersion = FALSE;
	STACK_TPM_BUFFER(versionblob);
	static char *keypass = NULL;

	
	TPM_setlog(0);    /* turn off verbose output from TPM driver */
	for (i=1 ; i<argc ; i++) {
	    if (strcmp(argv[i],"-hk") == 0) {
		i++;
		if (i < argc) {
		    /* convert key handle from hex */
		    if (1 != sscanf(argv[i], "%x", &keyhandle)) {
			printf("Invalid -hk argument '%s'\n",argv[i]);
			exit(2);
		    }
		}
		else {
		    printf("-hk option needs a value\n");
		    printUsage();
		}
	    }
	    else if (!strcmp(argv[i], "-pwdk")) {
		i++;
		if (i < argc) {
		    keypass = argv[i];
		}
		else {
		    printf("Missing parameter to -pwdk\n");
		    printUsage();
		}
	    }
	    else if (strcmp(argv[i],"-bm") == 0) {
		i++;
		if (i < argc) {
		    /* convert key handle from hex */
		    if (1 != sscanf(argv[i], "%x", &pcrmask)) {
			printf("Invalid -bm argument '%s'\n",argv[i]);
			exit(2);
		    }
		}
		else {
		    printf("-bm option needs a value\n");
		    printUsage();
		}
	    }
	    else if (!strcmp(argv[i], "-vinfo")) {
		addVersion = TRUE;
		printf("Adding version info.\n");
	    }
	    else if (!strcmp(argv[i], "-h")) {
		printUsage();
	    }
	    else if (!strcmp(argv[i], "-v")) {
		TPM_setlog(1);
	    }
	    else {
		printf("\n%s is not a valid option\n", argv[i]);
		printUsage();
	    }
	}
	if ((keyhandle == 0) ||
	    (pcrmask == 0)) {
	    printf("Missing argument\n");
	    printUsage();
	}
	memset(&s1, 0x0, sizeof(s1));	
	/*
	** Parse and process the command line arguments
	*/
	/* get the SHA1 hash of the password string for use as the Key Authorization Data */
	if (keypass != NULL) {
	    TSS_sha1((unsigned char *)keypass,strlen(keypass),passhash1);
		passptr = passhash1;
	} else {
		passptr = NULL;
	}
	/* for testing, use the password hash as the test nonce */
	memcpy(data,passhash1,TPM_HASH_SIZE);
	
	ret = TPM_GetNumPCRRegisters(&pcrs);
	if (ret != 0) {
		printf("Error reading number of PCR registers.\n");
		exit(-1);
	}
	if (pcrs > TPM_NUM_PCR) {
		printf("Library does not support that many PCRs.\n");
		exit(-1);
	}

	memset(&selection, 0x0, sizeof(selection));
	selection.sizeOfSelect = pcrs / 8;
	for (i = 0; i < selection.sizeOfSelect; i++) {
		selection.pcrSelect[i] = (pcrmask & 0xff);
		pcrmask >>= 8;
	}

	/*
	** perform the TPM Quote function
	*/
	ret = TPM_Quote2(keyhandle,	/* key handle */
	                 &selection,	/* specify PCR registers */
	                 addVersion,    /* add Version */
	                 passptr,	/* Key Password (hashed), or null */
	                 data,		/* nonce data */
	                 &s1,		/* pointer to pcr info */
	                 &versionblob,	/* pointer to TPM_CAP_VERSION_INFO */
	                 &signature);	/* buffer to receive result, int to receive result length */
	if (ret != 0) {
		printf("Error '%s' from TPM_Quote2\n",TPM_GetErrMsg(ret));
		exit(ret);
	}
	/*
	** Get the public key and convert to an OpenSSL RSA public key
	*/
	ret = TPM_GetPubKey(keyhandle,passptr,&pubkey);
	if (ret != 0) {
		printf("Error '%s' from TPM_GetPubKey\n",TPM_GetErrMsg(ret));
		exit(ret);
	}
	rsa = TSS_convpubkey(&pubkey);
	
