Print this page
5218 posix definition of NULL
correct unistd.h and iso/stddef_iso.h
update gate source affected
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/cmd-crypto/tpmadm/admin_cmds.c
+++ new/usr/src/cmd/cmd-crypto/tpmadm/admin_cmds.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
19 19 * CDDL HEADER END
20 20 */
21 21
22 22 /*
23 23 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
24 24 * Use is subject to license terms.
25 25 */
26 26
27 27 #include <unistd.h>
28 28 #include <stdlib.h>
29 29 #include <stdio.h>
30 30 #include <strings.h>
31 31 #include <fcntl.h>
32 32 #include <sys/types.h>
33 33 #include <netinet/in.h>
34 34 #include <inttypes.h>
35 35 #include <sha1.h>
36 36 #include <uuid/uuid.h>
37 37 #include <sys/stat.h>
38 38 #include <libintl.h>
39 39
40 40 #include <tss/tss_defines.h>
41 41 #include <tss/tspi.h>
42 42
43 43 #include "tpmadm.h"
44 44
45 45 int cmd_status(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
46 46 int cmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
47 47 int cmd_clear(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
48 48 int cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
49 49 int cmd_keyinfo(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
50 50 int cmd_deletekey(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[]);
51 51
52 52 cmdtable_t commands[] = {
53 53 {"status", "", cmd_status},
54 54 {"init", "", cmd_init},
55 55 {"clear", "[owner | lock]", cmd_clear},
56 56 {"auth", "", cmd_auth},
57 57 {"keyinfo", "[uuid]", cmd_keyinfo},
58 58 {"deletekey", "uuid", cmd_deletekey},
59 59 {NULL, NULL, NULL},
60 60 };
61 61
62 62 BYTE well_known[] = TSS_WELL_KNOWN_SECRET;
63 63 TSS_UUID srk_uuid = TSS_UUID_SRK;
64 64
65 65
66 66 /*
67 67 * TPM status
68 68 */
69 69
70 70 static int
71 71 print_tpm_version(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
72 72 {
73 73 struct {
74 74 TPM_CAP_VERSION_INFO vers_info;
75 75 char extra[20]; /* vendor extensions */
76 76 } info;
77 77
78 78 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_VERSION_VAL,
79 79 0, &info, sizeof (info)))
80 80 return (ERR_FAIL);
81 81
82 82 (void) printf(gettext("TPM Version: %d.%d (%c%c%c%c Rev: %d.%d, "
83 83 "SpecLevel: %d, ErrataRev: %d)\n"),
84 84 info.vers_info.version.major,
85 85 info.vers_info.version.minor,
86 86 info.vers_info.tpmVendorID[0],
87 87 info.vers_info.tpmVendorID[1],
88 88 info.vers_info.tpmVendorID[2],
89 89 info.vers_info.tpmVendorID[3],
90 90 info.vers_info.version.revMajor,
91 91 info.vers_info.version.revMinor,
92 92 (int)ntohs(info.vers_info.specLevel),
93 93 info.vers_info.errataRev);
94 94
95 95 return (0);
96 96 }
97 97
98 98 static int
99 99 tpm_is_owned(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
100 100 {
101 101 BYTE owned;
102 102
103 103 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
104 104 TSS_TPMCAP_PROP_OWNER, &owned, sizeof (owned)))
105 105 return (0);
106 106
107 107 return (owned);
108 108 }
109 109
110 110 static int
111 111 print_tpm_resources(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
112 112 {
113 113 UINT32 avail, max;
114 114
