diff --git a/tpm_module/build.gradle b/tpm_module/build.gradle deleted file mode 100644 index 25a43c35..00000000 --- a/tpm_module/build.gradle +++ /dev/null @@ -1,15 +0,0 @@ -task make(type: Exec) { - outputs.file 'tpm_module' - inputs.dir fileTree(dir: '.').include('main.cpp').include('*.hpp') - commandLine 'make' -} - -task cleanUp() { - delete 'tpm_module', 'main.d', 'main.o' -} - -task fullBuild(type: GradleBuild) { - tasks = ['cleanUp', 'make'] -} - -build.dependsOn tasks.fullBuild diff --git a/tpm_module/debian/changelog b/tpm_module/debian/changelog deleted file mode 100644 index 34ce9adc..00000000 --- a/tpm_module/debian/changelog +++ /dev/null @@ -1,5 +0,0 @@ -tpm-module (3.11) trusty; urgency=low - - * Initial release - - -- HIRS Thu, 05 Feb 2015 17:44:25 -0500 diff --git a/tpm_module/debian/compat b/tpm_module/debian/compat deleted file mode 100644 index ec635144..00000000 --- a/tpm_module/debian/compat +++ /dev/null @@ -1 +0,0 @@ -9 diff --git a/tpm_module/debian/control b/tpm_module/debian/control deleted file mode 100644 index 39b8d11f..00000000 --- a/tpm_module/debian/control +++ /dev/null @@ -1,13 +0,0 @@ -Source: tpm-module -Section: admin -Priority: optional -Maintainer: HIRS -Build-Depends: debhelper (>= 9) -Standards-Version: 3.9.5 - -Package: tpm-module -Architecture: amd64 -Depends: ${shlibs:Depends}, ${misc:Depends}, tpm-tools, libtspi1 -Description: HIRS TPM Module - Allows for interaction with TPMs. - diff --git a/tpm_module/debian/docs b/tpm_module/debian/docs deleted file mode 100644 index e69de29b..00000000 diff --git a/tpm_module/debian/files b/tpm_module/debian/files deleted file mode 100644 index 97b7ba85..00000000 --- a/tpm_module/debian/files +++ /dev/null @@ -1 +0,0 @@ -tpm-module_3.11_amd64.deb admin optional diff --git a/tpm_module/debian/lintian-overrides b/tpm_module/debian/lintian-overrides deleted file mode 100644 index 1f832eeb..00000000 --- a/tpm_module/debian/lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -# Ignore lintian error about incorrectly formatted copyright file -tpm-module binary: copyright-should-refer-to-common-license-file-for-lgpl \ No newline at end of file diff --git a/tpm_module/debian/rules b/tpm_module/debian/rules deleted file mode 100755 index d590aa1b..00000000 --- a/tpm_module/debian/rules +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/make -f -# -*- makefile -*- - -export DH_VERBOSE=1 - -%: - dh $@ diff --git a/tpm_module/debian/source/format b/tpm_module/debian/source/format deleted file mode 100644 index 89ae9db8..00000000 --- a/tpm_module/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (native) diff --git a/tpm_module/debian/tpm-module.install b/tpm_module/debian/tpm-module.install deleted file mode 100644 index 64cb5535..00000000 --- a/tpm_module/debian/tpm-module.install +++ /dev/null @@ -1 +0,0 @@ -src/tpm_module usr/bin diff --git a/tpm_module/debian/tpm-module.manpages b/tpm_module/debian/tpm-module.manpages deleted file mode 100644 index dcac6fc0..00000000 --- a/tpm_module/debian/tpm-module.manpages +++ /dev/null @@ -1 +0,0 @@ -debian/tpm_module.1 diff --git a/tpm_module/debian/tpm-module.substvars b/tpm_module/debian/tpm-module.substvars deleted file mode 100644 index 491e44be..00000000 --- a/tpm_module/debian/tpm-module.substvars +++ /dev/null @@ -1,2 +0,0 @@ -shlibs:Depends=libc6 (>= 2.4), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.4.0), libtspi1 (>= 0.3.1) -misc:Depends= diff --git a/tpm_module/libhis_activateidentity.hpp b/tpm_module/libhis_activateidentity.hpp deleted file mode 100644 index 77b891fd..00000000 --- a/tpm_module/libhis_activateidentity.hpp +++ /dev/null @@ -1,224 +0,0 @@ -#ifndef libhis_activateidentity_hpp -#define libhis_activateidentity_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_activateidentity -{ -public: - libhis_activateidentity() - { - //set default values - init_ik_size = TSS_KEY_SIZE_DEFAULT; - init_ik_type = TSS_KEY_TYPE_IDENTITY; - init_ik_authorized = TSS_KEY_AUTHORIZATION; - init_ik_migratable = TSS_KEY_NOT_MIGRATABLE; - init_ik_volatile = TSS_KEY_VOLATILE; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create IK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result); - } - - void init() - { - //combine the init flags - init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile; - - //Create IK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result); - - binitialized = true; - } - - void activateidentity( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_ik_value, - unsigned long auth_ik_size, - bool auth_ik_sha1, - unsigned char *asym_value, - unsigned long asym_size, - unsigned char *sym_value, - unsigned long sym_size, - unsigned char *uuid_ik_value, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the IK UUID - hextouuid(uuid_ik_value, uuid_ik); - - //Get the IK by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result); - - //set up IK auth - if(auth_ik_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result); - } - - //assign the IK auth - result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result); - - //Unwrap the IK - result = Tspi_Key_LoadKey(hkey_ik, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result); - - //Activate identity - BYTE *value; - UINT32 size; - result = Tspi_TPM_ActivateIdentity(htpm, hkey_ik, asym_size, asym_value, sym_size, sym_value, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Activate identity", result); - - //Copy memory because TSS uses malloc and free, but we're using new and delete - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - { - output_value[i] = value[i]; - } - - //clean up the TSS data -- CANNOT DO THIS; TSS MEMORY LEAK? - //result = Tspi_Context_FreeMemory(hcontext, value); - //if(result != TSS_SUCCESS) throw libhis_exception("Cleanup identity credential", result); - - return; - } - - ~libhis_activateidentity() - { - //clean up IK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result); - - if(binitialized) - { - //clean up IK - result = Tspi_Context_CloseObject(hcontext, hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_ik; - TSS_HPOLICY hpolicy_tpm, - hpolicy_srk, - hpolicy_ik; - TSS_UUID uuid_ik; - UINT32 init_ik, - init_ik_size, - init_ik_type, - init_ik_authorized, - init_ik_migratable, - init_ik_volatile; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_bind.hpp b/tpm_module/libhis_bind.hpp deleted file mode 100644 index 251e9379..00000000 --- a/tpm_module/libhis_bind.hpp +++ /dev/null @@ -1,271 +0,0 @@ -#ifndef libhis_bind_hpp -#define libhis_bind_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_bind -{ -public: - libhis_bind() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - init_key_scheme = 0; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - - //Create ENCData object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result); - - //Create ENCData policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result); - } - - void initbind(unsigned int in_size, unsigned int in_scheme) - { - //set the type - init_key_type = TSS_KEY_TYPE_BIND; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //set the encryption scheme - if(in_scheme == 0) - init_key_scheme = TSS_ES_RSAESPKCSV15; - else if(in_scheme == 1) - init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; - else if(in_scheme == 2) - init_key_scheme = TSS_ES_SYM_CNT; - else if(in_scheme == 3) - init_key_scheme = TSS_ES_SYM_OFB; - else if(in_scheme == 4) - init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD; - else - init_key_scheme = TSS_ES_NONE; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - //Set the encryption scheme - result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme); - if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result); - - binitialized = true; - } - - void bind( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *auth_enc_value, - unsigned long auth_enc_size, - bool auth_enc_sha1, - unsigned char *uuid_key_value, - unsigned char *hash_value, - unsigned long hash_size, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //Unwrap the key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //set up ENCData auth - if(auth_enc_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result); - } - - //assign the ENCData auth - result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result); - - //bind data - result = Tspi_Data_Bind(hencdata, hkey_key, hash_size, hash_value); - if(result != TSS_SUCCESS) throw libhis_exception("Bind", result); - - //Get the bound data blob - BYTE *value; - UINT32 size; - result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Get bound data blob", result); - - //copy over memory - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_value[i] = value[i]; - - //clean up dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result); - } - - ~libhis_bind() - { - //clean up ENCData policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result); - - //Clean up ENCData - result = Tspi_Context_CloseObject(hcontext, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result); - - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key; - TSS_HPOLICY hpolicy_srk, - hpolicy_key, - hpolicy_enc; - TSS_UUID uuid_key; - TSS_HENCDATA hencdata; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile, - init_key_scheme; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_changekeyauth.hpp b/tpm_module/libhis_changekeyauth.hpp deleted file mode 100644 index 8a06eaca..00000000 --- a/tpm_module/libhis_changekeyauth.hpp +++ /dev/null @@ -1,316 +0,0 @@ -#ifndef libhis_changekeyauth_hpp -#define libhis_changekeyauth_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_changekeyauth -{ -public: - libhis_changekeyauth() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - - //Create new policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result); - } - - void initidentity() - { - //set the type - init_key_type = TSS_KEY_TYPE_IDENTITY; - - //set the key size - init_key_size = TSS_KEY_SIZE_DEFAULT; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initsign(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_SIGNING; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initbind(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_BIND; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initstorage(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_STORAGE; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void changekeyauth( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *uuid_key_value, - unsigned char *auth_new_value, - unsigned long auth_new_size, - bool auth_new_sha1) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up Key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret Plain", result); - } - - //assign the Key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign Key Secret", result); - - //set up new auth - if(auth_new_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); - } - - //change the Key secret - result = Tspi_ChangeAuth(hkey_key, hkey_srk, hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Change Key Secret", result); - - try - { - //save key - result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result); - } - catch(libhis_exception &e) - { - //Unregister the existing key - result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister); - if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result); - - //Register a new key - result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result); - } - - return; - } - - ~libhis_changekeyauth() - { - //clean up new policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result); - - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key, - hkey_unregister; - TSS_HPOLICY hpolicy_srk, - hpolicy_key, - hpolicy_new; - TSS_UUID uuid_key; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile, - init_key_scheme; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_changeownership.hpp b/tpm_module/libhis_changeownership.hpp deleted file mode 100644 index eb60fa21..00000000 --- a/tpm_module/libhis_changeownership.hpp +++ /dev/null @@ -1,109 +0,0 @@ -#ifndef libhis_changeownership_hpp -#define libhis_changeownership_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_changeownership -{ -public: - libhis_changeownership() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create new policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result); - } - - void changeownership( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *auth_new_value, - unsigned long auth_new_size, - bool auth_new_sha1) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); - - //set up new auth - if(auth_new_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); - } - - //change the TPM secret - result = Tspi_ChangeAuth(htpm, 0, hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result); - - return; - } - - ~libhis_changeownership() - { - //clean up new policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPOLICY hpolicy_tpm, - hpolicy_new; -}; - -#endif diff --git a/tpm_module/libhis_changesrksecret.hpp b/tpm_module/libhis_changesrksecret.hpp deleted file mode 100644 index 27fe2f49..00000000 --- a/tpm_module/libhis_changesrksecret.hpp +++ /dev/null @@ -1,150 +0,0 @@ -#ifndef libhis_changesrksecret_hpp -#define libhis_changesrksecret_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_changesrksecret -{ -public: - libhis_changesrksecret() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create new policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result); - } - - void changesrksecret(unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_new_value, - unsigned long auth_new_size, - bool auth_new_sha1) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //set up new auth - if(auth_new_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); - } - - //change the SRK secret - result = Tspi_ChangeAuth(hkey_srk, htpm, hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Change SRK Secret", result); - - return; - } - - ~libhis_changesrksecret() - { - //clean up new policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_new); - if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result); - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk; - TSS_HPOLICY hpolicy_tpm, - hpolicy_srk, - hpolicy_new; -}; - -#endif diff --git a/tpm_module/libhis_clearkey.hpp b/tpm_module/libhis_clearkey.hpp deleted file mode 100644 index e96b2ece..00000000 --- a/tpm_module/libhis_clearkey.hpp +++ /dev/null @@ -1,167 +0,0 @@ -#ifndef libhis_clearkey_hpp -#define libhis_clearkey_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_clearkey -{ -public: - libhis_clearkey() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - } - - void clearkey( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *uuid_key_value) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //Unwrap the key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //Unregister the existing key - result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Unregister uuid", result); - - return; - } - - ~libhis_clearkey() - { - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key; - TSS_HPOLICY hpolicy_srk, - hpolicy_key; - TSS_UUID uuid_key; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile, - init_key_scheme; -}; - -#endif diff --git a/tpm_module/libhis_clearnvdata.hpp b/tpm_module/libhis_clearnvdata.hpp deleted file mode 100644 index 96404047..00000000 --- a/tpm_module/libhis_clearnvdata.hpp +++ /dev/null @@ -1,121 +0,0 @@ -#ifndef libhis_clearnvdata_hpp -#define libhis_clearnvdata_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_clearnvdata -{ -public: - libhis_clearnvdata() - { - //set defaults - nvstore_index = 0; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create NVSTore object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result); - } - - void clearnvdata( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned long nv_index) - { - //set up the index value - if(nv_index == 0) - nvstore_index = TPM_NV_INDEX_EKCert; - else if(nv_index == 1) - nvstore_index = TPM_NV_INDEX_TPM_CC; - else if(nv_index == 2) - nvstore_index = TPM_NV_INDEX_PlatformCert; - else if(nv_index == 3) - nvstore_index = TPM_NV_INDEX_Platform_CC; - else - nvstore_index = nv_index; - - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //assign the TPM auth to the NVStore - result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result); - - //force NVData to be readable by the owner only - result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE); - if(result != TSS_SUCCESS) throw libhis_exception("Requier owner auth on NVStore read/write", result); - - //set the read address - result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index); - if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result); - - //clear the nvstore space - result = Tspi_NV_ReleaseSpace(hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Clear data at NVStore index", result); - } - - ~libhis_clearnvdata() - { - //clean up NVStore - result = Tspi_Context_CloseObject(hcontext, hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPOLICY hpolicy_tpm; - TSS_HNVSTORE hnvstore; - UINT32 nvstore_index; -}; - -#endif diff --git a/tpm_module/libhis_clearownership.hpp b/tpm_module/libhis_clearownership.hpp deleted file mode 100644 index ce7bf1c2..00000000 --- a/tpm_module/libhis_clearownership.hpp +++ /dev/null @@ -1,83 +0,0 @@ -#ifndef libhis_clearownership_hpp -#define libhis_clearownership_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_clearownership -{ -public: - libhis_clearownership() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - } - - void clearownership( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); - - //clear the TPM owner - result = Tspi_TPM_ClearOwner(htpm, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Clear Ownership", result); - } - - ~libhis_clearownership() - { - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPOLICY hpolicy_tpm; -}; - -#endif diff --git a/tpm_module/libhis_clearpcr.hpp b/tpm_module/libhis_clearpcr.hpp deleted file mode 100644 index f6feac7f..00000000 --- a/tpm_module/libhis_clearpcr.hpp +++ /dev/null @@ -1,122 +0,0 @@ -#ifndef libhis_clearpcr_hpp -#define libhis_clearpc_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_clearpcr -{ -public: - libhis_clearpcr() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create PCRS object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result); - } - - void clearpcr( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *mask) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //set up mask - bool bitmask[24]; - for(short i = 0; i < 24; i++) - bitmask[i] = 0; - masktobitmask(mask, bitmask); - - //collect the PCR values - UINT32 temp_size; - BYTE *temp_value; - for(unsigned long i = 0; i < 24; i++) - { - if(bitmask[i]) - { - result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result); - - result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result); - - result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - result = Tspi_Context_FreeMemory(hcontext, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result); - } - } - - //clear PCR value - result = Tspi_TPM_PcrReset(htpm, hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Reset PCRs", result); - - return; - } - - ~libhis_clearpcr() - { - //clean up PCRS - result = Tspi_Context_CloseObject(hcontext, hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPOLICY hpolicy_tpm; - TSS_HPCRS hpcrs; -}; - -#endif diff --git a/tpm_module/libhis_cli.hpp b/tpm_module/libhis_cli.hpp deleted file mode 100644 index 50e49067..00000000 --- a/tpm_module/libhis_cli.hpp +++ /dev/null @@ -1,3245 +0,0 @@ -#ifndef libhis_cli_hpp -#define libhis_cli_hpp - -#include "libhis_takeownership.hpp" -#include "libhis_changeownership.hpp" -#include "libhis_clearownership.hpp" -#include "libhis_createek.hpp" -#include "libhis_changesrksecret.hpp" -#include "libhis_collateidentityrequest.hpp" -#include "libhis_activateidentity.hpp" -#include "libhis_quote.hpp" -#include "libhis_seal.hpp" -#include "libhis_unseal.hpp" -#include "libhis_getrandombytes.hpp" -#include "libhis_createkey.hpp" -#include "libhis_changekeyauth.hpp" -#include "libhis_getkeyblob.hpp" -#include "libhis_getkeymodulus.hpp" -#include "libhis_getpubkey.hpp" -#include "libhis_clearkey.hpp" -#include "libhis_getpcr.hpp" -#include "libhis_extendpcr.hpp" -#include "libhis_clearpcr.hpp" -#include "libhis_setnvdata.hpp" -#include "libhis_getnvdata.hpp" -#include "libhis_clearnvdata.hpp" -#include "libhis_sign.hpp" -#include "libhis_verifysignature.hpp" -#include "libhis_bind.hpp" -#include "libhis_unbind.hpp" - -#include "libhis_exception.hpp" - -#include -#include -#include -#include -#include -#include - -#ifdef LINUX - #include - #include -#endif - -using namespace std; - -/************************************************************************* - GLOBAL CONSTANT BLOCK - *************************************************************************/ -const char cVersion[] = "3.13"; //identify the source revision -const char cTpmVersion[] = "1.2"; //identify the tpm spec level supported - -/** - * - * @param argumentCount - * @param argumentValues - */ -class libhis_cli -{ -/************************************************************************* - PUBLIC FUNCTION BLOCK - *************************************************************************/ -public: - /** - * Constructor tasked with initializing the class. You must run this - * first followed by the cli function. The rest is controlled by command - * inputs. - * @param argumentCount - * @param argumentValues - */ - libhis_cli(int argumentCount, char **argumentValues) - { - //set defaults - bdebug = false; - blog = false; - bhelp = false; - bmode = false; - bversion = false; - bzeros = false; - breadable = false; - imode = 0; - iresult = 0; - - //associate inputs - argc = argumentCount; - argv = argumentValues; - - //populate booleans - for(int i = 0; i < argc; i++) - { - if(strcasecmp(argv[i], "-h") == 0 || strcasecmp(argv[i], "-help") == 0 || strcasecmp(argv[i], "--help") == 0) - bhelp = true; - if(strcasecmp(argv[i], "-r") == 0 || strcasecmp(argv[i], "-readable") == 0 || strcasecmp(argv[i], "--readable") == 0) - breadable = true; - else if(strcasecmp(argv[i], "-d") == 0 || strcasecmp(argv[i], "-debug") == 0 || strcasecmp(argv[i], "--debug") == 0) - bdebug = true; - else if(strcasecmp(argv[i], "-f") == 0 || strcasecmp(argv[i], "-file") == 0 || strcasecmp(argv[i], "--log") == 0) - blog = true; - else if(strcasecmp(argv[i], "-m") == 0 || strcasecmp(argv[i], "-mode") == 0 || strcasecmp(argv[i], "--mode") == 0) - { - i++; //step i forward - if(i < argc && atoi(argv[i]) > 0) //check bounds and positive mode value - { - imode = atoi(argv[i]); - bmode = true; - } - else - bmode = false; - } - else if(strcasecmp(argv[i], "-v") == 0 || strcasecmp(argv[i], "-version") == 0 || strcasecmp(argv[i], "--version") == 0) - bversion = true; - else if(strcasecmp(argv[i], "-z") == 0 || strcasecmp(argv[i], "-zeros") == 0 || strcasecmp(argv[i], "--zeros") == 0) - bzeros = true; - } - } - - /** - * Worker function that actually accomplishes stuff. This function will - * return a result code. - * @return - */ - unsigned long cli() - { - try - { - if(bversion) - cout << cVersion << endl; - else - { - if(bmode) - { - switch(imode) - { - //valid mode handling cases - case 1: - takeownership(); - break; - case 2: - changeownership(); - break; - case 3: - clearownership(); - break; - case 4: - createek(); - break; - case 5: - changesrksecret(); - break; - case 6: - collateidentityrequest(); - break; - case 7: - activateidentity(); - break; - case 8: - quote(); - break; - case 9: - quote2(); - break; - case 10: - seal(); - break; - case 11: - seal2(); - break; - case 12: - unseal(); - break; - case 13: - getrandombytes(); - break; - case 14: - createkey(); - break; - case 15: - changekeyauth(); - break; - case 16: - getkeyblob(); - break; - case 17: - getmodulus(); - break; - case 18: - clearkey(); - break; - case 19: - getpcr(); - break; - case 20: - extendpcr(); - break; - case 21: - clearpcr(); - break; - case 22: - setnvdata(); - break; - case 23: - getnvdata(); - break; - case 24: - clearnvdata(); - break; - case 25: - sign(); - break; - case 26: - verifysignature(); - break; - case 27: - bind(); - break; - case 28: - unbind(); - break; - case 29: - getpubkey(); - break; - - //catch everything else case - default: - throw libhis_exception("Invalid mode argument", 300); - } - } - else - printHelp(); - } - } - catch(libhis_exception &e) - { - iresult = e.result; //update the return code - - if(bdebug) //print out error message if debugging is on - { - cerr << e.what() << ' ' << e.result << endl; - error_helper(e.result); - } - - if(blog) //write error file if logging is on - { - try - { - //set up the output file - fstream file; - file.open("tpm_module.txt", fstream::out | fstream::app); - if(!file.is_open()) throw libhis_exception("Can't open log file", 290); - - //set up a time object to put in the output file - time_t rawtime; - struct tm* timeinfo; - time(&rawtime); - timeinfo = localtime(&rawtime); - - //write exception information - file << e.what() << ' ' << e.result << ' ' << asctime(timeinfo); - - //close output file - file.close(); - } - catch(exception f) - { - //tell the user something went wrong with the output file - cerr << "Output error: " << f.what() << endl; - iresult += 100000; - } - } - } - - return iresult; //careful -- sometimes Linux mucks with this value - } - - /** - * Default destructor. Nothing to do. - */ - ~libhis_cli() - { - } - -/************************************************************************* - PRIVATE VARIABLE BLOCK - *************************************************************************/ -private: - enum authType - { - AUTH_NEW, - AUTH_TPM, - AUTH_SRK, - AUTH_IK, - AUTH_SIGN, - AUTH_BIND, - AUTH_STOR, - AUTH_ENC, - AUTH_KEY - }; - - enum keyType - { - KEY_EK, - KEY_SRK, - KEY_IK, - KEY_STOR, - KEY_BIND, - KEY_SIGN - }; - - bool bdebug, - blog, - bhelp, - bmode, - bversion, - bzeros, - breadable; - int imode, - argc; - char **argv; - - unsigned long iresult; - -/************************************************************************* - PRIVATE FUNCTION BLOCK - *************************************************************************/ - /* - * Print Help - * Tell the user about everything they can do with this program. - */ - void printHelp() - { - cout << "TPM (Trusted Platform Module) Module" << endl - << " Version is " << cVersion << endl - << " TPM spec support level is " << cTpmVersion << endl - << endl - << "Mode List:" << endl - << " 1 Take Ownership of TPM" << endl - << " 2 Change Owner Authorization Data" << endl - << " 3 Clear Ownership (Disables TPM)" << endl - << " 4 Create EK" << endl - << " 5 Change SRK Authorization Data" << endl - << " 6 Collate Identity Request (Create Identity Key)" << endl //check - << " 7 Activate Identity (Create Identity Key Certificate)" << endl //check - << " 8 Quote" << endl - << " 9 Quote 2" << endl - << " 10 Seal Data (Encrypt Data to Current Platform State)" << endl - << " 11 Seal 2 (Seal Against Future PCRs)" << endl - << " 12 Unseal Data" << endl - << " 13 Generate Random Bytes" << endl - << " 14 Create Signing, Binding, or Storage Key" << endl - << " 15 Change Key Authorization Data" << endl - << " 16 Get Keyblob" << endl - << " 17 Get Key Modulus" << endl - << " 18 Clear Key" << endl - << " 19 Get PCR" << endl - << " 20 Extend PCR (Update PCR Value)" << endl - << " 21 Clear PCR" << endl //locality - << " 22 Set NVRAM Data" << endl //check - << " 23 Get NVRAM Data" << endl //check - << " 24 Clear NVRAM Data" << endl //check - << " 25 Sign Data" << endl - << " 26 Verify Signed Data" << endl - << " 27 Bind" << endl - << " 28 Unbind" << endl - << " 29 Get Public Key" << endl - << endl - << "Default Commands List:" << endl - << " -m | -mode Set a mode from list above" << endl - << " -h | -help Display help, can combine with mode" << endl - << " -v | -version Display software version info" << endl - << " -d | -debug Enable console debugging" << endl - << " -f | -file Write debugging info to file" << endl - << " -z | -zeros Automatically fills in auth data with zeros" << endl - << " -r | -readable Make output human-readable with delimeters" << endl - << " -nr | -nonce_random Populate nonce with TPM's random byte generator" << endl - << endl - << "Example Commands:" << endl - << " Take ownership of TPM using a specific nonce and zeros for auth data:" << endl - << " tpm_module -m 1 -n 0123456789012345678901234567890123456789 -z" << endl - << endl - << " Get help with collate identity request" << endl - << " tpm_module -m 6 -h" << endl - << endl - << " Generate a quote2 using the first 16 PCRs, random nonce, identity key with" << endl - << " simple UUID, awful password, and omitted srk auth as zeros:" << endl - << " tpm_module -m 9 -p ffff00 -nr -u 00000000-0000-0000-0000-040000000001" << endl - << " -authp_ik password -z" << endl - << endl; - } - - unsigned char* hexToBin(char *input) - { - //every hex string must have an even number of characters - if((strlen(input) % 2) != 0) throw libhis_exception("Hex to Bin Invalid Length", 310); - - unsigned char *array = new unsigned char[(strlen(input) / 2)]; //new byte array - unsigned long value = 0; //variable to store hex value - - for(unsigned long i = 0; i < (strlen(input) / 2); i++) - { - //check first character - if(input[i*2] >= 48 && input[i*2] <= 57) - { - value = (input[i*2] - 48) * 16; - } - else if(input[i*2] >= 65 && input[i*2] <= 70) - { - value = (input[i*2] - 55) * 16; - } - else if(input[i*2] >= 97 && input[i*2] <= 102) - { - value = (input[i*2] - 87) * 16; - } - else - { //validation failure so return null - delete [] array; - throw libhis_exception("Hex to Bin Character Validation Error", 311); - } - - //check second character - if(input[i*2+1] >= 48 && input[i*2+1] <= 57) - { - value += input[i*2+1] - 48; - } - else if(input[i*2+1] >= 65 && input[i*2+1] <= 70) - { - value += input[i*2+1] - 55; - } - else if(input[i*2+1] >= 97 && input[i*2+1] <= 102) - { - value += input[i*2+1] - 87; - } - else - { //validation failure so return null - delete [] array; - throw libhis_exception("Hex to Bin Character Validation Error", 312); - } - - array[i] = value; //set the byte values - } - - return array; //success! - } - - void setupAuth(unsigned char *&value, unsigned long &size, bool &sha1, authType aType) - { - //loop over the argument array and return when match found - for(int i = 0; i < argc; i++) - { - switch(aType) - { - case AUTH_NEW: - { - if(strcasecmp(argv[i], "-authp_new") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_new") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_TPM: - { - if(strcasecmp(argv[i], "-authp_tpm") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_tpm") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_SRK: - { - if(strcasecmp(argv[i], "-authp_srk") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_srk") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_IK: - { - if(strcasecmp(argv[i], "-authp_ik") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_ik") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_SIGN: - { - if(strcasecmp(argv[i], "-authp_sign") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_sign") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_BIND: - { - if(strcasecmp(argv[i], "-authp_bind") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_bind") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_STOR: - { - if(strcasecmp(argv[i], "-authp_stor") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_stor") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_ENC: - { - if(strcasecmp(argv[i], "-authp_enc") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_enc") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - case AUTH_KEY: - { - if(strcasecmp(argv[i], "-authp_key") == 0 && (i + 1) < argc) - { - value = (unsigned char*)argv[i + 1]; - size = strlen(argv[i + 1]); - sha1 = false; - return; - } - else if(strcasecmp(argv[i], "-auths_key") == 0 && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - value = hexToBin(argv[i + 1]); - size = 20; - sha1 = true; - return; - } - break; - } - } - } - - if(bzeros) - { - //if we made it here then default to well known secret - value = new unsigned char[20]; - for(short i = 0; i < 20; i++) value[i] = 0x00; - size = 20; - sha1 = true; - return; - } - - //if we made it here then auth or zeros wasn't set - throw libhis_exception("Auth argument missing", 320 + aType); - } - - void setupNonce(unsigned char *&nonce) - { - //loop over the argument array and return when match found - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-n") == 0 || strcasecmp(argv[i], "-nonce") == 0) && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - nonce = hexToBin(argv[i + 1]); - return; - } - else if((strcasecmp(argv[i], "-nr") == 0 || strcasecmp(argv[i], "-nonce_random") == 0)) - { - libhis_getrandombytes temp; - temp.getrandombytes(20, nonce); - return; - } - } - - //we got here only if no nonce was provided so throw exception - throw libhis_exception("Nonce argument missing", 330); - } - - void setupOverwrite(bool &boverwrite) - { - for(int i = 0; i < argc; i++) - { - if(strcasecmp(argv[i], "-o") == 0 || strcasecmp(argv[i], "-overwrite") == 0) - boverwrite = true; - } - - return; - } - - void setupUUID(unsigned char *&uuid) - { - //find uuid - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-u") == 0 || strcasecmp(argv[i], "-uuid") == 0)) && i + 1 < argc && strlen(argv[i + 1]) == 36) - { - uuid = (unsigned char*)argv[i + 1]; - return; - } - } - - //can only get here if a UUID is not provided - throw libhis_exception("UUID argument missing", 340); - } - - void setupMask(unsigned char *&mask) - { - //find mask - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-pcrs") == 0)) && i + 1 < argc && strlen(argv[i + 1]) == 6) - { - mask = (unsigned char*)argv[i + 1]; - return; - } - } - - //can only get here if a mask is not provided - throw libhis_exception("PCRS argument missing", 350); - } - - void setupKeyType(int &keytype) - { - //find key type - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-t") == 0 || strcasecmp(argv[i], "-type") == 0) && i + 1 < argc) - { - if(strcasecmp(argv[i+1], "sign") == 0) - keytype = KEY_SIGN; - else if(strcasecmp(argv[i+1], "bind") == 0) - keytype = KEY_BIND; - else if(strcasecmp(argv[i+1], "identity") == 0 || strcasecmp(argv[i+1], "ik") == 0 || strcasecmp(argv[i+1], "aik") == 0) - keytype = KEY_IK; - else if(strcasecmp(argv[i+1], "storage") == 0 || strcasecmp(argv[i+1], "stor") == 0) - keytype = KEY_STOR; - else if(strcasecmp(argv[i+1], "ek") == 0) - keytype = KEY_EK; - else if(strcasecmp(argv[i+1], "srk") == 0) - keytype = KEY_SRK; - else throw libhis_exception("Key type argument invalid", 411); - - return; - } - } - - //can only get here if a key type is not provided - throw libhis_exception("Key type argument missing", 360); - } - - void setupLength(unsigned long &length, int keytype) - { - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-l") == 0 || strcasecmp(argv[i], "-length") == 0) && i + 1 < argc) - { - length = atoi(argv[i + 1]); - return; - } - } - - if(keytype != KEY_IK) - { - //can only get here if a key length is not provided - //throw libhis_exception("Key length argument missing", 370); - length = 2048; //default to 2048 length - } - } - - void setupScheme(unsigned long &scheme, int keytype) - { - //find key scheme - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-s") == 0 || strcasecmp(argv[i], "-scheme") == 0)) && i + 1 < argc) - { - if(keytype == KEY_SIGN) - { - if(strcasecmp(argv[i+1], "sha1") == 0) - scheme = 0; - else if(strcasecmp(argv[i+1], "der") == 0) - scheme = 1; - else - //else throw libhis_exception("Key scheme invalid", 380); - scheme = 0; //default to SHA1 - - return; - } - else if(keytype == KEY_BIND) - { - if(strcasecmp(argv[i+1], "pkcs") == 0) - scheme = 0; - else if(strcasecmp(argv[i+1], "soap") == 0) - scheme = 1; - else if(strcasecmp(argv[i+1], "cnt") == 0) - scheme = 2; - else if(strcasecmp(argv[i+1], "ofb") == 0) - scheme = 3; - else if(strcasecmp(argv[i+1], "pad") == 0) - scheme = 4; - else - //else throw libhis_exception("Key scheme invalid", 380); - scheme = 0; //default to PKCS - - return; - } - else if(keytype == KEY_STOR) - { - if(strcasecmp(argv[i+1], "system") == 0) - scheme = 0; - else if(strcasecmp(argv[i+1], "user") == 0) - scheme = 1; - else - //else throw libhis_exception("Key scheme invalid", 380); - scheme = 0; //default to system storage - - return; - } - } - } - - //can only get here if a key type is not provided - throw libhis_exception("Key scheme argument missing", 380); - } - - void setupNVIndex(unsigned long &index) - { - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-i") == 0 || strcasecmp(argv[i], "-index") == 0) && i + 1 < argc) - { - if(strcasecmp(argv[i+1], "ec") == 0) - index = 0; - else if(strcasecmp(argv[i+1], "cc") == 0) - index = 1; - else if(strcasecmp(argv[i+1], "pc") == 0) - index = 2; - else if(strcasecmp(argv[i+1], "pcc") == 0) - index = 3; - else throw libhis_exception("NV index argument invalid", 391); - return; - } - } - - //can only get here if a key length is not provided - throw libhis_exception("NVRAM index argument missing", 390); - } - - void takeownership() - { - if(bhelp) - { - cout << "Take Ownership Mode" << endl - << " Takes ownership of the TPM if not already taken. Normally returns 8 when already taken." << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -nonce | -nonce_random Nonce data as hex SHA1 hash" << endl - << endl - << "Outputs:" << endl - << " No output." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *nonce = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupNonce(nonce); - - libhis_takeownership temp; - temp.takeownership(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, auth_srk_value, auth_srk_size, auth_srk_sha1, nonce); - } - catch(libhis_exception &e) - { - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(nonce != 0) delete [] nonce; - throw e; - } - - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(nonce != 0) delete [] nonce; - return; - } - - void changeownership() - { - if(bhelp) - { - cout << "Change Owner Authorization Secret Mode" << endl - << " Changes the owner auth data. Can also switch from sha1 to plain and back." << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -auths_new | -authp_new New owner auth in SHA1 or Plain mode" << endl - << endl - << "Outputs:" << endl - << " No output." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned char *auth_new_value = 0; - unsigned long auth_new_size = 0; - bool auth_new_sha1 = false; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupAuth(auth_new_value, auth_new_size, auth_new_sha1, AUTH_NEW); - - libhis_changeownership temp; - temp.changeownership(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, auth_new_value, auth_new_size, auth_new_sha1); - } - catch(libhis_exception &e) - { - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_new_sha1 && auth_new_value != 0) delete [] auth_new_value; - throw e; - } - - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_new_sha1 && auth_new_value != 0) delete [] auth_new_value; - return; - } - - void clearownership() - { - if(bhelp) - { - cout << "Clear Ownership and Disable TPM Mode" << endl - << " Clears the owner authorization data and disables TPM." << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -clr | -clear Required flag confirms intent to clear" << endl - << endl - << "Outputs:" << endl - << " No output." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - bool bConfirmedClear = false; - - try - { - //NIARL_TPM_MODULE has mode 3 as collate identity request, so make sure user didn't accidentally trigger clear here when they intended collate identity request - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-clr") == 0 || strcasecmp(argv[i], "-clear") == 0)) && i + 1 < argc) - { - bConfirmedClear = true; - } - } - - if(!bConfirmedClear) throw new libhis_exception("Clear TPM requires -clr | -clear flag.", 500); - - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - - libhis_clearownership temp; - temp.clearownership(auth_tpm_value, auth_tpm_size, auth_tpm_sha1); - } - catch(libhis_exception &e) - { - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - throw e; - } - - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - return; - } - - void createek() - { - if(bhelp) - { - cout << "Create EK (Endorsement Key) Mode" << endl - << " Creates an EK if it doesn't already exist." << endl - << endl - << "Input:" << endl - << " -nonce | -nonce_random Nonce data as hex SHA1 hash" << endl - << endl - << "Outputs:" << endl - << " No output." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *nonce = 0; - - try - { - setupNonce(nonce); - - libhis_createek temp; - temp.createek(nonce); - } - catch(libhis_exception &e) - { - if(nonce != 0) delete [] nonce; - throw e; - } - - if(nonce != 0) delete [] nonce; - return; - } - - void changesrksecret() - { - if(bhelp) - { - cout << "Change SRK (Storage Root Key) Authorization Secret Mode" << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_new | -authp_new New SRK auth in SHA1 or Plain mode" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Outputs:" << endl - << " No output." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_new_value = 0; - unsigned long auth_new_size = 0; - bool auth_new_sha1 = false; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_new_value, auth_new_size, auth_new_sha1, AUTH_NEW); - - libhis_changesrksecret temp; - temp.changesrksecret(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, auth_srk_value, auth_srk_size, auth_srk_sha1, auth_new_value, auth_new_size, auth_new_sha1); - } - catch(libhis_exception &e) - { - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_new_sha1 && auth_new_value != 0) delete [] auth_new_value; - throw e; - } - - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_new_sha1 && auth_new_value != 0) delete [] auth_new_value; - return; - } - - void collateidentityrequest() - { - if(bhelp) - { - cout << "Collate Identity Request (Create Idenity Key) Mode" << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_ik | -authp_ik IK auth in SHA1 or Plain mode" << endl - << " -p | -acak Attestation CA public Key blob" << endl - << " -l | -label IK creation label" << endl - << " -u | -uuid IK UUID for storage and retrieval" << endl - << " -e | -ekc (optional) Load EKC as hex datablob argument" << endl - << " -pc (optional) Load PC as hex datablob argument" << endl - << " -n | -nvram (optional) Flag to load EKC and/or PC from NVRAM" << endl - << " Note: Do not use -e|-ekc|-pc and -n|-nvram together. Will throw error." << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << " -o | -overwrite Overwrite existing key at same UUID" << endl - << endl - << "Outputs:" << endl - << " Hex[n] identity request" << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_ik_value = 0; - unsigned long auth_ik_size = 0; - bool auth_ik_sha1 = false; - unsigned char *label_ik_value = 0; - unsigned long label_ik_size = 0; - unsigned char *key_acak_value = 0; - unsigned long key_acak_size = 0; - unsigned char *uuid_ik_value = 0; - bool uuid_overwrite = false; - unsigned char *ekc_value = 0; - unsigned long ekc_size = 0; - unsigned char *pc_value = 0; - unsigned long pc_size = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_ik_value, auth_ik_size, auth_ik_sha1, AUTH_IK); - setupOverwrite(uuid_overwrite); - setupUUID(uuid_ik_value); - - //find acak - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-acak") == 0)) && i + 1 < argc) - { - key_acak_value = hexToBin(argv[i + 1]); - key_acak_size = strlen(argv[i + 1]) / 2; - } - } - if(key_acak_value == 0) throw libhis_exception("ACAK argument", 410); - - //find label - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-l") == 0 || strcasecmp(argv[i], "-label") == 0)) && i + 1 < argc) - { - label_ik_value = (unsigned char*)argv[i + 1]; - label_ik_size = strlen(argv[i + 1]); - } - } - if(label_ik_value == 0) throw libhis_exception("Label argument", 411); - - //get the EKC and PC from NVRAM if desired - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-n") == 0 || strcasecmp(argv[i], "-nvram") == 0)) && i + 1 < argc) - { - libhis_getnvdata temp; - temp.getnvdata(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, 0, ekc_value, ekc_size); - libhis_getnvdata temp2; - temp2.getnvdata(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, 2, pc_value, pc_size); - } - } - - //get the EKC if desired - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-e") == 0 || strcasecmp(argv[i], "-ekc") == 0)) && i + 1 < argc) - { - if(ekc_value != 0) - throw libhis_exception("NVRAM and EKC argument collision.", 412); - - ekc_value = hexToBin(argv[i + 1]); - ekc_size = strlen(argv[i + 1]) / 2; - } - } - - for(int i = 0; i < argc; i++) - { // PC requires EKC - if((ekc_size > 0) && (strcasecmp(argv[i], "-pc") == 0) && i + 1 < argc) - { - if(pc_value != 0) - throw libhis_exception("NVRAM and PC argument collision.", 412); - - pc_value = hexToBin(argv[i + 1]); - pc_size = strlen(argv[i + 1]) / 2; - } else if ((ekc_size <= 0) && (strcasecmp(argv[i], "-pc") == 0) && i + 1 < argc) { - throw libhis_exception("PC expects EKC to be provided", 412); - } - } - - libhis_collateidentityrequest temp; - temp.init(); - temp.collateidentityrequest(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, auth_srk_value, auth_srk_size, auth_srk_sha1, auth_ik_value, auth_ik_size, auth_ik_sha1, label_ik_value, label_ik_size, key_acak_value, key_acak_size, uuid_ik_value, uuid_overwrite, ekc_value, ekc_size, pc_value, pc_size, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(output_value != 0) delete [] output_value; - if(ekc_value != 0) delete [] ekc_value; - throw e; - } - - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(output_value != 0) delete [] output_value; - if(ekc_value != 0) delete [] ekc_value; - return; - } - - void activateidentity() - { - if(bhelp) - { - cout << "Activiate Identity Request (Create Idenity Key Cert) Mode" << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_ik | -authp_ik IK auth in SHA1 or Plain mode" << endl - << " -a | -asym ACA Asymmetric response blob" << endl - << " -s | -sym ACA Symmetric response blob" << endl - << " -u | -uuid IK UUID for storage and retrieval" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Outputs:" << endl - << " Hex[n] identity credential." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_ik_value = 0; - unsigned long auth_ik_size = 0; - bool auth_ik_sha1 = false; - unsigned char *asym_value = 0; - unsigned long asym_size = 0; - unsigned char *sym_value = 0; - unsigned long sym_size = 0; - unsigned char *uuid_ik_value = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_ik_value, auth_ik_size, auth_ik_sha1, AUTH_IK); - setupUUID(uuid_ik_value); - - //find ASYM - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-a") == 0 || strcasecmp(argv[i], "-asym") == 0)) && i + 1 < argc) - { - asym_value = hexToBin(argv[i + 1]); - asym_size = strlen(argv[i + 1]) / 2; - } - } - if(asym_value == 0) throw libhis_exception("ASYM argument", 410); - - //find SYM - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-s") == 0 || strcasecmp(argv[i], "-sym") == 0)) && i + 1 < argc) - { - sym_value = hexToBin(argv[i + 1]); - sym_size = strlen(argv[i + 1]) / 2; - } - } - if(sym_value == 0) throw libhis_exception("SYM argument", 411); - - libhis_activateidentity temp; - temp.init(); - temp.activateidentity(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, auth_srk_value, auth_srk_size, auth_srk_sha1, auth_ik_value, auth_ik_size, auth_ik_sha1, asym_value, asym_size, sym_value, sym_size, uuid_ik_value, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_tpm_sha1 && auth_tpm_value != 0) delete [] auth_tpm_value; - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(output_value != 0) delete [] output_value; - return; - } - - void quote() - { - if(bhelp) - { - cout << "Quote Mode" << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_ik | -authp_ik IK auth in SHA1 or Plain mode" << endl - << " -u | -uuid IK UUID for storage and retrieval" << endl - << " -n | -nonce | -nr Nonce data as hex SHA1 hash" << endl - << " -p | -pcrs PCR selection mask low to high" << endl - << " NOTE: PCR selection mask must be 6 characters (3 bytes). Under Trousers" << endl - << " all data will be properly quoted. NTru will ignore third byte. You" << endl - << " must always provide 6 characters (3 bytes) even for NTru." << endl - << " NOTE: The TCG mask is as follows:" << endl - << " 7,6,5,4,3,2,1,0,15,14,13,12,11,10,9,8" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Outputs:" << endl - << " TPM_QUOTE_INFO hex datablob" << endl - << " Signature Hex Datablob" << endl - << " One PCR SHA1 Hex Datablob Per Line" << endl - << " NOTE: All outputs on same line without delimiters. Use -r to add newlines." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_ik_value = 0; - unsigned long auth_ik_size = 0; - bool auth_ik_sha1 = false; - unsigned char *nonce = 0; - unsigned char *uuid_ik_value = 0; - unsigned char *mask = 0; - unsigned char *output_pcrs_value = 0; - unsigned long output_pcrs_size = 0; - unsigned char *output_quote_value = 0; - unsigned long output_quote_size = 0; - unsigned char *output_sig_value = 0; - unsigned long output_sig_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_ik_value, auth_ik_size, auth_ik_sha1, AUTH_IK); - setupNonce(nonce); - setupUUID(uuid_ik_value); - setupMask(mask); - - libhis_quote temp; - temp.init(false); - temp.quote(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_ik_value, auth_ik_size, auth_ik_sha1, nonce, uuid_ik_value, mask, output_pcrs_value, output_pcrs_size, output_quote_value, output_quote_size, output_sig_value, output_sig_size); - - for(unsigned long i = 0; i < output_quote_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_quote_value[i]; - - if(breadable) cout << endl; - - for(unsigned long i = 0; i < output_sig_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_sig_value[i]; - - if(breadable) cout << endl; - - for(unsigned long i = 0; i < output_pcrs_size; i++) - { - cout << setbase(16) << setw(2) << setfill('0') << (int)output_pcrs_value[i]; - if(breadable && (i + 1) % 20 == 0) cout << endl; - } - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(nonce != 0) delete [] nonce; - if(output_pcrs_value != 0) delete [] output_pcrs_value; - if(output_quote_value != 0) delete [] output_quote_value; - if(output_sig_value != 0) delete [] output_sig_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(nonce != 0) delete [] nonce; - if(output_pcrs_value != 0) delete [] output_pcrs_value; - if(output_quote_value != 0) delete [] output_quote_value; - if(output_sig_value != 0) delete [] output_sig_value; - return; - } - - void quote2() - { - if(bhelp) - { - cout << "Quote 2 Mode" << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_ik | -authp_ik IK auth in SHA1 or Plain mode" << endl - << " -u | -uuid IK UUID for storage and retrieval" << endl - << " -n | -nonce | -nr Nonce data as hex SHA1 hash" << endl - << " -p | -pcrs PCR selection mask" << endl - << " -c | -capVerInfo Disable append TPM_CAP_VERSION_INFO to quote" << endl - << " NOTE: TCG mask is as follows:" << endl - << " 7,6,5,4,3,2,1,0,15,14,13,12,11,10,9,8,23,22,21,20,19,18,17,16" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << " -r | -readable Adds newlines to output" << endl - << endl - << "Outputs:" << endl - << " TPM_QUOTE_INFO2 in hex (concatenated with TSS_CAP_VERSION_INFO if enabled)" << endl - << " Signature Hex Datablob" << endl - << " Sequential listing of PCR values" << endl - << " NOTE: All outputs on same line without delimiters. Use -r to add newlines." << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_ik_value = 0; - unsigned long auth_ik_size = 0; - bool auth_ik_sha1 = false; - unsigned char *nonce = 0; - unsigned char *uuid_ik_value = 0; - unsigned char *mask = 0; - unsigned char *output_pcrs_value = 0; - unsigned long output_pcrs_size = 0; - unsigned char *output_quote_value = 0; - unsigned long output_quote_size = 0; - unsigned char *output_sig_value = 0; - unsigned long output_sig_size = 0; - bool bCapVersion = true; //flipped for backwards compatibility with 3.0x - - try - { - //TPM_CAP_VERSION_INFO can cause Broadcom TPMs to crash and Infineon TPMS to output invalid, non-printing characters - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-c") == 0 || strcasecmp(argv[i], "-capVerInfo") == 0)) - { - bCapVersion = false; - } - } - - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_ik_value, auth_ik_size, auth_ik_sha1, AUTH_IK); - setupNonce(nonce); - setupUUID(uuid_ik_value); - setupMask(mask); - - libhis_quote temp; - temp.init(true); - temp.quote2(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_ik_value, auth_ik_size, auth_ik_sha1, nonce, uuid_ik_value, mask, output_pcrs_value, output_pcrs_size, output_quote_value, output_quote_size, output_sig_value, output_sig_size, bCapVersion); - - for(unsigned long i = 0; i < output_quote_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_quote_value[i]; - - if(breadable) cout << endl; - - for(unsigned long i = 0; i < output_sig_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_sig_value[i]; - - if(breadable) cout << endl; - - for(unsigned long i = 0; i < output_pcrs_size; i++) - { - cout << setbase(16) << setw(2) << setfill('0') << (int)output_pcrs_value[i]; - if(breadable && (i + 1) % 20 == 0) cout << endl; - } - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(nonce != 0) delete [] nonce; - if(output_pcrs_value != 0) delete [] output_pcrs_value; - if(output_quote_value != 0) delete [] output_quote_value; - if(output_sig_value != 0) delete [] output_sig_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_ik_sha1 && auth_ik_value != 0) delete [] auth_ik_value; - if(nonce != 0) delete [] nonce; - if(output_pcrs_value != 0) delete [] output_pcrs_value; - if(output_quote_value != 0) delete [] output_quote_value; - if(output_sig_value != 0) delete [] output_sig_value; - return; - } - - /* - * Seal - * Traditional data sealing mechanism. The SRK and current platform PCR - * values will be used to encrypt data. Encrypted data may only be - * decrypted if the system has the same PCR state and same SRK. - */ - void seal() - { - if(bhelp) - { - cout << "Seal Mode" << endl - << " Uses current PCR state to encrypt data. Can only be decrypted with same PCRS." << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_enc | -authp_enc ENCdata auth in SHA1 or Plain mode" << endl - << " NOTE: Windows allows all 24 PCRS. Linux allows only 16 PCRS." << endl - << " -p | -pcrs (Windows) PCR selection mask low to high" << endl - << " -p | -pcrs (Linux) PCR selection mask low to high" << endl - << " NOTE: TCG mask is as follows:" << endl - << " 7,6,5,4,3,2,1,0,15,14,13,12,11,10,9,8,23,22,21,20,19,18,17,16" << endl - << " -e | -encdata Datablob to be sealed" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Outputs:" << endl - << " Hex[n] encrypted datablob" << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_enc_value = 0; - unsigned long auth_enc_size = 0; - bool auth_enc_sha1 = false; - unsigned char *mask = 0; - unsigned char *payload_value = 0; - unsigned long payload_size = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_enc_value, auth_enc_size, auth_enc_sha1, AUTH_ENC); - setupMask(mask); - - //find unencrypted payload - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-e") == 0 || strcasecmp(argv[i], "-encdata") == 0)) && i + 1 < argc) - { - payload_value = hexToBin(argv[i + 1]); - payload_size = strlen(argv[i + 1]) / 2; - } - } - if(payload_value == 0) throw libhis_exception("ENC payload argument", 410); - - libhis_seal temp; - temp.seal(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_enc_value, auth_enc_size, auth_enc_sha1, mask, payload_value, payload_size, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(payload_value != 0) delete [] payload_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Seal 2 - * Seals data against PCR values that differ from the present ones. This - * allows encrypted data to be decrypted at some later or different - * platform state. The SRK must remain constant though! Really useful for - * dual boot situations or for keying up "golden" images. - */ - void seal2() - { - if(bhelp) - { - cout << "Seal2 Mode" << endl - << " Seals PCRS against user-defined release values. **Not available on Linux." << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_enc | -authp_enc ENCdata auth in SHA1 or Plain mode" << endl - << " -p | -pcrs PCR selection mask low to high" << endl - << " -e | -encdata Datablob to be sealed" << endl - << " -r | -release PCR values at release" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Outputs:" << endl - << " Hex[n] encrypted datablob" << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_enc_value = 0; - unsigned long auth_enc_size = 0; - bool auth_enc_sha1 = false; - unsigned char *mask = 0; - unsigned char *payload_value = 0; - unsigned long payload_size = 0; - unsigned char *release_value = 0; - unsigned long release_size = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_enc_value, auth_enc_size, auth_enc_sha1, AUTH_ENC); - setupMask(mask); - - //find unencrypted payload - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-e") == 0 || strcasecmp(argv[i], "-encdata") == 0)) && i + 1 < argc) - { - payload_value = hexToBin(argv[i + 1]); - payload_size = strlen(argv[i + 1]) / 2; - } - } - if(payload_value == 0) throw libhis_exception("ENC payload argument", 410); - - //find pcr release state list - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-r") == 0 || strcasecmp(argv[i], "-release") == 0)) && i + 1 < argc && strlen(argv[i+1]) % 20 == 0) - { - //cout << << endl; - release_value = hexToBin(argv[i + 1]); - release_size = strlen(argv[i + 1]) / 2; - } - } - if(release_value == 0) throw libhis_exception("PCR release argument size error", 410); - - //run a size comparison against the mask and release_value - bool bitmask[24]; - for(short i = 0; i < 24; i++) - bitmask[i] = 0; - masktobitmask(mask, bitmask); - - unsigned short counter = 0; - for(short i = 0; i < 24; i++) - { - if(bitmask[i]) - counter++; - } - - if(counter * 20 != release_size) throw libhis_exception("PCR release argument count mismatch", 410); - - libhis_seal temp; - temp.seal2(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_enc_value, auth_enc_size, auth_enc_sha1, mask, payload_value, payload_size, release_value, release_size, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(payload_value != 0) delete [] payload_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Unseal - * Unseals sealed data. Always uses the current set of PCRs and SRK to - * decrypt with. Supports both Seal and Seal2. - */ - void unseal() - { - if(bhelp) - { - cout << "Unseal Mode" << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_enc | -authp_enc ENCdata auth in SHA1 or Plain mode" << endl - << " -e | -encdata Datablob to be unsealed" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Outputs:" << endl - << " Hex[n] decrypted Hex Datablob" << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_enc_value = 0; - unsigned long auth_enc_size = 0; - bool auth_enc_sha1 = false; - unsigned char *payload_value = 0; - unsigned long payload_size = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_enc_value, auth_enc_size, auth_enc_sha1, AUTH_ENC); - - //find unencrypted payload - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-e") == 0 || strcasecmp(argv[i], "-encdata") == 0)) && i + 1 < argc) - { - payload_value = hexToBin(argv[i + 1]); - payload_size = strlen(argv[i + 1]) / 2; - } - } - if(payload_value == 0) throw libhis_exception("ENC payload argument", 410); - - libhis_unseal temp; - temp.unseal(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_enc_value, auth_enc_size, auth_enc_sha1, payload_value, payload_size, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(payload_value != 0) delete [] payload_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Get Random Bytes - * Acquires random data using the TPM's hardware random generator. - */ - void getrandombytes() - { - if(bhelp) - { - cout << "Get Random Bytes Mode" << endl - << endl - << "Input:" << endl - << " -b | -bytes Byte count integer" << endl - << endl - << "Outputs:" << endl - << " Hex[n] random datablob" << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned long bytes_size = 0; - unsigned char *bytes_value = 0; - - try - { - //find the byte count - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-b") == 0 || strcasecmp(argv[i], "-bytes") == 0) && (i + 1) < argc) - { - bytes_size = strtoul(argv[i + 1], 0, 10); - break; - } - } - if(bytes_size == 0) throw libhis_exception("Byte count argument", 410); - - libhis_getrandombytes temp; - temp.getrandombytes(bytes_size, bytes_value); - - for(unsigned long i = 0; i < bytes_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)bytes_value[i]; - } - catch(libhis_exception &e) - { - if(bytes_value != 0) delete [] bytes_value; - throw e; - } - - if(bytes_value != 0) delete [] bytes_value; - return; - } - - /* - * Create Key - * Creates a signing or binding key in multiple sizes. Storage keys are not - * supported since vendor compliance is spotty. All keys are stored under - * the SRK. - */ - void createkey() - { - if(bhelp) - { - cout << "Create Key Mode" << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_key | -authp_key New key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -t | -type Key type SIGN, BIND, or STORAGE" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " -s | -scheme Scheme for key functionality" << endl - << " Signing key only: SHA1 [default] or DER signing method" << endl - << " Binding key only: PKCS [default], SOAP, CNT, OFB, or PAD encryption method" << endl - << " Storage key only: SYSTEM [default] or USER key storage location" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << " -o | -overwrite Overwrite existing key at same UUID" << endl - << endl - << "Output:" << endl - << " No output." << endl - << endl - << "Note:" << endl - << " Storage keys can be created, manipulated, and cleared. However, they cannot be used to actually" << endl - << " store other keys in this version. Key hierarchies are not supported by all TSS versions. At the" << endl - << " time of development the leading 2 TSS solutions did not support key hierarchies therefore the" << endl - << " ability to use them is not part of this software implementation. See code comments." << endl - /* - * DEVELOPERS -- If TSS solutions are fixed in the future simply allow storage keys to be - * used as alternatives to the SRK in key management functions and also - * signing and binding functions. You can accomplish this by asking for the - * storage UUID. If the user enters SRK use the SRK. If the user enters a - * valid UUID then load the associated storage key. - */ - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - int key_type = 0; - unsigned char *uuid_key_value = 0; - unsigned long key_length = 0; - unsigned long key_scheme = 0; - bool uuid_overwrite = false; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupUUID(uuid_key_value); - setupKeyType(key_type); - setupLength(key_length, key_type); - setupScheme(key_scheme, key_type); - - libhis_createkey temp; - - if(key_type == KEY_SIGN) - temp.initsign(key_length, key_scheme); - else if(key_type == KEY_BIND) - temp.initbind(key_length, key_scheme); - else if(key_type == KEY_STOR) - temp.initstorage(key_length, key_scheme); - - temp.createkey(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, uuid_overwrite); - - } - catch(libhis_exception &e) - { - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - throw e; - } - - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - return; - } - - /* - * Change Key Authorization - * Authorization data can be changed for any identity, signing, binding, - * or storage key excluding the SRK (Note: Storage keys not supported by - * this program due to TSS vendors not always supporting key heirarchies - * for some bizarre reason -- it's part of the 1.2 spec, how is it still - * not supported?). - */ - void changekeyauth() - { - if(bhelp) - { - cout << "Change Key Auth Mode" << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_key | -authp_key Key auth in SHA1 or Plain mode" << endl - << " -auths_new | -authp_new New key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -t | -type Key type IDENTITY, SIGN, BIND, or STORAGE" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " NOTE: length not used for identity keys" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " No output." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *auth_new_value = 0; - unsigned long auth_new_size = 0; - bool auth_new_sha1 = false; - unsigned char *uuid_key_value = 0; - int key_type = 0; - unsigned long key_length = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupAuth(auth_new_value, auth_new_size, auth_new_sha1, AUTH_NEW); - setupUUID(uuid_key_value); - setupKeyType(key_type); - setupLength(key_length, key_type); - - libhis_changekeyauth temp; - - if(key_type == KEY_IK) - temp.initidentity(); - else if(key_type == KEY_SIGN) - temp.initsign(key_length); - else if(key_type == KEY_BIND) - temp.initbind(key_length); - else if(key_type == KEY_STOR) - temp.initstorage(key_length); - - temp.changekeyauth(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, auth_new_value, auth_new_size, auth_new_sha1); - } - catch(libhis_exception &e) - { - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - if(auth_new_value != 0 && auth_new_sha1) delete [] auth_new_value; - throw e; - } - - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - if(auth_new_value != 0 && auth_new_sha1) delete [] auth_new_value; - return; - } - - /* - * Get Keyblob - * Gets the keyblob for some binding, signing, and identity keys depending - * on key initialization values. Cannot get the keyblob for EK or SRK. - */ - void getkeyblob() - { - if(bhelp) - { - cout << "Get Key Blob Mode" << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_key | -authp_key Key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -t | -type Key type IDENTITY, SIGN, BIND, or STORAGE" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " NOTE: length not used for identity keys" << endl - << " NOTE: You cannot get the keyblob of an EK or SRK!" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " Hex[n] keyblob." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *uuid_key_value = 0; - int key_type = 0; - unsigned long key_length = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupUUID(uuid_key_value); - setupKeyType(key_type); - setupLength(key_length, key_type); - - libhis_getkeyblob temp; - - if(key_type == KEY_IK) - temp.initidentity(); - else if(key_type == KEY_SIGN) - temp.initsign(key_length); - else if(key_type == KEY_BIND) - temp.initbind(key_length); - else if(key_type == KEY_STOR) - temp.initstorage(key_length); - - temp.getkeyblob(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - if(output_value != 0) delete [] output_value; - } - - /* - * Get Modulus - * Gets the key modulus of TPM and TSS-protected keys. Handles identity, - * signing, and binding keys. For legacy reasons EK and SRK support are - * also provided. EK and SRK return the public key, not the modulus, so - * they are no longer a documented feature of this mode. - */ - void getmodulus() - { - if(bhelp) - { - cout << "Get Key Modulus Mode" << endl - << "Acquires the modulus for an RSA key protected by the TPM. See Get Public Key for" << endl - << "acquiring the EK and SRK public key. EK public key will still be returned by" << endl - << "this function but is deprecated." << endl - << endl - //<< "Input Required For All Keys:" << endl - << " -t | -type Key type IDENTITY, SIGN, BIND, or STORAGE" << endl - //<< endl - //<< "Required Inputs for both EK and SRK" << endl - //<< " -auths_owner | -authp_owner Owner auth in SHA1 or Plain mode" << endl - //<< endl - //<< "Required Inputs for EK only" << endl - //<< " -n | -nonce | -nr Nonce data as hex SHA1 hash" << endl - //<< endl - //<< "Required Inputs For Identity, Sign, and Bind keys" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_key | -authp_key Key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " NOTE: length not used for identity keys" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " Hex[n] key modulus." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *uuid_key_value = 0; - int key_type = 0; - unsigned long key_length = 0; - unsigned char *nonce = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupKeyType(key_type); - - libhis_getkeymodulus temp; - - if(key_type == KEY_IK) - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupUUID(uuid_key_value); - setupLength(key_length, key_type); - - temp.initidentity(); - temp.getkeymodulus(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, output_value, output_size); - } - else if(key_type == KEY_SIGN) - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupUUID(uuid_key_value); - setupLength(key_length, key_type); - - temp.initsign(key_length); - temp.getkeymodulus(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, output_value, output_size); - } - else if(key_type == KEY_BIND) - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupUUID(uuid_key_value); - setupLength(key_length, key_type); - - temp.initbind(key_length); - temp.getkeymodulus(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, output_value, output_size); - } - else if(key_type == KEY_STOR) - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupUUID(uuid_key_value); - setupLength(key_length, key_type); - - temp.initstorage(key_length); - temp.getkeymodulus(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, output_value, output_size); - } - else if(key_type == KEY_EK) - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupNonce(nonce); - - temp.getpubek(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, nonce, output_value, output_size); - } - else if(key_type == KEY_SRK) - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - - temp.getpubsrk(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, output_value, output_size); - } - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Clear Key - * Clears a key from the TSS's key hierarchy. Frees up its UUID for another - * use. - */ - void clearkey() - { - if(bhelp) - { - cout << "Clear Key Mode" << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_key | -authp_key Key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " No output." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *uuid_key_value = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_KEY); - setupUUID(uuid_key_value); - - libhis_clearkey temp; - - temp.clearkey(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value); - } - catch(libhis_exception &e) - { - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - throw e; - } - - if(auth_srk_value != 0 && auth_srk_sha1) delete [] auth_srk_value; - if(auth_key_value != 0 && auth_key_sha1) delete [] auth_key_value; - return; - } - - /* - * Get PCR - * Queries the TPM for PCR values. Similar to a Quote without the signature - * or identity key. Does not give the same assurance value as a Quote, but - * good for a quick glipse of the values. Do NOT use this where a Quote is - * appropriate. Getting PCRs and then signing them is not as strong as a - * Quote. - */ - void getpcr() - { - if(bhelp) - { - cout << "Get PCR Mode" << endl - << " Reads in PCR values and displays them." << endl - << endl - << "Input:" << endl - << " -p | -pcrs PCR selection mask low to high" << endl - << " NOTE: 7 6 5 4 3 2 1 0 15 14 13 12 11 10 9 8 23 22 21 20 19 18 17 16" << endl - << endl - << "Output:" << endl - << " Hex[n] list of PCRS concatenated on one line. Use -r to delimit PCRs with newlines." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *mask = 0; - unsigned char *output_pcrs_value = 0; - unsigned long output_pcrs_size = 0; - - try - { - setupMask(mask); - - libhis_getpcr temp; - - temp.getpcr(mask, output_pcrs_value, output_pcrs_size); - - for(unsigned long i = 0; i < output_pcrs_size; i++) - { - cout << setbase(16) << setw(2) << setfill('0') << (int)output_pcrs_value[i]; - if(breadable && (i + 1) % 20 == 0) cout << endl; - } - } - catch(libhis_exception &e) - { - if(output_pcrs_value != 0) delete [] output_pcrs_value; - throw e; - } - - if(output_pcrs_value != 0) delete [] output_pcrs_value; - return; - } - - /* - * Extend PCR - * Adds a SHA1 hash to a PCR's measurement log and extends the current - * register value. - */ - void extendpcr() - { - if(bhelp) - { - cout << "Extend PCR Mode" << endl - << " Extend any PCR any time." << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -i | -index Index of PCR to be extended" << endl - << " NOTE: 0 to 23 index number selection. Mask positions are:" << endl - << " 7 6 5 4 3 2 1 0 15 14 13 12 11 10 9 8 23 22 21 20 19 18 17 16" << endl - << " -p | -payload SHA1 hash to extend into PCR" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " Hex[40] new PCR value." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned long index = -1; - unsigned char *hash = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - - //find the index - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-i") == 0 || strcasecmp(argv[i], "-index") == 0) && (i + 1) < argc) - { - index = atoi(argv[i + 1]); - break; - } - } - if(index < 0 || index > 23) throw libhis_exception("Index number argument missing", 410); - - //find the hash - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-payload") == 0) && (i + 1) < argc) - { - hash = hexToBin(argv[i + 1]); - break; - } - } - if(hash == 0) throw libhis_exception("Hash argument missing", 410); - - libhis_extendpcr temp; - - temp.extendpcr(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, index, hash, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(hash != 0) delete [] hash; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(hash != 0) delete [] hash; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Clear PCR - * Attempts to clear a PCR value. Normally PCRs between 0 and 15 cannot be - * cleared due to locality issues. This function does not support locality - * control as it was unclear just how to do that. Probably a good idea to - * implement locality support in future versions of this function. FIXME - */ - void clearpcr() - { - if(bhelp) - { - cout << "Clear PCR Mode" << endl - << " Does not normally work except on the final 8 PCRs." << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -p | -pcrs PCR selection mask low to high" << endl - << " NOTE: 7 6 5 4 3 2 1 0 15 14 13 12 11 10 9 8 23 22 21 20 19 18 17 16" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " No output." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned char *mask = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupMask(mask); - - libhis_clearpcr temp; - temp.clearpcr(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, mask); - } - catch(libhis_exception &e) - { - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - throw e; - } - - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - return; - } - - /* - * Set NVDATA - * Writes a block of data to the TPM's non-volatile memory (NVRAM). Auth - * data is required to enforce parity between Windows and Linux. - */ - void setnvdata() - { - if(bhelp) - { - cout << "Set NVData Mode" << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -i | -index EK, CC, PC, or PCC sets index" << endl - << " -p | -payload Data to be written" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " No output." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned long index = -1; - unsigned char *payload_value = 0; - unsigned long payload_size = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupNVIndex(index); - - //find NVData payload - for(int i = 0; i < argc; i++) - { - if(((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-payload") == 0)) && i + 1 < argc) - { - payload_value = hexToBin(argv[i + 1]); - payload_size = strlen(argv[i + 1]) / 2; - } - } - if(payload_value == 0) throw libhis_exception("NVData payload argument", 410); - - libhis_setnvdata temp; - temp.setnvdata(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, index, payload_value, payload_size); - } - catch(libhis_exception &e) - { - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(payload_value != 0) delete [] payload_value; - throw e; - } - - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(payload_value != 0) delete [] payload_value; - return; - } - - /* - * Get NVDATA - * Pulls data from a block of TPM non-volatile memory (NVRAM). Non- - * destructive. - */ - void getnvdata() - { - if(bhelp) - { - cout << "Get NVData Mode" << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -i | -index EK, CC, PC, or PCC sets index" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " Hex[n] NVRAM stored data blob." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned long index = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupNVIndex(index); - - libhis_getnvdata temp; - temp.getnvdata(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, index, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Clear NVDATA - * Invalidates a block of NVDATA address space. Some TPMs will immediately - * zero this space, but not all will. Recommended that random garbage data - * be written to the address space and then cleared. - */ - void clearnvdata() - { - if(bhelp) - { - cout << "Clear NVData Mode" << endl - << endl - << "Input:" << endl - << " -auths_tpm | -authp_tpm TPM owner auth in SHA1 or Plain mode" << endl - << " -i | -index EK, CC, PC, or PCC sets index" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " No output." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - unsigned long index = 0; - - try - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupNVIndex(index); - - libhis_clearnvdata temp; - temp.clearnvdata(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, index); - } - catch(libhis_exception &e) - { - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - throw e; - } - - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - return; - } - - /* - * Sign - * Signs data using a TPM-based signature key. - */ - void sign() - { - if(bhelp) - { - cout << "Sign Data Mode" << endl - << " Sign a hash using a TPM signature key." << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_sign | -authp_sign Signing key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " -s | -scheme Signing scheme" << endl - << " Signing key only: SHA1 or DER" << endl - << " -p | -payload Hash to be signed" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " Hex[n] signature value." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *uuid_key_value = 0; - unsigned long key_length = 0; - unsigned long key_scheme = 0; - unsigned char *hash = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_SIGN); - setupUUID(uuid_key_value); - setupLength(key_length, KEY_SIGN); - setupScheme(key_scheme, KEY_SIGN); - - //find the encrypted data blob - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-payload") == 0) && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - hash = hexToBin(argv[i + 1]); - break; - } - } - if(hash == 0) throw libhis_exception("Hash argument", 410); - - libhis_sign temp; - temp.initsign(key_length, key_scheme); - - temp.sign(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, hash, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(hash != 0) delete [] hash; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(hash != 0) delete [] hash; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Verify Signature - * Verifies a signature against a blob of data and provided key. - */ - void verifysignature() - { - if(bhelp) - { - cout << "Verify Signature Mode" << endl - << " Verify a signature using a TPM signing key." << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_sign | -authp_sign Signing key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " -s | -scheme SHA1 or DER signing scheme" << endl - << " -o | -original Original hash that was signed" << endl - << " -p | -payload Signature to be verified" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " No output. Check the return value. 0 means success. Non-zero means fail." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *uuid_key_value = 0; - unsigned long key_length = 0; - unsigned long key_scheme = 0; - unsigned char *hash = 0; - unsigned char *signature_value = 0; - unsigned long signature_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_SIGN); - setupUUID(uuid_key_value); - setupLength(key_length, KEY_SIGN); - setupScheme(key_scheme, KEY_SIGN); - - //find the encrypted data blob - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-o") == 0 || strcasecmp(argv[i], "-original") == 0) && (i + 1) < argc && strlen(argv[i + 1]) == 40) - { - hash = hexToBin(argv[i + 1]); - break; - } - } - if(hash == 0) throw libhis_exception("Hash argument missing", 410); - - //find the encrypted data blob - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-payload") == 0) && (i + 1) < argc) - { - signature_value = hexToBin(argv[i + 1]); - signature_size = strlen(argv[i + 1]) / 2; - break; - } - } - if(signature_size == 0) throw libhis_exception("Signature argument", 411); - - libhis_verifysignature temp; - temp.initsign(key_length, key_scheme); - - temp.verifysignature(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, uuid_key_value, hash, signature_value, signature_size); - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(hash != 0) delete [] hash; - if(signature_value != 0) delete [] signature_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(hash != 0) delete [] hash; - if(signature_value != 0) delete [] signature_value; - return; - } - - /* - * Bind - * Uses a binding key protected by the TPM to encrypt data. Protects - * encrypted data with an authorization value. - */ - void bind() - { - if(bhelp) - { - cout << "Bind Data Mode" << endl - << " Uses a TPM binding key to encrypt data." << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_bind | -authp_bind Binding key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " -s | -scheme Binding scheme" << endl - << " Binding key only: PKCS, SOAP, CNT, OFB, or PAD" << endl - << " -p | -payload Payload data to be bouund" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " Hex[n] encrypted datablob." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *auth_enc_value = 0; - unsigned long auth_enc_size = 0; - bool auth_enc_sha1 = false; - unsigned char *uuid_key_value = 0; - unsigned long key_length = 0; - unsigned long key_scheme = 0; - unsigned char *payload_value = 0; - unsigned long payload_size = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_BIND); - setupAuth(auth_enc_value, auth_enc_size, auth_enc_sha1, AUTH_ENC); - setupUUID(uuid_key_value); - setupLength(key_length, KEY_BIND); - setupScheme(key_scheme, KEY_BIND); - - //find the encrypted data blob - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-payload") == 0) && (i + 1) < argc) - { - payload_value = hexToBin(argv[i + 1]); - payload_size = strlen(argv[i + 1]) / 2; - break; - } - } - if(payload_size == 0) throw libhis_exception("Payload argument", 410); - - libhis_bind temp; - temp.initbind(key_length, key_scheme); - - temp.bind(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, auth_enc_value, auth_enc_size, auth_enc_sha1, uuid_key_value, payload_value, payload_size, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(payload_value != 0) delete [] payload_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(payload_value != 0) delete [] payload_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Unbind - * This function will decrypt data encrypted by a TPM-based binding key. - * TCG has their own format for encrypted data blobs controlled by binding - * keys. - */ - void unbind() - { - if(bhelp) - { - cout << "Unbind Data Mode" << endl - << " Decrypt a data blob that was encrypted with a TPM binding key." << endl - << endl - << "Input:" << endl - << " -auths_srk | -authp_srk SRK auth in SHA1 or Plain mode" << endl - << " -auths_bind | -authp_bind Binding key auth in SHA1 or Plain mode" << endl - << " -u Key UUID for storage and retrieval" << endl - << " -l | -length Key length 512, 1024, 2048, 4096, 8192" << endl - << " -s | -scheme Binding scheme" << endl - << " Binding key only: PKCS, SOAP, CNT, OFB, or PAD" << endl - << " -p | -payload Payload data to be unbound" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << endl - << "Output:" << endl - << " Hex[n] decrypted datablob." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_srk_value = 0; - unsigned long auth_srk_size = 0; - bool auth_srk_sha1 = false; - unsigned char *auth_key_value = 0; - unsigned long auth_key_size = 0; - bool auth_key_sha1 = false; - unsigned char *auth_enc_value = 0; - unsigned long auth_enc_size = 0; - bool auth_enc_sha1 = false; - unsigned char *uuid_key_value = 0; - unsigned long key_length = 0; - unsigned long key_scheme = 0; - unsigned char *payload_value = 0; - unsigned long payload_size = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupAuth(auth_srk_value, auth_srk_size, auth_srk_sha1, AUTH_SRK); - setupAuth(auth_key_value, auth_key_size, auth_key_sha1, AUTH_BIND); - setupAuth(auth_enc_value, auth_enc_size, auth_enc_sha1, AUTH_ENC); - setupUUID(uuid_key_value); - setupLength(key_length, KEY_BIND); - setupScheme(key_scheme, KEY_BIND); - - //find the encrypted data blob - for(int i = 0; i < argc; i++) - { - if((strcasecmp(argv[i], "-p") == 0 || strcasecmp(argv[i], "-payload") == 0) && (i + 1) < argc) - { - payload_value = hexToBin(argv[i + 1]); - payload_size = strlen(argv[i + 1]) / 2; - break; - } - } - if(payload_size == 0) throw libhis_exception("Payload argument", 410); - - libhis_unbind temp; - temp.initbind(key_length, key_scheme); - - temp.unbind(auth_srk_value, auth_srk_size, auth_srk_sha1, auth_key_value, auth_key_size, auth_key_sha1, auth_enc_value, auth_enc_size, auth_enc_sha1, uuid_key_value, payload_value, payload_size, output_value, output_size); - - for(unsigned long i = 0; i < output_size; i++) - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - catch(libhis_exception &e) - { - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(payload_value != 0) delete [] payload_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_srk_sha1 && auth_srk_value != 0) delete [] auth_srk_value; - if(auth_key_sha1 && auth_key_value != 0) delete [] auth_key_value; - if(auth_enc_sha1 && auth_enc_value != 0) delete [] auth_enc_value; - if(payload_value != 0) delete [] payload_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Get Public Key - * This function will acquire public keys for the EK and SRK. Ownership is - * required for getting both keys. - */ - void getpubkey() - { - if(bhelp) - { - cout << "Get Public Key Mode" << endl - << "Acquires the public key (modulus and public exponent) for the EK and SRK." << endl - << endl - << "Input Required For All Keys:" << endl - << " -t | -type Key type EK or SRK" << endl - << " -auths_owner | -authp_owner Owner auth in SHA1 or Plain mode" << endl - << endl - << "Required Inputs for EK Only" << endl - << " -auths_owner | -authp_owner Owner auth in SHA1 or Plain mode" << endl - << " -nonce | -nonce_random Nonce data as hex SHA1 hash" << endl - << endl - << "Optional:" << endl - << " -z | -zeros Set missing auth values to zero hash" << endl - << " -nr | -nonce_random TPM random byte generator nonce" << endl - << endl - << "Output:" << endl - << " Hex[n] public key." << endl - << endl; - throw libhis_exception("Help argument set", 400); - } - - unsigned char *auth_tpm_value = 0; - unsigned long auth_tpm_size = 0; - bool auth_tpm_sha1 = false; - int key_type = 0; - unsigned char *nonce = 0; - unsigned char *output_value = 0; - unsigned long output_size = 0; - - try - { - setupKeyType(key_type); - - libhis_getpubkey temp; - - if(key_type == KEY_EK) - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - setupNonce(nonce); - - temp.getpubek(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, nonce, output_value, output_size); - } - else if(key_type == KEY_SRK) - { - setupAuth(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, AUTH_TPM); - - temp.getpubsrk(auth_tpm_value, auth_tpm_size, auth_tpm_sha1, output_value, output_size); - } - else - { - throw libhis_exception("Key type not valid for this function. Use EK or SRK.", 412); - } - - for(unsigned long i = 0; i < output_size; i++) - { - cout << setbase(16) << setw(2) << setfill('0') << (int)output_value[i]; - } - cout << endl; - } - catch(libhis_exception &e) - { - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(output_value != 0) delete [] output_value; - throw e; - } - - if(auth_tpm_value != 0 && auth_tpm_sha1) delete [] auth_tpm_value; - if(output_value != 0) delete [] output_value; - return; - } - - /* - * Error Helper - * Converts numeric error codes into textual representations. Attempts to - * describe the meaning of error codes and provide clues as to the cause. - */ - void error_helper(int result) - { - switch(result) - { - case 1: - cerr << "TPM_E_AUTHFAIL -- An authorization data value is invalid." << endl; - break; - case 2: - cerr << "TPM_E_BADINDEX" << endl; - break; - case 3: - cerr << "TPM_E_BAD_PARAMETER -- A provided parameter does not meet specification. Normally provided data is not in the correct TCG structure." << endl; - break; - case 4: - cerr << "TPM_E_AUDITFAILURE" << endl; - break; - case 5: - cerr << "TPM_E_CLEAR_DISABLED" << endl; - break; - case 6: - cerr << "TPM_E_DEACTIVATED -- TPM is deactivated. Go to BIOS and reactivate. This could require power cycling." << endl; - break; - case 7: - cerr << "TPM_E_DISABLED -- TPM has been disabled. Go to BIOS and enable TPM. Also remember to active it! This could require power cycling." << endl; - break; - case 8: - cerr << "TPM_E_DISABLED_CMD -- Command disabled because it probably already ran or is no longer applicable. Very common when trying to take ownership when ownership already exists or when trying to get the public EK without owner auth after ownership is established." << endl; - break; - case 9: - cerr << "TPM_E_FAIL" << endl; - break; - case 10: - cerr << "TPM_E_BAD_ORDINAL -- TPM firmware does not support this command." << endl; - break; - case 11: - cerr << "TPM_E_INSTALL_DISABLED" << endl; - break; - case 12: - cerr << "TPM_E_INVALID_KEYHANDLE" << endl; - break; - case 13: - cerr << "TPM_E_KEYNOTFOUND -- No key for this UUID." << endl; - break; - case 14: - cerr << "TPM_E_INAPPROPRIATE_ENC -- Invalid encrypted data or implementation defect in TPM firmware. You may also have told this software to use an encryption scheme not supported this TPM." << endl; - break; - case 15: - cerr << "TPM_E_MIGRATEFAIL" << endl; - break; - case 16: - cerr << "TPM_E_INVALID_PCR_INFO" << endl; - break; - case 17: - cerr << "TPM_E_NOSPACE" << endl; - break; - case 18: - cerr << "TPM_E_NOSRK -- Enable TPM, activate TPM, and take ownership to create SRK. Your TPM is probably not set correctly in the BIOS or you accidentally cleared and disabled it." << endl; - break; - case 19: - cerr << "TPM_E_NOTSEALED_BLOB" << endl; - break; - case 20: - cerr << "TPM_E_OWNER_SET -- Ownership already established for this TPM. Not necessarily an error since you can share ownership with multiple sources." << endl; - break; - case 21: - cerr << "TPM_E_RESOURCES" << endl; - break; - case 22: - cerr << "TPM_E_SHORTRANDOM" << endl; - break; - case 23: - cerr << "TPM_E_SIZE" << endl; - break; - case 24: - cerr << "TPM_E_WRONGPCRVAL" << endl; - break; - case 25: - cerr << "TPM_E_BAD_PARAM_SIZE " << endl; - break; - case 26: - cerr << "TPM_E_SHA_THREAD" << endl; - break; - case 27: - cerr << "TPM_E_SHA_ERROR" << endl; - break; - case 28: - cerr << "TPM_E_FAILEDSELFTEST -- Bad state. Try disabling and then re-enabling TPM." << endl; - break; - case 29: - cerr << "TPM_E_AUTH2FAIL" << endl; - break; - case 30: - cerr << "TPM_E_BADTAG" << endl; - break; - case 31: - cerr << "TPM_E_IOERROR -- Check TPM kernel module or driver. On Linux this is tpm_tis module. This error can also indicate an unsupported TPM function on older TPMs." << endl; - break; - case 32: - cerr << "TPM_E_ENCRYPT_ERROR -- In the case of binding data it is possible this data may be too large. Break it apart. In the case of identity provisioning it is possible the EK and AIK certificates are not valid for the current keys. Make them again." << endl; - break; - case 33: - cerr << "TPM_E_DECRYPT_ERROR -- In the case of binding data it is possible this data might not have been encrypted by a TPM. Use TCG structures next time. In the case of identity provisioning this error can indicate an invalid EK or AIK certificate." << endl; - break; - case 34: - cerr << "TPM_E_INVALID_AUTHHANDLE" << endl; - break; - case 35: - cerr << "TPM_E_NO_ENDORSEMENT -- Create an endorsement key and try again." << endl; - break; - case 36: - cerr << "TPM_E_INVALID_KEYUSAGE -- This key UUID is not valid for this key command." << endl; - break; - case 37: - cerr << "TPM_E_WRONG_ENTITYTYPE" << endl; - break; - case 38: - cerr << "TPM_E_INVALID_POSTINIT" << endl; - break; - case 39: - cerr << "TPM_E_INAPPROPRIATE_SIG" << endl; - break; - case 40: - cerr << "TPM_E_BAD_KEY_PROPERTY" << endl; - break; - case 41: - cerr << "TPM_E_BAD_MIGRATION" << endl; - break; - case 42: - cerr << "TPM_E_BAD_SCHEME" << endl; - break; - case 43: - cerr << "TPM_E_BAD_DATASIZE" << endl; - break; - case 44: - cerr << "TPM_E_BAD_MODE" << endl; - break; - case 45: - cerr << "TPM_E_BAD_PRESENCE" << endl; - break; - case 46: - cerr << "TPM_E_BAD_VERSION" << endl; - break; - case 47: - cerr << "TPM_E_NO_WRAP_TRANSPORT" << endl; - break; - case 48: - cerr << "TPM_E_AUDITFAIL_UNSUCCESSFUL" << endl; - break; - case 49: - cerr << "TPM_E_AUDITFAIL_SUCCESSFUL" << endl; - break; - case 50: - cerr << "TPM_E_NOTRESETABLE" << endl; - break; - case 51: - cerr << "TPM_E_NOTLOCAL" << endl; - break; - case 52: - cerr << "TPM_E_BAD_TYPE" << endl; - break; - case 53: - cerr << "TPM_E_INVALID_RESOURCE" << endl; - break; - case 54: - cerr << "TPM_E_NOTFIPS" << endl; - break; - case 55: - cerr << "TPM_E_INVALID_FAMILY" << endl; - break; - case 56: - cerr << "TPM_E_NO_NV_PERMISSION -- NTrue does not require auth data on NVRAM access. Trousers does. This software _always_requires NVRAM auth data as a result. This error can happen when another program sets NVRAM data without auth." << endl; - break; - case 57: - cerr << "TPM_E_REQUIRES_SIGN" << endl; - break; - case 58: - cerr << "TPM_E_KEY_NOTSUPPORTED" << endl; - break; - case 59: - cerr << "TPM_E_AUTH_CONFLICT" << endl; - break; - case 60: - cerr << "TPM_E_AREA_LOCKED -- TXT will lock parts of NVRAM when enabled. You must disable TXT to unlock the NVRAM for writing of policies and other data. Then you may re-lock with TXT afterwards." << endl; - break; - case 61: - cerr << "TPM_E_BAD_LOCALITY" << endl; - break; - case 62: - cerr << "TPM_E_READ_ONLY" << endl; - break; - case 63: - cerr << "TPM_E_PER_NOWRITE" << endl; - break; - case 64: - cerr << "TPM_E_FAMILYCOUNT" << endl; - break; - case 65: - cerr << "TPM_E_WRITE_LOCKED" << endl; - break; - case 66: - cerr << "TPM_E_BAD_ATTRIBUTES" << endl; - break; - default: - break; - } - - return; - } -}; - -#endif diff --git a/tpm_module/libhis_collateidentityrequest.hpp b/tpm_module/libhis_collateidentityrequest.hpp deleted file mode 100644 index 8228520f..00000000 --- a/tpm_module/libhis_collateidentityrequest.hpp +++ /dev/null @@ -1,278 +0,0 @@ -#ifndef libhis_collateidentityrequest_hpp -#define libhis_collateidentityrequest_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_collateidentityrequest -{ -public: - libhis_collateidentityrequest() - { - //set default values - init_ik_size = TSS_KEY_SIZE_DEFAULT; - init_ik_type = TSS_KEY_TYPE_IDENTITY; - init_ik_authorized = TSS_KEY_AUTHORIZATION; - init_ik_migratable = TSS_KEY_NOT_MIGRATABLE; - init_ik_volatile = TSS_KEY_VOLATILE; - binitialized = false; - - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create IK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result); - - //Create ACAK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_acak); - if(result != TSS_SUCCESS) throw libhis_exception("Create ACAK", result); - } - - void init() - { - //combine the init flags - init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile; - - //Create IK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result); - - binitialized = true; - } - - void collateidentityrequest( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_ik_value, - unsigned long auth_ik_size, - bool auth_ik_sha1, - unsigned char *label_ik_value, - unsigned long label_ik_size, - unsigned char *key_acak_value, - unsigned long key_acak_size, - unsigned char *uuid_ik_value, - bool uuid_overwrite, - unsigned char *ekc_value, - unsigned long ekc_size, - unsigned char *pc_value, - unsigned long pc_size, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result); - - //assign the TPM auth to the ACAK too - result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_acak); - if(result != TSS_SUCCESS) throw libhis_exception("Assign ACAK Secret", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //set up IK auth - if(auth_ik_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result); - } - - //assign the IK auth - result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result); - - //set ACAK blob - result = Tspi_SetAttribData(hkey_acak, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, key_acak_size, key_acak_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ACAK Blob", result); - - if(ekc_size != 0) - { - //set the EK cert - result = Tspi_SetAttribData(htpm, TSS_TSPATTRIB_TPM_CREDENTIAL, TSS_TPMATTRIB_EKCERT, ekc_size, ekc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set EK credential blob", result); - } - - if(pc_size != 0) - { - //set the Platform cert - result = Tspi_SetAttribData(htpm, TSS_TSPATTRIB_TPM_CREDENTIAL, TSS_TPMATTRIB_PLATFORMCERT, pc_size, pc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set Platform credential blob", result); - } - - //Collate identity request - BYTE *value; - UINT32 size; - result = Tspi_TPM_CollateIdentityRequest(htpm, hkey_srk, hkey_acak, label_ik_size, label_ik_value, hkey_ik, TSS_ALG_AES, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Collate identity Request", result); - - //Copy memory because TSS uses malloc and free, but we're using new and delete - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - { - output_value[i] = value[i]; - } - - //clean up the TSS data -- CANNOT DO THIS; TSS MEMORY LEAK? - //result = Tspi_Context_FreeMemory(hcontext, value); - //if(result != TSS_SUCCESS) throw libhis_exception("Cleanup identity request", result); - - //Unwrap the newly generated IK - result = Tspi_Key_LoadKey(hkey_ik, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result); - - //Set up the IK UUID - hextouuid(uuid_ik_value, uuid_ik); - - try - { - //save ik - result = Tspi_Context_RegisterKey(hcontext, hkey_ik, TSS_PS_TYPE_SYSTEM, uuid_ik, TSS_PS_TYPE_SYSTEM, uuid_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Save IK By UUID", result); - } - catch(libhis_exception &e) - { - if(uuid_overwrite) - { - //Unregister the existing key - result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_unregister); - if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result); - - //Register a new key - result = Tspi_Context_RegisterKey(hcontext, hkey_ik, TSS_PS_TYPE_SYSTEM, uuid_ik, TSS_PS_TYPE_SYSTEM, uuid_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Resave IK By UUID", result); - } - else throw e; - } - - return; - } - - ~libhis_collateidentityrequest() - { - //clean up ACAK - result = Tspi_Context_CloseObject(hcontext, hkey_acak); - if(result != TSS_SUCCESS) throw libhis_exception("Close ACAK", result); - - //clean up IK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result); - - if(binitialized) - { - //clean up IK - result = Tspi_Context_CloseObject(hcontext, hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_ik, - hkey_acak, - hkey_unregister; - TSS_HPOLICY hpolicy_tpm, - hpolicy_srk, - hpolicy_ik; - TSS_UUID uuid_ik; - UINT32 init_ik, - init_ik_size, - init_ik_type, - init_ik_authorized, - init_ik_migratable, - init_ik_volatile; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_createek.hpp b/tpm_module/libhis_createek.hpp deleted file mode 100644 index df9256f7..00000000 --- a/tpm_module/libhis_createek.hpp +++ /dev/null @@ -1,70 +0,0 @@ -#ifndef libhis_createek_hpp -#define libhis_createek_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_createek -{ -public: - libhis_createek() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create EK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Create EK object handle", result); - } - - void createek( - unsigned char *nonce) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //TSS requires external data to be set for EK creation - validation.ulExternalDataLength = 20; - validation.rgbExternalData = nonce; - - //create EK - result = Tspi_TPM_CreateEndorsementKey(htpm, hkey_ek, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result); - } - - ~libhis_createek() - { - //clean up EK object - result = Tspi_Context_CloseObject(hcontext, hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Close EK object handle", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_ek; - TSS_VALIDATION validation; -}; - -#endif diff --git a/tpm_module/libhis_createkey.hpp b/tpm_module/libhis_createkey.hpp deleted file mode 100644 index 46b809de..00000000 --- a/tpm_module/libhis_createkey.hpp +++ /dev/null @@ -1,317 +0,0 @@ -#ifndef libhis_createkey_hpp -#define libhis_createkey_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_createkey -{ -public: - libhis_createkey() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - init_key_scheme = 0; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - } - - void initsign(unsigned int in_size, unsigned int in_scheme) - { - //set the type - init_key_type = TSS_KEY_TYPE_SIGNING; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //set the signature scheme - if(in_scheme == 0) - init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; - else if(in_scheme == 1) - init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER; - else - init_key_scheme = TSS_SS_NONE; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - //Set the signature scheme - result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme); - if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result); - - binitialized = true; - } - - void initbind(unsigned int in_size, unsigned int in_scheme) - { - //set the type - init_key_type = TSS_KEY_TYPE_BIND; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //set the encryption scheme - if(in_scheme == 0) - init_key_scheme = TSS_ES_RSAESPKCSV15; - else if(in_scheme == 1) - init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; - else if(in_scheme == 2) - init_key_scheme = TSS_ES_SYM_CNT; - else if(in_scheme == 3) - init_key_scheme = TSS_ES_SYM_OFB; - else if(in_scheme == 4) - init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD; - else - init_key_scheme = TSS_ES_NONE; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - //Set the encryption scheme - result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme); - if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result); - - binitialized = true; - } - - void initstorage(unsigned int in_size, unsigned int in_location) - { - //set the type - init_key_type = TSS_KEY_TYPE_STORAGE; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //set the encryption scheme - if(in_location == 0) - init_key_location = TSS_PS_TYPE_SYSTEM; - else - init_key_location = TSS_PS_TYPE_USER; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile | init_key_location; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void createkey( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *uuid_key_value, - bool uuid_overwrite) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //create the key - result = Tspi_Key_CreateKey(hkey_key, hkey_srk, 0); - - //Unwrap the newly generated key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - try - { - //save key - result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result); - } - catch(libhis_exception &e) - { - if(uuid_overwrite) - { - //Unregister the existing key - result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister); - if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result); - - //Register a new key - result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result); - } - else throw e; - } - - return; - } - - ~libhis_createkey() - { - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key, - hkey_unregister; - TSS_HPOLICY hpolicy_srk, - hpolicy_key; - TSS_UUID uuid_key; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile, - init_key_scheme, - init_key_location; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_errors.txt b/tpm_module/libhis_errors.txt deleted file mode 100644 index 08f8273d..00000000 --- a/tpm_module/libhis_errors.txt +++ /dev/null @@ -1,41 +0,0 @@ -< 200 TPM ERROR CODE -> 12000 TSS ERROR CODE - -TPM_MODULE ERROR CODES -------------------------- -290 can't open log file -300 invalid mode argument -310 hex to bin invalid length -311 hex to bin character validation error -312 hex to bin character validation error -320 new auth argument missing -321 tpm auth argument missing -322 srk auth argument missing -323 ik auth argument missing -324 sign auth argument missing -325 bind auth argument missing -326 stor auth argument missing -327 enc auth argument missing -328 key auth argument missing -330 nonce argument missing -340 uuid argument missing -350 pcrs argument missing -360 key type argument missing -361 key type argument invalid -370 key length argument missing -380 key scheme argument missing -381 signing scheme invalid -382 binding scheme invalid -390 nvram index missing -391 nvram index invalid -400 help argument set -410 mode-specific argument missing -411 mode-specific argument missing -412 mode-specific argument missing -420 uuid validation failure -421 uuid validation failure -422 uuid validation failure -423 uuid validation failure -424 uuid validation failure -425 uuid validation failure -430 mask validation failure diff --git a/tpm_module/libhis_exception.hpp b/tpm_module/libhis_exception.hpp deleted file mode 100644 index 15a11929..00000000 --- a/tpm_module/libhis_exception.hpp +++ /dev/null @@ -1,47 +0,0 @@ -#ifndef libhis_exception_hpp -#define libhis_exception_hpp - - -#ifdef WINDOWS - #include - using namespace std; - - class libhis_exception : public exception - { - public: - libhis_exception(const char *message, int value) : exception(message) - { - result = value; - } - - int