?? keys.c
字號:
/****************************************************************************//* *//* TPM Key Handling Routines *//* *//* Written by J. Kravitz *//* *//* IBM Thomas J. Watson Research Center *//* *//* Version 2.2 *//* *//* Last Revision 15 Sep 2004 *//* *//* Copyright (C) 2004 IBM *//* *//****************************************************************************/#include <stdio.h>#include <stdlib.h>#include <string.h>#include <netinet/in.h>#include <tpm.h>#include <tpmfunc.h>#include <tpmutil.h>#include <tpmkeys.h>#include <oiaposap.h>#include <hmac.h>#include <openssl/rsa.h>#include <openssl/bn.h>/****************************************************************************//* *//* Read the TPM Endorsement public key *//* *//****************************************************************************/uint32_t TPM_ReadPubek(pubkeydata * k){ unsigned char read_pubek_fmt[] = "00 c1 T 00 00 00 7c %"; unsigned char tpmdata[TPM_MAX_BUFF_SIZE]; unsigned char nonce[TPM_HASH_SIZE]; uint32_t ret; /* check input argument */ if (k == NULL) return ERR_NULL_ARG; /* generate random nonce */ ret = TSS_gennonce(nonce); if (ret == 0) return ERR_CRYPT_ERR; /* copy Read PubKey request template to buffer */ ret = TSS_buildbuff(read_pubek_fmt, tpmdata, TPM_HASH_SIZE, nonce); if ((ret & ERR_MASK) != 0) return ret; ret = TPM_Transmit(tpmdata, "tpm_readpubek"); if (ret) return ret; TSS_PubKeyExtract(tpmdata + TPM_DATA_OFFSET, k, 0); return 0;}/****************************************************************************//* *//* Owner Read the TPM Endorsement Key *//* *//****************************************************************************/uint32_t TPM_OwnerReadPubek(unsigned char *ownauth, pubkeydata * k){ unsigned char owner_read_ekey_fmt[] = "00 c2 T l l % o %"; uint32_t ret; unsigned char tpmdata[TPM_MAX_BUFF_SIZE]; unsigned char nonceodd[TPM_NONCE_SIZE]; unsigned char evennonce[TPM_NONCE_SIZE]; unsigned char authdata[TPM_NONCE_SIZE]; unsigned char c; uint32_t ordinal; uint32_t authhandle; int size; /* generate odd nonce */ TSS_gennonce(nonceodd); /* Open OIAP Session */ ret = TSS_OIAPopen(&authhandle, evennonce); if (ret != 0) return ret; /* move Network byte order data to variables for hmac calculation */ ordinal = htonl(0x7D); c = 0; /* calculate authorization HMAC value */ ret = TSS_authhmac(authdata, ownauth, TPM_HASH_SIZE, evennonce, nonceodd, c, TPM_U32_SIZE, &ordinal, 0, 0); if (ret < 0) { TSS_OIAPclose(authhandle); return ret; } /* build the request buffer */ ret = TSS_buildbuff(owner_read_ekey_fmt, tpmdata, ordinal, authhandle, TPM_NONCE_SIZE, nonceodd, c, TPM_HASH_SIZE, authdata); if ((ret & ERR_MASK) != 0) { TSS_OIAPclose(authhandle); return ret; } /* transmit the request buffer to the TPM device and read the reply */ ret = TPM_Transmit(tpmdata, "OwnerReadEkey"); if (ret != 0) { TSS_OIAPclose(authhandle); return ret; } TSS_OIAPclose(authhandle); size = TSS_PubKeySize(tpmdata + TPM_DATA_OFFSET, 0); ret = TSS_checkhmac1(tpmdata, ordinal, nonceodd, ownauth, TPM_HASH_SIZE, size, TPM_DATA_OFFSET, 0, 0); if (ret != 0) return ret; TSS_PubKeyExtract(tpmdata + TPM_DATA_OFFSET, k, 0); return 0;}/****************************************************************************//* *//* Disable Reading of the Public Encorsement Key *//* *//****************************************************************************/uint32_t TPM_DisableReadPubek(unsigned char *ownauth){ unsigned char disable_ekey_fmt[] = "00 c2 T l l % o %"; uint32_t ret; unsigned char tpmdata[TPM_MAX_BUFF_SIZE]; unsigned char nonceodd[TPM_NONCE_SIZE]; unsigned char evennonce[TPM_NONCE_SIZE]; unsigned char authdata[TPM_NONCE_SIZE]; unsigned char c; uint32_t ordinal; uint32_t authhandle; /* generate odd nonce */ TSS_gennonce(nonceodd); /* Open OIAP Session */ ret = TSS_OIAPopen(&authhandle, evennonce); if (ret != 0) return ret; /* move Network byte order data to variables for hmac calculation */ ordinal = htonl(0x7E); c = 0; /* calculate authorization HMAC value */ ret = TSS_authhmac(authdata, ownauth, TPM_HASH_SIZE, evennonce, nonceodd, c, TPM_U32_SIZE, &ordinal, 0, 0); if (ret < 0) { TSS_OIAPclose(authhandle); return