diff -Naur tpm-tools-1.2.5.1/INSTALL tpm-tools-1.2.5.1-mtm/INSTALL --- tpm-tools-1.2.5.1/INSTALL 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/INSTALL 2007-11-13 14:01:03.000000000 +0000 @@ -0,0 +1,11 @@ +Installation instructions for MTM-modified tpm-tools + +(C) Copyright Nokia Corporation 2007 - All Rights Reserved +This file is made available under the terms of the IBM Common Public License v1.0 + +Compilation and installation: + + $ ./configure + $ make + $ make install + diff -Naur tpm-tools-1.2.5.1/Makefile.am tpm-tools-1.2.5.1-mtm/Makefile.am --- tpm-tools-1.2.5.1/Makefile.am 2005-07-29 20:06:26.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/Makefile.am 2007-12-11 16:26:46.000000000 +0000 @@ -30,4 +30,6 @@ ACLOCAL_AMFLAGS = -I m4 -EXTRA_DIST = config.rpath mkinstalldirs +EXTRA_DIST = config.rpath mkinstalldirs bootstrap.sh LICENSE + + diff -Naur tpm-tools-1.2.5.1/configure.in tpm-tools-1.2.5.1-mtm/configure.in --- tpm-tools-1.2.5.1/configure.in 2007-02-02 19:45:57.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/configure.in 2007-09-19 11:11:46.000000000 +0000 @@ -39,9 +39,43 @@ AC_CHECK_PROGS(MKDIR, mkdir) AC_CHECK_PROGS(RM, rm) +AM_ICONV AM_GNU_GETTEXT([external]) -AC_CHECK_LIB(tspi, Tspi_Context_Create, [TSS_LIB="1"], [AC_MSG_ERROR([tss lib not found: libtspi.so])]) +# Non-standard OpenSSL +AC_MSG_CHECKING([Non-standard OpenSSL]) +AC_ARG_WITH(openssl, + AC_HELP_STRING([--with-openssl=PATH], [Location of openssl libs/includes]), + [OPENSSL_INCLUDE_DIR="$withval/include" + OPENSSL_LIB_DIR="$withval/lib" + if [[ ! -d $OPENSSL_INCLUDE_DIR -o ! -d $OPENSSL_LIB_DIR ]]; then + AC_MSG_ERROR([$OPENSSL_INCLUDE_DIR or $OPENSSL_LIB_DIR doen't exist!]) + else + AC_MSG_RESULT([yes]) + CFLAGS="$CFLAGS -L$OPENSSL_LIB_DIR -I$OPENSSL_INCLUDE_DIR" + AC_SUBST([OPENSSL_LIB_DIR]) + fi], + [AC_MSG_RESULT([no]) + AC_SUBST([OPENSSL_LIB_DIR], []) ] ) + +# Non-standard TSS +AC_MSG_CHECKING([Non-standard TSS]) +AC_ARG_WITH(tss, + AC_HELP_STRING([--with-tss=PATH], [Location of TSS libs/includes]), + [TSS_INCLUDE_DIR="$withval/include" + TSS_LIB_DIR="$withval/lib" + if [[ ! -d $TSS_INCLUDE_DIR -o ! -d $TSS_LIB_DIR ]]; then + AC_MSG_ERROR([$TSS_INCLUDE_DIR or $TSS_LIB_DIR doen't exist!]) + else + AC_MSG_RESULT([yes]) + CFLAGS="$CFLAGS -L$TSS_LIB_DIR -I$TSS_INCLUDE_DIR" + AC_SUBST([TSS_LIB_DIR]) + fi], + [AC_MSG_RESULT([no]) + AC_SUBST([TSS_LIB_DIR], []) ] ) + + +# AC_CHECK_LIB(tspi, Tspi_Context_Create, [TSS_LIB="1"], [AC_MSG_ERROR([tss lib not found: libtspi.so])]) AC_CHECK_HEADER(trousers/tss.h, [TSS_INC="1"], [AC_MSG_ERROR([tss header not found: trousers/tss.h])]) AC_CHECK_LIB(crypto, PEM_read_X509, [OPENSSL_LIB="1"], [AC_MSG_ERROR([openssl lib not found: libcrypto.so])]) @@ -89,7 +123,7 @@ AC_MSG_RESULT([no])]) if test "$DEBUG" == "yes"; then - CFLAGS="$CFLAGS -DDEBUG -g -O0 -Wall -Werror" + CFLAGS="$CFLAGS -DDEBUG -g -O0 -Wall" fi AC_CONFIG_FILES(./Makefile \ diff -Naur tpm-tools-1.2.5.1/include/Makefile.am tpm-tools-1.2.5.1-mtm/include/Makefile.am --- tpm-tools-1.2.5.1/include/Makefile.am 2005-08-12 15:47:23.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/include/Makefile.am 2007-09-12 13:06:57.000000000 +0000 @@ -24,3 +24,9 @@ unsealinclude_HEADERS = tpm_unseal.h +EXTRA_DIST = \ + tpm_pkcs11.h \ + tpm_seal.h \ + tpm_tspi.h \ + tpm_utils.h + diff -Naur tpm-tools-1.2.5.1/include/tpm_tspi.h tpm-tools-1.2.5.1-mtm/include/tpm_tspi.h --- tpm-tools-1.2.5.1/include/tpm_tspi.h 2007-02-02 19:46:20.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/include/tpm_tspi.h 2007-09-06 11:54:21.000000000 +0000 @@ -79,6 +79,21 @@ //Common TSPI functions TSS_RESULT tpmGetPubEk(TSS_HTPM a_hTpm, TSS_BOOL a_fOwner, TSS_VALIDATION * a_pValData, TSS_HKEY * a_phEPubKey); +TSS_RESULT tpmPCRRead(TSS_HTPM a_hTpm, UINT32 a_PCRIndex, UINT32* a_PCRLength, BYTE** a_PCRValue); +TSS_RESULT tpmExtend(TSS_HTPM a_hTpm, UINT32 a_PCRIndex, UINT32 a_InputValueLength, BYTE* a_InputValue, + UINT32* a_ReturnValueLength, BYTE** a_ReturnValue); +TSS_RESULT tpmInstallRIM(TSS_HTPM a_hTpm, UINT32 a_ulRimCertSize, BYTE * a_rimCertData, + UINT32 * a_outCertSize, BYTE ** a_outCertData); +TSS_RESULT tpmLoadVerificationKey(TSS_HTPM a_hTpm, UINT32 a_parentKey, UINT32 a_verificationKeySize, + BYTE * a_verificationKeyData, UINT32 * a_verificationKeyHandle, + BYTE * a_loadMethod); +TSS_RESULT tpmVerifyRIMCert(TSS_HTPM a_hTpm, UINT32 a_rimCertSize, BYTE * a_rimCertData, UINT32 a_rimkey); +TSS_RESULT tpmVerifyRIMCertAndExtend(TSS_HTPM a_hTpm, UINT32 a_rimCertSize, BYTE * a_rimCertData, + UINT32 a_rimkey, TCPA_PCRVALUE * outDigest); +TSS_RESULT tpmIncrementBootstrapCounter(TSS_HTPM a_hTpm, UINT32 a_rimCertSize, BYTE * a_rimCertData, + UINT32 a_rimkey); +TSS_RESULT tpmLoadVerificationRootKeyDisable(TSS_HTPM a_hTpm); +TSS_RESULT tpmSetVerifiedPCRSelection(TSS_HTPM a_hTpm, TCPA_PCR_SELECTION * a_selection); TSS_RESULT tpmGetRandom(TSS_HTPM a_hTpm, UINT32 a_length, BYTE ** a_data); TSS_RESULT tpmSetStatus(TSS_HTPM a_hTpm, TSS_FLAG a_fStatus, TSS_BOOL a_bValue); diff -Naur tpm-tools-1.2.5.1/lib/tpm_tspi.c tpm-tools-1.2.5.1-mtm/lib/tpm_tspi.c --- tpm-tools-1.2.5.1/lib/tpm_tspi.c 2007-02-02 19:46:54.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/lib/tpm_tspi.c 2007-09-10 12:58:00.000000000 +0000 @@ -423,6 +423,141 @@ } TSS_RESULT +tpmPCRRead(TSS_HTPM a_hTpm, + UINT32 a_PCRIndex, + UINT32* a_PCRLength, + BYTE** a_PCRValue) +{ + TSS_RESULT result = Tspi_TPM_PcrRead(a_hTpm, a_PCRIndex, a_PCRLength, a_PCRValue); + tspiResult("Tspi_TPM_PcrRead", result); + + return result; +} + +TSS_RESULT +tpmExtend(TSS_HTPM a_hTpm, + UINT32 a_PCRIndex, + UINT32 a_InputValueLength, + BYTE* a_InputValue, + UINT32* a_ReturnValueLength, + BYTE** a_ReturnValue) +{ + TSS_RESULT result = Tspi_TPM_PcrExtend(a_hTpm, a_PCRIndex, a_InputValueLength, + a_InputValue, NULL, a_ReturnValueLength, + a_ReturnValue); + tspiResult("Tspi_TPM_PcrRead", result); + + return result; +} + +TSS_RESULT +tpmInstallRIM(TSS_HTPM a_hTpm, + UINT32 a_ulRimCertSize, + BYTE * a_rimCertData, + UINT32 * a_outCertSize, + BYTE ** a_outCertData) +{ + TSS_RESULT result = Tspi_MTM_InstallRIM(a_hTpm, + a_ulRimCertSize, + a_rimCertData, + a_outCertSize, + a_outCertData); + tspiResult("Tspi_MTM_InstallRIM", result); + + return result; +} + +TSS_RESULT +tpmLoadVerificationKey(TSS_HTPM a_hTpm, + UINT32 a_parentKey, + UINT32 a_verificationKeySize, + BYTE * a_verificationKeyData, + UINT32 * a_verificationKeyHandle, + BYTE * a_loadMethod) +{ + TSS_RESULT result = Tspi_MTM_LoadVerificationKey(a_hTpm, + a_parentKey, + a_verificationKeySize, + a_verificationKeyData, + a_verificationKeyHandle, + a_loadMethod); + tspiResult("Tspi_MTM_LoadVerificationKey", result); + + return result; +} + +TSS_RESULT +tpmVerifyRIMCert(TSS_HTPM a_hTpm, + UINT32 a_rimCertSize, + BYTE * a_rimCertData, + UINT32 a_rimkey) +{ + + TSS_RESULT result = Tspi_MTM_VerifyRIMCert(a_hTpm, + a_rimCertSize, + a_rimCertData, + a_rimkey); + tspiResult("Tspi_MTM_VerifyRIMCert", result); + + return result; +} + +TSS_RESULT +tpmVerifyRIMCertAndExtend(TSS_HTPM a_hTpm, + UINT32 a_rimCertSize, + BYTE * a_rimCertData, + UINT32 a_rimkey, + TCPA_PCRVALUE * a_outDigest) +{ + + TSS_RESULT result = Tspi_MTM_VerifyRIMCertAndExtend(a_hTpm, + a_rimCertSize, + a_rimCertData, + a_rimkey, + a_outDigest); + tspiResult("Tspi_MTM_VerifyRIMCertAndExtend", result); + + return result; +} + +TSS_RESULT +tpmIncrementBootstrapCounter(TSS_HTPM a_hTpm, + UINT32 a_rimCertSize, + BYTE * a_rimCertData, + UINT32 a_rimkey) +{ + + TSS_RESULT result = Tspi_MTM_IncrementBootstrapCounter(a_hTpm, + a_rimCertSize, + a_rimCertData, + a_rimkey); + tspiResult("Tspi_MTM_IncrementBootstrapCounter", result); + + return result; +} + +TSS_RESULT +tpmSetVerifiedPCRSelection(TSS_HTPM a_hTpm, TCPA_PCR_SELECTION * a_selection) +{ + + TSS_RESULT result = Tspi_MTM_SetVerifiedPCRSelection(a_hTpm, + a_selection); + tspiResult("Tspi_MTM_SetVerifiedPCRSelection", result); + + return result; +} + +TSS_RESULT +tpmLoadVerificationRootKeyDisable(TSS_HTPM a_hTpm) +{ + + TSS_RESULT result = Tspi_MTM_LoadVerificationRootKeyDisable(a_hTpm); + tspiResult("Tspi_MTM_LoadVerificationRootKeyDisable", result); + + return result; +} + +TSS_RESULT tpmSetStatus(TSS_HTPM a_hTpm, TSS_FLAG a_fStatus, TSS_BOOL a_bValue) { diff -Naur tpm-tools-1.2.5.1/src/cmds/Makefile.am tpm-tools-1.2.5.1-mtm/src/cmds/Makefile.am --- tpm-tools-1.2.5.1/src/cmds/Makefile.am 2006-06-07 20:43:56.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/cmds/Makefile.am 2007-09-19 10:40:59.000000000 +0000 @@ -21,10 +21,12 @@ # http://www.opensource.org/licenses/cpl1.0.php. # -bin_PROGRAMS = tpm_sealdata +bin_PROGRAMS = tpm_sealdata \ + tpm_unsealdata AM_CPPFLAGS = -I$(top_builddir)/include -D_LINUX -LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi +LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(LIBINTL) $(LIBICONV) tpm_sealdata_SOURCES = tpm_sealdata.c +tpm_unsealdata_SOURCES = tpm_unsealdata.c diff -Naur tpm-tools-1.2.5.1/src/cmds/tpm_unsealdata.c tpm-tools-1.2.5.1-mtm/src/cmds/tpm_unsealdata.c --- tpm-tools-1.2.5.1/src/cmds/tpm_unsealdata.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/cmds/tpm_unsealdata.c 2007-11-13 14:12:41.000000000 +0000 @@ -0,0 +1,517 @@ +/* + * + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + * + * The Initial Developer of the Original Code is International + * Business Machines Corporation. Portions created by IBM + * Corporation are Copyright (C) 2005, 2006 International Business + * Machines Corporation. All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the Common Public License as published by + * IBM Corporation; either version 1 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * Common Public License for more details. + * + * You should have received a copy of the Common Public License + * along with this program; if not, a copy can be viewed at + * http://www.opensource.org/licenses/cpl1.0.php. + */ + +#include "tpm_tspi.h" +#include "tpm_seal.h" +#include "tpm_unseal.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include + +enum tspi_errors { + ETSPICTXCREAT = 0, + ETSPICTXCNCT, + ETSPICTXCO, + ETSPICTXLKBU, + ETSPICTXLKBB, + ETSPISETAD, + ETSPIGETPO, + ETSPIPOLSS, + ETSPIDATU, + ETSPIPOLATO +}; + +#define TSPI_FUNCTION_NAME_MAX 30 +char tspi_error_strings[][TSPI_FUNCTION_NAME_MAX]= { + "Tspi_Context_Create", + "Tspi_Context_Connect", + "Tspi_Context_CreateObject", + "Tspi_Context_LoadKeyByUUID", + "Tspi_Context_LoadKeyByBlob", + "Tspi_SetAttribData", + "Tspi_GetPolicyObject", + "Tspi_Policy_SetSecret", + "Tspi_Data_Unseal", + "Tspi_Policy_AssignToObject" +}; + +#define TSSKEY_DEFAULT_SIZE 768 +#define EVPKEY_DEFAULT_SIZE 512 + +int tpm_errno; +TSS_UUID SRK_UUID = TSS_UUID_SRK; + +int tpmUnsealFile( char* fname, unsigned char** tss_data, int* tss_size ) { + + int rc, rcLen=0, tssLen=0, evpLen=0; + BYTE* rcPtr; + char data[EVP_CIPHER_block_size(EVP_aes_256_cbc()) * 16]; + BYTE *tssKeyData = NULL; + int tssKeyDataSize = 0; + BYTE *evpKeyData = NULL; + int evpKeyDataSize = 0; + struct stat stats; + TSS_HCONTEXT hContext; + TSS_HENCDATA hEncdata; + TSS_HKEY hSrk, hKey; + TSS_HPOLICY hPolicy; + UINT32 symKeyLen; + BYTE *symKey; + + unsigned char* res_data = NULL; + int res_size = 0; + + BIO *bdata = NULL, *b64 = NULL, *bmem = NULL; + int bioRc; + + if ( tss_data == NULL || tss_size == NULL ) { + rc = TPMSEAL_STD_ERROR; + tpm_errno = EINVAL; + goto out; + } + + *tss_data = NULL; + *tss_size = 0; + + /* Test for file existence */ + if ((rc = stat(fname, &stats))) { + tpm_errno = errno; + goto out; + } + + /* Create an input file BIO */ + if((bdata = BIO_new_file(fname, "r")) == NULL ) { + tpm_errno = errno; + rc = TPMSEAL_STD_ERROR; + goto out; + } + + /* Test file header for TSS */ + BIO_gets(bdata, data, sizeof(data)); + if (strncmp(data, TPMSEAL_HDR_STRING, + strlen(TPMSEAL_HDR_STRING)) != 0) { + rc = TPMSEAL_FILE_ERROR; + tpm_errno = ENOTSSHDR; + goto out; + } + + /* Looking for TSS Key Header */ + BIO_gets(bdata, data, sizeof(data)); + if (strncmp(data, TPMSEAL_TSS_STRING, + strlen(TPMSEAL_TSS_STRING)) != 0) { + rc = TPMSEAL_FILE_ERROR; + tpm_errno = EWRONGTSSTAG; + goto out; + } + + /* Create a memory BIO to hold the base64 TSS key */ + if ((bmem = BIO_new(BIO_s_mem())) == NULL) { + tpm_errno = EAGAIN; + rc = TPMSEAL_STD_ERROR; + goto out; + } + BIO_set_mem_eof_return(bmem, 0); + + /* Read the base64 TSS key into the memory BIO */ + while ((rcLen = BIO_gets(bdata, data, sizeof(data))) > 0) { + /* Look for EVP Key Header (end of key) */ + if (strncmp(data, TPMSEAL_EVP_STRING, + strlen(TPMSEAL_EVP_STRING)) == 0) + break; + + if (BIO_write(bmem, data, rcLen) <= 0) { + tpm_errno = EIO; + rc = TPMSEAL_STD_ERROR; + goto out; + } + } + if (strncmp(data, TPMSEAL_EVP_STRING, + strlen(TPMSEAL_EVP_STRING)) != 0 ) { + tpm_errno = EWRONGEVPTAG; + rc = TPMSEAL_FILE_ERROR; + goto out; + } + + /* Create a base64 BIO to decode the TSS key */ + if ((b64 = BIO_new(BIO_f_base64())) == NULL) { + tpm_errno = EAGAIN; + rc = TPMSEAL_STD_ERROR; + goto out; + } + + /* Decode the TSS key */ + bmem = BIO_push( b64, bmem ); + while ((rcLen = BIO_read(bmem, data, sizeof(data))) > 0) { + if ((tssLen + rcLen) > tssKeyDataSize) { + tssKeyDataSize += TSSKEY_DEFAULT_SIZE; + rcPtr = realloc( tssKeyData, tssKeyDataSize); + if ( rcPtr == NULL ) { + tpm_errno = ENOMEM; + rc = TPMSEAL_STD_ERROR; + goto out; + } + tssKeyData = rcPtr; + } + memcpy(tssKeyData + tssLen, data, rcLen); + tssLen += rcLen; + } + bmem = BIO_pop(b64); + BIO_free(b64); + b64 = NULL; + bioRc = BIO_reset(bmem); + + /* Check for EVP Key Type Header */ + BIO_gets(bdata, data, sizeof(data)); + if (strncmp(data, TPMSEAL_KEYTYPE_SYM, + strlen(TPMSEAL_KEYTYPE_SYM)) != 0 ) { + rc = TPMSEAL_FILE_ERROR; + tpm_errno = EWRONGKEYTYPE; + goto out; + } + + /* Make sure it's a supported cipher + (currently only AES 256 CBC) */ + if (strncmp(data + strlen(TPMSEAL_KEYTYPE_SYM), + TPMSEAL_CIPHER_AES256CBC, + strlen(TPMSEAL_CIPHER_AES256CBC)) != 0) { + rc = TPMSEAL_FILE_ERROR; + tpm_errno = EWRONGKEYTYPE; + goto out; + } + + /* Read the base64 Symmetric key into the memory BIO */ + while ((rcLen = BIO_gets(bdata, data, sizeof(data))) > 0) { + /* Look for Encrypted Data Header (end of key) */ + if (strncmp(data, TPMSEAL_ENC_STRING, + strlen(TPMSEAL_ENC_STRING)) == 0) + break; + + if (BIO_write(bmem, data, rcLen) <= 0) { + tpm_errno = EIO; + rc = TPMSEAL_STD_ERROR; + goto out; + } + } + if (strncmp(data, TPMSEAL_ENC_STRING, + strlen(TPMSEAL_ENC_STRING)) != 0 ) { + tpm_errno = EWRONGDATTAG; + rc = TPMSEAL_FILE_ERROR; + goto out; + } + + /* Create a base64 BIO to decode the Symmetric key */ + if ((b64 = BIO_new(BIO_f_base64())) == NULL) { + tpm_errno = EAGAIN; + rc = TPMSEAL_STD_ERROR; + goto out; + } + + /* Decode the Symmetric key */ + bmem = BIO_push( b64, bmem ); + while ((rcLen = BIO_read(bmem, data, sizeof(data))) > 0) { + if ((evpLen + rcLen) > evpKeyDataSize) { + evpKeyDataSize += EVPKEY_DEFAULT_SIZE; + rcPtr = realloc( evpKeyData, evpKeyDataSize); + if ( rcPtr == NULL ) { + tpm_errno = ENOMEM; + rc = TPMSEAL_STD_ERROR; + goto out; + } + evpKeyData = rcPtr; + } + memcpy(evpKeyData + evpLen, data, rcLen); + evpLen += rcLen; + } + bmem = BIO_pop(b64); + BIO_free(b64); + b64 = NULL; + bioRc = BIO_reset(bmem); + + /* Read the base64 encrypted data into the memory BIO */ + while ((rcLen = BIO_gets(bdata, data, sizeof(data))) > 0) { + /* Look for TSS Footer (end of data) */ + if (strncmp(data, TPMSEAL_FTR_STRING, + strlen(TPMSEAL_FTR_STRING)) == 0) + break; + + if (BIO_write(bmem, data, rcLen) <= 0) { + tpm_errno = EIO; + rc = TPMSEAL_STD_ERROR; + goto out; + } + } + if (strncmp(data, TPMSEAL_FTR_STRING, + strlen(TPMSEAL_FTR_STRING)) != 0 ) { + tpm_errno = ENOTSSFTR; + rc = TPMSEAL_FILE_ERROR; + goto out; + } + + /* Unseal */ + if ((rc=Tspi_Context_Create(&hContext)) != TSS_SUCCESS) { + tpm_errno = ETSPICTXCREAT; + goto out; + } + + if ((rc=Tspi_Context_Connect(hContext, NULL)) != TSS_SUCCESS) { + tpm_errno = ETSPICTXCNCT; + goto tss_out; + } + + if ((rc=Tspi_Context_CreateObject(hContext, + TSS_OBJECT_TYPE_ENCDATA, + TSS_ENCDATA_SEAL, + &hEncdata)) != TSS_SUCCESS) { + tpm_errno = ETSPICTXCO; + goto tss_out; + } + + if ((rc=Tspi_SetAttribData(hEncdata, + TSS_TSPATTRIB_ENCDATA_BLOB, + TSS_TSPATTRIB_ENCDATABLOB_BLOB, + evpLen, evpKeyData)) != TSS_SUCCESS) { + tpm_errno = ETSPISETAD; + goto tss_out; + } + + if ((rc=Tspi_Context_CreateObject(hContext, + TSS_OBJECT_TYPE_POLICY, + TSS_POLICY_USAGE, + &hPolicy)) != TSS_SUCCESS) { + tpm_errno = ETSPICTXCO; + goto tss_out; + } + + if ((rc=Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, + strlen(TPMSEAL_SECRET), + (BYTE *)TPMSEAL_SECRET)) != TSS_SUCCESS) { + tpm_errno = ETSPIPOLSS; + goto tss_out; + } + + if ((rc=Tspi_Policy_AssignToObject(hPolicy, hEncdata)) != TSS_SUCCESS) { + tpm_errno = ETSPIPOLATO; + goto tss_out; + } + + if ((rc=Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, + SRK_UUID, &hSrk)) != TSS_SUCCESS) { + tpm_errno = ETSPICTXLKBU; + goto tss_out; + } + + /* Don't create a new policy for the SRK's secret, just use the context's + * default policy */ + if ((rc=Tspi_GetPolicyObject(hSrk, TSS_POLICY_USAGE, + &hPolicy)) != TSS_SUCCESS){ + tpm_errno = ETSPIGETPO; + goto tss_out; + } + + if ((rc=Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, 0, NULL)) + != TSS_SUCCESS) { + tpm_errno = ETSPIPOLSS; + goto tss_out; + } + + /* Failure point if trying to unseal data on a differnt TPM */ + if ((rc=Tspi_Context_LoadKeyByBlob(hContext, hSrk, tssLen, + tssKeyData, &hKey)) != TSS_SUCCESS) { + tpm_errno = ETSPICTXLKBB; + goto tss_out; + } + + if ((rc=Tspi_Context_CreateObject(hContext, + TSS_OBJECT_TYPE_POLICY, + TSS_POLICY_USAGE, + &hPolicy)) != TSS_SUCCESS) { + tpm_errno = ETSPICTXCO; + goto tss_out; + } + + if ((rc=Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_PLAIN, + strlen(TPMSEAL_SECRET), + (BYTE *)TPMSEAL_SECRET)) != TSS_SUCCESS) { + tpm_errno = ETSPIPOLSS; + goto tss_out; + } + + if ((rc=Tspi_Policy_AssignToObject(hPolicy, hKey)) != TSS_SUCCESS) { + tpm_errno = ETSPIPOLATO; + goto tss_out; + } + + if ((rc=Tspi_Data_Unseal(hEncdata, hKey, &symKeyLen, + &symKey)) != TSS_SUCCESS) { + tpm_errno = ETSPIDATU; + goto tss_out; + } + + /* Malloc a block of storage to hold the decrypted data + Using the size of the mem BIO is more than enough + (plus an extra cipher block size) */ + res_data = malloc(BIO_pending(bmem) + EVP_CIPHER_block_size(EVP_aes_256_cbc())); + if ( res_data == NULL ) { + rc = TPMSEAL_STD_ERROR; + tpm_errno = ENOMEM; + goto tss_out; + } + + /* Decode and decrypt the encrypted data */ + EVP_CIPHER_CTX ctx; + EVP_DecryptInit(&ctx, EVP_aes_256_cbc(), symKey, (unsigned char *)TPMSEAL_IV); + + /* Create a base64 BIO to decode the encrypted data */ + if ((b64 = BIO_new(BIO_f_base64())) == NULL) { + tpm_errno = EAGAIN; + rc = TPMSEAL_STD_ERROR; + goto tss_out; + } + + bmem = BIO_push( b64, bmem ); + while ((rcLen = BIO_read(bmem, data, sizeof(data))) > 0) { + EVP_DecryptUpdate(&ctx, res_data+res_size, + &rcLen, (unsigned char *)data, rcLen); + res_size += rcLen; + } + EVP_DecryptFinal(&ctx, res_data+res_size, &rcLen); + res_size += rcLen; + bmem = BIO_pop(b64); + BIO_free(b64); + b64 = NULL; + bioRc = BIO_reset(bmem); + +tss_out: + Tspi_Context_Close(hContext); +out: + + if ( bdata ) + BIO_free(bdata); + if ( b64 ) + BIO_free(b64); + if ( bmem ) { + bioRc = BIO_set_close(bmem, BIO_CLOSE); + BIO_free(bmem); + } + + if ( evpKeyData ) + free(evpKeyData); + if ( tssKeyData ) + free(tssKeyData); + + if ( rc == 0 ) { + *tss_data = res_data; + *tss_size = res_size; + } + return rc; +} + +void tpmUnsealShred(unsigned char* data, int size) { + + if ( data != NULL ) { + memset( data, 0, size); + free(data); + } + +} + +char tpm_error_buf[512]; +char * tpmUnsealStrerror(int rc) { + + switch(rc) { + case 0: + return "Success"; + case TPMSEAL_STD_ERROR: + return strerror(tpm_errno); + case TPMSEAL_FILE_ERROR: + switch(tpm_errno) { + case ENOTSSHDR: + return _("No TSS header present"); + case ENOTSSFTR: + return _("No TSS footer present"); + case EWRONGTSSTAG: + return _("Wrong TSS tag"); + case EWRONGEVPTAG: + return _("Wrong EVP tag"); + case EWRONGDATTAG: + return _("Wrong DATA tag"); + case EWRONGKEYTYPE: + return _("Not a Symmetric EVP Key"); + case EBADSEEK: + return _("Unable to move to desired file position"); + } + default: + snprintf(tpm_error_buf, sizeof(tpm_error_buf), + "%s: 0x%08x - layer=%s, code=%04x (%d), %s", + tspi_error_strings[tpm_errno], + rc, Trspi_Error_Layer(rc), + Trspi_Error_Code(rc), + Trspi_Error_Code(rc), + Trspi_Error_String(rc)); + return tpm_error_buf; + } + return ""; +} + +int main(int argc, char **argv) +{ + unsigned char* plaintext_data; + int plaintext_size; + FILE* plaintext_file; + int i; + + if (argc != 2) { + fprintf(stderr, "Usage: %s \n", argv[0]); + return -1; + } + + fprintf(stdout, "Trying to decode %s\n", argv[1]); + int result = tpmUnsealFile(argv[1], &plaintext_data, &plaintext_size); + if (result != 0) { + char* errMsg = tpmUnsealStrerror(result); + fprintf(stdout, "Decoding failed: %s\n", errMsg); + return -1; + } + + if ((plaintext_file = fopen(strcat(argv[1], ".decoded"), "w")) == NULL) { + fprintf(stderr, "Cannot open %s for writing\n", argv[1]); + return -1; + } + + for (i = 0; i < plaintext_size; i++) { + fputc(plaintext_data[i], plaintext_file); + } + + fclose(plaintext_file); + fprintf(stdout, "Success! Decoded to %s\n",argv[1]); + return 0; +} + diff -Naur tpm-tools-1.2.5.1/src/data_mgmt/Makefile.am tpm-tools-1.2.5.1-mtm/src/data_mgmt/Makefile.am --- tpm-tools-1.2.5.1/src/data_mgmt/Makefile.am 2006-09-07 20:07:31.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/data_mgmt/Makefile.am 2007-10-05 12:29:03.000000000 +0000 @@ -36,21 +36,22 @@ # # TPM Token initialization command -tpmtoken_init_SOURCES = data_init.c +tpmtoken_init_SOURCES = data_init.c data_common.h data_init.h # # TPM Token change password command -tpmtoken_setpasswd_SOURCES = data_passwd.c +tpmtoken_setpasswd_SOURCES = data_passwd.c data_common.h data_passwd.h # # TPM Token object list command -tpmtoken_objects_SOURCES = data_object.c +tpmtoken_objects_SOURCES = data_object.c data_common.h data_object.h # # TPM Token object import command -tpmtoken_import_SOURCES = data_import.c +tpmtoken_import_SOURCES = data_import.c data_common.h data_import.h tpmtoken_import_LDADD = $(LDADD) -lcrypto # # TPM Token data protection command -tpmtoken_protect_SOURCES = data_protect.c +tpmtoken_protect_SOURCES = data_protect.c data_common.h data_protect.h + diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/Makefile.am tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/Makefile.am --- tpm-tools-1.2.5.1/src/tpm_mgmt/Makefile.am 2006-09-27 18:53:31.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/Makefile.am 2007-11-13 14:03:32.000000000 +0000 @@ -1,6 +1,9 @@ # # Makefile.am # +# Portions Copyright (c) 2007 Nokia Corporation +# All Rights Reserved. +# # The Initial Developer of the Original Code is International # Business Machines Corporation. Portions created by IBM # Corporation are Copyright (C) 2005, 2006 International Business @@ -25,22 +28,30 @@ tpm_reset sbin_PROGRAMS = tpm_changeownerauth \ - tpm_clear \ - tpm_createek \ - tpm_getpubek \ + tpm_clear \ + tpm_createek \ + tpm_extend \ + tpm_getpubek \ + tpm_incrementbootstrapcounter \ + tpm_installrim \ + tpm_loadverificationkey \ + tpm_loadverificationrootkeydisable \ + tpm_readpcr \ tpm_restrictpubek \ tpm_setactive \ tpm_setenable \ tpm_setclearable \ tpm_setownable \ tpm_setpresence \ + tpm_setverifiedpcrselection \ tpm_takeownership \ + tpm_verifyrimcert \ tpm_version \ tpm_selftest AM_CPPFLAGS = -I$(top_builddir)/include -D_LINUX -LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi +LDADD = $(top_builddir)/lib/libtpm_tspi.la -ltspi $(LIBINTL) $(LIBICONV) tpm_startup_SOURCES = tpm_startup.c tpm_reset_SOURCES = tpm_reset.c @@ -48,13 +59,21 @@ tpm_changeownerauth_SOURCES = tpm_changeauth.c tpm_clear_SOURCES = tpm_clear.c tpm_createek_SOURCES = tpm_createek.c +tpm_extend_SOURCES = tpm_extend.c tpm_getpubek_SOURCES = tpm_getpubek.c +tpm_incrementbootstrapcounter_SOURCES = tpm_incrementbootstrapcounter.c +tpm_installrim_SOURCES = tpm_installrim.c +tpm_loadverificationkey_SOURCES = tpm_loadverificationkey.c +tpm_loadverificationrootkeydisable_SOURCES = tpm_loadverificationrootkeydisable.c +tpm_readpcr_SOURCES = tpm_readpcr.c tpm_restrictpubek_SOURCES = tpm_restrictpubek.c tpm_setactive_SOURCES = tpm_activate.c tpm_setclearable_SOURCES = tpm_clearable.c tpm_setenable_SOURCES = tpm_enable.c tpm_setownable_SOURCES = tpm_ownable.c tpm_setpresence_SOURCES = tpm_present.c +tpm_setverifiedpcrselection_SOURCES = tpm_setverifiedpcrselection.c tpm_takeownership_SOURCES = tpm_takeownership.c +tpm_verifyrimcert_SOURCES = tpm_verifyrimcert.c tpm_version_SOURCES = tpm_version.c tpm_selftest_SOURCES = tpm_selftest.c diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_changeauth.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_changeauth.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_changeauth.c 2006-02-15 18:33:59.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_changeauth.c 2007-11-13 13:54:37.000000000 +0000 @@ -1,4 +1,8 @@ /* + * + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * The Initial Developer of the Original Code is International * Business Machines Corporation. Portions created by IBM * Corporation are Copyright (C) 2005 International Business @@ -19,8 +23,8 @@ * http://www.opensource.org/licenses/cpl1.0.php. */ -#include "tpm_utils.h" #include "tpm_tspi.h" +#include "tpm_utils.h" struct changeAuth { char *name; diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_extend.