int main(int argc, char *argv[]) { int ret; struct stat sbuf; uint32_t parhandle; /* handle of parent key */ unsigned char blob[4096]; /* resulting sealed blob */ unsigned int bloblen; /* blob length */ unsigned char passptr1[20] = {0}; int fd, outlen; char totp[7]; parhandle = 0x40000000; fd = open(argv[1], O_RDONLY); if (fd < 0) { perror("Unable to open file"); return -1; } ret = fstat(fd, &sbuf); if (ret) { perror("Unable to stat file"); return -1; } bloblen = sbuf.st_size; ret = read(fd, blob, bloblen); if (ret != bloblen) { fprintf(stderr, "Unable to read data\n"); return -1; } ret = TPM_Unseal(parhandle, /* KEY Entity Value */ passptr1, /* Key Password */ NULL, blob, bloblen, key, &outlen); if (ret == 24) { fprintf(stderr, "TPM refused to decrypt key - boot process attests that it is modified\n"); return -1; } if (ret != 0) { printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret)); exit(6); } if (outlen != keylen) { fprintf(stderr, "Returned buffer is incorrect length\n"); return -1; } ret = oath_totp_generate(key, keylen, time(NULL), 30, 0, 6, totp); if (ret != 0) { fprintf(stderr, "Error generating totp value\n"); return -1; } printf("%s\n", totp); }
int main(int argc, char *argv[]) { int ret; struct stat sbuf; uint32_t parhandle; /* handle of parent key */ unsigned char blob[4096]; /* resulting sealed blob */ unsigned int bloblen = 322; /* blob length */ unsigned char passptr1[20] = {0}; int fd, outlen, i; char totp[7]; parhandle = 0x40000000; ret = TPM_NV_ReadValue(0x00004d47, 0, 322, blob, &bloblen, NULL); if (ret) { for (i=1; i<argc; i++) { fd = open(argv[1], O_RDONLY); if (fd < 0) { argv++; } } if (fd < 0) { perror("Unable to open file"); return -1; } ret = fstat(fd, &sbuf); if (ret) { perror("Unable to stat file"); return -1; } bloblen = sbuf.st_size; ret = read(fd, blob, bloblen); if (ret != bloblen) { fprintf(stderr, "Unable to read data\n"); return -1; } if (strncmp(argv[1], efivarfs, strlen(efivarfs)) == 0) { bloblen -= sizeof(int); memmove (blob, blob + sizeof(int), bloblen); } } ret = TPM_Unseal(parhandle, /* KEY Entity Value */ passptr1, /* Key Password */ NULL, blob, bloblen, key, &outlen); if (ret == 24) { fprintf(stderr, "TPM refused to decrypt key - boot process attests that it is modified\n"); return -1; } if (ret != 0) { printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret)); exit(6); } if (outlen != keylen) { fprintf(stderr, "Returned buffer is incorrect length\n"); return -1; } if (0) { printf("Decrypted secret:"); for(int i = 0 ; i < outlen ; i++) printf(" %02x", key[i]); printf("\n"); } uint32_t token = oauth_calc(time(NULL), key, keylen); //, time(NULL), 30, 0, 6, totp); printf("%06d\n", token); }
int TPM_disk_unseal(void *dst, size_t size, const struct disk_seal_entry *src) { uint32_t rc; TPM_STORED_DATA12 in; TPM_AUTH_SESSION oiap = TPM_AUTH_SESSION_INIT; TPM_AUTHDATA auth; uint32_t outSize = 0; uint8_t *out = NULL; printk("Calling TPM_disk_unseal\n"); rc = TPM_OIAP(&oiap); if (rc) abort(); memset(auth, 0, 20); in.tag = TPM_TAG_STORED_DATA12; in.et = 0; //in.sealInfoLongSize = sizeof_TPM_PCR_INFO_LONG(&in.sealInfoLong); in.sealInfoLongSize = 2 + 1 + 1 + 2 + 3 + 2 + 3 + 20 + 20; in.sealInfoLong.tag = TPM_TAG_PCR_INFO_LONG; in.sealInfoLong.localityAtCreation = 1 << vtpm_globals.hw_locality; in.sealInfoLong.localityAtRelease = 1 << vtpm_globals.hw_locality; in.sealInfoLong.creationPCRSelection.sizeOfSelect = 3; in.sealInfoLong.creationPCRSelection.pcrSelect = (void*)&src->pcr_selection; in.sealInfoLong.releasePCRSelection.sizeOfSelect = 3; in.sealInfoLong.releasePCRSelection.pcrSelect = (void*)&src->pcr_selection; memcpy(&in.sealInfoLong.digestAtCreation, &src->digest_at_seal, 20); memcpy(&in.sealInfoLong.digestAtRelease, &src->digest_release, 20); in.encDataSize = 256; in.encData = (void*)src->sealed_data; #ifdef DEBUG_SEAL_OPS uint8_t buf[512]; uint8_t *start = buf; uint8_t *end = pack_TPM_STORED_DATA12(buf, &in); printk("stored_data:"); while (start != end) { printk(" %02x", *start); start++; } printk("\n"); #endif rc = TPM_Unseal(TPM_SRK_KEYHANDLE, &in, &outSize, &out, (void*)&vtpm_globals.srk_auth, (void*)&auth, &vtpm_globals.oiap, &oiap); TPM_TerminateHandle(oiap.AuthHandle); #ifdef DEBUG_SEAL_OPS printk("TPM_Unseal rc=%d outSize=%d size=%d\n", rc, outSize, size); #endif if (!rc) { memcpy(dst, out, size); #ifdef DEBUG_SEAL_OPS printk("unsealed:"); int i; for(i=0; i < size; i++) printk(" %02x", ((uint8_t*)dst)[i]); printk("\n"); #endif } free(out); return rc; }
