static int tss_err_pwd(TSS_RESULT err, int pwd_error) { _gnutls_debug_log("TPM (%s) error: %s (%x)\n", Trspi_Error_Layer(err), Trspi_Error_String(err), (unsigned int) Trspi_Error_Code(err)); switch (ERROR_LAYER(err)) { case TSS_LAYER_TPM: switch (ERROR_CODE(err)) { case TPM_E_AUTHFAIL: return pwd_error; case TPM_E_NOSRK: return GNUTLS_E_TPM_UNINITIALIZED; default: return gnutls_assert_val(GNUTLS_E_TPM_ERROR); } case TSS_LAYER_TCS: case TSS_LAYER_TSP: switch (ERROR_CODE(err)) { case TSS_E_COMM_FAILURE: case TSS_E_NO_CONNECTION: case TSS_E_CONNECTION_FAILED: case TSS_E_CONNECTION_BROKEN: return GNUTLS_E_TPM_SESSION_ERROR; case TSS_E_PS_KEY_NOTFOUND: return GNUTLS_E_TPM_KEY_NOT_FOUND; default: return gnutls_assert_val(GNUTLS_E_TPM_ERROR); } default: return gnutls_assert_val(GNUTLS_E_TPM_ERROR); } }
int main_v1_2( char version ) { char *function = "policy_check_lifetime02"; TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; TSS_BOOL state; TSS_RESULT result; UINT32 remainingUsages; print_begin_test( function ); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Retrieve TPM object of context result = Tspi_Context_GetTpmObject( hContext, &hTPM ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_GetTpmObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetPolicyObject( hTPM, TSS_POLICY_USAGE, &hPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Sets the policy Lifetime Counter result = Tspi_SetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, COUNTER); if (result != TSS_SUCCESS){ print_error("Tspi_SetAttribUint32", result); Tspi_Context_Close(hContext); exit(result); } //Sets the secret and fires the counter result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //First two GetStatus calls: the Policy should not be expired yet //Get status - first call (remainingUsages = COUNTER -1 result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(1)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - second call (remainingUsages = COUNTER -2) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_DISABLEPUBEKREAD, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(2)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - third call (remainingUsages = COUNTER -3) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(3)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Ensure Secret usages reached 0 result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages); if ( result != TSS_SUCCESS || (remainingUsages)){ if (remainingUsages){ fprintf( stderr, "\tError: Secret usages did not reach zero: (%u)\n", remainingUsages ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Get status - fourth call with secret expired (remainingUsages = COUNTER -3) result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_OWNERSETDISABLE, &state ); if ( Trspi_Error_Code(result) != TSS_E_INVALID_OBJ_ACCESS ) { print_error( "Tspi_TPM_GetStatus(4)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Set secret again and reset policy lifetime counter result = Tspi_Policy_SetSecret( hPolicy, TESTSUITE_OWNER_SECRET_MODE, TESTSUITE_OWNER_SECRET_LEN, TESTSUITE_OWNER_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_GetAttribUint32(hPolicy, TSS_TSPATTRIB_POLICY_SECRET_LIFETIME, TSS_TSPATTRIB_POLSECRET_LIFETIME_COUNTER, &remainingUsages); if ( result != TSS_SUCCESS || (remainingUsages != COUNTER)){ if (remainingUsages != COUNTER){ fprintf( stderr, "\tError: Secret usages counter wasn't reset: (%u)\n", remainingUsages ); print_error( function, result ); }else{ print_error( "Tspi_GetAttribUint32", result ); } Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_TPM_GetStatus( hTPM, TSS_TPMSTATUS_SETOWNERINSTALL, &state ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_TPM_GetStatus(5)", result ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } print_success( function, result); print_end_test( function ); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); }