result; - }; -#endif - -#ifdef LINUX - #include - #include - using namespace std; - - class libhis_exception - { - public: - libhis_exception(string inmessage, int value) - { - message = inmessage; - result = value; - } - - ~libhis_exception() {} - - string what() - { - return message; - } - - int result; - string message; - }; -#endif - -#endif diff --git a/tpm_module/libhis_extendpcr.hpp b/tpm_module/libhis_extendpcr.hpp deleted file mode 100644 index 9f2ce17c..00000000 --- a/tpm_module/libhis_extendpcr.hpp +++ /dev/null @@ -1,101 +0,0 @@ -#ifndef libhis_extendpcr_hpp -#define libhis_extendpcr_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_extendpcr -{ -public: - libhis_extendpcr() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - } - - void extendpcr( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned long pcr_index, - unsigned char *hash, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //extend PCR value - UINT32 size; - BYTE *value; - result = Tspi_TPM_PcrExtend(htpm, pcr_index, 20, hash, 0, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Extend PCR", result); - - //convert memory - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_value[i] = value[i]; - - //free dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Free dynamic memory", result); - - return; - } - - ~libhis_extendpcr() - { - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPOLICY hpolicy_tpm; -}; - -#endif diff --git a/tpm_module/libhis_getkeyblob.hpp b/tpm_module/libhis_getkeyblob.hpp deleted file mode 100644 index bf191932..00000000 --- a/tpm_module/libhis_getkeyblob.hpp +++ /dev/null @@ -1,292 +0,0 @@ -#ifndef libhis_getkeyblob_hpp -#define libhis_getkeyblob_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_getkeyblob -{ -public: - libhis_getkeyblob() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Context", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - } - - void initidentity() - { - //set the type - init_key_type = TSS_KEY_TYPE_IDENTITY; - - //set the key size - init_key_size = TSS_KEY_SIZE_DEFAULT; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initsign(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_SIGNING; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initbind(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_BIND; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initstorage(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_STORAGE; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void getkeyblob( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *uuid_key_value, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //Unwrap the key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //get the keyblob - UINT32 size; - BYTE *value; - result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Get keyblob", result); - - //copy out the results - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_value[i] = value[i]; - - //clean up dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result); - - return; - } - - ~libhis_getkeyblob() - { - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key; - TSS_HPOLICY hpolicy_srk, - hpolicy_key; - TSS_UUID uuid_key; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_getkeymodulus.hpp b/tpm_module/libhis_getkeymodulus.hpp deleted file mode 100644 index 229dacbb..00000000 --- a/tpm_module/libhis_getkeymodulus.hpp +++ /dev/null @@ -1,439 +0,0 @@ -#ifndef libhis_getkeymodulus_hpp -#define libhis_getkeymodulus_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_getkeymodulus -{ -public: - libhis_getkeymodulus() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create EK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - } - - void initidentity() - { - //set the type - init_key_type = TSS_KEY_TYPE_IDENTITY; - - //set the key size - init_key_size = TSS_KEY_SIZE_DEFAULT; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initsign(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_SIGNING; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initbind(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_BIND; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - void initstorage(unsigned int in_size) - { - //set the type - init_key_type = TSS_KEY_TYPE_STORAGE; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - binitialized = true; - } - - /* - * @Deprecated - */ - void getpubsrk( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //set up key container - UINT32 mod_size; - BYTE *mod_value; - - //get the public EK - result = Tspi_TPM_OwnerGetSRKPubKey(htpm, &mod_size, &mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public SRK", result); - - //copy out the SRK modulus - output_size = mod_size; - output_value = new unsigned char[mod_size]; - for(unsigned long i = 0; i < mod_size; i++) - output_value[i] = mod_value[i]; - - //clean up SRK modulus - result = Tspi_Context_FreeMemory(hcontext, mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result); - } - - /* - * @Deprecated - */ - void getpubek( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *nonce, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //assign the TPM auth to the EK - result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result); - - //set up nonce - validation.ulExternalDataLength = 20; - validation.rgbExternalData = nonce; - - try - { - //get the public EK - result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result); - } - catch(libhis_exception &e) - { - //get the public EK the Atmel TPM in an Ultrabook way - result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result); - - //let a second exception make its way upward (should be same error code) - } - - //get the modulus - UINT32 mod_size; - BYTE *mod_value; - result = Tspi_GetAttribData(hkey_ek, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &mod_size, &mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Get EK Blob", result); - - //copy out the EK modulus - output_size = mod_size; - output_value = new unsigned char[mod_size]; - for(unsigned long i = 0; i < mod_size; i++) - output_value[i] = mod_value[i]; - - //clean up ek modulus - result = Tspi_Context_FreeMemory(hcontext, mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result); - } - - void getkeymodulus( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *uuid_key_value, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //Unwrap the key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //get the keyblob - UINT32 size; - BYTE *value; - result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Get modulus", result); - - //copy out the results - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_value[i] = value[i]; - - //clean up dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result); - - return; - } - - ~libhis_getkeymodulus() - { - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //clean up EK object - result = Tspi_Context_CloseObject(hcontext, hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Close EK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_ek, - hkey_srk, - hkey_key, - hkey_unregister; - TSS_HPOLICY hpolicy_tpm, - hpolicy_srk, - hpolicy_key; - TSS_VALIDATION validation; - TSS_UUID uuid_key; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_getnvdata.hpp b/tpm_module/libhis_getnvdata.hpp deleted file mode 100644 index b5e5714f..00000000 --- a/tpm_module/libhis_getnvdata.hpp +++ /dev/null @@ -1,182 +0,0 @@ -#ifndef libhis_getnvdata_hpp -#define libhis_getnvdata_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include - -class libhis_getnvdata -{ -public: - libhis_getnvdata() - { - //set defaults - nvstore_index = 0; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create NVSTore object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result); - } - - void getnvdata( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned long nv_index, - unsigned char *&nv_value, - unsigned long &nv_size) - { - //set up the index value - bool nv_platform = false; - if(nv_index == 0) - nvstore_index = TPM_NV_INDEX_EKCert; - else if(nv_index == 1) - nvstore_index = TPM_NV_INDEX_TPM_CC; - else if(nv_index == 2) { - nvstore_index = TPM_NV_INDEX_PlatformCert; - nv_platform = true; - } - else if(nv_index == 3) { - nvstore_index = TPM_NV_INDEX_Platform_CC; - nv_platform = true; - } - else - nvstore_index = nv_index; - - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - // Check if the NV area is locked. Must be performed after TPM AUTH. - TSS_BOOL nvLocked; - result = Tspi_TPM_GetStatus(htpm, TSS_TPMSTATUS_NV_LOCK, &nvLocked); - if (result != TSS_SUCCESS) throw libhis_exception("Check TPM NV Lock", result); - - // If locked, set the bit in the index to retrieve the requested data. else, unset that bit. - nvstore_index = ((nvLocked == TRUE) && !nv_platform) ? nvstore_index + TSS_NV_DEFINED : nvstore_index & ~TSS_NV_DEFINED; - - //assign the TPM auth to the NVStore - result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result); - - //force NVData to be readable by the owner only - result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE); - if(result != TSS_SUCCESS) throw libhis_exception("Requier owner auth on NVStore read/write", result); - - //set the read address - result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index); - if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result); - - //get the size - UINT32 size = 0; - BYTE *value = 0; - -#ifdef WINDOWS - //read the size of the data at the index - result = Tspi_GetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_DATASIZE, 0, &size); - if(result != TSS_SUCCESS) throw libhis_exception("WINDOWS: Get size of NVStore object", result); -#endif -#ifdef LINUX - UINT32 ulResultLen; // stores the length of the data returned by GetCapability - // Retrieves a TPM_NV_DATA_PUBLIC structure that indicates the values for the specified NV area. - // The NV area is identified by the nvstore_index. - result = Tspi_TPM_GetCapability(htpm, TSS_TPMCAP_NV_INDEX, sizeof(UINT32), - (BYTE *)&nvstore_index, &ulResultLen, &value); - if(result == TSS_SUCCESS) { - UINT64 off = 0; - // value which is a BYTE* must be converted into its TSS Data Structure - TPM_NV_DATA_PUBLIC *nvDataPublicStruct = new TPM_NV_DATA_PUBLIC(); - // Trousers converts the data blob into the struct - result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, value, nvDataPublicStruct); - if(result != TSS_SUCCESS) { - delete nvDataPublicStruct; - throw libhis_exception("LINUX: Problems converting data blob to NV Public Data object", result); - } - // Save off the size of the data stored in the NV area. - size = nvDataPublicStruct->dataSize; - // Free the memory. - delete nvDataPublicStruct; - } -#endif - - if(size > 0) { - //read the nvdata - result = Tspi_NV_ReadValue(hnvstore, 0, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Read NVStore space", result); - - //copy out the values - nv_size = size; - nv_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - nv_value[i] = value[i]; - } - - //cleanup - result = Tspi_Context_FreeMemory(hcontext, value); - // I'm not sure if this error message is useful. But it was stopping the process unnecessarily. - //if(result != TSS_SUCCESS) throw libhis_exception("Clean memory", result); - } - - ~libhis_getnvdata() - { - //clean up NVStoer - result = Tspi_Context_CloseObject(hcontext, hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPOLICY hpolicy_tpm; - TSS_HNVSTORE hnvstore; - UINT32 nvstore_index; -}; - -#endif diff --git a/tpm_module/libhis_getpcr.hpp b/tpm_module/libhis_getpcr.hpp deleted file mode 100644 index f8610b8e..00000000 --- a/tpm_module/libhis_getpcr.hpp +++ /dev/null @@ -1,106 +0,0 @@ -#ifndef libhis_getpcr_hpp -#define libhis_getpcr_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_getpcr -{ -public: - libhis_getpcr() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create PCRS object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result); - } - - void getpcr( - unsigned char *mask, - unsigned char *&output_pcrs_value, - unsigned long &output_pcrs_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up mask - bool bitmask[24]; - for(short i = 0; i < 24; i++) - bitmask[i] = 0; - masktobitmask(mask, bitmask); - - //prepare the PCR output array - short counter = 0; - for(short i = 0; i < 24; i++) - if(bitmask[i]) counter++; - output_pcrs_size = counter * 20; - output_pcrs_value = new unsigned char[counter * 20]; - - //collect the PCR values - UINT32 temp_size; - BYTE *temp_value; - counter = 0; - for(unsigned long i = 0; i < 24; i++) - { - if(bitmask[i]) - { - result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result); - - result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result); - - result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - for(unsigned long j = 0; j < 20; j++) - output_pcrs_value[counter * 20 + j] = temp_value[j]; - - counter++; - - result = Tspi_Context_FreeMemory(hcontext, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result); - } - } - - return; - } - - ~libhis_getpcr() - { - //clean up PCRS - result = Tspi_Context_CloseObject(hcontext, hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPCRS hpcrs; -}; - -#endif diff --git a/tpm_module/libhis_getpubkey.hpp b/tpm_module/libhis_getpubkey.hpp deleted file mode 100644 index 138b9304..00000000 --- a/tpm_module/libhis_getpubkey.hpp +++ /dev/null @@ -1,166 +0,0 @@ -#ifndef libhis_getpubkey_hpp -#define libhis_getpubkey_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_getpubkey -{ -public: - libhis_getpubkey() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create EK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - } - - void getpubek( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *nonce, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //assign the TPM auth to the EK - result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result); - - //set up nonce - validation.ulExternalDataLength = 20; - validation.rgbExternalData = nonce; - - try - { - //get the public EK - result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result); - } - catch(libhis_exception &e) - { - //get the public EK the Atmel TPM in an Ultrabook way - result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result); - - //let a second exception make its way upward (should be same error code) - } - - //get the modulus - UINT32 mod_size; - BYTE *mod_value; - result = Tspi_GetAttribData(hkey_ek, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &mod_size, &mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Get EK Blob", result); - - //copy out the EK modulus - output_size = mod_size; - output_value = new unsigned char[mod_size]; - for(unsigned long i = 0; i < mod_size; i++) - output_value[i] = mod_value[i]; - - //clean up ek modulus - result = Tspi_Context_FreeMemory(hcontext, mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result); - } - - void getpubsrk( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //set up key container - UINT32 mod_size; - BYTE *mod_value; - - //get the public EK - result = Tspi_TPM_OwnerGetSRKPubKey(htpm, &mod_size, &mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public SRK", result); - - //copy out the SRK modulus - output_size = mod_size; - output_value = new unsigned char[mod_size]; - for(unsigned long i = 0; i < mod_size; i++) - output_value[i] = mod_value[i]; - - //clean up SRK modulus - result = Tspi_Context_FreeMemory(hcontext, mod_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_ek; - TSS_HPOLICY hpolicy_tpm; - TSS_VALIDATION validation; -}; - -#endif diff --git a/tpm_module/libhis_getrandombytes.hpp b/tpm_module/libhis_getrandombytes.hpp deleted file mode 100644 index dce8aef3..00000000 --- a/tpm_module/libhis_getrandombytes.hpp +++ /dev/null @@ -1,71 +0,0 @@ -#ifndef libhis_getrandombytes_hpp -#define libhis_getrandombytes_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_getrandombytes -{ -public: - libhis_getrandombytes() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - } - - void getrandombytes( - unsigned long bytes_size, - unsigned char *&output_value) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //get random bytes - BYTE *bytes_value; - result = Tspi_TPM_GetRandom(htpm, bytes_size, &bytes_value); - if(result != TSS_SUCCESS) throw libhis_exception("Get Random Bytes", result); - - //copy C-style output into C++ format - output_value = new unsigned char[bytes_size]; - for(unsigned long i = 0; i < bytes_size; i++) - { - output_value[i] = bytes_value[i]; - } - - //clean up random bytes - result = Tspi_Context_FreeMemory(hcontext, bytes_value); - if(result != TSS_SUCCESS) throw libhis_exception("Cleanup bytes", result); - - return; - } - - ~libhis_getrandombytes() - { - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; -}; - -#endif diff --git a/tpm_module/libhis_quote.hpp b/tpm_module/libhis_quote.hpp deleted file mode 100644 index 00eb72bb..00000000 --- a/tpm_module/libhis_quote.hpp +++ /dev/null @@ -1,436 +0,0 @@ -#ifndef libhis_quote_hpp -#define libhis_quote_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_quote -{ -public: - libhis_quote() - { - //set default values - init_ik_size = TSS_KEY_SIZE_DEFAULT; - init_ik_type = TSS_KEY_TYPE_IDENTITY; - init_ik_authorized = TSS_KEY_AUTHORIZATION; - init_ik_migratable = TSS_KEY_NOT_MIGRATABLE; - init_ik_volatile = TSS_KEY_VOLATILE; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create IK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result); - } - - void init(bool bshort) - { - if(bshort) - { - //Create PCRS object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result); - } - else - { - //Create PCRS object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO, &hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result); - } - - //combine the init flags - init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile; - - //Create IK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result); - - binitialized = true; - } - - void quote( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_ik_value, - unsigned long auth_ik_size, - bool auth_ik_sha1, - unsigned char *nonce, - unsigned char *uuid_ik_value, - unsigned char *mask, - unsigned char *&output_pcrs_value, - unsigned long &output_pcrs_size, - unsigned char *&output_quote_value, - unsigned long &output_quote_size, - unsigned char *&output_sig_value, - unsigned long &output_sig_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the IK UUID - hextouuid(uuid_ik_value, uuid_ik); - - //Get the IK by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result); - - //set up IK auth - if(auth_ik_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result); - } - - //assign the IK auth - result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result); - - //Unwrap the IK - result = Tspi_Key_LoadKey(hkey_ik, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result); - - //set up nonce - validation.ulExternalDataLength = 20; - validation.rgbExternalData = nonce; - - //set up mask - bool bitmask[24]; - for(short i = 0; i < 24; i++) - bitmask[i] = 0; - masktobitmask(mask, bitmask); - - //prepare the PCR output array - short counter = 0; - for(short i = 0; i < 24; i++) - if(bitmask[i]) counter++; - output_pcrs_size = counter * 20; - output_pcrs_value = new unsigned char[counter * 20]; - - //collect the PCR values - UINT32 temp_size; - BYTE *temp_value; - counter = 0; - for(unsigned long i = 0; i < 24; i++) - { - if(bitmask[i]) - { - result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result); - - result = Tspi_PcrComposite_SelectPcrIndex(hpcrs, i); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result); - - result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - for(unsigned long j = 0; j < 20; j++) - output_pcrs_value[counter * 20 + j] = temp_value[j]; - - counter++; - - result = Tspi_Context_FreeMemory(hcontext, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result); - } - } - - //quote - result = Tspi_TPM_Quote(htpm, hkey_ik, hpcrs, &validation); - if(result != TSS_SUCCESS) throw libhis_exception("Quote", result); - - //copy values - output_quote_size = validation.ulDataLength; - output_quote_value = new unsigned char[validation.ulDataLength]; - for(unsigned long i = 0; i < validation.ulDataLength; i++) - output_quote_value[i] = validation.rgbData[i]; - - result = Tspi_Context_FreeMemory(hcontext, validation.rgbData); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up digest", result); - - output_sig_size = validation.ulValidationDataLength; - output_sig_value = new unsigned char [validation.ulValidationDataLength]; - for(unsigned long i = 0; i < validation.ulValidationDataLength; i++) - output_sig_value[i] = validation.rgbValidationData[i]; - - result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up signature", result); - - return; - } - - void quote2( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_ik_value, - unsigned long auth_ik_size, - bool auth_ik_sha1, - unsigned char *nonce, - unsigned char *uuid_ik_value, - unsigned char *mask, - unsigned char *&output_pcrs_value, - unsigned long &output_pcrs_size, - unsigned char *&output_quote_value, - unsigned long &output_quote_size, - unsigned char *&output_sig_value, - unsigned long &output_sig_size, - bool bCapVersion) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the IK UUID - hextouuid(uuid_ik_value, uuid_ik); - - //Get the IK by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result); - - //set up IK auth - if(auth_ik_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result); - } - - //assign the IK auth - result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result); - - //Unwrap the IK - result = Tspi_Key_LoadKey(hkey_ik, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result); - - //set up nonce - validation.ulExternalDataLength = 20; - validation.rgbExternalData = nonce; - - //set up mask - bool bitmask[24]; - for(short i = 0; i < 24; i++) - bitmask[i] = 0; - masktobitmask(mask, bitmask); - - //prepare the PCR output array - short counter = 0; - for(short i = 0; i < 24; i++) - if(bitmask[i]) counter++; - output_pcrs_size = counter * 20; - output_pcrs_value = new unsigned char[counter * 20]; - - //collect the PCR values - UINT32 temp_size; - BYTE *temp_value; - counter = 0; - for(unsigned long i = 0; i < 24; i++) - { - if(bitmask[i]) - { - result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result); - - result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result); - - result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - for(unsigned long j = 0; j < 20; j++) - output_pcrs_value[counter * 20 + j] = temp_value[j]; - - counter++; - - result = Tspi_Context_FreeMemory(hcontext, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result); - } - } - - //quote2 - BYTE* version_value; - UINT32 version_size; - - //read PCR 10 again right before collecting the quote - if(bitmask[10]) - { - //reread PCR 10 - result = Tspi_TPM_PcrRead(htpm, 10, &temp_size, &temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result); - - //read quote2 - result = Tspi_TPM_Quote2(htpm, hkey_ik, bCapVersion, hpcrs, &validation, &version_size, &version_value); - if(result != TSS_SUCCESS) throw libhis_exception("Quote2", result); - - //set value of PCR 10 in the PCR Composite - result = Tspi_PcrComposite_SetPcrValue(hpcrs, 10, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - for(unsigned long j = 0; j < 20; j++) - output_pcrs_value[10 * 20 + j] = temp_value[j]; - - result = Tspi_Context_FreeMemory(hcontext, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result); - } else { - //read quote2 without rereading PCR 10 - result = Tspi_TPM_Quote2(htpm, hkey_ik, bCapVersion, hpcrs, &validation, &version_size, &version_value); - if(result != TSS_SUCCESS) throw libhis_exception("Quote2", result); - } - - //copy values - output_quote_size = validation.ulDataLength; - output_quote_value = new unsigned char[validation.ulDataLength]; - for(unsigned long i = 0; i < validation.ulDataLength; i++) - output_quote_value[i] = validation.rgbData[i]; - - result = Tspi_Context_FreeMemory(hcontext, validation.rgbData); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up digest", result); - - output_sig_size = validation.ulValidationDataLength; - output_sig_value = new unsigned char [validation.ulValidationDataLength]; - for(unsigned long i = 0; i < validation.ulValidationDataLength; i++) - output_sig_value[i] = validation.rgbValidationData[i]; - - result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up signature", result); - - result = Tspi_Context_FreeMemory(hcontext, version_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up version info", result); - - return; - } - - ~libhis_quote() - { - //clean up IK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result); - - if(binitialized) - { - //clean up PCRS - result = Tspi_Context_CloseObject(hcontext, hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result); - - //clean up IK - result = Tspi_Context_CloseObject(hcontext, hkey_ik); - if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_ik; - TSS_HPOLICY hpolicy_srk, - hpolicy_ik; - TSS_NONCE nonce; - TSS_VALIDATION validation; - TSS_UUID uuid_ik; - TSS_HPCRS hpcrs; - UINT32 init_ik, - init_ik_size, - init_ik_type, - init_ik_authorized, - init_ik_migratable, - init_ik_volatile; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_seal.hpp b/tpm_module/libhis_seal.hpp deleted file mode 100644 index 3689599c..00000000 --- a/tpm_module/libhis_seal.hpp +++ /dev/null @@ -1,347 +0,0 @@ -#ifndef libhis_seal_hpp -#define libhis_seal_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_seal -{ -public: - libhis_seal() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create PCRS object -#ifdef WINDOWS - //Windows and NTru are capable of unsealing all PCRS structures so use 1.2 LONG for full 24 PCR support - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result); -#endif -#ifdef LINUX - //Linux and Trousers CANNOT unseal 1.2 LONG or SHORT PCRS structures so use the legacy 1.1 structure with 16 PCR limit - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO, &hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result); -#endif - - //Create ENCData object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result); - - //Create ENCData policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result); - } - - void seal( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_enc_value, - unsigned long auth_enc_size, - bool auth_enc_sha1, - unsigned char *mask, - unsigned char *payload_value, - unsigned long payload_size, - unsigned char *&output_enc_value, - unsigned long &output_enc_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //set up ENCData auth - if(auth_enc_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result); - } - - //assign the ENCData auth - result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result); - - //set up mask - bool bitmask[24]; - for(short i = 0; i < 24; i++) - bitmask[i] = 0; - masktobitmask(mask, bitmask); - - //collect the PCR values - UINT32 temp_size; - BYTE *temp_value; -#ifdef WINDOWS - for(unsigned long i = 0; i < 24; i++) //all PCRs available in SHORT or LONG -#endif -#ifdef LINUX - for(unsigned long i = 0; i < 16; i++) //we cannot use all PCRs in Linux mode due to legacy PCRS structure -#endif - { - if(bitmask[i]) - { - result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result); - - //don't do this for regular seal because creation PCRs are meaningless in this context - //result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_CREATION); - //if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at creation", result); - -#ifdef WINDOWS - //use EX functions because we are PCRS LONG - result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at release", result); -#endif -#ifdef LINUX - //cannot use EX functions - result = Tspi_PcrComposite_SelectPcrIndex(hpcrs, i); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index legacy mode", result); -#endif - result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - result = Tspi_Context_FreeMemory(hcontext, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result); - } - } - - //Seal data - result = Tspi_Data_Seal(hencdata, hkey_srk, payload_size, payload_value, hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Seal data", result); - - //Get the sealed data blob - BYTE *value; - UINT32 size; - result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Get sealed data blob", result); - - //copy over memory - output_enc_size = size; - output_enc_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_enc_value[i] = value[i]; - - //clean up dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result); - - return; - } - - void seal2( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_enc_value, - unsigned long auth_enc_size, - bool auth_enc_sha1, - unsigned char *mask, - unsigned char *payload_value, - unsigned long payload_size, - unsigned char *release_value, - unsigned long release_size, - unsigned char *&output_enc_value, - unsigned long &output_enc_size) - { -#ifdef LINUX - //don't even let the users do seal2 because TSS_PCRS_STRUCT_INFO_LONG does not work for unsealing in Linux - if(result != TSS_SUCCESS) throw libhis_exception("Command disabled in Linux due to TSS_PCRS_STRUCT_INFO_LONG unseal defect", TPM_E_DISABLED_CMD); -#endif - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //set up ENCData auth - if(auth_enc_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result); - } - - //assign the ENCData auth - result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result); - - //set up mask - bool bitmask[24]; - for(short i = 0; i < 24; i++) - bitmask[i] = 0; - masktobitmask(mask, bitmask); - - //collect the PCR values - UINT32 temp_size; - BYTE *temp_value; - short counter = 0; - for(unsigned long i = 0; i < 24; i++) - { - if(bitmask[i]) - { - //set the creation value - result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result); - - result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_CREATION); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at creation", result); - - result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - result = Tspi_Context_FreeMemory(hcontext, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result); - - //set the release value - temp_value = new unsigned char[20]; - for(short j = 0; j < 20; j++) - temp_value[j] = release_value[j + counter * 20]; - - result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE); - if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at release", result); - - result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value); - if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result); - - delete [] temp_value; - } - } - - //Seal data - result = Tspi_Data_Seal(hencdata, hkey_srk, payload_size, payload_value, hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Seal data", result); - - //Get the sealed data blob - BYTE *value; - UINT32 size; - result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Get sealed data blob", result); - - //copy over memory - output_enc_size = size; - output_enc_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_enc_value[i] = value[i]; - - //clean up dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result); - - return; - } - - ~libhis_seal() - { - //clean up ENCData policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result); - - //Clean up ENCData - result = Tspi_Context_CloseObject(hcontext, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result); - - //clean up PCRS - result = Tspi_Context_CloseObject(hcontext, hpcrs); - if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result); - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk; - TSS_HPOLICY hpolicy_srk, - hpolicy_enc; - TSS_HPCRS hpcrs; - TSS_HENCDATA hencdata; -}; - -#endif diff --git a/tpm_module/libhis_setnvdata.hpp b/tpm_module/libhis_setnvdata.hpp deleted file mode 100644 index 46f64628..00000000 --- a/tpm_module/libhis_setnvdata.hpp +++ /dev/null @@ -1,131 +0,0 @@ -#ifndef libhis_setnvdata_hpp -#define libhis_setnvdata_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_setnvdata -{ -public: - libhis_setnvdata() - { - //set defaults - nvstore_index = 0; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create NVSTore object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result); - } - - void setnvdata( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned long nv_index, - unsigned char *nv_value, - unsigned long nv_size) - { - //set up the index value - if(nv_index == 0) - nvstore_index = TPM_NV_INDEX_EKCert; - else if(nv_index == 1) - nvstore_index = TPM_NV_INDEX_TPM_CC; - else if(nv_index == 2) - nvstore_index = TPM_NV_INDEX_PlatformCert; - else if(nv_index == 3) - nvstore_index = TPM_NV_INDEX_Platform_CC; - else - nvstore_index = nv_index; - - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //assign the TPM auth to the NVStore - result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result); - - //set the write address - result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index); - if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result); - - //force NVData to be readable by the owner only - result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE); - if(result != TSS_SUCCESS) throw libhis_exception("Require owner auth on NVStore read/write", result); - - //set the size - result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_DATASIZE, 0, nv_size); - if(result != TSS_SUCCESS) throw libhis_exception("Set size of NVStore object", result); - - //define the space we need - result = Tspi_NV_DefineSpace(hnvstore, 0, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Define NVStore space", result); - - //write the value using the weird way the TSS does it - result = Tspi_NV_WriteValue(hnvstore, 0, nv_size, nv_value); - if(result != TSS_SUCCESS) throw libhis_exception("Write NVData", result); - } - - ~libhis_setnvdata() - { - //clean up NVStoer - result = Tspi_Context_CloseObject(hcontext, hnvstore); - if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HPOLICY hpolicy_tpm; - TSS_HNVSTORE hnvstore; - UINT32 nvstore_index; -}; - -#endif diff --git a/tpm_module/libhis_sign.hpp b/tpm_module/libhis_sign.hpp deleted file mode 100644 index 5dd20a19..00000000 --- a/tpm_module/libhis_sign.hpp +++ /dev/null @@ -1,236 +0,0 @@ -#ifndef libhis_sign_hpp -#define libhis_sign_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_sign -{ -public: - libhis_sign() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - init_key_scheme = 0; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - - //create hash object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hhash); - if(result != TSS_SUCCESS) throw libhis_exception("Create hash object", result); - } - - void initsign(unsigned int in_size, unsigned int in_scheme) - { - //set the type - init_key_type = TSS_KEY_TYPE_SIGNING; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //set the signature scheme - if(in_scheme == 0) - init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; - else if(in_scheme == 1) - init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER; - else - init_key_scheme = TSS_SS_NONE; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - //Set the signature scheme - result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme); - if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result); - - binitialized = true; - } - - void sign( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *uuid_key_value, - unsigned char *hash, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //Unwrap the key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //set hash value - result = Tspi_Hash_UpdateHashValue(hhash, 20, hash); - if(result != TSS_SUCCESS) throw libhis_exception("Set hash value", result); - - //sign data - UINT32 size = 0; - BYTE *value = 0; - result = Tspi_Hash_Sign(hhash, hkey_key, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Sign", result); - - //copy dynamic values - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_value[i] = value[i]; - - //cleanup - Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Free memory", result); - } - - ~libhis_sign() - { - //clean up hash object - result = Tspi_Context_CloseObject(hcontext, hhash); - if(result != TSS_SUCCESS) throw libhis_exception("Close hash object", result); - - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key; - TSS_HPOLICY hpolicy_srk, - hpolicy_key; - TSS_UUID uuid_key; - TSS_HHASH hhash; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile, - init_key_scheme; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_takeownership.hpp b/tpm_module/libhis_takeownership.hpp deleted file mode 100644 index 62af7da6..00000000 --- a/tpm_module/libhis_takeownership.hpp +++ /dev/null @@ -1,168 +0,0 @@ -#ifndef libhis_takeownership_hpp -#define libhis_takeownership_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -class libhis_takeownership -{ -public: - libhis_takeownership() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create EK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create TPM policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - } - - void takeownership( - unsigned char *auth_tpm_value, - unsigned long auth_tpm_size, - bool auth_tpm_sha1, - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *nonce) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //set up TPM auth - if(auth_tpm_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result); - } - - //assign the TPM auth to the TPM - result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result); - - //assign the TPM auth to the EK - result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result); - - //set up nonce - validation.ulExternalDataLength = 20; - validation.rgbExternalData = nonce; - - try - { - //get the public EK - result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result); - } - catch(libhis_exception &e) - { - //get the public EK the Atmel TPM in an Ultrabook way - result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result); - - //let a second exception make its way upward (rare) - } - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //take ownership of the TPM - result = Tspi_TPM_TakeOwnership(htpm, hkey_srk, hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Take Ownership", result); - - //clean up validation data - result = Tspi_Context_FreeMemory(hcontext, validation.rgbData); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up rgbData", result); - - result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData); - if(result != TSS_SUCCESS) throw libhis_exception("Clean up rgbValidationData", result); - - //test the SRK to make sure it actually works (required for NTru because TakeOwnership sometimes doesn't execute RegisterKey for SRK) - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Test the SRK", result); - - return; - } - - ~libhis_takeownership() - { - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up TPM policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm); - if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //clean up EK object - result = Tspi_Context_CloseObject(hcontext, hkey_ek); - if(result != TSS_SUCCESS) throw libhis_exception("Close EK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_ek, - hkey_srk; - TSS_HPOLICY hpolicy_tpm, - hpolicy_srk; - TSS_VALIDATION validation; -}; - -#endif diff --git a/tpm_module/libhis_unbind.hpp b/tpm_module/libhis_unbind.hpp deleted file mode 100644 index 09a11774..00000000 --- a/tpm_module/libhis_unbind.hpp +++ /dev/null @@ -1,270 +0,0 @@ -#ifndef libhis_unbind_hpp -#define libhis_unbind_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_unbind -{ -public: - libhis_unbind() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - init_key_scheme = 0; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - - //Create ENCData object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result); - - //Create ENCData policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result); - } - - void initbind(unsigned int in_size, unsigned int in_scheme) - { - //set the type - init_key_type = TSS_KEY_TYPE_BIND; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //set the encryption scheme - if(in_scheme == 0) - init_key_scheme = TSS_ES_RSAESPKCSV15; - else if(in_scheme == 1) - init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1; - else if(in_scheme == 2) - init_key_scheme = TSS_ES_SYM_CNT; - else if(in_scheme == 3) - init_key_scheme = TSS_ES_SYM_OFB; - else if(in_scheme == 4) - init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD; - else - init_key_scheme = TSS_ES_NONE; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - //Set the encryption scheme - result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme); - if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result); - - binitialized = true; - } - - void unbind( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *auth_enc_value, - unsigned long auth_enc_size, - bool auth_enc_sha1, - unsigned char *uuid_key_value, - unsigned char *payload_value, - unsigned long payload_size, - unsigned char *&output_value, - unsigned long &output_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //Unwrap the key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //install the encrypted data blob into hencdata object - result = Tspi_SetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, payload_size, payload_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set encrypted data blob", result); - - //set up ENCData auth - if(auth_enc_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result); - } - - //assign the ENCData auth - result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result); - - //unseal the data - BYTE *value; - UINT32 size; - result = Tspi_Data_Unbind(hencdata, hkey_key, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Unbind", result); - - output_size = size; - output_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_value[i] = value[i]; - - //clean up dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result); - } - - ~libhis_unbind() - { - //clean up ENCData policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result); - - //Clean up ENCData - result = Tspi_Context_CloseObject(hcontext, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result); - - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key; - TSS_HPOLICY hpolicy_srk, - hpolicy_key, - hpolicy_enc; - TSS_UUID uuid_key; - TSS_HENCDATA hencdata; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile, - init_key_scheme; - bool binitialized; -}; - -#endif diff --git a/tpm_module/libhis_unseal.hpp b/tpm_module/libhis_unseal.hpp deleted file mode 100644 index d05b4e23..00000000 --- a/tpm_module/libhis_unseal.hpp +++ /dev/null @@ -1,157 +0,0 @@ -#ifndef libhis_unseal_hpp -#define libhis_unseal_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_unseal -{ -public: - libhis_unseal() - { - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create ENCData object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result); - - //Create ENCData policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result); - } - - void unseal( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_enc_value, - unsigned long auth_enc_size, - bool auth_enc_sha1, - unsigned char *payload_value, - unsigned long payload_size, - unsigned char *&output_enc_value, - unsigned long &output_enc_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //install the encrypted data blob into hencdata object - result = Tspi_SetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, payload_size, payload_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set encrypted data blob", result); - - //set up ENCData auth - if(auth_enc_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result); - } - - //assign the ENCData auth - result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result); - - //unseal the data - BYTE *value; - UINT32 size; - result = Tspi_Data_Unseal(hencdata, hkey_srk, &size, &value); - if(result != TSS_SUCCESS) throw libhis_exception("Unseal", result); - - output_enc_size = size; - output_enc_value = new unsigned char[size]; - for(unsigned long i = 0; i < size; i++) - output_enc_value[i] = value[i]; - - //clean up dynamic memory - result = Tspi_Context_FreeMemory(hcontext, value); - if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result); - - return; - } - - ~libhis_unseal() - { - //clean up ENCData policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_enc); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result); - - //Clean up ENCData - result = Tspi_Context_CloseObject(hcontext, hencdata); - if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result); - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk; - TSS_HPOLICY hpolicy_srk, - hpolicy_enc; - TSS_HPCRS hpcrs; - TSS_HENCDATA hencdata; -}; - -#endif diff --git a/tpm_module/libhis_utils.hpp b/tpm_module/libhis_utils.hpp deleted file mode 100644 index ac1f273e..00000000 --- a/tpm_module/libhis_utils.hpp +++ /dev/null @@ -1,367 +0,0 @@ -#ifndef libhis_utils_hpp -#define libhis_utils_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" - -void hextouuid(unsigned char *hex, TSS_UUID &uuid) -{ - //process the unsigned long leading the UUID - for(short i = 0; i < 8; i++) - { - if(hex[i] >= 48 && hex[i] <= 57) - hex[i] -= 48; - else if(hex[i] >= 65 && hex[i] <= 70) - hex[i] -= 55; - else if(hex[i] >= 97 && hex[i] <= 102) - hex[i] -= 87; - else - throw libhis_exception("UUID validation failure", 420); - } - - uuid.ulTimeLow = hex[0] * 268435456 + hex[1] * 16777216 + hex[2] * 1048576 + - hex[3] * 65536 + hex[4] * 4096 + hex[5] * 256 + hex[6] * 16 + hex[7]; - - //process the unsigned short for midtime - for(short i = 9; i < 13; i++) - { - if(hex[i] >= 48 && hex[i] <= 57) - hex[i] -= 48; - else if(hex[i] >= 65 && hex[i] <= 70) - hex[i] -= 55; - else if(hex[i] >= 97 && hex[i] <= 102) - hex[i] -= 87; - else - throw libhis_exception("UUID validation failure", 421); - } - - uuid.usTimeMid = hex[9] * 4096 + hex[10] * 256 + hex[11] * 16 + hex[12]; - - //process the unsigned short for hightime - for(short i = 14; i < 18; i++) - { - if(hex[i] >= 48 && hex[i] <= 57) - hex[i] -= 48; - else if(hex[i] >= 65 && hex[i] <= 70) - hex[i] -= 55; - else if(hex[i] >= 97 && hex[i] <= 102) - hex[i] -= 87; - else - throw libhis_exception("UUID validation failure", 422); - } - - uuid.usTimeHigh = hex[14] * 4096 + hex[15] * 256 + hex[16] * 16 + hex[17]; - - //process bClockSeqHigh - for(short i = 19; i < 21; i++) - { - if(hex[i] >= 48 && hex[i] <= 57) - hex[i] -= 48; - else if(hex[i] >= 65 && hex[i] <= 70) - hex[i] -= 55; - else if(hex[i] >= 97 && hex[i] <= 102) - hex[i] -= 87; - else - throw libhis_exception("UUID validation failure", 423); - } - - uuid.bClockSeqHigh = hex[19] * 16 + hex[20]; - - //process bClockSeqLow - for(short i = 21; i < 23; i++) - { - if(hex[i] >= 48 && hex[i] <= 57) - hex[i] -= 48; - else if(hex[i] >= 65 && hex[i] <= 70) - hex[i] -= 55; - else if(hex[i] >= 97 && hex[i] <= 102) - hex[i] -= 87; - else - throw libhis_exception("UUID validation failure", 424); - } - - uuid.bClockSeqLow = hex[21] * 16 + hex[22]; - - //process final 6 byte array - for(short i = 24; i < 36; i++) - { - if(hex[i] >= 48 && hex[i] <= 57) - hex[i] -= 48; - else if(hex[i] >= 65 && hex[i] <= 70) - hex[i] -= 55; - else if(hex[i] >= 97 && hex[i] <= 102) - hex[i] -= 87; - else - throw libhis_exception("UUID validation failure", 425); - } - - uuid.rgbNode[0] = hex[24] * 16 + hex[25]; - uuid.rgbNode[1] = hex[26] * 16 + hex[27]; - uuid.rgbNode[2] = hex[28] * 16 + hex[29]; - uuid.rgbNode[3] = hex[30] * 16 + hex[31]; - uuid.rgbNode[4] = hex[32] * 16 + hex[33]; - uuid.rgbNode[5] = hex[34] * 16 + hex[35]; - - return; -} - -/* - * masktobitmask function that does it the screwed up TCG way - */ -void masktobitmask(unsigned char *mask, bool binarray[24]) -{ - int sequence[] = {1, 0, 3, 2, 5, 4}; - int i; - - //convert hex values to binary values while validating - for(short j = 0; j < 6; j++) - { - i = sequence[j]; - - switch(mask[i]) - { - case 48: //0 - { - break; - } - case 49: //1 - { - binarray[j * 4 + 0] = true; - break; - } - case 50: //2 - { - binarray[j * 4 + 1] = true; - break; - } - case 51: //3 - { - binarray[j * 4 + 0] = true; - binarray[j * 4 + 1] = true; - break; - } - case 52: //4 - { - binarray[j * 4 + 2] = true; - break; - } - case 53: //5 - { - binarray[j * 4 + 0] = true; - binarray[j * 4 + 2] = true; - break; - } - case 54: //6 - { - binarray[j * 4 + 1] = true; - binarray[j * 4 + 2] = true; - break; - } - case 55: //7 - { - binarray[j * 4 + 0] = true; - binarray[j * 4 + 1] = true; - binarray[j * 4 + 2] = true; - break; - } - case 56: //8 - { - binarray[j * 4 + 3] = true; - break; - } - case 57: //9 - { - binarray[j * 4 + 0] = true; - binarray[j * 4 + 3] = true; - break; - } - case 65: //a - case 97: //A - { - binarray[j * 4 + 1] = true; - binarray[j * 4 + 3] = true; - break; - } - case 66: //b - case 98: //B - { - binarray[j * 4 + 0] = true; - binarray[j * 4 + 1] = true; - binarray[j * 4 + 3] = true; - break; - } - case 67: //c - case 99: //C - { - binarray[j * 4 + 2] = true; - binarray[j * 4 + 3] = true; - break; - } - case 68: //d - case 100: //D - { - binarray[j * 4 + 0] = true; - binarray[j * 4 + 2] = true; - binarray[j * 4 + 3] = true; - break; - } - case 69: //e - case 101: //E - { - binarray[j * 4 + 1] = true; - binarray[j * 4 + 2] = true; - binarray[j * 4 + 3] = true; - break; - } - case 70: //f - case 102: //F - { - binarray[j * 4 + 0] = true; - binarray[j * 4 + 1] = true; - binarray[j * 4 + 2] = true; - binarray[j * 4 + 3] = true; - break; - } - default: - { - throw libhis_exception("Mask validation failure", 430); - } - } - } - - return; -} - -/* - * Original masktobitmask function. - */ -/*void masktobitmask(unsigned char *mask, bool binarray[24]) -{ - //convert hex values to binary values while validating - for(short i = 0; i < 6; i++) - { - switch(mask[i]) - { - case 48: //0 - { - break; - } - case 49: //1 - { - binarray[i * 4 + 3] = true; - break; - } - case 50: //2 - { - binarray[i * 4 + 2] = true; - break; - } - case 51: //3 - { - binarray[i * 4 + 3] = true; - binarray[i * 4 + 2] = true; - break; - } - case 52: //4 - { - binarray[i * 4 + 1] = true; - break; - } - case 53: //5 - { - binarray[i * 4 + 3] = true; - binarray[i * 4 + 1] = true; - break; - } - case 54: //6 - { - binarray[i * 4 + 2] = true; - binarray[i * 4 + 1] = true; - break; - } - case 55: //7 - { - binarray[i * 4 + 3] = true; - binarray[i * 4 + 2] = true; - binarray[i * 4 + 1] = true; - break; - } - case 56: //8 - { - binarray[i * 4 + 0] = true; - break; - } - case 57: //9 - { - binarray[i * 4 + 3] = true; - binarray[i * 4 + 0] = true; - break; - } - case 65: //a - case 97: //A - { - binarray[i * 4 + 2] = true; - binarray[i * 4 + 0] = true; - break; - } - case 66: //b - case 98: //B - { - binarray[i * 4 + 3] = true; - binarray[i * 4 + 2] = true; - binarray[i * 4 + 0] = true; - break; - } - case 67: //c - case 99: //C - { - binarray[i * 4 + 1] = true; - binarray[i * 4 + 0] = true; - break; - } - case 68: //d - case 100: //D - { - binarray[i * 4 + 3] = true; - binarray[i * 4 + 1] = true; - binarray[i * 4 + 0] = true; - break; - } - case 69: //e - case 101: //E - { - binarray[i * 4 + 2] = true; - binarray[i * 4 + 1] = true; - binarray[i * 4 + 0] = true; - break; - } - case 70: //f - case 102: //F - { - binarray[i * 4 + 3] = true; - binarray[i * 4 + 2] = true; - binarray[i * 4 + 1] = true; - binarray[i * 4 + 0] = true; - break; - } - default: - { - throw libhis_exception("Mask validation failure", 1); - } - } - } - - return; -}*/ - -#endif diff --git a/tpm_module/libhis_verifysignature.hpp b/tpm_module/libhis_verifysignature.hpp deleted file mode 100644 index e48f0564..00000000 --- a/tpm_module/libhis_verifysignature.hpp +++ /dev/null @@ -1,224 +0,0 @@ -#ifndef libhis_verifysignature_hpp -#define libhis_verifysignature_hpp - -#ifdef WINDOWS - #include "tspi.h" - #include "tss_error.h" - #include "tss_defines.h" -#endif -#ifdef LINUX - #include - #include - #include -#endif - -#include "libhis_exception.hpp" -#include "libhis_utils.hpp" - -class libhis_verifysignature -{ -public: - libhis_verifysignature() - { - //set default values - init_key_size = TSS_KEY_SIZE_DEFAULT; - init_key_type = TSS_KEY_TYPE_DEFAULT; - init_key_authorized = TSS_KEY_AUTHORIZATION; - init_key_migratable = TSS_KEY_NOT_MIGRATABLE; - init_key_volatile = TSS_KEY_VOLATILE; - init_key_scheme = 0; - binitialized = false; - - //create a context object - result = Tspi_Context_Create(&hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); - - //create an SRK object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); - - //Create SRK policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); - - //Create key policy - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); - - //create hash object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hhash); - if(result != TSS_SUCCESS) throw libhis_exception("Create hash object", result); - } - - void initsign(unsigned int in_size, unsigned int in_scheme) - { - //set the type - init_key_type = TSS_KEY_TYPE_SIGNING; - - //set the key size - if(in_size == 0) - init_key_size = TSS_KEY_SIZE_DEFAULT; - else if(in_size == 512) - init_key_size = TSS_KEY_SIZE_512; - else if(in_size == 1024) - init_key_size = TSS_KEY_SIZE_1024; - else if(in_size == 2048) - init_key_size = TSS_KEY_SIZE_2048; - else if(in_size == 4096) - init_key_size = TSS_KEY_SIZE_4096; - else if(in_size == 8192) - init_key_size = TSS_KEY_SIZE_8192; - else if(in_size == 16384) - init_key_size = TSS_KEY_SIZE_16384; - else throw libhis_exception("Invalid key size", 400); - - //set the signature scheme - if(in_scheme == 0) - init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1; - else if(in_scheme == 1) - init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER; - else - init_key_scheme = TSS_SS_NONE; - - //combine the init flags - init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; - - //Create key object - result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); - - //Set the signature scheme - result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme); - if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result); - - binitialized = true; - } - - void verifysignature( - unsigned char *auth_srk_value, - unsigned long auth_srk_size, - bool auth_srk_sha1, - unsigned char *auth_key_value, - unsigned long auth_key_size, - bool auth_key_sha1, - unsigned char *uuid_key_value, - unsigned char *hash, - unsigned char *signature_value, - unsigned long signature_size) - { - //establish a session - result = Tspi_Context_Connect(hcontext, 0); - if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); - - //get the TPM object - result = Tspi_Context_GetTpmObject(hcontext, &htpm); - if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); - - //load the SRK - TSS_UUID uuid_srk = TSS_UUID_SRK; - result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); - - //set up SRK auth - if(auth_srk_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); - } - - //assign the SRK auth - result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); - - //Set up the key UUID - hextouuid(uuid_key_value, uuid_key); - - //Get the key by UUID - result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); - - //set up key auth - if(auth_key_sha1) - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result); - } - else - { - result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); - if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result); - } - - //assign the key auth - result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result); - - //Unwrap the key - result = Tspi_Key_LoadKey(hkey_key, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result); - - //set hash value - result = Tspi_Hash_UpdateHashValue(hhash, 20, hash); - if(result != TSS_SUCCESS) throw libhis_exception("Set hash value", result); - - //verify signature data - result = Tspi_Hash_VerifySignature(hhash, hkey_key, signature_size, signature_value); - if(result != TSS_SUCCESS) throw libhis_exception("Verify signature", result); - } - - ~libhis_verifysignature() - { - //clean up hash object - result = Tspi_Context_CloseObject(hcontext, hhash); - if(result != TSS_SUCCESS) throw libhis_exception("Close hash object", result); - - //clean up key policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); - - if(binitialized) - { - //clean up key - result = Tspi_Context_CloseObject(hcontext, hkey_key); - if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); - } - - //clean up SRK policy - result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); - - //clean up SRK object - result = Tspi_Context_CloseObject(hcontext, hkey_srk); - if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); - - //close context - result = Tspi_Context_Close(hcontext); - if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); - } - -private: - TSS_RESULT result; - TSS_HCONTEXT hcontext; - TSS_HTPM htpm; - TSS_HKEY hkey_srk, - hkey_key; - TSS_HPOLICY hpolicy_srk, - hpolicy_key; - TSS_UUID uuid_key; - TSS_HHASH hhash; - UINT32 init_key, - init_key_size, - init_key_type, - init_key_authorized, - init_key_migratable, - init_key_volatile, - init_key_scheme; - bool binitialized; -}; - -#endif diff --git a/tpm_module/main.cpp b/tpm_module/main.cpp deleted file mode 100644 index 5669a678..00000000 --- a/tpm_module/main.cpp +++ /dev/null @@ -1,31 +0,0 @@ -/** - * When compiling in Linux define LINUX. When compiling in Windows define - * WINDOWS. This software is designed to be compiled on either platform without - * modification. Simply set the preprocessor definitions and the code will take - * care of the rest. - */ - -/** - * This software was originally implemented as a static library. However, - * requirements changed and it resumed existing as a command line-driven - * executable. The libhis header files are designed such that you could easily - * break them out into their own library. They do not require inclusion of TCG - * headers or the use of TCG data structures. All input is handled with standard - * C++ types. - */ - -#include "libhis_cli.hpp" - -#ifdef LINUX -int main(int argc, char **argv) -#endif -#ifdef WINDOWS -unsigned long main(int argc, char **argv) -#endif -{ - //provide all arguments to our controller class - libhis_cli test(argc, argv); - - //return the integer result from our controller class's execution function - return test.cli(); -} diff --git a/tpm_module/makefile b/tpm_module/makefile deleted file mode 100644 index 9e303a8d..00000000 --- a/tpm_module/makefile +++ /dev/null @@ -1,58 +0,0 @@ -################################################################################ -# Automatically-generated file. Do not edit! -################################################################################ - --include makefile.init - -RM := rm -rf - -# All of the sources participating in the build are defined here --include sources.mk --include subdir.mk --include objects.mk - -ifneq ($(MAKECMDGOALS),clean) -ifneq ($(strip $(C++_DEPS)),) --include $(C++_DEPS) -endif -ifneq ($(strip $(C_DEPS)),) --include $(C_DEPS) -endif -ifneq ($(strip $(CC_DEPS)),) --include $(CC_DEPS) -endif -ifneq ($(strip $(CPP_DEPS)),) --include $(CPP_DEPS) -endif -ifneq ($(strip $(CXX_DEPS)),) --include $(CXX_DEPS) -endif -ifneq ($(strip $(C_UPPER_DEPS)),) --include $(C_UPPER_DEPS) -endif -endif - --include makefile.defs - -# Add inputs and outputs from these tool invocations to the build variables - -# All Target -all: tpm_module - -# Tool invocations -tpm_module: $(OBJS) $(USER_OBJS) - @echo 'Building target: $@' - @echo 'Invoking: GCC C++ Linker' - g++ -o "tpm_module" $(OBJS) $(USER_OBJS) $(LIBS) - @echo 'Finished building target: $@' - @echo ' ' - -# Other Targets -clean: - -$(RM) $(OBJS)$(C++_DEPS)$(C_DEPS)$(CC_DEPS)$(CPP_DEPS)$(EXECUTABLES)$(CXX_DEPS)$(C_UPPER_DEPS) tpm_module - -@echo ' ' - -.PHONY: all clean dependents -.SECONDARY: - --include makefile.targets diff --git a/tpm_module/man/tpm_module.1 b/tpm_module/man/tpm_module.1 deleted file mode 100644 index 4f65b02f..00000000 --- a/tpm_module/man/tpm_module.1 +++ /dev/null @@ -1,111 +0,0 @@ -.TH TPM_MODULE 1 "January 11, 2018" - -.sp 1 -.SH NAME -tpm_module \- interact with the TPM -.SH SYNOPSIS -.B tpm_module -[\-m ] [\-options] -.SH DESCRIPTION -Provide various modes for interacting with the TPM. -.SH MODES -1 Take Ownership of TPM -.br -2 Change Owner Authorization Data -.br -3 Clear Ownership (Disables TPM) -.br -4 Create EK -.br -5 Change SRK Authorization Data -.br -6 Collate Identity Request (Create Identity Key) -.br -7 Activate Identity (Create Identity Key Certificate) -.br -8 Quote -.br -9 Quote 2 -.br -10 Seal Data (Encrypt Data to Current Platform State) -.br -11 Seal 2 (Seal Against Future PCRs) -.br -12 Unseal Data -.br -13 Generate Random Bytes -.br -14 Create Signing, Binding, or Storage Key -.br -15 Change Key Authorization Data -.br -16 Get Keyblob -.br -17 Get Key Modulus -.br -18 Clear Key -.br -19 Get PCR -.br -20 Extend PCR (Update PCR Value) -.br -21 Clear PCR -.br -22 Set NVRAM Data -.br -23 Get NVRAM Data -.br -24 Clear NVRAM Data -.br -25 Sign Data -.br -26 Verify Signed Data -.br -27 Bind -.br -28 Unbind -.br -29 Get Public Key -.SH OPTIONS -.B \-h, \-\-help -.IP -display help, use with -m to see help/options for individual modes -.P -.B \-v, \-\-version -.IP -display software version info -.P -.B \-d, \-\-debug -.IP -enable console debugging -.P -.B \-f, \-\-file -.IP -write debugging info to file -.P -.B \-z, \-\-zeros -.IP -fill in authdata with zeroes -.P -.B \-r, \-\-readable -.IP -make output human-readable with delimiters -.P -.B \-nr, \-\-nonce_random -.IP -populate nonce with TPM's random byte generator -.SH EXAMPLES -Take ownership of TPM using a specific nonce and zeroes for auth data: -.IP -tpm_module \-m 1 \-n 0123456789012345678901234567890123456789 \-z -.P -Get help with collate identity request mode: -.IP -tpm_module \-m 6 \-h -.P -Generate a quote2 using the first 16 PCRs, random nonce, identity key with -simple UUID, and omitted SRK auth as zeroes: -.IP -tpm_module \-m 9 \-p ffff00 \-nr \-u 00000000\-0000\-0000\-0000\-040000000001 \-authp_ik password \-z -.SH SEE ALSO -hirs-provisioner(1) diff --git a/tpm_module/objects.mk b/tpm_module/objects.mk deleted file mode 100644 index 95273fe4..00000000 --- a/tpm_module/objects.mk +++ /dev/null @@ -1,8 +0,0 @@ -################################################################################ -# Automatically-generated file. Do not edit! -################################################################################ - -USER_OBJS := - -LIBS := -ltspi - diff --git a/tpm_module/sources.mk b/tpm_module/sources.mk deleted file mode 100644 index 5b37eadd..00000000 --- a/tpm_module/sources.mk +++ /dev/null @@ -1,27 +0,0 @@ -################################################################################ -# Automatically-generated file. Do not edit! -################################################################################ - -O_SRCS := -CPP_SRCS := -C_UPPER_SRCS := -C_SRCS := -S_UPPER_SRCS := -OBJ_SRCS := -ASM_SRCS := -CXX_SRCS := -C++_SRCS := -CC_SRCS := -OBJS := -C++_DEPS := -C_DEPS := -CC_DEPS := -CPP_DEPS := -EXECUTABLES := -CXX_DEPS := -C_UPPER_DEPS := - -# Every subdirectory with source files must be described here -SUBDIRS := \ -. \ - diff --git a/tpm_module/subdir.mk b/tpm_module/subdir.mk deleted file mode 100644 index 75c898de..00000000 --- a/tpm_module/subdir.mk +++ /dev/null @@ -1,24 +0,0 @@ -################################################################################ -# Automatically-generated file. Do not edit! -################################################################################ - -# Add inputs and outputs from these tool invocations to the build variables -CPP_SRCS += \ -main.cpp - -OBJS += \ -main.o - -CPP_DEPS += \ -main.d - - -# Each subdirectory must supply rules for building sources it contributes -%.o: %.cpp - @echo 'Building file: $<' - @echo 'Invoking: GCC C++ Compiler' - g++ -DLINUX -I"./tpm_module" -O3 -Wall -c -fmessage-length=0 -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -o "$@" "$<" - @echo 'Finished building: $<' - @echo ' ' - -