	
	/*
	** fill the quote info structure and calculate the hashes needed for verification
	*/
	quoteinfo.tag = TPM_TAG_QUOTE_INFO2;
	memcpy(&(quoteinfo.fixed),"QUT2",4);
	quoteinfo.infoShort = s1;
	memcpy(&(quoteinfo.externalData),data,TPM_NONCE_SIZE);
	unsigned char *corey_ptr = (unsigned char *)&quoteinfo;
	unsigned int x;
	printf("quote info: \n");
	for (x=0;x<128;x++)
	{
	    if (x != 0 && x % 16 == 0)
		printf("\n");
	    printf("%02x ", corey_ptr[x]);
	}
	printf("\n");

	    
	/* create the hash of the quoteinfo structure for signature verification */
	ret = TPM_WriteQuoteInfo2(&serQuoteInfo, &quoteinfo);
	if ( ( ret & ERR_MASK ) != 0) {
		exit(-1);
	}
	printf("serquoteinfo: \n");

	for (x=0;x<128;x++)
	{
	    if (x != 0 && x % 16 == 0)
		printf("\n");
	    printf("%02x ", serQuoteInfo.buffer[x]);
	}
	printf("\n");

	/* append version information if given in response */
	if (addVersion) {
	    printf("addversion is called\n");
	    memcpy(serQuoteInfo.buffer + serQuoteInfo.used,
	           versionblob.buffer,
	           versionblob.used);
	    serQuoteInfo.used += versionblob.used;
	}
	
	ret = TPM_ValidateSignature(sigscheme,
	                            &serQuoteInfo,
	                            &signature,
	                            rsa);
	if (ret != 0) {
		printf("Verification failed\n");
	} else {
		printf("Verification succeeded\n");
	}
	RSA_free(rsa);
	exit(ret);
}
Пример #29
0
int main(int argc, char *argv[])
{
	int ret = 0;
	int verbose = FALSE;
	TPM_BOOL bool = TRUE;
	int mode = -1;
	STACK_TPM_BUFFER(buffer)
	uint32_t len;
	TPM_FAMILY_LABEL tfl = 0; /* = BYTE */
	char * ownerPass;
	unsigned char ownerhash[TPM_HASH_SIZE];
	unsigned char * ownerHashPtr = NULL;
	int i = 1;
	TPM_FAMILY_ID familyID = 0x0; /* = UINT32 */
	unsigned char retbuffer[256];
	uint32_t retbufferlen = sizeof(retbuffer);
	
	
	TPM_setlog(0);
	
	while (i < argc) {
		if (!strcmp("-id",argv[i])) {
			i++;
			if (i < argc) {
				if (1 != sscanf(argv[i],"%d", &familyID)) {
					printf("Error while getting option parameter\n");
					usage();
					exit(-1);
				}
			}
		} else
		if (!strcmp("-create",argv[i])) {
			i++;
			if (i < argc) {
				int x;
				mode = TPM_FAMILY_CREATE;
				if (1 != sscanf(argv[i],"%d", &x)) {
					printf("Error while getting option parameter\n");
					usage();
					exit(-1);
				}
				if (x > 255) {
					printf("Error: Label out of range!\n");
					usage();
					exit(-1);
				}
				tfl = (TPM_FAMILY_LABEL)x;
			} else {
				printf("Missing parameter for -create.\n");
				usage();
				exit(-1);
			}
		} else
		if (!strcmp("-invalidate",argv[i])) {
			mode = TPM_FAMILY_INVALIDATE;
		} else
		if (!strcmp("-enable",argv[i])) {
			i++;
			if (i < argc) {
				int x;
				mode = TPM_FAMILY_ENABLE;
				if (1 != sscanf(argv[i],"%d", &x)) {
					printf("Error while getting option parameter\n");
					usage();
					exit(-1);
				}
				if (x == 0) {
					bool = 0;
				} else
int main(int argc, char *argv[])
{
	uint32_t startOrdinal = -1;
	int ret;
	int verbose = FALSE;
	TPM_COUNTER_VALUE counter;
	int i = 1;
	char * keypass = NULL;
	unsigned char keyAuth[TPM_HASH_SIZE];
	unsigned char * keyAuthPtr = NULL;
	uint32_t keyhandle = -1;
	STACK_TPM_BUFFER(signature);
	unsigned char digest[TPM_DIGEST_SIZE];
	unsigned char ordinalDigest[TPM_DIGEST_SIZE];
	unsigned char antiReplay[TPM_NONCE_SIZE];
	
	TPM_setlog(0);
	TSS_gennonce(antiReplay);
	
	while (i < argc) {
		if (!strcmp("-s",argv[i])) {
			i++;
			if (i < argc) {
				sscanf(argv[i],"%d",&startOrdinal);
			} else {
				printf("Missing parameter for -s.\n");
				usage();
			}
		} else
		if (!strcmp("-h",argv[i])) {
			i++;
			if (i < argc) {
				sscanf(argv[i],"%x",&keyhandle);
			} else {
				printf("Missing parameter for -h.\n");
				usage();
			}
		} else
		if (!strcmp("-p",argv[i])) {
			i++;
			if (i < argc) {
				keypass = argv[i];
			} else {
				printf("Missing parameter for -p.\n");
				usage();
			}
		} else
		if (!strcmp("-v",argv[i])) {
			verbose = TRUE;
			TPM_setlog(1);
		} else {
		        printf("\n%s is not a valid option\n", argv[i]);
			usage();
		}
		i++;
	}
	(void)verbose;

	if (-1 == (int)startOrdinal ||
	    -1 == (int)keyhandle) {
		printf("Missing command line parameter.\n");
		usage();
	}

	if (NULL != keypass) {
		TSS_sha1(keypass,strlen(keypass),keyAuth);
		keyAuthPtr = keyAuth;
	}
	ret = TPM_GetAuditDigestSigned(keyhandle,
	                               FALSE,
	                               keyAuthPtr,
	                               antiReplay,
	                               &counter,
	                               digest,
	                               ordinalDigest,
	                               &signature);

	if (0 != ret) {
		printf("Error %s from GetAuditDigestSigned.\n",
		       TPM_GetErrMsg(ret));
	} else {
		TPM_SIGN_INFO tsi;
		STACK_TPM_BUFFER(tsi_ser);
		STACK_TPM_BUFFER(serial);
		STACK_TPM_BUFFER(ctr_ser);
		pubkeydata pubkey;
		RSA *rsa;

		i = 0;
		printf("AuditDigest   : ");
		while (i < (int)sizeof(digest)) {
			printf("%02X",digest[i]);
			i++;
		}
		printf("\n");
	
		i = 0;
		printf("OrdinalDigest : ");
		while (i < (int)sizeof(digest)) {
			printf("%02X",ordinalDigest[i]);
			i++;
		}
		printf("\n");

		ret = TPM_GetPubKey(keyhandle, keyAuthPtr, &pubkey);
		if (ret != 0) {
			printf("Could not get public key of signing key.\n");
			exit(-1);
		}
		rsa = TSS_convpubkey(&pubkey);
		if (!rsa) {
			printf("Could not convert public key.\n");
			exit(-1);
		}
		
		tsi.tag = TPM_TAG_SIGNINFO;
		memcpy(tsi.fixed, "ADIG", 4);
		memcpy(tsi.replay, antiReplay, sizeof(antiReplay));
		/* D4=ordinalDigest */
		TPM_WriteCounterValue(&ctr_ser, &counter);
		memcpy(&serial.buffer[0], digest, sizeof(digest));
		memcpy(&serial.buffer[sizeof(digest)],
		                          ctr_ser.buffer, ctr_ser.used);
		memcpy(&serial.buffer[sizeof(digest)+ctr_ser.used],
		                          ordinalDigest, sizeof(ordinalDigest));
		serial.used = sizeof(digest) + ctr_ser.used + sizeof(ordinalDigest);
		tsi.data.size = serial.used;
		tsi.data.buffer = serial.buffer; 
		ret = TPM_WriteSignInfo(&tsi_ser, &tsi);
		if ((ret & ERR_MASK)) {
			printf("Error serializing TPM_SIGN_INFO.\n");
			exit(-1);
		}
		ret = TPM_ValidateSignature(TPM_SS_RSASSAPKCS1v15_SHA1,
		                            &tsi_ser,
		                            &signature,
		                            rsa);
		if (ret != 0) {
			printf("Error validating signature.\n");
			exit(-1);
		}
		printf("Signature verification successful.\n");
	}
	exit(ret);
}