int TSPI_SealCurrPCR(TSS_HCONTEXT c, uint32_t keyhandle, uint32_t pcrmap, unsigned char *keyauth, unsigned char *dataauth, unsigned char *data, unsigned int datalen, unsigned char *blob, unsigned int *bloblen) { #define CHECK_ERROR(r,m) if (r != TSS_SUCCESS) { fprintf(stderr, m ": 0x%08x\n", r); return -1;} TSS_RESULT r = 0; TSS_HTPM tpm; TSS_HPCRS pcrComposite; TSS_UUID uuid; TSS_UUID srk_uuid = TSS_UUID_SRK; TSS_HKEY key; TSS_HENCDATA seal; TSS_HPOLICY key_policy, seal_policy; unsigned char *cipher; unsigned int cipher_len; /* Get the PCR values into composite object */ r = Tspi_Context_GetTpmObject(c, &tpm); CHECK_ERROR(r, "Error Getting TPM"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &pcrComposite); CHECK_ERROR(r, "Error Creating PCR-Composite"); r = Tspi_PcrComposite_SetPcrLocality(pcrComposite, TPM_LOC_ZERO | TPM_LOC_ONE | TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR); CHECK_ERROR(r, "Error Setting Localities"); for (uint32_t pcrmask = 1, pcr = 0; pcr < NUM_PCRS; pcr++, pcrmask <<= 1) { if ((pcrmap & pcrmask) != 0) { uint32_t pcrval_size; uint8_t *pcrval; if (pcrvals[pcr] == NULL) { r = Tspi_TPM_PcrRead(tpm, pcr, &pcrval_size, &pcrval); CHECK_ERROR(r, "Error Reading PCR"); r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, pcrval_size, pcrval); CHECK_ERROR(r, "Error Setting Composite"); r = Tspi_Context_FreeMemory(c, pcrval); CHECK_ERROR(r, "Error Freeing Memory"); } else { pcrval = pcrvals[pcr]; r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, LEN, pcrval); CHECK_ERROR(r, "Error Setting Composite"); } } } /* Get the SRK and Policy Ready */ if (keyhandle = 0x40000000) { uuid = srk_uuid; } else { fprintf(stderr, "Error, only SRK currently supported\n"); r = 1; return -1; } r = Tspi_Context_LoadKeyByUUID(c, TSS_PS_TYPE_SYSTEM, uuid, &key); CHECK_ERROR(r, "Error Loading Key"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &key_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(key_policy, TSS_SECRET_MODE_SHA1, keylen, keyauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(key_policy, key); CHECK_ERROR(r, "Error Assigning Policy"); /* Get the Encdata Ready */ r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &seal); CHECK_ERROR(r, "Error Creating EncData"); r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &seal_policy); CHECK_ERROR(r, "Error Creating Policy"); r = Tspi_Policy_SetSecret(seal_policy, TSS_SECRET_MODE_SHA1, keylen, dataauth); CHECK_ERROR(r, "Error Setting Secret"); r = Tspi_Policy_AssignToObject(seal_policy, seal); CHECK_ERROR(r, "Error Assigning Policy"); /* Seal the Data */ r = Tspi_Data_Seal(seal, key, datalen, data, pcrComposite); CHECK_ERROR(r, "Error Sealing Data"); r = Tspi_GetAttribData(seal, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &cipher_len, &cipher); CHECK_ERROR(r, "Error Getting Sealed Data"); /* Return that stuff */ if (cipher_len > bloblen) { sprintf(stderr, "Internal Error, cipher too long"); r = 1; return -1; } memcpy(blob, cipher, cipher_len); *bloblen = cipher_len; /* Note: Do not even bother to return cipher directly. Would be freed during Context_Close anyways */ Tspi_Context_FreeMemory(c, cipher); return (r == 0)? 0 : -1; }
int main_v1_2( char version ) { char *function = "Tspi_GetAttribData21"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HPOLICY hSrkPolicy; BYTE *rgbDataToSeal = "This is a test"; BYTE rgbPcrValue[20]; TSS_HPCRS hPcrComposite; UINT32 AttribDataSize; BYTE* AttribData; UINT32 ulDataLength = strlen(rgbDataToSeal); TSS_RESULT result,resultFree; TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 | TSS_KEY_TYPE_STORAGE | TSS_KEY_NO_AUTHORIZATION; TSS_FLAG pcrsInitFlags = 0; print_begin_test( function ); if (version == TESTSUITE_TEST_TSS_1_2) { keyInitFlags |= TSS_KEY_STRUCT_KEY12; pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG; } memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue)); // Create Context result = Tspi_Context_Create( &hContext ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Create", result ); print_end_test(function); exit( result ); } // Connect to Context result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_Connect", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hKey)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } //Load Key by UUID result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #ifndef TESTSUITE_NOAUTH_SRK result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetPolicyObject", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Policy_SetSecret", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } #endif result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags, &hPcrComposite ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Context_CreateObject (hPcrComposite)", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrValue", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO ); if ( result != TSS_SUCCESS ) { print_error( "Tspi_PcrComposite_SetPcrLocality", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite); if ( result != TSS_SUCCESS ) { print_error( "Tspi_Key_CreateKey", result ); print_end_test(function); Tspi_Context_FreeMemory( hContext, NULL ); Tspi_Context_Close( hContext ); exit( result ); } // Checking flag and subflags //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -", result ); } //Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION result = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_PCR_LONG, TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION, &AttribDataSize, &AttribData); if ( result != TSS_SUCCESS ) { print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION", result ); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else { resultFree = Tspi_Context_FreeMemory(hContext, AttribData); if ( resultFree != TSS_SUCCESS ) { print_error( "Tspi_Context_FreeMemory", resultFree ); print_end_test(function); exit(resultFree); } print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -", result ); } print_end_test(function); Tspi_Context_Close(hContext); exit( 0 ); }
