mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-22 14:22:29 +00:00
317 lines
10 KiB
C++
317 lines
10 KiB
C++
|
#ifndef libhis_changekeyauth_hpp
|
||
|
#define libhis_changekeyauth_hpp
|
||
|
|
||
|
#ifdef WINDOWS
|
||
|
#include "tspi.h"
|
||
|
#include "tss_error.h"
|
||
|
#include "tss_defines.h"
|
||
|
#endif
|
||
|
#ifdef LINUX
|
||
|
#include <tss/tspi.h>
|
||
|
#include <tss/tss_error.h>
|
||
|
#include <tss/tss_defines.h>
|
||
|
#endif
|
||
|
|
||
|
#include "libhis_exception.hpp"
|
||
|
|
||
|
class libhis_changekeyauth
|
||
|
{
|
||
|
public:
|
||
|
libhis_changekeyauth()
|
||
|
{
|
||
|
//set default values
|
||
|
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||
|
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||
|
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||
|
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||
|
init_key_volatile = TSS_KEY_VOLATILE;
|
||
|
binitialized = false;
|
||
|
|
||
|
//create a context object
|
||
|
result = Tspi_Context_Create(&hcontext);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||
|
|
||
|
//create an SRK object
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||
|
|
||
|
//Create SRK policy
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||
|
|
||
|
//Create key policy
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||
|
|
||
|
//Create new policy
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
|
||
|
}
|
||
|
|
||
|
void initidentity()
|
||
|
{
|
||
|
//set the type
|
||
|
init_key_type = TSS_KEY_TYPE_IDENTITY;
|
||
|
|
||
|
//set the key size
|
||
|
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||
|
|
||
|
//combine the init flags
|
||
|
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||
|
|
||
|
//Create key object
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||
|
|
||
|
binitialized = true;
|
||
|
}
|
||
|
|
||
|
void initsign(unsigned int in_size)
|
||
|
{
|
||
|
//set the type
|
||
|
init_key_type = TSS_KEY_TYPE_SIGNING;
|
||
|
|
||
|
//set the key size
|
||
|
if(in_size == 0)
|
||
|
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||
|
else if(in_size == 512)
|
||
|
init_key_size = TSS_KEY_SIZE_512;
|
||
|
else if(in_size == 1024)
|
||
|
init_key_size = TSS_KEY_SIZE_1024;
|
||
|
else if(in_size == 2048)
|
||
|
init_key_size = TSS_KEY_SIZE_2048;
|
||
|
else if(in_size == 4096)
|
||
|
init_key_size = TSS_KEY_SIZE_4096;
|
||
|
else if(in_size == 8192)
|
||
|
init_key_size = TSS_KEY_SIZE_8192;
|
||
|
else if(in_size == 16384)
|
||
|
init_key_size = TSS_KEY_SIZE_16384;
|
||
|
else throw libhis_exception("Invalid key size", 400);
|
||
|
|
||
|
//combine the init flags
|
||
|
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||
|
|
||
|
//Create key object
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||
|
|
||
|
binitialized = true;
|
||
|
}
|
||
|
|
||
|
void initbind(unsigned int in_size)
|
||
|
{
|
||
|
//set the type
|
||
|
init_key_type = TSS_KEY_TYPE_BIND;
|
||
|
|
||
|
//set the key size
|
||
|
if(in_size == 0)
|
||
|
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||
|
else if(in_size == 512)
|
||
|
init_key_size = TSS_KEY_SIZE_512;
|
||
|
else if(in_size == 1024)
|
||
|
init_key_size = TSS_KEY_SIZE_1024;
|
||
|
else if(in_size == 2048)
|
||
|
init_key_size = TSS_KEY_SIZE_2048;
|
||
|
else if(in_size == 4096)
|
||
|
init_key_size = TSS_KEY_SIZE_4096;
|
||
|
else if(in_size == 8192)
|
||
|
init_key_size = TSS_KEY_SIZE_8192;
|
||
|
else if(in_size == 16384)
|
||
|
init_key_size = TSS_KEY_SIZE_16384;
|
||
|
else throw libhis_exception("Invalid key size", 400);
|
||
|
|
||
|
//combine the init flags
|
||
|
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||
|
|
||
|
//Create key object
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||
|
|
||
|
binitialized = true;
|
||
|
}
|
||
|
|
||
|
void initstorage(unsigned int in_size)
|
||
|
{
|
||
|
//set the type
|
||
|
init_key_type = TSS_KEY_TYPE_STORAGE;
|
||
|
|
||
|
//set the key size
|
||
|
if(in_size == 0)
|
||
|
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||
|
else if(in_size == 512)
|
||
|
init_key_size = TSS_KEY_SIZE_512;
|
||
|
else if(in_size == 1024)
|
||
|
init_key_size = TSS_KEY_SIZE_1024;
|
||
|
else if(in_size == 2048)
|
||
|
init_key_size = TSS_KEY_SIZE_2048;
|
||
|
else if(in_size == 4096)
|
||
|
init_key_size = TSS_KEY_SIZE_4096;
|
||
|
else if(in_size == 8192)
|
||
|
init_key_size = TSS_KEY_SIZE_8192;
|
||
|
else if(in_size == 16384)
|
||
|
init_key_size = TSS_KEY_SIZE_16384;
|
||
|
else throw libhis_exception("Invalid key size", 400);
|
||
|
|
||
|
//combine the init flags
|
||
|
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||
|
|
||
|
//Create key object
|
||
|
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||
|
|
||
|
binitialized = true;
|
||
|
}
|
||
|
|
||
|
void changekeyauth(
|
||
|
unsigned char *auth_srk_value,
|
||
|
unsigned long auth_srk_size,
|
||
|
bool auth_srk_sha1,
|
||
|
unsigned char *auth_key_value,
|
||
|
unsigned long auth_key_size,
|
||
|
bool auth_key_sha1,
|
||
|
unsigned char *uuid_key_value,
|
||
|
unsigned char *auth_new_value,
|
||
|
unsigned long auth_new_size,
|
||
|
bool auth_new_sha1)
|
||
|
{
|
||
|
//establish a session
|
||
|
result = Tspi_Context_Connect(hcontext, 0);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||
|
|
||
|
//get the TPM object
|
||
|
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||
|
|
||
|
//load the SRK
|
||
|
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||
|
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||
|
|
||
|
//set up SRK auth
|
||
|
if(auth_srk_sha1)
|
||
|
{
|
||
|
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||
|
}
|
||
|
|
||
|
//assign the SRK auth
|
||
|
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||
|
|
||
|
//Set up the key UUID
|
||
|
hextouuid(uuid_key_value, uuid_key);
|
||
|
|
||
|
//Get the key by UUID
|
||
|
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||
|
|
||
|
//set up Key auth
|
||
|
if(auth_key_sha1)
|
||
|
{
|
||
|
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret SHA1", result);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret Plain", result);
|
||
|
}
|
||
|
|
||
|
//assign the Key auth
|
||
|
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Assign Key Secret", result);
|
||
|
|
||
|
//set up new auth
|
||
|
if(auth_new_sha1)
|
||
|
{
|
||
|
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
|
||
|
}
|
||
|
else
|
||
|
{
|
||
|
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
|
||
|
}
|
||
|
|
||
|
//change the Key secret
|
||
|
result = Tspi_ChangeAuth(hkey_key, hkey_srk, hpolicy_new);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Change Key Secret", result);
|
||
|
|
||
|
try
|
||
|
{
|
||
|
//save key
|
||
|
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result);
|
||
|
}
|
||
|
catch(libhis_exception &e)
|
||
|
{
|
||
|
//Unregister the existing key
|
||
|
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result);
|
||
|
|
||
|
//Register a new key
|
||
|
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result);
|
||
|
}
|
||
|
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
~libhis_changekeyauth()
|
||
|
{
|
||
|
//clean up new policy
|
||
|
result = Tspi_Context_CloseObject(hcontext, hpolicy_new);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result);
|
||
|
|
||
|
//clean up key policy
|
||
|
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||
|
|
||
|
if(binitialized)
|
||
|
{
|
||
|
//clean up key
|
||
|
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||
|
}
|
||
|
|
||
|
//clean up SRK policy
|
||
|
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||
|
|
||
|
//clean up SRK object
|
||
|
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||
|
|
||
|
//close context
|
||
|
result = Tspi_Context_Close(hcontext);
|
||
|
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||
|
}
|
||
|
|
||
|
private:
|
||
|
TSS_RESULT result;
|
||
|
TSS_HCONTEXT hcontext;
|
||
|
TSS_HTPM htpm;
|
||
|
TSS_HKEY hkey_srk,
|
||
|
hkey_key,
|
||
|
hkey_unregister;
|
||
|
TSS_HPOLICY hpolicy_srk,
|
||
|
hpolicy_key,
|
||
|
hpolicy_new;
|
||
|
TSS_UUID uuid_key;
|
||
|
UINT32 init_key,
|
||
|
init_key_size,
|
||
|
init_key_type,
|
||
|
init_key_authorized,
|
||
|
init_key_migratable,
|
||
|
init_key_volatile,
|
||
|
init_key_scheme;
|
||
|
bool binitialized;
|
||
|
};
|
||
|
|
||
|
#endif
|