#ifndef libhis_changekeyauth_hpp #define libhis_changekeyauth_hpp #ifdef WINDOWS #include "tspi.h" #include "tss_error.h" #include "tss_defines.h" #endif #ifdef LINUX #include #include #include #endif #include "libhis_exception.hpp" class libhis_changekeyauth { public: libhis_changekeyauth() { //set default values init_key_size = TSS_KEY_SIZE_DEFAULT; init_key_type = TSS_KEY_TYPE_DEFAULT; init_key_authorized = TSS_KEY_AUTHORIZATION; init_key_migratable = TSS_KEY_NOT_MIGRATABLE; init_key_volatile = TSS_KEY_VOLATILE; binitialized = false; //create a context object result = Tspi_Context_Create(&hcontext); if(result != TSS_SUCCESS) throw libhis_exception("Create Conntext", result); //create an SRK object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TSP_SRK, &hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Create SRK", result); //Create SRK policy result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_srk); if(result != TSS_SUCCESS) throw libhis_exception("Create SRK Policy", result); //Create key policy result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key Policy", result); //Create new policy result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Create New Policy", result); } void initidentity() { //set the type init_key_type = TSS_KEY_TYPE_IDENTITY; //set the key size init_key_size = TSS_KEY_SIZE_DEFAULT; //combine the init flags init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; //Create key object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); binitialized = true; } void initsign(unsigned int in_size) { //set the type init_key_type = TSS_KEY_TYPE_SIGNING; //set the key size if(in_size == 0) init_key_size = TSS_KEY_SIZE_DEFAULT; else if(in_size == 512) init_key_size = TSS_KEY_SIZE_512; else if(in_size == 1024) init_key_size = TSS_KEY_SIZE_1024; else if(in_size == 2048) init_key_size = TSS_KEY_SIZE_2048; else if(in_size == 4096) init_key_size = TSS_KEY_SIZE_4096; else if(in_size == 8192) init_key_size = TSS_KEY_SIZE_8192; else if(in_size == 16384) init_key_size = TSS_KEY_SIZE_16384; else throw libhis_exception("Invalid key size", 400); //combine the init flags init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; //Create key object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); binitialized = true; } void initbind(unsigned int in_size) { //set the type init_key_type = TSS_KEY_TYPE_BIND; //set the key size if(in_size == 0) init_key_size = TSS_KEY_SIZE_DEFAULT; else if(in_size == 512) init_key_size = TSS_KEY_SIZE_512; else if(in_size == 1024) init_key_size = TSS_KEY_SIZE_1024; else if(in_size == 2048) init_key_size = TSS_KEY_SIZE_2048; else if(in_size == 4096) init_key_size = TSS_KEY_SIZE_4096; else if(in_size == 8192) init_key_size = TSS_KEY_SIZE_8192; else if(in_size == 16384) init_key_size = TSS_KEY_SIZE_16384; else throw libhis_exception("Invalid key size", 400); //combine the init flags init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; //Create key object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); binitialized = true; } void initstorage(unsigned int in_size) { //set the type init_key_type = TSS_KEY_TYPE_STORAGE; //set the key size if(in_size == 0) init_key_size = TSS_KEY_SIZE_DEFAULT; else if(in_size == 512) init_key_size = TSS_KEY_SIZE_512; else if(in_size == 1024) init_key_size = TSS_KEY_SIZE_1024; else if(in_size == 2048) init_key_size = TSS_KEY_SIZE_2048; else if(in_size == 4096) init_key_size = TSS_KEY_SIZE_4096; else if(in_size == 8192) init_key_size = TSS_KEY_SIZE_8192; else if(in_size == 16384) init_key_size = TSS_KEY_SIZE_16384; else throw libhis_exception("Invalid key size", 400); //combine the init flags init_key = init_key_size | init_key_type | init_key_authorized | init_key_migratable | init_key_volatile; //Create key object result = Tspi_Context_CreateObject(hcontext, TSS_OBJECT_TYPE_RSAKEY, init_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Create key", result); binitialized = true; } void changekeyauth( unsigned char *auth_srk_value, unsigned long auth_srk_size, bool auth_srk_sha1, unsigned char *auth_key_value, unsigned long auth_key_size, bool auth_key_sha1, unsigned char *uuid_key_value, unsigned char *auth_new_value, unsigned long auth_new_size, bool auth_new_sha1) { //establish a session result = Tspi_Context_Connect(hcontext, 0); if(result != TSS_SUCCESS) throw libhis_exception("Connect Context", result); //get the TPM object result = Tspi_Context_GetTpmObject(hcontext, &htpm); if(result != TSS_SUCCESS) throw libhis_exception("Get TPM Object", result); //load the SRK TSS_UUID uuid_srk = TSS_UUID_SRK; result = Tspi_Context_LoadKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_srk, &hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Load SRK", result); //set up SRK auth if(auth_srk_sha1) { result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_SHA1, auth_srk_size, auth_srk_value); if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_srk, TSS_SECRET_MODE_PLAIN, auth_srk_size, auth_srk_value); if(result != TSS_SUCCESS) throw libhis_exception("Set SRK Secret Plain", result); } //assign the SRK auth result = Tspi_Policy_AssignToObject(hpolicy_srk, hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Assign SRK Secret", result); //Set up the key UUID hextouuid(uuid_key_value, uuid_key); //Get the key by UUID result = Tspi_Context_GetKeyByUUID(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Get key by UUID", result); //set up Key auth if(auth_key_sha1) { result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_SHA1, auth_key_size, auth_key_value); if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_key, TSS_SECRET_MODE_PLAIN, auth_key_size, auth_key_value); if(result != TSS_SUCCESS) throw libhis_exception("Set Key Secret Plain", result); } //assign the Key auth result = Tspi_Policy_AssignToObject(hpolicy_key, hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Assign Key Secret", result); //set up new auth if(auth_new_sha1) { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_SHA1, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret SHA1", result); } else { result = Tspi_Policy_SetSecret(hpolicy_new, TSS_SECRET_MODE_PLAIN, auth_new_size, auth_new_value); if(result != TSS_SUCCESS) throw libhis_exception("Set New Secret Plain", result); } //change the Key secret result = Tspi_ChangeAuth(hkey_key, hkey_srk, hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Change Key Secret", result); try { //save key result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk); if(result != TSS_SUCCESS) throw libhis_exception("Save key By UUID", result); } catch(libhis_exception &e) { //Unregister the existing key result = Tspi_Context_UnregisterKey(hcontext, TSS_PS_TYPE_SYSTEM, uuid_key, &hkey_unregister); if(result != TSS_SUCCESS) throw libhis_exception("Unregister slot", result); //Register a new key result = Tspi_Context_RegisterKey(hcontext, hkey_key, TSS_PS_TYPE_SYSTEM, uuid_key, TSS_PS_TYPE_SYSTEM, uuid_srk); if(result != TSS_SUCCESS) throw libhis_exception("Resave key By UUID", result); } return; } ~libhis_changekeyauth() { //clean up new policy result = Tspi_Context_CloseObject(hcontext, hpolicy_new); if(result != TSS_SUCCESS) throw libhis_exception("Close New Policy", result); //clean up key policy result = Tspi_Context_CloseObject(hcontext, hpolicy_key); if(result != TSS_SUCCESS) throw libhis_exception("Close key Policy", result); if(binitialized) { //clean up key result = Tspi_Context_CloseObject(hcontext, hkey_key); if(result != TSS_SUCCESS) throw libhis_exception("Close key", result); } //clean up SRK policy result = Tspi_Context_CloseObject(hcontext, hpolicy_srk); if(result != TSS_SUCCESS) throw libhis_exception("Close SRK Policy", result); //clean up SRK object result = Tspi_Context_CloseObject(hcontext, hkey_srk); if(result != TSS_SUCCESS) throw libhis_exception("Close SRK", result); //close context result = Tspi_Context_Close(hcontext); if(result != TSS_SUCCESS) throw libhis_exception("Close Context", result); } private: TSS_RESULT result; TSS_HCONTEXT hcontext; TSS_HTPM htpm; TSS_HKEY hkey_srk, hkey_key, hkey_unregister; TSS_HPOLICY hpolicy_srk, hpolicy_key, hpolicy_new; TSS_UUID uuid_key; UINT32 init_key, init_key_size, init_key_type, init_key_authorized, init_key_migratable, init_key_volatile, init_key_scheme; bool binitialized; }; #endif