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_extend.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_extend.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_extend.c 2007-11-13 13:57:07.000000000 +0000 @@ -0,0 +1,97 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + */ + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +static UINT32 pcr_index; +static BYTE in_digest[20]; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'n': + if (aArg) { + sscanf(aArg, "%x", &pcr_index); + rc = 0; + } + break; + case 'm': + if (aArg) { + int i; + const char* ptr = aArg; + for (i = 0; i < 20; i++) { + sscanf(ptr++, "%02x", (UINT32*)&(in_digest[i])); + } + rc = 0; + } + break; + default: + return -1; + } + return rc; +} + +static void help(const char* aCmd) +{ + logCmdHelp(aCmd); + logUnicodeCmdOption(); + logCmdOption("-n, --number pcrindex", _("PCR index")); +} + +int main(int argc, char **argv) +{ + TSS_RESULT tResult; + TSS_HCONTEXT hContext; + TSS_HTPM hTpm; + UINT32 pcr_length = 0; + BYTE* pcr_value = NULL; + int iRc = -1; + struct option opts[] = { {"number", required_argument, NULL, 'n'} , + {"measurement", required_argument, NULL, 'm'} + }; + + initIntlSys(); + + if (genericOptHandler(argc, argv, "n:m:", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) + goto out; + + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + tResult = tpmExtend(hTpm, pcr_index, 20, in_digest, &pcr_length, &pcr_value); + + if (tResult != TSS_SUCCESS) + goto out_close; + + if ((pcr_length > 0) && (pcr_value != NULL)) { + int i; + fprintf(stderr, "PCR[%02d]: ", pcr_index); + for (i = 0; i < pcr_length; i++) { + fprintf(stderr, "%02x", pcr_value[i]); + } + fprintf(stderr, "\n"); + } else { + logMsg(_("Cannot read PCR value\n")); + goto out_close; + } + + iRc = 0; + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + + out: + return iRc; +} diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_incrementbootstrapcounter.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_incrementbootstrapcounter.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_incrementbootstrapcounter.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_incrementbootstrapcounter.c 2007-11-13 13:57:32.000000000 +0000 @@ -0,0 +1,124 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + */ + +#include +#include +#include +#include +#include + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +//controlled by input options +static char in_filename[PATH_MAX] = ""; +static UINT32 rimkey = 0x00000000; +static int extend = 0; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'i': + if (aArg) { + strncpy(in_filename, aArg, PATH_MAX); + rc = 0; + } + break; + case 'r': + if (aArg) { + sscanf(aArg, "%x", &rimkey); + rc = 0; + } + break; + case 'e': + extend = 1; + break; + default: + return -1; + } + return rc; +} + +static void help(const char *aCmd) +{ + + logCmdHelp(aCmd); + logUnicodeCmdOption(); + logCmdOption("-i, --infile filename", _("Input filename")); + logCmdOption("-r, --rimkey id", _("RIM key id")); +} + +int main(int argc, char **argv) +{ + int retval; + struct stat statbuf; + FILE *fp; + TSS_HCONTEXT hContext; + TSS_HTPM hTpm; + int iRc = -1; + UINT32 rimCertSize; + BYTE* rimCertData; + struct option opts[] = { {"infile", required_argument, NULL, 'i'}, + {"rimkey", required_argument, NULL, 'r'} + }; + + initIntlSys(); + + if (genericOptHandler + (argc, argv, "i:r:e", opts, sizeof(opts) / sizeof(struct option), + parse, help) != 0) { + logError(_("Invalid option\n")); + goto out; + } + + //Connect to TSS and TPM + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + retval = lstat(in_filename, &statbuf); + if (retval != 0) { + logError(_("Stat failed for input file\n")); + goto out_close; + } + + rimCertSize = statbuf.st_size; + rimCertData = (BYTE*)malloc(rimCertSize); + fp = fopen(in_filename, "r"); + if (fp == NULL) { + logError(_("Cannot open input file\n")); + goto out_close; + } + retval = fread(rimCertData, 1, rimCertSize, fp); + if (retval != rimCertSize) { + logError(_("Reading failed")); + goto out_close; + } + fclose(fp); + + + if ((iRc = tpmIncrementBootstrapCounter(hTpm, + rimCertSize, + rimCertData, + rimkey)) != TSS_SUCCESS) + goto out_close; + logMsg(_("Bootstrap counter incremented\n")); + + iRc = 0; + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + out: + return iRc; + +} diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_installrim.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_installrim.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_installrim.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_installrim.c 2007-11-13 13:57:55.000000000 +0000 @@ -0,0 +1,170 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + */ + +#include +#include +#include +#include +#include + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +//controlled by input options +static char in_filename[PATH_MAX] = ""; +static char out_filename[PATH_MAX] = ""; +static char *opt_passwd = NULL; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'i': + if (aArg) { + strncpy(in_filename, aArg, PATH_MAX); + rc = 0; + } + break; + case 'o': + if (aArg) { + strncpy(out_filename, aArg, PATH_MAX); + rc = 0; + } + break; + case 'p': + if (aArg) { + opt_passwd = (char*)malloc(strlen(aArg)+1); + strcpy(opt_passwd, aArg); + rc = 0; + } + break; + default: + return -1; + } + return rc; +} + +static void help(const char *aCmd) +{ + + logCmdHelp(aCmd); + logUnicodeCmdOption(); + logCmdOption("-i, --infile filename", _("Input filename")); + logCmdOption("-o, --outfile filename", _("Output filename")); + logCmdOption("-p, --password pwd", _("Password")); +} + +int main(int argc, char **argv) +{ + int retval; + struct stat statbuf; + FILE *fp; + char *szTpmPasswd = NULL; + int pswd_len; + TSS_HCONTEXT hContext; + TSS_HPOLICY hTpmPolicy; + TSS_HTPM hTpm; + int iRc = -1; + UINT32 extRimCertSize; + BYTE* extRimCertData; + UINT32 intRimCertSize; + BYTE* intRimCertData; + struct option opts[] = { {"infile", required_argument, NULL, 'i'}, + {"outfile", required_argument, NULL, 