int main(int argc, char *argv[])
{
int ret;
struct stat sbuf;
uint32_t parhandle; /* handle of parent key */
unsigned char blob[4096]; /* resulting sealed blob */
unsigned int bloblen; /* blob length */
unsigned char passptr1[20] = {0};
int fd, outlen;
char totp[7];
parhandle = 0x40000000;
fd = open(argv[1], O_RDONLY);
if (fd < 0) {
perror("Unable to open file");
return -1;
}
ret = fstat(fd, &sbuf);
if (ret) {
perror("Unable to stat file");
return -1;
}
bloblen = sbuf.st_size;
ret = read(fd, blob, bloblen);
if (ret != bloblen) {
fprintf(stderr, "Unable to read data\n");
return -1;
}
ret = TPM_Unseal(parhandle, /* KEY Entity Value */
passptr1, /* Key Password */
NULL,
blob, bloblen,
key, &outlen);
if (ret == 24) {
fprintf(stderr, "TPM refused to decrypt key - boot process attests that it is modified\n");
return -1;
}
if (ret != 0) {
printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret));
exit(6);
}
if (outlen != keylen) {
fprintf(stderr, "Returned buffer is incorrect length\n");
return -1;
}
ret = oath_totp_generate(key, keylen, time(NULL), 30, 0, 6, totp);
if (ret != 0) {
fprintf(stderr, "Error generating totp value\n");
return -1;
}
printf("%s\n", totp);
}
int main(int argc, char *argv[])
{
int ret;
struct stat sbuf;
uint32_t parhandle; /* handle of parent key */
unsigned char blob[4096]; /* resulting sealed blob */
unsigned int bloblen = 322; /* blob length */
unsigned char passptr1[20] = {0};
int fd, outlen, i;
char totp[7];
parhandle = 0x40000000;
ret = TPM_NV_ReadValue(0x00004d47, 0, 322, blob, &bloblen, NULL);
if (ret) {
for (i=1; i<argc; i++) {
fd = open(argv[1], O_RDONLY);
if (fd < 0) {
argv++;
}
}
if (fd < 0) {
perror("Unable to open file");
return -1;
}
ret = fstat(fd, &sbuf);
if (ret) {
perror("Unable to stat file");
return -1;
}
bloblen = sbuf.st_size;
ret = read(fd, blob, bloblen);
if (ret != bloblen) {
fprintf(stderr, "Unable to read data\n");
return -1;
}
if (strncmp(argv[1], efivarfs, strlen(efivarfs)) == 0) {
bloblen -= sizeof(int);
memmove (blob, blob + sizeof(int), bloblen);
}
}
ret = TPM_Unseal(parhandle, /* KEY Entity Value */
passptr1, /* Key Password */
NULL,
blob, bloblen,
key, &outlen);
if (ret == 24) {
fprintf(stderr, "TPM refused to decrypt key - boot process attests that it is modified\n");
return -1;
}
if (ret != 0) {
printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret));
exit(6);
}
if (outlen != keylen) {
fprintf(stderr, "Returned buffer is incorrect length\n");
return -1;
}
if (0)
{
printf("Decrypted secret:");
for(int i = 0 ; i < outlen ; i++)
printf(" %02x", key[i]);
printf("\n");
}
uint32_t token = oauth_calc(time(NULL), key, keylen); //, time(NULL), 30, 0, 6, totp);
printf("%06d\n", token);
}
int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src)
{
uint32_t rc;
TPM_STORED_DATA12 in;
TPM_AUTH_SESSION oiap = TPM_AUTH_SESSION_INIT;
TPM_AUTHDATA auth;
uint32_t outSize = 0;
uint8_t *out = NULL;
printk("Calling TPM_disk_unseal\n");
rc = TPM_OIAP(&oiap);
if (rc) abort();
memset(auth, 0, 20);
in.tag = TPM_TAG_STORED_DATA12;
in.et = 0;
//in.sealInfoLongSize = sizeof_TPM_PCR_INFO_LONG(&in.sealInfoLong);
in.sealInfoLongSize = 2 + 1 + 1 + 2 + 3 + 2 + 3 + 20 + 20;
in.sealInfoLong.tag = TPM_TAG_PCR_INFO_LONG;
in.sealInfoLong.localityAtCreation = 1 << vtpm_globals.hw_locality;
in.sealInfoLong.localityAtRelease = 1 << vtpm_globals.hw_locality;
in.sealInfoLong.creationPCRSelection.sizeOfSelect = 3;
in.sealInfoLong.creationPCRSelection.pcrSelect = (void*)&src->pcr_selection;
in.sealInfoLong.releasePCRSelection.sizeOfSelect = 3;
in.sealInfoLong.releasePCRSelection.pcrSelect = (void*)&src->pcr_selection;
memcpy(&in.sealInfoLong.digestAtCreation, &src->digest_at_seal, 20);
memcpy(&in.sealInfoLong.digestAtRelease, &src->digest_release, 20);
in.encDataSize = 256;
in.encData = (void*)src->sealed_data;
#ifdef DEBUG_SEAL_OPS
uint8_t buf[512];
uint8_t *start = buf;
uint8_t *end = pack_TPM_STORED_DATA12(buf, &in);
printk("stored_data:");
while (start != end) {
printk(" %02x", *start);
start++;
}
printk("\n");
#endif
rc = TPM_Unseal(TPM_SRK_KEYHANDLE, &in, &outSize, &out,
(void*)&vtpm_globals.srk_auth, (void*)&auth, &vtpm_globals.oiap, &oiap);
TPM_TerminateHandle(oiap.AuthHandle);
