mirror of
https://github.com/nsacyber/HIRS.git
synced 2025-01-05 12:44:23 +00:00
removed tpm_module
This commit is contained in:
parent
1b582dfec6
commit
c929ee3bb3
@ -1,15 +0,0 @@
|
||||
task make(type: Exec) {
|
||||
outputs.file 'tpm_module'
|
||||
inputs.dir fileTree(dir: '.').include('main.cpp').include('*.hpp')
|
||||
commandLine 'make'
|
||||
}
|
||||
|
||||
task cleanUp() {
|
||||
delete 'tpm_module', 'main.d', 'main.o'
|
||||
}
|
||||
|
||||
task fullBuild(type: GradleBuild) {
|
||||
tasks = ['cleanUp', 'make']
|
||||
}
|
||||
|
||||
build.dependsOn tasks.fullBuild
|
@ -1,5 +0,0 @@
|
||||
tpm-module (3.11) trusty; urgency=low
|
||||
|
||||
* Initial release
|
||||
|
||||
-- HIRS <HIRS@HIRS.HIRS> Thu, 05 Feb 2015 17:44:25 -0500
|
@ -1 +0,0 @@
|
||||
9
|
@ -1,13 +0,0 @@
|
||||
Source: tpm-module
|
||||
Section: admin
|
||||
Priority: optional
|
||||
Maintainer: HIRS <HIRS@HIRS.HIRS>
|
||||
Build-Depends: debhelper (>= 9)
|
||||
Standards-Version: 3.9.5
|
||||
|
||||
Package: tpm-module
|
||||
Architecture: amd64
|
||||
Depends: ${shlibs:Depends}, ${misc:Depends}, tpm-tools, libtspi1
|
||||
Description: HIRS TPM Module
|
||||
Allows for interaction with TPMs.
|
||||
|
@ -1 +0,0 @@
|
||||
tpm-module_3.11_amd64.deb admin optional
|
@ -1,2 +0,0 @@
|
||||
# Ignore lintian error about incorrectly formatted copyright file
|
||||
tpm-module binary: copyright-should-refer-to-common-license-file-for-lgpl
|
@ -1,7 +0,0 @@
|
||||
#!/usr/bin/make -f
|
||||
# -*- makefile -*-
|
||||
|
||||
export DH_VERBOSE=1
|
||||
|
||||
%:
|
||||
dh $@
|
@ -1 +0,0 @@
|
||||
3.0 (native)
|
@ -1 +0,0 @@
|
||||
src/tpm_module usr/bin
|
@ -1 +0,0 @@
|
||||
debian/tpm_module.1
|
@ -1,2 +0,0 @@
|
||||
shlibs:Depends=libc6 (>= 2.4), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.4.0), libtspi1 (>= 0.3.1)
|
||||
misc:Depends=
|
@ -1,224 +0,0 @@
|
||||
#ifndef libhis_activateidentity_hpp
|
||||
#define libhis_activateidentity_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_activateidentity
|
||||
{
|
||||
public:
|
||||
libhis_activateidentity()
|
||||
{
|
||||
//set default values
|
||||
init_ik_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_ik_type = TSS_KEY_TYPE_IDENTITY;
|
||||
init_ik_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_ik_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_ik_volatile = TSS_KEY_VOLATILE;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create IK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result);
|
||||
}
|
||||
|
||||
void init()
|
||||
{
|
||||
//combine the init flags
|
||||
init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile;
|
||||
|
||||
//Create IK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void activateidentity(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_ik_value,
|
||||
unsigned long auth_ik_size,
|
||||
bool auth_ik_sha1,
|
||||
unsigned char *asym_value,
|
||||
unsigned long asym_size,
|
||||
unsigned char *sym_value,
|
||||
unsigned long sym_size,
|
||||
unsigned char *uuid_ik_value,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the IK UUID
|
||||
hextouuid(uuid_ik_value, uuid_ik);
|
||||
|
||||
//Get the IK by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result);
|
||||
|
||||
//set up IK auth
|
||||
if(auth_ik_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the IK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
|
||||
|
||||
//Unwrap the IK
|
||||
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
|
||||
|
||||
//Activate identity
|
||||
BYTE *value;
|
||||
UINT32 size;
|
||||
result = Tspi_TPM_ActivateIdentity(htpm, hkey_ik, asym_size, asym_value, sym_size, sym_value, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Activate identity", result);
|
||||
|
||||
//Copy memory because TSS uses malloc and free, but we're using new and delete
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
{
|
||||
output_value[i] = value[i];
|
||||
}
|
||||
|
||||
//clean up the TSS data -- CANNOT DO THIS; TSS MEMORY LEAK?
|
||||
//result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
//if(result != TSS_SUCCESS) throw libhis_exception("Cleanup identity credential", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_activateidentity()
|
||||
{
|
||||
//clean up IK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up IK
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_ik;
|
||||
TSS_HPOLICY hpolicy_tpm,
|
||||
hpolicy_srk,
|
||||
hpolicy_ik;
|
||||
TSS_UUID uuid_ik;
|
||||
UINT32 init_ik,
|
||||
init_ik_size,
|
||||
init_ik_type,
|
||||
init_ik_authorized,
|
||||
init_ik_migratable,
|
||||
init_ik_volatile;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,271 +0,0 @@
|
||||
#ifndef libhis_bind_hpp
|
||||
#define libhis_bind_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_bind
|
||||
{
|
||||
public:
|
||||
libhis_bind()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
init_key_scheme = 0;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
|
||||
//Create ENCData object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
|
||||
|
||||
//Create ENCData policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
|
||||
}
|
||||
|
||||
void initbind(unsigned int in_size, unsigned int in_scheme)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_BIND;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//set the encryption scheme
|
||||
if(in_scheme == 0)
|
||||
init_key_scheme = TSS_ES_RSAESPKCSV15;
|
||||
else if(in_scheme == 1)
|
||||
init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
|
||||
else if(in_scheme == 2)
|
||||
init_key_scheme = TSS_ES_SYM_CNT;
|
||||
else if(in_scheme == 3)
|
||||
init_key_scheme = TSS_ES_SYM_OFB;
|
||||
else if(in_scheme == 4)
|
||||
init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD;
|
||||
else
|
||||
init_key_scheme = TSS_ES_NONE;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
//Set the encryption scheme
|
||||
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void bind(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *auth_enc_value,
|
||||
unsigned long auth_enc_size,
|
||||
bool auth_enc_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
unsigned char *hash_value,
|
||||
unsigned long hash_size,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//Unwrap the key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//set up ENCData auth
|
||||
if(auth_enc_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the ENCData auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
|
||||
|
||||
//bind data
|
||||
result = Tspi_Data_Bind(hencdata, hkey_key, hash_size, hash_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Bind", result);
|
||||
|
||||
//Get the bound data blob
|
||||
BYTE *value;
|
||||
UINT32 size;
|
||||
result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get bound data blob", result);
|
||||
|
||||
//copy over memory
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_value[i] = value[i];
|
||||
|
||||
//clean up dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
|
||||
}
|
||||
|
||||
~libhis_bind()
|
||||
{
|
||||
//clean up ENCData policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
|
||||
|
||||
//Clean up ENCData
|
||||
result = Tspi_Context_CloseObject(hcontext, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
|
||||
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key,
|
||||
hpolicy_enc;
|
||||
TSS_UUID uuid_key;
|
||||
TSS_HENCDATA hencdata;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile,
|
||||
init_key_scheme;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,316 +0,0 @@
|
||||
#ifndef libhis_changekeyauth_hpp
|
||||
#define libhis_changekeyauth_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_changekeyauth
|
||||
{
|
||||
public:
|
||||
libhis_changekeyauth()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
|
||||
//Create new policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
|
||||
}
|
||||
|
||||
void initidentity()
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_IDENTITY;
|
||||
|
||||
//set the key size
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initsign(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_SIGNING;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initbind(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_BIND;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initstorage(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_STORAGE;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void changekeyauth(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
unsigned char *auth_new_value,
|
||||
unsigned long auth_new_size,
|
||||
bool auth_new_sha1)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up Key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the Key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign Key Secret", result);
|
||||
|
||||
//set up new auth
|
||||
if(auth_new_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
|
||||
}
|
||||
|
||||
//change the Key secret
|
||||
result = Tspi_ChangeAuth(hkey_key, hkey_srk, hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Change Key Secret", result);
|
||||
|
||||
try
|
||||
{
|
||||
//save key
|
||||
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result);
|
||||
}
|
||||
catch(libhis_exception &e)
|
||||
{
|
||||
//Unregister the existing key
|
||||
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result);
|
||||
|
||||
//Register a new key
|
||||
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result);
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_changekeyauth()
|
||||
{
|
||||
//clean up new policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result);
|
||||
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key,
|
||||
hkey_unregister;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key,
|
||||
hpolicy_new;
|
||||
TSS_UUID uuid_key;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile,
|
||||
init_key_scheme;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,109 +0,0 @@
|
||||
#ifndef libhis_changeownership_hpp
|
||||
#define libhis_changeownership_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_changeownership
|
||||
{
|
||||
public:
|
||||
libhis_changeownership()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create new policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
|
||||
}
|
||||
|
||||
void changeownership(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *auth_new_value,
|
||||
unsigned long auth_new_size,
|
||||
bool auth_new_sha1)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
|
||||
|
||||
//set up new auth
|
||||
if(auth_new_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
|
||||
}
|
||||
|
||||
//change the TPM secret
|
||||
result = Tspi_ChangeAuth(htpm, 0, hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Change TPM Secret", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_changeownership()
|
||||
{
|
||||
//clean up new policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPOLICY hpolicy_tpm,
|
||||
hpolicy_new;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,150 +0,0 @@
|
||||
#ifndef libhis_changesrksecret_hpp
|
||||
#define libhis_changesrksecret_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_changesrksecret
|
||||
{
|
||||
public:
|
||||
libhis_changesrksecret()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create new policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result);
|
||||
}
|
||||
|
||||
void changesrksecret(unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_new_value,
|
||||
unsigned long auth_new_size,
|
||||
bool auth_new_sha1)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//set up new auth
|
||||
if(auth_new_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result);
|
||||
}
|
||||
|
||||
//change the SRK secret
|
||||
result = Tspi_ChangeAuth(hkey_srk, htpm, hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Change SRK Secret", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_changesrksecret()
|
||||
{
|
||||
//clean up new policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_new);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result);
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk;
|
||||
TSS_HPOLICY hpolicy_tpm,
|
||||
hpolicy_srk,
|
||||
hpolicy_new;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,167 +0,0 @@
|
||||
#ifndef libhis_clearkey_hpp
|
||||
#define libhis_clearkey_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_clearkey
|
||||
{
|
||||
public:
|
||||
libhis_clearkey()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
}
|
||||
|
||||
void clearkey(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *uuid_key_value)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//Unwrap the key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//Unregister the existing key
|
||||
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unregister uuid", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_clearkey()
|
||||
{
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key;
|
||||
TSS_UUID uuid_key;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile,
|
||||
init_key_scheme;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,121 +0,0 @@
|
||||
#ifndef libhis_clearnvdata_hpp
|
||||