'o'}, + {"password", required_argument, NULL, 'p'} + }; + + initIntlSys(); + + if (genericOptHandler + (argc, argv, "i:o:p:", opts, sizeof(opts) / sizeof(struct option), + parse, help) != 0) { + logError(_("Invalid option\n")); + goto out; + } + + //Connect to TSS and TPM + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + // If not option then prompt for owner password + if (opt_passwd) { + szTpmPasswd = opt_passwd; + pswd_len = strlen(opt_passwd); + } else { + szTpmPasswd = getPasswd(_("Enter owner password: "), &pswd_len, FALSE); + } + if (!szTpmPasswd) { + logError(_("Failed to get owner password\n")); + goto out_close; + } + if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) + goto out_close; + if (policySetSecret + (hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) + goto out_close; + + retval = lstat(in_filename, &statbuf); + if (retval != 0) { + logError(_("Stat failed for input file\n")); + goto out_close; + } + + extRimCertSize = statbuf.st_size; + extRimCertData = (BYTE*)malloc(extRimCertSize); + fp = fopen(in_filename, "r"); + if (fp == NULL) { + logError(_("Cannot open input file\n")); + goto out_close; + } + retval = fread(extRimCertData, 1, extRimCertSize, fp); + if (retval != extRimCertSize) { + logError(_("Reading failed")); + goto out_close; + } + fclose(fp); + + if ((iRc = tpmInstallRIM(hTpm, + extRimCertSize, + extRimCertData, + &intRimCertSize, + &intRimCertData)) != TSS_SUCCESS) + goto out_close; + + fp = fopen(out_filename, "w"); + if (fp == NULL) { + logError(_("Cannot open %s\n"), out_filename); + goto out_close; + } + retval = fwrite(intRimCertData, 1, intRimCertSize, fp); + if (retval != intRimCertSize) { + logError(_("Writing failed\n")); + goto out_close; + } + fclose(fp); + + logMsg(_("RIM certificate installed %d bytes written\n"), intRimCertSize); + + free(extRimCertData); + iRc = 0; + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + + out: + if (szTpmPasswd) + shredPasswd(szTpmPasswd); + + return iRc; + +} diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_loadverificationkey.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_loadverificationkey.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_loadverificationkey.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_loadverificationkey.c 2007-11-13 13:58:14.000000000 +0000 @@ -0,0 +1,180 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + */ + +#include +#include +#include +#include +#include + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +//controlled by input options +static char in_filename[PATH_MAX] = ""; +static UINT32 parentid = 0xffffffff; +static char *opt_passwd = NULL; +static char handlefile[PATH_MAX] = ""; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'i': + if (aArg) { + strncpy(in_filename, aArg, PATH_MAX); + rc = 0; + } + break; + case 'p': + if (aArg) { + sscanf(aArg, "%x", &parentid); + rc = 0; + } + break; + case 'a': + if (aArg) { + opt_passwd = (char*)malloc(strlen(aArg)+1); + strcpy(opt_passwd, aArg); + rc = 0; + } + break; + case 'o': + if (aArg) { + strncpy(handlefile, aArg, PATH_MAX); + rc = 0; + } + break; + default: + return -1; + } + return rc; +} + +static void help(const char *aCmd) +{ + + logCmdHelp(aCmd); + logUnicodeCmdOption(); + logCmdOption("-i, --infile filename", _("Input filename")); + logCmdOption("-p, --parentid id", _("Parent id")); + logCmdOption("-a, --password pwd", _("Password")); + logCmdOption("-o, --handlefile filename", _("Filename for handle data")); + +} + +int main(int argc, char **argv) +{ + int retval; + struct stat statbuf; + FILE *fp; + char *szTpmPasswd = NULL; + int pswd_len; + TSS_HCONTEXT hContext; + TSS_HPOLICY hTpmPolicy; + TSS_HTPM hTpm; + int iRc = -1; + UINT32 verificationKeySize; + BYTE* verificationKeyData; + UINT32 verificationKeyHandle; + BYTE loadMethod; + struct option opts[] = { {"infile", required_argument, NULL, 'i'}, + {"parentid", required_argument, NULL, 'p'}, + {"password", required_argument, NULL, 'a'}, + {"handlefile", required_argument, NULL, 'o'} + }; + + initIntlSys(); + + if (genericOptHandler + (argc, argv, "i:p:a:o:", opts, sizeof(opts) / sizeof(struct option), + parse, help) != 0) { + logError(_("Invalid option\n")); + goto out; + } + + //Connect to TSS and TPM + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + //Prompt for owner password + if (opt_passwd) { + szTpmPasswd = opt_passwd; + pswd_len = strlen(opt_passwd); + } else { + szTpmPasswd = getPasswd(_("Enter owner password: "), &pswd_len, FALSE); + } + if (!szTpmPasswd) { + logError(_("Failed to get owner password\n")); + goto out_close; + } + if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) + goto out_close; + if (policySetSecret + (hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) + goto out_close; + + retval = lstat(in_filename, &statbuf); + if (retval != 0) { + logError(_("Stat failed for input file\n")); + goto out_close; + } + + verificationKeySize = statbuf.st_size; + verificationKeyData = (BYTE*)malloc(verificationKeySize); + fp = fopen(in_filename, "r"); + if (fp == NULL) { + logError(_("Cannot open input file\n")); + goto out_close; + } + retval = fread(verificationKeyData, 1, verificationKeySize, fp); + if (retval != verificationKeySize) { + logError(_("Reading failed")); + goto out_close; + } + fclose(fp); + + if ((iRc = tpmLoadVerificationKey(hTpm, + parentid, + verificationKeySize, + verificationKeyData, + &verificationKeyHandle, + &loadMethod)) != TSS_SUCCESS) + goto out_close; + + fprintf(stdout, "Handle is 0x%x\n", verificationKeyHandle); + logMsg(_("Verification key installed\n")); + if (strcmp(handlefile, "") != 0) { + fp = fopen(handlefile, "w"); + if (fp != NULL) { + fprintf(fp, "%d\n", verificationKeyHandle); + fclose(fp); + } else { + fprintf(stdout, "cannot open file %s\n", handlefile); + } + } else { + fprintf(stdout, "Handle filename is not specified\n"); + } + + iRc = 0; + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + + out: + if (szTpmPasswd) + shredPasswd(szTpmPasswd); + + return iRc; + +} diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_loadverificationrootkeydisable.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_loadverificationrootkeydisable.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_loadverificationrootkeydisable.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_loadverificationrootkeydisable.c 2007-11-13 13:58:38.000000000 +0000 @@ -0,0 +1,54 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + * + * Disable MTM verification root key loading. This is a + * test routime for MTM emulator. + * + */ + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +static void help(const char* aCmd) +{ + logCmdHelp(aCmd); + logUnicodeCmdOption(); +} + +int main(int argc, char **argv) +{ + + TSS_RESULT tResult; + TSS_HCONTEXT hContext; + TSS_HTPM hTpm; + int iRc = -1; + + initIntlSys(); + + if (genericOptHandler(argc, argv, NULL, NULL, 0, NULL, help) != 0) + goto out; + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + /* Request spec minor field */ + tResult = tpmLoadVerificationRootKeyDisable(hTpm); + iRc = tResult; + if (tResult != TSS_SUCCESS) { + goto out_close; + } + + logMsg(_("Load verification root key disabled\n")); + + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + + out: + return iRc; +} diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_present.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_present.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_present.c 2006-06-07 20:43:56.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_present.c 2007-11-13 13:55:06.000000000 +0000 @@ -1,4 +1,7 @@ /* + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * The Initial Developer of the Original Code is International * Business Machines Corporation. Portions created by IBM * Corporation are Copyright (C) 2005, 2006 International Business @@ -19,8 +22,8 @@ * http://www.opensource.org/licenses/cpl1.0.php. */ -#include "tpm_utils.h" #include "tpm_tspi.h" +#include "tpm_utils.h" /* * Never set change to false. diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_readpcr.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_readpcr.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_readpcr.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_readpcr.c 2007-11-13 13:58:57.000000000 +0000 @@ -0,0 +1,84 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + */ + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +static UINT32 pcr_index; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'n': + if (aArg) { + sscanf(aArg, "%x", &pcr_index); + rc = 0; + } + break; + default: + return -1; + } + return rc; +} + +static void help(const char* aCmd) +{ + logCmdHelp(aCmd); + logUnicodeCmdOption(); + logCmdOption("-n, --number pcrindex", _("PCR index")); +} + +int main(int argc, char **argv) +{ + TSS_RESULT tResult; + TSS_HCONTEXT hContext; + TSS_HTPM hTpm; + UINT32 pcr_length = 0; + BYTE* pcr_value = NULL; + int iRc = -1; + struct option opts[] = { {"number", required_argument, NULL, 'n'} }; + + initIntlSys(); + + if (genericOptHandler(argc, argv, "n:", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) + goto out; + + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + tResult = tpmPCRRead(hTpm, pcr_index, &pcr_length, &pcr_value); + + if (tResult != TSS_SUCCESS) + goto out_close; + + if ((pcr_length > 0) && (pcr_value != NULL)) { + int i; + fprintf(stderr, "PCR[%02d]: ", pcr_index); + for (i = 0; i < pcr_length; i++) { + fprintf(stderr, "%02x", pcr_value[i]); + } + fprintf(stderr, "\n"); + } else { + logMsg(_("Cannot read PCR value\n")); + goto out_close; + } + + iRc = 0; + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + + out: + return iRc; +} diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_setverifiedpcrselection.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_setverifiedpcrselection.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_setverifiedpcrselection.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_setverifiedpcrselection.c 2007-11-13 13:59:15.000000000 +0000 @@ -0,0 +1,154 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + */ + +#include +#include +#include +#include +#include + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +//controlled by input options +static char in_filename[PATH_MAX] = ""; +static char *opt_passwd = NULL; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'i': + if (aArg) { + strncpy(in_filename, aArg, PATH_MAX); + rc = 0; + } + break; + case 'p': + if (aArg) { + opt_passwd = (char*)malloc(strlen(aArg)+1); + strcpy(opt_passwd, aArg); + rc = 0; + } + break; + default: + return -1; + } + return rc; +} + +static void help(const char *aCmd) +{ + + logCmdHelp(aCmd); + logUnicodeCmdOption(); + logCmdOption("-i, --infile filename", _("Input filename")); + logCmdOption("-p, --password pwd", _("Password")); +} + +int main(int argc, char **argv) +{ + FILE *fp; + char *szTpmPasswd = NULL; + int pswd_len; + TSS_HCONTEXT hContext; + TSS_HPOLICY hTpmPolicy; + TSS_HTPM hTpm; + int iRc = -1; + TCPA_PCR_SELECTION selection; + int choice; + struct option opts[] = { {"infile", required_argument, NULL, 'i'}, + {"password", required_argument, NULL, 'p'} + }; + + initIntlSys(); + + if (genericOptHandler + (argc, argv, "i:p:", opts, sizeof(opts) / sizeof(struct option), + parse, help) != 0) { + logError(_("Invalid option\n")); + goto out; + } + + //Connect to TSS and TPM + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + //Prompt for owner password + if (opt_passwd) { + szTpmPasswd = opt_passwd; + pswd_len = strlen(opt_passwd); + } else { + szTpmPasswd = getPasswd(_("Enter owner password: "), &pswd_len, FALSE); + } + if (!szTpmPasswd) { + logError(_("Failed to get owner password\n")); + goto out_close; + } + if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS) + goto out_close; + if (policySetSecret + (hTpmPolicy, pswd_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS) + goto out_close; + + // + // This assumes that we have only 24 PCRs and sizeOfSelect=3. + // Numbers of selections should be listed in one row. + // + selection.sizeOfSelect = 3; + selection.pcrSelect = (BYTE*)malloc(selection.sizeOfSelect); + memset(selection.pcrSelect, 0, selection.sizeOfSelect); + fp = fopen(in_filename, "r"); + if (fp == NULL) { + logError(_("Cannot open input file\n")); + goto out_close; + } + + while (fscanf(fp, "%d", &choice) != EOF) { + if (choice < 0) { + fprintf(stdout, "Bad selection %d\n", choice); + continue; + } + if (choice < 8) { + selection.pcrSelect[0] |= 1 << choice; + continue; + } + if (choice < 16) { + selection.pcrSelect[1] |= 1 << (choice-8); + continue; + } + if (choice < 24) { + selection.pcrSelect[2] |= 1 << (choice-16); + continue; + } + fprintf(stdout, "Bad selection %d\n", choice); + } + fclose(fp); + + if ((iRc = tpmSetVerifiedPCRSelection(hTpm, &selection)) != TSS_SUCCESS) + goto out_close; + + logMsg(_("Verified PCR selection is set\n")); + + iRc = 0; + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + + out: + if (szTpmPasswd) + shredPasswd(szTpmPasswd); + + return iRc; + +} diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_takeownership.