ExternalVendorCode/HIRS
1
0
Fork 0
mirror of https://github.com/nsacyber/HIRS.git synced 2024-12-18 20:47:58 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

removed tpm_module

Browse Source
This commit is contained in:
iadgovuser26 iadgovuser26@empire.eclipse.ncsc.mil 2024-08-21 09:44:27 -04:00
parent 1b582dfec6
commit c929ee3bb3
49 changed files with 0 additions and 9562 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
tpm_module/build.gradle
View File

@ -1,15 +0,0 @@
task make(type: Exec) {
outputs.file 'tpm_module'
inputs.dir fileTree(dir: '.').include('main.cpp').include('*.hpp')
commandLine 'make'
}
task cleanUp() {
delete 'tpm_module', 'main.d', 'main.o'
}
task fullBuild(type: GradleBuild) {
tasks = ['cleanUp', 'make']
}
build.dependsOn tasks.fullBuild

5
tpm_module/debian/changelog
View File

@ -1,5 +0,0 @@
tpm-module (3.11) trusty; urgency=low
* Initial release
-- HIRS <HIRS@HIRS.HIRS> Thu, 05 Feb 2015 17:44:25 -0500

1
tpm_module/debian/compat
View File

@ -1 +0,0 @@
9

13
tpm_module/debian/control
View File

@ -1,13 +0,0 @@
Source: tpm-module
Section: admin
Priority: optional
Maintainer: HIRS <HIRS@HIRS.HIRS>
Build-Depends: debhelper (>= 9)
Standards-Version: 3.9.5
Package: tpm-module
Architecture: amd64
Depends: ${shlibs:Depends}, ${misc:Depends}, tpm-tools, libtspi1
Description: HIRS TPM Module
Allows for interaction with TPMs.

0
tpm_module/debian/docs
View File

1
tpm_module/debian/files
View File

@ -1 +0,0 @@
tpm-module_3.11_amd64.deb admin optional

2
tpm_module/debian/lintian-overrides
View File

@ -1,2 +0,0 @@
# Ignore lintian error about incorrectly formatted copyright file
tpm-module binary: copyright-should-refer-to-common-license-file-for-lgpl

7
tpm_module/debian/rules
View File

@ -1,7 +0,0 @@
#!/usr/bin/make -f
# -*- makefile -*-
export DH_VERBOSE=1
%:
dh $@

1
tpm_module/debian/source/format
View File

@ -1 +0,0 @@
3.0 (native)

1
tpm_module/debian/tpm-module.install
View File

@ -1 +0,0 @@
src/tpm_module usr/bin

1
tpm_module/debian/tpm-module.manpages
View File

@ -1 +0,0 @@
debian/tpm_module.1

2
tpm_module/debian/tpm-module.substvars
View File

@ -1,2 +0,0 @@
shlibs:Depends=libc6 (>= 2.4), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.4.0), libtspi1 (>= 0.3.1)
misc:Depends=

224
tpm_module/libhis_activateidentity.hpp
View File

@ -1,224 +0,0 @@
#ifndef libhis_activateidentity_hpp
#define libhis_activateidentity_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_activateidentity
{
public:
libhis_activateidentity()
{
//set default values
init_ik_size = TSS_KEY_SIZE_DEFAULT;
init_ik_type = TSS_KEY_TYPE_IDENTITY;
init_ik_authorized = TSS_KEY_AUTHORIZATION;
init_ik_migratable = TSS_KEY_NOT_MIGRATABLE;
init_ik_volatile = TSS_KEY_VOLATILE;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create IK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result);
}
void init()
{
//combine the init flags
init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile;
//Create IK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result);
binitialized = true;
}
void activateidentity(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_ik_value,
unsigned long auth_ik_size,
bool auth_ik_sha1,
unsigned char *asym_value,
unsigned long asym_size,
unsigned char *sym_value,
unsigned long sym_size,
unsigned char *uuid_ik_value,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the IK UUID
hextouuid(uuid_ik_value, uuid_ik);
//Get the IK by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result);
//set up IK auth
if(auth_ik_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
}
//assign the IK auth
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
//Unwrap the IK
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
//Activate identity
BYTE *value;
UINT32 size;
result = Tspi_TPM_ActivateIdentity(htpm, hkey_ik, asym_size, asym_value, sym_size, sym_value, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Activate identity", result);
//Copy memory because TSS uses malloc and free, but we're using new and delete
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
{
output_value[i] = value[i];
}
//clean up the TSS data -- CANNOT DO THIS; TSS MEMORY LEAK?
//result = Tspi_Context_FreeMemory(hcontext, value);
//if(result != TSS_SUCCESS) throw libhis_exception("Cleanup identity credential", result);
return;
}
~libhis_activateidentity()
{
//clean up IK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result);
if(binitialized)
{
//clean up IK
result = Tspi_Context_CloseObject(hcontext, hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_ik;
TSS_HPOLICY hpolicy_tpm,
hpolicy_srk,
hpolicy_ik;
TSS_UUID uuid_ik;
UINT32 init_ik,
init_ik_size,
init_ik_type,
init_ik_authorized,
init_ik_migratable,
init_ik_volatile;
bool binitialized;
};
#endif

271
tpm_module/libhis_bind.hpp
View File

@ -1,271 +0,0 @@
#ifndef libhis_bind_hpp
#define libhis_bind_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_bind
{
public:
libhis_bind()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
init_key_scheme = 0;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
//Create ENCData object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
//Create ENCData policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
}
void initbind(unsigned int in_size, unsigned int in_scheme)
{
//set the type
init_key_type = TSS_KEY_TYPE_BIND;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//set the encryption scheme
if(in_scheme == 0)
init_key_scheme = TSS_ES_RSAESPKCSV15;
else if(in_scheme == 1)
init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
else if(in_scheme == 2)
init_key_scheme = TSS_ES_SYM_CNT;
else if(in_scheme == 3)
init_key_scheme = TSS_ES_SYM_OFB;
else if(in_scheme == 4)
init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD;
else
init_key_scheme = TSS_ES_NONE;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
//Set the encryption scheme
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme);
if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result);
binitialized = true;
}
void bind(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *auth_enc_value,
unsigned long auth_enc_size,
bool auth_enc_sha1,
unsigned char *uuid_key_value,
unsigned char *hash_value,
unsigned long hash_size,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//set up ENCData auth
if(auth_enc_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
}
//assign the ENCData auth
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
//bind data
result = Tspi_Data_Bind(hencdata, hkey_key, hash_size, hash_value);
if(result != TSS_SUCCESS) throw libhis_exception("Bind", result);
//Get the bound data blob
BYTE *value;
UINT32 size;
result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Get bound data blob", result);
//copy over memory
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
}
~libhis_bind()
{
//clean up ENCData policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
//Clean up ENCData
result = Tspi_Context_CloseObject(hcontext, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key;
TSS_HPOLICY hpolicy_srk,
hpolicy_key,
hpolicy_enc;
TSS_UUID uuid_key;
TSS_HENCDATA hencdata;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile,
init_key_scheme;
bool binitialized;
};
#endif

316
tpm_module/libhis_changekeyauth.hpp
View File

@ -1,316 +0,0 @@
#ifndef libhis_changekeyauth_hpp
#define libhis_changekeyauth_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_changekeyauth
{
public:
libhis_changekeyauth()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
//Create new policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
}
void initidentity()
{
//set the type
init_key_type = TSS_KEY_TYPE_IDENTITY;
//set the key size
init_key_size = TSS_KEY_SIZE_DEFAULT;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initsign(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_SIGNING;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initbind(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_BIND;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initstorage(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_STORAGE;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void changekeyauth(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
unsigned char *auth_new_value,
unsigned long auth_new_size,
bool auth_new_sha1)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up Key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret Plain", result);
}
//assign the Key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign Key Secret", result);
//set up new auth
if(auth_new_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
}
//change the Key secret
result = Tspi_ChangeAuth(hkey_key, hkey_srk, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Change Key Secret", result);
try
{
//save key
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result);
}
catch(libhis_exception &e)
{
//Unregister the existing key
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister);
if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result);
//Register a new key
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result);
}
return;
}
~libhis_changekeyauth()
{
//clean up new policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result);
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key,
hkey_unregister;
TSS_HPOLICY hpolicy_srk,
hpolicy_key,
hpolicy_new;
TSS_UUID uuid_key;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile,
init_key_scheme;
bool binitialized;
};
#endif

109
tpm_module/libhis_changeownership.hpp
View File

@ -1,109 +0,0 @@
#ifndef libhis_changeownership_hpp
#define libhis_changeownership_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_changeownership
{
public:
libhis_changeownership()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create new policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
}
void changeownership(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *auth_new_value,
unsigned long auth_new_size,
bool auth_new_sha1)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
//set up new auth
if(auth_new_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
}
//change the TPM secret
result = Tspi_ChangeAuth(htpm, 0, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result);
return;
}
~libhis_changeownership()
{
//clean up new policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPOLICY hpolicy_tpm,
hpolicy_new;
};
#endif