#ifdef DEBUG_SEAL_OPS
printk("TPM_Unseal rc=%d outSize=%d size=%d\n", rc, outSize, size);
#endif
if (!rc) {
memcpy(dst, out, size);
#ifdef DEBUG_SEAL_OPS
printk("unsealed:");
int i;
for(i=0; i < size; i++)
printk(" %02x", ((uint8_t*)dst)[i]);
printk("\n");
#endif
}
free(out);
return rc;
}
int main(int argc, char *argv[])
{
int ret;
struct stat sbuf;
uint32_t parhandle; /* handle of parent key */
unsigned char blob[4096]; /* resulting sealed blob */
unsigned int bloblen = 322; /* blob length */
unsigned char passptr1[20] = {0};
int fd, outlen, i;
time_t t, delay;
parhandle = 0x40000000;
ret = TPM_NV_ReadValue(0x10004d47, 0, 322, blob, &bloblen, NULL);
if (ret != 0) {
for (i=1; i<argc; i++) {
fd = open(argv[1], O_RDONLY);
if (fd < 0) {
argv++;
}
}
if (fd < 0) {
perror("Unable to open file");
return -1;
}
ret = fstat(fd, &sbuf);
if (ret) {
perror("Unable to stat file");
return -1;
}
bloblen = sbuf.st_size;
ret = read(fd, blob, bloblen);
if (ret != bloblen) {
fprintf(stderr, "Unable to read data\n");
return -1;
}
if (strncmp(argv[1], efivarfs, strlen(efivarfs)) == 0) {
bloblen -= sizeof(int);
memmove (blob, blob + sizeof(int), bloblen);
}
}
ret = TPM_Unseal(parhandle, /* KEY Entity Value */
passptr1, /* Key Password */
NULL,
blob, bloblen,
key, &outlen);
if (ret == 24) {
fprintf(stderr, "TPM refused to decrypt key - boot process attests that it is modified\n");
return -1;
}
if (ret != 0) {
printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret));
exit(6);
}
if (outlen != keylen) {
fprintf(stderr, "Returned buffer is incorrect length\n");
return -1;
}
ply_client = ply_boot_client_new();
ply_loop = ply_event_loop_new();
if (!ply_boot_client_connect (ply_client, (ply_boot_client_disconnect_handler_t) on_disconnect, NULL)) {
fprintf(stderr, "Plymouth not running\n");
return -1;
}
ply_boot_client_attach_to_event_loop(ply_client, ply_loop);
display_totp();
t = time(NULL);
delay = 30 - (t % 30);
ply_event_loop_watch_for_timeout(ply_loop, delay, on_timeout, NULL);
ply_event_loop_run(ply_loop);
return 0;
}
int main(int argc, char *argv[])
{
int ret;
struct stat sbuf;
unsigned char databuff[256]; /* data buffer */
unsigned int datalen; /* size of data */
uint32_t parhandle; /* handle of parent key */
unsigned char passhash1[20]; /* hash of parent key password */
unsigned char passhash2[20]; /* hash of data password */
unsigned char blob[4096]; /* sealed blob */
unsigned int bloblen; /* blob length */
unsigned char *passptr1;
unsigned char *passptr2;
FILE *infile;
FILE *outfile;
int nxtarg;
nxtarg = ParseArgs(argc, argv);
if (argc < (nxtarg + 3))
usage();
TPM_setlog(0); /* turn off verbose output */
/*
** convert parent key handle from hex
*/
ret = sscanf(argv[nxtarg + 0], "%x", &parhandle);
if (ret != 1) {
fprintf(stderr, "Invalid argument '%s'\n",
argv[nxtarg + 0]);
exit(2);
}
/*
** use SHA1 hash of password string as Key Authorization Data
*/
if (keypass != NULL) {
TSS_sha1(keypass, strlen(keypass), passhash1);
passptr1 = passhash1;
} else
passptr1 = NULL;
/*
** use SHA1 hash of password string as Blob Authorization Data
*/
if (datpass != NULL) {
TSS_sha1(datpass, strlen(datpass), passhash2);
passptr2 = passhash2;
} else
passptr2 = NULL;
/*
** get size of blob file
*/
stat(argv[nxtarg + 1], &sbuf);
bloblen = (int) sbuf.st_size;
/*
** read the blob file
*/
infile = fopen(argv[nxtarg + 1], "r");
if (infile == NULL) {
fprintf(stderr, "Unable to open input file '%s'\n",
argv[nxtarg + 1]);
exit(4);
}
ret = fread(blob, 1, bloblen, infile);
if (ret != bloblen) {
fprintf(stderr,
"I/O Error while reading input file '%s'\n",
argv[nxtarg + 1]);
exit(5);
}
ret = TPM_Unseal(parhandle, /* KEY Entity Value */
passptr1, /* Key Password */
passptr2, /* blob password */
blob, bloblen, /* encrypted blob, blob length */
databuff, &datalen);
if (ret != 0) {
printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret));
exit(6);
}
outfile = fopen(argv[nxtarg + 2], "w");
if (outfile == NULL) {
fprintf(stderr, "Unable to open output file '%s'\n",
argv[nxtarg + 2]);
exit(7);
}
ret = fwrite(databuff, 1, datalen, outfile);
if (ret != datalen) {
fprintf(stderr,
"I/O Error while writing output file '%s'\n",
argv[nxtarg + 2]);
exit(8);
}
fclose(outfile);
exit(0);
}