115 115 (void) printf(gettext("TPM resources\n"));
116 116
117 117 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
118 118 TSS_TPMCAP_PROP_MAXCONTEXTS, &max, sizeof (max)))
119 119 return (ERR_FAIL);
120 120 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
121 121 TSS_TPMCAP_PROP_CONTEXTS, &avail, sizeof (avail)))
122 122 return (ERR_FAIL);
123 123 (void) printf(gettext("\tContexts: %d/%d available\n"), avail, max);
124 124
125 125 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
126 126 TSS_TPMCAP_PROP_MAXSESSIONS, &max, sizeof (max)))
127 127 return (ERR_FAIL);
128 128 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
129 129 TSS_TPMCAP_PROP_SESSIONS, &avail, sizeof (avail)))
130 130 return (ERR_FAIL);
131 131 (void) printf(gettext("\tSessions: %d/%d available\n"), avail, max);
132 132
133 133 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
134 134 TSS_TPMCAP_PROP_MAXAUTHSESSIONS, &max, sizeof (max)))
135 135 return (ERR_FAIL);
136 136 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
137 137 TSS_TPMCAP_PROP_AUTHSESSIONS, &avail, sizeof (avail)))
138 138 return (ERR_FAIL);
139 139 (void) printf(gettext("\tAuth Sessions: %d/%d available\n"),
140 140 avail, max);
141 141
142 142 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
143 143 TSS_TPMCAP_PROP_MAXKEYS, &max, sizeof (max)))
144 144 return (ERR_FAIL);
145 145 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
146 146 TSS_TPMCAP_PROP_KEYS, &avail, sizeof (avail)))
147 147 return (ERR_FAIL);
148 148 (void) printf(gettext("\tLoaded Keys: %d/%d available\n"), avail, max);
149 149
150 150 return (0);
151 151 }
152 152
153 153 static int
154 154 print_tpm_pcrs(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM)
155 155 {
156 156 UINT32 num_pcrs;
157 157 int i;
158 158
159 159 if (get_tpm_capability(hContext, hTPM, TSS_TPMCAP_PROPERTY,
160 160 TSS_TPMCAP_PROP_PCR, &num_pcrs, sizeof (num_pcrs)))
161 161 return (ERR_FAIL);
162 162 (void) printf(gettext("Platform Configuration Registers (%u)\n"),
163 163 num_pcrs);
164 164
165 165 /* Print each PCR */
166 166 for (i = 0; i < num_pcrs; i++) {
167 167 TSS_RESULT ret;
168 168 UINT32 datalen;
169 169 BYTE *data;
170 170
171 171 ret = Tspi_TPM_PcrRead(hTPM, i, &datalen, &data);
172 172 if (ret) {
173 173 print_error(ret, gettext("Read PCR"));
174 174 return (ret);
175 175 }
176 176
177 177 (void) printf("\tPCR %u:\t", i);
178 178 print_bytes(data, datalen, FALSE);
179 179
180 180 ret = Tspi_Context_FreeMemory(hContext, data);
181 181 if (ret) {
182 182 print_error(ret, gettext("Free PCR memory"));
183 183 return (ret);
184 184 }
185 185 }
186 186 return (0);
187 187 }
188 188
189 189 /*ARGSUSED*/
190 190 int
191 191 cmd_status(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
192 192 {
193 193 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP, NULL, 0, NULL))
194 194 return (ERR_FAIL);
195 195
196 196 (void) print_tpm_version(hContext, hTPM);
197 197 if (tpm_is_owned(hContext, hTPM)) {
198 198 (void) print_tpm_resources(hContext, hTPM);
199 199 (void) print_tpm_pcrs(hContext, hTPM);
200 200 } else {
201 201 (void) printf(gettext("No TPM owner installed.\n"));
202 202 }
203 203