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_takeownership.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_takeownership.c 2007-02-02 19:48:30.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_takeownership.c 2007-11-13 13:55:34.000000000 +0000 @@ -1,4 +1,7 @@ /* + * Portions Copyright (c) 2007 Nokia Corporation + * All Rights Reserved. + * * The Initial Developer of the Original Code is International * Business Machines Corporation. Portions created by IBM * Corporation are Copyright (C) 2005 International Business @@ -22,10 +25,40 @@ #include "tpm_tspi.h" #include "tpm_utils.h" +static char *opt_tpm_passwd = NULL; +static char *opt_srk_passwd = NULL; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'p': + if (aArg) { + opt_tpm_passwd = (char*)malloc(strlen(aArg)+1); + strcpy(opt_tpm_passwd, aArg); + rc = 0; + } + break; + case 's': + if (aArg) { + opt_srk_passwd = (char*)malloc(strlen(aArg)+1); + strcpy(opt_srk_passwd, aArg); + rc = 0; + } + break; + default: + return -1; + } + return rc; +} + static void help(const char* aCmd) { logCmdHelp(aCmd); logUnicodeCmdOption(); + logCmdOption("-p, --tpmpwd pwd", _("TPM Password")); + logCmdOption("-s, --srkpwd pwd", _("SRK Password")); } static inline TSS_RESULT tpmTakeOwnership(TSS_HTPM a_hTpm, TSS_HKEY a_hSrk) @@ -50,19 +83,34 @@ TSS_FLAG fSrkAttrs; TSS_HPOLICY hTpmPolicy, hSrkPolicy; int iRc = -1; + struct option opts[] = { {"tpmpwd", required_argument, NULL, 'p'}, + {"srkpwd", required_argument, NULL, 's'} + }; initIntlSys(); - if (genericOptHandler(argc, argv, "", NULL, 0, NULL, help) != 0) + if (genericOptHandler(argc, argv, "p:s:", opts, sizeof(opts) / sizeof(struct option), parse, help) != 0) { + logError(_("Invalid option\n")); goto out; + } // Prompt for owner password - szTpmPasswd = getPasswd(_("Enter owner password: "), &tpm_len, TRUE); + if (opt_tpm_passwd) { + szTpmPasswd = opt_tpm_passwd; + tpm_len = strlen(opt_tpm_passwd); + } else { + szTpmPasswd = getPasswd(_("Enter owner password: "), &tpm_len, TRUE); + } if (!szTpmPasswd) { goto out; } // Prompt for srk password - szSrkPasswd = getPasswd(_("Enter SRK password: "), &srk_len, TRUE); + if (opt_srk_passwd) { + szSrkPasswd = opt_srk_passwd; + srk_len = strlen(opt_srk_passwd); + } else { + szSrkPasswd = getPasswd(_("Enter SRK password: "), &srk_len, TRUE); + } if (!szSrkPasswd) { goto out; } diff -Naur tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_verifyrimcert.c tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_verifyrimcert.c --- tpm-tools-1.2.5.1/src/tpm_mgmt/tpm_verifyrimcert.c 1970-01-01 00:00:00.000000000 +0000 +++ tpm-tools-1.2.5.1-mtm/src/tpm_mgmt/tpm_verifyrimcert.c 2007-11-13 13:59:56.000000000 +0000 @@ -0,0 +1,154 @@ +/* + * (C) Copyright Nokia Corporation 2007 - All Rights Reserved + * This file is made available under the terms of the IBM Common Public License v1.0 + */ + +#include +#include +#include +#include +#include + +#include "tpm_tspi.h" +#include "tpm_utils.h" + +//controlled by input options +static char in_filename[PATH_MAX] = ""; +static UINT32 rimkey = 0x00000000; +static int extend = 0; + +static int parse(const int aOpt, const char *aArg) +{ + int rc = -1; + + switch (aOpt) { + case 'i': + if (aArg) { + strncpy(in_filename, aArg, PATH_MAX); + rc = 0; + } + break; + case 'r': + if (aArg) { + sscanf(aArg, "%x", &rimkey); + rc = 0; + } + break; + case 'e': + extend = 1; + rc = 0; + break; + case 'k': + if (aArg) { + FILE* fp = fopen(aArg, "r"); + if (fp != NULL) { + fscanf(fp, "%d", &rimkey); + } else { + logError(_("Cannot open RIM key file")); + return -1; + } + rc = 0; + } + break; + default: + return -1; + } + return rc; +} + +static void help(const char *aCmd) +{ + + logCmdHelp(aCmd); + logUnicodeCmdOption(); + logCmdOption("-i, --infile filename", _("Input filename")); + logCmdOption("-r, --rimkey id", _("RIM key id")); + logCmdOption("-k, --handlefile filename", _("File to store RIM key id")); + logCmdOption("-e, --extend", _("Extend PCR")); +} + +int main(int argc, char **argv) +{ + int retval; + struct stat statbuf; + FILE *fp; + TSS_HCONTEXT hContext; + TSS_HTPM hTpm; + TCPA_PCRVALUE outDigest; + int iRc = -1; + UINT32 rimCertSize; + BYTE* rimCertData; + struct option opts[] = { {"extend", no_argument, NULL, 'e'}, + {"infile", required_argument, NULL, 'i'}, + {"rimkey", required_argument, NULL, 'r'}, + {"handlefile", required_argument, NULL, 'k'} + }; + + initIntlSys(); + + if (genericOptHandler + (argc, argv, "ei:r:k:", opts, sizeof(opts) / sizeof(struct option), + parse, help) != 0) { + logError(_("Invalid option\n")); + goto out; + } + + //Connect to TSS and TPM + if (contextCreate(&hContext) != TSS_SUCCESS) + goto out; + + if (contextConnect(hContext) != TSS_SUCCESS) + goto out_close; + + if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) + goto out_close; + + retval = lstat(in_filename, &statbuf); + if (retval != 0) { + logError(_("Stat failed for input file\n")); + goto out_close; + } + + rimCertSize = statbuf.st_size; + rimCertData = (BYTE*)malloc(rimCertSize); + fp = fopen(in_filename, "r"); + if (fp == NULL) { + logError(_("Cannot open input file\n")); + goto out_close; + } + retval = fread(rimCertData, 1, rimCertSize, fp); + if (retval != rimCertSize) { + logError(_("Reading failed")); + goto out_close; + } + fclose(fp); + + fprintf(stderr, "RIM KEY ID IS %d\n", rimkey); + + if (extend) { + if ((iRc = tpmVerifyRIMCertAndExtend(hTpm, + rimCertSize, + rimCertData, + rimkey, + &outDigest)) != TSS_SUCCESS) { + goto out_close; + logMsg(_("RIM certificate verified and PCR extended\n")); + } + } else { + if ((iRc = tpmVerifyRIMCert(hTpm, + rimCertSize, + rimCertData, + rimkey)) != TSS_SUCCESS) { + goto out_close; + } + logMsg(_("RIM certificate verified\n")); + } + iRc = 0; + logSuccess(argv[0]); + + out_close: + contextClose(hContext); + out: + return iRc; + +}