int main(int argc, char *argv[]) { int ret; struct stat sbuf; uint32_t parhandle; /* handle of parent key */ unsigned char blob[4096]; /* resulting sealed blob */ unsigned int bloblen = 322; /* blob length */ unsigned char passptr1[20] = {0}; int fd, outlen, i; time_t t, delay; parhandle = 0x40000000; ret = TPM_NV_ReadValue(0x10004d47, 0, 322, blob, &bloblen, NULL); if (ret != 0) { for (i=1; i<argc; i++) { fd = open(argv[1], O_RDONLY); if (fd < 0) { argv++; } } if (fd < 0) { perror("Unable to open file"); return -1; } ret = fstat(fd, &sbuf); if (ret) { perror("Unable to stat file"); return -1; } bloblen = sbuf.st_size; ret = read(fd, blob, bloblen); if (ret != bloblen) { fprintf(stderr, "Unable to read data\n"); return -1; } if (strncmp(argv[1], efivarfs, strlen(efivarfs)) == 0) { bloblen -= sizeof(int); memmove (blob, blob + sizeof(int), bloblen); } } ret = TPM_Unseal(parhandle, /* KEY Entity Value */ passptr1, /* Key Password */ NULL, blob, bloblen, key, &outlen); if (ret == 24) { fprintf(stderr, "TPM refused to decrypt key - boot process attests that it is modified\n"); return -1; } if (ret != 0) { printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret)); exit(6); } if (outlen != keylen) { fprintf(stderr, "Returned buffer is incorrect length\n"); return -1; } ply_client = ply_boot_client_new(); ply_loop = ply_event_loop_new(); if (!ply_boot_client_connect (ply_client, (ply_boot_client_disconnect_handler_t) on_disconnect, NULL)) { fprintf(stderr, "Plymouth not running\n"); return -1; } ply_boot_client_attach_to_event_loop(ply_client, ply_loop); display_totp(); t = time(NULL); delay = 30 - (t % 30); ply_event_loop_watch_for_timeout(ply_loop, delay, on_timeout, NULL); ply_event_loop_run(ply_loop); return 0; }
int main(int argc, char *argv[]) { int ret; struct stat sbuf; unsigned char databuff[256]; /* data buffer */ unsigned int datalen; /* size of data */ uint32_t parhandle; /* handle of parent key */ unsigned char passhash1[20]; /* hash of parent key password */ unsigned char passhash2[20]; /* hash of data password */ unsigned char blob[4096]; /* sealed blob */ unsigned int bloblen; /* blob length */ unsigned char *passptr1; unsigned char *passptr2; FILE *infile; FILE *outfile; int nxtarg; nxtarg = ParseArgs(argc, argv); if (argc < (nxtarg + 3)) usage(); TPM_setlog(0); /* turn off verbose output */ /* ** convert parent key handle from hex */ ret = sscanf(argv[nxtarg + 0], "%x", &parhandle); if (ret != 1) { fprintf(stderr, "Invalid argument '%s'\n", argv[nxtarg + 0]); exit(2); } /* ** use SHA1 hash of password string as Key Authorization Data */ if (keypass != NULL) { TSS_sha1(keypass, strlen(keypass), passhash1); passptr1 = passhash1; } else passptr1 = NULL; /* ** use SHA1 hash of password string as Blob Authorization Data */ if (datpass != NULL) { TSS_sha1(datpass, strlen(datpass), passhash2); passptr2 = passhash2; } else passptr2 = NULL; /* ** get size of blob file */ stat(argv[nxtarg + 1], &sbuf); bloblen = (int) sbuf.st_size; /* ** read the blob file */ infile = fopen(argv[nxtarg + 1], "r"); if (infile == NULL) { fprintf(stderr, "Unable to open input file '%s'\n", argv[nxtarg + 1]); exit(4); } ret = fread(blob, 1, bloblen, infile); if (ret != bloblen) { fprintf(stderr, "I/O Error while reading input file '%s'\n", argv[nxtarg + 1]); exit(5); } ret = TPM_Unseal(parhandle, /* KEY Entity Value */ passptr1, /* Key Password */ passptr2, /* blob password */ blob, bloblen, /* encrypted blob, blob length */ databuff, &datalen); if (ret != 0) { printf("Error %s from TPM_Unseal\n", TPM_GetErrMsg(ret)); exit(6); } outfile = fopen(argv[nxtarg + 2], "w"); if (outfile == NULL) { fprintf(stderr, "Unable to open output file '%s'\n", argv[nxtarg + 2]); exit(7); } ret = fwrite(databuff, 1, datalen, outfile); if (ret != datalen) { fprintf(stderr, "I/O Error while writing output file '%s'\n", argv[nxtarg + 2]); exit(8); } fclose(outfile); exit(0); }