204 204 return (0);
205 205 }
206 206
207 207
208 208 /*
209 209 * Key Information
210 210 */
211 211
212 212 typedef struct {
213 213 UINT32 code;
214 214 char *str;
215 215 } decode_map_t;
216 216
217 217 decode_map_t key_usage[] = {
218 218 { TSS_KEYUSAGE_SIGN, "Signing" },
219 219 { TSS_KEYUSAGE_STORAGE, "Storage" },
220 220 { TSS_KEYUSAGE_IDENTITY, "Identity" },
221 221 { TSS_KEYUSAGE_AUTHCHANGE, "Authchange" },
222 222 { TSS_KEYUSAGE_BIND, "Bind" },
223 223 { TSS_KEYUSAGE_LEGACY, "Legacy" },
224 224 { TSS_KEYUSAGE_MIGRATE, "Migrate" },
225 225 { 0, NULL },
226 226 };
227 227
228 228 decode_map_t key_algorithm[] = {
229 229 { TSS_ALG_RSA, "RSA" },
230 230 { TSS_ALG_DES, "DES" },
231 231 { TSS_ALG_3DES, "3-DES" },
232 232 { TSS_ALG_SHA, "SHA" },
233 233 { TSS_ALG_HMAC, "HMAC" },
234 234 { TSS_ALG_AES, "AES" },
235 235 { TSS_ALG_MGF1, "MGF1" },
236 236 { TSS_ALG_AES192, "AES192" },
237 237 { TSS_ALG_AES256, "AES256" },
238 238 { TSS_ALG_XOR, "XOR" },
239 239 { 0, NULL },
240 240 };
241 241
242 242 decode_map_t key_sigscheme[] = {
243 243 { TSS_SS_NONE, "None" },
244 244 { TSS_SS_RSASSAPKCS1V15_SHA1, "RSASSAPKCS1v15_SHA1" },
245 245 { TSS_SS_RSASSAPKCS1V15_DER, "RSASSAPKCS1v15_DER" },
246 246 { 0, NULL },
247 247 };
248 248
249 249 decode_map_t key_encscheme[] = {
250 250 { TSS_ES_NONE, "None" },
251 251 { TSS_ES_RSAESPKCSV15, "RSAESPKCSv15" },
252 252 { TSS_ES_RSAESOAEP_SHA1_MGF1, "RSAESOAEP_SHA1_MGF1" },
253 253 { TSS_ES_SYM_CNT, "SYM_CNT" },
254 254 { TSS_ES_SYM_OFB, "SYM_OFB" },
255 255 { 0, NULL },
256 256 };
257 257
258 258 static char *
259 259 decode(decode_map_t *table, UINT32 code)
260 260 {
261 261 static char buf[20];
262 262 int i;
263 263
264 264 for (i = 0; table[i].str != NULL; i++) {
265 265 if (table[i].code == code)
266 266 return (table[i].str);
267 267 }
268 268
269 269 (void) snprintf(buf, sizeof (buf), gettext("Unknown (%u)"), code);
270 270 return (buf);
271 271 }
272 272
273 273 static void
274 274 print_key_info(TSS_HCONTEXT hContext, TSS_HOBJECT hKey)
275 275 {
276 276 TSS_RESULT ret;
277 277 UINT32 attrib;
278 278 UINT32 keyInfoSize;
279 279 BYTE *keyInfo;
280 280
281 281 /* Key size */
282 282 ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
283 283 TSS_TSPATTRIB_KEYINFO_SIZE, &attrib);
284 284 if (ret) {
285 285 print_error(ret, gettext("Get key size"));
286 286 }
287 287 (void) printf(gettext("Key Size: %d bits\n"), attrib);
288 288
289 289 /* Key usage */
290 290 ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
291 291 TSS_TSPATTRIB_KEYINFO_USAGE, &attrib);
292 292 if (ret) {
293 293 print_error(ret, gettext("Get key usage"));
294 294 }
295 295 (void) printf(gettext("Key Usage: %s\n"), decode(key_usage, attrib));
296 296
297 297 /* Algorithm */
298 298 ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
299 299 TSS_TSPATTRIB_KEYINFO_ALGORITHM, &attrib);
300 300 if (ret) {
301 301 print_error(ret, gettext("Get key algorithm"));
302 302 }
303 303 (void) printf(gettext("Algorithm: %s\n"),
304 304 decode(key_algorithm, attrib));
305 305
306 306 /* Authorization required */
307 307 ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