150
tpm_module/libhis_changesrksecret.hpp
View File

@ -1,150 +0,0 @@
#ifndef libhis_changesrksecret_hpp
#define libhis_changesrksecret_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_changesrksecret
{
public:
libhis_changesrksecret()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create new policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
}
void changesrksecret(unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_new_value,
unsigned long auth_new_size,
bool auth_new_sha1)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//set up new auth
if(auth_new_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
}
//change the SRK secret
result = Tspi_ChangeAuth(hkey_srk, htpm, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Change SRK Secret", result);
return;
}
~libhis_changesrksecret()
{
//clean up new policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_new);
if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result);
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk;
TSS_HPOLICY hpolicy_tpm,
hpolicy_srk,
hpolicy_new;
};
#endif

167
tpm_module/libhis_clearkey.hpp
View File

@ -1,167 +0,0 @@
#ifndef libhis_clearkey_hpp
#define libhis_clearkey_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_clearkey
{
public:
libhis_clearkey()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
}
void clearkey(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//Unregister the existing key
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Unregister uuid", result);
return;
}
~libhis_clearkey()
{
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key;
TSS_HPOLICY hpolicy_srk,
hpolicy_key;
TSS_UUID uuid_key;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile,
init_key_scheme;
};
#endif

121
tpm_module/libhis_clearnvdata.hpp
View File

@ -1,121 +0,0 @@
#ifndef libhis_clearnvdata_hpp
#define libhis_clearnvdata_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_clearnvdata
{
public:
libhis_clearnvdata()
{
//set defaults
nvstore_index = 0;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create NVSTore object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result);
}
void clearnvdata(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned long nv_index)
{
//set up the index value
if(nv_index == 0)
nvstore_index = TPM_NV_INDEX_EKCert;
else if(nv_index == 1)
nvstore_index = TPM_NV_INDEX_TPM_CC;
else if(nv_index == 2)
nvstore_index = TPM_NV_INDEX_PlatformCert;
else if(nv_index == 3)
nvstore_index = TPM_NV_INDEX_Platform_CC;
else
nvstore_index = nv_index;
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//assign the TPM auth to the NVStore
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result);
//force NVData to be readable by the owner only
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE);
if(result != TSS_SUCCESS) throw libhis_exception("Requier owner auth on NVStore read/write", result);
//set the read address
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index);
if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result);
//clear the nvstore space
result = Tspi_NV_ReleaseSpace(hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Clear data at NVStore index", result);
}
~libhis_clearnvdata()
{
//clean up NVStore
result = Tspi_Context_CloseObject(hcontext, hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPOLICY hpolicy_tpm;
TSS_HNVSTORE hnvstore;
UINT32 nvstore_index;
};
#endif

83
tpm_module/libhis_clearownership.hpp
View File

@ -1,83 +0,0 @@
#ifndef libhis_clearownership_hpp
#define libhis_clearownership_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_clearownership
{
public:
libhis_clearownership()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
}
void clearownership(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
//clear the TPM owner
result = Tspi_TPM_ClearOwner(htpm, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Clear Ownership", result);
}
~libhis_clearownership()
{
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPOLICY hpolicy_tpm;
};
#endif

122
tpm_module/libhis_clearpcr.hpp
View File

@ -1,122 +0,0 @@
#ifndef libhis_clearpcr_hpp
#define libhis_clearpc_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_clearpcr
{
public:
libhis_clearpcr()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create PCRS object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
}
void clearpcr(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *mask)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//set up mask
bool bitmask[24];
for(short i = 0; i < 24; i++)
bitmask[i] = 0;
masktobitmask(mask, bitmask);
//collect the PCR values
UINT32 temp_size;
BYTE *temp_value;
for(unsigned long i = 0; i < 24; i++)
{
if(bitmask[i])
{
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
result = Tspi_Context_FreeMemory(hcontext, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
}
}
//clear PCR value
result = Tspi_TPM_PcrReset(htpm, hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Reset PCRs", result);
return;
}
~libhis_clearpcr()
{
//clean up PCRS
result = Tspi_Context_CloseObject(hcontext, hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPOLICY hpolicy_tpm;
TSS_HPCRS hpcrs;
};
#endif

3245
tpm_module/libhis_cli.hpp
View File

File diff suppressed because it is too large Load Diff

278
tpm_module/libhis_collateidentityrequest.hpp
View File

@ -1,278 +0,0 @@
#ifndef libhis_collateidentityrequest_hpp
#define libhis_collateidentityrequest_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_collateidentityrequest
{
public:
libhis_collateidentityrequest()
{
//set default values
init_ik_size = TSS_KEY_SIZE_DEFAULT;
init_ik_type = TSS_KEY_TYPE_IDENTITY;
init_ik_authorized = TSS_KEY_AUTHORIZATION;
init_ik_migratable = TSS_KEY_NOT_MIGRATABLE;
init_ik_volatile = TSS_KEY_VOLATILE;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create IK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result);
//Create ACAK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_acak);
if(result != TSS_SUCCESS) throw libhis_exception("Create ACAK", result);
}
void init()
{
//combine the init flags
init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile;
//Create IK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result);
binitialized = true;
}
void collateidentityrequest(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_ik_value,
unsigned long auth_ik_size,
bool auth_ik_sha1,
unsigned char *label_ik_value,
unsigned long label_ik_size,
unsigned char *key_acak_value,
unsigned long key_acak_size,
unsigned char *uuid_ik_value,
bool uuid_overwrite,
unsigned char *ekc_value,
unsigned long ekc_size,
unsigned char *pc_value,
unsigned long pc_size,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
//assign the TPM auth to the ACAK too
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_acak);
if(result != TSS_SUCCESS) throw libhis_exception("Assign ACAK Secret", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//set up IK auth
if(auth_ik_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
}
//assign the IK auth
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
//set ACAK blob
result = Tspi_SetAttribData(hkey_acak, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, key_acak_size, key_acak_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ACAK Blob", result);
if(ekc_size != 0)
{
//set the EK cert
result = Tspi_SetAttribData(htpm, TSS_TSPATTRIB_TPM_CREDENTIAL, TSS_TPMATTRIB_EKCERT, ekc_size, ekc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set EK credential blob", result);
}
if(pc_size != 0)
{
//set the Platform cert
result = Tspi_SetAttribData(htpm, TSS_TSPATTRIB_TPM_CREDENTIAL, TSS_TPMATTRIB_PLATFORMCERT, pc_size, pc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set Platform credential blob", result);
}
//Collate identity request
BYTE *value;
UINT32 size;
result = Tspi_TPM_CollateIdentityRequest(htpm, hkey_srk, hkey_acak, label_ik_size, label_ik_value, hkey_ik, TSS_ALG_AES, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Collate identity Request", result);
//Copy memory because TSS uses malloc and free, but we're using new and delete
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
{
output_value[i] = value[i];
}
//clean up the TSS data -- CANNOT DO THIS; TSS MEMORY LEAK?
//result = Tspi_Context_FreeMemory(hcontext, value);
//if(result != TSS_SUCCESS) throw libhis_exception("Cleanup identity request", result);
//Unwrap the newly generated IK
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
//Set up the IK UUID
hextouuid(uuid_ik_value, uuid_ik);
try
{
//save ik
result = Tspi_Context_RegisterKey(hcontext, hkey_ik, TSS_PS_TYPE_SYSTEM, uuid_ik, TSS_PS_TYPE_SYSTEM, uuid_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Save IK By UUID", result);
}
catch(libhis_exception &e)
{
if(uuid_overwrite)
{
//Unregister the existing key
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_unregister);
if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result);
//Register a new key
result = Tspi_Context_RegisterKey(hcontext, hkey_ik, TSS_PS_TYPE_SYSTEM, uuid_ik, TSS_PS_TYPE_SYSTEM, uuid_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Resave IK By UUID", result);
}
else throw e;
}
return;
}
~libhis_collateidentityrequest()
{
//clean up ACAK
result = Tspi_Context_CloseObject(hcontext, hkey_acak);
if(result != TSS_SUCCESS) throw libhis_exception("Close ACAK", result);
//clean up IK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result);
if(binitialized)
{
//clean up IK
result = Tspi_Context_CloseObject(hcontext, hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_ik,
hkey_acak,
hkey_unregister;
TSS_HPOLICY hpolicy_tpm,
hpolicy_srk,
hpolicy_ik;
TSS_UUID uuid_ik;
UINT32 init_ik,
init_ik_size,
init_ik_type,
init_ik_authorized,
init_ik_migratable,
init_ik_volatile;
bool binitialized;
};
#endif

70
tpm_module/libhis_createek.hpp
View File

@ -1,70 +0,0 @@
#ifndef libhis_createek_hpp
#define libhis_createek_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_createek
{
public:
libhis_createek()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create EK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Create EK object handle", result);
}
void createek(
unsigned char *nonce)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//TSS requires external data to be set for EK creation
validation.ulExternalDataLength = 20;
validation.rgbExternalData = nonce;
//create EK
result = Tspi_TPM_CreateEndorsementKey(htpm, hkey_ek, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
}
~libhis_createek()
{
//clean up EK object
result = Tspi_Context_CloseObject(hcontext, hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Close EK object handle", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_ek;
TSS_VALIDATION validation;
};
#endif