#define libhis_clearnvdata_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_clearnvdata
|
||||
{
|
||||
public:
|
||||
libhis_clearnvdata()
|
||||
{
|
||||
//set defaults
|
||||
nvstore_index = 0;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create NVSTore object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result);
|
||||
}
|
||||
|
||||
void clearnvdata(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned long nv_index)
|
||||
{
|
||||
//set up the index value
|
||||
if(nv_index == 0)
|
||||
nvstore_index = TPM_NV_INDEX_EKCert;
|
||||
else if(nv_index == 1)
|
||||
nvstore_index = TPM_NV_INDEX_TPM_CC;
|
||||
else if(nv_index == 2)
|
||||
nvstore_index = TPM_NV_INDEX_PlatformCert;
|
||||
else if(nv_index == 3)
|
||||
nvstore_index = TPM_NV_INDEX_Platform_CC;
|
||||
else
|
||||
nvstore_index = nv_index;
|
||||
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//assign the TPM auth to the NVStore
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result);
|
||||
|
||||
//force NVData to be readable by the owner only
|
||||
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Requier owner auth on NVStore read/write", result);
|
||||
|
||||
//set the read address
|
||||
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result);
|
||||
|
||||
//clear the nvstore space
|
||||
result = Tspi_NV_ReleaseSpace(hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear data at NVStore index", result);
|
||||
}
|
||||
|
||||
~libhis_clearnvdata()
|
||||
{
|
||||
//clean up NVStore
|
||||
result = Tspi_Context_CloseObject(hcontext, hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPOLICY hpolicy_tpm;
|
||||
TSS_HNVSTORE hnvstore;
|
||||
UINT32 nvstore_index;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,83 +0,0 @@
|
||||
#ifndef libhis_clearownership_hpp
|
||||
#define libhis_clearownership_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_clearownership
|
||||
{
|
||||
public:
|
||||
libhis_clearownership()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
}
|
||||
|
||||
void clearownership(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
|
||||
|
||||
//clear the TPM owner
|
||||
result = Tspi_TPM_ClearOwner(htpm, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear Ownership", result);
|
||||
}
|
||||
|
||||
~libhis_clearownership()
|
||||
{
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPOLICY hpolicy_tpm;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,122 +0,0 @@
|
||||
#ifndef libhis_clearpcr_hpp
|
||||
#define libhis_clearpc_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_clearpcr
|
||||
{
|
||||
public:
|
||||
libhis_clearpcr()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create PCRS object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
|
||||
}
|
||||
|
||||
void clearpcr(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *mask)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//set up mask
|
||||
bool bitmask[24];
|
||||
for(short i = 0; i < 24; i++)
|
||||
bitmask[i] = 0;
|
||||
masktobitmask(mask, bitmask);
|
||||
|
||||
//collect the PCR values
|
||||
UINT32 temp_size;
|
||||
BYTE *temp_value;
|
||||
for(unsigned long i = 0; i < 24; i++)
|
||||
{
|
||||
if(bitmask[i])
|
||||
{
|
||||
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
|
||||
|
||||
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
|
||||
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
|
||||
}
|
||||
}
|
||||
|
||||
//clear PCR value
|
||||
result = Tspi_TPM_PcrReset(htpm, hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Reset PCRs", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_clearpcr()
|
||||
{
|
||||
//clean up PCRS
|
||||
result = Tspi_Context_CloseObject(hcontext, hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPOLICY hpolicy_tpm;
|
||||
TSS_HPCRS hpcrs;
|
||||
};
|
||||
|
||||
#endif
|
File diff suppressed because it is too large
Load Diff
@ -1,278 +0,0 @@
|
||||
#ifndef libhis_collateidentityrequest_hpp
|
||||
#define libhis_collateidentityrequest_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_collateidentityrequest
|
||||
{
|
||||
public:
|
||||
libhis_collateidentityrequest()
|
||||
{
|
||||
//set default values
|
||||
init_ik_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_ik_type = TSS_KEY_TYPE_IDENTITY;
|
||||
init_ik_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_ik_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_ik_volatile = TSS_KEY_VOLATILE;
|
||||
binitialized = false;
|
||||
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create IK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result);
|
||||
|
||||
//Create ACAK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_acak);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ACAK", result);
|
||||
}
|
||||
|
||||
void init()
|
||||
{
|
||||
//combine the init flags
|
||||
init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile;
|
||||
|
||||
//Create IK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void collateidentityrequest(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_ik_value,
|
||||
unsigned long auth_ik_size,
|
||||
bool auth_ik_sha1,
|
||||
unsigned char *label_ik_value,
|
||||
unsigned long label_ik_size,
|
||||
unsigned char *key_acak_value,
|
||||
unsigned long key_acak_size,
|
||||
unsigned char *uuid_ik_value,
|
||||
bool uuid_overwrite,
|
||||
unsigned char *ekc_value,
|
||||
unsigned long ekc_size,
|
||||
unsigned char *pc_value,
|
||||
unsigned long pc_size,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret", result);
|
||||
|
||||
//assign the TPM auth to the ACAK too
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_acak);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign ACAK Secret", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//set up IK auth
|
||||
if(auth_ik_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the IK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
|
||||
|
||||
//set ACAK blob
|
||||
result = Tspi_SetAttribData(hkey_acak, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, key_acak_size, key_acak_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ACAK Blob", result);
|
||||
|
||||
if(ekc_size != 0)
|
||||
{
|
||||
//set the EK cert
|
||||
result = Tspi_SetAttribData(htpm, TSS_TSPATTRIB_TPM_CREDENTIAL, TSS_TPMATTRIB_EKCERT, ekc_size, ekc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set EK credential blob", result);
|
||||
}
|
||||
|
||||
if(pc_size != 0)
|
||||
{
|
||||
//set the Platform cert
|
||||
result = Tspi_SetAttribData(htpm, TSS_TSPATTRIB_TPM_CREDENTIAL, TSS_TPMATTRIB_PLATFORMCERT, pc_size, pc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set Platform credential blob", result);
|
||||
}
|
||||
|
||||
//Collate identity request
|
||||
BYTE *value;
|
||||
UINT32 size;
|
||||
result = Tspi_TPM_CollateIdentityRequest(htpm, hkey_srk, hkey_acak, label_ik_size, label_ik_value, hkey_ik, TSS_ALG_AES, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Collate identity Request", result);
|
||||
|
||||
//Copy memory because TSS uses malloc and free, but we're using new and delete
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
{
|
||||
output_value[i] = value[i];
|
||||
}
|
||||
|
||||
//clean up the TSS data -- CANNOT DO THIS; TSS MEMORY LEAK?
|
||||
//result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
//if(result != TSS_SUCCESS) throw libhis_exception("Cleanup identity request", result);
|
||||
|
||||
//Unwrap the newly generated IK
|
||||
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
|
||||
|
||||
//Set up the IK UUID
|
||||
hextouuid(uuid_ik_value, uuid_ik);
|
||||
|
||||
try
|
||||
{
|
||||
//save ik
|
||||
result = Tspi_Context_RegisterKey(hcontext, hkey_ik, TSS_PS_TYPE_SYSTEM, uuid_ik, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Save IK By UUID", result);
|
||||
}
|
||||
catch(libhis_exception &e)
|
||||
{
|
||||
if(uuid_overwrite)
|
||||
{
|
||||
//Unregister the existing key
|
||||
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_unregister);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result);
|
||||
|
||||
//Register a new key
|
||||
result = Tspi_Context_RegisterKey(hcontext, hkey_ik, TSS_PS_TYPE_SYSTEM, uuid_ik, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Resave IK By UUID", result);
|
||||
}
|
||||
else throw e;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_collateidentityrequest()
|
||||
{
|
||||
//clean up ACAK
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_acak);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ACAK", result);
|
||||
|
||||
//clean up IK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up IK
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_ik,
|
||||
hkey_acak,
|
||||
hkey_unregister;
|
||||
TSS_HPOLICY hpolicy_tpm,
|
||||
hpolicy_srk,
|
||||
hpolicy_ik;
|
||||
TSS_UUID uuid_ik;
|
||||
UINT32 init_ik,
|
||||
init_ik_size,
|
||||
init_ik_type,
|
||||
init_ik_authorized,
|
||||
init_ik_migratable,
|
||||
init_ik_volatile;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,70 +0,0 @@
|
||||
#ifndef libhis_createek_hpp
|
||||
#define libhis_createek_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_createek
|
||||
{
|
||||
public:
|
||||
libhis_createek()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create EK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create EK object handle", result);
|
||||
}
|
||||
|
||||
void createek(
|
||||
unsigned char *nonce)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//TSS requires external data to be set for EK creation
|
||||
validation.ulExternalDataLength = 20;
|
||||
validation.rgbExternalData = nonce;
|
||||
|
||||
//create EK
|
||||
result = Tspi_TPM_CreateEndorsementKey(htpm, hkey_ek, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
|
||||
}
|
||||
|
||||
~libhis_createek()
|
||||
{
|
||||
//clean up EK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close EK object handle", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_ek;
|
||||
TSS_VALIDATION validation;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,317 +0,0 @@
|
||||
#ifndef libhis_createkey_hpp
|
||||
#define libhis_createkey_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_createkey
|
||||
{
|
||||
public:
|
||||
libhis_createkey()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
init_key_scheme = 0;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
}
|
||||
|
||||
void initsign(unsigned int in_size, unsigned int in_scheme)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_SIGNING;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//set the signature scheme
|
||||
if(in_scheme == 0)
|
||||
init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
|
||||
else if(in_scheme == 1)
|
||||
init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER;
|
||||
else
|
||||
init_key_scheme = TSS_SS_NONE;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
//Set the signature scheme
|
||||
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initbind(unsigned int in_size, unsigned int in_scheme)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_BIND;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//set the encryption scheme
|
||||
if(in_scheme == 0)
|
||||
init_key_scheme = TSS_ES_RSAESPKCSV15;
|
||||
else if(in_scheme == 1)
|
||||
init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
|
||||
else if(in_scheme == 2)
|
||||
init_key_scheme = TSS_ES_SYM_CNT;
|
||||
else if(in_scheme == 3)
|
||||
init_key_scheme = TSS_ES_SYM_OFB;
|
||||
else if(in_scheme == 4)
|
||||
init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD;
|
||||
else
|
||||
init_key_scheme = TSS_ES_NONE;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
//Set the encryption scheme
|
||||
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initstorage(unsigned int in_size, unsigned int in_location)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_STORAGE;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//set the encryption scheme
|
||||
if(in_location == 0)
|
||||
init_key_location = TSS_PS_TYPE_SYSTEM;
|
||||
else
|
||||
init_key_location = TSS_PS_TYPE_USER;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile | init_key_location;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void createkey(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
bool uuid_overwrite)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//create the key
|
||||
result = Tspi_Key_CreateKey(hkey_key, hkey_srk, 0);
|
||||
|
||||
//Unwrap the newly generated key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
try
|
||||
{
|
||||
//save key
|
||||
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result);
|
||||
}
|
||||
catch(libhis_exception &e)
|
||||
{
|
||||
if(uuid_overwrite)
|
||||
{
|
||||
//Unregister the existing key
|
||||
result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result);
|
||||
|
||||
//Register a new key
|
||||
result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result);
|
||||
}
|
||||
else throw e;
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_createkey()
|
||||
{
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key,
|
||||
hkey_unregister;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key;
|
||||
TSS_UUID uuid_key;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile,
|
||||
init_key_scheme,
|
||||
init_key_location;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,41 +0,0 @@
|
||||
< 200 TPM ERROR CODE
|
||||
> 12000 TSS ERROR CODE
|
||||
|
||||
TPM_MODULE ERROR CODES
|
||||
-------------------------
|
||||
290 can't open log file
|
||||
300 invalid mode argument
|
||||
310 hex to bin invalid length
|
||||
311 hex to bin character validation error
|
||||
312 hex to bin character validation error
|
||||
320 new auth argument missing
|
||||
321 tpm auth argument missing
|
||||
322 srk auth argument missing
|
||||
323 ik auth argument missing
|
||||
324 sign auth argument missing
|
||||
325 bind auth argument missing
|
||||
326 stor auth argument missing
|
||||
327 enc auth argument missing
|
||||
328 key auth argument missing
|
||||
330 nonce argument missing
|
||||
340 uuid argument missing
|
||||
350 pcrs argument missing
|
||||
360 key type argument missing
|
||||
361 key type argument invalid
|
||||
370 key length argument missing
|
||||
380 key scheme argument missing
|
||||
381 signing scheme invalid
|
||||
382 binding scheme invalid
|
||||
390 nvram index missing
|
||||
391 nvram index invalid
|
||||
400 help argument set
|
||||
410 mode-specific argument missing
|
||||
411 mode-specific argument missing
|
||||
412 mode-specific argument missing
|
||||
420 uuid validation failure
|
||||
421 uuid validation failure
|
||||
422 uuid validation failure
|
||||
423 uuid validation failure
|
||||
424 uuid validation failure
|
||||
425 uuid validation failure
|
||||
430 mask validation failure
|
@ -1,47 +0,0 @@
|
||||
#ifndef libhis_exception_hpp
|
||||
#define libhis_exception_hpp
|
||||
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include <exception>
|
||||
using namespace std;
|
||||
|
||||
class libhis_exception : public exception
|
||||
{
|
||||
public:
|
||||
libhis_exception(const char *message, int value) : exception(message)
|
||||
{
|
||||
result = value;
|
||||
}
|
||||
|
||||
int result;
|
||||
};
|
||||
#endif
|
||||
|
||||
#ifdef LINUX
|
||||
#include <exception>
|
||||
#include <string>
|
||||
using namespace std;
|
||||
|
||||
class libhis_exception
|
||||
{
|
||||
public:
|
||||
libhis_exception(string inmessage, int value)
|
||||
{
|
||||
message = inmessage;
|
||||
result = value;
|
||||
}
|
||||
|
||||
~libhis_exception() {}
|
||||
|
||||
string what()
|
||||
{
|
||||
return message;
|
||||
}
|
||||
|
||||
int result;
|
||||
string message;
|
||||
};
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,101 +0,0 @@
|
||||
#ifndef libhis_extendpcr_hpp
|
||||
#define libhis_extendpcr_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_extendpcr
|
||||
{
|
||||
public:
|
||||
libhis_extendpcr()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
}
|
||||
|
||||
void extendpcr(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned long pcr_index,
|
||||
unsigned char *hash,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//extend PCR value
|
||||
UINT32 size;
|
||||
BYTE *value;
|
||||
result = Tspi_TPM_PcrExtend(htpm, pcr_index, 20, hash, 0, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Extend PCR", result);
|
||||
|
||||
//convert memory
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_value[i] = value[i];
|
||||
|
||||
//free dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Free dynamic memory", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_extendpcr()
|
||||
{
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPOLICY hpolicy_tpm;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,292 +0,0 @@
|
||||
#ifndef libhis_getkeyblob_hpp
|
||||
#define libhis_getkeyblob_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_getkeyblob
|
||||
{
|
||||
public:
|
||||
libhis_getkeyblob()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Context", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
}
|
||||
|
||||
void initidentity()
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_IDENTITY;
|
||||
|
||||
//set the key size
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initsign(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_SIGNING;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initbind(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_BIND;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initstorage(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_STORAGE;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void getkeyblob(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//Unwrap the key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//get the keyblob
|
||||
UINT32 size;
|
||||
BYTE *value;
|
||||
result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_BLOB, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get keyblob", result);
|
||||
|
||||
//copy out the results
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_value[i] = value[i];
|
||||
|
||||
//clean up dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_getkeyblob()
|
||||
{
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key;
|
||||
TSS_UUID uuid_key;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,439 +0,0 @@
|
||||
#ifndef libhis_getkeymodulus_hpp
|
||||
#define libhis_getkeymodulus_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_getkeymodulus
|
||||
{
|
||||
public:
|
||||
libhis_getkeymodulus()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create EK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
}
|
||||
|
||||
void initidentity()
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_IDENTITY;
|
||||
|
||||
//set the key size
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initsign(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_SIGNING;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initbind(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_BIND;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void initstorage(unsigned int in_size)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_STORAGE;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
/*
|
||||
* @Deprecated
|
||||
*/
|
||||
void getpubsrk(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//set up key container
|
||||
UINT32 mod_size;
|
||||
BYTE *mod_value;
|
||||
|
||||
//get the public EK
|
||||
result = Tspi_TPM_OwnerGetSRKPubKey(htpm, &mod_size, &mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public SRK", result);
|
||||
|
||||
//copy out the SRK modulus
|
||||
output_size = mod_size;
|
||||
output_value = new unsigned char[mod_size];
|
||||
for(unsigned long i = 0; i < mod_size; i++)
|
||||
output_value[i] = mod_value[i];
|
||||
|
||||
//clean up SRK modulus
|
||||
result = Tspi_Context_FreeMemory(hcontext, mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
|
||||
}
|
||||
|
||||
/*
|
||||
* @Deprecated
|
||||
*/
|
||||
void getpubek(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *nonce,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//assign the TPM auth to the EK
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result);
|
||||
|
||||
//set up nonce
|
||||
validation.ulExternalDataLength = 20;
|
||||
validation.rgbExternalData = nonce;
|
||||
|
||||
try
|
||||
{
|
||||
//get the public EK
|
||||
result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
|
||||
}
|
||||
catch(libhis_exception &e)
|
||||
{
|
||||
//get the public EK the Atmel TPM in an Ultrabook way
|
||||
result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
|
||||
|
||||
//let a second exception make its way upward (should be same error code)
|
||||
}
|
||||
|
||||
//get the modulus
|
||||
UINT32 mod_size;
|
||||
BYTE *mod_value;
|
||||
result = Tspi_GetAttribData(hkey_ek, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &mod_size, &mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get EK Blob", result);
|
||||
|
||||
//copy out the EK modulus
|
||||
output_size = mod_size;
|
||||
output_value = new unsigned char[mod_size];
|
||||
for(unsigned long i = 0; i < mod_size; i++)
|
||||
output_value[i] = mod_value[i];
|
||||
|
||||
//clean up ek modulus
|
||||
result = Tspi_Context_FreeMemory(hcontext, mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
|
||||
}
|
||||
|
||||
void getkeymodulus(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//Unwrap the key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//get the keyblob
|
||||
UINT32 size;
|
||||
BYTE *value;
|
||||
result = Tspi_GetAttribData(hkey_key, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get modulus", result);
|
||||
|
||||
//copy out the results
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_value[i] = value[i];
|
||||
|
||||
//clean up dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup dynamic memory", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_getkeymodulus()
|
||||
{
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//clean up EK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close EK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_ek,
|
||||
hkey_srk,
|
||||
hkey_key,
|
||||
hkey_unregister;
|
||||
TSS_HPOLICY hpolicy_tpm,
|
||||
hpolicy_srk,
|
||||
hpolicy_key;
|
||||
TSS_VALIDATION validation;
|
||||
TSS_UUID uuid_key;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,182 +0,0 @@
|
||||
#ifndef libhis_getnvdata_hpp
|
||||
#define libhis_getnvdata_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include <trousers/trousers.h>
|
||||
|
||||
class libhis_getnvdata
|
||||
{
|
||||
public:
|
||||
libhis_getnvdata()
|
||||
{
|
||||
//set defaults
|
||||
nvstore_index = 0;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create NVSTore object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result);
|
||||
}
|
||||
|
||||
void getnvdata(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned long nv_index,
|
||||
unsigned char *&nv_value,
|
||||
unsigned long &nv_size)
|
||||
{
|
||||
//set up the index value
|
||||
bool nv_platform = false;
|
||||
if(nv_index == 0)
|
||||
nvstore_index = TPM_NV_INDEX_EKCert;
|
||||
else if(nv_index == 1)
|
||||
nvstore_index = TPM_NV_INDEX_TPM_CC;
|
||||
else if(nv_index == 2) {
|
||||
nvstore_index = TPM_NV_INDEX_PlatformCert;
|
||||
nv_platform = true;
|
||||
}
|
||||
else if(nv_index == 3) {
|
||||
nvstore_index = TPM_NV_INDEX_Platform_CC;
|
||||
nv_platform = true;
|
||||
}
|
||||
else
|
||||
nvstore_index = nv_index;
|
||||
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
// Check if the NV area is locked. Must be performed after TPM AUTH.
|
||||
TSS_BOOL nvLocked;
|
||||
result = Tspi_TPM_GetStatus(htpm, TSS_TPMSTATUS_NV_LOCK, &nvLocked);
|
||||
if (result != TSS_SUCCESS) throw libhis_exception("Check TPM NV Lock", result);
|
||||
|
||||
// If locked, set the bit in the index to retrieve the requested data. else, unset that bit.
|
||||
nvstore_index = ((nvLocked == TRUE) && !nv_platform) ? nvstore_index + TSS_NV_DEFINED : nvstore_index & ~TSS_NV_DEFINED;
|
||||
|
||||
//assign the TPM auth to the NVStore
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result);
|
||||
|
||||
//force NVData to be readable by the owner only
|
||||
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Requier owner auth on NVStore read/write", result);
|
||||
|
||||
//set the read address
|
||||
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result);
|
||||
|
||||
//get the size
|
||||
UINT32 size = 0;
|
||||
BYTE *value = 0;
|
||||
|
||||
#ifdef WINDOWS
|
||||
//read the size of the data at the index
|
||||
result = Tspi_GetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_DATASIZE, 0, &size);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("WINDOWS: Get size of NVStore object", result);
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
UINT32 ulResultLen; // stores the length of the data returned by GetCapability
|
||||
// Retrieves a TPM_NV_DATA_PUBLIC structure that indicates the values for the specified NV area.
|
||||
// The NV area is identified by the nvstore_index.
|
||||
result = Tspi_TPM_GetCapability(htpm, TSS_TPMCAP_NV_INDEX, sizeof(UINT32),
|
||||
(BYTE *)&nvstore_index, &ulResultLen, &value);
|
||||
if(result == TSS_SUCCESS) {
|
||||
UINT64 off = 0;
|
||||
// value which is a BYTE* must be converted into its TSS Data Structure
|
||||
TPM_NV_DATA_PUBLIC *nvDataPublicStruct = new TPM_NV_DATA_PUBLIC();
|
||||
// Trousers converts the data blob into the struct
|
||||
result = Trspi_UnloadBlob_NV_DATA_PUBLIC(&off, value, nvDataPublicStruct);
|
||||
if(result != TSS_SUCCESS) {
|
||||
delete nvDataPublicStruct;
|
||||
throw libhis_exception("LINUX: Problems converting data blob to NV Public Data object", result);
|
||||
}
|
||||
// Save off the size of the data stored in the NV area.
|
||||
size = nvDataPublicStruct->dataSize;
|
||||
// Free the memory.
|
||||
delete nvDataPublicStruct;
|
||||
}
|
||||
#endif
|
||||
|
||||
if(size > 0) {
|
||||
//read the nvdata
|
||||
result = Tspi_NV_ReadValue(hnvstore, 0, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Read NVStore space", result);
|
||||
|
||||
//copy out the values
|
||||
nv_size = size;
|
||||
nv_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
nv_value[i] = value[i];
|
||||
}
|
||||
|
||||
//cleanup
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
// I'm not sure if this error message is useful. But it was stopping the process unnecessarily.