308 308 TSS_TSPATTRIB_KEYINFO_AUTHUSAGE, &attrib);
309 309 if (ret) {
310 310 print_error(ret, gettext("Get key authusage"));
311 311 }
312 312 (void) printf(gettext("Authorization required: %s\n"),
313 313 attrib ? gettext("Yes") : gettext("No"));
314 314
315 315 /* Signature scheme */
316 316 ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
317 317 TSS_TSPATTRIB_KEYINFO_SIGSCHEME, &attrib);
318 318 if (ret) {
319 319 print_error(ret, gettext("Get key signature scheme"));
320 320 }
321 321 (void) printf(gettext("Signature scheme: %s\n"),
322 322 decode(key_sigscheme, attrib));
323 323
324 324 /* Encoding scheme */
325 325 ret = Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO,
326 326 TSS_TSPATTRIB_KEYINFO_ENCSCHEME, &attrib);
327 327 if (ret) {
328 328 print_error(ret, gettext("Get key encoding scheme"));
329 329 }
330 330 (void) printf(gettext("Encoding scheme: %s\n"),
331 331 decode(key_encscheme, attrib));
332 332
333 333 /* Key blob */
334 334 ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
335 335 TSS_TSPATTRIB_KEYBLOB_BLOB, &keyInfoSize, &keyInfo);
336 336 if (ret) {
337 337 print_error(ret, gettext("Get key blob"));
338 338 }
339 339 (void) printf(gettext("TPM Key Blob:\n"));
340 340 print_bytes(keyInfo, keyInfoSize, TRUE);
341 341 ret = Tspi_Context_FreeMemory(hContext, keyInfo);
342 342 if (ret) {
343 343 print_error(ret, gettext("Free key info buffer"));
344 344 }
345 345 }
346 346
347 347 typedef struct hash_node {
348 348 struct hash_node *next, *sibling, *child;
349 349 TSS_UUID uuid;
350 350 TSS_KM_KEYINFO2 *key_data;
351 351 } hash_node_t;
352 352
353 353 #define HASHSIZE 17
354 354 hash_node_t *hash_table[HASHSIZE];
355 355
356 356 static hash_node_t *
357 357 hash_insert(TSS_UUID uuid, TSS_KM_KEYINFO2 *key_data)
358 358 {
359 359 UINT32 i, index = 0;
360 360 hash_node_t *node;
361 361 char *cp;
362 362
363 363 cp = (char *)&uuid;
364 364 for (i = 0; i < sizeof (TSS_UUID); i++)
365 365 index += cp[i];
366 366 index = index % HASHSIZE;
367 367
368 368 for (node = hash_table[index]; node != NULL; node = node->next) {
369 369 if (memcmp(&(node->uuid), &uuid, sizeof (TSS_UUID)) == 0)
370 370 break;
371 371 }
372 372
373 373 if (node == NULL) {
374 374 node = calloc(1, sizeof (hash_node_t));
375 375 node->uuid = uuid;
376 376 node->next = hash_table[index];
377 377 hash_table[index] = node;
378 378 }
379 379 if (node->key_data == NULL)
380 380 node->key_data = key_data;
381 381
382 382 return (node);
383 383 }
384 384
385 385 static void
386 386 add_child(hash_node_t *parent, hash_node_t *child)
387 387 {
388 388 hash_node_t *node;
389 389
390 390 for (node = parent->child; node != NULL; node = node->next) {
391 391 if (node == child)
392 392 return;
393 393 }
394 394
395 395 child->sibling = parent->child;
396 396 parent->child = child;
397 397 }
398 398
399 399 static void
400 400 print_all(hash_node_t *parent, int indent)
401 401 {
402 402 char uuidstr[UUID_PRINTABLE_STRING_LENGTH];
403 403 hash_node_t *node;
404 404 char *type, *loaded;
405 405
406 406 uuid_unparse(*(uuid_t *)&parent->uuid, uuidstr);
407 407 type = (parent->key_data->persistentStorageType == TSS_PS_TYPE_USER) ?