317
tpm_module/libhis_createkey.hpp
View File

@ -1,317 +0,0 @@
#ifndef libhis_createkey_hpp
#define libhis_createkey_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_createkey
{
public:
libhis_createkey()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
init_key_scheme = 0;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
}
void initsign(unsigned int in_size, unsigned int in_scheme)
{
//set the type
init_key_type = TSS_KEY_TYPE_SIGNING;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//set the signature scheme
if(in_scheme == 0)
init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
else if(in_scheme == 1)
init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER;
else
init_key_scheme = TSS_SS_NONE;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
//Set the signature scheme
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme);
if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result);
binitialized = true;
}
void initbind(unsigned int in_size, unsigned int in_scheme)
{
//set the type
init_key_type = TSS_KEY_TYPE_BIND;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//set the encryption scheme
if(in_scheme == 0)
init_key_scheme = TSS_ES_RSAESPKCSV15;
else if(in_scheme == 1)
init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
else if(in_scheme == 2)
init_key_scheme = TSS_ES_SYM_CNT;
else if(in_scheme == 3)
init_key_scheme = TSS_ES_SYM_OFB;
else if(in_scheme == 4)
init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD;
else
init_key_scheme = TSS_ES_NONE;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
//Set the encryption scheme
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme);
if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result);
binitialized = true;
}
void initstorage(unsigned int in_size, unsigned int in_location)
{
//set the type
init_key_type = TSS_KEY_TYPE_STORAGE;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//set the encryption scheme
if(in_location == 0)
init_key_location = TSS_PS_TYPE_SYSTEM;
else
init_key_location = TSS_PS_TYPE_USER;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile | init_key_location;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void createkey(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
bool uuid_overwrite)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//create the key
result = Tspi_Key_CreateKey(hkey_key, hkey_srk, 0);
//Unwrap the newly generated key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
try
{
//save key
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result);
}
catch(libhis_exception &e)
{
if(uuid_overwrite)
{
//Unregister the existing key
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister);
if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result);
//Register a new key
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result);
}
else throw e;
}
return;
}
~libhis_createkey()
{
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key,
hkey_unregister;
TSS_HPOLICY hpolicy_srk,
hpolicy_key;
TSS_UUID uuid_key;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile,
init_key_scheme,
init_key_location;
bool binitialized;
};
#endif

41
tpm_module/libhis_errors.txt
View File

@ -1,41 +0,0 @@
< 200 TPM ERROR CODE
> 12000 TSS ERROR CODE
TPM_MODULE ERROR CODES
-------------------------
290 can't open log file
300 invalid mode argument
310 hex to bin invalid length
311 hex to bin character validation error
312 hex to bin character validation error
320 new auth argument missing
321 tpm auth argument missing
322 srk auth argument missing
323 ik auth argument missing
324 sign auth argument missing
325 bind auth argument missing
326 stor auth argument missing
327 enc auth argument missing
328 key auth argument missing
330 nonce argument missing
340 uuid argument missing
350 pcrs argument missing
360 key type argument missing
361 key type argument invalid
370 key length argument missing
380 key scheme argument missing
381 signing scheme invalid
382 binding scheme invalid
390 nvram index missing
391 nvram index invalid
400 help argument set
410 mode-specific argument missing
411 mode-specific argument missing
412 mode-specific argument missing
420 uuid validation failure
421 uuid validation failure
422 uuid validation failure
423 uuid validation failure
424 uuid validation failure
425 uuid validation failure
430 mask validation failure

47
tpm_module/libhis_exception.hpp
View File

@ -1,47 +0,0 @@
#ifndef libhis_exception_hpp
#define libhis_exception_hpp
#ifdef WINDOWS
#include <exception>
using namespace std;
class libhis_exception : public exception
{
public:
libhis_exception(const char *message, int value) : exception(message)
{
result = value;
}
int result;
};
#endif
#ifdef LINUX
#include <exception>
#include <string>
using namespace std;
class libhis_exception
{
public:
libhis_exception(string inmessage, int value)
{
message = inmessage;
result = value;
}
~libhis_exception() {}
string what()
{
return message;
}
int result;
string message;
};
#endif
#endif

101
tpm_module/libhis_extendpcr.hpp
View File

@ -1,101 +0,0 @@
#ifndef libhis_extendpcr_hpp
#define libhis_extendpcr_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_extendpcr
{
public:
libhis_extendpcr()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
}
void extendpcr(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned long pcr_index,
unsigned char *hash,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//extend PCR value
UINT32 size;
BYTE *value;
result = Tspi_TPM_PcrExtend(htpm, pcr_index, 20, hash, 0, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Extend PCR", result);
//convert memory
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//free dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Free dynamic memory", result);
return;
}
~libhis_extendpcr()
{
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPOLICY hpolicy_tpm;
};
#endif

292
tpm_module/libhis_getkeyblob.hpp
View File

@ -1,292 +0,0 @@
#ifndef libhis_getkeyblob_hpp
#define libhis_getkeyblob_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_getkeyblob
{
public:
libhis_getkeyblob()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Context", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
}
void initidentity()
{
//set the type
init_key_type = TSS_KEY_TYPE_IDENTITY;
//set the key size
init_key_size = TSS_KEY_SIZE_DEFAULT;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initsign(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_SIGNING;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initbind(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_BIND;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initstorage(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_STORAGE;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void getkeyblob(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//get the keyblob
UINT32 size;
BYTE *value;
result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Get keyblob", result);
//copy out the results
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result);
return;
}
~libhis_getkeyblob()
{
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key;
TSS_HPOLICY hpolicy_srk,
hpolicy_key;
TSS_UUID uuid_key;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile;
bool binitialized;
};
#endif

439
tpm_module/libhis_getkeymodulus.hpp
View File

@ -1,439 +0,0 @@
#ifndef libhis_getkeymodulus_hpp
#define libhis_getkeymodulus_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_getkeymodulus
{
public:
libhis_getkeymodulus()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create EK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
}
void initidentity()
{
//set the type
init_key_type = TSS_KEY_TYPE_IDENTITY;
//set the key size
init_key_size = TSS_KEY_SIZE_DEFAULT;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initsign(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_SIGNING;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initbind(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_BIND;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
void initstorage(unsigned int in_size)
{
//set the type
init_key_type = TSS_KEY_TYPE_STORAGE;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
binitialized = true;
}
/*
* @Deprecated
*/
void getpubsrk(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//set up key container
UINT32 mod_size;
BYTE *mod_value;
//get the public EK
result = Tspi_TPM_OwnerGetSRKPubKey(htpm, &mod_size, &mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public SRK", result);
//copy out the SRK modulus
output_size = mod_size;
output_value = new unsigned char[mod_size];
for(unsigned long i = 0; i < mod_size; i++)
output_value[i] = mod_value[i];
//clean up SRK modulus
result = Tspi_Context_FreeMemory(hcontext, mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
}
/*
* @Deprecated
*/
void getpubek(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *nonce,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//assign the TPM auth to the EK
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result);
//set up nonce
validation.ulExternalDataLength = 20;
validation.rgbExternalData = nonce;
try
{
//get the public EK
result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
}
catch(libhis_exception &e)
{
//get the public EK the Atmel TPM in an Ultrabook way
result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
//let a second exception make its way upward (should be same error code)
}
//get the modulus
UINT32 mod_size;
BYTE *mod_value;
result = Tspi_GetAttribData(hkey_ek, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &mod_size, &mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Get EK Blob", result);
//copy out the EK modulus
output_size = mod_size;
output_value = new unsigned char[mod_size];
for(unsigned long i = 0; i < mod_size; i++)
output_value[i] = mod_value[i];
//clean up ek modulus
result = Tspi_Context_FreeMemory(hcontext, mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
}
void getkeymodulus(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//get the keyblob
UINT32 size;
BYTE *value;
result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Get modulus", result);
//copy out the results
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result);
return;
}
~libhis_getkeymodulus()
{
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//clean up EK object
result = Tspi_Context_CloseObject(hcontext, hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Close EK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_ek,
hkey_srk,
hkey_key,
hkey_unregister;
TSS_HPOLICY hpolicy_tpm,
hpolicy_srk,
hpolicy_key;
TSS_VALIDATION validation;
TSS_UUID uuid_key;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile;
bool binitialized;
};
#endif

182
tpm_module/libhis_getnvdata.hpp
View File

@ -1,182 +0,0 @@
#ifndef libhis_getnvdata_hpp
#define libhis_getnvdata_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include <trousers/trousers.h>
class libhis_getnvdata
{
public:
libhis_getnvdata()
{
//set defaults
nvstore_index = 0;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create NVSTore object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result);
}
void getnvdata(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned long nv_index,
unsigned char *&nv_value,
unsigned long &nv_size)
{
//set up the index value
bool nv_platform = false;
if(nv_index == 0)
nvstore_index = TPM_NV_INDEX_EKCert;
else if(nv_index == 1)
nvstore_index = TPM_NV_INDEX_TPM_CC;
else if(nv_index == 2) {
nvstore_index = TPM_NV_INDEX_PlatformCert;
nv_platform = true;
}
else if(nv_index == 3) {
nvstore_index = TPM_NV_INDEX_Platform_CC;
nv_platform = true;
}
else
nvstore_index = nv_index;
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
// Check if the NV area is locked. Must be performed after TPM AUTH.
TSS_BOOL nvLocked;
result = Tspi_TPM_GetStatus(htpm, TSS_TPMSTATUS_NV_LOCK, &nvLocked);
if (result != TSS_SUCCESS) throw libhis_exception("Check TPM NV Lock", result);
// If locked, set the bit in the index to retrieve the requested data. else, unset that bit.
nvstore_index = ((nvLocked == TRUE) && !nv_platform) ? nvstore_index + TSS_NV_DEFINED : nvstore_index & ~TSS_NV_DEFINED;
//assign the TPM auth to the NVStore
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result);
//force NVData to be readable by the owner only
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE);
if(result != TSS_SUCCESS) throw libhis_exception("Requier owner auth on NVStore read/write", result);
//set the read address
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index);
if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result);
//get the size
UINT32 size = 0;
BYTE *value = 0;
#ifdef WINDOWS
//read the size of the data at the index
result = Tspi_GetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_DATASIZE, 0, &size);
if(result != TSS_SUCCESS) throw libhis_exception("WINDOWS: Get size of NVStore object", result);
#endif
#ifdef LINUX
UINT32 ulResultLen; // stores the length of the data returned by GetCapability
// Retrieves a TPM_NV_DATA_PUBLIC structure that indicates the values for the specified NV area.
// The NV area is identified by the nvstore_index.
result = Tspi_TPM_GetCapability(htpm, TSS_TPMCAP_NV_INDEX, sizeof(UINT32),
(BYTE *)&nvstore_index, &ulResultLen, &value);
if(result == TSS_SUCCESS) {
UINT64 off = 0;
// value which is a BYTE* must be converted into its TSS Data Structure
TPM_NV_DATA_PUBLIC *nvDataPublicStruct = new TPM_NV_DATA_PUBLIC();
// Trousers converts the data blob into the struct
result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, value, nvDataPublicStruct);
if(result != TSS_SUCCESS) {
delete nvDataPublicStruct;
throw libhis_exception("LINUX: Problems converting data blob to NV Public Data object", result);
}
// Save off the size of the data stored in the NV area.
size = nvDataPublicStruct->dataSize;
// Free the memory.
delete nvDataPublicStruct;
}
#endif
if(size > 0) {
//read the nvdata
result = Tspi_NV_ReadValue(hnvstore, 0, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Read NVStore space", result);
//copy out the values
nv_size = size;
nv_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
nv_value[i] = value[i];
}
//cleanup
result = Tspi_Context_FreeMemory(hcontext, value);
// I'm not sure if this error message is useful. But it was stopping the process unnecessarily.
//if(result != TSS_SUCCESS) throw libhis_exception("Clean memory", result);
}
~libhis_getnvdata()
{
//clean up NVStoer
result = Tspi_Context_CloseObject(hcontext, hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPOLICY hpolicy_tpm;
TSS_HNVSTORE hnvstore;
UINT32 nvstore_index;
};
#endif

106
tpm_module/libhis_getpcr.hpp
View File

@ -1,106 +0,0 @@
#ifndef libhis_getpcr_hpp
#define libhis_getpcr_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_getpcr
{
public:
libhis_getpcr()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create PCRS object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
}
void getpcr(
unsigned char *mask,
unsigned char *&output_pcrs_value,
unsigned long &output_pcrs_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up mask
bool bitmask[24];
for(short i = 0; i < 24; i++)
bitmask[i] = 0;
masktobitmask(mask, bitmask);
//prepare the PCR output array
short counter = 0;
for(short i = 0; i < 24; i++)
if(bitmask[i]) counter++;
output_pcrs_size = counter * 20;
output_pcrs_value = new unsigned char[counter * 20];
//collect the PCR values
UINT32 temp_size;
BYTE *temp_value;
counter = 0;
for(unsigned long i = 0; i < 24; i++)
{
if(bitmask[i])
{
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
for(unsigned long j = 0; j < 20; j++)
output_pcrs_value[counter * 20 + j] = temp_value[j];
counter++;
result = Tspi_Context_FreeMemory(hcontext, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
}
}
return;
}
~libhis_getpcr()
{
//clean up PCRS
result = Tspi_Context_CloseObject(hcontext, hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPCRS hpcrs;
};
#endif

166
tpm_module/libhis_getpubkey.hpp
View File

@ -1,166 +0,0 @@
#ifndef libhis_getpubkey_hpp
#define libhis_getpubkey_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_getpubkey
{
public:
libhis_getpubkey()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create EK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
}
void getpubek(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *nonce,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//assign the TPM auth to the EK
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result);
//set up nonce
validation.ulExternalDataLength = 20;
validation.rgbExternalData = nonce;
try
{
//get the public EK
result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
}
catch(libhis_exception &e)
{
//get the public EK the Atmel TPM in an Ultrabook way
result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
//let a second exception make its way upward (should be same error code)
}
//get the modulus
UINT32 mod_size;
BYTE *mod_value;
result = Tspi_GetAttribData(hkey_ek, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &mod_size, &mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Get EK Blob", result);
//copy out the EK modulus
output_size = mod_size;
output_value = new unsigned char[mod_size];
for(unsigned long i = 0; i < mod_size; i++)
output_value[i] = mod_value[i];
//clean up ek modulus
result = Tspi_Context_FreeMemory(hcontext, mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
}
void getpubsrk(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//set up key container
UINT32 mod_size;
BYTE *mod_value;
//get the public EK
result = Tspi_TPM_OwnerGetSRKPubKey(htpm, &mod_size, &mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public SRK", result);
//copy out the SRK modulus
output_size = mod_size;
output_value = new unsigned char[mod_size];
for(unsigned long i = 0; i < mod_size; i++)
output_value[i] = mod_value[i];
//clean up SRK modulus
result = Tspi_Context_FreeMemory(hcontext, mod_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_ek;
TSS_HPOLICY hpolicy_tpm;
TSS_VALIDATION validation;
};
#endif

71
tpm_module/libhis_getrandombytes.hpp
View File

@ -1,71 +0,0 @@
#ifndef libhis_getrandombytes_hpp
#define libhis_getrandombytes_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_getrandombytes
{
public:
libhis_getrandombytes()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
}
void getrandombytes(
unsigned long bytes_size,
unsigned char *&output_value)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//get random bytes
BYTE *bytes_value;
result = Tspi_TPM_GetRandom(htpm, bytes_size, &bytes_value);
if(result != TSS_SUCCESS) throw libhis_exception("Get Random Bytes", result);
//copy C-style output into C++ format
output_value = new unsigned char[bytes_size];
for(unsigned long i = 0; i < bytes_size; i++)
{
output_value[i] = bytes_value[i];
}
//clean up random bytes
result = Tspi_Context_FreeMemory(hcontext, bytes_value);
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup bytes", result);
return;
}
~libhis_getrandombytes()
{
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
};
#endif