int main_v1_2(char version) { char *function = "Tspi_Data_Unseal01"; TSS_HCONTEXT hContext; TSS_HKEY hSRK, hKey; TSS_HTPM hTPM; TSS_HPOLICY hKeyPolicy, hEncUsagePolicy, hSRKPolicy; BYTE rgbDataToSeal[DATA_SIZE]; BYTE *rgbPcrValue; UINT32 ulPcrLen; TSS_HENCDATA hEncData; BYTE *prgbDataToUnseal; TSS_HPCRS hPcrComposite; UINT32 BlobLength; UINT32 ulDataLength = DATA_SIZE, ulNewDataLength; TSS_UUID uuid; TSS_RESULT result; TSS_FLAG initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE; print_begin_test(function); memset(rgbDataToSeal, 0x5d, DATA_SIZE); // Create Context result = Tspi_Context_Create(&hContext); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Create", result); exit(result); } // Connect to Context result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER)); if (result != TSS_SUCCESS) { print_error("Tspi_Context_Connect", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create hKey result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, &hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hEncData); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hEncData)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // get the use policy for the encrypted data to set its secret result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hEncUsagePolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hEncUsagePolicy, TESTSUITE_ENCDATA_SECRET_MODE, TESTSUITE_ENCDATA_SECRET_LEN, TESTSUITE_ENCDATA_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hEncUsagePolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Assign the use policy to the object result = Tspi_Policy_AssignToObject(hEncUsagePolicy, hEncData); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } //Load Key By UUID result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #ifndef TESTSUITE_NOAUTH_SRK // set the SRK auth data result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_GetPolicyObject (hSRK)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hSRKPolicy, TESTSUITE_SRK_SECRET_MODE, TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hSRKPolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #endif // set the new key's authdata result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hKeyPolicy); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Policy_SetSecret(hKeyPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN, TESTSUITE_KEY_SECRET); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_SetSecret (hKeyPolicy)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Assign the use policy to the object result = Tspi_Policy_AssignToObject(hKeyPolicy, hKey); if (result != TSS_SUCCESS) { print_error("Tspi_Policy_AssignToObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // create the key result = Tspi_Key_CreateKey(hKey, hSRK, 0); if (result != TSS_SUCCESS) { print_error("Tspi_Key_CreateKey (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Key_LoadKey(hKey, hSRK); if (result != TSS_SUCCESS) { print_error("Tspi_Key_LoadKey (hKey)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite); if (result != TSS_SUCCESS) { print_error("Tspi_Context_CreateObject (hPcrComposite)", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_GetTpmObject(hContext, &hTPM); if (result != TSS_SUCCESS) { print_error("Tspi_Context_GetTpmObject", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } #define PCR_NUM 5 result = Tspi_TPM_PcrRead(hTPM, PCR_NUM, &ulPcrLen, &rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_TPM_PcrRead", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_PcrComposite_SetPcrValue(hPcrComposite, PCR_NUM, ulPcrLen, rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_FreeMemory(hContext, rgbPcrValue); if (result != TSS_SUCCESS) { print_error("Tspi_Context_FreeMemory", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_PcrComposite_SetPcrLocality(hPcrComposite, TPM_LOC_ZERO); if (result != TSS_SUCCESS) { print_error("Tspi_PcrComposite_SetPcrValue", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Tell the TSS to mask the data before sending result = Tspi_SetAttribUint32(hEncData, TSS_TSPATTRIB_ENCDATA_SEAL, TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE, TSS_TSPATTRIB_ENCDATA_SEAL_PROTECT); if (result != TSS_SUCCESS) { print_error("Tspi_SetAttribUint32", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } // Data Seal result = Tspi_Data_Seal(hEncData, hKey, ulDataLength, rgbDataToSeal, hPcrComposite); if (result != TSS_SUCCESS) { print_error("Tspi_Data_Seal", result); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Data_Unseal(hEncData, hKey, &ulNewDataLength, &prgbDataToUnseal); if (result != TSS_SUCCESS) { if (!(checkNonAPI(result))) { print_error(function, result); } else { print_error_nonapi(function, result); } } else { if (ulDataLength != ulNewDataLength) { printf ("ERROR length of returned data doesn't match!\n"); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } else if (memcmp (prgbDataToUnseal, rgbDataToSeal, ulDataLength)) { printf ("ERROR data returned from unseal doesn't match!\n"); print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); } result = Tspi_Context_FreeMemory(hContext, prgbDataToUnseal); if (result != TSS_SUCCESS) { print_error("Tspi_Context_FreeMemory ", result); Tspi_Context_Close(hContext); exit(result); } print_success(function, result); } print_end_test(function); Tspi_Context_FreeMemory(hContext, NULL); Tspi_Context_Close(hContext); exit(result); }