ret; } /* build the request buffer */ ret = TSS_buildbuff(disable_ekey_fmt, tpmdata, ordinal, authhandle, TPM_NONCE_SIZE, nonceodd, c, TPM_HASH_SIZE, authdata); if ((ret & ERR_MASK) != 0) { TSS_OIAPclose(authhandle); return ret; } /* transmit the request buffer to the TPM device and read the reply */ ret = TPM_Transmit(tpmdata, "DisableEkey"); if (ret != 0) { TSS_OIAPclose(authhandle); return ret; } TSS_OIAPclose(authhandle); ret = TSS_checkhmac1(tpmdata, ordinal, nonceodd, ownauth, TPM_HASH_SIZE, 0, 0); if (ret != 0) return ret; return 0;}/****************************************************************************//* *//* Create and Wrap a Key *//* *//* The arguments are... *//* *//* keyhandle is the handle of the parent key of the new key *//* 0x40000000 for the SRK *//* parauth is the authorization data (password) for the parent key *//* if NULL, the default auth data of all zeros is assumed *//* newauth is the authorization data (password) for the new key *//* migauth is the authorization data (password) for migration of the new *//* key, or NULL if the new key is not migratable *//* all authorization values must be 20 bytes long *//* keyparms is a pointer to a keydata structure with parms set for the new *//* key *//* key is a pointer to a keydata structure returned filled in *//* with the public key data for the new key, or NULL if no *//* keydata is to be returned *//* keyblob is a pointer to an area which will receive a copy of the *//* encrypted key blob. If NULL no copy is returned *//* bloblen is a pointer to an integer which will receive the length of *//* the key blob, or NULL if no length is to be returned *//* *//****************************************************************************/uint32_t TPM_CreateWrapKey(uint32_t keyhandle, unsigned char *parauth, unsigned char *newauth, unsigned char *migauth, keydata * keyparms, keydata * key, unsigned char *keyblob, unsigned int *bloblen){ unsigned char create_key_fmt[] = "00 c2 T l l % % % l % o %"; uint32_t ret; int i; unsigned char tpmdata[TPM_MAX_BUFF_SIZE]; unsigned char kparmbuf[TPM_MAX_BUFF_SIZE]; osapsess sess; unsigned char encauth1[TPM_HASH_SIZE]; unsigned char encauth2[TPM_HASH_SIZE]; unsigned char xorwork[TPM_HASH_SIZE * 2]; unsigned char xorhash[TPM_HASH_SIZE]; unsigned char nonceodd[TPM_NONCE_SIZE]; unsigned char pubauth[TPM_HASH_SIZE]; unsigned char dummyauth[TPM_HASH_SIZE]; unsigned char *cparauth; unsigned char *cnewauth; unsigned char c; uint32_t ordinal; uint32_t keyhndl; uint16_t keytype; int kparmbufsize; memset(dummyauth, 0, sizeof dummyauth); /* check input arguments */ if (keyparms == NULL) return ERR_NULL_ARG; if (parauth == NULL) cparauth = dummyauth; else cparauth = parauth; if (newauth == NULL) cnewauth = dummyauth; else cnewauth = newauth; if (keyhandle == 0x40000000) keytype = 0x0004; else keytype = 0x0001; /* get the TPM version and put into the keyparms structure */ ret = TPM_GetCapability(0x00000006, NULL, 0, &(keyparms->version[0]), &i); if (ret != 0) return ret; /* generate odd nonce */ TSS_gennonce(nonceodd); /* Open OSAP Session */ ret = TSS_OSAPopen(&sess, cparauth, keytype, keyhandle); if (ret != 0) return ret; /* calculate encrypted authorization value for new key */ memcpy(xorwork, sess.ssecret, TPM_HASH_SIZE); memcpy(xorwork + TPM_HASH_SIZE, sess.enonce, TPM_HASH_SIZE); TSS_sha1(xorwork, TPM_HASH_SIZE * 2, xorhash); for (i = 0; i < TPM_HASH_SIZE; ++i) encauth1[i] = xorhash[i] ^ cnewauth[i]; /* calculate encrypted authorization value for migration of new key */ if (migauth != NULL) { memcpy(xorwork, sess.ssecret, TPM_HASH_SIZE); memcpy(xorwork + TPM_HASH_SIZE, nonceodd, TPM_HASH_SIZE); TSS_sha1(xorwork, TPM_HASH_SIZE * 2, xorhash); for (i = 0; i < TPM_HASH_SIZE; ++i) encauth2[i] = xorhash[i] ^ migauth[i]; } else memset(encauth2, 0, TPM_HASH_SIZE); /* move Network byte order data to variables for hmac calculation */ ordinal = htonl(0x1F); keyhndl = htonl(keyhandle); c = 0; /* convert keyparm structure to buffer */ ret = TPM_BuildKey(kparmbuf, keyparms); if ((ret & ERR_MASK) != 0) { TSS_OSAPclose(&sess); return ret; }?? 快捷鍵說明
復(fù)制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -