int TSPI_SealCurrPCR(TSS_HCONTEXT c, uint32_t keyhandle, uint32_t pcrmap,
unsigned char *keyauth,
unsigned char *dataauth,
unsigned char *data, unsigned int datalen,
unsigned char *blob, unsigned int *bloblen)
{
#define CHECK_ERROR(r,m) if (r != TSS_SUCCESS) { fprintf(stderr, m ": 0x%08x\n", r); return -1;}
TSS_RESULT r = 0;
TSS_HTPM tpm;
TSS_HPCRS pcrComposite;
TSS_UUID uuid;
TSS_UUID srk_uuid = TSS_UUID_SRK;
TSS_HKEY key;
TSS_HENCDATA seal;
TSS_HPOLICY key_policy, seal_policy;
unsigned char *cipher;
unsigned int cipher_len;
/* Get the PCR values into composite object */
r = Tspi_Context_GetTpmObject(c, &tpm);
CHECK_ERROR(r, "Error Getting TPM");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &pcrComposite);
CHECK_ERROR(r, "Error Creating PCR-Composite");
r = Tspi_PcrComposite_SetPcrLocality(pcrComposite, TPM_LOC_ZERO | TPM_LOC_ONE |
TPM_LOC_TWO | TPM_LOC_THREE | TPM_LOC_FOUR);
CHECK_ERROR(r, "Error Setting Localities");
for (uint32_t pcrmask = 1, pcr = 0; pcr < NUM_PCRS; pcr++, pcrmask <<= 1) {
if ((pcrmap & pcrmask) != 0) {
uint32_t pcrval_size;
uint8_t *pcrval;
if (pcrvals[pcr] == NULL) {
r = Tspi_TPM_PcrRead(tpm, pcr, &pcrval_size, &pcrval);
CHECK_ERROR(r, "Error Reading PCR");
r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, pcrval_size, pcrval);
CHECK_ERROR(r, "Error Setting Composite");
r = Tspi_Context_FreeMemory(c, pcrval);
CHECK_ERROR(r, "Error Freeing Memory");
}
else {
pcrval = pcrvals[pcr];
r = Tspi_PcrComposite_SetPcrValue(pcrComposite, pcr, LEN, pcrval);
CHECK_ERROR(r, "Error Setting Composite");
}
}
}
/* Get the SRK and Policy Ready */
if (keyhandle = 0x40000000) {
uuid = srk_uuid;
} else {
fprintf(stderr, "Error, only SRK currently supported\n");
r = 1;
return -1;
}
r = Tspi_Context_LoadKeyByUUID(c, TSS_PS_TYPE_SYSTEM, uuid, &key);
CHECK_ERROR(r, "Error Loading Key");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &key_policy);
CHECK_ERROR(r, "Error Creating Policy");
r = Tspi_Policy_SetSecret(key_policy, TSS_SECRET_MODE_SHA1, keylen, keyauth);
CHECK_ERROR(r, "Error Setting Secret");
r = Tspi_Policy_AssignToObject(key_policy, key);
CHECK_ERROR(r, "Error Assigning Policy");
/* Get the Encdata Ready */
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &seal);
CHECK_ERROR(r, "Error Creating EncData");
r = Tspi_Context_CreateObject(c, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &seal_policy);
CHECK_ERROR(r, "Error Creating Policy");
r = Tspi_Policy_SetSecret(seal_policy, TSS_SECRET_MODE_SHA1, keylen, dataauth);
CHECK_ERROR(r, "Error Setting Secret");
r = Tspi_Policy_AssignToObject(seal_policy, seal);
CHECK_ERROR(r, "Error Assigning Policy");
/* Seal the Data */
r = Tspi_Data_Seal(seal, key, datalen, data, pcrComposite);
CHECK_ERROR(r, "Error Sealing Data");
r = Tspi_GetAttribData(seal, TSS_TSPATTRIB_ENCDATA_BLOB,
TSS_TSPATTRIB_ENCDATABLOB_BLOB,
&cipher_len, &cipher);
CHECK_ERROR(r, "Error Getting Sealed Data");
/* Return that stuff */
if (cipher_len > bloblen) {
sprintf(stderr, "Internal Error, cipher too long");
r = 1;
return -1;
}
memcpy(blob, cipher, cipher_len);
*bloblen = cipher_len;
/* Note: Do not even bother to return cipher directly. Would be freed during Context_Close anyways */
Tspi_Context_FreeMemory(c, cipher);
return (r == 0)? 0 : -1;
}
int
main_v1_2( char version )
{
char *function = "Tspi_GetAttribData21";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HPOLICY hSrkPolicy;
BYTE *rgbDataToSeal = "This is a test";
BYTE rgbPcrValue[20];
TSS_HPCRS hPcrComposite;
UINT32 AttribDataSize;
BYTE* AttribData;
UINT32 ulDataLength = strlen(rgbDataToSeal);
TSS_RESULT result,resultFree;
TSS_FLAG keyInitFlags = TSS_KEY_SIZE_2048 |
TSS_KEY_TYPE_STORAGE |
TSS_KEY_NO_AUTHORIZATION;
TSS_FLAG pcrsInitFlags = 0;
print_begin_test( function );
if (version == TESTSUITE_TEST_TSS_1_2) {
keyInitFlags |= TSS_KEY_STRUCT_KEY12;
pcrsInitFlags |= TSS_PCRS_STRUCT_INFO_LONG;
}
memset(rgbPcrValue, 0x5a, sizeof(rgbPcrValue));
// Create Context
result = Tspi_Context_Create( &hContext );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Create", result );
print_end_test(function);
exit( result );
}
// Connect to Context
result = Tspi_Context_Connect( hContext, get_server(GLOBALSERVER) );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_Connect", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Context_CreateObject( hContext, TSS_OBJECT_TYPE_RSAKEY, keyInitFlags, &hKey );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hKey)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
//Load Key by UUID
result = Tspi_Context_LoadKeyByUUID( hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_LoadKeyByUUID (hSRK)", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#ifndef TESTSUITE_NOAUTH_SRK
result = Tspi_GetPolicyObject( hSRK, TSS_POLICY_USAGE, &hSrkPolicy );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetPolicyObject", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Policy_SetSecret( hSrkPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN, TESTSUITE_SRK_SECRET );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Policy_SetSecret", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
#endif
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, pcrsInitFlags,
&hPcrComposite );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Context_CreateObject (hPcrComposite)",
result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrValue( hPcrComposite, 8, 20, rgbPcrValue );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrValue", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_PcrComposite_SetPcrLocality( hPcrComposite, TPM_LOC_ZERO );
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_PcrComposite_SetPcrLocality", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
result = Tspi_Key_CreateKey(hKey, hSRK, hPcrComposite);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_Key_CreateKey", result );
print_end_test(function);
Tspi_Context_FreeMemory( hContext, NULL );
Tspi_Context_Close( hContext );
exit( result );
}
// Checking flag and subflags
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATCREATION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success("Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_DIGEST_ATRELEASE -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_CREATION_SELECTION -",
result );
}
//Call GetAttribData for subFlag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION
result = Tspi_GetAttribData(hKey,
TSS_TSPATTRIB_KEY_PCR_LONG,
TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION,
&AttribDataSize, &AttribData);
if ( result != TSS_SUCCESS )
{
print_error( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION",
result );
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
else
{
resultFree = Tspi_Context_FreeMemory(hContext, AttribData);
if ( resultFree != TSS_SUCCESS )
{
print_error( "Tspi_Context_FreeMemory", resultFree );
print_end_test(function);
exit(resultFree);
}
print_success( "Tspi_GetAttribData - subflag TSS_TSPATTRIB_KEYPCRLONG_RELEASE_SELECTION -",
result );
}
print_end_test(function);
Tspi_Context_Close(hContext);
exit( 0 );
}
int main_v1_2(char version)
{
char *function = "Tspi_Data_Unseal01";
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HTPM hTPM;
TSS_HPOLICY hKeyPolicy, hEncUsagePolicy, hSRKPolicy;
BYTE rgbDataToSeal[DATA_SIZE];
BYTE *rgbPcrValue;
UINT32 ulPcrLen;
TSS_HENCDATA hEncData;
BYTE *prgbDataToUnseal;
TSS_HPCRS hPcrComposite;
UINT32 BlobLength;
UINT32 ulDataLength = DATA_SIZE, ulNewDataLength;
TSS_UUID uuid;
TSS_RESULT result;
TSS_FLAG initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE | TSS_KEY_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
print_begin_test(function);
memset(rgbDataToSeal, 0x5d, DATA_SIZE);
// Create Context
result = Tspi_Context_Create(&hContext);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Create", result);
exit(result);
}
// Connect to Context
result = Tspi_Context_Connect(hContext, get_server(GLOBALSERVER));
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_Connect", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// create hKey
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags, &hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext,
TSS_OBJECT_TYPE_ENCDATA,
TSS_ENCDATA_SEAL, &hEncData);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hEncData)",
result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// get the use policy for the encrypted data to set its secret
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hEncUsagePolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Policy_SetSecret(hEncUsagePolicy, TESTSUITE_ENCDATA_SECRET_MODE,
TESTSUITE_ENCDATA_SECRET_LEN, TESTSUITE_ENCDATA_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hEncUsagePolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Assign the use policy to the object
result = Tspi_Policy_AssignToObject(hEncUsagePolicy, hEncData);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
//Load Key By UUID
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
SRK_UUID, &hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_LoadKeyByUUID (hSRK)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#ifndef TESTSUITE_NOAUTH_SRK
// set the SRK auth data
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_GetPolicyObject (hSRK)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Policy_SetSecret(hSRKPolicy, TESTSUITE_SRK_SECRET_MODE,
TESTSUITE_SRK_SECRET_LEN,
TESTSUITE_SRK_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hSRKPolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#endif
// set the new key's authdata
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE,
&hKeyPolicy);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Policy_SetSecret(hKeyPolicy, TESTSUITE_KEY_SECRET_MODE, TESTSUITE_KEY_SECRET_LEN,
TESTSUITE_KEY_SECRET);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_SetSecret (hKeyPolicy)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Assign the use policy to the object
result = Tspi_Policy_AssignToObject(hKeyPolicy, hKey);
if (result != TSS_SUCCESS) {
print_error("Tspi_Policy_AssignToObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// create the key
result = Tspi_Key_CreateKey(hKey, hSRK, 0);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_CreateKey (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Key_LoadKey(hKey, hSRK);
if (result != TSS_SUCCESS) {
print_error("Tspi_Key_LoadKey (hKey)", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS,
TSS_PCRS_STRUCT_INFO_LONG, &hPcrComposite);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_CreateObject (hPcrComposite)",
result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_GetTpmObject", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
#define PCR_NUM 5
result = Tspi_TPM_PcrRead(hTPM, PCR_NUM, &ulPcrLen, &rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_TPM_PcrRead", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_PcrComposite_SetPcrValue(hPcrComposite, PCR_NUM, ulPcrLen,
rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_PcrComposite_SetPcrValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Context_FreeMemory(hContext, rgbPcrValue);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_FreeMemory", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_PcrComposite_SetPcrLocality(hPcrComposite, TPM_LOC_ZERO);
if (result != TSS_SUCCESS) {
print_error("Tspi_PcrComposite_SetPcrValue", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Tell the TSS to mask the data before sending
result = Tspi_SetAttribUint32(hEncData, TSS_TSPATTRIB_ENCDATA_SEAL,
TSS_TSPATTRIB_ENCDATASEAL_PROTECT_MODE,
TSS_TSPATTRIB_ENCDATA_SEAL_PROTECT);
if (result != TSS_SUCCESS) {
print_error("Tspi_SetAttribUint32", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
// Data Seal
result =
Tspi_Data_Seal(hEncData, hKey, ulDataLength, rgbDataToSeal, hPcrComposite);
if (result != TSS_SUCCESS) {
print_error("Tspi_Data_Seal", result);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result = Tspi_Data_Unseal(hEncData, hKey, &ulNewDataLength, &prgbDataToUnseal);
if (result != TSS_SUCCESS) {
if (!(checkNonAPI(result))) {
print_error(function, result);
} else {
print_error_nonapi(function, result);
}
} else {
if (ulDataLength != ulNewDataLength) {
printf
("ERROR length of returned data doesn't match!\n");
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
} else
if (memcmp
(prgbDataToUnseal, rgbDataToSeal, ulDataLength)) {
printf
("ERROR data returned from unseal doesn't match!\n");
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
result =
Tspi_Context_FreeMemory(hContext, prgbDataToUnseal);
if (result != TSS_SUCCESS) {
print_error("Tspi_Context_FreeMemory ", result);
Tspi_Context_Close(hContext);
exit(result);
}
print_success(function, result);
}
print_end_test(function);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
exit(result);
}
