static int tss_err_pwd(TSS_RESULT err, int pwd_error)
{
_gnutls_debug_log("TPM (%s) error: %s (%x)\n",
Trspi_Error_Layer(err), Trspi_Error_String(err),
(unsigned int) Trspi_Error_Code(err));
switch (ERROR_LAYER(err)) {
case TSS_LAYER_TPM:
switch (ERROR_CODE(err)) {
case TPM_E_AUTHFAIL:
return pwd_error;
case TPM_E_NOSRK:
return GNUTLS_E_TPM_UNINITIALIZED;
default:
return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
}
case TSS_LAYER_TCS:
case TSS_LAYER_TSP:
switch (ERROR_CODE(err)) {
case TSS_E_COMM_FAILURE:
case TSS_E_NO_CONNECTION:
case TSS_E_CONNECTION_FAILED:
case TSS_E_CONNECTION_BROKEN:
return GNUTLS_E_TPM_SESSION_ERROR;
case TSS_E_PS_KEY_NOTFOUND:
return GNUTLS_E_TPM_KEY_NOT_FOUND;
default:
return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
}
default:
return gnutls_assert_val(GNUTLS_E_TPM_ERROR);
}
}
int
main_v1_2( char version )
{
char *function = "policy_check_lifetime02";
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HPOLICY hPolicy;
TSS_BOOL state;
TSS_RESULT result;
UINT32 remainingUsages;
print_begin_test( function );
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Retrieve TPM object of context
result = Tspi_Context_GetTpmObject( hContext, &hTPM );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_GetTpmObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Sets the policy Lifetime Counter
result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, COUNTER);
if (result != TSS_SUCCESS){
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_Close(hContext);
exit(result);
}
//Sets the secret and fires the counter
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//First two GetStatus calls: the Policy should not be expired yet
//Get status - first call (remainingUsages = COUNTER -1
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(1)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - second call (remainingUsages = COUNTER -2)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_DISABLEPUBEKREAD,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(2)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - third call (remainingUsages = COUNTER -3)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(3)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Ensure Secret usages reached 0
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages);
if ( result != TSS_SUCCESS || (remainingUsages)){
if (remainingUsages){
fprintf( stderr, "\tError: Secret usages did not reach zero: (%u)\n",
remainingUsages );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Get status - fourth call with secret expired (remainingUsages = COUNTER -3)
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE,
&state );
if ( Trspi_Error_Code(result) != TSS_E_INVALID_OBJ_ACCESS )
{
print_error( "Tspi_TPM_GetStatus(4)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Set secret again and reset policy lifetime counter
result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE,
TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME,
TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages);
if ( result != TSS_SUCCESS || (remainingUsages != COUNTER)){
if (remainingUsages != COUNTER){
fprintf( stderr, "\tError: Secret usages counter wasn't reset: (%u)\n",
remainingUsages );
print_error( function, result );
}else{
print_error( "Tspi_GetAttribUint32", result );
}
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL,
&state );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_TPM_GetStatus(5)", result );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
print_success( function, result);
print_end_test( function );
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