|
||||
//if(result != TSS_SUCCESS) throw libhis_exception("Clean memory", result);
|
||||
}
|
||||
|
||||
~libhis_getnvdata()
|
||||
{
|
||||
//clean up NVStoer
|
||||
result = Tspi_Context_CloseObject(hcontext, hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPOLICY hpolicy_tpm;
|
||||
TSS_HNVSTORE hnvstore;
|
||||
UINT32 nvstore_index;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,106 +0,0 @@
|
||||
#ifndef libhis_getpcr_hpp
|
||||
#define libhis_getpcr_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_getpcr
|
||||
{
|
||||
public:
|
||||
libhis_getpcr()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create PCRS object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
|
||||
}
|
||||
|
||||
void getpcr(
|
||||
unsigned char *mask,
|
||||
unsigned char *&output_pcrs_value,
|
||||
unsigned long &output_pcrs_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up mask
|
||||
bool bitmask[24];
|
||||
for(short i = 0; i < 24; i++)
|
||||
bitmask[i] = 0;
|
||||
masktobitmask(mask, bitmask);
|
||||
|
||||
//prepare the PCR output array
|
||||
short counter = 0;
|
||||
for(short i = 0; i < 24; i++)
|
||||
if(bitmask[i]) counter++;
|
||||
output_pcrs_size = counter * 20;
|
||||
output_pcrs_value = new unsigned char[counter * 20];
|
||||
|
||||
//collect the PCR values
|
||||
UINT32 temp_size;
|
||||
BYTE *temp_value;
|
||||
counter = 0;
|
||||
for(unsigned long i = 0; i < 24; i++)
|
||||
{
|
||||
if(bitmask[i])
|
||||
{
|
||||
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
|
||||
|
||||
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
|
||||
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
for(unsigned long j = 0; j < 20; j++)
|
||||
output_pcrs_value[counter * 20 + j] = temp_value[j];
|
||||
|
||||
counter++;
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_getpcr()
|
||||
{
|
||||
//clean up PCRS
|
||||
result = Tspi_Context_CloseObject(hcontext, hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPCRS hpcrs;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,166 +0,0 @@
|
||||
#ifndef libhis_getpubkey_hpp
|
||||
#define libhis_getpubkey_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_getpubkey
|
||||
{
|
||||
public:
|
||||
libhis_getpubkey()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create EK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
}
|
||||
|
||||
void getpubek(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *nonce,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//assign the TPM auth to the EK
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result);
|
||||
|
||||
//set up nonce
|
||||
validation.ulExternalDataLength = 20;
|
||||
validation.rgbExternalData = nonce;
|
||||
|
||||
try
|
||||
{
|
||||
//get the public EK
|
||||
result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
|
||||
}
|
||||
catch(libhis_exception &e)
|
||||
{
|
||||
//get the public EK the Atmel TPM in an Ultrabook way
|
||||
result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
|
||||
|
||||
//let a second exception make its way upward (should be same error code)
|
||||
}
|
||||
|
||||
//get the modulus
|
||||
UINT32 mod_size;
|
||||
BYTE *mod_value;
|
||||
result = Tspi_GetAttribData(hkey_ek, TSS_TSPATTRIB_RSAKEY_INFO, TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &mod_size, &mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get EK Blob", result);
|
||||
|
||||
//copy out the EK modulus
|
||||
output_size = mod_size;
|
||||
output_value = new unsigned char[mod_size];
|
||||
for(unsigned long i = 0; i < mod_size; i++)
|
||||
output_value[i] = mod_value[i];
|
||||
|
||||
//clean up ek modulus
|
||||
result = Tspi_Context_FreeMemory(hcontext, mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
|
||||
}
|
||||
|
||||
void getpubsrk(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//set up key container
|
||||
UINT32 mod_size;
|
||||
BYTE *mod_value;
|
||||
|
||||
//get the public EK
|
||||
result = Tspi_TPM_OwnerGetSRKPubKey(htpm, &mod_size, &mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public SRK", result);
|
||||
|
||||
//copy out the SRK modulus
|
||||
output_size = mod_size;
|
||||
output_value = new unsigned char[mod_size];
|
||||
for(unsigned long i = 0; i < mod_size; i++)
|
||||
output_value[i] = mod_value[i];
|
||||
|
||||
//clean up SRK modulus
|
||||
result = Tspi_Context_FreeMemory(hcontext, mod_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up modulus data", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_ek;
|
||||
TSS_HPOLICY hpolicy_tpm;
|
||||
TSS_VALIDATION validation;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,71 +0,0 @@
|
||||
#ifndef libhis_getrandombytes_hpp
|
||||
#define libhis_getrandombytes_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_getrandombytes
|
||||
{
|
||||
public:
|
||||
libhis_getrandombytes()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
}
|
||||
|
||||
void getrandombytes(
|
||||
unsigned long bytes_size,
|
||||
unsigned char *&output_value)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//get random bytes
|
||||
BYTE *bytes_value;
|
||||
result = Tspi_TPM_GetRandom(htpm, bytes_size, &bytes_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Random Bytes", result);
|
||||
|
||||
//copy C-style output into C++ format
|
||||
output_value = new unsigned char[bytes_size];
|
||||
for(unsigned long i = 0; i < bytes_size; i++)
|
||||
{
|
||||
output_value[i] = bytes_value[i];
|
||||
}
|
||||
|
||||
//clean up random bytes
|
||||
result = Tspi_Context_FreeMemory(hcontext, bytes_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Cleanup bytes", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_getrandombytes()
|
||||
{
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,436 +0,0 @@
|
||||
#ifndef libhis_quote_hpp
|
||||
#define libhis_quote_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_quote
|
||||
{
|
||||
public:
|
||||
libhis_quote()
|
||||
{
|
||||
//set default values
|
||||
init_ik_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_ik_type = TSS_KEY_TYPE_IDENTITY;
|
||||
init_ik_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_ik_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_ik_volatile = TSS_KEY_VOLATILE;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create IK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create IK Policy", result);
|
||||
}
|
||||
|
||||
void init(bool bshort)
|
||||
{
|
||||
if(bshort)
|
||||
{
|
||||
//Create PCRS object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_SHORT, &hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
//Create PCRS object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO, &hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
|
||||
}
|
||||
|
||||
//combine the init flags
|
||||
init_ik = init_ik_size | init_ik_type | init_ik_authorized | init_ik_migratable | init_ik_volatile;
|
||||
|
||||
//Create IK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_ik, &hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create IK", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void quote(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_ik_value,
|
||||
unsigned long auth_ik_size,
|
||||
bool auth_ik_sha1,
|
||||
unsigned char *nonce,
|
||||
unsigned char *uuid_ik_value,
|
||||
unsigned char *mask,
|
||||
unsigned char *&output_pcrs_value,
|
||||
unsigned long &output_pcrs_size,
|
||||
unsigned char *&output_quote_value,
|
||||
unsigned long &output_quote_size,
|
||||
unsigned char *&output_sig_value,
|
||||
unsigned long &output_sig_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the IK UUID
|
||||
hextouuid(uuid_ik_value, uuid_ik);
|
||||
|
||||
//Get the IK by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result);
|
||||
|
||||
//set up IK auth
|
||||
if(auth_ik_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the IK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
|
||||
|
||||
//Unwrap the IK
|
||||
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
|
||||
|
||||
//set up nonce
|
||||
validation.ulExternalDataLength = 20;
|
||||
validation.rgbExternalData = nonce;
|
||||
|
||||
//set up mask
|
||||
bool bitmask[24];
|
||||
for(short i = 0; i < 24; i++)
|
||||
bitmask[i] = 0;
|
||||
masktobitmask(mask, bitmask);
|
||||
|
||||
//prepare the PCR output array
|
||||
short counter = 0;
|
||||
for(short i = 0; i < 24; i++)
|
||||
if(bitmask[i]) counter++;
|
||||
output_pcrs_size = counter * 20;
|
||||
output_pcrs_value = new unsigned char[counter * 20];
|
||||
|
||||
//collect the PCR values
|
||||
UINT32 temp_size;
|
||||
BYTE *temp_value;
|
||||
counter = 0;
|
||||
for(unsigned long i = 0; i < 24; i++)
|
||||
{
|
||||
if(bitmask[i])
|
||||
{
|
||||
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
|
||||
|
||||
result = Tspi_PcrComposite_SelectPcrIndex(hpcrs, i);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
|
||||
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
for(unsigned long j = 0; j < 20; j++)
|
||||
output_pcrs_value[counter * 20 + j] = temp_value[j];
|
||||
|
||||
counter++;
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
|
||||
}
|
||||
}
|
||||
|
||||
//quote
|
||||
result = Tspi_TPM_Quote(htpm, hkey_ik, hpcrs, &validation);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Quote", result);
|
||||
|
||||
//copy values
|
||||
output_quote_size = validation.ulDataLength;
|
||||
output_quote_value = new unsigned char[validation.ulDataLength];
|
||||
for(unsigned long i = 0; i < validation.ulDataLength; i++)
|
||||
output_quote_value[i] = validation.rgbData[i];
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, validation.rgbData);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up digest", result);
|
||||
|
||||
output_sig_size = validation.ulValidationDataLength;
|
||||
output_sig_value = new unsigned char [validation.ulValidationDataLength];
|
||||
for(unsigned long i = 0; i < validation.ulValidationDataLength; i++)
|
||||
output_sig_value[i] = validation.rgbValidationData[i];
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up signature", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void quote2(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_ik_value,
|
||||
unsigned long auth_ik_size,
|
||||
bool auth_ik_sha1,
|
||||
unsigned char *nonce,
|
||||
unsigned char *uuid_ik_value,
|
||||
unsigned char *mask,
|
||||
unsigned char *&output_pcrs_value,
|
||||
unsigned long &output_pcrs_size,
|
||||
unsigned char *&output_quote_value,
|
||||
unsigned long &output_quote_size,
|
||||
unsigned char *&output_sig_value,
|
||||
unsigned long &output_sig_size,
|
||||
bool bCapVersion)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the IK UUID
|
||||
hextouuid(uuid_ik_value, uuid_ik);
|
||||
|
||||
//Get the IK by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_ik, &hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get IK by UUID", result);
|
||||
|
||||
//set up IK auth
|
||||
if(auth_ik_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_SHA1, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_ik, TSS_SECRET_MODE_PLAIN, auth_ik_size, auth_ik_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set IK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the IK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_ik, hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign IK Secret", result);
|
||||
|
||||
//Unwrap the IK
|
||||
result = Tspi_Key_LoadKey(hkey_ik, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap IK", result);
|
||||
|
||||
//set up nonce
|
||||
validation.ulExternalDataLength = 20;
|
||||
validation.rgbExternalData = nonce;
|
||||
|
||||
//set up mask
|
||||
bool bitmask[24];
|
||||
for(short i = 0; i < 24; i++)
|
||||
bitmask[i] = 0;
|
||||
masktobitmask(mask, bitmask);
|
||||
|
||||
//prepare the PCR output array
|
||||
short counter = 0;
|
||||
for(short i = 0; i < 24; i++)
|
||||
if(bitmask[i]) counter++;
|
||||
output_pcrs_size = counter * 20;
|
||||
output_pcrs_value = new unsigned char[counter * 20];
|
||||
|
||||
//collect the PCR values
|
||||
UINT32 temp_size;
|
||||
BYTE *temp_value;
|
||||
counter = 0;
|
||||
for(unsigned long i = 0; i < 24; i++)
|
||||
{
|
||||
if(bitmask[i])
|
||||
{
|
||||
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
|
||||
|
||||
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index", result);
|
||||
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
for(unsigned long j = 0; j < 20; j++)
|
||||
output_pcrs_value[counter * 20 + j] = temp_value[j];
|
||||
|
||||
counter++;
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
|
||||
}
|
||||
}
|
||||
|
||||
//quote2
|
||||
BYTE* version_value;
|
||||
UINT32 version_size;
|
||||
|
||||
//read PCR 10 again right before collecting the quote
|
||||
if(bitmask[10])
|
||||
{
|
||||
//reread PCR 10
|
||||
result = Tspi_TPM_PcrRead(htpm, 10, &temp_size, &temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
|
||||
|
||||
//read quote2
|
||||
result = Tspi_TPM_Quote2(htpm, hkey_ik, bCapVersion, hpcrs, &validation, &version_size, &version_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Quote2", result);
|
||||
|
||||
//set value of PCR 10 in the PCR Composite
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, 10, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
for(unsigned long j = 0; j < 20; j++)
|
||||
output_pcrs_value[10 * 20 + j] = temp_value[j];
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
|
||||
} else {
|
||||
//read quote2 without rereading PCR 10
|
||||
result = Tspi_TPM_Quote2(htpm, hkey_ik, bCapVersion, hpcrs, &validation, &version_size, &version_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Quote2", result);
|
||||
}
|
||||
|
||||
//copy values
|
||||
output_quote_size = validation.ulDataLength;
|
||||
output_quote_value = new unsigned char[validation.ulDataLength];
|
||||
for(unsigned long i = 0; i < validation.ulDataLength; i++)
|
||||
output_quote_value[i] = validation.rgbData[i];
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, validation.rgbData);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up digest", result);
|
||||
|
||||
output_sig_size = validation.ulValidationDataLength;
|
||||
output_sig_value = new unsigned char [validation.ulValidationDataLength];
|
||||
for(unsigned long i = 0; i < validation.ulValidationDataLength; i++)
|
||||
output_sig_value[i] = validation.rgbValidationData[i];
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up signature", result);
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, version_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up version info", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_quote()
|
||||
{
|
||||
//clean up IK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close IK Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up PCRS
|
||||
result = Tspi_Context_CloseObject(hcontext, hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
|
||||
|
||||
//clean up IK
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_ik);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close IK", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_ik;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_ik;
|
||||
TSS_NONCE nonce;
|
||||
TSS_VALIDATION validation;
|
||||
TSS_UUID uuid_ik;
|
||||
TSS_HPCRS hpcrs;
|
||||
UINT32 init_ik,
|
||||
init_ik_size,
|
||||
init_ik_type,
|
||||
init_ik_authorized,
|
||||
init_ik_migratable,
|
||||
init_ik_volatile;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,347 +0,0 @@
|
||||
#ifndef libhis_seal_hpp
|
||||
#define libhis_seal_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_seal
|
||||
{
|
||||
public:
|
||||
libhis_seal()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create PCRS object
|
||||
#ifdef WINDOWS
|
||||
//Windows and NTru are capable of unsealing all PCRS structures so use 1.2 LONG for full 24 PCR support
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO_LONG, &hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
//Linux and Trousers CANNOT unseal 1.2 LONG or SHORT PCRS structures so use the legacy 1.1 structure with 16 PCR limit
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_PCRS, TSS_PCRS_STRUCT_INFO, &hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create PCRS", result);
|
||||
#endif
|
||||
|
||||
//Create ENCData object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
|
||||
|
||||
//Create ENCData policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
|
||||
}
|
||||
|
||||
void seal(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_enc_value,
|
||||
unsigned long auth_enc_size,
|
||||
bool auth_enc_sha1,
|
||||
unsigned char *mask,
|
||||
unsigned char *payload_value,
|
||||
unsigned long payload_size,
|
||||
unsigned char *&output_enc_value,
|
||||
unsigned long &output_enc_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//set up ENCData auth
|
||||
if(auth_enc_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the ENCData auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
|
||||
|
||||
//set up mask
|
||||
bool bitmask[24];
|
||||
for(short i = 0; i < 24; i++)
|
||||
bitmask[i] = 0;
|
||||
masktobitmask(mask, bitmask);
|
||||
|
||||
//collect the PCR values
|
||||
UINT32 temp_size;
|
||||
BYTE *temp_value;
|
||||
#ifdef WINDOWS
|
||||
for(unsigned long i = 0; i < 24; i++) //all PCRs available in SHORT or LONG
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
for(unsigned long i = 0; i < 16; i++) //we cannot use all PCRs in Linux mode due to legacy PCRS structure
|
||||
#endif
|
||||
{
|
||||
if(bitmask[i])
|
||||
{
|
||||
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
|
||||
|
||||
//don't do this for regular seal because creation PCRs are meaningless in this context
|
||||
//result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_CREATION);
|
||||
//if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at creation", result);
|
||||
|
||||
#ifdef WINDOWS
|
||||
//use EX functions because we are PCRS LONG
|
||||
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at release", result);
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
//cannot use EX functions
|
||||
result = Tspi_PcrComposite_SelectPcrIndex(hpcrs, i);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index legacy mode", result);
|
||||
#endif
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
|
||||
}
|
||||
}
|
||||
|
||||
//Seal data
|
||||
result = Tspi_Data_Seal(hencdata, hkey_srk, payload_size, payload_value, hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Seal data", result);
|
||||
|
||||
//Get the sealed data blob
|
||||
BYTE *value;
|
||||
UINT32 size;
|
||||
result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get sealed data blob", result);
|
||||
|
||||
//copy over memory
|
||||
output_enc_size = size;
|
||||
output_enc_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_enc_value[i] = value[i];
|
||||
|
||||
//clean up dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
void seal2(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_enc_value,
|
||||
unsigned long auth_enc_size,
|
||||
bool auth_enc_sha1,
|
||||
unsigned char *mask,
|
||||
unsigned char *payload_value,
|
||||
unsigned long payload_size,
|
||||
unsigned char *release_value,
|
||||
unsigned long release_size,
|
||||
unsigned char *&output_enc_value,
|
||||
unsigned long &output_enc_size)
|
||||
{
|
||||
#ifdef LINUX
|
||||
//don't even let the users do seal2 because TSS_PCRS_STRUCT_INFO_LONG does not work for unsealing in Linux
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Command disabled in Linux due to TSS_PCRS_STRUCT_INFO_LONG unseal defect", TPM_E_DISABLED_CMD);
|
||||
#endif
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//set up ENCData auth
|
||||
if(auth_enc_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the ENCData auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
|
||||
|
||||
//set up mask
|
||||
bool bitmask[24];
|
||||
for(short i = 0; i < 24; i++)
|
||||
bitmask[i] = 0;
|
||||
masktobitmask(mask, bitmask);
|
||||
|
||||
//collect the PCR values
|
||||
UINT32 temp_size;
|
||||
BYTE *temp_value;
|
||||
short counter = 0;
|
||||
for(unsigned long i = 0; i < 24; i++)
|
||||
{
|
||||
if(bitmask[i])
|
||||
{
|
||||
//set the creation value
|
||||
result = Tspi_TPM_PcrRead(htpm, i, &temp_size, &temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("PCR value read", result);
|
||||
|
||||
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_CREATION);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at creation", result);
|
||||
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear temporary memory", result);
|
||||
|
||||
//set the release value
|
||||
temp_value = new unsigned char[20];
|
||||
for(short j = 0; j < 20; j++)
|
||||
temp_value[j] = release_value[j + counter * 20];
|
||||
|
||||
result = Tspi_PcrComposite_SelectPcrIndexEx(hpcrs, i, TSS_PCRS_DIRECTION_RELEASE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set PCR composite index at release", result);
|
||||
|
||||
result = Tspi_PcrComposite_SetPcrValue(hpcrs, i, temp_size, temp_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Store PCR value in composite", result);
|
||||
|
||||
delete [] temp_value;
|
||||
}
|
||||
}
|
||||
|
||||
//Seal data
|
||||
result = Tspi_Data_Seal(hencdata, hkey_srk, payload_size, payload_value, hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Seal data", result);
|
||||
|
||||
//Get the sealed data blob
|
||||
BYTE *value;
|
||||
UINT32 size;
|
||||
result = Tspi_GetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get sealed data blob", result);
|
||||
|
||||
//copy over memory
|
||||
output_enc_size = size;
|
||||
output_enc_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_enc_value[i] = value[i];
|
||||
|
||||
//clean up dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_seal()
|
||||
{
|
||||
//clean up ENCData policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
|
||||
|
||||
//Clean up ENCData
|
||||
result = Tspi_Context_CloseObject(hcontext, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
|
||||
|
||||
//clean up PCRS
|
||||
result = Tspi_Context_CloseObject(hcontext, hpcrs);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close PCRS", result);
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_enc;
|
||||
TSS_HPCRS hpcrs;
|
||||
TSS_HENCDATA hencdata;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,131 +0,0 @@
|
||||
#ifndef libhis_setnvdata_hpp
|
||||
#define libhis_setnvdata_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_setnvdata
|
||||
{
|
||||
public:
|
||||
libhis_setnvdata()
|
||||
{
|
||||
//set defaults
|
||||
nvstore_index = 0;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create NVSTore object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_NV, 0, &hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create NVStore object", result);
|
||||
}
|
||||
|
||||
void setnvdata(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned long nv_index,
|
||||
unsigned char *nv_value,
|
||||
unsigned long nv_size)
|
||||
{
|
||||
//set up the index value
|
||||
if(nv_index == 0)
|
||||
nvstore_index = TPM_NV_INDEX_EKCert;
|
||||
else if(nv_index == 1)
|
||||
nvstore_index = TPM_NV_INDEX_TPM_CC;
|
||||
else if(nv_index == 2)
|
||||
nvstore_index = TPM_NV_INDEX_PlatformCert;
|
||||
else if(nv_index == 3)
|
||||
nvstore_index = TPM_NV_INDEX_Platform_CC;
|
||||
else
|
||||
nvstore_index = nv_index;
|
||||
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//assign the TPM auth to the NVStore
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to NVStore", result);
|
||||
|
||||
//set the write address
|
||||
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_INDEX, 0, nvstore_index);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set NVStore index", result);
|
||||
|
||||
//force NVData to be readable by the owner only
|
||||
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_PERMISSIONS, 0, TPM_NV_PER_OWNERREAD | TPM_NV_PER_OWNERWRITE);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Require owner auth on NVStore read/write", result);
|
||||
|
||||
//set the size
|
||||
result = Tspi_SetAttribUint32(hnvstore, TSS_TSPATTRIB_NV_DATASIZE, 0, nv_size);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set size of NVStore object", result);
|
||||
|
||||
//define the space we need
|
||||
result = Tspi_NV_DefineSpace(hnvstore, 0, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Define NVStore space", result);
|
||||
|
||||
//write the value using the weird way the TSS does it
|
||||
result = Tspi_NV_WriteValue(hnvstore, 0, nv_size, nv_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Write NVData", result);
|
||||
}
|
||||
|
||||
~libhis_setnvdata()
|
||||
{
|
||||
//clean up NVStoer
|
||||
result = Tspi_Context_CloseObject(hcontext, hnvstore);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close NVStore object", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HPOLICY hpolicy_tpm;
|
||||
TSS_HNVSTORE hnvstore;
|
||||
UINT32 nvstore_index;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,236 +0,0 @@
|
||||
#ifndef libhis_sign_hpp
|
||||
#define libhis_sign_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_sign
|
||||
{
|
||||
public:
|
||||
libhis_sign()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
init_key_scheme = 0;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
|
||||
//create hash object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hhash);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create hash object", result);
|
||||
}
|
||||
|
||||
void initsign(unsigned int in_size, unsigned int in_scheme)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_SIGNING;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//set the signature scheme
|
||||
if(in_scheme == 0)
|
||||
init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
|
||||
else if(in_scheme == 1)
|
||||
init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER;
|
||||
else
|
||||
init_key_scheme = TSS_SS_NONE;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
//Set the signature scheme
|
||||
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void sign(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
unsigned char *hash,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//Unwrap the key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//set hash value
|
||||
result = Tspi_Hash_UpdateHashValue(hhash, 20, hash);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set hash value", result);
|
||||
|
||||
//sign data
|
||||
UINT32 size = 0;
|
||||
BYTE *value = 0;
|
||||
result = Tspi_Hash_Sign(hhash, hkey_key, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Sign", result);
|
||||
|
||||
//copy dynamic values
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_value[i] = value[i];
|
||||
|
||||
//cleanup
|
||||
Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Free memory", result);
|
||||
}
|
||||
|
||||
~libhis_sign()
|
||||
{
|
||||
//clean up hash object
|
||||
result = Tspi_Context_CloseObject(hcontext, hhash);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close hash object", result);
|
||||
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key;
|
||||
TSS_UUID uuid_key;
|
||||
TSS_HHASH hhash;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile,
|
||||
init_key_scheme;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,168 +0,0 @@
|
||||
#ifndef libhis_takeownership_hpp
|
||||
#define libhis_takeownership_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
class libhis_takeownership
|
||||
{
|
||||
public:
|
||||
libhis_takeownership()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create EK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_SIZE_DEFAULT, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create EK", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create TPM policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create TPM Policy", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
}
|
||||
|
||||
void takeownership(
|
||||
unsigned char *auth_tpm_value,
|
||||
unsigned long auth_tpm_size,
|
||||
bool auth_tpm_sha1,
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *nonce)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//set up TPM auth
|
||||
if(auth_tpm_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_SHA1, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_tpm, TSS_SECRET_MODE_PLAIN, auth_tpm_size, auth_tpm_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set TPM Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the TPM auth to the TPM
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to TPM", result);
|
||||
|
||||
//assign the TPM auth to the EK
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_tpm, hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign TPM Secret to EK", result);
|
||||
|
||||
//set up nonce
|
||||
validation.ulExternalDataLength = 20;
|
||||
validation.rgbExternalData = nonce;
|
||||
|
||||
try
|
||||
{
|
||||
//get the public EK
|
||||
result = Tspi_TPM_GetPubEndorsementKey(htpm, false, &validation, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
|
||||
}
|
||||
catch(libhis_exception &e)
|
||||
{
|
||||
//get the public EK the Atmel TPM in an Ultrabook way
|
||||
result = Tspi_TPM_GetPubEndorsementKey(htpm, true, &validation, &hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get Public EK", result);
|
||||
|
||||
//let a second exception make its way upward (rare)
|
||||
}
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//take ownership of the TPM
|
||||
result = Tspi_TPM_TakeOwnership(htpm, hkey_srk, hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Take Ownership", result);
|
||||
|
||||
//clean up validation data
|
||||
result = Tspi_Context_FreeMemory(hcontext, validation.rgbData);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up rgbData", result);
|
||||
|
||||
result = Tspi_Context_FreeMemory(hcontext, validation.rgbValidationData);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clean up rgbValidationData", result);
|
||||
|
||||
//test the SRK to make sure it actually works (required for NTru because TakeOwnership sometimes doesn't execute RegisterKey for SRK)
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Test the SRK", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_takeownership()
|
||||
{
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up TPM policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_tpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close TPM Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//clean up EK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_ek);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close EK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_ek,
|
||||
hkey_srk;
|
||||
TSS_HPOLICY hpolicy_tpm,
|
||||
hpolicy_srk;
|
||||
TSS_VALIDATION validation;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,270 +0,0 @@
|
||||
#ifndef libhis_unbind_hpp
|
||||
#define libhis_unbind_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_unbind
|
||||
{
|
||||
public:
|
||||
libhis_unbind()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
init_key_scheme = 0;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
|
||||
//Create ENCData object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_BIND, &hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
|
||||
|
||||
//Create ENCData policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
|
||||
}
|
||||
|
||||
void initbind(unsigned int in_size, unsigned int in_scheme)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_BIND;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//set the encryption scheme
|
||||
if(in_scheme == 0)
|
||||
init_key_scheme = TSS_ES_RSAESPKCSV15;
|
||||
else if(in_scheme == 1)
|
||||
init_key_scheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
|
||||
else if(in_scheme == 2)
|
||||
init_key_scheme = TSS_ES_SYM_CNT;
|
||||
else if(in_scheme == 3)
|
||||
init_key_scheme = TSS_ES_SYM_OFB;
|
||||
else if(in_scheme == 4)
|
||||
init_key_scheme = TSS_ES_SYM_CBC_PKCS5PAD;
|
||||
else
|
||||
init_key_scheme = TSS_ES_NONE;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
//Set the encryption scheme
|
||||
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_ENCSCHEME, init_key_scheme);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set encryption scheme", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void unbind(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *auth_enc_value,
|
||||
unsigned long auth_enc_size,
|
||||
bool auth_enc_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
unsigned char *payload_value,
|
||||
unsigned long payload_size,
|
||||
unsigned char *&output_value,
|
||||
unsigned long &output_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//Unwrap the key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//install the encrypted data blob into hencdata object
|
||||
result = Tspi_SetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, payload_size, payload_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set encrypted data blob", result);
|
||||
|
||||
//set up ENCData auth
|
||||
if(auth_enc_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the ENCData auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
|
||||
|
||||
//unseal the data
|
||||
BYTE *value;
|
||||
UINT32 size;
|
||||
result = Tspi_Data_Unbind(hencdata, hkey_key, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unbind", result);
|
||||
|
||||
output_size = size;
|
||||
output_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_value[i] = value[i];
|
||||
|
||||
//clean up dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
|
||||
}
|
||||
|
||||
~libhis_unbind()
|
||||
{
|
||||
//clean up ENCData policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
|
||||
|
||||
//Clean up ENCData
|
||||
result = Tspi_Context_CloseObject(hcontext, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
|
||||
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key,
|
||||
hpolicy_enc;
|
||||
TSS_UUID uuid_key;
|
||||
TSS_HENCDATA hencdata;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile,
|
||||
init_key_scheme;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,157 +0,0 @@
|
||||
#ifndef libhis_unseal_hpp
|
||||
#define libhis_unseal_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_unseal
|
||||
{
|
||||
public:
|
||||
libhis_unseal()
|
||||
{
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create ENCData object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL, &hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Object", result);
|
||||
|
||||
//Create ENCData policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create ENCData Policy", result);
|
||||
}
|
||||
|
||||
void unseal(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_enc_value,
|
||||
unsigned long auth_enc_size,
|
||||
bool auth_enc_sha1,
|
||||
unsigned char *payload_value,
|
||||
unsigned long payload_size,
|
||||
unsigned char *&output_enc_value,
|
||||
unsigned long &output_enc_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//install the encrypted data blob into hencdata object
|
||||
result = Tspi_SetAttribData(hencdata, TSS_TSPATTRIB_ENCDATA_BLOB, TSS_TSPATTRIB_ENCDATABLOB_BLOB, payload_size, payload_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set encrypted data blob", result);
|
||||
|
||||
//set up ENCData auth
|
||||
if(auth_enc_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_SHA1, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_enc, TSS_SECRET_MODE_PLAIN, auth_enc_size, auth_enc_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set ENCData Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the ENCData auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_enc, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign ENCData Secret", result);
|
||||
|
||||
//unseal the data
|
||||
BYTE *value;
|
||||
UINT32 size;
|
||||
result = Tspi_Data_Unseal(hencdata, hkey_srk, &size, &value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unseal", result);
|
||||
|
||||
output_enc_size = size;
|
||||
output_enc_value = new unsigned char[size];
|
||||
for(unsigned long i = 0; i < size; i++)
|
||||
output_enc_value[i] = value[i];
|
||||
|
||||
//clean up dynamic memory
|
||||
result = Tspi_Context_FreeMemory(hcontext, value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Clear dynamic memory", result);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
~libhis_unseal()
|
||||
{
|
||||
//clean up ENCData policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_enc);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData Policy", result);
|
||||
|
||||
//Clean up ENCData
|
||||
result = Tspi_Context_CloseObject(hcontext, hencdata);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close ENCData", result);
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_enc;
|
||||
TSS_HPCRS hpcrs;
|
||||
TSS_HENCDATA hencdata;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,367 +0,0 @@
|
||||
#ifndef libhis_utils_hpp
|
||||
#define libhis_utils_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
|
||||
void hextouuid(unsigned char *hex, TSS_UUID &uuid)
|
||||
{
|
||||
//process the unsigned long leading the UUID
|
||||
for(short i = 0; i < 8; i++)
|
||||
{
|
||||
if(hex[i] >= 48 && hex[i] <= 57)
|
||||
hex[i] -= 48;
|
||||
else if(hex[i] >= 65 && hex[i] <= 70)
|
||||
hex[i] -= 55;
|
||||
else if(hex[i] >= 97 && hex[i] <= 102)
|
||||
hex[i] -= 87;
|
||||
else
|
||||
throw libhis_exception("UUID validation failure", 420);
|
||||
}
|
||||
|
||||
uuid.ulTimeLow = hex[0] * 268435456 + hex[1] * 16777216 + hex[2] * 1048576 +
|
||||
hex[3] * 65536 + hex[4] * 4096 + hex[5] * 256 + hex[6] * 16 + hex[7];
|
||||
|
||||
//process the unsigned short for midtime
|
||||
for(short i = 9; i < 13; i++)
|
||||
{
|
||||
if(hex[i] >= 48 && hex[i] <= 57)
|
||||
hex[i] -= 48;
|
||||
else if(hex[i] >= 65 && hex[i] <= 70)
|
||||
hex[i] -= 55;
|
||||
else if(hex[i] >= 97 && hex[i] <= 102)
|
||||
hex[i] -= 87;
|
||||
else
|
||||
throw libhis_exception("UUID validation failure", 421);
|
||||
}
|
||||
|
||||
uuid.usTimeMid = hex[9] * 4096 + hex[10] * 256 + hex[11] * 16 + hex[12];
|
||||
|
||||
//process the unsigned short for hightime
|
||||
for(short i = 14; i < 18; i++)
|
||||
{
|
||||
if(hex[i] >= 48 && hex[i] <= 57)
|
||||
hex[i] -= 48;
|
||||
else if(hex[i] >= 65 && hex[i] <= 70)
|
||||
hex[i] -= 55;
|
||||
else if(hex[i] >= 97 && hex[i] <= 102)
|
||||
hex[i] -= 87;
|
||||
else
|
||||
throw libhis_exception("UUID validation failure", 422);
|
||||
}
|
||||
|
||||
uuid.usTimeHigh = hex[14] * 4096 + hex[15] * 256 + hex[16] * 16 + hex[17];
|
||||
|
||||
//process bClockSeqHigh
|
||||
for(short i = 19; i < 21; i++)
|
||||
{
|
||||
if(hex[i] >= 48 && hex[i] <= 57)
|
||||
hex[i] -= 48;
|
||||
else if(hex[i] >= 65 && hex[i] <= 70)
|
||||
hex[i] -= 55;
|
||||
else if(hex[i] >= 97 && hex[i] <= 102)
|
||||
hex[i] -= 87;
|
||||
else
|
||||
throw libhis_exception("UUID validation failure", 423);
|
||||
}
|
||||
|
||||
uuid.bClockSeqHigh = hex[19] * 16 + hex[20];
|
||||
|
||||
//process bClockSeqLow
|
||||
for(short i = 21; i < 23; i++)
|
||||
{
|
||||
if(hex[i] >= 48 && hex[i] <= 57)
|
||||
hex[i] -= 48;
|
||||
else if(hex[i] >= 65 && hex[i] <= 70)
|
||||
hex[i] -= 55;
|
||||
else if(hex[i] >= 97 && hex[i] <= 102)
|
||||
hex[i] -= 87;
|
||||
else
|
||||
throw libhis_exception("UUID validation failure", 424);
|
||||
}
|
||||
|
||||
uuid.bClockSeqLow = hex[21] * 16 + hex[22];
|
||||
|
||||
//process final 6 byte array
|
||||
for(short i = 24; i < 36; i++)
|
||||
{
|
||||
if(hex[i] >= 48 && hex[i] <= 57)
|
||||
hex[i] -= 48;
|
||||
else if(hex[i] >= 65 && hex[i] <= 70)
|
||||
hex[i] -= 55;
|
||||
else if(hex[i] >= 97 && hex[i] <= 102)
|
||||
hex[i] -= 87;
|
||||
else
|
||||
throw libhis_exception("UUID validation failure", 425);
|
||||
}
|
||||
|
||||
uuid.rgbNode[0] = hex[24] * 16 + hex[25];
|
||||
uuid.rgbNode[1] = hex[26] * 16 + hex[27];
|
||||
uuid.rgbNode[2] = hex[28] * 16 + hex[29];
|
||||
uuid.rgbNode[3] = hex[30] * 16 + hex[31];
|
||||
uuid.rgbNode[4] = hex[32] * 16 + hex[33];
|
||||
uuid.rgbNode[5] = hex[34] * 16 + hex[35];
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* masktobitmask function that does it the screwed up TCG way
|
||||
*/
|
||||
void masktobitmask(unsigned char *mask, bool binarray[24])
|
||||
{
|
||||
int sequence[] = {1, 0, 3, 2, 5, 4};
|
||||
int i;
|
||||
|
||||
//convert hex values to binary values while validating
|
||||
for(short j = 0; j < 6; j++)
|
||||
{
|
||||
i = sequence[j];
|
||||
|
||||
switch(mask[i])
|
||||
{
|
||||
case 48: //0
|
||||
{
|
||||
break;
|
||||
}
|
||||
case 49: //1
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 50: //2
|
||||
{
|
||||
binarray[j * 4 + 1] = true;
|
||||
break;
|
||||
}
|
||||
case 51: //3
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
binarray[j * 4 + 1] = true;
|
||||
break;
|
||||
}
|
||||
case 52: //4
|
||||
{
|
||||
binarray[j * 4 + 2] = true;
|
||||
break;
|
||||
}
|
||||
case 53: //5
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
binarray[j * 4 + 2] = true;
|
||||
break;
|
||||
}
|
||||
case 54: //6
|
||||
{
|
||||
binarray[j * 4 + 1] = true;
|
||||
binarray[j * 4 + 2] = true;
|
||||
break;
|
||||
}
|
||||
case 55: //7
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
binarray[j * 4 + 1] = true;
|
||||
binarray[j * 4 + 2] = true;
|
||||
break;
|
||||
}
|
||||
case 56: //8
|
||||
{
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 57: //9
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 65: //a
|
||||
case 97: //A
|
||||
{
|
||||
binarray[j * 4 + 1] = true;
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 66: //b
|
||||
case 98: //B
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
binarray[j * 4 + 1] = true;
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 67: //c
|
||||
case 99: //C
|
||||
{
|
||||
binarray[j * 4 + 2] = true;
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 68: //d
|
||||
case 100: //D
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
binarray[j * 4 + 2] = true;
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 69: //e
|
||||
case 101: //E
|
||||
{
|
||||
binarray[j * 4 + 1] = true;
|
||||
binarray[j * 4 + 2] = true;
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 70: //f
|
||||
case 102: //F
|
||||
{
|
||||
binarray[j * 4 + 0] = true;
|
||||
binarray[j * 4 + 1] = true;
|
||||
binarray[j * 4 + 2] = true;
|
||||
binarray[j * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
throw libhis_exception("Mask validation failure", 430);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Original masktobitmask function.
|
||||
*/
|
||||
/*void masktobitmask(unsigned char *mask, bool binarray[24])
|
||||
{
|
||||
//convert hex values to binary values while validating
|
||||
for(short i = 0; i < 6; i++)
|
||||
{
|
||||
switch(mask[i])
|
||||
{
|
||||
case 48: //0
|
||||
{
|
||||
break;
|
||||
}
|
||||
case 49: //1
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
break;
|
||||
}
|
||||
case 50: //2
|
||||
{
|
||||
binarray[i * 4 + 2] = true;
|
||||
break;
|
||||
}
|
||||
case 51: //3
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
binarray[i * 4 + 2] = true;
|
||||
break;
|
||||
}
|
||||
case 52: //4
|
||||
{
|
||||
binarray[i * 4 + 1] = true;
|
||||
break;
|
||||
}
|
||||
case 53: //5
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
binarray[i * 4 + 1] = true;
|
||||
break;
|
||||
}
|
||||
case 54: //6
|
||||
{
|
||||
binarray[i * 4 + 2] = true;
|
||||
binarray[i * 4 + 1] = true;
|
||||
break;
|
||||
}
|
||||
case 55: //7
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
binarray[i * 4 + 2] = true;
|
||||
binarray[i * 4 + 1] = true;
|
||||
break;
|
||||
}
|
||||
case 56: //8
|
||||
{
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 57: //9
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 65: //a
|
||||
case 97: //A
|
||||
{
|
||||
binarray[i * 4 + 2] = true;
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 66: //b
|
||||
case 98: //B
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
binarray[i * 4 + 2] = true;
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 67: //c
|
||||
case 99: //C
|
||||
{
|
||||
binarray[i * 4 + 1] = true;
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 68: //d
|
||||
case 100: //D
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
binarray[i * 4 + 1] = true;
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 69: //e
|
||||
case 101: //E
|
||||
{
|
||||
binarray[i * 4 + 2] = true;
|
||||
binarray[i * 4 + 1] = true;
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
case 70: //f
|
||||
case 102: //F
|
||||
{
|
||||
binarray[i * 4 + 3] = true;
|
||||
binarray[i * 4 + 2] = true;
|
||||
binarray[i * 4 + 1] = true;
|
||||
binarray[i * 4 + 0] = true;
|
||||
break;
|
||||
}
|
||||
default:
|
||||
{
|
||||
throw libhis_exception("Mask validation failure", 1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return;
|
||||
}*/
|
||||
|
||||
#endif
|
@ -1,224 +0,0 @@
|
||||
#ifndef libhis_verifysignature_hpp
|
||||
#define libhis_verifysignature_hpp
|
||||
|
||||
#ifdef WINDOWS
|
||||
#include "tspi.h"
|
||||
#include "tss_error.h"
|
||||
#include "tss_defines.h"
|
||||
#endif
|
||||
#ifdef LINUX
|
||||
#include <tss/tspi.h>
|
||||
#include <tss/tss_error.h>
|
||||
#include <tss/tss_defines.h>
|
||||
#endif
|
||||
|
||||
#include "libhis_exception.hpp"
|
||||
#include "libhis_utils.hpp"
|
||||
|
||||
class libhis_verifysignature
|
||||
{
|
||||
public:
|
||||
libhis_verifysignature()
|
||||
{
|
||||
//set default values
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
init_key_type = TSS_KEY_TYPE_DEFAULT;
|
||||
init_key_authorized = TSS_KEY_AUTHORIZATION;
|
||||
init_key_migratable = TSS_KEY_NOT_MIGRATABLE;
|
||||
init_key_volatile = TSS_KEY_VOLATILE;
|
||||
init_key_scheme = 0;
|
||||
binitialized = false;
|
||||
|
||||
//create a context object
|
||||
result = Tspi_Context_Create(&hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result);
|
||||
|
||||
//create an SRK object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result);
|
||||
|
||||
//Create SRK policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result);
|
||||
|
||||
//Create key policy
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result);
|
||||
|
||||
//create hash object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_HASH, TSS_HASH_SHA1, &hhash);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create hash object", result);
|
||||
}
|
||||
|
||||
void initsign(unsigned int in_size, unsigned int in_scheme)
|
||||
{
|
||||
//set the type
|
||||
init_key_type = TSS_KEY_TYPE_SIGNING;
|
||||
|
||||
//set the key size
|
||||
if(in_size == 0)
|
||||
init_key_size = TSS_KEY_SIZE_DEFAULT;
|
||||
else if(in_size == 512)
|
||||
init_key_size = TSS_KEY_SIZE_512;
|
||||
else if(in_size == 1024)
|
||||
init_key_size = TSS_KEY_SIZE_1024;
|
||||
else if(in_size == 2048)
|
||||
init_key_size = TSS_KEY_SIZE_2048;
|
||||
else if(in_size == 4096)
|
||||
init_key_size = TSS_KEY_SIZE_4096;
|
||||
else if(in_size == 8192)
|
||||
init_key_size = TSS_KEY_SIZE_8192;
|
||||
else if(in_size == 16384)
|
||||
init_key_size = TSS_KEY_SIZE_16384;
|
||||
else throw libhis_exception("Invalid key size", 400);
|
||||
|
||||
//set the signature scheme
|
||||
if(in_scheme == 0)
|
||||
init_key_scheme = TSS_SS_RSASSAPKCS1V15_SHA1;
|
||||
else if(in_scheme == 1)
|
||||
init_key_scheme = TSS_SS_RSASSAPKCS1V15_DER;
|
||||
else
|
||||
init_key_scheme = TSS_SS_NONE;
|
||||
|
||||
//combine the init flags
|
||||
init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile;
|
||||
|
||||
//Create key object
|
||||
result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Create key", result);
|
||||
|
||||
//Set the signature scheme
|
||||
result = Tspi_SetAttribUint32(hkey_key, TSS_TSPATTRIB_KEY_INFO, TSS_TSPATTRIB_KEYINFO_SIGSCHEME, init_key_scheme);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set signature scheme", result);
|
||||
|
||||
binitialized = true;
|
||||
}
|
||||
|
||||
void verifysignature(
|
||||
unsigned char *auth_srk_value,
|
||||
unsigned long auth_srk_size,
|
||||
bool auth_srk_sha1,
|
||||
unsigned char *auth_key_value,
|
||||
unsigned long auth_key_size,
|
||||
bool auth_key_sha1,
|
||||
unsigned char *uuid_key_value,
|
||||
unsigned char *hash,
|
||||
unsigned char *signature_value,
|
||||
unsigned long signature_size)
|
||||
{
|
||||
//establish a session
|
||||
result = Tspi_Context_Connect(hcontext, 0);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result);
|
||||
|
||||
//get the TPM object
|
||||
result = Tspi_Context_GetTpmObject(hcontext, &htpm);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result);
|
||||
|
||||
//load the SRK
|
||||
TSS_UUID uuid_srk = TSS_UUID_SRK;
|
||||
result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result);
|
||||
|
||||
//set up SRK auth
|
||||
if(auth_srk_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the SRK auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result);
|
||||
|
||||
//Set up the key UUID
|
||||
hextouuid(uuid_key_value, uuid_key);
|
||||
|
||||
//Get the key by UUID
|
||||
result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result);
|
||||
|
||||
//set up key auth
|
||||
if(auth_key_sha1)
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret SHA1", result);
|
||||
}
|
||||
else
|
||||
{
|
||||
result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set key Secret Plain", result);
|
||||
}
|
||||
|
||||
//assign the key auth
|
||||
result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Assign key Secret", result);
|
||||
|
||||
//Unwrap the key
|
||||
result = Tspi_Key_LoadKey(hkey_key, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Unwrap key", result);
|
||||
|
||||
//set hash value
|
||||
result = Tspi_Hash_UpdateHashValue(hhash, 20, hash);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Set hash value", result);
|
||||
|
||||
//verify signature data
|
||||
result = Tspi_Hash_VerifySignature(hhash, hkey_key, signature_size, signature_value);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Verify signature", result);
|
||||
}
|
||||
|
||||
~libhis_verifysignature()
|
||||
{
|
||||
//clean up hash object
|
||||
result = Tspi_Context_CloseObject(hcontext, hhash);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close hash object", result);
|
||||
|
||||
//clean up key policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result);
|
||||
|
||||
if(binitialized)
|
||||
{
|
||||
//clean up key
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_key);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close key", result);
|
||||
}
|
||||
|
||||
//clean up SRK policy
|
||||
result = Tspi_Context_CloseObject(hcontext, hpolicy_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result);
|
||||
|
||||
//clean up SRK object
|
||||
result = Tspi_Context_CloseObject(hcontext, hkey_srk);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result);
|
||||
|
||||
//close context
|
||||
result = Tspi_Context_Close(hcontext);
|
||||
if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result);
|
||||
}
|
||||
|
||||
private:
|
||||
TSS_RESULT result;
|
||||
TSS_HCONTEXT hcontext;
|
||||
TSS_HTPM htpm;
|
||||
TSS_HKEY hkey_srk,
|
||||
hkey_key;
|
||||
TSS_HPOLICY hpolicy_srk,
|
||||
hpolicy_key;
|
||||
TSS_UUID uuid_key;
|
||||
TSS_HHASH hhash;
|
||||
UINT32 init_key,
|
||||
init_key_size,
|
||||
init_key_type,
|
||||
init_key_authorized,
|
||||
init_key_migratable,
|
||||
init_key_volatile,
|
||||
init_key_scheme;
|
||||
bool binitialized;
|
||||
};
|
||||
|
||||
#endif
|
@ -1,31 +0,0 @@
|
||||
/**
|
||||
* When compiling in Linux define LINUX. When compiling in Windows define
|
||||
* WINDOWS. This software is designed to be compiled on either platform without
|
||||
* modification. Simply set the preprocessor definitions and the code will take
|
||||
* care of the rest.
|
||||
*/
|
||||
|
||||
/**
|
||||
* This software was originally implemented as a static library. However,
|
||||
* requirements changed and it resumed existing as a command line-driven
|
||||
* executable. The libhis header files are designed such that you could easily
|
||||
* break them out into their own library. They do not require inclusion of TCG
|
||||
* headers or the use of TCG data structures. All input is handled with standard
|
||||
* C++ types.
|
||||
*/
|
||||
|
||||
#include "libhis_cli.hpp"
|
||||
|
||||
#ifdef LINUX
|
||||
int main(int argc, char **argv)
|
||||
#endif
|
||||
#ifdef WINDOWS
|
||||
unsigned long main(int argc, char **argv)
|
||||
#endif
|
||||
{
|
||||
//provide all arguments to our controller class
|
||||
libhis_cli test(argc, argv);
|
||||
|
||||
//return the integer result from our controller class's execution function
|
||||
return test.cli();
|
||||
}
|
@ -1,58 +0,0 @@
|
||||
################################################################################
|
||||
# Automatically-generated file. Do not edit!
|
||||
################################################################################
|
||||
|
||||
-include makefile.init
|
||||
|
||||
RM := rm -rf
|
||||
|
||||
# All of the sources participating in the build are defined here
|
||||
-include sources.mk
|
||||
-include subdir.mk
|
||||
-include objects.mk
|
||||
|
||||
ifneq ($(MAKECMDGOALS),clean)
|
||||
ifneq ($(strip $(C++_DEPS)),)
|
||||
-include $(C++_DEPS)
|
||||
endif
|
||||
ifneq ($(strip $(C_DEPS)),)
|
||||
-include $(C_DEPS)
|
||||
endif
|
||||
ifneq ($(strip $(CC_DEPS)),)
|
||||
-include $(CC_DEPS)
|
||||
endif
|
||||
ifneq ($(strip $(CPP_DEPS)),)
|
||||
-include $(CPP_DEPS)
|
||||
endif
|
||||
ifneq ($(strip $(CXX_DEPS)),)
|
||||
-include $(CXX_DEPS)
|
||||
endif
|
||||
ifneq ($(strip $(C_UPPER_DEPS)),)
|
||||
-include $(C_UPPER_DEPS)
|
||||
endif
|
||||
endif
|
||||
|
||||
-include makefile.defs
|
||||
|
||||
# Add inputs and outputs from these tool invocations to the build variables
|
||||
|
||||
# All Target
|
||||
all: tpm_module
|
||||
|
||||
# Tool invocations
|
||||
tpm_module: $(OBJS) $(USER_OBJS)
|
||||
@echo 'Building target: $@'
|
||||
@echo 'Invoking: GCC C++ Linker'
|
||||
g++ -o "tpm_module" $(OBJS) $(USER_OBJS) $(LIBS)
|
||||
@echo 'Finished building target: $@'
|
||||
@echo ' '
|
||||
|
||||
# Other Targets
|
||||
clean:
|
||||
-$(RM) $(OBJS)$(C++_DEPS)$(C_DEPS)$(CC_DEPS)$(CPP_DEPS)$(EXECUTABLES)$(CXX_DEPS)$(C_UPPER_DEPS) tpm_module
|
||||
-@echo ' '
|
||||
|
||||
.PHONY: all clean dependents
|
||||
.SECONDARY:
|
||||
|
||||
-include makefile.targets
|
@ -1,111 +0,0 @@
|
||||
.TH TPM_MODULE 1 "January 11, 2018"
|
||||
|
||||
.sp 1
|
||||
.SH NAME
|
||||
tpm_module \- interact with the TPM
|
||||
.SH SYNOPSIS
|
||||
.B tpm_module
|
||||
[\-m <mode>] [\-options]
|
||||
.SH DESCRIPTION
|
||||
Provide various modes for interacting with the TPM.
|
||||
.SH MODES
|
||||
1 Take Ownership of TPM
|
||||
.br
|
||||
2 Change Owner Authorization Data
|
||||
.br
|
||||
3 Clear Ownership (Disables TPM)
|
||||
.br
|
||||
4 Create EK
|
||||
.br
|
||||
5 Change SRK Authorization Data
|
||||
.br
|
||||
6 Collate Identity Request (Create Identity Key)
|
||||
.br
|
||||
7 Activate Identity (Create Identity Key Certificate)
|
||||
.br
|
||||
8 Quote
|
||||
.br
|
||||
9 Quote 2
|
||||
.br
|
||||
10 Seal Data (Encrypt Data to Current Platform State)
|
||||
.br
|
||||
11 Seal 2 (Seal Against Future PCRs)
|
||||
.br
|
||||
12 Unseal Data
|
||||
.br
|
||||
13 Generate Random Bytes
|
||||
.br
|
||||
14 Create Signing, Binding, or Storage Key
|
||||
.br
|
||||
15 Change Key Authorization Data
|
||||
.br
|
||||
16 Get Keyblob
|
||||
.br
|
||||
17 Get Key Modulus
|
||||
.br
|
||||
18 Clear Key
|
||||
.br
|
||||
19 Get PCR
|
||||
.br
|
||||
20 Extend PCR (Update PCR Value)
|
||||
.br
|
||||
21 Clear PCR
|
||||
.br
|
||||
22 Set NVRAM Data
|
||||
.br
|
||||
23 Get NVRAM Data
|
||||
.br
|
||||
24 Clear NVRAM Data
|
||||
.br
|
||||
25 Sign Data
|
||||
.br
|
||||
26 Verify Signed Data
|
||||
.br
|
||||
27 Bind
|
||||
.br
|
||||
28 Unbind
|
||||
.br
|
||||
29 Get Public Key
|
||||
.SH OPTIONS
|
||||
.B \-h, \-\-help
|
||||
.IP
|
||||
display help, use with -m to see help/options for individual modes
|
||||
.P
|
||||
.B \-v, \-\-version
|
||||
.IP
|
||||
display software version info
|
||||
.P
|
||||
.B \-d, \-\-debug
|
||||
.IP
|
||||
enable console debugging
|
||||
.P
|
||||
.B \-f, \-\-file
|
||||
.IP
|
||||
write debugging info to file
|
||||
.P
|
||||
.B \-z, \-\-zeros
|
||||
.IP
|
||||
fill in authdata with zeroes
|
||||
.P
|
||||
.B \-r, \-\-readable
|
||||
.IP
|
||||
make output human-readable with delimiters
|
||||
.P
|
||||
.B \-nr, \-\-nonce_random
|
||||
.IP
|
||||
populate nonce with TPM's random byte generator
|
||||
.SH EXAMPLES
|
||||
Take ownership of TPM using a specific nonce and zeroes for auth data:
|
||||
.IP
|
||||
tpm_module \-m 1 \-n 0123456789012345678901234567890123456789 \-z
|
||||
.P
|
||||
Get help with collate identity request mode:
|
||||
.IP
|
||||
tpm_module \-m 6 \-h
|
||||
.P
|
||||
Generate a quote2 using the first 16 PCRs, random nonce, identity key with
|
||||
simple UUID, and omitted SRK auth as zeroes:
|
||||
.IP
|
||||
tpm_module \-m 9 \-p ffff00 \-nr \-u 00000000\-0000\-0000\-0000\-040000000001 \-authp_ik password \-z
|
||||
.SH SEE ALSO
|
||||
hirs-provisioner(1)
|
@ -1,8 +0,0 @@
|
||||
################################################################################
|
||||
# Automatically-generated file. Do not edit!
|
||||
################################################################################
|
||||
|
||||
USER_OBJS :=
|
||||
|
||||
LIBS := -ltspi
|
||||
|
@ -1,27 +0,0 @@
|
||||
################################################################################
|
||||
# Automatically-generated file. Do not edit!
|
||||
################################################################################
|
||||
|
||||
O_SRCS :=
|
||||
CPP_SRCS :=
|
||||
C_UPPER_SRCS :=
|
||||
C_SRCS :=
|
||||
S_UPPER_SRCS :=
|
||||
OBJ_SRCS :=
|
||||
ASM_SRCS :=
|
||||
CXX_SRCS :=
|
||||
C++_SRCS :=
|
||||
CC_SRCS :=
|
||||
OBJS :=
|
||||
C++_DEPS :=
|
||||
C_DEPS :=
|
||||
CC_DEPS :=
|
||||
CPP_DEPS :=
|
||||
EXECUTABLES :=
|
||||
CXX_DEPS :=
|
||||
C_UPPER_DEPS :=
|
||||
|
||||
# Every subdirectory with source files must be described here
|
||||
SUBDIRS := \
|
||||
. \
|
||||
|
@ -1,24 +0,0 @@
|
||||
################################################################################
|
||||
# Automatically-generated file. Do not edit!
|
||||
################################################################################
|
||||
|
||||
# Add inputs and outputs from these tool invocations to the build variables
|
||||
CPP_SRCS += \
|
||||
main.cpp
|
||||
|
||||
OBJS += \
|
||||
main.o
|
||||
|
||||
CPP_DEPS += \
|
||||
main.d
|
||||
|
||||
|
||||
# Each subdirectory must supply rules for building sources it contributes
|
||||
%.o: %.cpp
|
||||
@echo 'Building file: $<'
|
||||
@echo 'Invoking: GCC C++ Compiler'
|
||||
g++ -DLINUX -I"./tpm_module" -O3 -Wall -c -fmessage-length=0 -MMD -MP -MF"$(@:%.o=%.d)" -MT"$(@:%.o=%.d)" -o "$@" "$<"
|
||||
@echo 'Finished building: $<'
|
||||
@echo ' '
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user