408 408 "USER" : "SYSTEM";
409 409 loaded = parent->key_data->fIsLoaded ? "(loaded)" : "";
410 410 (void) printf("%*s[%s] %s %s\n", indent, "",
411 411 type, uuidstr, loaded);
412 412
413 413 for (node = parent->child; node != NULL; node = node->sibling)
414 414 print_all(node, indent + 4);
415 415 }
416 416
417 417 /*ARGSUSED*/
418 418 int
419 419 cmd_keyinfo(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
420 420 {
421 421 TSS_RESULT ret;
422 422 UINT32 i, num_keys;
423 423 TSS_KM_KEYINFO2 *keys;
424 424 hash_node_t *parent, *child, *srk = NULL;
425 425 TSS_HKEY hKey;
426 426 union {
427 427 uuid_t arr_uuid;
428 428 TSS_UUID tss_uuid;
429 429 } uuid;
430 430
431 431 switch (argc) {
432 432 case 1:
433 433 /* Print key hierarchy */
434 434 ret = Tspi_Context_GetRegisteredKeysByUUID2(hContext,
435 435 TSS_PS_TYPE_USER, NULL, &num_keys, &keys);
436 436 if (ret) {
437 437 print_error(ret, gettext("Get key hierarchy"));
438 438 return (ERR_FAIL);
439 439 }
440 440
441 441 for (i = 0; i < num_keys; i++) {
442 442 parent = hash_insert(keys[i].parentKeyUUID, NULL);
443 443 child = hash_insert(keys[i].keyUUID, &keys[i]);
444 444 add_child(parent, child);
445 445 if (memcmp(&(keys[i].keyUUID), &srk_uuid,
446 446 sizeof (TSS_UUID)) == 0)
447 447 srk = child;
448 448 }
449 449
450 450 if (srk != NULL)
451 451 print_all(srk, 0);
452 452 ret = Tspi_Context_FreeMemory(hContext, (BYTE *) keys);
453 453 if (ret) {
454 454 print_error(ret, gettext("Free key list"));
455 455 return (ERR_FAIL);
456 456 }
457 457 return (0);
458 458
459 459 case 2:
460 460 /* Print detailed info about a single key */
461 461 if (uuid_parse(argv[1], uuid.arr_uuid))
462 462 return (ERR_FAIL);
463 463 ret = Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_USER,
464 464 uuid.tss_uuid, &hKey);
465 465 if (ret == TSP_ERROR(TSS_E_PS_KEY_NOTFOUND)) {
466 466 ret = Tspi_Context_GetKeyByUUID(hContext,
467 467 TSS_PS_TYPE_SYSTEM, uuid.tss_uuid, &hKey);
468 468 }
469 469 if (ret) {
470 470 print_error(ret, gettext("Get key by UUID"));
471 471 return (ERR_FAIL);
472 472 }
473 473 print_key_info(hContext, hKey);
474 474 return (0);
475 475
476 476 default:
477 477 (void) fprintf(stderr, gettext("Usage:\n"));
478 478 (void) fprintf(stderr, "\tkeyinfo [uuid]\n");
479 479 return (ERR_USAGE);
480 480 }
481 481 }
482 482
483 483 /*ARGSUSED*/
484 484 int
485 485 cmd_deletekey(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
486 486 {
487 487 TSS_RESULT ret;
488 488 TSS_HOBJECT hKey;
489 489 union {
490 490 uuid_t arr_uuid;
491 491 TSS_UUID tss_uuid;
492 492 } uuid;
493 493
494 494 if (argc < 2) {
495 495 (void) fprintf(stderr, gettext("Usage:\n"));
496 496 (void) fprintf(stderr, "\tdeletekey [uuid]\n");
497 497 return (ERR_USAGE);
498 498 }
499 499 if (uuid_parse(argv[1], uuid.arr_uuid))
500 500 return (ERR_FAIL);
501 501 ret = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_USER,
502 502 uuid.tss_uuid, &hKey);
503 503 if (ret == TSP_ERROR(TSS_E_PS_KEY_NOTFOUND)) {
504 504 ret = Tspi_Context_UnregisterKey(hContext, TSS_PS_TYPE_SYSTEM,
505 505 uuid.tss_uuid, &hKey);
506 506 }
507 507 if (ret) {
508 508 print_error(ret, gettext("Unregister key"));
509 509 return (ERR_FAIL);
510 510 }
511 511 return (0);
512 512 }
513 513
514 514 /*
515 515 * Clear
516 516 */
517 517
518 518 static int
519 519 clearowner(TSS_HTPM hTPM)
520 520 {
521 521 TSS_RESULT ret;
522 522
523 523 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
524 524 gettext("= TPM owner passphrase ="), 0, NULL))
525 525 return (ERR_FAIL);
526 526
527 527 ret = Tspi_TPM_ClearOwner(hTPM, FALSE);
528 528 if (ret) {
529 529 print_error(ret, gettext("Clear TPM owner"));
530 530 return (ERR_FAIL);
531 531 }
532 532 return (0);
533 533 }
534 534
535 535 static int
536 536 resetlock(TSS_HTPM hTPM)
537 537 {
538 538 TSS_RESULT ret;
539 539
540 540 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
541 541 gettext("= TPM owner passphrase ="), 0, NULL))
542 542 return (ERR_FAIL);
543 543
544 544 ret = Tspi_TPM_SetStatus(hTPM, TSS_TPMSTATUS_RESETLOCK, TRUE);
545 545 if (ret) {
546 546 print_error(ret, gettext("Reset Lock"));
547 547 return (ERR_FAIL);
548 548 }
549 549 return (0);
550 550 }
551 551
552 552 /*ARGSUSED*/
553 553 int
554 554 cmd_clear(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
555 555 {
556 556 char *subcmd = argv[1];
557 557
558 558 if (subcmd && strcmp(subcmd, "lock") == 0) {
559 559 return (resetlock(hTPM));
560 560 } else if (subcmd && strcmp(subcmd, "owner") == 0) {
561 561 return (clearowner(hTPM));
562 562 } else {
563 563 (void) fprintf(stderr, gettext("Usage:\n"));
564 564 (void) fprintf(stderr, "\tclear owner\n");
565 565 (void) fprintf(stderr, "\tclear lock\n");
566 566 return (ERR_USAGE);
567 567 }
568 568 }
569 569
570 570
571 571 /*
572 572 * TPM initialization
573 573 */
574 574
575 575 static int
576 576 get_random(UINT32 size, BYTE *randomBytes)
577 577 {
578 578 int fd, len;
579 579 BYTE *buf;
580 580
581 581 fd = open("/dev/random", O_RDONLY);
582 582 if (fd == -1) {
583 583 (void) fprintf(stderr, gettext("Unable to open /dev/random"));
584 584 return (-1);
585 585 }
586 586
587 587 buf = randomBytes;
588 588 while (size > 0) {
589 589 len = read(fd, buf, size);
590 590 if (len <= 0) {
591 591 (void) close(fd);
592 592 (void) fprintf(stderr,
593 593 gettext("Error reading /dev/random"));
594 594 return (-1);
595 595 }
596 596 size -= len;
597 597 buf += len;
598 598 }
599 599
600 600 (void) close(fd);
601 601 return (0);
602 602 }
603 603
604 604 static int
605 605 createek(TSS_HCONTEXT hContext, TSS_HTPM hTPM)
606 606 {
607 607 TSS_RESULT ret;
608 608 TSS_HOBJECT hKeyEK;
609 609 TSS_VALIDATION ValidationData;
610 610 TPM_NONCE nonce;
611 611 TPM_DIGEST digest;
612 612
613 613 /* Create the empty key struct for EK */
614 614 ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
615 615 (TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NON_VOLATILE |
616 616 TSS_KEY_NOT_MIGRATABLE | TSS_KEY_TYPE_STORAGE |
617 617 TSS_KEY_SIZE_2048 | TSS_KEY_NOT_CERTIFIED_MIGRATABLE |
618 618 TSS_KEY_STRUCT_KEY12 | TSS_KEY_EMPTY_KEY),
619 619 &hKeyEK);
620 620 if (ret) {
621 621 print_error(ret, gettext("Create endorsement key object"));
622 622 return (ERR_FAIL);
623 623 }
624 624