436
tpm_module/libhis_quote.hpp
View File

@ -1,436 +0,0 @@
#ifndef libhis_quote_hpp
#define libhis_quote_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_quote
{
public:
libhis_quote()
{
//set default values
init_ik_size = TSS_KEY_SIZE_DEFAULT;
init_ik_type = TSS_KEY_TYPE_IDENTITY;
init_ik_authorized = TSS_KEY_AUTHORIZATION;
init_ik_migratable = TSS_KEY_NOT_MIGRATABLE;
init_ik_volatile = TSS_KEY_VOLATILE;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create IK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result);
}
void init(bool bshort)
{
if(bshort)
{
//Create PCRS object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
}
else
{
//Create PCRS object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO, &hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
}
//combine the init flags
init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile;
//Create IK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result);
binitialized = true;
}
void quote(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_ik_value,
unsigned long auth_ik_size,
bool auth_ik_sha1,
unsigned char *nonce,
unsigned char *uuid_ik_value,
unsigned char *mask,
unsigned char *&output_pcrs_value,
unsigned long &output_pcrs_size,
unsigned char *&output_quote_value,
unsigned long &output_quote_size,
unsigned char *&output_sig_value,
unsigned long &output_sig_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the IK UUID
hextouuid(uuid_ik_value, uuid_ik);
//Get the IK by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result);
//set up IK auth
if(auth_ik_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
}
//assign the IK auth
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
//Unwrap the IK
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
//set up nonce
validation.ulExternalDataLength = 20;
validation.rgbExternalData = nonce;
//set up mask
bool bitmask[24];
for(short i = 0; i < 24; i++)
bitmask[i] = 0;
masktobitmask(mask, bitmask);
//prepare the PCR output array
short counter = 0;
for(short i = 0; i < 24; i++)
if(bitmask[i]) counter++;
output_pcrs_size = counter * 20;
output_pcrs_value = new unsigned char[counter * 20];
//collect the PCR values
UINT32 temp_size;
BYTE *temp_value;
counter = 0;
for(unsigned long i = 0; i < 24; i++)
{
if(bitmask[i])
{
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
result = Tspi_PcrComposite_SelectPcrIndex(hpcrs, i);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
for(unsigned long j = 0; j < 20; j++)
output_pcrs_value[counter * 20 + j] = temp_value[j];
counter++;
result = Tspi_Context_FreeMemory(hcontext, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
}
}
//quote
result = Tspi_TPM_Quote(htpm, hkey_ik, hpcrs, &validation);
if(result != TSS_SUCCESS) throw libhis_exception("Quote", result);
//copy values
output_quote_size = validation.ulDataLength;
output_quote_value = new unsigned char[validation.ulDataLength];
for(unsigned long i = 0; i < validation.ulDataLength; i++)
output_quote_value[i] = validation.rgbData[i];
result = Tspi_Context_FreeMemory(hcontext, validation.rgbData);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up digest", result);
output_sig_size = validation.ulValidationDataLength;
output_sig_value = new unsigned char [validation.ulValidationDataLength];
for(unsigned long i = 0; i < validation.ulValidationDataLength; i++)
output_sig_value[i] = validation.rgbValidationData[i];
result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up signature", result);
return;
}
void quote2(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_ik_value,
unsigned long auth_ik_size,
bool auth_ik_sha1,
unsigned char *nonce,
unsigned char *uuid_ik_value,
unsigned char *mask,
unsigned char *&output_pcrs_value,
unsigned long &output_pcrs_size,
unsigned char *&output_quote_value,
unsigned long &output_quote_size,
unsigned char *&output_sig_value,
unsigned long &output_sig_size,
bool bCapVersion)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the IK UUID
hextouuid(uuid_ik_value, uuid_ik);
//Get the IK by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result);
//set up IK auth
if(auth_ik_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
}
//assign the IK auth
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
//Unwrap the IK
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
//set up nonce
validation.ulExternalDataLength = 20;
validation.rgbExternalData = nonce;
//set up mask
bool bitmask[24];
for(short i = 0; i < 24; i++)
bitmask[i] = 0;
masktobitmask(mask, bitmask);
//prepare the PCR output array
short counter = 0;
for(short i = 0; i < 24; i++)
if(bitmask[i]) counter++;
output_pcrs_size = counter * 20;
output_pcrs_value = new unsigned char[counter * 20];
//collect the PCR values
UINT32 temp_size;
BYTE *temp_value;
counter = 0;
for(unsigned long i = 0; i < 24; i++)
{
if(bitmask[i])
{
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
for(unsigned long j = 0; j < 20; j++)
output_pcrs_value[counter * 20 + j] = temp_value[j];
counter++;
result = Tspi_Context_FreeMemory(hcontext, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
}
}
//quote2
BYTE* version_value;
UINT32 version_size;
//read PCR 10 again right before collecting the quote
if(bitmask[10])
{
//reread PCR 10
result = Tspi_TPM_PcrRead(htpm, 10, &temp_size, &temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
//read quote2
result = Tspi_TPM_Quote2(htpm, hkey_ik, bCapVersion, hpcrs, &validation, &version_size, &version_value);
if(result != TSS_SUCCESS) throw libhis_exception("Quote2", result);
//set value of PCR 10 in the PCR Composite
result = Tspi_PcrComposite_SetPcrValue(hpcrs, 10, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
for(unsigned long j = 0; j < 20; j++)
output_pcrs_value[10 * 20 + j] = temp_value[j];
result = Tspi_Context_FreeMemory(hcontext, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
} else {
//read quote2 without rereading PCR 10
result = Tspi_TPM_Quote2(htpm, hkey_ik, bCapVersion, hpcrs, &validation, &version_size, &version_value);
if(result != TSS_SUCCESS) throw libhis_exception("Quote2", result);
}
//copy values
output_quote_size = validation.ulDataLength;
output_quote_value = new unsigned char[validation.ulDataLength];
for(unsigned long i = 0; i < validation.ulDataLength; i++)
output_quote_value[i] = validation.rgbData[i];
result = Tspi_Context_FreeMemory(hcontext, validation.rgbData);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up digest", result);
output_sig_size = validation.ulValidationDataLength;
output_sig_value = new unsigned char [validation.ulValidationDataLength];
for(unsigned long i = 0; i < validation.ulValidationDataLength; i++)
output_sig_value[i] = validation.rgbValidationData[i];
result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up signature", result);
result = Tspi_Context_FreeMemory(hcontext, version_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up version info", result);
return;
}
~libhis_quote()
{
//clean up IK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result);
if(binitialized)
{
//clean up PCRS
result = Tspi_Context_CloseObject(hcontext, hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
//clean up IK
result = Tspi_Context_CloseObject(hcontext, hkey_ik);
if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_ik;
TSS_HPOLICY hpolicy_srk,
hpolicy_ik;
TSS_NONCE nonce;
TSS_VALIDATION validation;
TSS_UUID uuid_ik;
TSS_HPCRS hpcrs;
UINT32 init_ik,
init_ik_size,
init_ik_type,
init_ik_authorized,
init_ik_migratable,
init_ik_volatile;
bool binitialized;
};
#endif

347
tpm_module/libhis_seal.hpp
View File

@ -1,347 +0,0 @@
#ifndef libhis_seal_hpp
#define libhis_seal_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_seal
{
public:
libhis_seal()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create PCRS object
#ifdef WINDOWS
//Windows and NTru are capable of unsealing all PCRS structures so use 1.2 LONG for full 24 PCR support
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
#endif
#ifdef LINUX
//Linux and Trousers CANNOT unseal 1.2 LONG or SHORT PCRS structures so use the legacy 1.1 structure with 16 PCR limit
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO, &hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
#endif
//Create ENCData object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
//Create ENCData policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
}
void seal(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_enc_value,
unsigned long auth_enc_size,
bool auth_enc_sha1,
unsigned char *mask,
unsigned char *payload_value,
unsigned long payload_size,
unsigned char *&output_enc_value,
unsigned long &output_enc_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//set up ENCData auth
if(auth_enc_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
}
//assign the ENCData auth
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
//set up mask
bool bitmask[24];
for(short i = 0; i < 24; i++)
bitmask[i] = 0;
masktobitmask(mask, bitmask);
//collect the PCR values
UINT32 temp_size;
BYTE *temp_value;
#ifdef WINDOWS
for(unsigned long i = 0; i < 24; i++) //all PCRs available in SHORT or LONG
#endif
#ifdef LINUX
for(unsigned long i = 0; i < 16; i++) //we cannot use all PCRs in Linux mode due to legacy PCRS structure
#endif
{
if(bitmask[i])
{
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
//don't do this for regular seal because creation PCRs are meaningless in this context
//result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_CREATION);
//if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at creation", result);
#ifdef WINDOWS
//use EX functions because we are PCRS LONG
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at release", result);
#endif
#ifdef LINUX
//cannot use EX functions
result = Tspi_PcrComposite_SelectPcrIndex(hpcrs, i);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index legacy mode", result);
#endif
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
result = Tspi_Context_FreeMemory(hcontext, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
}
}
//Seal data
result = Tspi_Data_Seal(hencdata, hkey_srk, payload_size, payload_value, hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Seal data", result);
//Get the sealed data blob
BYTE *value;
UINT32 size;
result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Get sealed data blob", result);
//copy over memory
output_enc_size = size;
output_enc_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_enc_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
return;
}
void seal2(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_enc_value,
unsigned long auth_enc_size,
bool auth_enc_sha1,
unsigned char *mask,
unsigned char *payload_value,
unsigned long payload_size,
unsigned char *release_value,
unsigned long release_size,
unsigned char *&output_enc_value,
unsigned long &output_enc_size)
{
#ifdef LINUX
//don't even let the users do seal2 because TSS_PCRS_STRUCT_INFO_LONG does not work for unsealing in Linux
if(result != TSS_SUCCESS) throw libhis_exception("Command disabled in Linux due to TSS_PCRS_STRUCT_INFO_LONG unseal defect", TPM_E_DISABLED_CMD);
#endif
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//set up ENCData auth
if(auth_enc_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
}
//assign the ENCData auth
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
//set up mask
bool bitmask[24];
for(short i = 0; i < 24; i++)
bitmask[i] = 0;
masktobitmask(mask, bitmask);
//collect the PCR values
UINT32 temp_size;
BYTE *temp_value;
short counter = 0;
for(unsigned long i = 0; i < 24; i++)
{
if(bitmask[i])
{
//set the creation value
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_CREATION);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at creation", result);
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
result = Tspi_Context_FreeMemory(hcontext, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
//set the release value
temp_value = new unsigned char[20];
for(short j = 0; j < 20; j++)
temp_value[j] = release_value[j + counter * 20];
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at release", result);
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
delete [] temp_value;
}
}
//Seal data
result = Tspi_Data_Seal(hencdata, hkey_srk, payload_size, payload_value, hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Seal data", result);
//Get the sealed data blob
BYTE *value;
UINT32 size;
result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Get sealed data blob", result);
//copy over memory
output_enc_size = size;
output_enc_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_enc_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
return;
}
~libhis_seal()
{
//clean up ENCData policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
//Clean up ENCData
result = Tspi_Context_CloseObject(hcontext, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
//clean up PCRS
result = Tspi_Context_CloseObject(hcontext, hpcrs);
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk;
TSS_HPOLICY hpolicy_srk,
hpolicy_enc;
TSS_HPCRS hpcrs;
TSS_HENCDATA hencdata;
};
#endif

131
tpm_module/libhis_setnvdata.hpp
View File

@ -1,131 +0,0 @@
#ifndef libhis_setnvdata_hpp
#define libhis_setnvdata_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_setnvdata
{
public:
libhis_setnvdata()
{
//set defaults
nvstore_index = 0;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create NVSTore object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result);
}
void setnvdata(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned long nv_index,
unsigned char *nv_value,
unsigned long nv_size)
{
//set up the index value
if(nv_index == 0)
nvstore_index = TPM_NV_INDEX_EKCert;
else if(nv_index == 1)
nvstore_index = TPM_NV_INDEX_TPM_CC;
else if(nv_index == 2)
nvstore_index = TPM_NV_INDEX_PlatformCert;
else if(nv_index == 3)
nvstore_index = TPM_NV_INDEX_Platform_CC;
else
nvstore_index = nv_index;
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//assign the TPM auth to the NVStore
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result);
//set the write address
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index);
if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result);
//force NVData to be readable by the owner only
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE);
if(result != TSS_SUCCESS) throw libhis_exception("Require owner auth on NVStore read/write", result);
//set the size
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_DATASIZE, 0, nv_size);
if(result != TSS_SUCCESS) throw libhis_exception("Set size of NVStore object", result);
//define the space we need
result = Tspi_NV_DefineSpace(hnvstore, 0, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Define NVStore space", result);
//write the value using the weird way the TSS does it
result = Tspi_NV_WriteValue(hnvstore, 0, nv_size, nv_value);
if(result != TSS_SUCCESS) throw libhis_exception("Write NVData", result);
}
~libhis_setnvdata()
{
//clean up NVStoer
result = Tspi_Context_CloseObject(hcontext, hnvstore);
if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HPOLICY hpolicy_tpm;
TSS_HNVSTORE hnvstore;
UINT32 nvstore_index;
};
#endif

236
tpm_module/libhis_sign.hpp
View File

@ -1,236 +0,0 @@
#ifndef libhis_sign_hpp
#define libhis_sign_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_sign
{
public:
libhis_sign()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
init_key_scheme = 0;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
//create hash object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hhash);
if(result != TSS_SUCCESS) throw libhis_exception("Create hash object", result);
}
void initsign(unsigned int in_size, unsigned int in_scheme)
{
//set the type
init_key_type = TSS_KEY_TYPE_SIGNING;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//set the signature scheme
if(in_scheme == 0)
init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
else if(in_scheme == 1)
init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER;
else
init_key_scheme = TSS_SS_NONE;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
//Set the signature scheme
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme);
if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result);
binitialized = true;
}
void sign(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
unsigned char *hash,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//set hash value
result = Tspi_Hash_UpdateHashValue(hhash, 20, hash);
if(result != TSS_SUCCESS) throw libhis_exception("Set hash value", result);
//sign data
UINT32 size = 0;
BYTE *value = 0;
result = Tspi_Hash_Sign(hhash, hkey_key, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Sign", result);
//copy dynamic values
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//cleanup
Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Free memory", result);
}
~libhis_sign()
{
//clean up hash object
result = Tspi_Context_CloseObject(hcontext, hhash);
if(result != TSS_SUCCESS) throw libhis_exception("Close hash object", result);
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key;
TSS_HPOLICY hpolicy_srk,
hpolicy_key;
TSS_UUID uuid_key;
TSS_HHASH hhash;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile,
init_key_scheme;
bool binitialized;
};
#endif

168
tpm_module/libhis_takeownership.hpp
View File

@ -1,168 +0,0 @@
#ifndef libhis_takeownership_hpp
#define libhis_takeownership_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
class libhis_takeownership
{
public:
libhis_takeownership()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create EK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create TPM policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
}
void takeownership(
unsigned char *auth_tpm_value,
unsigned long auth_tpm_size,
bool auth_tpm_sha1,
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *nonce)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//set up TPM auth
if(auth_tpm_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
}
//assign the TPM auth to the TPM
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
//assign the TPM auth to the EK
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result);
//set up nonce
validation.ulExternalDataLength = 20;
validation.rgbExternalData = nonce;
try
{
//get the public EK
result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
}
catch(libhis_exception &e)
{
//get the public EK the Atmel TPM in an Ultrabook way
result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
//let a second exception make its way upward (rare)
}
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//take ownership of the TPM
result = Tspi_TPM_TakeOwnership(htpm, hkey_srk, hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Take Ownership", result);
//clean up validation data
result = Tspi_Context_FreeMemory(hcontext, validation.rgbData);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up rgbData", result);
result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData);
if(result != TSS_SUCCESS) throw libhis_exception("Clean up rgbValidationData", result);
//test the SRK to make sure it actually works (required for NTru because TakeOwnership sometimes doesn't execute RegisterKey for SRK)
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Test the SRK", result);
return;
}
~libhis_takeownership()
{
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up TPM policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//clean up EK object
result = Tspi_Context_CloseObject(hcontext, hkey_ek);
if(result != TSS_SUCCESS) throw libhis_exception("Close EK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_ek,
hkey_srk;
TSS_HPOLICY hpolicy_tpm,
hpolicy_srk;
TSS_VALIDATION validation;
};
#endif

270
tpm_module/libhis_unbind.hpp
View File

@ -1,270 +0,0 @@
#ifndef libhis_unbind_hpp
#define libhis_unbind_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_unbind
{
public:
libhis_unbind()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
init_key_scheme = 0;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
//Create ENCData object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
//Create ENCData policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
}
void initbind(unsigned int in_size, unsigned int in_scheme)
{
//set the type
init_key_type = TSS_KEY_TYPE_BIND;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//set the encryption scheme
if(in_scheme == 0)
init_key_scheme = TSS_ES_RSAESPKCSV15;
else if(in_scheme == 1)
init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
else if(in_scheme == 2)
init_key_scheme = TSS_ES_SYM_CNT;
else if(in_scheme == 3)
init_key_scheme = TSS_ES_SYM_OFB;
else if(in_scheme == 4)
init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD;
else
init_key_scheme = TSS_ES_NONE;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
//Set the encryption scheme
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme);
if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result);
binitialized = true;
}
void unbind(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *auth_enc_value,
unsigned long auth_enc_size,
bool auth_enc_sha1,
unsigned char *uuid_key_value,
unsigned char *payload_value,
unsigned long payload_size,
unsigned char *&output_value,
unsigned long &output_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//install the encrypted data blob into hencdata object
result = Tspi_SetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, payload_size, payload_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set encrypted data blob", result);
//set up ENCData auth
if(auth_enc_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
}
//assign the ENCData auth
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
//unseal the data
BYTE *value;
UINT32 size;
result = Tspi_Data_Unbind(hencdata, hkey_key, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Unbind", result);
output_size = size;
output_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
}
~libhis_unbind()
{
//clean up ENCData policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
//Clean up ENCData
result = Tspi_Context_CloseObject(hcontext, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key;
TSS_HPOLICY hpolicy_srk,
hpolicy_key,
hpolicy_enc;
TSS_UUID uuid_key;
TSS_HENCDATA hencdata;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile,
init_key_scheme;
bool binitialized;
};
#endif

157
tpm_module/libhis_unseal.hpp
View File

@ -1,157 +0,0 @@
#ifndef libhis_unseal_hpp
#define libhis_unseal_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_unseal
{
public:
libhis_unseal()
{
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create ENCData object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
//Create ENCData policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
}
void unseal(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_enc_value,
unsigned long auth_enc_size,
bool auth_enc_sha1,
unsigned char *payload_value,
unsigned long payload_size,
unsigned char *&output_enc_value,
unsigned long &output_enc_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//install the encrypted data blob into hencdata object
result = Tspi_SetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, payload_size, payload_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set encrypted data blob", result);
//set up ENCData auth
if(auth_enc_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
}
//assign the ENCData auth
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
//unseal the data
BYTE *value;
UINT32 size;
result = Tspi_Data_Unseal(hencdata, hkey_srk, &size, &value);
if(result != TSS_SUCCESS) throw libhis_exception("Unseal", result);
output_enc_size = size;
output_enc_value = new unsigned char[size];
for(unsigned long i = 0; i < size; i++)
output_enc_value[i] = value[i];
//clean up dynamic memory
result = Tspi_Context_FreeMemory(hcontext, value);
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
return;
}
~libhis_unseal()
{
//clean up ENCData policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
//Clean up ENCData
result = Tspi_Context_CloseObject(hcontext, hencdata);
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk;
TSS_HPOLICY hpolicy_srk,
hpolicy_enc;
TSS_HPCRS hpcrs;
TSS_HENCDATA hencdata;
};
#endif

367
tpm_module/libhis_utils.hpp
View File

@ -1,367 +0,0 @@
#ifndef libhis_utils_hpp
#define libhis_utils_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
void hextouuid(unsigned char *hex, TSS_UUID &uuid)
{
//process the unsigned long leading the UUID
for(short i = 0; i < 8; i++)
{
if(hex[i] >= 48 && hex[i] <= 57)
hex[i] -= 48;
else if(hex[i] >= 65 && hex[i] <= 70)
hex[i] -= 55;
else if(hex[i] >= 97 && hex[i] <= 102)
hex[i] -= 87;
else
throw libhis_exception("UUID validation failure", 420);
}
uuid.ulTimeLow = hex[0] * 268435456 + hex[1] * 16777216 + hex[2] * 1048576 +
hex[3] * 65536 + hex[4] * 4096 + hex[5] * 256 + hex[6] * 16 + hex[7];
//process the unsigned short for midtime
for(short i = 9; i < 13; i++)
{
if(hex[i] >= 48 && hex[i] <= 57)
hex[i] -= 48;
else if(hex[i] >= 65 && hex[i] <= 70)
hex[i] -= 55;
else if(hex[i] >= 97 && hex[i] <= 102)
hex[i] -= 87;
else
throw libhis_exception("UUID validation failure", 421);
}
uuid.usTimeMid = hex[9] * 4096 + hex[10] * 256 + hex[11] * 16 + hex[12];
//process the unsigned short for hightime
for(short i = 14; i < 18; i++)
{
if(hex[i] >= 48 && hex[i] <= 57)
hex[i] -= 48;
else if(hex[i] >= 65 && hex[i] <= 70)
hex[i] -= 55;
else if(hex[i] >= 97 && hex[i] <= 102)
hex[i] -= 87;
else
throw libhis_exception("UUID validation failure", 422);
}
uuid.usTimeHigh = hex[14] * 4096 + hex[15] * 256 + hex[16] * 16 + hex[17];
//process bClockSeqHigh
for(short i = 19; i < 21; i++)
{
if(hex[i] >= 48 && hex[i] <= 57)
hex[i] -= 48;
else if(hex[i] >= 65 && hex[i] <= 70)
hex[i] -= 55;
else if(hex[i] >= 97 && hex[i] <= 102)
hex[i] -= 87;
else
throw libhis_exception("UUID validation failure", 423);
}
uuid.bClockSeqHigh = hex[19] * 16 + hex[20];
//process bClockSeqLow
for(short i = 21; i < 23; i++)
{
if(hex[i] >= 48 && hex[i] <= 57)
hex[i] -= 48;
else if(hex[i] >= 65 && hex[i] <= 70)
hex[i] -= 55;
else if(hex[i] >= 97 && hex[i] <= 102)
hex[i] -= 87;
else
throw libhis_exception("UUID validation failure", 424);
}
uuid.bClockSeqLow = hex[21] * 16 + hex[22];
//process final 6 byte array
for(short i = 24; i < 36; i++)
{
if(hex[i] >= 48 && hex[i] <= 57)
hex[i] -= 48;
else if(hex[i] >= 65 && hex[i] <= 70)
hex[i] -= 55;
else if(hex[i] >= 97 && hex[i] <= 102)
hex[i] -= 87;
else
throw libhis_exception("UUID validation failure", 425);
}
uuid.rgbNode[0] = hex[24] * 16 + hex[25];
uuid.rgbNode[1] = hex[26] * 16 + hex[27];
uuid.rgbNode[2] = hex[28] * 16 + hex[29];
uuid.rgbNode[3] = hex[30] * 16 + hex[31];
uuid.rgbNode[4] = hex[32] * 16 + hex[33];
uuid.rgbNode[5] = hex[34] * 16 + hex[35];
return;
}
/*
* masktobitmask function that does it the screwed up TCG way
*/
void masktobitmask(unsigned char *mask, bool binarray[24])
{
int sequence[] = {1, 0, 3, 2, 5, 4};
int i;
//convert hex values to binary values while validating
for(short j = 0; j < 6; j++)
{
i = sequence[j];
switch(mask[i])
{
case 48: //0
{
break;
}
case 49: //1
{
binarray[j * 4 + 0] = true;
break;
}
case 50: //2
{
binarray[j * 4 + 1] = true;
break;
}
case 51: //3
{
binarray[j * 4 + 0] = true;
binarray[j * 4 + 1] = true;
break;
}
case 52: //4
{
binarray[j * 4 + 2] = true;
break;
}
case 53: //5
{
binarray[j * 4 + 0] = true;
binarray[j * 4 + 2] = true;
break;
}
case 54: //6
{
binarray[j * 4 + 1] = true;
binarray[j * 4 + 2] = true;
break;
}
case 55: //7
{
binarray[j * 4 + 0] = true;
binarray[j * 4 + 1] = true;
binarray[j * 4 + 2] = true;
break;
}
case 56: //8
{
binarray[j * 4 + 3] = true;
break;
}
case 57: //9
{
binarray[j * 4 + 0] = true;
binarray[j * 4 + 3] = true;
break;
}
case 65: //a
case 97: //A
{
binarray[j * 4 + 1] = true;
binarray[j * 4 + 3] = true;
break;
}
case 66: //b
case 98: //B
{
binarray[j * 4 + 0] = true;
binarray[j * 4 + 1] = true;
binarray[j * 4 + 3] = true;
break;
}
case 67: //c
case 99: //C
{
binarray[j * 4 + 2] = true;
binarray[j * 4 + 3] = true;
break;
}
case 68: //d
case 100: //D
{
binarray[j * 4 + 0] = true;
binarray[j * 4 + 2] = true;
binarray[j * 4 + 3] = true;
break;
}
case 69: //e
case 101: //E
{
binarray[j * 4 + 1] = true;
binarray[j * 4 + 2] = true;
binarray[j * 4 + 3] = true;
break;
}
case 70: //f
case 102: //F
{
binarray[j * 4 + 0] = true;
binarray[j * 4 + 1] = true;
binarray[j * 4 + 2] = true;
binarray[j * 4 + 3] = true;
break;
}
default:
{
throw libhis_exception("Mask validation failure", 430);
}
}
}
return;
}
/*
* Original masktobitmask function.
*/
/*void masktobitmask(unsigned char *mask, bool binarray[24])
{
//convert hex values to binary values while validating
for(short i = 0; i < 6; i++)
{
switch(mask[i])
{
case 48: //0
{
break;
}
case 49: //1
{
binarray[i * 4 + 3] = true;
break;
}
case 50: //2
{
binarray[i * 4 + 2] = true;
break;
}
case 51: //3
{
binarray[i * 4 + 3] = true;
binarray[i * 4 + 2] = true;
break;
}
case 52: //4
{
binarray[i * 4 + 1] = true;
break;
}
case 53: //5
{
binarray[i * 4 + 3] = true;
binarray[i * 4 + 1] = true;
break;
}
case 54: //6
{
binarray[i * 4 + 2] = true;
binarray[i * 4 + 1] = true;
break;
}
case 55: //7
{
binarray[i * 4 + 3] = true;
binarray[i * 4 + 2] = true;
binarray[i * 4 + 1] = true;
break;
}
case 56: //8
{
binarray[i * 4 + 0] = true;
break;
}
case 57: //9
{
binarray[i * 4 + 3] = true;
binarray[i * 4 + 0] = true;
break;
}
case 65: //a
case 97: //A
{
binarray[i * 4 + 2] = true;
binarray[i * 4 + 0] = true;
break;
}
case 66: //b
case 98: //B
{
binarray[i * 4 + 3] = true;
binarray[i * 4 + 2] = true;
binarray[i * 4 + 0] = true;
break;
}
case 67: //c
case 99: //C
{
binarray[i * 4 + 1] = true;
binarray[i * 4 + 0] = true;
break;
}
case 68: //d
case 100: //D
{
binarray[i * 4 + 3] = true;
binarray[i * 4 + 1] = true;
binarray[i * 4 + 0] = true;
break;
}
case 69: //e
case 101: //E
{
binarray[i * 4 + 2] = true;
binarray[i * 4 + 1] = true;
binarray[i * 4 + 0] = true;
break;
}
case 70: //f
case 102: //F
{
binarray[i * 4 + 3] = true;
binarray[i * 4 + 2] = true;
binarray[i * 4 + 1] = true;
binarray[i * 4 + 0] = true;
break;
}
default:
{
throw libhis_exception("Mask validation failure", 1);
}
}
}
return;
}*/
#endif

224
tpm_module/libhis_verifysignature.hpp
View File

@ -1,224 +0,0 @@
#ifndef libhis_verifysignature_hpp
#define libhis_verifysignature_hpp
#ifdef WINDOWS
#include "tspi.h"
#include "tss_error.h"
#include "tss_defines.h"
#endif
#ifdef LINUX
#include <tss/tspi.h>
#include <tss/tss_error.h>
#include <tss/tss_defines.h>
#endif
#include "libhis_exception.hpp"
#include "libhis_utils.hpp"
class libhis_verifysignature
{
public:
libhis_verifysignature()
{
//set default values
init_key_size = TSS_KEY_SIZE_DEFAULT;
init_key_type = TSS_KEY_TYPE_DEFAULT;
init_key_authorized = TSS_KEY_AUTHORIZATION;
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
init_key_volatile = TSS_KEY_VOLATILE;
init_key_scheme = 0;
binitialized = false;
//create a context object
result = Tspi_Context_Create(&hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
//create an SRK object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
//Create SRK policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
//Create key policy
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
//create hash object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hhash);
if(result != TSS_SUCCESS) throw libhis_exception("Create hash object", result);
}
void initsign(unsigned int in_size, unsigned int in_scheme)
{
//set the type
init_key_type = TSS_KEY_TYPE_SIGNING;
//set the key size
if(in_size == 0)
init_key_size = TSS_KEY_SIZE_DEFAULT;
else if(in_size == 512)
init_key_size = TSS_KEY_SIZE_512;
else if(in_size == 1024)
init_key_size = TSS_KEY_SIZE_1024;
else if(in_size == 2048)
init_key_size = TSS_KEY_SIZE_2048;
else if(in_size == 4096)
init_key_size = TSS_KEY_SIZE_4096;
else if(in_size == 8192)
init_key_size = TSS_KEY_SIZE_8192;
else if(in_size == 16384)
init_key_size = TSS_KEY_SIZE_16384;
else throw libhis_exception("Invalid key size", 400);
//set the signature scheme
if(in_scheme == 0)
init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
else if(in_scheme == 1)
init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER;
else
init_key_scheme = TSS_SS_NONE;
//combine the init flags
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
//Create key object
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
//Set the signature scheme
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme);
if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result);
binitialized = true;
}
void verifysignature(
unsigned char *auth_srk_value,
unsigned long auth_srk_size,
bool auth_srk_sha1,
unsigned char *auth_key_value,
unsigned long auth_key_size,
bool auth_key_sha1,
unsigned char *uuid_key_value,
unsigned char *hash,
unsigned char *signature_value,
unsigned long signature_size)
{
//establish a session
result = Tspi_Context_Connect(hcontext, 0);
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
//get the TPM object
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
//load the SRK
TSS_UUID uuid_srk = TSS_UUID_SRK;
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
//set up SRK auth
if(auth_srk_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
}
//assign the SRK auth
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
//Set up the key UUID
hextouuid(uuid_key_value, uuid_key);
//Get the key by UUID
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
//set up key auth
if(auth_key_sha1)
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
}
else
{
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
}
//assign the key auth
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
//Unwrap the key
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
//set hash value
result = Tspi_Hash_UpdateHashValue(hhash, 20, hash);
if(result != TSS_SUCCESS) throw libhis_exception("Set hash value", result);
//verify signature data
result = Tspi_Hash_VerifySignature(hhash, hkey_key, signature_size, signature_value);
if(result != TSS_SUCCESS) throw libhis_exception("Verify signature", result);
}
~libhis_verifysignature()
{
//clean up hash object
result = Tspi_Context_CloseObject(hcontext, hhash);
if(result != TSS_SUCCESS) throw libhis_exception("Close hash object", result);
//clean up key policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
if(binitialized)
{
//clean up key
result = Tspi_Context_CloseObject(hcontext, hkey_key);
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
}
//clean up SRK policy
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
//clean up SRK object
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
//close context
result = Tspi_Context_Close(hcontext);
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
}
private:
TSS_RESULT result;
TSS_HCONTEXT hcontext;
TSS_HTPM htpm;
TSS_HKEY hkey_srk,
hkey_key;
TSS_HPOLICY hpolicy_srk,
hpolicy_key;
TSS_UUID uuid_key;
TSS_HHASH hhash;
UINT32 init_key,
init_key_size,
init_key_type,
init_key_authorized,
init_key_migratable,
init_key_volatile,
init_key_scheme;
bool binitialized;
};
#endif

31
tpm_module/main.cpp
View File

@ -1,31 +0,0 @@
/**
* When compiling in Linux define LINUX. When compiling in Windows define
* WINDOWS. This software is designed to be compiled on either platform without
* modification. Simply set the preprocessor definitions and the code will take
* care of the rest.
*/
/**
* This software was originally implemented as a static library. However,
* requirements changed and it resumed existing as a command line-driven
* executable. The libhis header files are designed such that you could easily
* break them out into their own library. They do not require inclusion of TCG
* headers or the use of TCG data structures. All input is handled with standard
* C++ types.
*/
#include "libhis_cli.hpp"
#ifdef LINUX
int main(int argc, char **argv)
#endif
#ifdef WINDOWS
unsigned long main(int argc, char **argv)
#endif
{
//provide all arguments to our controller class
libhis_cli test(argc, argv);
//return the integer result from our controller class's execution function
return test.cli();
}

58
tpm_module/makefile
View File

@ -1,58 +0,0 @@
################################################################################
# Automatically-generated file. Do not edit!
################################################################################
-include makefile.init
RM := rm -rf
# All of the sources participating in the build are defined here
-include sources.mk
-include subdir.mk
-include objects.mk
ifneq ($(MAKECMDGOALS),clean)
ifneq ($(strip $(C++_DEPS)),)
-include $(C++_DEPS)
endif
ifneq ($(strip $(C_DEPS)),)
-include $(C_DEPS)
endif
ifneq ($(strip $(CC_DEPS)),)
-include $(CC_DEPS)
endif
ifneq ($(strip $(CPP_DEPS)),)
-include $(CPP_DEPS)
endif
ifneq ($(strip $(CXX_DEPS)),)
-include $(CXX_DEPS)
endif
ifneq ($(strip $(C_UPPER_DEPS)),)
-include $(C_UPPER_DEPS)
endif
endif
-include makefile.defs
# Add inputs and outputs from these tool invocations to the build variables
# All Target
all: tpm_module
# Tool invocations
tpm_module: $(OBJS) $(USER_OBJS)
@echo 'Building target: $@'
@echo 'Invoking: GCC C++ Linker'
g++ -o "tpm_module" $(OBJS) $(USER_OBJS) $(LIBS)
@echo 'Finished building target: $@'
@echo ' '
# Other Targets
clean:
-$(RM) $(OBJS)$(C++_DEPS)$(C_DEPS)$(CC_DEPS)$(CPP_DEPS)$(EXECUTABLES)$(CXX_DEPS)$(C_UPPER_DEPS) tpm_module
-@echo ' '
.PHONY: all clean dependents
.SECONDARY:
-include makefile.targets

111
tpm_module/man/tpm_module.1
View File

@ -1,111 +0,0 @@
.TH TPM_MODULE 1 "January 11, 2018"
.sp 1
.SH NAME
tpm_module \- interact with the TPM
.SH SYNOPSIS
.B tpm_module
[\-m <mode>] [\-options]
.SH DESCRIPTION
Provide various modes for interacting with the TPM.
.SH MODES
1 Take Ownership of TPM
.br
2 Change Owner Authorization Data
.br
3 Clear Ownership (Disables TPM)
.br
4 Create EK
.br
5 Change SRK Authorization Data
.br
6 Collate Identity Request (Create Identity Key)
.br
7 Activate Identity (Create Identity Key Certificate)
.br
8 Quote
.br
9 Quote 2
.br
10 Seal Data (Encrypt Data to Current Platform State)
.br
11 Seal 2 (Seal Against Future PCRs)
.br
12 Unseal Data
.br
13 Generate Random Bytes
.br
14 Create Signing, Binding, or Storage Key
.br
15 Change Key Authorization Data
.br
16 Get Keyblob
.br
17 Get Key Modulus
.br
18 Clear Key
.br
19 Get PCR
.br
20 Extend PCR (Update PCR Value)
.br
21 Clear PCR
.br
22 Set NVRAM Data
.br
23 Get NVRAM Data
.br
24 Clear NVRAM Data
.br
25 Sign Data
.br
26 Verify Signed Data
.br
27 Bind
.br
28 Unbind
.br
29 Get Public Key
.SH OPTIONS
.B \-h, \-\-help
.IP
display help, use with -m to see help/options for individual modes
.P
.B \-v, \-\-version
.IP
display software version info
.P
.B \-d, \-\-debug
.IP
enable console debugging
.P
.B \-f, \-\-file
.IP
write debugging info to file
.P
.B \-z, \-\-zeros
.IP
fill in authdata with zeroes
.P
.B \-r, \-\-readable
.IP
make output human-readable with delimiters
.P
.B \-nr, \-\-nonce_random
.IP
populate nonce with TPM's random byte generator
.SH EXAMPLES
Take ownership of TPM using a specific nonce and zeroes for auth data:
.IP
tpm_module \-m 1 \-n 0123456789012345678901234567890123456789 \-z
.P
Get help with collate identity request mode:
.IP
tpm_module \-m 6 \-h
.P
Generate a quote2 using the first 16 PCRs, random nonce, identity key with
simple UUID, and omitted SRK auth as zeroes:
.IP
tpm_module \-m 9 \-p ffff00 \-nr \-u 00000000\-0000\-0000\-0000\-040000000001 \-authp_ik password \-z
.SH SEE ALSO
hirs-provisioner(1)

8
tpm_module/objects.mk
View File

@ -1,8 +0,0 @@
################################################################################
# Automatically-generated file. Do not edit!
################################################################################
USER_OBJS :=
LIBS := -ltspi

27
tpm_module/sources.mk
View File

@ -1,27 +0,0 @@
################################################################################
# Automatically-generated file. Do not edit!
################################################################################
O_SRCS :=
CPP_SRCS :=
C_UPPER_SRCS :=
C_SRCS :=
S_UPPER_SRCS :=
OBJ_SRCS :=
ASM_SRCS :=
CXX_SRCS :=
C++_SRCS :=
CC_SRCS :=
OBJS :=
C++_DEPS :=
C_DEPS :=
CC_DEPS :=
CPP_DEPS :=
EXECUTABLES :=
CXX_DEPS :=
C_UPPER_DEPS :=
# Every subdirectory with source files must be described here
SUBDIRS := \
. \

24
tpm_module/subdir.mk
View File

@ -1,24 +0,0 @@
################################################################################
# Automatically-generated file. Do not edit!
################################################################################
# Add inputs and outputs from these tool invocations to the build variables
CPP_SRCS += \
main.cpp
OBJS += \
main.o
CPP_DEPS += \
main.d
# Each subdirectory must supply rules for building sources it contributes
%.o: %.cpp
@echo 'Building file: $<'
@echo 'Invoking: GCC C++ Compiler'
g++ -DLINUX -I"./tpm_module" -O3 -Wall -c -fmessage-length=0 -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -o "$@" "$<"
@echo 'Finished building: $<'
@echo ' '