625 625 ValidationData.ulExternalDataLength = sizeof (nonce);
626 626 ValidationData.rgbExternalData = (BYTE *) &nonce;
627 627 ret = get_random(sizeof (nonce), (BYTE *) &nonce);
628 628 if (ret)
629 629 return (ERR_FAIL);
630 630 ValidationData.ulValidationDataLength = sizeof (digest);
631 631 ValidationData.rgbValidationData = (BYTE *) &digest;
632 632
633 633 ret = Tspi_TPM_CreateEndorsementKey(hTPM, hKeyEK, &ValidationData);
634 634 if (ret) {
635 635 print_error(ret, gettext("Create endorsement key"));
636 636 return (ERR_FAIL);
637 637 }
638 638
639 639 return (0);
640 640 }
641 641
642 642 /*ARGSUSED*/
643 643 int
644 644 cmd_init(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
645 645 {
646 646 TSS_RESULT ret;
647 647 TSS_HOBJECT hKeySRK;
648 648
649 649 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
650 650 gettext("= TPM owner passphrase ="), 0, NULL))
651 651 return (ERR_FAIL);
652 652
653 653 ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
|
↓ open down ↓ |
653 lines elided |
↑ open up ↑ |
654 654 TSS_KEY_TSP_SRK | TSS_KEY_AUTHORIZATION, &hKeySRK);
655 655 if (ret) {
656 656 print_error(ret, gettext("Create storage root key"));
657 657 return (ERR_FAIL);
658 658 }
659 659
660 660 if (set_object_policy(hKeySRK, TSS_SECRET_MODE_SHA1, NULL,
661 661 sizeof (well_known), well_known))
662 662 return (ERR_FAIL);
663 663
664 - ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
664 + ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, (TSS_HKEY)NULL);
665 665 if (ret == TPM_E_NO_ENDORSEMENT) {
666 666 if (createek(hContext, hTPM))
667 667 return (ERR_FAIL);
668 - ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, NULL);
668 + ret = Tspi_TPM_TakeOwnership(hTPM, hKeySRK, (TSS_HKEY)NULL);
669 669 }
670 670 if (ret) {
671 671 print_error(ret, gettext("Take ownership"));
672 672 return (ERR_FAIL);
673 673 }
674 674
675 675 return (0);
676 676 }
677 677
678 678 /*
679 679 * Auth
680 680 */
681 681
682 682 /*ARGSUSED*/
683 683 int
684 684 cmd_auth(TSS_HCONTEXT hContext, TSS_HTPM hTPM, int argc, char *argv[])
685 685 {
686 686 TSS_RESULT ret;
687 687 TSS_HPOLICY hNewPolicy;
688 688
689 689 if (set_object_policy(hTPM, TSS_SECRET_MODE_POPUP,
690 690 gettext("= TPM owner passphrase ="), 0, NULL))
691 691 return (ERR_FAIL);
692 692
693 693 /* policy object for new passphrase */
|
↓ open down ↓ |
15 lines elided |
↑ open up ↑ |
694 694 ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY,
695 695 TSS_POLICY_USAGE, &hNewPolicy);
696 696 if (ret) {
697 697 print_error(ret, gettext("Create policy object"));
698 698 return (ERR_FAIL);
699 699 }
700 700 if (set_policy_options(hNewPolicy, TSS_SECRET_MODE_POPUP,
701 701 gettext("= New TPM owner passphrase ="), 0, NULL))
702 702 return (ERR_FAIL);
703 703
704 - ret = Tspi_ChangeAuth(hTPM, NULL, hNewPolicy);
704 + ret = Tspi_ChangeAuth(hTPM, (TSS_HOBJECT)NULL, hNewPolicy);
705 705 if (ret && ret != TSP_ERROR(TSS_E_POLICY_NO_SECRET)) {
706 706 print_error(ret, gettext("Change authorization"));
707 707 return (ERR_FAIL);
708 708 }
709 709
710 710 return (0);
711 711 }
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX