./0000751000175000017500000000000013133242450007154 5ustar lo1lo1./tpmutils/0000751000175000017500000000000013133212575011042 5ustar lo1lo1./tpmutils/policynvwritten/0000751000175000017500000000000013133212573014320 5ustar lo1lo1./tpmutils/policynvwritten/policynvwritten.vcxproj0000644000175000017500000001052713021302234021214 0ustar lo1lo1 Debug Win32 Release Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC} Win32Proj policynvwritten Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policynvwritten/policynvwritten.vcxproj.filters0000644000175000017500000000217012551030744022671 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/changepps/0000751000175000017500000000000013133212573013010 5ustar lo1lo1./tpmutils/changepps/changepps.vcxproj.filters0000644000175000017500000000216212551030744020052 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/changepps/changepps.vcxproj0000644000175000017500000001051313021302234016367 0ustar lo1lo1 Debug Win32 Release Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F} Win32Proj changepps Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policycommandcode/0000751000175000017500000000000013133212573014531 5ustar lo1lo1./tpmutils/policycommandcode/policycommandcode.vcxproj.filters0000644000175000017500000000217212551030744023315 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policycommandcode/policycommandcode.vcxproj0000644000175000017500000001053313021302234021633 0ustar lo1lo1 Debug Win32 Release Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7} Win32Proj policycommandcode Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policypcr/0000751000175000017500000000000013133212574013045 5ustar lo1lo1./tpmutils/policypcr/policypcr.vcxproj0000644000175000017500000001051313021302234016457 0ustar lo1lo1 Debug Win32 Release Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB} Win32Proj policypcr Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policypcr/policypcr.vcxproj.filters0000644000175000017500000000216212551030744020142 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policyauthvalue/0000751000175000017500000000000013133212574014257 5ustar lo1lo1./tpmutils/policyauthvalue/policyauthvalue.vcxproj0000644000175000017500000001052713021302234021110 0ustar lo1lo1 Debug Win32 Release Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD} Win32Proj policyauthvalue Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policyauthvalue/policyauthvalue.vcxproj.filters0000644000175000017500000000217012551030744022565 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/t/0000751000175000017500000000000013133212575011305 5ustar lo1lo1./tpmutils/t/t.vcxproj.filters0000644000175000017500000000200212522466321014633 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files ./tpmutils/nvincrement/0000751000175000017500000000000013133212573013370 5ustar lo1lo1./tpmutils/nvincrement/nvincrement.vcxproj0000644000175000017500000001053113021302234017327 0ustar lo1lo1 Debug Win32 Release Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46} Win32Proj nvincrement Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvincrement/nvincrement.vcxproj.filters0000644000175000017500000000216712634034035021016 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/importpem/0000751000175000017500000000000013133212574013055 5ustar lo1lo1./tpmutils/importpem/importpem.vcxproj0000644000175000017500000001067013040240301016500 0ustar lo1lo1 Debug Win32 Release Win32 {5c11af70-45a6-4888-a66a-c0a70302bd89} {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F} Win32Proj importpem Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true ./tpmutils/importpem/importpem.vcxproj.filters0000644000175000017500000000256713040240301020155 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files Source Files ./tpmutils/dictionaryattackparameters/0000751000175000017500000000000013133212574016462 5ustar lo1lo1./tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj.filters0000644000175000017500000000220612551030744027173 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/dictionaryattackparameters/dictionaryattackparameters.vcxproj0000644000175000017500000001056713021302234025522 0ustar lo1lo1 Debug Win32 Release Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8} Win32Proj dictionaryattackparameters Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policyauthorizenv/0000751000175000017500000000000013133212573014636 5ustar lo1lo1./tpmutils/policyauthorizenv/policyauthorizenv.vcxproj.filters0000644000175000017500000000217513013374477023542 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policyauthorizenv/policyauthorizenv.vcxproj0000644000175000017500000001054513021302234022050 0ustar lo1lo1 Debug Win32 Release Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4} Win32Proj policyauthorizenv Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policysecret/0000751000175000017500000000000013133212574013546 5ustar lo1lo1./tpmutils/policysecret/policysecret.vcxproj.filters0000644000175000017500000000216512551030744021347 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policysecret/policysecret.vcxproj0000644000175000017500000001052113021302234017660 0ustar lo1lo1 Debug Win32 Release Win32 {7197B41C-7D27-49D3-93F7-F07841053801} Win32Proj policysecret Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/pcrevent/0000751000175000017500000000000013133212573012666 5ustar lo1lo1./tpmutils/pcrevent/pcrevent.vcxproj0000644000175000017500000001052313021302234016124 0ustar lo1lo1 Debug Win32 Release Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF} Win32Proj pcrevent Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/pcrevent/pcrevent.vcxproj.filters0000644000175000017500000000216412551030744017610 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policycphash/0000751000175000017500000000000013133212573013526 5ustar lo1lo1./tpmutils/policycphash/policycphash.vcxproj0000644000175000017500000001053313021302234017625 0ustar lo1lo1 Debug Win32 Release Win32 {13A99FC4-485B-48E2-8436-5807057340B1} Win32Proj policycphash Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policycphash/policycphash.vcxproj.filters0000644000175000017500000000217012551030744021305 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/certify/0000751000175000017500000000000013133212574012506 5ustar lo1lo1./tpmutils/certify/certify.vcxproj.filters0000644000175000017500000000216012551030744017242 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/certify/certify.vcxproj0000644000175000017500000001050713021302234015564 0ustar lo1lo1 Debug Win32 Release Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7} Win32Proj certify Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policyor/0000751000175000017500000000000013133212575012702 5ustar lo1lo1./tpmutils/policyor/policyor.vcxproj0000644000175000017500000001052313021302234016150 0ustar lo1lo1 Debug Win32 Release Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6} Win32Proj policyor Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policyor/policyor.vcxproj.filters0000644000175000017500000000216412551030744017634 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/signapp/0000751000175000017500000000000013133212574012502 5ustar lo1lo1./tpmutils/signapp/signapp.vcxproj0000644000175000017500000001067313053334647015602 0ustar lo1lo1 Debug Win32 Release Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0} Win32Proj signapp Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/signapp/signapp.vcxproj.filters0000644000175000017500000000250713053334647017246 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/hmacstart/0000751000175000017500000000000013133212574013027 5ustar lo1lo1./tpmutils/hmacstart/hmacstart.vcxproj0000644000175000017500000001051313021302234016423 0ustar lo1lo1 Debug Win32 Release Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E} Win32Proj hmacstart Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/hmacstart/hmacstart.vcxproj.filters0000644000175000017500000000216212551030744020106 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/pcrread/0000751000175000017500000000000013133212574012461 5ustar lo1lo1./tpmutils/pcrread/pcrread.vcxproj.filters0000644000175000017500000000216012551030744017170 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/pcrread/pcrread.vcxproj0000644000175000017500000001050713021302234015512 0ustar lo1lo1 Debug Win32 Release Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C} Win32Proj pcrread Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/hierarchychangeauth/0000751000175000017500000000000013133212573015046 5ustar lo1lo1./tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj0000644000175000017500000001053713021302234022471 0ustar lo1lo1 Debug Win32 Release Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691} Win32Proj hierarchychangeauth Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/hierarchychangeauth/hierarchychangeauth.vcxproj.filters0000644000175000017500000000217412551030744024151 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/powerup/0000751000175000017500000000000013133212575012543 5ustar lo1lo1./tpmutils/powerup/powerup.vcxproj0000644000175000017500000001050713021302234015654 0ustar lo1lo1 Debug Win32 Release Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B} Win32Proj powerup Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/powerup/powerup.vcxproj.filters0000644000175000017500000000216012551030744017332 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/create/0000751000175000017500000000000013133212575012305 5ustar lo1lo1./tpmutils/create/create.vcxproj.filters0000644000175000017500000000251313075666323016652 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/create/create.vcxproj0000644000175000017500000001066713075666323015214 0ustar lo1lo1 Debug Win32 Release Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180} Win32Proj create Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/tpmutils.sln0000644000175000017500000030326413075212665013462 0ustar lo1lo1 Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio 2013 VisualStudioVersion = 12.0.40629.0 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "startup", "startup\startup.vcxproj", "{8849C601-3B21-431D-AF37-07E534709F22}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "createprimary", "createprimary\createprimary.vcxproj", "{5B976902-A648-4C53-9369-6C1F8C6005E9}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "returncode", "returncode\returncode.vcxproj", "{29A866A4-1335-4392-AE4A-33C3F6494214}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "flushcontext", "flushcontext\flushcontext.vcxproj", "{A8378417-7874-4B9E-98E6-C11A3EFB536D}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "create", "create\create.vcxproj", "{FE0A477A-54D2-4E00-BB87-643E132DA180}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getcapability", "getcapability\getcapability.vcxproj", "{C6A4DBDA-8D62-4D64-8819-29B114F72201}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "load", "load\load.vcxproj", "{DF3F6BC5-C990-47F1-8567-2509D8FD983D}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "loadexternal", "loadexternal\loadexternal.vcxproj", "{ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tss", "tss\tss.vcxproj", "{5C11AF70-45A6-4888-A66A-C0A70302BD89}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "verifysignature", "verifysignature\verifysignature.vcxproj", "{D25746E2-59E2-4365-A25F-C924E773B965}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrextend", "pcrextend\pcrextend.vcxproj", "{7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrread", "pcrread\pcrread.vcxproj", "{41CD5BA6-60C0-43BF-A561-3014D86BAB5C}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrreset", "pcrreset\pcrreset.vcxproj", "{AB8D68EC-40B3-493A-97D9-068A0F7672D9}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "readpublic", "readpublic\readpublic.vcxproj", "{8E666FD9-011F-4785-9AF5-9EDA1ECAD866}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "objectchangeauth", "objectchangeauth\objectchangeauth.vcxproj", "{74D62780-8014-4995-8F98-0E971CDBC654}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsaencrypt", "rsaencrypt\rsaencrypt.vcxproj", "{0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rsadecrypt", "rsadecrypt\rsadecrypt.vcxproj", "{E83B00E0-5600-45AD-AB49-B1EF1BFE320F}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hash", "hash\hash.vcxproj", "{914EE78E-52FF-42A5-BD33-1E99E8E02CB0}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hmac", "hmac\hmac.vcxproj", "{15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getrandom", "getrandom\getrandom.vcxproj", "{1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "stirrandom", "stirrandom\stirrandom.vcxproj", "{48FD021B-EF09-4213-ABB7-3740E5ABE0BB}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "certify", "certify\certify.vcxproj", "{DBD7B8E9-FC88-4F61-9D11-68357F9062A7}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "quote", "quote\quote.vcxproj", "{CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "gettime", "gettime\gettime.vcxproj", "{FD53EE1E-5408-4389-B316-8195455A1D66}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "startauthsession", "startauthsession\startauthsession.vcxproj", "{BC6E6238-F667-485D-8374-B9A61F7B31B3}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvdefinespace", "nvdefinespace\nvdefinespace.vcxproj", "{38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvundefinespace", "nvundefinespace\nvundefinespace.vcxproj", "{79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvread", "nvread\nvread.vcxproj", "{A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvwrite", "nvwrite\nvwrite.vcxproj", "{D75A1275-02E7-4A31-828D-AA01C3EBA71E}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvreadpublic", "nvreadpublic\nvreadpublic.vcxproj", "{54BF993C-8B54-43EE-AAB3-1AB96FC59778}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policycommandcode", "policycommandcode\policycommandcode.vcxproj", "{45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policypassword", "policypassword\policypassword.vcxproj", "{D7B60443-2989-4FD6-A146-0EA6D9E89F22}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyauthvalue", "policyauthvalue\policyauthvalue.vcxproj", "{03931C8D-6BC7-4B7D-A248-DE898120AAAD}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policygetdigest", "policygetdigest\policygetdigest.vcxproj", "{ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policynvwritten", "policynvwritten\policynvwritten.vcxproj", "{826C049F-8499-4ECA-B98C-14338AFC84EC}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policysecret", "policysecret\policysecret.vcxproj", "{7197B41C-7D27-49D3-93F7-F07841053801}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policymaker", "policymaker\policymaker.vcxproj", "{306EFFD8-0AD8-4F98-B8BE-60DF258ED375}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "encryptdecrypt", "encryptdecrypt\encryptdecrypt.vcxproj", "{3415A0BB-AF85-41D0-9024-CC44B6D89FDF}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policysigned", "policysigned\policysigned.vcxproj", "{54DFC656-03A3-40CA-8576-4093CDFF7E8C}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hierarchychangeauth", "hierarchychangeauth\hierarchychangeauth.vcxproj", "{FF78859F-AA3A-406C-94DE-8B8EC61E2691}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hierarchycontrol", "hierarchycontrol\hierarchycontrol.vcxproj", "{1E7F8857-8635-4861-BCC0-FD074CC7A32B}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "setprimarypolicy", "setprimarypolicy\setprimarypolicy.vcxproj", "{CCF66411-F16C-4273-9950-8F7BCDDE5EF8}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "changepps", "changepps\changepps.vcxproj", "{D7AD97A2-4588-444D-8E8A-F953F43FBA4F}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "changeeps", "changeeps\changeeps.vcxproj", "{3DA913E8-EF9B-4B9C-8847-D7618BC07551}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clear", "clear\clear.vcxproj", "{D44D7554-7B47-4651-8011-10C821E2C313}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clearcontrol", "clearcontrol\clearcontrol.vcxproj", "{358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "powerup", "powerup\powerup.vcxproj", "{25E95C8F-70BA-4071-9D5B-8A41A4504E5B}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "evictcontrol", "evictcontrol\evictcontrol.vcxproj", "{A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sequencecomplete", "sequencecomplete\sequencecomplete.vcxproj", "{87D056D6-AB21-4420-B58E-4C595FE22726}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "contextsave", "contextsave\contextsave.vcxproj", "{08FD82ED-5872-4250-ADC0-B7B62DCE49BC}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "contextload", "contextload\contextload.vcxproj", "{BA6A5695-C1B4-4F1F-B794-8D67131443DF}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sequenceupdate", "sequenceupdate\sequenceupdate.vcxproj", "{28E834FA-EC3A-49A5-9F94-6C2E96C2818C}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hmacstart", "hmacstart\hmacstart.vcxproj", "{348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "hashsequencestart", "hashsequencestart\hashsequencestart.vcxproj", "{8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "readclock", "readclock\readclock.vcxproj", "{18057134-8F5A-4D9B-A419-C633DE19D8CC}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clockset", "clockset\clockset.vcxproj", "{ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "clockrateadjust", "clockrateadjust\clockrateadjust.vcxproj", "{6BB93AB7-5574-49C8-B248-CCA85638C2F1}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyauthorize", "policyauthorize\policyauthorize.vcxproj", "{1F934583-0C3F-48CA-B54E-EE88BFFAB39A}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyticket", "policyticket\policyticket.vcxproj", "{F9A80497-C9A5-4792-92AF-99B248FC399F}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policymakerpcr", "policymakerpcr\policymakerpcr.vcxproj", "{E9463166-7A93-4CF8-9A87-45A0A18E0322}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policynv", "policynv\policynv.vcxproj", "{7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policycphash", "policycphash\policycphash.vcxproj", "{13A99FC4-485B-48E2-8436-5807057340B1}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policycountertimer", "policycountertimer\policycountertimer.vcxproj", "{EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyor", "policyor\policyor.vcxproj", "{A50B4D6A-675A-42F9-802C-41B56AFF1AC6}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyrestart", "policyrestart\policyrestart.vcxproj", "{33EEEC2B-BBAB-4290-8B05-D4788750CDA2}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dictionaryattackparameters", "dictionaryattackparameters\dictionaryattackparameters.vcxproj", "{3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dictionaryattacklockreset", "dictionaryattacklockreset\dictionaryattacklockreset.vcxproj", "{FAE34595-8E6A-445B-AE74-1BD06A45A70A}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "unseal", "unseal\unseal.vcxproj", "{6B714F5E-F30C-443C-B855-0BA40BD255A4}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "duplicate", "duplicate\duplicate.vcxproj", "{658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "rewrap", "rewrap\rewrap.vcxproj", "{165F6E9A-F01A-4793-847C-FB5DC10F4F5B}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "import", "import\import.vcxproj", "{EBA425BE-67E2-4439-B330-56F441CC4C65}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sign", "sign\sign.vcxproj", "{E3FE27F0-5673-40B3-A4F2-D726A156CB1E}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvreadlock", "nvreadlock\nvreadlock.vcxproj", "{D1B36DE1-159D-4605-A5A4-30EE5BDE444B}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvcertify", "nvcertify\nvcertify.vcxproj", "{9F144AA3-F80A-45DA-A8C9-59FB393C48DE}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvchangeauth", "nvchangeauth\nvchangeauth.vcxproj", "{08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvglobalwritelock", "nvglobalwritelock\nvglobalwritelock.vcxproj", "{7E993D77-3B0B-40B1-BEA8-CE06926D3862}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvwritelock", "nvwritelock\nvwritelock.vcxproj", "{D28C2783-E07C-45FC-B893-E4E27C015849}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eventsequencecomplete", "eventsequencecomplete\eventsequencecomplete.vcxproj", "{4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrevent", "pcrevent\pcrevent.vcxproj", "{4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getcommandauditdigest", "getcommandauditdigest\getcommandauditdigest.vcxproj", "{E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "getsessionauditdigest", "getsessionauditdigest\getsessionauditdigest.vcxproj", "{C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "signapp", "signapp\signapp.vcxproj", "{E139963F-4EE2-453D-ADBB-65CB1F963CB0}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvundefinespacespecial", "nvundefinespacespecial\nvundefinespacespecial.vcxproj", "{1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "eccparameters", "eccparameters\eccparameters.vcxproj", "{CBD90144-0832-4864-A083-752E10180168}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policypcr", "policypcr\policypcr.vcxproj", "{AA80A720-59FE-496B-A90E-5697281DC9EB}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "shutdown", "shutdown\shutdown.vcxproj", "{CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "pcrallocate", "pcrallocate\pcrallocate.vcxproj", "{A6BC7558-DDF1-41F7-B3FE-48A8731B007F}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "createek", "createek\createek.vcxproj", "{658E9EB7-092C-42C3-8279-BDC65A1D0963}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvsetbits", "nvsetbits\nvsetbits.vcxproj", "{64792A11-D813-45AF-BE32-2C7FBFA37F30}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvincrement", "nvincrement\nvincrement.vcxproj", "{17C7B6D4-B608-4892-8E7C-F32AAF102D46}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nvextend", "nvextend\nvextend.vcxproj", "{2805603E-37DB-4BFA-9E75-6B71CA77E3C1}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "activatecredential", "activatecredential\activatecredential.vcxproj", "{A2B17262-A3C2-4048-A82B-4C89875AD9D0}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "makecredential", "makecredential\makecredential.vcxproj", "{E3BB242A-89DE-4EDF-B121-3557FB35A230}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "createloaded", "createloaded\createloaded.vcxproj", "{0050296D-12F4-410B-A1FE-FA3A53F81B6A}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policytemplate", "policytemplate\policytemplate.vcxproj", "{567E0B94-FF18-430A-9202-CFFEE1C94BDD}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "policyauthorizenv", "policyauthorizenv\policyauthorizenv.vcxproj", "{2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "importpem", "importpem\importpem.vcxproj", "{4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "writeapp", "writeapp\writeapp.vcxproj", "{BEFBAF6A-9211-4422-B3AB-E06D8689193E}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ecephemeral", "ecephemeral\ecephemeral.vcxproj", "{22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}" EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "commit", "commit\commit.vcxproj", "{2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU Debug|Mixed Platforms = Debug|Mixed Platforms Debug|Win32 = Debug|Win32 Release|Any CPU = Release|Any CPU Release|Mixed Platforms = Release|Mixed Platforms Release|Win32 = Release|Win32 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {8849C601-3B21-431D-AF37-07E534709F22}.Debug|Any CPU.ActiveCfg = Debug|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Debug|Win32.ActiveCfg = Debug|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Debug|Win32.Build.0 = Debug|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Release|Any CPU.ActiveCfg = Release|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Release|Mixed Platforms.Build.0 = Release|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Release|Win32.ActiveCfg = Release|Win32 {8849C601-3B21-431D-AF37-07E534709F22}.Release|Win32.Build.0 = Release|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Any CPU.ActiveCfg = Debug|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Win32.ActiveCfg = Debug|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Debug|Win32.Build.0 = Debug|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Any CPU.ActiveCfg = Release|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Mixed Platforms.Build.0 = Release|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Win32.ActiveCfg = Release|Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9}.Release|Win32.Build.0 = Release|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Any CPU.ActiveCfg = Debug|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Win32.ActiveCfg = Debug|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Debug|Win32.Build.0 = Debug|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Any CPU.ActiveCfg = Release|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Mixed Platforms.Build.0 = Release|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Win32.ActiveCfg = Release|Win32 {29A866A4-1335-4392-AE4A-33C3F6494214}.Release|Win32.Build.0 = Release|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Any CPU.ActiveCfg = Debug|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Win32.ActiveCfg = Debug|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Debug|Win32.Build.0 = Debug|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Any CPU.ActiveCfg = Release|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Mixed Platforms.Build.0 = Release|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Win32.ActiveCfg = Release|Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D}.Release|Win32.Build.0 = Release|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Any CPU.ActiveCfg = Debug|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Win32.ActiveCfg = Debug|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Debug|Win32.Build.0 = Debug|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Any CPU.ActiveCfg = Release|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Mixed Platforms.Build.0 = Release|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Win32.ActiveCfg = Release|Win32 {FE0A477A-54D2-4E00-BB87-643E132DA180}.Release|Win32.Build.0 = Release|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Any CPU.ActiveCfg = Debug|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Win32.ActiveCfg = Debug|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Debug|Win32.Build.0 = Debug|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Any CPU.ActiveCfg = Release|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Mixed Platforms.Build.0 = Release|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Win32.ActiveCfg = Release|Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201}.Release|Win32.Build.0 = Release|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Any CPU.ActiveCfg = Debug|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Win32.ActiveCfg = Debug|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Debug|Win32.Build.0 = Debug|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Any CPU.ActiveCfg = Release|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Mixed Platforms.Build.0 = Release|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Win32.ActiveCfg = Release|Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D}.Release|Win32.Build.0 = Release|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Any CPU.ActiveCfg = Debug|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Win32.ActiveCfg = Debug|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Debug|Win32.Build.0 = Debug|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Any CPU.ActiveCfg = Release|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Mixed Platforms.Build.0 = Release|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Win32.ActiveCfg = Release|Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C}.Release|Win32.Build.0 = Release|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Any CPU.ActiveCfg = Debug|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Win32.ActiveCfg = Debug|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Debug|Win32.Build.0 = Debug|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Any CPU.ActiveCfg = Release|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Mixed Platforms.Build.0 = Release|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Win32.ActiveCfg = Release|Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89}.Release|Win32.Build.0 = Release|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Any CPU.ActiveCfg = Debug|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Win32.ActiveCfg = Debug|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Debug|Win32.Build.0 = Debug|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Release|Any CPU.ActiveCfg = Release|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Release|Mixed Platforms.Build.0 = Release|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Release|Win32.ActiveCfg = Release|Win32 {D25746E2-59E2-4365-A25F-C924E773B965}.Release|Win32.Build.0 = Release|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Any CPU.ActiveCfg = Debug|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Win32.ActiveCfg = Debug|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Debug|Win32.Build.0 = Debug|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Any CPU.ActiveCfg = Release|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Mixed Platforms.Build.0 = Release|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Win32.ActiveCfg = Release|Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6}.Release|Win32.Build.0 = Release|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Any CPU.ActiveCfg = Debug|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Win32.ActiveCfg = Debug|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Debug|Win32.Build.0 = Debug|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Any CPU.ActiveCfg = Release|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Mixed Platforms.Build.0 = Release|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Win32.ActiveCfg = Release|Win32 {41CD5BA6-60C0-43BF-A561-3014D86BAB5C}.Release|Win32.Build.0 = Release|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Any CPU.ActiveCfg = Debug|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Win32.ActiveCfg = Debug|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Debug|Win32.Build.0 = Debug|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Any CPU.ActiveCfg = Release|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Mixed Platforms.Build.0 = Release|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Win32.ActiveCfg = Release|Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9}.Release|Win32.Build.0 = Release|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Any CPU.ActiveCfg = Debug|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Win32.ActiveCfg = Debug|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Debug|Win32.Build.0 = Debug|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Any CPU.ActiveCfg = Release|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Mixed Platforms.Build.0 = Release|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Win32.ActiveCfg = Release|Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866}.Release|Win32.Build.0 = Release|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Any CPU.ActiveCfg = Debug|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Win32.ActiveCfg = Debug|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Debug|Win32.Build.0 = Debug|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Release|Any CPU.ActiveCfg = Release|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Release|Mixed Platforms.Build.0 = Release|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Release|Win32.ActiveCfg = Release|Win32 {74D62780-8014-4995-8F98-0E971CDBC654}.Release|Win32.Build.0 = Release|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Any CPU.ActiveCfg = Debug|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Win32.ActiveCfg = Debug|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Debug|Win32.Build.0 = Debug|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Any CPU.ActiveCfg = Release|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Mixed Platforms.Build.0 = Release|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Win32.ActiveCfg = Release|Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B}.Release|Win32.Build.0 = Release|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Any CPU.ActiveCfg = Debug|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Win32.ActiveCfg = Debug|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Debug|Win32.Build.0 = Debug|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Any CPU.ActiveCfg = Release|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Mixed Platforms.Build.0 = Release|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Win32.ActiveCfg = Release|Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F}.Release|Win32.Build.0 = Release|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Any CPU.ActiveCfg = Debug|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Win32.ActiveCfg = Debug|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Debug|Win32.Build.0 = Debug|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Any CPU.ActiveCfg = Release|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Mixed Platforms.Build.0 = Release|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Win32.ActiveCfg = Release|Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0}.Release|Win32.Build.0 = Release|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Any CPU.ActiveCfg = Debug|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Win32.ActiveCfg = Debug|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Debug|Win32.Build.0 = Debug|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Any CPU.ActiveCfg = Release|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Mixed Platforms.Build.0 = Release|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Win32.ActiveCfg = Release|Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42}.Release|Win32.Build.0 = Release|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Any CPU.ActiveCfg = Debug|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Win32.ActiveCfg = Debug|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Debug|Win32.Build.0 = Debug|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Any CPU.ActiveCfg = Release|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Mixed Platforms.Build.0 = Release|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Win32.ActiveCfg = Release|Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D}.Release|Win32.Build.0 = Release|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Any CPU.ActiveCfg = Debug|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Win32.ActiveCfg = Debug|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Debug|Win32.Build.0 = Debug|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Any CPU.ActiveCfg = Release|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Mixed Platforms.Build.0 = Release|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Win32.ActiveCfg = Release|Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB}.Release|Win32.Build.0 = Release|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Any CPU.ActiveCfg = Debug|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Win32.ActiveCfg = Debug|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Debug|Win32.Build.0 = Debug|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Any CPU.ActiveCfg = Release|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Mixed Platforms.Build.0 = Release|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Win32.ActiveCfg = Release|Win32 {DBD7B8E9-FC88-4F61-9D11-68357F9062A7}.Release|Win32.Build.0 = Release|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Any CPU.ActiveCfg = Debug|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Win32.ActiveCfg = Debug|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Debug|Win32.Build.0 = Debug|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Any CPU.ActiveCfg = Release|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Mixed Platforms.Build.0 = Release|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Win32.ActiveCfg = Release|Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF}.Release|Win32.Build.0 = Release|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Any CPU.ActiveCfg = Debug|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Win32.ActiveCfg = Debug|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Debug|Win32.Build.0 = Debug|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Any CPU.ActiveCfg = Release|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Mixed Platforms.Build.0 = Release|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Win32.ActiveCfg = Release|Win32 {FD53EE1E-5408-4389-B316-8195455A1D66}.Release|Win32.Build.0 = Release|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Any CPU.ActiveCfg = Debug|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Win32.ActiveCfg = Debug|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Debug|Win32.Build.0 = Debug|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Any CPU.ActiveCfg = Release|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Mixed Platforms.Build.0 = Release|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Win32.ActiveCfg = Release|Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3}.Release|Win32.Build.0 = Release|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Any CPU.ActiveCfg = Debug|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Win32.ActiveCfg = Debug|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Debug|Win32.Build.0 = Debug|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Any CPU.ActiveCfg = Release|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Mixed Platforms.Build.0 = Release|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Win32.ActiveCfg = Release|Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0}.Release|Win32.Build.0 = Release|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Any CPU.ActiveCfg = Debug|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Win32.ActiveCfg = Debug|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Debug|Win32.Build.0 = Debug|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Any CPU.ActiveCfg = Release|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Mixed Platforms.Build.0 = Release|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Win32.ActiveCfg = Release|Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD}.Release|Win32.Build.0 = Release|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Any CPU.ActiveCfg = Debug|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Win32.ActiveCfg = Debug|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Debug|Win32.Build.0 = Debug|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Any CPU.ActiveCfg = Release|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Mixed Platforms.Build.0 = Release|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Win32.ActiveCfg = Release|Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5}.Release|Win32.Build.0 = Release|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Any CPU.ActiveCfg = Debug|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Win32.ActiveCfg = Debug|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Debug|Win32.Build.0 = Debug|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Any CPU.ActiveCfg = Release|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Mixed Platforms.Build.0 = Release|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Win32.ActiveCfg = Release|Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E}.Release|Win32.Build.0 = Release|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Any CPU.ActiveCfg = Debug|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Win32.ActiveCfg = Debug|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Debug|Win32.Build.0 = Debug|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Any CPU.ActiveCfg = Release|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Mixed Platforms.Build.0 = Release|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Win32.ActiveCfg = Release|Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778}.Release|Win32.Build.0 = Release|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Any CPU.ActiveCfg = Debug|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Win32.ActiveCfg = Debug|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Debug|Win32.Build.0 = Debug|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Any CPU.ActiveCfg = Release|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Mixed Platforms.Build.0 = Release|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Win32.ActiveCfg = Release|Win32 {45DF0D7F-8F4C-487D-AAE5-A74064C0A2D7}.Release|Win32.Build.0 = Release|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Any CPU.ActiveCfg = Debug|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Win32.ActiveCfg = Debug|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Debug|Win32.Build.0 = Debug|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Any CPU.ActiveCfg = Release|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Mixed Platforms.Build.0 = Release|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Win32.ActiveCfg = Release|Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22}.Release|Win32.Build.0 = Release|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Any CPU.ActiveCfg = Debug|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Win32.ActiveCfg = Debug|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Debug|Win32.Build.0 = Debug|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Any CPU.ActiveCfg = Release|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Mixed Platforms.Build.0 = Release|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Win32.ActiveCfg = Release|Win32 {03931C8D-6BC7-4B7D-A248-DE898120AAAD}.Release|Win32.Build.0 = Release|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Any CPU.ActiveCfg = Debug|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Win32.ActiveCfg = Debug|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Debug|Win32.Build.0 = Debug|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Any CPU.ActiveCfg = Release|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Mixed Platforms.Build.0 = Release|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Win32.ActiveCfg = Release|Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B}.Release|Win32.Build.0 = Release|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Any CPU.ActiveCfg = Debug|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Win32.ActiveCfg = Debug|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Debug|Win32.Build.0 = Debug|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Any CPU.ActiveCfg = Release|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Mixed Platforms.Build.0 = Release|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Win32.ActiveCfg = Release|Win32 {826C049F-8499-4ECA-B98C-14338AFC84EC}.Release|Win32.Build.0 = Release|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Any CPU.ActiveCfg = Debug|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Win32.ActiveCfg = Debug|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Debug|Win32.Build.0 = Debug|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Release|Any CPU.ActiveCfg = Release|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Release|Mixed Platforms.Build.0 = Release|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Release|Win32.ActiveCfg = Release|Win32 {7197B41C-7D27-49D3-93F7-F07841053801}.Release|Win32.Build.0 = Release|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Any CPU.ActiveCfg = Debug|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Win32.ActiveCfg = Debug|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Debug|Win32.Build.0 = Debug|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Any CPU.ActiveCfg = Release|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Mixed Platforms.Build.0 = Release|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Win32.ActiveCfg = Release|Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375}.Release|Win32.Build.0 = Release|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Any CPU.ActiveCfg = Debug|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Win32.ActiveCfg = Debug|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Debug|Win32.Build.0 = Debug|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Any CPU.ActiveCfg = Release|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Mixed Platforms.Build.0 = Release|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Win32.ActiveCfg = Release|Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF}.Release|Win32.Build.0 = Release|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Any CPU.ActiveCfg = Debug|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Win32.ActiveCfg = Debug|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Debug|Win32.Build.0 = Debug|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Any CPU.ActiveCfg = Release|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Mixed Platforms.Build.0 = Release|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Win32.ActiveCfg = Release|Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C}.Release|Win32.Build.0 = Release|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Any CPU.ActiveCfg = Debug|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Win32.ActiveCfg = Debug|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Debug|Win32.Build.0 = Debug|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Any CPU.ActiveCfg = Release|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Mixed Platforms.Build.0 = Release|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Win32.ActiveCfg = Release|Win32 {FF78859F-AA3A-406C-94DE-8B8EC61E2691}.Release|Win32.Build.0 = Release|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Any CPU.ActiveCfg = Debug|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Win32.ActiveCfg = Debug|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Debug|Win32.Build.0 = Debug|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Any CPU.ActiveCfg = Release|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Mixed Platforms.Build.0 = Release|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Win32.ActiveCfg = Release|Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B}.Release|Win32.Build.0 = Release|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Any CPU.ActiveCfg = Debug|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Win32.ActiveCfg = Debug|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Debug|Win32.Build.0 = Debug|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Any CPU.ActiveCfg = Release|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Mixed Platforms.Build.0 = Release|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Win32.ActiveCfg = Release|Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8}.Release|Win32.Build.0 = Release|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Any CPU.ActiveCfg = Debug|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Win32.ActiveCfg = Debug|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Debug|Win32.Build.0 = Debug|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Any CPU.ActiveCfg = Release|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Mixed Platforms.Build.0 = Release|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Win32.ActiveCfg = Release|Win32 {D7AD97A2-4588-444D-8E8A-F953F43FBA4F}.Release|Win32.Build.0 = Release|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Any CPU.ActiveCfg = Debug|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Win32.ActiveCfg = Debug|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Debug|Win32.Build.0 = Debug|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Any CPU.ActiveCfg = Release|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Mixed Platforms.Build.0 = Release|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Win32.ActiveCfg = Release|Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551}.Release|Win32.Build.0 = Release|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Any CPU.ActiveCfg = Debug|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Win32.ActiveCfg = Debug|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Debug|Win32.Build.0 = Debug|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Release|Any CPU.ActiveCfg = Release|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Release|Mixed Platforms.Build.0 = Release|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Release|Win32.ActiveCfg = Release|Win32 {D44D7554-7B47-4651-8011-10C821E2C313}.Release|Win32.Build.0 = Release|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Any CPU.ActiveCfg = Debug|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Win32.ActiveCfg = Debug|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Debug|Win32.Build.0 = Debug|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Any CPU.ActiveCfg = Release|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Mixed Platforms.Build.0 = Release|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Win32.ActiveCfg = Release|Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1}.Release|Win32.Build.0 = Release|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Any CPU.ActiveCfg = Debug|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Win32.ActiveCfg = Debug|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Debug|Win32.Build.0 = Debug|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Any CPU.ActiveCfg = Release|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Mixed Platforms.Build.0 = Release|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Win32.ActiveCfg = Release|Win32 {25E95C8F-70BA-4071-9D5B-8A41A4504E5B}.Release|Win32.Build.0 = Release|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Any CPU.ActiveCfg = Debug|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Win32.ActiveCfg = Debug|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Debug|Win32.Build.0 = Debug|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Any CPU.ActiveCfg = Release|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Mixed Platforms.Build.0 = Release|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Win32.ActiveCfg = Release|Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C}.Release|Win32.Build.0 = Release|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Any CPU.ActiveCfg = Debug|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Win32.ActiveCfg = Debug|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Debug|Win32.Build.0 = Debug|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Any CPU.ActiveCfg = Release|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Mixed Platforms.Build.0 = Release|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Win32.ActiveCfg = Release|Win32 {87D056D6-AB21-4420-B58E-4C595FE22726}.Release|Win32.Build.0 = Release|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Any CPU.ActiveCfg = Debug|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Win32.ActiveCfg = Debug|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Debug|Win32.Build.0 = Debug|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Any CPU.ActiveCfg = Release|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Mixed Platforms.Build.0 = Release|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Win32.ActiveCfg = Release|Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC}.Release|Win32.Build.0 = Release|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Any CPU.ActiveCfg = Debug|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Win32.ActiveCfg = Debug|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Debug|Win32.Build.0 = Debug|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Any CPU.ActiveCfg = Release|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Mixed Platforms.Build.0 = Release|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Win32.ActiveCfg = Release|Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF}.Release|Win32.Build.0 = Release|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Any CPU.ActiveCfg = Debug|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Win32.ActiveCfg = Debug|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Debug|Win32.Build.0 = Debug|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Any CPU.ActiveCfg = Release|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Mixed Platforms.Build.0 = Release|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Win32.ActiveCfg = Release|Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C}.Release|Win32.Build.0 = Release|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Any CPU.ActiveCfg = Debug|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Win32.ActiveCfg = Debug|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Debug|Win32.Build.0 = Debug|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Any CPU.ActiveCfg = Release|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Mixed Platforms.Build.0 = Release|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Win32.ActiveCfg = Release|Win32 {348E4F87-1680-41E5-BEEB-2CDB3A18AB7E}.Release|Win32.Build.0 = Release|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Any CPU.ActiveCfg = Debug|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Win32.ActiveCfg = Debug|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Debug|Win32.Build.0 = Debug|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Any CPU.ActiveCfg = Release|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Mixed Platforms.Build.0 = Release|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Win32.ActiveCfg = Release|Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC}.Release|Win32.Build.0 = Release|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Any CPU.ActiveCfg = Debug|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Win32.ActiveCfg = Debug|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Debug|Win32.Build.0 = Debug|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Any CPU.ActiveCfg = Release|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Mixed Platforms.Build.0 = Release|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Win32.ActiveCfg = Release|Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC}.Release|Win32.Build.0 = Release|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Any CPU.ActiveCfg = Debug|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Win32.ActiveCfg = Debug|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Debug|Win32.Build.0 = Debug|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Any CPU.ActiveCfg = Release|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Mixed Platforms.Build.0 = Release|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Win32.ActiveCfg = Release|Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA}.Release|Win32.Build.0 = Release|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Any CPU.ActiveCfg = Debug|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Win32.ActiveCfg = Debug|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Debug|Win32.Build.0 = Debug|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Any CPU.ActiveCfg = Release|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Mixed Platforms.Build.0 = Release|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Win32.ActiveCfg = Release|Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1}.Release|Win32.Build.0 = Release|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Any CPU.ActiveCfg = Debug|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Win32.ActiveCfg = Debug|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Debug|Win32.Build.0 = Debug|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Any CPU.ActiveCfg = Release|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Mixed Platforms.Build.0 = Release|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Win32.ActiveCfg = Release|Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A}.Release|Win32.Build.0 = Release|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Any CPU.ActiveCfg = Debug|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Win32.ActiveCfg = Debug|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Debug|Win32.Build.0 = Debug|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Any CPU.ActiveCfg = Release|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Mixed Platforms.Build.0 = Release|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Win32.ActiveCfg = Release|Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F}.Release|Win32.Build.0 = Release|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Any CPU.ActiveCfg = Debug|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Win32.ActiveCfg = Debug|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Debug|Win32.Build.0 = Debug|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Any CPU.ActiveCfg = Release|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Mixed Platforms.Build.0 = Release|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Win32.ActiveCfg = Release|Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322}.Release|Win32.Build.0 = Release|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Any CPU.ActiveCfg = Debug|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Win32.ActiveCfg = Debug|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Debug|Win32.Build.0 = Debug|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Any CPU.ActiveCfg = Release|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Mixed Platforms.Build.0 = Release|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Win32.ActiveCfg = Release|Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951}.Release|Win32.Build.0 = Release|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Any CPU.ActiveCfg = Debug|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Win32.ActiveCfg = Debug|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Debug|Win32.Build.0 = Debug|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Release|Any CPU.ActiveCfg = Release|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Release|Mixed Platforms.Build.0 = Release|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Release|Win32.ActiveCfg = Release|Win32 {13A99FC4-485B-48E2-8436-5807057340B1}.Release|Win32.Build.0 = Release|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Any CPU.ActiveCfg = Debug|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Win32.ActiveCfg = Debug|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Debug|Win32.Build.0 = Debug|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Any CPU.ActiveCfg = Release|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Mixed Platforms.Build.0 = Release|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Win32.ActiveCfg = Release|Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC}.Release|Win32.Build.0 = Release|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Any CPU.ActiveCfg = Debug|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Win32.ActiveCfg = Debug|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Debug|Win32.Build.0 = Debug|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Any CPU.ActiveCfg = Release|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Mixed Platforms.Build.0 = Release|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Win32.ActiveCfg = Release|Win32 {A50B4D6A-675A-42F9-802C-41B56AFF1AC6}.Release|Win32.Build.0 = Release|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Any CPU.ActiveCfg = Debug|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Win32.ActiveCfg = Debug|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Debug|Win32.Build.0 = Debug|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Any CPU.ActiveCfg = Release|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Mixed Platforms.Build.0 = Release|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Win32.ActiveCfg = Release|Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2}.Release|Win32.Build.0 = Release|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Any CPU.ActiveCfg = Debug|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Win32.ActiveCfg = Debug|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Debug|Win32.Build.0 = Debug|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Any CPU.ActiveCfg = Release|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Mixed Platforms.Build.0 = Release|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Win32.ActiveCfg = Release|Win32 {3E884FC2-C99B-4FB6-AF8C-20F2DD03C0A8}.Release|Win32.Build.0 = Release|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Any CPU.ActiveCfg = Debug|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Win32.ActiveCfg = Debug|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Debug|Win32.Build.0 = Debug|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Any CPU.ActiveCfg = Release|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Mixed Platforms.Build.0 = Release|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Win32.ActiveCfg = Release|Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A}.Release|Win32.Build.0 = Release|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Any CPU.ActiveCfg = Debug|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Win32.ActiveCfg = Debug|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Debug|Win32.Build.0 = Debug|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Any CPU.ActiveCfg = Release|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Mixed Platforms.Build.0 = Release|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Win32.ActiveCfg = Release|Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4}.Release|Win32.Build.0 = Release|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Any CPU.ActiveCfg = Debug|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Win32.ActiveCfg = Debug|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Debug|Win32.Build.0 = Debug|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Any CPU.ActiveCfg = Release|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Mixed Platforms.Build.0 = Release|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Win32.ActiveCfg = Release|Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1}.Release|Win32.Build.0 = Release|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Any CPU.ActiveCfg = Debug|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Win32.ActiveCfg = Debug|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Debug|Win32.Build.0 = Debug|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Any CPU.ActiveCfg = Release|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Mixed Platforms.Build.0 = Release|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Win32.ActiveCfg = Release|Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B}.Release|Win32.Build.0 = Release|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Any CPU.ActiveCfg = Debug|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Win32.ActiveCfg = Debug|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Debug|Win32.Build.0 = Debug|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Any CPU.ActiveCfg = Release|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Mixed Platforms.Build.0 = Release|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Win32.ActiveCfg = Release|Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65}.Release|Win32.Build.0 = Release|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Any CPU.ActiveCfg = Debug|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Win32.ActiveCfg = Debug|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Debug|Win32.Build.0 = Debug|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Any CPU.ActiveCfg = Release|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Mixed Platforms.Build.0 = Release|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Win32.ActiveCfg = Release|Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E}.Release|Win32.Build.0 = Release|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Any CPU.ActiveCfg = Debug|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Win32.ActiveCfg = Debug|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Debug|Win32.Build.0 = Debug|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Any CPU.ActiveCfg = Release|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Mixed Platforms.Build.0 = Release|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Win32.ActiveCfg = Release|Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B}.Release|Win32.Build.0 = Release|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Any CPU.ActiveCfg = Debug|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Win32.ActiveCfg = Debug|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Debug|Win32.Build.0 = Debug|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Any CPU.ActiveCfg = Release|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Mixed Platforms.Build.0 = Release|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Win32.ActiveCfg = Release|Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE}.Release|Win32.Build.0 = Release|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Any CPU.ActiveCfg = Debug|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Win32.ActiveCfg = Debug|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Debug|Win32.Build.0 = Debug|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Any CPU.ActiveCfg = Release|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Mixed Platforms.Build.0 = Release|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Win32.ActiveCfg = Release|Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD}.Release|Win32.Build.0 = Release|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Any CPU.ActiveCfg = Debug|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Win32.ActiveCfg = Debug|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Debug|Win32.Build.0 = Debug|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Any CPU.ActiveCfg = Release|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Mixed Platforms.Build.0 = Release|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Win32.ActiveCfg = Release|Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862}.Release|Win32.Build.0 = Release|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Any CPU.ActiveCfg = Debug|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Win32.ActiveCfg = Debug|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Debug|Win32.Build.0 = Debug|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Any CPU.ActiveCfg = Release|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Mixed Platforms.Build.0 = Release|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Win32.ActiveCfg = Release|Win32 {D28C2783-E07C-45FC-B893-E4E27C015849}.Release|Win32.Build.0 = Release|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Any CPU.ActiveCfg = Debug|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Win32.ActiveCfg = Debug|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Debug|Win32.Build.0 = Debug|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Any CPU.ActiveCfg = Release|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Mixed Platforms.Build.0 = Release|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Win32.ActiveCfg = Release|Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123}.Release|Win32.Build.0 = Release|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Any CPU.ActiveCfg = Debug|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Win32.ActiveCfg = Debug|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Debug|Win32.Build.0 = Debug|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Any CPU.ActiveCfg = Release|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Mixed Platforms.Build.0 = Release|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Win32.ActiveCfg = Release|Win32 {4F7D1A32-2AF4-4652-B906-EEAB2718CFCF}.Release|Win32.Build.0 = Release|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Any CPU.ActiveCfg = Debug|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Win32.ActiveCfg = Debug|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Debug|Win32.Build.0 = Debug|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Any CPU.ActiveCfg = Release|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Mixed Platforms.Build.0 = Release|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Win32.ActiveCfg = Release|Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D}.Release|Win32.Build.0 = Release|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Any CPU.ActiveCfg = Debug|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Win32.ActiveCfg = Debug|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Debug|Win32.Build.0 = Debug|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Any CPU.ActiveCfg = Release|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Mixed Platforms.Build.0 = Release|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Win32.ActiveCfg = Release|Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655}.Release|Win32.Build.0 = Release|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Any CPU.ActiveCfg = Debug|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Win32.ActiveCfg = Debug|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Debug|Win32.Build.0 = Debug|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Any CPU.ActiveCfg = Release|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Mixed Platforms.Build.0 = Release|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Win32.ActiveCfg = Release|Win32 {E139963F-4EE2-453D-ADBB-65CB1F963CB0}.Release|Win32.Build.0 = Release|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Any CPU.ActiveCfg = Debug|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Win32.ActiveCfg = Debug|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Debug|Win32.Build.0 = Debug|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Any CPU.ActiveCfg = Release|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Mixed Platforms.Build.0 = Release|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Win32.ActiveCfg = Release|Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7}.Release|Win32.Build.0 = Release|Win32 {CBD90144-0832-4864-A083-752E10180168}.Debug|Any CPU.ActiveCfg = Debug|Win32 {CBD90144-0832-4864-A083-752E10180168}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {CBD90144-0832-4864-A083-752E10180168}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {CBD90144-0832-4864-A083-752E10180168}.Debug|Win32.ActiveCfg = Debug|Win32 {CBD90144-0832-4864-A083-752E10180168}.Debug|Win32.Build.0 = Debug|Win32 {CBD90144-0832-4864-A083-752E10180168}.Release|Any CPU.ActiveCfg = Release|Win32 {CBD90144-0832-4864-A083-752E10180168}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {CBD90144-0832-4864-A083-752E10180168}.Release|Mixed Platforms.Build.0 = Release|Win32 {CBD90144-0832-4864-A083-752E10180168}.Release|Win32.ActiveCfg = Release|Win32 {CBD90144-0832-4864-A083-752E10180168}.Release|Win32.Build.0 = Release|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Any CPU.ActiveCfg = Debug|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Win32.ActiveCfg = Debug|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Debug|Win32.Build.0 = Debug|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Any CPU.ActiveCfg = Release|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Mixed Platforms.Build.0 = Release|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Win32.ActiveCfg = Release|Win32 {AA80A720-59FE-496B-A90E-5697281DC9EB}.Release|Win32.Build.0 = Release|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Any CPU.ActiveCfg = Debug|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Win32.ActiveCfg = Debug|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Debug|Win32.Build.0 = Debug|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Any CPU.ActiveCfg = Release|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Mixed Platforms.Build.0 = Release|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Win32.ActiveCfg = Release|Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D}.Release|Win32.Build.0 = Release|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Any CPU.ActiveCfg = Debug|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Win32.ActiveCfg = Debug|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Debug|Win32.Build.0 = Debug|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Any CPU.ActiveCfg = Release|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Mixed Platforms.Build.0 = Release|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Win32.ActiveCfg = Release|Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F}.Release|Win32.Build.0 = Release|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Any CPU.ActiveCfg = Debug|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Win32.ActiveCfg = Debug|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Debug|Win32.Build.0 = Debug|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Any CPU.ActiveCfg = Release|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Mixed Platforms.Build.0 = Release|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Win32.ActiveCfg = Release|Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963}.Release|Win32.Build.0 = Release|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Any CPU.ActiveCfg = Debug|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Win32.ActiveCfg = Debug|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Debug|Win32.Build.0 = Debug|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Any CPU.ActiveCfg = Release|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Mixed Platforms.Build.0 = Release|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Win32.ActiveCfg = Release|Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30}.Release|Win32.Build.0 = Release|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Any CPU.ActiveCfg = Debug|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Win32.ActiveCfg = Debug|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Debug|Win32.Build.0 = Debug|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Any CPU.ActiveCfg = Release|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Mixed Platforms.Build.0 = Release|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Win32.ActiveCfg = Release|Win32 {17C7B6D4-B608-4892-8E7C-F32AAF102D46}.Release|Win32.Build.0 = Release|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Any CPU.ActiveCfg = Debug|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Win32.ActiveCfg = Debug|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Debug|Win32.Build.0 = Debug|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Any CPU.ActiveCfg = Release|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Mixed Platforms.Build.0 = Release|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Win32.ActiveCfg = Release|Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1}.Release|Win32.Build.0 = Release|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Any CPU.ActiveCfg = Debug|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Win32.ActiveCfg = Debug|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Debug|Win32.Build.0 = Debug|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Any CPU.ActiveCfg = Release|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Mixed Platforms.Build.0 = Release|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Win32.ActiveCfg = Release|Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0}.Release|Win32.Build.0 = Release|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Any CPU.ActiveCfg = Debug|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Win32.ActiveCfg = Debug|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Debug|Win32.Build.0 = Debug|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Any CPU.ActiveCfg = Release|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Mixed Platforms.Build.0 = Release|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Win32.ActiveCfg = Release|Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230}.Release|Win32.Build.0 = Release|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Any CPU.ActiveCfg = Debug|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Win32.ActiveCfg = Debug|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Debug|Win32.Build.0 = Debug|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Any CPU.ActiveCfg = Release|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Mixed Platforms.Build.0 = Release|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Win32.ActiveCfg = Release|Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A}.Release|Win32.Build.0 = Release|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Any CPU.ActiveCfg = Debug|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Win32.ActiveCfg = Debug|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Debug|Win32.Build.0 = Debug|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Any CPU.ActiveCfg = Release|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Mixed Platforms.Build.0 = Release|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Win32.ActiveCfg = Release|Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD}.Release|Win32.Build.0 = Release|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Any CPU.ActiveCfg = Debug|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Win32.ActiveCfg = Debug|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Debug|Win32.Build.0 = Debug|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Any CPU.ActiveCfg = Release|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Mixed Platforms.Build.0 = Release|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Win32.ActiveCfg = Release|Win32 {2A5D8BC1-4A6E-416C-BAA3-B8AB3F272EF4}.Release|Win32.Build.0 = Release|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Any CPU.ActiveCfg = Debug|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Win32.ActiveCfg = Debug|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Debug|Win32.Build.0 = Debug|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Any CPU.ActiveCfg = Release|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Mixed Platforms.Build.0 = Release|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Win32.ActiveCfg = Release|Win32 {4E46B941-806C-4EBC-AF95-3DE9BDA89D3F}.Release|Win32.Build.0 = Release|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Any CPU.ActiveCfg = Debug|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Win32.ActiveCfg = Debug|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Debug|Win32.Build.0 = Debug|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Any CPU.ActiveCfg = Release|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Mixed Platforms.Build.0 = Release|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Win32.ActiveCfg = Release|Win32 {BEFBAF6A-9211-4422-B3AB-E06D8689193E}.Release|Win32.Build.0 = Release|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Any CPU.ActiveCfg = Debug|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Win32.ActiveCfg = Debug|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Debug|Win32.Build.0 = Debug|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Any CPU.ActiveCfg = Release|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Mixed Platforms.Build.0 = Release|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Win32.ActiveCfg = Release|Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D}.Release|Win32.Build.0 = Release|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Any CPU.ActiveCfg = Debug|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Mixed Platforms.ActiveCfg = Debug|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Mixed Platforms.Build.0 = Debug|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Win32.ActiveCfg = Debug|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Debug|Win32.Build.0 = Debug|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Any CPU.ActiveCfg = Release|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Mixed Platforms.ActiveCfg = Release|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Mixed Platforms.Build.0 = Release|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Win32.ActiveCfg = Release|Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B}.Release|Win32.Build.0 = Release|Win32 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection EndGlobal ./tpmutils/nvdefinespace/0000751000175000017500000000000013133212574013653 5ustar lo1lo1./tpmutils/nvdefinespace/nvdefinespace.vcxproj0000644000175000017500000001052313021302234020074 0ustar lo1lo1 Debug Win32 Release Win32 {38C8B3B2-F040-4BC9-9C91-030DE28CEEC0} Win32Proj nvdefinespace Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvdefinespace/nvdefinespace.vcxproj.filters0000644000175000017500000000216612551030744021562 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/clearcontrol/0000751000175000017500000000000013133212573013527 5ustar lo1lo1./tpmutils/clearcontrol/clearcontrol.vcxproj0000644000175000017500000001052113021302234017624 0ustar lo1lo1 Debug Win32 Release Win32 {358CDC21-0742-4B39-AF3B-4AEC89E9B4A1} Win32Proj clearcontrol Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/clearcontrol/clearcontrol.vcxproj.filters0000644000175000017500000000216512551030744021313 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvchangeauth/0000751000175000017500000000000013133212575013515 5ustar lo1lo1./tpmutils/nvchangeauth/nvchangeauth.vcxproj0000644000175000017500000001053313021302234017577 0ustar lo1lo1 Debug Win32 Release Win32 {08FCBD3E-969D-4BFA-82D4-EC6A74EE93AD} Win32Proj nvchangeauth Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvchangeauth/nvchangeauth.vcxproj.filters0000644000175000017500000000217012551030744021257 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/getsessionauditdigest/0000751000175000017500000000000013133212574015453 5ustar lo1lo1./tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj.filters0000644000175000017500000000220112551030744025150 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/getsessionauditdigest/getsessionauditdigest.vcxproj0000644000175000017500000001055513021302234023501 0ustar lo1lo1 Debug Win32 Release Win32 {C0E1AD53-B941-4EDE-A869-AF9C7D9B7655} Win32Proj getsessionauditdigest Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/clockrateadjust/0000751000175000017500000000000013133212574014223 5ustar lo1lo1./tpmutils/clockrateadjust/clockrateadjust.vcxproj.filters0000644000175000017500000000217012551030744022475 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/clockrateadjust/clockrateadjust.vcxproj0000644000175000017500000001052713021302234021020 0ustar lo1lo1 Debug Win32 Release Win32 {6BB93AB7-5574-49C8-B248-CCA85638C2F1} Win32Proj clockrateadjust Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/createek/0000751000175000017500000000000013133212574012624 5ustar lo1lo1./tpmutils/createek/createek.vcxproj.filters0000644000175000017500000000251013040240301017457 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/createek/createek.vcxproj0000644000175000017500000001067513040240301016023 0ustar lo1lo1 Debug Win32 Release Win32 {658E9EB7-092C-42C3-8279-BDC65A1D0963} Win32Proj createek Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policyrestart/0000751000175000017500000000000013133212574013745 5ustar lo1lo1./tpmutils/policyrestart/policyrestart.vcxproj.filters0000644000175000017500000000217112551030744021742 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policyrestart/policyrestart.vcxproj0000644000175000017500000001053513021302234020263 0ustar lo1lo1 Debug Win32 Release Win32 {33EEEC2B-BBAB-4290-8B05-D4788750CDA2} Win32Proj policyrestart Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/flushcontext/0000751000175000017500000000000013133212574013567 5ustar lo1lo1./tpmutils/flushcontext/flushcontext.vcxproj0000644000175000017500000001052113021302234017722 0ustar lo1lo1 Debug Win32 Release Win32 {A8378417-7874-4B9E-98E6-C11A3EFB536D} Win32Proj flushcontext Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/flushcontext/flushcontext.vcxproj.filters0000644000175000017500000000216512551030744021411 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvsetbits/0000751000175000017500000000000013133212573013061 5ustar lo1lo1./tpmutils/nvsetbits/nvsetbits.vcxproj0000644000175000017500000001052513021302234016514 0ustar lo1lo1 Debug Win32 Release Win32 {64792A11-D813-45AF-BE32-2C7FBFA37F30} Win32Proj nvsetbits Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvsetbits/nvsetbits.vcxproj.filters0000644000175000017500000000216512634034035020176 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/evictcontrol/0000751000175000017500000000000013133212573013553 5ustar lo1lo1./tpmutils/evictcontrol/evictcontrol.vcxproj0000644000175000017500000001052113021302234017674 0ustar lo1lo1 Debug Win32 Release Win32 {A9FD62CC-C38E-4AB8-973F-F3B3A3FDEF8C} Win32Proj evictcontrol Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/evictcontrol/evictcontrol.vcxproj.filters0000644000175000017500000000216512551030744021363 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/hashsequencestart/0000751000175000017500000000000013133212573014572 5ustar lo1lo1./tpmutils/hashsequencestart/hashsequencestart.vcxproj.filters0000644000175000017500000000217212551030744023417 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/hashsequencestart/hashsequencestart.vcxproj0000644000175000017500000001053313021302234021735 0ustar lo1lo1 Debug Win32 Release Win32 {8C4B09BE-1DD8-4BC5-8541-EB16C780AABC} Win32Proj hashsequencestart Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/ecephemeral/0000751000175000017500000000000013133212574013313 5ustar lo1lo1./tpmutils/ecephemeral/ecephemeral.vcxproj.filters0000644000175000017500000000201713075734132020661 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files ./tpmutils/ecephemeral/ecephemeral.vcxproj0000644000175000017500000001044613075734132017217 0ustar lo1lo1 Debug Win32 Release Win32 {22E2004E-723A-4A26-B8BD-DC0FDC77BA9D} Win32Proj ecephemeral Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/eventsequencecomplete/0000751000175000017500000000000013133212573015443 5ustar lo1lo1./tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj.filters0000644000175000017500000000220112551030744025132 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/eventsequencecomplete/eventsequencecomplete.vcxproj0000644000175000017500000001055513021302234023463 0ustar lo1lo1 Debug Win32 Release Win32 {4ECA555C-FD5C-4DD3-B494-F2FB0D2D9123} Win32Proj eventsequencecomplete Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policymakerpcr/0000751000175000017500000000000013133212573014064 5ustar lo1lo1./tpmutils/policymakerpcr/policymakerpcr.vcxproj0000644000175000017500000001065313021302234020524 0ustar lo1lo1 Debug Win32 Release Win32 {E9463166-7A93-4CF8-9A87-45A0A18E0322} Win32Proj policymakerpcr Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true false {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policymakerpcr/policymakerpcr.vcxproj.filters0000644000175000017500000000217212551030744022203 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/contextload/0000751000175000017500000000000013133212574013365 5ustar lo1lo1./tpmutils/contextload/contextload.vcxproj.filters0000644000175000017500000000206213075724523021010 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/contextload/contextload.vcxproj0000644000175000017500000001041513075724523017342 0ustar lo1lo1 Debug Win32 Release Win32 {BA6A5695-C1B4-4F1F-B794-8D67131443DF} Win32Proj contextload Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/eccparameters/0000751000175000017500000000000013133212574013657 5ustar lo1lo1./tpmutils/eccparameters/eccparameters.vcxproj0000644000175000017500000001053513021302234020107 0ustar lo1lo1 Debug Win32 Release Win32 {CBD90144-0832-4864-A083-752E10180168} Win32Proj eccparameters Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/eccparameters/eccparameters.vcxproj.filters0000644000175000017500000000217112551030744021566 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/sign/0000751000175000017500000000000013133212575012002 5ustar lo1lo1./tpmutils/sign/sign.vcxproj.filters0000644000175000017500000000216012551030744016030 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/sign/sign.vcxproj0000644000175000017500000001063513063104472014366 0ustar lo1lo1 Debug Win32 Release Win32 {E3FE27F0-5673-40B3-A4F2-D726A156CB1E} Win32Proj sign Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true %(AdditionalDependencies) Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/startauthsession/0000751000175000017500000000000013133212573014463 5ustar lo1lo1./tpmutils/startauthsession/startauthsession.vcxproj.filters0000644000175000017500000000217112551030744023200 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/startauthsession/startauthsession.vcxproj0000644000175000017500000001053113021302234021515 0ustar lo1lo1 Debug Win32 Release Win32 {BC6E6238-F667-485D-8374-B9A61F7B31B3} Win32Proj startauthsession Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/import/0000751000175000017500000000000013133212574012353 5ustar lo1lo1./tpmutils/import/import.vcxproj0000644000175000017500000001041513021302234015274 0ustar lo1lo1 Debug Win32 Release Win32 {EBA425BE-67E2-4439-B330-56F441CC4C65} Win32Proj import Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/import/import.vcxproj.filters0000644000175000017500000000174612551030744016765 0ustar lo1lo1 {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms {49ee9c1b-538d-4725-b7d8-d0e9ab28e88f} Source Files Source Files ./tpmutils/clockset/0000751000175000017500000000000013133212574012650 5ustar lo1lo1./tpmutils/clockset/clockset.vcxproj0000644000175000017500000001051113021302234016063 0ustar lo1lo1 Debug Win32 Release Win32 {ED1A01E9-DF47-48B5-AA09-BAC1EC6A01BA} Win32Proj clockset Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/clockset/clockset.vcxproj.filters0000644000175000017500000000216112551030744017547 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/clear/0000751000175000017500000000000013133212574012127 5ustar lo1lo1./tpmutils/clear/clear.vcxproj.filters0000644000175000017500000000215612551030744016311 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/clear/clear.vcxproj0000644000175000017500000001050313021302234014622 0ustar lo1lo1 Debug Win32 Release Win32 {D44D7554-7B47-4651-8011-10C821E2C313} Win32Proj clear Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/returncode/0000751000175000017500000000000013133212574013213 5ustar lo1lo1./tpmutils/returncode/returncode.vcxproj0000644000175000017500000001033213021302234016772 0ustar lo1lo1 Debug Win32 Release Win32 {29A866A4-1335-4392-AE4A-33C3F6494214} Win32Proj returncode Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true ./tpmutils/returncode/returncode.vcxproj.filters0000644000175000017500000000234312726603603020463 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files ./tpmutils/load/0000751000175000017500000000000013133212573011757 5ustar lo1lo1./tpmutils/load/load.vcxproj0000644000175000017500000001050113021302234014302 0ustar lo1lo1 Debug Win32 Release Win32 {DF3F6BC5-C990-47F1-8567-2509D8FD983D} Win32Proj load Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/load/load.vcxproj.filters0000644000175000017500000000215512551030744015772 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvundefinespace/0000751000175000017500000000000013133212575014217 5ustar lo1lo1./tpmutils/nvundefinespace/nvundefinespace.vcxproj.filters0000644000175000017500000000217012551030744022463 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvundefinespace/nvundefinespace.vcxproj0000644000175000017500000001052713021302234021006 0ustar lo1lo1 Debug Win32 Release Win32 {79E92A99-3887-4BDE-AA2C-8EF950A2C3BD} Win32Proj nvundefinespace Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/getrandom/0000751000175000017500000000000013133212573013020 5ustar lo1lo1./tpmutils/getrandom/getrandom.vcxproj.filters0000644000175000017500000000216212551030744020072 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/getrandom/getrandom.vcxproj0000644000175000017500000001051313021302234016407 0ustar lo1lo1 Debug Win32 Release Win32 {1D478E32-E36A-4151-BBC5-C41B8C6ABC5D} Win32Proj getrandom Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/shutdown/0000751000175000017500000000000013133212574012714 5ustar lo1lo1./tpmutils/shutdown/shutdown.vcxproj.filters0000644000175000017500000000216412615745506017674 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/shutdown/shutdown.vcxproj0000644000175000017500000001052313021302234016176 0ustar lo1lo1 Debug Win32 Release Win32 {CF1FC3B0-3DFC-4FBD-98A5-1BBE66CB6E0D} Win32Proj shutdown Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/objectchangeauth/0000751000175000017500000000000013133212574014337 5ustar lo1lo1./tpmutils/objectchangeauth/objectchangeauth.vcxproj0000644000175000017500000001053113021302234021243 0ustar lo1lo1 Debug Win32 Release Win32 {74D62780-8014-4995-8F98-0E971CDBC654} Win32Proj objectchangeauth Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/objectchangeauth/objectchangeauth.vcxproj.filters0000644000175000017500000000217112551030744022726 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/hash/0000751000175000017500000000000013133212574011764 5ustar lo1lo1./tpmutils/hash/hash.vcxproj0000644000175000017500000001050113021302234014312 0ustar lo1lo1 Debug Win32 Release Win32 {914EE78E-52FF-42A5-BD33-1E99E8E02CB0} Win32Proj hash Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/hash/hash.vcxproj.filters0000644000175000017500000000215512551030744016002 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/hierarchycontrol/0000751000175000017500000000000013133212574014420 5ustar lo1lo1./tpmutils/hierarchycontrol/hierarchycontrol.vcxproj.filters0000644000175000017500000000217112551030744023070 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/hierarchycontrol/hierarchycontrol.vcxproj0000644000175000017500000001053113021302234021405 0ustar lo1lo1 Debug Win32 Release Win32 {1E7F8857-8635-4861-BCC0-FD074CC7A32B} Win32Proj hierarchycontrol Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policymaker/0000751000175000017500000000000013133212573013357 5ustar lo1lo1./tpmutils/policymaker/policymaker.vcxproj0000644000175000017500000001063313021302234017310 0ustar lo1lo1 Debug Win32 Release Win32 {306EFFD8-0AD8-4F98-B8BE-60DF258ED375} Win32Proj policymaker Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true false {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policymaker/policymaker.vcxproj.filters0000644000175000017500000000216412551030744020772 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/hmac/0000751000175000017500000000000013133212575011752 5ustar lo1lo1./tpmutils/hmac/hmac.vcxproj0000644000175000017500000001050113021302234014264 0ustar lo1lo1 Debug Win32 Release Win32 {15A0FC5B-8B9C-4FB8-948B-AD9D73030C42} Win32Proj hmac Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/hmac/hmac.vcxproj.filters0000644000175000017500000000215512551030744015754 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/stirrandom/0000751000175000017500000000000013133212574013223 5ustar lo1lo1./tpmutils/stirrandom/stirrandom.vcxproj.filters0000644000175000017500000000216312551030744020477 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/stirrandom/stirrandom.vcxproj0000644000175000017500000001051513021302234017015 0ustar lo1lo1 Debug Win32 Release Win32 {48FD021B-EF09-4213-ABB7-3740E5ABE0BB} Win32Proj stirrandom Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/tss/0000751000175000017500000000000013133212574011652 5ustar lo1lo1./tpmutils/tss/tss.vcxproj0000644000175000017500000001400713021302234014073 0ustar lo1lo1 Debug Win32 Release Win32 {5C11AF70-45A6-4888-A66A-C0A70302BD89} Win32Proj tss DynamicLibrary true v120 Unicode DynamicLibrary false v120 true Unicode true false NotUsing Level3 Disabled WIN32;TPM_TSS;_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) ../../utils;../../src;c:/program files/openssl/include Windows true Tbs.lib;%(AdditionalDependencies) Level3 NotUsing MaxSpeed true true WIN32;TPM_TSS;_DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) ../../utils;../../src;c:/program files/openssl/include Windows true true true Tbs.lib;%(AdditionalDependencies) false false false ./tpmutils/tss/stdafx.h0000644000175000017500000000062312522467467013337 0ustar lo1lo1// stdafx.h : include file for standard system include files, // or project specific include files that are used frequently, but // are changed infrequently // #pragma once #include "targetver.h" #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers // Windows Header Files: #include // TODO: reference additional headers your program requires here ./tpmutils/tss/tss.vcxproj.filters0000644000175000017500000000557513017371246015572 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files Source Files ./tpmutils/tss/targetver.h0000644000175000017500000000046212522467467014052 0ustar lo1lo1#pragma once // Including SDKDDKVer.h defines the highest available Windows platform. // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. #include ./tpmutils/tss/dllmain.cpp0000644000175000017500000000060712522466321014007 0ustar lo1lo1// dllmain.cpp : Defines the entry point for the DLL application. #include "stdafx.h" BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } ./tpmutils/tss/stdafx.cpp0000644000175000017500000000043212522467467013670 0ustar lo1lo1// stdafx.cpp : source file that includes just the standard includes // tss.pch will be the pre-compiled header // stdafx.obj will contain the pre-compiled type information #include "stdafx.h" // TODO: reference any additional headers you need in STDAFX.H // and not in this file ./tpmutils/gettime/0000751000175000017500000000000013133212573012476 5ustar lo1lo1./tpmutils/gettime/gettime.vcxproj0000644000175000017500000001050713021302234015546 0ustar lo1lo1 Debug Win32 Release Win32 {FD53EE1E-5408-4389-B316-8195455A1D66} Win32Proj gettime Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/gettime/gettime.vcxproj.filters0000644000175000017500000000216012551030744017224 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/encryptdecrypt/0000751000175000017500000000000013133212573014117 5ustar lo1lo1./tpmutils/encryptdecrypt/encryptdecrypt.vcxproj.filters0000644000175000017500000000166712551030744022301 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/encryptdecrypt/encryptdecrypt.vcxproj0000644000175000017500000001052513021302234020610 0ustar lo1lo1 Debug Win32 Release Win32 {3415A0BB-AF85-41D0-9024-CC44B6D89FDF} Win32Proj encryptdecrypt Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/verifysignature/0000751000175000017500000000000013133212574014267 5ustar lo1lo1./tpmutils/verifysignature/verifysignature.vcxproj.filters0000644000175000017500000000224213075666323022617 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files ./tpmutils/verifysignature/verifysignature.vcxproj0000644000175000017500000001051413075666323021151 0ustar lo1lo1 Debug Win32 Release Win32 {D25746E2-59E2-4365-A25F-C924E773B965} Win32Proj verifysignature Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/duplicate/0000751000175000017500000000000013133212575013014 5ustar lo1lo1./tpmutils/duplicate/duplicate.vcxproj0000644000175000017500000001052513021302234016376 0ustar lo1lo1 Debug Win32 Release Win32 {658DECB2-8AD5-47C5-8B4E-EFDD7F5914A1} Win32Proj duplicate Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/duplicate/duplicate.vcxproj.filters0000644000175000017500000000216512551030744020061 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/setprimarypolicy/0000751000175000017500000000000013133212573014457 5ustar lo1lo1./tpmutils/setprimarypolicy/setprimarypolicy.vcxproj.filters0000644000175000017500000000217112551030744023170 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/setprimarypolicy/setprimarypolicy.vcxproj0000644000175000017500000001053113021302234021505 0ustar lo1lo1 Debug Win32 Release Win32 {CCF66411-F16C-4273-9950-8F7BCDDE5EF8} Win32Proj setprimarypolicy Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policypassword/0000751000175000017500000000000013133212574014123 5ustar lo1lo1./tpmutils/policypassword/policypassword.vcxproj.filters0000644000175000017500000000216712551030744022303 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policypassword/policypassword.vcxproj0000644000175000017500000001052513021302234020616 0ustar lo1lo1 Debug Win32 Release Win32 {D7B60443-2989-4FD6-A146-0EA6D9E89F22} Win32Proj policypassword Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/makecredential/0000751000175000017500000000000013133212575014012 5ustar lo1lo1./tpmutils/makecredential/makecredential.vcxproj.filters0000644000175000017500000000217212641112052022044 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/makecredential/makecredential.vcxproj0000644000175000017500000001053713021302234020375 0ustar lo1lo1 Debug Win32 Release Win32 {E3BB242A-89DE-4EDF-B121-3557FB35A230} Win32Proj makecredential Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvcertify/0000751000175000017500000000000013133212575013053 5ustar lo1lo1./tpmutils/nvcertify/nvcertify.vcxproj0000644000175000017500000001063513021302234016476 0ustar lo1lo1 Debug Win32 Release Win32 {9F144AA3-F80A-45DA-A8C9-59FB393C48DE} Win32Proj nvcertify Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvcertify/nvcertify.vcxproj.filters0000644000175000017500000000176212551030744020161 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd Header Files Source Files Source Files ./tpmutils/pcrextend/0000751000175000017500000000000013133212573013034 5ustar lo1lo1./tpmutils/pcrextend/pcrextend.vcxproj.filters0000644000175000017500000000216212551030744020122 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/pcrextend/pcrextend.vcxproj0000644000175000017500000001051313021302234016437 0ustar lo1lo1 Debug Win32 Release Win32 {7B3150F1-DA32-4EA3-BAC9-A1CD525182B6} Win32Proj pcrextend Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/writeapp/0000751000175000017500000000000013133212574012674 5ustar lo1lo1./tpmutils/writeapp/writeapp.vcxproj0000644000175000017500000001057313063104472016155 0ustar lo1lo1 Debug Win32 Release Win32 {5c11af70-45a6-4888-a66a-c0a70302bd89} {BEFBAF6A-9211-4422-B3AB-E06D8689193E} Win32Proj writeapp Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true ./tpmutils/writeapp/writeapp.vcxproj.filters0000644000175000017500000000240613063104472017620 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/dictionaryattacklockreset/0000751000175000017500000000000013133212575016313 5ustar lo1lo1./tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj.filters0000644000175000017500000000220512551030744026652 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/dictionaryattacklockreset/dictionaryattacklockreset.vcxproj0000644000175000017500000001056513021302234025200 0ustar lo1lo1 Debug Win32 Release Win32 {FAE34595-8E6A-445B-AE74-1BD06A45A70A} Win32Proj dictionaryattacklockreset Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvreadpublic/0000751000175000017500000000000013133212574013517 5ustar lo1lo1./tpmutils/nvreadpublic/nvreadpublic.vcxproj0000644000175000017500000001052113021302234017602 0ustar lo1lo1 Debug Win32 Release Win32 {54BF993C-8B54-43EE-AAB3-1AB96FC59778} Win32Proj nvreadpublic Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvreadpublic/nvreadpublic.vcxproj.filters0000644000175000017500000000216512551030744021271 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/startup/0000751000175000017500000000000013133212573012542 5ustar lo1lo1./tpmutils/startup/startup.vcxproj0000644000175000017500000001075313063104472015673 0ustar lo1lo1 Debug Win32 Release Win32 {8849C601-3B21-431D-AF37-07E534709F22} Win32Proj startup Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true c:/progra~1/openssl/lib/mingw/libeay32.a;c:/progra~1/openssl/lib/mingw/ssleay32.a;%(AdditionalDependencies) Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/startup/startup.vcxproj.filters0000644000175000017500000000216012551030744017334 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/rsadecrypt/0000751000175000017500000000000013133212573013220 5ustar lo1lo1./tpmutils/rsadecrypt/rsadecrypt.vcxproj0000644000175000017500000001051513021302234017011 0ustar lo1lo1 Debug Win32 Release Win32 {E83B00E0-5600-45AD-AB49-B1EF1BFE320F} Win32Proj rsadecrypt Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/rsadecrypt/rsadecrypt.vcxproj.filters0000644000175000017500000000216312551030744020473 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/sequenceupdate/0000751000175000017500000000000013133212574014054 5ustar lo1lo1./tpmutils/sequenceupdate/sequenceupdate.vcxproj0000644000175000017500000001052513021302234020500 0ustar lo1lo1 Debug Win32 Release Win32 {28E834FA-EC3A-49A5-9F94-6C2E96C2818C} Win32Proj sequenceupdate Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/sequenceupdate/sequenceupdate.vcxproj.filters0000644000175000017500000000216712551030744022165 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/getcapability/0000751000175000017500000000000013133212574013662 5ustar lo1lo1./tpmutils/getcapability/getcapability.vcxproj.filters0000644000175000017500000000216612551030744021600 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/getcapability/getcapability.vcxproj0000644000175000017500000001052313021302234020112 0ustar lo1lo1 Debug Win32 Release Win32 {C6A4DBDA-8D62-4D64-8819-29B114F72201} Win32Proj getcapability Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/CommonProperties.props0000644000175000017500000000201013021302234015415 0ustar lo1lo1 <_PropertySheetDisplayName>CommonProperties c:/program files/openssl/include;../../utils TPM_WINDOWS;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;TPM_ENCRYPT_SESSIONS_DEFAULT="0";TPM_WINDOWS_TBSI;TPM_WINDOWS_TBSI_WIN8;%(PreprocessorDefinitions) libeay32mdd.lib;ssleay32mdd.lib;ws2_32.lib;%(AdditionalDependencies) c:\program files\openssl\lib\vc ./tpmutils/nvwritelock/0000751000175000017500000000000013133212573013407 5ustar lo1lo1./tpmutils/nvwritelock/nvwritelock.vcxproj0000644000175000017500000001053113021302234017365 0ustar lo1lo1 Debug Win32 Release Win32 {D28C2783-E07C-45FC-B893-E4E27C015849} Win32Proj nvwritelock Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvwritelock/nvwritelock.vcxproj.filters0000644000175000017500000000216712551030744021055 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/readclock/0000751000175000017500000000000013133212574012770 5ustar lo1lo1./tpmutils/readclock/readclock.vcxproj.filters0000644000175000017500000000216212551030744020010 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/readclock/readclock.vcxproj0000644000175000017500000001051313021302234016325 0ustar lo1lo1 Debug Win32 Release Win32 {18057134-8F5A-4D9B-A419-C633DE19D8CC} Win32Proj readclock Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policygetdigest/0000751000175000017500000000000013133212573014237 5ustar lo1lo1./tpmutils/policygetdigest/policygetdigest.vcxproj.filters0000644000175000017500000000217012551030744022527 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policygetdigest/policygetdigest.vcxproj0000644000175000017500000001052713021302234021052 0ustar lo1lo1 Debug Win32 Release Win32 {ECA66D54-3C08-4E8A-AE6A-EDBC3509AF9B} Win32Proj policygetdigest Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/contextsave/0000751000175000017500000000000013133212573013403 5ustar lo1lo1./tpmutils/contextsave/contextsave.vcxproj0000644000175000017500000001041513075724523017400 0ustar lo1lo1 Debug Win32 Release Win32 {08FD82ED-5872-4250-ADC0-B7B62DCE49BC} Win32Proj contextsave Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/contextsave/contextsave.vcxproj.filters0000644000175000017500000000206213075724523021046 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/readpublic/0000751000175000017500000000000013133212573013152 5ustar lo1lo1./tpmutils/readpublic/readpublic.vcxproj.filters0000644000175000017500000000233713075666323020374 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files ./tpmutils/readpublic/readpublic.vcxproj0000644000175000017500000001060413075666323016721 0ustar lo1lo1 Debug Win32 Release Win32 {8E666FD9-011F-4785-9AF5-9EDA1ECAD866} Win32Proj readpublic Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/loadexternal/0000751000175000017500000000000013133212573013522 5ustar lo1lo1./tpmutils/loadexternal/loadexternal.vcxproj0000644000175000017500000001125313063104472017627 0ustar lo1lo1 Debug Win32 Release Win32 {ABB0B1A5-1B3D-44D1-8382-FA4BB5FDC37C} Win32Proj loadexternal Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true %(AdditionalDependencies) Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true false %(AdditionalDependencies) {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/loadexternal/loadexternal.vcxproj.filters0000644000175000017500000000251113040240301021256 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/nvwrite/0000751000175000017500000000000013133212574012537 5ustar lo1lo1./tpmutils/nvwrite/nvwrite.vcxproj0000644000175000017500000001066113040240301015644 0ustar lo1lo1 Debug Win32 Release Win32 {D75A1275-02E7-4A31-828D-AA01C3EBA71E} Win32Proj nvwrite Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvwrite/nvwrite.vcxproj.filters0000644000175000017500000000250413040240301017310 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/pcrreset/0000751000175000017500000000000013133212573012667 5ustar lo1lo1./tpmutils/pcrreset/pcrreset.vcxproj.filters0000644000175000017500000000216112551030744017607 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/pcrreset/pcrreset.vcxproj0000644000175000017500000001051113021302234016123 0ustar lo1lo1 Debug Win32 Release Win32 {AB8D68EC-40B3-493A-97D9-068A0F7672D9} Win32Proj pcrreset Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/sequencecomplete/0000751000175000017500000000000013133212573014401 5ustar lo1lo1./tpmutils/sequencecomplete/sequencecomplete.vcxproj.filters0000644000175000017500000000217112551030744023034 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/sequencecomplete/sequencecomplete.vcxproj0000644000175000017500000001053113021302234021351 0ustar lo1lo1 Debug Win32 Release Win32 {87D056D6-AB21-4420-B58E-4C595FE22726} Win32Proj sequencecomplete Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/pcrallocate/0000751000175000017500000000000013133212573013331 5ustar lo1lo1./tpmutils/pcrallocate/pcrallocate.vcxproj.filters0000644000175000017500000000216712621164547020730 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/pcrallocate/pcrallocate.vcxproj0000644000175000017500000001053113021302234017231 0ustar lo1lo1 Debug Win32 Release Win32 {A6BC7558-DDF1-41F7-B3FE-48A8731B007F} Win32Proj pcrallocate Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/rewrap/0000751000175000017500000000000013133212573012340 5ustar lo1lo1./tpmutils/rewrap/rewrap.vcxproj0000644000175000017500000001051713021302234015253 0ustar lo1lo1 Debug Win32 Release Win32 {165F6E9A-F01A-4793-847C-FB5DC10F4F5B} Win32Proj rewrap Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/rewrap/rewrap.vcxproj.filters0000644000175000017500000000216212551030744016732 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/changeeps/0000751000175000017500000000000013133212574012776 5ustar lo1lo1./tpmutils/changeeps/changeeps.vcxproj0000644000175000017500000001051313021302234016341 0ustar lo1lo1 Debug Win32 Release Win32 {3DA913E8-EF9B-4B9C-8847-D7618BC07551} Win32Proj changeeps Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/changeeps/changeeps.vcxproj.filters0000644000175000017500000000216212551030744020024 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvextend/0000751000175000017500000000000013133212574012674 5ustar lo1lo1./tpmutils/nvextend/nvextend.vcxproj0000644000175000017500000001052313021302234016136 0ustar lo1lo1 Debug Win32 Release Win32 {2805603E-37DB-4BFA-9E75-6B71CA77E3C1} Win32Proj nvextend Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvextend/nvextend.vcxproj.filters0000644000175000017500000000216412634034035017621 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policysigned/0000751000175000017500000000000013133212574013532 5ustar lo1lo1./tpmutils/policysigned/policysigned.vcxproj0000644000175000017500000001075713063104472017655 0ustar lo1lo1 Debug Win32 Release Win32 {54DFC656-03A3-40CA-8576-4093CDFF7E8C} Win32Proj policysigned Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true %(AdditionalDependencies) Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true false {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policysigned/policysigned.vcxproj.filters0000644000175000017500000000216512551030744021317 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/activatecredential/0000751000175000017500000000000013133212573014673 5ustar lo1lo1./tpmutils/activatecredential/activatecredential.vcxproj0000644000175000017500000001054713021302234022144 0ustar lo1lo1 Debug Win32 Release Win32 {A2B17262-A3C2-4048-A82B-4C89875AD9D0} Win32Proj activatecredential Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/activatecredential/activatecredential.vcxproj.filters0000644000175000017500000000217612641112052023616 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policynv/0000751000175000017500000000000013133212574012704 5ustar lo1lo1./tpmutils/policynv/policynv.vcxproj0000644000175000017500000001052313021302234016156 0ustar lo1lo1 Debug Win32 Release Win32 {7F2107D1-B8A6-4CCB-9BC4-34EA8A5CF951} Win32Proj policynv Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policynv/policynv.vcxproj.filters0000644000175000017500000000216412551030744017642 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvglobalwritelock/0000751000175000017500000000000013133212574014571 5ustar lo1lo1./tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj0000644000175000017500000001054513021302234021734 0ustar lo1lo1 Debug Win32 Release Win32 {7E993D77-3B0B-40B1-BEA8-CE06926D3862} Win32Proj nvglobalwritelock Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvglobalwritelock/nvglobalwritelock.vcxproj.filters0000644000175000017500000000217512551030744023416 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/CommonPropertiesRelease.props0000644000175000017500000000164613021302234016734 0ustar lo1lo1 c:/program files/openssl/include;../../utils TPM_WINDOWS;_CRT_SECURE_NO_WARNINGS;_WINSOCK_DEPRECATED_NO_WARNINGS;TPM_ENCRYPT_SESSIONS_DEFAULT="0";TPM_WINDOWS_TBSI;TPM_WINDOWS_TBSI_WIN8;%(PreprocessorDefinitions) libeay32md.lib;ssleay32md.lib;ws2_32.lib;%(AdditionalDependencies) c:\program files\openssl\lib\vc ./tpmutils/rsaencrypt/0000751000175000017500000000000013133212575013234 5ustar lo1lo1./tpmutils/rsaencrypt/rsaencrypt.vcxproj0000644000175000017500000001051513021302234017035 0ustar lo1lo1 Debug Win32 Release Win32 {0FC28165-FFB2-4FE8-B860-DFAE1AB1077B} Win32Proj rsaencrypt Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/rsaencrypt/rsaencrypt.vcxproj.filters0000644000175000017500000000216312551030744020517 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvread/0000751000175000017500000000000013133212574012320 5ustar lo1lo1./tpmutils/nvread/nvread.vcxproj.filters0000644000175000017500000000250313040240301016651 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/nvread/nvread.vcxproj0000644000175000017500000001065713040240301015213 0ustar lo1lo1 Debug Win32 Release Win32 {A4D5835E-BEAA-4481-9DAA-6E84F1DFADE5} Win32Proj nvread Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/commit/0000751000175000017500000000000013133212573012330 5ustar lo1lo1./tpmutils/commit/commit.vcxproj.filters0000644000175000017500000000171013075724523016717 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files ./tpmutils/commit/commit.vcxproj0000644000175000017500000001033213075724523015250 0ustar lo1lo1 Debug Win32 Release Win32 {2BD82DB2-D0D6-405F-88B1-613D5ECF5F9B} Win32Proj commit Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/getcommandauditdigest/0000751000175000017500000000000013133212573015405 5ustar lo1lo1./tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj0000644000175000017500000001055513021302234023367 0ustar lo1lo1 Debug Win32 Release Win32 {E31CADC8-6CA2-4FA8-B8E9-CE61C898D12D} Win32Proj getcommandauditdigest Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/getcommandauditdigest/getcommandauditdigest.vcxproj.filters0000644000175000017500000000220112551030744025036 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvreadlock/0000751000175000017500000000000013133212573013170 5ustar lo1lo1./tpmutils/nvreadlock/nvreadlock.vcxproj0000644000175000017500000001052713021302234016734 0ustar lo1lo1 Debug Win32 Release Win32 {D1B36DE1-159D-4605-A5A4-30EE5BDE444B} Win32Proj nvreadlock Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvreadlock/nvreadlock.vcxproj.filters0000644000175000017500000000216612551030744020416 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policyauthorize/0000751000175000017500000000000013133212573014272 5ustar lo1lo1./tpmutils/policyauthorize/policyauthorize.vcxproj0000644000175000017500000001054113021302234021134 0ustar lo1lo1 Debug Win32 Release Win32 {1F934583-0C3F-48CA-B54E-EE88BFFAB39A} Win32Proj policyauthorize Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policyauthorize/policyauthorize.vcxproj.filters0000644000175000017500000000217312551030744022620 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/createprimary/0000751000175000017500000000000013133212573013707 5ustar lo1lo1./tpmutils/createprimary/createprimary.vcxproj0000644000175000017500000001133213075666323020212 0ustar lo1lo1 Debug Win32 Release Win32 {5B976902-A648-4C53-9369-6C1F8C6005E9} Win32Proj createprimary Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true c:/progra~1/openssl/lib/mingw/libeay32.a;c:/progra~1/openssl/lib/mingw/ssleay32.a;%(AdditionalDependencies) Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) c:/program files/openssl/include;../../utils Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/createprimary/createprimary.vcxproj.filters0000644000175000017500000000252213075666323021662 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/policytemplate/0000751000175000017500000000000013133212573014073 5ustar lo1lo1./tpmutils/policytemplate/policytemplate.vcxproj.filters0000644000175000017500000000217213013374477022231 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policytemplate/policytemplate.vcxproj0000644000175000017500000001053713021302234020543 0ustar lo1lo1 Debug Win32 Release Win32 {567E0B94-FF18-430A-9202-CFFEE1C94BDD} Win32Proj policytemplate Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/quote/0000751000175000017500000000000013133212574012176 5ustar lo1lo1./tpmutils/quote/quote.vcxproj.filters0000644000175000017500000000215612551030744016427 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/quote/quote.vcxproj0000644000175000017500000001050313021302234014740 0ustar lo1lo1 Debug Win32 Release Win32 {CDAAC750-B5B8-4FFF-A8F2-A511D1EEC6FF} Win32Proj quote Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/unseal/0000751000175000017500000000000013133212573012327 5ustar lo1lo1./tpmutils/unseal/unseal.vcxproj.filters0000644000175000017500000000216212551030744016710 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/unseal/unseal.vcxproj0000644000175000017500000001051713021302234015231 0ustar lo1lo1 Debug Win32 Release Win32 {6B714F5E-F30C-443C-B855-0BA40BD255A4} Win32Proj unseal Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/nvundefinespacespecial/0000751000175000017500000000000013133212574015557 5ustar lo1lo1./tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj.filters0000644000175000017500000000220212551030744025361 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/nvundefinespacespecial/nvundefinespacespecial.vcxproj0000644000175000017500000001055713021302234023713 0ustar lo1lo1 Debug Win32 Release Win32 {1B5B823C-ED4A-4D5A-9DE7-7E4D7E5E3ED7} Win32Proj nvundefinespacespecial Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/createloaded/0000751000175000017500000000000013133212574013455 5ustar lo1lo1./tpmutils/createloaded/createloaded.vcxproj0000644000175000017500000001071513075666323017530 0ustar lo1lo1 Debug Win32 Release Win32 {0050296D-12F4-410B-A1FE-FA3A53F81B6A} Win32Proj createloaded Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/createloaded/createloaded.vcxproj.filters0000644000175000017500000000252413075666323021176 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files Source Files Source Files ./tpmutils/policycountertimer/0000751000175000017500000000000013133212573015000 5ustar lo1lo1./tpmutils/policycountertimer/policycountertimer.vcxproj.filters0000644000175000017500000000217612551030744024037 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policycountertimer/policycountertimer.vcxproj0000644000175000017500000001054713021302234022356 0ustar lo1lo1 Debug Win32 Release Win32 {EFDF93B9-2742-4D1C-AD6D-D4121950ECAC} Win32Proj policycountertimer Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./tpmutils/policyticket/0000751000175000017500000000000013133212573013543 5ustar lo1lo1./tpmutils/policyticket/policyticket.vcxproj.filters0000644000175000017500000000217012551030744021337 0ustar lo1lo1 {4FC737F1-C7A5-4376-A066-2A32D752A2FF} cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx {93995380-89BD-4b04-88EB-625FBE52EBFB} h;hh;hpp;hxx;hm;inl;inc;xsd {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms Source Files Source Files ./tpmutils/policyticket/policyticket.vcxproj0000644000175000017500000001053313021302234017657 0ustar lo1lo1 Debug Win32 Release Win32 {F9A80497-C9A5-4792-92AF-99B248FC399F} Win32Proj policyticket Application true v120 Unicode Application false v120 true Unicode true false Level3 Disabled WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true Level3 MaxSpeed true true WIN32;NDEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions) Console true true true {5c11af70-45a6-4888-a66a-c0a70302bd89} ./.gitignore0000640000175000017500000000535513037234214011156 0ustar lo1lo1acs/ tpmutils/Debug/ tpmutils/activatecredential/Debug/ tpmutils/certify/Debug/ tpmutils/changeeps/Debug/ tpmutils/changepps/Debug/ tpmutils/clear/Debug/ tpmutils/clearcontrol/Debug/ tpmutils/clockrateadjust/Debug/ tpmutils/clockset/Debug/ tpmutils/contextload/Debug/ tpmutils/contextsave/Debug/ tpmutils/create/Debug/ tpmutils/createek/Debug/ tpmutils/createloaded/Debug/ tpmutils/createprimary/Debug/ tpmutils/dictionaryattacklockreset/Debug/ tpmutils/dictionaryattackparameters/Debug/ tpmutils/duplicate/Debug/ tpmutils/eccparameters/Debug/ tpmutils/encryptdecrypt/Debug/ tpmutils/eventsequencecomplete/Debug/ tpmutils/evictcontrol/Debug/ tpmutils/flushcontext/Debug/ tpmutils/getcapability/Debug/ tpmutils/getcommandauditdigest/Debug/ tpmutils/getrandom/Debug/ tpmutils/getsessionauditdigest/Debug/ tpmutils/gettime/Debug/ tpmutils/hash/Debug/ tpmutils/hashsequencestart/Debug/ tpmutils/hierarchychangeauth/Debug/ tpmutils/hierarchycontrol/Debug/ tpmutils/hmac/Debug/ tpmutils/hmacstart/Debug/ tpmutils/import/Debug/ tpmutils/importpem/ tpmutils/load/Debug/ tpmutils/loadexternal/Debug/ tpmutils/makecredential/Debug/ tpmutils/nvcertify/Debug/ tpmutils/nvchangeauth/Debug/ tpmutils/nvdefinespace/Debug/ tpmutils/nvextend/Debug/ tpmutils/nvglobalwritelock/Debug/ tpmutils/nvincrement/Debug/ tpmutils/nvread/Debug/ tpmutils/nvreadlock/Debug/ tpmutils/nvreadpublic/Debug/ tpmutils/nvsetbits/Debug/ tpmutils/nvundefinespace/Debug/ tpmutils/nvundefinespacespecial/Debug/ tpmutils/nvwrite/Debug/ tpmutils/nvwritelock/Debug/ tpmutils/objectchangeauth/Debug/ tpmutils/pcrallocate/Debug/ tpmutils/pcrevent/Debug/ tpmutils/pcrextend/Debug/ tpmutils/pcrread/Debug/ tpmutils/pcrreset/Debug/ tpmutils/policyauthorize/Debug/ tpmutils/policyauthorizenv/Debug/ tpmutils/policyauthvalue/Debug/ tpmutils/policycommandcode/Debug/ tpmutils/policycountertimer/Debug/ tpmutils/policycphash/Debug/ tpmutils/policygetdigest/Debug/ tpmutils/policymaker/Debug/ tpmutils/policymakerpcr/Debug/ tpmutils/policynv/Debug/ tpmutils/policynvwritten/Debug/ tpmutils/policyor/Debug/ tpmutils/policypassword/Debug/ tpmutils/policypcr/Debug/ tpmutils/policyrestart/Debug/ tpmutils/policysecret/Debug/ tpmutils/policysigned/Debug/ tpmutils/policytemplate/Debug/ tpmutils/policyticket/Debug/ tpmutils/powerup/Debug/ tpmutils/quote/Debug/ tpmutils/readclock/Debug/ tpmutils/readpublic/Debug/ tpmutils/returncode/Debug/ tpmutils/rewrap/Debug/ tpmutils/rsadecrypt/Debug/ tpmutils/rsaencrypt/Debug/ tpmutils/sequencecomplete/Debug/ tpmutils/sequenceupdate/Debug/ tpmutils/setprimarypolicy/Debug/ tpmutils/shutdown/Debug/ tpmutils/sign/Debug/ tpmutils/signapp/Debug/ tpmutils/startauthsession/Debug/ tpmutils/startup/Debug/ tpmutils/stirrandom/Debug/ tpmutils/tss/Debug/ tpmutils/unseal/Debug/ tpmutils/verifysignature/Debug/ .gitignore ./utils/0000751000175000017500000000000013133245244010320 5ustar lo1lo1./utils/getcapability.c0000644000175000017500000006431113070736653013327 0ustar lo1lo1/********************************************************************************/ /* */ /* Get Capability */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: getcapability.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(TPM_CAP capability); static TPM_RC printResponse(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; TPM_CAP capability = TPM_CAP_LAST + 1; /* invalid */ uint32_t property = 0; /* default, start at first one */ uint32_t propertyCount = 64; /* default, return 64 values */ GetCapability_In in; GetCapability_Out out; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(capability); } } else { printf("Missing parameter for -se0\n"); printUsage(capability); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(capability); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(capability); } } else { printf("Missing parameter for -se1\n"); printUsage(capability); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(capability); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(capability); } } else { printf("Missing parameter for -se2\n"); printUsage(capability); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(capability); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(capability); } } if (capability > TPM_CAP_LAST) { printf("Missing or illegal parameter -cap\n"); printUsage(capability); } if (rc == 0) { in.capability = capability; in.property = property; in.propertyCount = propertyCount; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_GetCapability, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (out.moreData > 0) { printf("moreData: %u\n", out.moreData); } rc = printResponse(&out.capabilityData, property); } if (rc == 0) { if (verbose) printf("getcapability: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("getcapability: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } typedef void (* USAGE_FUNCTION)(void); typedef TPM_RC (* RESPONSE_FUNCTION)(TPMS_CAPABILITY_DATA *out, uint32_t property); typedef struct { TPM_CAP capability; USAGE_FUNCTION usageFunction; RESPONSE_FUNCTION responseFunction; } CAPABILITY_TABLE; static void usageCapability(void); static void usageAlgs(void); static void usageHandles(void); static void usageCommands(void); static void usagePpCommands(void); static void usageAuditCommands(void); static void usagePcrs(void); static void usageTpmProperties(void); static void usagePcrProperties(void); static void usageEccCurves(void); static TPM_RC responseCapability(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responseAlgs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responseHandles(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responseCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responsePpCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responseAuditCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responsePcrs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responseTpmProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responsePcrProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static TPM_RC responseEccCurves(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property); static const CAPABILITY_TABLE capabilityTable [] = { {TPM_CAP_LAST + 1, usageCapability, responseCapability}, {TPM_CAP_ALGS, usageAlgs, responseAlgs} , {TPM_CAP_HANDLES, usageHandles, responseHandles} , {TPM_CAP_COMMANDS, usageCommands, responseCommands} , {TPM_CAP_PP_COMMANDS, usagePpCommands, responsePpCommands} , {TPM_CAP_AUDIT_COMMANDS, usageAuditCommands, responseAuditCommands}, {TPM_CAP_PCRS, usagePcrs, responsePcrs} , {TPM_CAP_TPM_PROPERTIES, usageTpmProperties, responseTpmProperties}, {TPM_CAP_PCR_PROPERTIES, usagePcrProperties, responsePcrProperties}, {TPM_CAP_ECC_CURVES, usageEccCurves, responseEccCurves} }; static TPM_RC printResponse(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; size_t i; /* call the response function in the capability table */ for (i = 0 ; i < (sizeof(capabilityTable) / sizeof(CAPABILITY_TABLE)) ; i++) { if (capabilityTable[i].capability == capabilityData->capability) { rc = capabilityTable[i].responseFunction(capabilityData, property); } } return rc; } static TPM_RC responseCapability(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; property = property; printf("Cannot parse illegal response capability %08x\n", capabilityData->capability); rc = TPM_RC_VALUE; return rc; } static TPM_RC responseAlgs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_ALG_PROPERTY *algorithms = (TPML_ALG_PROPERTY *)&(capabilityData->data); property = property; printf("%u algorithms \n", algorithms->count); for (count = 0 ; count < algorithms->count ; count++) { TPMS_ALG_PROPERTY *algProperties = &(algorithms->algProperties[count]); TSS_TPM_ALG_ID_Print(algProperties->alg, 2); TSS_TPM_TPMA_ALGORITHM_Print(algProperties->algProperties, 4); } return rc; } static TPM_RC responseHandles(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_HANDLE *handles = (TPML_HANDLE *)&(capabilityData->data); property = property; printf("%u handles\n", handles->count); for (count = 0 ; count < handles->count ; count++) { printf("\t%08x\n", handles->handle[count]); } return rc; } static TPM_RC responseCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_CCA *command = (TPML_CCA *)&(capabilityData->data); property = property; printf("%u commands\n", command->count); for (count = 0 ; count < command->count ; count++) { printf("\tcommand Attributes %08x\n", command->commandAttributes[count].val); } return rc; } static TPM_RC responsePpCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_CC *command = (TPML_CC *)&(capabilityData->data); property = property; printf("%u commands\n", command->count); for (count = 0 ; count < command->count ; count++) { printf("\tPP command %08x\n", command->commandCodes[count]); } return rc; } static TPM_RC responseAuditCommands(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_CC *command = (TPML_CC *)&(capabilityData->data); property = property; printf("%u commands\n", command->count); for (count = 0 ; count < command->count ; count++) { printf("\tAudit command %08x\n", command->commandCodes[count]); } return rc; } static TPM_RC responsePcrs(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_PCR_SELECTION *pcrSelection = (TPML_PCR_SELECTION *)&(capabilityData->data); property = property; printf("%u PCR selections\n", pcrSelection->count); for (count = 0 ; count < pcrSelection->count ; count++) { TSS_TPMS_PCR_SELECTION_Print(&pcrSelection->pcrSelections[count], 2); } return rc; } typedef struct { TPM_PT pt; const char *ptText; } PT_TABLE; static PT_TABLE ptTable [] = { {(PT_FIXED + 0),"TPM_PT_FAMILY_INDICATOR - a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY)"}, {(PT_FIXED + 1), "TPM_PT_LEVEL - the level of the specification"}, {(PT_FIXED + 2), "TPM_PT_REVISION - the specification Revision times 100"}, {(PT_FIXED + 3), "TPM_PT_DAY_OF_YEAR - the specification day of year using TCG calendar"}, {(PT_FIXED + 4), "TPM_PT_YEAR - the specification year using the CE"}, {(PT_FIXED + 5), "TPM_PT_MANUFACTURER - the vendor ID unique to each TPM manufacturer "}, {(PT_FIXED + 6), "TPM_PT_VENDOR_STRING_1 - the first four characters of the vendor ID string"}, {(PT_FIXED + 7), "TPM_PT_VENDOR_STRING_2 - the second four characters of the vendor ID string "}, {(PT_FIXED + 8), "TPM_PT_VENDOR_STRING_3 - the third four characters of the vendor ID string "}, {(PT_FIXED + 9), "TPM_PT_VENDOR_STRING_4 - the fourth four characters of the vendor ID sting "}, {(PT_FIXED + 10), "TPM_PT_VENDOR_TPM_TYPE - vendor-defined value indicating the TPM model "}, {(PT_FIXED + 11), "TPM_PT_FIRMWARE_VERSION_1 - the most-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware"}, {(PT_FIXED + 12), "TPM_PT_FIRMWARE_VERSION_2 - the least-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware"}, {(PT_FIXED + 13), "TPM_PT_INPUT_BUFFER - the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER)"}, {(PT_FIXED + 14), "TPM_PT_HR_TRANSIENT_MIN - the minimum number of transient objects that can be held in TPM RAM"}, {(PT_FIXED + 15), "TPM_PT_HR_PERSISTENT_MIN - the minimum number of persistent objects that can be held in TPM NV memory"}, {(PT_FIXED + 16), "TPM_PT_HR_LOADED_MIN - the minimum number of authorization sessions that can be held in TPM RAM"}, {(PT_FIXED + 17), "TPM_PT_ACTIVE_SESSIONS_MAX - the number of authorization sessions that may be active at a time"}, {(PT_FIXED + 18), "TPM_PT_PCR_COUNT - the number of PCR implemented"}, {(PT_FIXED + 19), "TPM_PT_PCR_SELECT_MIN - the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect"}, {(PT_FIXED + 20), "TPM_PT_CONTEXT_GAP_MAX - the maximum allowed difference (unsigned) between the contextID values of two saved session contexts"}, {(PT_FIXED + 22), "TPM_PT_NV_COUNTERS_MAX - the maximum number of NV Indexes that are allowed to have the TPMA_NV_COUNTER attribute SET"}, {(PT_FIXED + 23), "TPM_PT_NV_INDEX_MAX - the maximum size of an NV Index data area"}, {(PT_FIXED + 24), "TPM_PT_MEMORY - a TPMA_MEMORY indicating the memory management method for the TPM"}, {(PT_FIXED + 25), "TPM_PT_CLOCK_UPDATE - interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV"}, {(PT_FIXED + 26), "TPM_PT_CONTEXT_HASH - the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead()"}, {(PT_FIXED + 27), "TPM_PT_CONTEXT_SYM - TPM_ALG_ID, the algorithm used for encryption of saved contexts"}, {(PT_FIXED + 28), "TPM_PT_CONTEXT_SYM_SIZE - TPM_KEY_BITS, the size of the key used for encryption of saved contexts"}, {(PT_FIXED + 29), "TPM_PT_ORDERLY_COUNT - the modulus - 1 of the count for NV update of an orderly counter"}, {(PT_FIXED + 30), "TPM_PT_MAX_COMMAND_SIZE - the maximum value for commandSize in a command"}, {(PT_FIXED + 31), "TPM_PT_MAX_RESPONSE_SIZE - the maximum value for responseSize in a response"}, {(PT_FIXED + 32), "TPM_PT_MAX_DIGEST - the maximum size of a digest that can be produced by the TPM"}, {(PT_FIXED + 33), "TPM_PT_MAX_OBJECT_CONTEXT - the maximum size of an object context that will be returned by TPM2_ContextSave"}, {(PT_FIXED + 34), "TPM_PT_MAX_SESSION_CONTEXT - the maximum size of a session context that will be returned by TPM2_ContextSave"}, {(PT_FIXED + 35), "TPM_PT_PS_FAMILY_INDICATOR - platform-specific family (a TPM_PS value)(see Table 24)"}, {(PT_FIXED + 36), "TPM_PT_PS_LEVEL - the level of the platform-specific specification"}, {(PT_FIXED + 37), "TPM_PT_PS_REVISION - the specification Revision times 100 for the platform-specific specification"}, {(PT_FIXED + 38), "TPM_PT_PS_DAY_OF_YEAR - the platform-specific specification day of year using TCG calendar"}, {(PT_FIXED + 39), "TPM_PT_PS_YEAR - the platform-specific specification year using the CE"}, {(PT_FIXED + 40), "TPM_PT_SPLIT_MAX - the number of split signing operations supported by the TPM"}, {(PT_FIXED + 41), "TPM_PT_TOTAL_COMMANDS - total number of commands implemented in the TPM"}, {(PT_FIXED + 42), "TPM_PT_LIBRARY_COMMANDS - number of commands from the TPM library that are implemented"}, {(PT_FIXED + 43), "TPM_PT_VENDOR_COMMANDS - number of vendor commands that are implemented"}, {(PT_FIXED + 44), "TPM_PT_NV_BUFFER_MAX - the maximum data size in one NV write command"}, {(PT_FIXED + 45) ,"TPM_PT_MODES - a TPMA_MODES value, indicating that the TPM is designed for these modes"}, {(PT_FIXED + 46) ,"TPM_PT_MAX_CAP_BUFFER - the maximum size of a TPMS_CAPABILITY_DATA structure returned in TPM2_GetCapability"}, {(PT_VAR + 0), "TPM_PT_PERMANENT - TPMA_PERMANENT "}, {(PT_VAR + 1), "TPM_PT_STARTUP_CLEAR - TPMA_STARTUP_CLEAR "}, {(PT_VAR + 2), "TPM_PT_HR_NV_INDEX - the number of NV Indexes currently defined "}, {(PT_VAR + 3), "TPM_PT_HR_LOADED - the number of authorization sessions currently loaded into TPM RAM"}, {(PT_VAR + 4), "TPM_PT_HR_LOADED_AVAIL - the number of additional authorization sessions, of any type, that could be loaded into TPM RAM"}, {(PT_VAR + 5), "TPM_PT_HR_ACTIVE - the number of active authorization sessions currently being tracked by the TPM"}, {(PT_VAR + 6), "TPM_PT_HR_ACTIVE_AVAIL - the number of additional authorization sessions, of any type, that could be created"}, {(PT_VAR + 7), "TPM_PT_HR_TRANSIENT_AVAIL - estimate of the number of additional transient objects that could be loaded into TPM RAM"}, {(PT_VAR + 8), "TPM_PT_HR_PERSISTENT - the number of persistent objects currently loaded into TPM NV memory"}, {(PT_VAR + 9), "TPM_PT_HR_PERSISTENT_AVAIL - the number of additional persistent objects that could be loaded into NV memory"}, {(PT_VAR + 10), "TPM_PT_NV_COUNTERS - the number of defined NV Indexes that have NV TPMA_NV_COUNTER attribute SET"}, {(PT_VAR + 11), "TPM_PT_NV_COUNTERS_AVAIL - the number of additional NV Indexes that can be defined with their TPMA_NV_COUNTER and TPMA_NV_ORDERLY attribute SET"}, {(PT_VAR + 12), "TPM_PT_ALGORITHM_SET - code that limits the algorithms that may be used with the TPM"}, {(PT_VAR + 13), "TPM_PT_LOADED_CURVES - the number of loaded ECC curves "}, {(PT_VAR + 14), "TPM_PT_LOCKOUT_COUNTER - the current value of the lockout counter (failedTries) "}, {(PT_VAR + 15), "TPM_PT_MAX_AUTH_FAIL - the number of authorization failures before DA lockout is invoked"}, {(PT_VAR + 16), "TPM_PT_LOCKOUT_INTERVAL - the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented"}, {(PT_VAR + 17), "TPM_PT_LOCKOUT_RECOVERY - the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again"}, {(PT_VAR + 18), "TPM_PT_NV_WRITE_RECOVERY - number of milliseconds before the TPM will accept another command that will modify NV"}, {(PT_VAR + 19), "TPM_PT_AUDIT_COUNTER_0 - the high-order 32 bits of the command audit counter "}, {(PT_VAR + 20), "TPM_PT_AUDIT_COUNTER_1 - the low-order 32 bits of the command audit counter"}, }; static TPM_RC responseTpmProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_TAGGED_TPM_PROPERTY *tpmProperties = (TPML_TAGGED_TPM_PROPERTY *)&(capabilityData->data); property = property; printf("%u properties\n", tpmProperties->count); for (count = 0 ; count < tpmProperties->count ; count++) { TPMS_TAGGED_PROPERTY *tpmProperty = &(tpmProperties->tpmProperty[count]); const char *ptText = NULL; size_t i; for (i = 0 ; i < (sizeof(ptTable) / sizeof(PT_TABLE)) ; i++) { if (tpmProperty->property == ptTable[i].pt) { ptText = ptTable[i].ptText; break; } } if (ptText == NULL) { ptText = "PT unknown"; } printf("TPM_PT %08x value %08x %s\n", tpmProperty->property, tpmProperty->value, ptText); } return rc; } typedef struct { TPM_PT_PCR ptPcr; const char *ptPcrText; } PT_PCR_TABLE; static PT_PCR_TABLE ptPcrTable [] = { {TPM_PT_PCR_SAVE, "TPM_PT_PCR_SAVE - PCR is saved and restored by TPM_SU_STATE"}, {TPM_PT_PCR_EXTEND_L0, "TPM_PT_PCR_EXTEND_L0 - PCR may be extended from locality 0"}, {TPM_PT_PCR_RESET_L0, "TPM_PT_PCR_RESET_L0 - PCR may be reset by TPM2_PCR_Reset() from locality 0"}, {TPM_PT_PCR_EXTEND_L1, "TPM_PT_PCR_EXTEND_L1 - PCR may be extended from locality 1"}, {TPM_PT_PCR_RESET_L1, "TPM_PT_PCR_RESET_L1 - PCR may be reset by TPM2_PCR_Reset() from locality 1"}, {TPM_PT_PCR_EXTEND_L2, "TPM_PT_PCR_EXTEND_L2 - PCR may be extended from locality 2"}, {TPM_PT_PCR_RESET_L2, "TPM_PT_PCR_RESET_L2 - PCR may be reset by TPM2_PCR_Reset() from locality 2"}, {TPM_PT_PCR_EXTEND_L3, "TPM_PT_PCR_EXTEND_L3 - PCR may be extended from locality 3"}, {TPM_PT_PCR_RESET_L3, "TPM_PT_PCR_RESET_L3 - PCR may be reset by TPM2_PCR_Reset() from locality 3"}, {TPM_PT_PCR_EXTEND_L4, "TPM_PT_PCR_EXTEND_L4 - PCR may be extended from locality 4"}, {TPM_PT_PCR_RESET_L4, "TPM_PT_PCR_RESET_L4 - PCR may be reset by TPM2_PCR_Reset() from locality 4"}, {TPM_PT_PCR_NO_INCREMENT, "TPM_PT_PCR_NO_INCREMENT - modifications to this PCR (reset or Extend) will not increment the pcrUpdateCounter"}, {TPM_PT_PCR_RESET_L4, "TPM_PT_PCR_RESET_L4 - PCR may be reset by TPM2_PCR_Reset() from locality 4"}, {TPM_PT_PCR_DRTM_RESET, "TPM_PT_PCR_DRTM_RESET - PCR is reset by a DRTM event"}, {TPM_PT_PCR_POLICY, "TPM_PT_PCR_POLICY - PCR is controlled by policy"}, {TPM_PT_PCR_AUTH, "TPM_PT_PCR_AUTH - PCR is controlled by an authorization value"} }; static TPM_RC responsePcrProperties(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; uint32_t count; TPML_TAGGED_PCR_PROPERTY *pcrProperties = (TPML_TAGGED_PCR_PROPERTY *)&(capabilityData->data); property = property; printf("%u properties\n", pcrProperties->count); for (count = 0 ; count < pcrProperties->count ; count++) { TPMS_TAGGED_PCR_SELECT *pcrProperty = &(pcrProperties->pcrProperty[count]); const char *ptPcrText = NULL; size_t i; for (i = 0 ; i < (sizeof(ptPcrTable) / sizeof(PT_PCR_TABLE)) ; i++) { if (pcrProperty->tag == ptPcrTable[i].ptPcr) { /* the property identifier */ ptPcrText = ptPcrTable[i].ptPcrText; break; } } if (ptPcrText == NULL) { ptPcrText = "PT unknown"; } printf("TPM_PT_PCR %08x %s\n", pcrProperty->tag, ptPcrText); for (i = 0 ; i < pcrProperty->sizeofSelect ; i++) { /* the size in octets of the pcrSelect array */ printf("PCR %u-%u \tpcrSelect\t%02x\n", (unsigned int)i*8, (unsigned int)(i*8) + 7, pcrProperty->pcrSelect[i]); } } return rc; } static TPM_RC responseEccCurves(TPMS_CAPABILITY_DATA *capabilityData, uint32_t property) { TPM_RC rc = 0; property = property; capabilityData = capabilityData; printf("unimplemented\n"); return rc; } static void printUsage(TPM_CAP capability) { size_t i; printf("\n"); printf("getcapability\n"); printf("\n"); printf("Runs TPM2_GetCapability\n"); printf("\n"); printf("\t-cap capability\n"); printf("\t-pr property (defaults to 0)\n"); printf("\t-pc propertyCount (defaults to 64)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t80 command audit\n"); printf("\n"); /* call the usage function in the capability table */ for (i = 0 ; i < (sizeof(capabilityTable) / sizeof(CAPABILITY_TABLE)) ; i++) { if (capabilityTable[i].capability == capability) { capabilityTable[i].usageFunction(); exit(1); } } printf("unknown -cap %08x\n", capability); usageCapability(); exit(1); } static void usageCapability(void) { printf("-cap values\n" "\n" "TPM_CAP_ALGS 0\n" "TPM_CAP_HANDLES 1\n" "TPM_CAP_COMMANDS 2\n" "TPM_CAP_PP_COMMANDS 3\n" "TPM_CAP_AUDIT_COMMANDS 4\n" "TPM_CAP_PCRS 5\n" "TPM_CAP_TPM_PROPERTIES 6\n" "TPM_CAP_PCR_PROPERTIES 7\n" "TPM_CAP_ECC_CURVES 8\n" ); return; } static void usageAlgs(void) { printf("TPM_CAP_ALGS -pr not used\n"); return; } static void usageHandles(void) { printf("TPM_CAP_HANDLES -pr values\n" "\n" "TPM_HT_PCR 0x00000000\n" "TPM_HT_NV_INDEX 0x01000000\n" "TPM_HT_LOADED_SESSION 0x02000000\n" "TPM_HT_SAVED_SESSION 0x03000000\n" "TPM_HT_PERMANENT 0x40000000\n" "TPM_HT_TRANSIENT 0x80000000\n" "TPM_HT_PERSISTENT 0x81000000\n" ); return; } static void usageCommands(void) { printf("TPM_CAP_COMMANDS -pr is first command\n"); return; } ; static void usagePpCommands(void) { printf("TPM_CAP_PP_COMMANDS -pr is first command\n"); return; } static void usageAuditCommands(void) { printf("TPM_CAP_AUDIT_COMMANDS -pr is first command\n"); return; } static void usagePcrs(void) { printf("TPM_CAP_PCRS -pr is not used\n"); return; } static void usageTpmProperties(void) { printf("TPM_CAP_TPM_PROPERTIES -pr is first property\n"); printf("\tPT_FIXED starts at %08x\n", PT_FIXED); printf("\tPT_VAR starts at %08x\n", PT_VAR); return; } static void usagePcrProperties(void) { printf("TPM_CAP_PCR_PROPERTIES -pr is the first property\n"); return; } static void usageEccCurves(void) { printf("unimplemented\n"); return; } ./utils/contextload.c0000644000175000017500000001056413073751306013026 0ustar lo1lo1/********************************************************************************/ /* */ /* ContextLoad */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: contextload.c 984 2017-04-13 19:34:30Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ContextLoad_In in; ContextLoad_Out out; const char *contextFilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i #include #include "tssproperties.h" #ifndef TPM_NOSOCKET #include "tsssocket.h" #endif #include #include #ifdef TPM_POSIX #include "tssdev.h" #endif #ifdef TPM_WINDOWS #ifdef TPM_WINDOWS_TBSI #include "tsstbsi.h" #endif #endif #include extern int tssVverbose; extern int tssVerbose; /* local prototypes */ /* TSS_TransmitPlatform() transmits an administrative out of band command to the TPM. Supported by the simulator, not the TPM device. */ TPM_RC TSS_TransmitPlatform(TSS_CONTEXT *tssContext, uint32_t command, const char *message) { TPM_RC rc = 0; #ifndef TPM_NOSOCKET if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) { rc = TSS_Socket_TransmitPlatform(tssContext, command, message); } else #else command = command; message = message; #endif if ((strcmp(tssContext->tssInterfaceType, "dev") == 0)) { if (tssVerbose) printf("TSS_TransmitPlatform: device %s unsupported\n", tssContext->tssInterfaceType); rc = TSS_RC_INSUPPORTED_INTERFACE; } else { if (tssVerbose) printf("TSS_TransmitPlatform: device %s unsupported\n", tssContext->tssInterfaceType); rc = TSS_RC_INSUPPORTED_INTERFACE; } return rc; } /* TSS_Transmit() transmits a TPM command packet and receives a response. */ TPM_RC TSS_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message) { TPM_RC rc = 0; #ifndef TPM_NOSOCKET if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) { rc = TSS_Socket_Transmit(tssContext, responseBuffer, read, commandBuffer, written, message); } else #endif if ((strcmp(tssContext->tssInterfaceType, "dev") == 0)) { #ifdef TPM_POSIX /* transmit through Linux device driver */ rc = TSS_Dev_Transmit(tssContext, responseBuffer, read, commandBuffer, written, message); #endif #ifdef TPM_WINDOWS /* transmit through Windows TBSI */ #ifdef TPM_WINDOWS_TBSI rc = TSS_Tbsi_Transmit(tssContext, responseBuffer, read, commandBuffer, written, message); #else if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n", tssContext->tssInterfaceType); rc = TSS_RC_INSUPPORTED_INTERFACE; #endif #endif } else { if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n", tssContext->tssInterfaceType); rc = TSS_RC_INSUPPORTED_INTERFACE; } return rc; } /* TSS_Close() closes the connection to the TPM */ TPM_RC TSS_Close(TSS_CONTEXT *tssContext) { TPM_RC rc = 0; /* only close if there was an open */ if (!tssContext->tssFirstTransmit) { #ifndef TPM_NOSOCKET if ((strcmp(tssContext->tssInterfaceType, "socsim") == 0)) { rc = TSS_Socket_Close(tssContext); } else #endif if ((strcmp(tssContext->tssInterfaceType, "dev") == 0)) { #ifdef TPM_POSIX /* transmit through Linux device driver */ rc = TSS_Dev_Close(tssContext); #endif #ifdef TPM_WINDOWS /* transmit through Windows TBSI */ #ifdef TPM_WINDOWS_TBSI rc = TSS_Tbsi_Close(tssContext); #else if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n", tssContext->tssInterfaceType); rc = TSS_RC_INSUPPORTED_INTERFACE; #endif #endif } else { if (tssVerbose) printf("TSS_Transmit: device %s unsupported\n", tssContext->tssInterfaceType); rc = TSS_RC_INSUPPORTED_INTERFACE; } tssContext->tssFirstTransmit = TRUE; } return rc; } ./utils/eventlib.h0000644000175000017500000001431513115776262012322 0ustar lo1lo1/********************************************************************************/ /* */ /* TPM2 Measurement Log Common Routines */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: eventlib.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef EVENTLIB_H #define EVENTLIB_H #include #include #include #include #define TPM_TSS #include #define TCG_EVENT_LEN_MAX 4096 #define ERR_STRUCTURE 1 /* this is not the stream for the structure to be parsed */ #define EV_PREBOOT_CERT 0x00 #define EV_POST_CODE 0x01 #define EV_UNUSED 0x02 #define EV_NO_ACTION 0x03 #define EV_SEPARATOR 0x04 #define EV_ACTION 0x05 #define EV_EVENT_TAG 0x06 #define EV_S_CRTM_CONTENTS 0x07 #define EV_S_CRTM_VERSION 0x08 #define EV_CPU_MICROCODE 0x09 #define EV_PLATFORM_CONFIG_FLAGS 0x0A #define EV_TABLE_OF_DEVICES 0x0B #define EV_COMPACT_HASH 0x0C #define EV_IPL 0x0D #define EV_IPL_PARTITION_DATA 0x0E #define EV_NONHOST_CODE 0x0F #define EV_NONHOST_CONFIG 0x10 #define EV_NONHOST_INFO 0x11 #define EV_OMIT_BOOT_DEVICE_EVENTS 0x12 #define EV_EFI_EVENT_BASE 0x80000000 #define EV_EFI_VARIABLE_DRIVER_CONFIG 0x80000001 #define EV_EFI_VARIABLE_BOOT 0x80000002 #define EV_EFI_BOOT_SERVICES_APPLICATION 0x80000003 #define EV_EFI_BOOT_SERVICES_DRIVER 0x80000004 #define EV_EFI_RUNTIME_SERVICES_DRIVER 0x80000005 #define EV_EFI_GPT_EVENT 0x80000006 #define EV_EFI_ACTION 0x80000007 #define EV_EFI_PLATFORM_FIRMWARE_BLOB 0x80000008 #define EV_EFI_HANDOFF_TABLES 0x80000009 #define EV_EFI_HCRTM_EVENT 0x80000010 #define EV_EFI_VARIABLE_AUTHORITY 0x800000E0 /* TCG_PCR_EVENT is the TPM 1.2 SHA-1 event log entry format. It is defined in the TCG PC Client Specific Implementation Specification for Conventional BIOS, where it is called TCG_PCClientPCREventStruc. In the PFP, it's called TCG_PCClientPCREvent. I renamed it to be consistent with the TPM 2.0 naming. */ typedef struct tdTCG_PCR_EVENT { uint32_t pcrIndex; uint32_t eventType; uint8_t digest[SHA1_DIGEST_SIZE]; uint32_t eventDataSize; uint8_t event[TCG_EVENT_LEN_MAX]; } TCG_PCR_EVENT; /* TCG_PCR_EVENT2 is the TPM 2.0 hash agile event log entry format. It is defined in the PFP - TCG PC Client Platform Firmware Profile Specification. */ typedef struct tdTCG_PCR_EVENT2 { uint32_t pcrIndex; uint32_t eventType; TPML_DIGEST_VALUES digests; uint32_t eventSize; uint8_t event[TCG_EVENT_LEN_MAX]; } TCG_PCR_EVENT2; /* TCG_EfiSpecIdEventAlgorithmSize is a hash agile mapping of algorithmId to digestSize. It is part of the first event log entry. It permits a parser to unmarshal en event log that contains hash algorithms that are unknown to the parser. */ typedef struct tdTCG_EfiSpecIdEventAlgorithmSize { uint16_t algorithmId; uint16_t digestSize; } TCG_EfiSpecIdEventAlgorithmSize; /* TCG_EfiSpecIDEvent is the event field of the first TCG_PCR_EVENT entry in a hash agile TPM 2.0 format log. */ typedef struct tdTCG_EfiSpecIdEvent { uint8_t signature[16]; uint32_t platformClass; uint8_t specVersionMinor; uint8_t specVersionMajor; uint8_t specErrata; uint8_t uintnSize; uint32_t numberOfAlgorithms; TCG_EfiSpecIdEventAlgorithmSize digestSizes[HASH_COUNT]; uint8_t vendorInfoSize; uint8_t vendorInfo[0xff]; } TCG_EfiSpecIDEvent; #ifdef __cplusplus extern "C" { #endif int TSS_EVENT_Line_Read(TCG_PCR_EVENT *event, int *endOfFile, FILE *inFile); int TSS_EVENT2_Line_Read(TCG_PCR_EVENT2 *event2, int *endOfFile, FILE *inFile); TPM_RC TSS_EVENT2_Line_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written, uint8_t **buffer, int32_t *size); TPM_RC TSS_EVENT2_Line_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, INT32 *size); TPM_RC TSS_EVENT2_PCR_Extend(TPMT_HA pcrs[8], TCG_PCR_EVENT2 *event2); void TSS_EVENT_Line_Trace(TCG_PCR_EVENT *event); void TSS_EVENT2_Line_Trace(TCG_PCR_EVENT2 *event); TPM_RC TSS_SpecIdEvent_Unmarshal(TCG_EfiSpecIDEvent *specIdEvent, uint32_t eventSize, uint8_t *event); void TSS_SpecIdEvent_Trace(TCG_EfiSpecIDEvent *specIdEvent); const char *TSS_EVENT_EventTypeToString(uint32_t eventType); #ifdef __cplusplus } #endif #endif ./utils/reg.bat0000644000175000017500000001701613075666323011610 0ustar lo1lo1@echo off REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: reg.bat 991 2017-04-19 13:57:39Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion set soc= set mssim= if "%TPM_INTERFACE_TYPE%" == "" ( set soc=1 ) if "%TPM_INTERFACE_TYPE%" == "socsim" ( set soc=1 ) if defined soc ( if "%TPM_SERVER_TYPE%" == "" ( set mssim=1 ) if "%TPM_SERVER_TYPE%" == "mssim" ( set mssim=1 ) ) if defined mssim ( call regtests\inittpm.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed inittpm.bat" exit /B 1 ) ) for /f %%i in ('%TPM_EXE_PATH%getrandom -by 16 -ns') do set TPM_SESSION_ENCKEY=%%i echo "Session state encryption key" echo %TPM_SESSION_ENCKEY% call regtests\initkeys.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed initkeys.bat" exit /B 1 ) call regtests\testrng.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testrng.bat" exit /B 1 ) call regtests\testpcr.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testpcr.bat" exit /B 1 ) call regtests\testprimary.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testprimary.bat" exit /B 1 ) call regtests\testcreateloaded.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failedtestcreateloaded .bat" exit /B 1 ) call regtests\testhmacsession.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testhmacsession.bat" exit /B 1 ) call regtests\testbind.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testbind.bat" exit /B 1 ) call regtests\testsalt.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testsalt.bat" exit /B 1 ) call regtests\testhierarchy.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testhierarchy.bat" exit /B 1 ) call regtests\teststorage.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed teststorage.bat" exit /B 1 ) call regtests\testchangeauth.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testchangeauth.bat" exit /B 1 ) call regtests\testencsession.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testencsession.bat" exit /B 1 ) call regtests\testsign.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testsign.bat" exit /B 1 ) call regtests\testnv.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testnv.bat" exit /B 1 ) call regtests\testnvpin.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testnvpin.bat" exit /B 1 ) call regtests\testevict.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testevict.bat" exit /B 1 ) call regtests\testrsa.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testrsa.bat" exit /B 1 ) call regtests\testaes.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testaes.bat" exit /B 1 ) call regtests\testaes138.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testaes138.bat" exit /B 1 ) call regtests\testhmac.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testhmac.bat" exit /B 1 ) call regtests\testattest.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testattest.bat" exit /B 1 ) call regtests\testpolicy.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testpolicy.bat" exit /B 1 ) call regtests\testpolicy138.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testpolicy138.bat" exit /B 1 ) call regtests\testcontext.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testcontext.bat" exit /B 1 ) call regtests\testclocks.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testclocks.bat" exit /B 1 ) call regtests\testda.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testda.bat" exit /B 1 ) call regtests\testunseal.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testunseal.bat" exit /B 1 ) call regtests\testdup.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testdup.bat" exit /B 1 ) call regtests\testecc.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testecc.bat" exit /B 1 ) call regtests\testcredential.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testecc.bat" exit /B 1 ) call regtests\testshutdown.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testshutdown.bat" exit /B 1 ) call regtests\testchangeseed.bat IF !ERRORLEVEL! NEQ 0 ( echo "" echo "Failed testchangeseed.bat" exit /B 1 ) REM cleanup %TPM_EXE_PATH%flushcontext -ha 80000000 rm -f dec.bin rm -f derpriv.bin rm -f derpub.bin rm -f despriv.bin rm -f despub.bin rm -f empty.bin rm -f enc.bin rm -f khprivsha1.bin rm -f khprivsha256.bin rm -f khprivsha384.bin rm -f khpubsha1.bin rm -f khpubsha256.bin rm -f khpubsha384.bin rm -f msg.bin rm -f noncetpm.bin rm -f policyapproved.bin rm -f pssig.bin rm -f run.out rm -f sig.bin rm -f signpriv.bin rm -f signpub.bin rm -f signpub.pem rm -f signeccpriv.bin rm -f signeccpub.bin rm -f signeccpub.pem rm -f signpub.pem rm -f signrpriv.bin rm -f signrpub.bin rm -f signrpub.pem rm -f storepriv.bin rm -f storepub.bin rm -f storeeccpub.bin rm -f storeeccpriv.bin rm -f tkt.bin rm -f tmp.bin rm -f tmp1.bin rm -f tmp2.bin rm -f tmppriv.bin rm -f tmppub.bin rm -f tmpsha1.bin rm -f tmpsha256.bin rm -f tmpsha384.bin rm -f tmpspriv.bin rm -f tmpspub.bin rm -f to.bin rm -f zero.bin echo "" echo "Success" ./utils/tss2/0000751000175000017500000000000013133212567011215 5ustar lo1lo1./utils/tss2/PolicyTicket_fp.h0000644000175000017500000001001113013664115014450 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyTicket_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYTICKET_FP_H #define POLICYTICKET_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_TIMEOUT timeout; TPM2B_DIGEST cpHashA; TPM2B_NONCE policyRef; TPM2B_NAME authName; TPMT_TK_AUTH ticket; } PolicyTicket_In; #define RC_PolicyTicket_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyTicket_timeout (TPM_RC_P + TPM_RC_1) #define RC_PolicyTicket_cpHashA (TPM_RC_P + TPM_RC_2) #define RC_PolicyTicket_policyRef (TPM_RC_P + TPM_RC_3) #define RC_PolicyTicket_authName (TPM_RC_P + TPM_RC_4) #define RC_PolicyTicket_ticket (TPM_RC_P + TPM_RC_5) TPM_RC TPM2_PolicyTicket( PolicyTicket_In *in // IN: input parameter list ); #endif ./utils/tss2/PCR_Extend_fp.h0000644000175000017500000000724712742246532014030 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PCR_Extend_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef PCR_EXTEND_FP_H #define PCR_EXTEND_FP_H typedef struct { TPMI_DH_PCR pcrHandle; TPML_DIGEST_VALUES digests; } PCR_Extend_In; #define RC_PCR_Extend_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_Extend_digests (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PCR_Extend( PCR_Extend_In *in // IN: input parameter list ); #endif ./utils/tss2/Import_fp.h0000644000175000017500000001017512742246532013341 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Import_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef IMPORT_FP_H #define IMPORT_FP_H typedef struct { TPMI_DH_OBJECT parentHandle; TPM2B_DATA encryptionKey; TPM2B_PUBLIC objectPublic; TPM2B_PRIVATE duplicate; TPM2B_ENCRYPTED_SECRET inSymSeed; TPMT_SYM_DEF_OBJECT symmetricAlg; } Import_In; #define RC_Import_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_Import_encryptionKey (TPM_RC_P + TPM_RC_1) #define RC_Import_objectPublic (TPM_RC_P + TPM_RC_2) #define RC_Import_duplicate (TPM_RC_P + TPM_RC_3) #define RC_Import_inSymSeed (TPM_RC_P + TPM_RC_4) #define RC_Import_symmetricAlg (TPM_RC_P + TPM_RC_5) typedef struct { TPM2B_PRIVATE outPrivate; } Import_Out; TPM_RC TPM2_Import( Import_In *in, // IN: input parameter list Import_Out *out // OUT: output parameter list ); #endif ./utils/tss2/Implementation.h0000644000175000017500000016417413070736653014403 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Implementation.h 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 124 */ // A.2 Implementation.h #ifndef _IMPLEMENTATION_H_ #define _IMPLEMENTATION_H_ #include #include #include #undef TRUE #undef FALSE // This table is built in to TpmStructures() Change these definitions to turn all algorithms or // commands on or off #define ALG_YES YES #define ALG_NO NO #define CC_YES YES #define CC_NO NO // From TPM 2.0 Part 2: Table 4 - Defines for Logic Values #define TRUE 1 #define FALSE 0 #define YES 1 #define NO 0 #define SET 1 #define CLEAR 0 #ifndef MAX #define MAX(a, b) ((a) > (b) ? (a) : (b)) #endif #ifndef MIN # define MIN(a, b) ((a) < (b) ? (a) : (b)) #endif // From Vendor-Specific: Table 1 - Defines for Processor Values #define BIG_ENDIAN_TPM NO /* to YES or NO according to the processor */ #define LITTLE_ENDIAN_TPM YES /* to YES or NO according to the processor */ #define NO_AUTO_ALIGN NO /* to YES if the processor does not allow unaligned accesses */ // From Vendor-Specific: Table 2 - Defines for Implemented Algorithms #define ALG_RSA ALG_YES #define ALG_SHA1 ALG_YES #define ALG_HMAC ALG_YES #define ALG_TDES ALG_YES #define ALG_AES ALG_YES #define ALG_MGF1 ALG_YES #define ALG_XOR ALG_YES #define ALG_KEYEDHASH ALG_YES #define ALG_SHA256 ALG_YES #define ALG_SHA384 ALG_YES #define ALG_SHA512 ALG_NO #define ALG_SHA3_256 ALG_NO #define ALG_SHA3_384 ALG_NO #define ALG_SHA3_512 ALG_NO #define ALG_SM3_256 ALG_NO #define ALG_SM4 ALG_NO #define ALG_RSASSA (ALG_YES*ALG_RSA) #define ALG_RSAES (ALG_YES*ALG_RSA) #define ALG_RSAPSS (ALG_YES*ALG_RSA) #define ALG_OAEP (ALG_YES*ALG_RSA) #define ALG_ECC ALG_YES #define ALG_ECDH (ALG_YES*ALG_ECC) #define ALG_ECDSA (ALG_YES*ALG_ECC) #define ALG_ECDAA (ALG_YES*ALG_ECC) #define ALG_SM2 (ALG_YES*ALG_ECC) #define ALG_ECSCHNORR (ALG_YES*ALG_ECC) #define ALG_ECMQV (ALG_NO*ALG_ECC) #define ALG_SYMCIPHER ALG_YES #define ALG_KDF1_SP800_56A (ALG_YES*ALG_ECC) #define ALG_KDF2 ALG_NO #define ALG_KDF1_SP800_108 ALG_YES #define ALG_CTR ALG_YES #define ALG_OFB ALG_YES #define ALG_CBC ALG_YES #define ALG_CFB ALG_YES #define ALG_ECB ALG_YES // From Vendor-Specific: Table 4 - Defines for Key Size Constants #define RSA_KEY_SIZES_BITS {1024,2048} #define RSA_KEY_SIZE_BITS_1024 RSA_ALLOWED_KEY_SIZE_1024 #define RSA_KEY_SIZE_BITS_2048 RSA_ALLOWED_KEY_SIZE_2048 #define MAX_RSA_KEY_BITS 2048 #define MAX_RSA_KEY_BYTES 256 #define TDES_KEY_SIZES_BITS {128,192} #define TDES_KEY_SIZE_BITS_128 TDES_ALLOWED_KEY_SIZE_128 #define TDES_KEY_SIZE_BITS_192 TDES_ALLOWED_KEY_SIZE_192 #define MAX_TDES_KEY_BITS 192 #define MAX_TDES_KEY_BYTES 24 #define MAX_TDES_BLOCK_SIZE_BYTES \ MAX(TDES_128_BLOCK_SIZE_BYTES, \ MAX(TDES_192_BLOCK_SIZE_BYTES, 0)) #define AES_KEY_SIZES_BITS {128,256} #define AES_KEY_SIZE_BITS_128 AES_ALLOWED_KEY_SIZE_128 #define AES_KEY_SIZE_BITS_256 AES_ALLOWED_KEY_SIZE_256 #define MAX_AES_KEY_BITS 256 #define MAX_AES_KEY_BYTES 32 #define MAX_AES_BLOCK_SIZE_BYTES \ MAX(AES_128_BLOCK_SIZE_BYTES, \ MAX(AES_256_BLOCK_SIZE_BYTES, 0)) #define SM4_KEY_SIZES_BITS {128} #define SM4_KEY_SIZE_BITS_128 SM4_ALLOWED_KEY_SIZE_128 #define MAX_SM4_KEY_BITS 128 #define MAX_SM4_KEY_BYTES 16 #define MAX_SM4_BLOCK_SIZE_BYTES \ MAX(SM4_128_BLOCK_SIZE_BYTES, 0) #define CAMELLIA_KEY_SIZES_BITS {128} #define CAMELLIA_KEY_SIZE_BITS_128 CAMELLIA_ALLOWED_KEY_SIZE_128 #define MAX_CAMELLIA_KEY_BITS 128 #define MAX_CAMELLIA_KEY_BYTES 16 #define MAX_CAMELLIA_BLOCK_SIZE_BYTES \ MAX(CAMELLIA_128_BLOCK_SIZE_BYTES, 0) // From Vendor-Specific: Table 5 - Defines for Implemented Curves #define ECC_NIST_P256 YES #define ECC_NIST_P384 YES #define ECC_BN_P256 YES #define ECC_CURVES \ {TPM_ECC_BN_P256, TPM_ECC_NIST_P256, TPM_ECC_NIST_P384} #define ECC_KEY_SIZES_BITS {256, 384} #define ECC_KEY_SIZE_BITS_256 #define ECC_KEY_SIZE_BITS_384 #define MAX_ECC_KEY_BITS 384 #define MAX_ECC_KEY_BYTES 48 // From Vendor-Specific: Table 6 - Defines for Implemented Commands #define CC_ActivateCredential CC_YES #define CC_Certify CC_YES #define CC_CertifyCreation CC_YES #define CC_ChangeEPS CC_YES #define CC_ChangePPS CC_YES #define CC_Clear CC_YES #define CC_ClearControl CC_YES #define CC_ClockRateAdjust CC_YES #define CC_ClockSet CC_YES #define CC_Commit (CC_YES*ALG_ECC) #define CC_ContextLoad CC_YES #define CC_ContextSave CC_YES #define CC_Create CC_YES #define CC_CreatePrimary CC_YES #define CC_DictionaryAttackLockReset CC_YES #define CC_DictionaryAttackParameters CC_YES #define CC_Duplicate CC_YES #define CC_ECC_Parameters (CC_YES*ALG_ECC) #define CC_ECDH_KeyGen (CC_YES*ALG_ECC) #define CC_ECDH_ZGen (CC_YES*ALG_ECC) #define CC_EncryptDecrypt CC_YES #define CC_EventSequenceComplete CC_YES #define CC_EvictControl CC_YES #define CC_FieldUpgradeData CC_NO #define CC_FieldUpgradeStart CC_NO #define CC_FirmwareRead CC_NO #define CC_FlushContext CC_YES #define CC_GetCapability CC_YES #define CC_GetCommandAuditDigest CC_YES #define CC_GetRandom CC_YES #define CC_GetSessionAuditDigest CC_YES #define CC_GetTestResult CC_YES #define CC_GetTime CC_YES #define CC_Hash CC_YES #define CC_HashSequenceStart CC_YES #define CC_HierarchyChangeAuth CC_YES #define CC_HierarchyControl CC_YES #define CC_HMAC CC_YES #define CC_HMAC_Start CC_YES #define CC_Import CC_YES #define CC_IncrementalSelfTest CC_YES #define CC_Load CC_YES #define CC_LoadExternal CC_YES #define CC_MakeCredential CC_YES #define CC_NV_Certify CC_YES #define CC_NV_ChangeAuth CC_YES #define CC_NV_DefineSpace CC_YES #define CC_NV_Extend CC_YES #define CC_NV_GlobalWriteLock CC_YES #define CC_NV_Increment CC_YES #define CC_NV_Read CC_YES #define CC_NV_ReadLock CC_YES #define CC_NV_ReadPublic CC_YES #define CC_NV_SetBits CC_YES #define CC_NV_UndefineSpace CC_YES #define CC_NV_UndefineSpaceSpecial CC_YES #define CC_NV_Write CC_YES #define CC_NV_WriteLock CC_YES #define CC_ObjectChangeAuth CC_YES #define CC_PCR_Allocate CC_YES #define CC_PCR_Event CC_YES #define CC_PCR_Extend CC_YES #define CC_PCR_Read CC_YES #define CC_PCR_Reset CC_YES #define CC_PCR_SetAuthPolicy CC_YES #define CC_PCR_SetAuthValue CC_YES #define CC_PolicyAuthorize CC_YES #define CC_PolicyAuthorizeNV CC_YES #define CC_PolicyAuthValue CC_YES #define CC_PolicyCommandCode CC_YES #define CC_PolicyCounterTimer CC_YES #define CC_PolicyCpHash CC_YES #define CC_PolicyDuplicationSelect CC_YES #define CC_PolicyGetDigest CC_YES #define CC_PolicyLocality CC_YES #define CC_PolicyNameHash CC_YES #define CC_PolicyNV CC_YES #define CC_PolicyOR CC_YES #define CC_PolicyPassword CC_YES #define CC_PolicyPCR CC_YES #define CC_PolicyPhysicalPresence CC_YES #define CC_PolicyRestart CC_YES #define CC_PolicySecret CC_YES #define CC_PolicySigned CC_YES #define CC_PolicyTicket CC_YES #define CC_PP_Commands CC_YES #define CC_Quote CC_YES #define CC_ReadClock CC_YES #define CC_ReadPublic CC_YES #define CC_Rewrap CC_YES #define CC_RSA_Decrypt (CC_YES*ALG_RSA) #define CC_RSA_Encrypt (CC_YES*ALG_RSA) #define CC_SelfTest CC_YES #define CC_SequenceComplete CC_YES #define CC_SequenceUpdate CC_YES #define CC_SetAlgorithmSet CC_YES #define CC_SetCommandCodeAuditStatus CC_YES #define CC_SetPrimaryPolicy CC_YES #define CC_Shutdown CC_YES #define CC_Sign CC_YES #define CC_StartAuthSession CC_YES #define CC_Startup CC_YES #define CC_StirRandom CC_YES #define CC_TestParms CC_YES #define CC_Unseal CC_YES #define CC_VerifySignature CC_YES #define CC_ZGen_2Phase (CC_YES*ALG_ECC) #define CC_EC_Ephemeral (CC_YES*ALG_ECC) #define CC_PolicyNvWritten CC_YES #define CC_PolicyTemplate CC_YES #define CC_CreateLoaded CC_YES #define CC_PolicyAuthorizeNV CC_YES #define CC_EncryptDecrypt2 CC_YES #define CC_Vendor_TCG_Test CC_YES #ifdef TPM_NUVOTON #define CC_NTC2_PreConfig CC_YES #define CC_NTC2_LockPreConfig CC_YES #define CC_NTC2_GetConfig CC_YES #endif // From Vendor-Specific: Table 7 - Defines for Implementation Values #define FIELD_UPGRADE_IMPLEMENTED NO /* temporary define */ #define BSIZE UINT16 /* size used for internal storage of the size field of a TPM2B */ #define BUFFER_ALIGNMENT 4 /* sets the size granularity for the buffers in a TPM2B structure */ #define IMPLEMENTATION_PCR 24 /* the number of PCR in the TPM */ #define PLATFORM_PCR 24 /* the number of PCR required by the relevant platform specification */ #define DRTM_PCR 17 /* the DRTM PCR */ #define HCRTM_PCR 0 /* PCR that will receive the H-CRTM value at TPM2_Startup. This value should not be changed. */ #define NUM_LOCALITIES 5 /* the number of localities supported by the TPM */ #define MAX_HANDLE_NUM 3 /* the maximum number of handles in the handle area */ #define MAX_ACTIVE_SESSIONS 64 /* the number of simultaneously active sessions that are supported by the TPM implementation */ #define CONTEXT_SLOT UINT16 /* the type of an entry in the array of saved contexts */ #define CONTEXT_COUNTER UINT64 /* the type of the saved session counter */ #ifndef TPM_TSS #define MAX_LOADED_SESSIONS 3 /* the number of sessions that the TPM may have in memory */ #else /* TSS can permit maximum range */ #define MAX_LOADED_SESSIONS 0x10000000 #endif #define MAX_SESSION_NUM 3 /* this is the current maximum value */ #ifndef TPM_TSS #define MAX_LOADED_OBJECTS 3 /* the number of simultaneously loaded objects that are supported by the TPM */ #else /* TSS can permit maximum range */ #define MAX_LOADED_OBJECTS 0x10000000 #endif #define MIN_EVICT_OBJECTS 2 /* the minimum number of evict objects supported by the TPM */ #define PCR_SELECT_MIN ((PLATFORM_PCR+7)/8) #define PCR_SELECT_MAX ((IMPLEMENTATION_PCR+7)/8) #if 0 /* original Part 4 settings */ #define NUM_POLICY_PCR_GROUP 1 /* number of PCR groups that have individual policies */ #define NUM_AUTHVALUE_PCR_GROUP 1 /* number of PCR groups that have individual authorization values */ #endif /* kgold PC Client does not have PCR policy or authorization */ #define NUM_POLICY_PCR_GROUP 0 /* number of PCR groups that have individual policies */ #define NUM_AUTHVALUE_PCR_GROUP 0 /* number of PCR groups that have individual authorization values */ #define MAX_CONTEXT_SIZE 2048 /* This may be larger than necessary */ #ifndef TPM_TSS #define MAX_DIGEST_BUFFER 1024 #else #define MAX_DIGEST_BUFFER 2048 #endif #define MAX_NV_INDEX_SIZE 2048 /* maximum data size allowed in an NV Index */ #ifndef TPM_TSS #define MAX_NV_BUFFER_SIZE 1024 #else #define MAX_NV_BUFFER_SIZE 2048 #endif #ifndef TPM_TSS #define MAX_CAP_BUFFER 1024 #else #define MAX_CAP_BUFFER 2048 #endif #define NV_MEMORY_SIZE 16384 /* size of NV memory in octets */ #define NUM_STATIC_PCR 16 #define MAX_ALG_LIST_SIZE 64 /* number of algorithms that can be in a list */ #define TIMER_PRESCALE 100000 /* nominal value for the pre-scale value of Clock */ #define PRIMARY_SEED_SIZE 32 /* size of the Primary Seed in octets */ #define CONTEXT_ENCRYPT_ALG TPM_ALG_AES /* context encryption algorithm */ #define CONTEXT_ENCRYPT_KEY_BITS MAX_SYM_KEY_BITS /* context encryption key size in bits */ #define CONTEXT_ENCRYPT_KEY_BYTES ((CONTEXT_ENCRYPT_KEY_BITS+7)/8) #define CONTEXT_INTEGRITY_HASH_ALG TPM_ALG_SHA256 /* context integrity hash algorithm */ #define CONTEXT_INTEGRITY_HASH_SIZE SHA256_DIGEST_SIZE /* number of byes in the context integrity digest */ #define PROOF_SIZE CONTEXT_INTEGRITY_HASH_SIZE /* size of proof value in octets */ #define NV_CLOCK_UPDATE_INTERVAL 12 /* the update interval expressed as a power of 2 seconds */ #define NUM_POLICY_PCR 1 /* number of PCR that allow policy/auth */ #define MAX_COMMAND_SIZE 4096 /* maximum size of a command */ #define MAX_RESPONSE_SIZE 4096 /* maximum size of a response */ #define ORDERLY_BITS 8 /* number between 1 and 32 inclusive */ #define MAX_ORDERLY_COUNT ((1< #include /* copy of TpmTcpProtocol.h. These are only used with the SW TPM. */ #define TPM_SIGNAL_POWER_ON 1 #define TPM_SIGNAL_POWER_OFF 2 #define TPM_SIGNAL_NV_ON 11 /* copy of TpmTcpProtocol.h. These are only used with the SW TPM, but they may be used with a respurce manager in the future. */ #define TPM_SEND_COMMAND 8 #define TPM_SESSION_END 20 #ifdef __cplusplus extern "C" { #endif LIB_EXPORT TPM_RC TSS_TransmitPlatform(TSS_CONTEXT *tssContext, uint32_t command, const char *message); LIB_EXPORT TPM_RC TSS_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message); LIB_EXPORT TPM_RC TSS_Close(TSS_CONTEXT *tssContext); #ifdef __cplusplus } #endif #endif ./utils/tss2/SelfTest_fp.h0000644000175000017500000000712212742246532013616 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: SelfTest_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SELFTEST_FP_H #define SELFTEST_FP_H typedef struct{ TPMI_YES_NO fullTest; } SelfTest_In; #define RC_SelfTest_fullTest (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_SelfTest( SelfTest_In *in // IN: input parameter list ); #endif ./utils/tss2/CreatePrimary_fp.h0000644000175000017500000001042512742246532014634 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: CreatePrimary_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CREATEPRIMARY_FP_H #define CREATEPRIMARY_FP_H typedef struct { TPMI_RH_HIERARCHY primaryHandle; TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_PUBLIC inPublic; TPM2B_DATA outsideInfo; TPML_PCR_SELECTION creationPCR; } CreatePrimary_In; #define RC_CreatePrimary_primaryHandle (TPM_RC_H + TPM_RC_1) #define RC_CreatePrimary_inSensitive (TPM_RC_P + TPM_RC_1) #define RC_CreatePrimary_inPublic (TPM_RC_P + TPM_RC_2) #define RC_CreatePrimary_outsideInfo (TPM_RC_P + TPM_RC_3) #define RC_CreatePrimary_creationPCR (TPM_RC_P + TPM_RC_4) typedef struct { TPM_HANDLE objectHandle; TPM2B_PUBLIC outPublic; TPM2B_CREATION_DATA creationData; TPM2B_DIGEST creationHash; TPMT_TK_CREATION creationTicket; TPM2B_NAME name; } CreatePrimary_Out; TPM_RC TPM2_CreatePrimary( CreatePrimary_In *in, // IN: input parameter list CreatePrimary_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyDuplicationSelect_fp.h0000644000175000017500000000774512742246532016673 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyDuplicationSelect_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYDUPLICATIONSELECT_FP_H #define POLICYDUPLICATIONSELECT_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_NAME objectName; TPM2B_NAME newParentName; TPMI_YES_NO includeObject; } PolicyDuplicationSelect_In; #define RC_PolicyDuplicationSelect_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyDuplicationSelect_objectName (TPM_RC_P + TPM_RC_1) #define RC_PolicyDuplicationSelect_newParentName (TPM_RC_P + TPM_RC_2) #define RC_PolicyDuplicationSelect_includeObject (TPM_RC_P + TPM_RC_3) TPM_RC TPM2_PolicyDuplicationSelect( PolicyDuplicationSelect_In *in // IN: input parameter list ); #endif ./utils/tss2/tssutils.h0000644000175000017500000000716713025775531013304 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS and Application Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssutils.h 874 2016-12-19 15:23:05Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a semi-public header. The API is subject to change. It is useful rapid application development, and as sample code. It is risky for production code. */ #ifndef TSSUTILS_H #define TSSUTILS_H #include #ifndef TPM_TSS #define TPM_TSS #endif #include #ifdef __cplusplus extern "C" { #endif typedef TPM_RC (*UnmarshalFunction_t)(void *target, uint8_t **buffer, int32_t *size); typedef TPM_RC (*MarshalFunction_t)(void *source, uint16_t *written, uint8_t **buffer, int32_t *size); LIB_EXPORT TPM_RC TSS_Malloc(unsigned char **buffer, uint32_t size); LIB_EXPORT TPM_RC TSS_Realloc(unsigned char **buffer, uint32_t size); LIB_EXPORT TPM_RC TSS_Structure_Marshal(uint8_t **buffer, uint16_t *written, void *structure, MarshalFunction_t marshalFunction); LIB_EXPORT TPM_RC TSS_TPM2B_Copy(TPM2B *target, TPM2B *source, uint16_t targetSize); LIB_EXPORT TPM_RC TSS_TPM2B_Append(TPM2B *target, TPM2B *source, uint16_t targetSize); LIB_EXPORT TPM_RC TSS_TPM2B_Create(TPM2B *target, uint8_t *buffer, uint16_t size, uint16_t targetSize); LIB_EXPORT TPM_RC TSS_TPM2B_CreateUint32(TPM2B *target, uint32_t source, uint16_t targetSize); LIB_EXPORT TPM_RC TSS_TPM2B_StringCopy(TPM2B *target, const char *source, uint16_t targetSize); LIB_EXPORT BOOL TSS_TPM2B_Compare(TPM2B *expect, TPM2B *actual); #ifdef __cplusplus } #endif #ifndef TPM_TSS_NOFILE #include #endif #endif ./utils/tss2/Clear_fp.h0000644000175000017500000000707312742246532013120 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Clear_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CLEAR_FP_H #define CLEAR_FP_H typedef struct { TPMI_RH_CLEAR authHandle; } Clear_In; #define RC_Clear_authHandle (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_Clear( Clear_In *in // IN: input parameter list ); #endif ./utils/tss2/ActivateCredential_fp.h0000644000175000017500000001011612742246532015615 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ActivateCredential_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef ACTIVATECREDENTIAL_FP_H #define ACTIVATECREDENTIAL_FP_H typedef struct { TPMI_DH_OBJECT activateHandle; TPMI_DH_OBJECT keyHandle; TPM2B_ID_OBJECT credentialBlob; TPM2B_ENCRYPTED_SECRET secret; } ActivateCredential_In; #define RC_ActivateCredential_activateHandle (TPM_RC_H + TPM_RC_1) #define RC_ActivateCredential_keyHandle (TPM_RC_H + TPM_RC_2) #define RC_ActivateCredential_credentialBlob (TPM_RC_P + TPM_RC_1) #define RC_ActivateCredential_secret (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_DIGEST certInfo; } ActivateCredential_Out; TPM_RC TPM2_ActivateCredential( ActivateCredential_In *in, // IN: input parameter list ActivateCredential_Out *out // OUT: output parameter list ); #endif ./utils/tss2/SetAlgorithmSet_fp.h0000644000175000017500000000733412742246532015150 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: SetAlgorithmSet_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SETALGORITHMSET_FP_H #define SETALGORITHMSET_FP_H typedef struct { TPMI_RH_PLATFORM authHandle; UINT32 algorithmSet; } SetAlgorithmSet_In; #define RC_SetAlgorithmSet_authHandle (TPM_RC_H + TPM_RC_1) #define RC_SetAlgorithmSet_algorithmSet (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_SetAlgorithmSet( SetAlgorithmSet_In *in // IN: input parameter list ); #endif ./utils/tss2/Shutdown_fp.h0000644000175000017500000000712112742246532013677 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Shutdown_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SHUTDOWN_FP_H #define SHUTDOWN_FP_H typedef struct{ TPM_SU shutdownType; } Shutdown_In; #define RC_Shutdown_shutdownType (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_Shutdown( Shutdown_In *in // IN: input parameter list ); #endif ./utils/tss2/DictionaryAttackParameters_fp.h0000644000175000017500000000776613013664115017355 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: DictionaryAttackParameters_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef DICTIONARYATTACKPARAMETERS_FP_H #define DICTIONARYATTACKPARAMETERS_FP_H typedef struct { TPMI_RH_LOCKOUT lockHandle; UINT32 newMaxTries; UINT32 newRecoveryTime; UINT32 lockoutRecovery; } DictionaryAttackParameters_In; #define RC_DictionaryAttackParameters_lockHandle (TPM_RC_H + TPM_RC_1) #define RC_DictionaryAttackParameters_newMaxTries (TPM_RC_P + TPM_RC_1) #define RC_DictionaryAttackParameters_newRecoveryTime (TPM_RC_P + TPM_RC_2) #define RC_DictionaryAttackParameters_lockoutRecovery (TPM_RC_P + TPM_RC_3) TPM_RC TPM2_DictionaryAttackParameters( DictionaryAttackParameters_In *in // IN: input parameter list ); #endif ./utils/tss2/EncryptDecrypt_fp.h0000644000175000017500000001014112742246532015037 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: EncryptDecrypt_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef ENCRYPTDECRYPT_FP_H #define ENCRYPTDECRYPT_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; TPMI_YES_NO decrypt; TPMI_ALG_SYM_MODE mode; TPM2B_IV ivIn; TPM2B_MAX_BUFFER inData; } EncryptDecrypt_In; #define RC_EncryptDecrypt_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_EncryptDecrypt_decrypt (TPM_RC_P + TPM_RC_1) #define RC_EncryptDecrypt_mode (TPM_RC_P + TPM_RC_2) #define RC_EncryptDecrypt_ivIn (TPM_RC_P + TPM_RC_3) #define RC_EncryptDecrypt_inData (TPM_RC_P + TPM_RC_4) typedef struct { TPM2B_MAX_BUFFER outData; TPM2B_IV ivOut; } EncryptDecrypt_Out; TPM_RC TPM2_EncryptDecrypt( EncryptDecrypt_In *in, // IN: input parameter list EncryptDecrypt_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyCpHash_fp.h0000644000175000017500000000730113013664115014403 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyCpHash_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYCPHASH_FP_H #define POLICYCPHASH_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST cpHashA; } PolicyCpHash_In; #define RC_PolicyCpHash_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyCpHash_cpHashA (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PolicyCpHash( PolicyCpHash_In *in // IN: input parameter list ); #endif ./utils/tss2/Unseal_fp.h0000644000175000017500000000717212742246532013321 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Unseal_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef UNSEAL_FP_H #define UNSEAL_FP_H typedef struct { TPMI_DH_OBJECT itemHandle; } Unseal_In; #define RC_Unseal_itemHandle (TPM_RC_H + TPM_RC_1) typedef struct { TPM2B_SENSITIVE_DATA outData; } Unseal_Out; TPM_RC TPM2_Unseal( Unseal_In *in, Unseal_Out *out ); #endif ./utils/tss2/HierarchyChangeAuth_fp.h0000644000175000017500000000737012742246532015740 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: HierarchyChangeAuth_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef HIERARCHYCHANGEAUTH_FP_H #define HIERARCHYCHANGEAUTH_FP_H typedef struct { TPMI_RH_HIERARCHY_AUTH authHandle; TPM2B_AUTH newAuth; } HierarchyChangeAuth_In; #define RC_HierarchyChangeAuth_authHandle (TPM_RC_H + TPM_RC_1) #define RC_HierarchyChangeAuth_newAuth (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_HierarchyChangeAuth( HierarchyChangeAuth_In *in // IN: input parameter list ); #endif ./utils/tss2/PolicySigned_fp.h0000644000175000017500000001040213013664115014442 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicySigned_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYSIGNED_FP_H #define POLICYSIGNED_FP_H typedef struct { TPMI_DH_OBJECT authObject; TPMI_SH_POLICY policySession; TPM2B_NONCE nonceTPM; TPM2B_DIGEST cpHashA; TPM2B_NONCE policyRef; INT32 expiration; TPMT_SIGNATURE auth; } PolicySigned_In; #define RC_PolicySigned_authObject (TPM_RC_H + TPM_RC_1) #define RC_PolicySigned_policySession (TPM_RC_H + TPM_RC_2) #define RC_PolicySigned_nonceTPM (TPM_RC_P + TPM_RC_1) #define RC_PolicySigned_cpHashA (TPM_RC_P + TPM_RC_2) #define RC_PolicySigned_policyRef (TPM_RC_P + TPM_RC_3) #define RC_PolicySigned_expiration (TPM_RC_P + TPM_RC_4) #define RC_PolicySigned_auth (TPM_RC_P + TPM_RC_5) typedef struct { TPM2B_TIMEOUT timeout; TPMT_TK_AUTH policyTicket; } PolicySigned_Out; TPM_RC TPM2_PolicySigned( PolicySigned_In *in, // IN: input parameter list PolicySigned_Out *out // OUT: output parameter list ); #endif ./utils/tss2/ChangePPS_fp.h0000644000175000017500000000713712742246532013643 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ChangePPS_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CHANGEPPS_FP_H #define CHANGEPPS_FP_H typedef struct { TPMI_RH_PLATFORM authHandle; } ChangePPS_In; #define RC_ChangePPS_authHandle (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_ChangePPS( ChangePPS_In *in // IN: input parameter list ); #endif ./utils/tss2/ObjectChangeAuth_fp.h0000644000175000017500000000774012742246532015231 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ObjectChangeAuth_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef OBJECTCHANGEAUTH_FP_H #define OBJECTCHANGEAUTH_FP_H typedef struct { TPMI_DH_OBJECT objectHandle; TPMI_DH_OBJECT parentHandle; TPM2B_AUTH newAuth; } ObjectChangeAuth_In; #define RC_ObjectChangeAuth_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_ObjectChangeAuth_parentHandle (TPM_RC_H + TPM_RC_2) #define RC_ObjectChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) typedef struct { TPM2B_PRIVATE outPrivate; } ObjectChangeAuth_Out; TPM_RC TPM2_ObjectChangeAuth( ObjectChangeAuth_In *in, // IN: input parameter list ObjectChangeAuth_Out *out // OUT: output parameter list ); #endif ./utils/tss2/Rewrap_fp.h0000644000175000017500000001006412742246532013324 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Rewrap_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef REWRAP_FP_H #define REWRAP_FP_H typedef struct { TPMI_DH_OBJECT oldParent; TPMI_DH_OBJECT newParent; TPM2B_PRIVATE inDuplicate; TPM2B_NAME name; TPM2B_ENCRYPTED_SECRET inSymSeed; } Rewrap_In; #define RC_Rewrap_oldParent (TPM_RC_H + TPM_RC_1) #define RC_Rewrap_newParent (TPM_RC_H + TPM_RC_2) #define RC_Rewrap_inDuplicate (TPM_RC_P + TPM_RC_1) #define RC_Rewrap_name (TPM_RC_P + TPM_RC_2) #define RC_Rewrap_inSymSeed (TPM_RC_P + TPM_RC_3) typedef struct { TPM2B_PRIVATE outDuplicate; TPM2B_ENCRYPTED_SECRET outSymSeed; } Rewrap_Out; TPM_RC TPM2_Rewrap( Rewrap_In *in, // IN: input parameter list Rewrap_Out *out // OUT: output parameter list ); #endif ./utils/tss2/SetCommandCodeAuditStatus_fp.h0000644000175000017500000000772212742246532017113 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: SetCommandCodeAuditStatus_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SETCOMMANDCODEAUDITSTATUS_FP_H #define SETCOMMANDCODEAUDITSTATUS_FP_H typedef struct { TPMI_RH_PROVISION auth; TPMI_ALG_HASH auditAlg; TPML_CC setList; TPML_CC clearList; } SetCommandCodeAuditStatus_In; #define RC_SetCommandCodeAuditStatus_auth (TPM_RC_H + TPM_RC_1) #define RC_SetCommandCodeAuditStatus_auditAlg (TPM_RC_P + TPM_RC_1) #define RC_SetCommandCodeAuditStatus_setList (TPM_RC_P + TPM_RC_2) #define RC_SetCommandCodeAuditStatus_clearList (TPM_RC_P + TPM_RC_3) TPM_RC TPM2_SetCommandCodeAuditStatus( SetCommandCodeAuditStatus_In *in // IN: input parameter list ); #endif ./utils/tss2/RSA_Encrypt_fp.h0000644000175000017500000000775212742246532014227 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: RSA_Encrypt_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef RSA_ENCRYPT_FP_H #define RSA_ENCRYPT_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_PUBLIC_KEY_RSA message; TPMT_RSA_DECRYPT inScheme; TPM2B_DATA label; } RSA_Encrypt_In; #define RC_RSA_Encrypt_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_RSA_Encrypt_message (TPM_RC_P + TPM_RC_1) #define RC_RSA_Encrypt_inScheme (TPM_RC_P + TPM_RC_2) #define RC_RSA_Encrypt_label (TPM_RC_P + TPM_RC_3) typedef struct { TPM2B_PUBLIC_KEY_RSA outData; } RSA_Encrypt_Out; TPM_RC TPM2_RSA_Encrypt( RSA_Encrypt_In *in, // IN: input parameter list RSA_Encrypt_Out *out // OUT: output parameter list ); #endif ./utils/tss2/TPMB.h0000644000175000017500000001133613013664115012135 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: TPMB.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2016 */ /* */ /********************************************************************************/ #ifndef TPMB_H #define TPMB_H /* 5.20 TPMB.h */ /* This file contains extra TPM2B structures */ #ifndef _TPMB_H #define _TPMB_H /* TPM2B Types */ typedef struct { UINT16 size; BYTE buffer[1]; } TPM2B, *P2B; typedef const TPM2B *PC2B; /* This macro helps avoid having to type in the structure in order to create a new TPM2B type that is used in a function. */ #define TPM2B_TYPE(name, bytes) \ typedef union { \ struct { \ UINT16 size; \ BYTE buffer[(bytes)]; \ } t; \ TPM2B b; \ } TPM2B_##name /* This macro defines a TPM2B with a constant character value. This macro sets the size of the string to the size minus the terminating zero byte. This lets the user of the label add their terminating 0. This method is chosen so that existing code that provides a label will continue to work correctly. */ #define TPM2B_STRING(name, value) \ static const union { \ struct { \ UINT16 size; \ BYTE buffer[sizeof(value)]; \ } t; \ TPM2B b; \ } name##_ = {{sizeof(value), {value}}}; \ const TPM2B *name = &name##_.b /* Macro to to instance and initialize a TPM2B value */ #define TPM2B_INIT(TYPE, name) \ TPM2B_##TYPE name = {sizeof(name.t.buffer), {0}} #define TPM2B_BYTE_VALUE(bytes) TPM2B_TYPE(bytes##_BYTE_VALUE, bytes) #endif #endif ./utils/tss2/PolicyAuthorize_fp.h0000644000175000017500000000776612742246532015235 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyAuthorize_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYAUTHORIZE_FP_H #define POLICYAUTHORIZE_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST approvedPolicy; TPM2B_NONCE policyRef; TPM2B_NAME keySign; TPMT_TK_VERIFIED checkTicket; } PolicyAuthorize_In; #define RC_PolicyAuthorize_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyAuthorize_approvedPolicy (TPM_RC_P + TPM_RC_1) #define RC_PolicyAuthorize_policyRef (TPM_RC_P + TPM_RC_2) #define RC_PolicyAuthorize_keySign (TPM_RC_P + TPM_RC_3) #define RC_PolicyAuthorize_checkTicket (TPM_RC_P + TPM_RC_4) TPM_RC TPM2_PolicyAuthorize( PolicyAuthorize_In *in // IN: input parameter list ); #endif ./utils/tss2/StartAuthSession_fp.h0000644000175000017500000001056512742246532015355 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: StartAuthSession_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef STARTAUTHSESSION_FP_H #define STARTAUTHSESSION_FP_H typedef struct { TPMI_DH_OBJECT tpmKey; TPMI_DH_ENTITY bind; TPM2B_NONCE nonceCaller; TPM2B_ENCRYPTED_SECRET encryptedSalt; TPM_SE sessionType; TPMT_SYM_DEF symmetric; TPMI_ALG_HASH authHash; } StartAuthSession_In; typedef struct { TPMI_SH_AUTH_SESSION sessionHandle; TPM2B_NONCE nonceTPM; } StartAuthSession_Out; #define RC_StartAuthSession_tpmKey (TPM_RC_H + TPM_RC_1) #define RC_StartAuthSession_bind (TPM_RC_H + TPM_RC_2) #define RC_StartAuthSession_nonceCaller (TPM_RC_P + TPM_RC_1) #define RC_StartAuthSession_encryptedSalt (TPM_RC_P + TPM_RC_2) #define RC_StartAuthSession_sessionType (TPM_RC_P + TPM_RC_3) #define RC_StartAuthSession_symmetric (TPM_RC_P + TPM_RC_4) #define RC_StartAuthSession_authHash (TPM_RC_P + TPM_RC_5) TPM_RC TPM2_StartAuthSession( StartAuthSession_In *in, // IN: input parameter buffer StartAuthSession_Out *out // OUT: output parameter buffer ); #endif ./utils/tss2/CertifyCreation_fp.h0000644000175000017500000001043012742246532015153 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: CertifyCreation_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CERTIFYCREATION_FP_H #define CERTIFYCREATION_FP_H typedef struct { TPMI_DH_OBJECT signHandle; TPMI_DH_OBJECT objectHandle; TPM2B_DATA qualifyingData; TPM2B_DIGEST creationHash; TPMT_SIG_SCHEME inScheme; TPMT_TK_CREATION creationTicket; } CertifyCreation_In; #define RC_CertifyCreation_signHandle (TPM_RC_H + TPM_RC_1) #define RC_CertifyCreation_objectHandle (TPM_RC_H + TPM_RC_2) #define RC_CertifyCreation_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_CertifyCreation_creationHash (TPM_RC_P + TPM_RC_2) #define RC_CertifyCreation_inScheme (TPM_RC_P + TPM_RC_3) #define RC_CertifyCreation_creationTicket (TPM_RC_P + TPM_RC_4) typedef struct { TPM2B_ATTEST certifyInfo; TPMT_SIGNATURE signature; } CertifyCreation_Out; TPM_RC TPM2_CertifyCreation( CertifyCreation_In *in, // IN: input parameter list CertifyCreation_Out *out // OUT: output parameter list ); #endif ./utils/tss2/CreateLoaded_fp.h0000644000175000017500000001000713013664115014366 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: CreateLoaded_fp.h 803 2016-11-15 20:19:26Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ #ifndef CREATELOADED_FP_H #define CREATELOADED_FP_H /* rev 136 */ typedef struct { TPMI_DH_PARENT parentHandle; TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_TEMPLATE inPublic; } CreateLoaded_In; #define RC_CreateLoaded_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_CreateLoaded_inSensitive (TPM_RC_P + TPM_RC_1) #define RC_CreateLoaded_inPublic (TPM_RC_P + TPM_RC_2) typedef struct { TPM_HANDLE objectHandle; TPM2B_PRIVATE outPrivate; TPM2B_PUBLIC outPublic; TPM2B_NAME name; } CreateLoaded_Out; TPM_RC TPM2_CreateLoaded( CreateLoaded_In *in, // IN: input parameter list CreateLoaded_Out *out // OUT: output parameter list ); #endif ./utils/tss2/tssresponsecode.h0000644000175000017500000000511413115776262014625 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Response Code Printer */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssresponsecode.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a semi-public header. The API likely to be stable, but the format and text output are subject to change It is useful for application debug. */ #ifndef TSSRESPONSECODE_H #define TSSRESPONSECODE_H #ifndef TPM_TSS #define TPM_TSS #endif #include #ifdef __cplusplus extern "C" { #endif LIB_EXPORT void TSS_ResponseCode_toString(const char **msg, const char **submsg, const char **num, TPM_RC rc); #ifdef __cplusplus } #endif #endif ./utils/tss2/PolicyPCR_fp.h0000644000175000017500000000740312742246532013673 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyPCR_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYPCR_FP_H #define POLICYPCR_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST pcrDigest; TPML_PCR_SELECTION pcrs; } PolicyPCR_In; #define RC_PolicyPCR_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyPCR_pcrDigest (TPM_RC_P + TPM_RC_1) #define RC_PolicyPCR_pcrs (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_PolicyPCR( PolicyPCR_In *in // IN: input parameter list ); #endif ./utils/tss2/HierarchyControl_fp.h0000644000175000017500000000746612742246532015357 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: HierarchyControl_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef HIERARCHYCONTROL_FP_H #define HIERARCHYCONTROL_FP_H typedef struct { TPMI_RH_HIERARCHY authHandle; TPMI_RH_ENABLES enable; TPMI_YES_NO state; } HierarchyControl_In; #define RC_HierarchyControl_authHandle (TPM_RC_H + TPM_RC_1) #define RC_HierarchyControl_enable (TPM_RC_P + TPM_RC_1) #define RC_HierarchyControl_state (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_HierarchyControl( HierarchyControl_In *in // IN: input parameter list ); #endif ./utils/tss2/Load_fp.h0000644000175000017500000000754113013664115012742 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Load_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef LOAD_FP_H #define LOAD_FP_H typedef struct { TPMI_DH_OBJECT parentHandle; TPM2B_PRIVATE inPrivate; TPM2B_PUBLIC inPublic; } Load_In; #define RC_Load_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_Load_inPrivate (TPM_RC_P + TPM_RC_1) #define RC_Load_inPublic (TPM_RC_P + TPM_RC_2) typedef struct { TPM_HANDLE objectHandle; TPM2B_NAME name; } Load_Out; TPM_RC TPM2_Load( Load_In *in, // IN: input parameter list Load_Out *out // OUT: output parameter list ); #endif ./utils/tss2/ChangeEPS_fp.h0000644000175000017500000000713712742246532013630 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ChangeEPS_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CHANGEEPS_FP_H #define CHANGEEPS_FP_H typedef struct { TPMI_RH_PLATFORM authHandle; } ChangeEPS_In; #define RC_ChangeEPS_authHandle (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_ChangeEPS( ChangeEPS_In *in // IN: input parameter list ); #endif ./utils/tss2/EC_Ephemeral_fp.h0000644000175000017500000000737313013664115014337 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: EC_Ephemeral_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef EC_EPHEMERAL_FP_H #define EC_EPHEMERAL_FP_H typedef struct { TPMI_ECC_CURVE curveID; } EC_Ephemeral_In; #define RC_EC_Ephemeral_curveID (TPM_RC_P + TPM_RC_1) typedef struct { TPM2B_ECC_POINT Q; UINT16 counter; } EC_Ephemeral_Out; TPM_RC TPM2_EC_Ephemeral( EC_Ephemeral_In *in, // IN: input parameter list EC_Ephemeral_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyTemplate_fp.h0000644000175000017500000000734513013664115015020 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyTemplate_fp.h 803 2016-11-15 20:19:26Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015, 2016 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYTEMPLATE_FP_H #define POLICYTEMPLATE_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST templateHash; } PolicyTemplate_In; #define RC_PolicyTemplate_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyTemplate_templateHash (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PolicyTemplate( PolicyTemplate_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_UndefineSpaceSpecial_fp.h0000644000175000017500000000741712742246532016511 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_UndefineSpaceSpecial_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_UNDEFINESPACESPECIAL_FP_H #define NV_UNDEFINESPACESPECIAL_FP_H typedef struct { TPMI_RH_NV_INDEX nvIndex; TPMI_RH_PLATFORM platform; } NV_UndefineSpaceSpecial_In; #define RC_NV_UndefineSpaceSpecial_nvIndex (TPM_RC_H + TPM_RC_1) #define RC_NV_UndefineSpaceSpecial_platform (TPM_RC_H + TPM_RC_2) TPM_RC TPM2_NV_UndefineSpaceSpecial( NV_UndefineSpaceSpecial_In *in // IN: input parameter list ); #endif ./utils/tss2/StirRandom_fp.h0000644000175000017500000000712412742246532014151 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: StirRandom_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef STIRRANDOM_FP_H #define STIRRANDOM_FP_H typedef struct { TPM2B_SENSITIVE_DATA inData; } StirRandom_In; #define RC_StirRandom_inData (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_StirRandom( StirRandom_In *in // IN: input parameter list ); #endif ./utils/tss2/PolicyPassword_fp.h0000644000175000017500000000720012742246532015044 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyPassword_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYPASSWORD_FP_H #define POLICYPASSWORD_FP_H typedef struct { TPMI_SH_POLICY policySession; } PolicyPassword_In; #define RC_PolicyPassword_policySession (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_PolicyPassword( PolicyPassword_In *in // IN: input parameter list ); #endif ./utils/tss2/ReadClock_fp.h0000644000175000017500000000705212742246532013716 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ReadClock_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef READCLOCK_FP_H #define READCLOCK_FP_H typedef struct { TPMS_TIME_INFO currentTime; } ReadClock_Out; TPM_RC TPM2_ReadClock( ReadClock_Out *out // OUT: output parameter list ); #endif ./utils/tss2/Startup_fp.h0000644000175000017500000000715013013664115013521 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Startup_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef STARTUP_FP_H #define STARTUP_FP_H void _TPM_Init( void ); typedef struct { TPM_SU startupType; } Startup_In; #define RC_Startup_startupType (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_Startup( Startup_In *in // IN: input parameter list ); #endif ./utils/tss2/PolicyAuthValue_fp.h0000644000175000017500000000721012742246532015141 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyAuthValue_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYAUTHVALUE_FP_H #define POLICYAUTHVALUE_FP_H typedef struct { TPMI_SH_POLICY policySession; } PolicyAuthValue_In; #define RC_PolicyAuthValue_policySession (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_PolicyAuthValue( PolicyAuthValue_In *in // IN: input parameter list ); #endif ./utils/tss2/BaseTypes.h0000644000175000017500000000747713013664115013305 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: BaseTypes.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2016 */ /* */ /********************************************************************************/ /* 5.2 BaseTypes.h */ #ifndef BASETYPES_H #define BASETYPES_H #include /* NULL definition */ #ifndef NULL #define NULL (0) #endif typedef uint8_t UINT8; typedef uint8_t BYTE; typedef int8_t INT8; typedef int BOOL; typedef uint16_t UINT16; typedef int16_t INT16; typedef uint32_t UINT32; typedef int32_t INT32; typedef uint64_t UINT64; typedef int64_t INT64; #endif ./utils/tss2/PolicyRestart_fp.h0000644000175000017500000000717012742246532014674 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyRestart_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYRESTART_FP_H #define POLICYRESTART_FP_H typedef struct { TPMI_SH_POLICY sessionHandle; } PolicyRestart_In; #define RC_PolicyRestart_sessionHandle (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_PolicyRestart( PolicyRestart_In *in // IN: input parameter list ); #endif ./utils/tss2/Hash_fp.h0000644000175000017500000000754213013664115012747 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Hash_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef HASH_FP_H #define HASH_FP_H typedef struct { TPM2B_MAX_BUFFER data; TPMI_ALG_HASH hashAlg; TPMI_RH_HIERARCHY hierarchy; } Hash_In; #define RC_Hash_data (TPM_RC_P + TPM_RC_1) #define RC_Hash_hashAlg (TPM_RC_P + TPM_RC_2) #define RC_Hash_hierarchy (TPM_RC_P + TPM_RC_3) typedef struct { TPM2B_DIGEST outHash; TPMT_TK_HASHCHECK validation; } Hash_Out; TPM_RC TPM2_Hash( Hash_In *in, // IN: input parameter list Hash_Out *out // OUT: output parameter list ); #endif ./utils/tss2/HashSequenceStart_fp.h0000644000175000017500000000757412742246532015472 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: HashSequenceStart_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef HASHSEQUENCESTART_FP_H #define HASHSEQUENCESTART_FP_H typedef struct { TPM2B_AUTH auth; TPMI_ALG_HASH hashAlg; } HashSequenceStart_In; #define RC_HashSequenceStart_auth (TPM_RC_P + TPM_RC_1) #define RC_HashSequenceStart_hashAlg (TPM_RC_P + TPM_RC_2) typedef struct { TPMI_DH_OBJECT sequenceHandle; } HashSequenceStart_Out; TPM_RC TPM2_HashSequenceStart( HashSequenceStart_In *in, // IN: input parameter list HashSequenceStart_Out *out // OUT: output parameter list ); #endif ./utils/tss2/Sign_fp.h0000644000175000017500000000763213013664115012764 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Sign_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SIGN_FP_H #define SIGN_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_DIGEST digest; TPMT_SIG_SCHEME inScheme; TPMT_TK_HASHCHECK validation; } Sign_In; #define RC_Sign_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_Sign_digest (TPM_RC_P + TPM_RC_1) #define RC_Sign_inScheme (TPM_RC_P + TPM_RC_2) #define RC_Sign_validation (TPM_RC_P + TPM_RC_3) typedef struct { TPMT_SIGNATURE signature; } Sign_Out; TPM_RC TPM2_Sign( Sign_In *in, // IN: input parameter list Sign_Out *out // OUT: output parameter list ); #endif ./utils/tss2/ReadPublic_fp.h0000644000175000017500000000741612742246532014105 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ReadPublic_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef READPUBLIC_FP_H #define READPUBLIC_FP_H typedef struct { TPMI_DH_OBJECT objectHandle; } ReadPublic_In; #define RC_ReadPublic_objectHandle (TPM_RC_H + TPM_RC_1) typedef struct { TPM2B_PUBLIC outPublic; TPM2B_NAME name; TPM2B_NAME qualifiedName; } ReadPublic_Out; TPM_RC TPM2_ReadPublic( ReadPublic_In *in, // IN: input parameter list ReadPublic_Out *out // OUT: output parameter list ); #endif ./utils/tss2/ECDH_ZGen_fp.h0000644000175000017500000000746412742246532013524 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ECDH_ZGen_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef ECDH_ZGEN_FP_H #define ECDH_ZGEN_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_ECC_POINT inPoint; } ECDH_ZGen_In; #define RC_ECDH_ZGen_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_ECDH_ZGen_inPoint (TPM_RC_P + TPM_RC_1) typedef struct { TPM2B_ECC_POINT outPoint; } ECDH_ZGen_Out; TPM_RC TPM2_ECDH_ZGen( ECDH_ZGen_In *in, // IN: input parameter list ECDH_ZGen_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyNameHash_fp.h0000644000175000017500000000732512742246532014736 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyNameHash_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYNAMEHASH_FP_H #define POLICYNAMEHASH_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_DIGEST nameHash; } PolicyNameHash_In; #define RC_PolicyNameHash_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyNameHash_nameHash (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PolicyNameHash( PolicyNameHash_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_Write_fp.h0000644000175000017500000000747112742246532013571 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_Write_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_WRITE_FP_H #define NV_WRITE_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPM2B_MAX_NV_BUFFER data; UINT16 offset; } NV_Write_In; #define RC_NV_Write_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Write_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_NV_Write_data (TPM_RC_P + TPM_RC_1) #define RC_NV_Write_offset (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_NV_Write( NV_Write_In *in // IN: input parameter list ); #endif ./utils/tss2/GetRandom_fp.h0000644000175000017500000000734412742246532013753 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: GetRandom_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef GETRANDOM_FP_H #define GETRANDOM_FP_H typedef struct { UINT16 bytesRequested; } GetRandom_In; #define RC_GetRandom_bytesRequested (TPM_RC_P + TPM_RC_1) typedef struct { TPM2B_DIGEST randomBytes; } GetRandom_Out; TPM_RC TPM2_GetRandom( GetRandom_In *in, // IN: input parameter list GetRandom_Out *out // OUT: output parameter list ); #endif ./utils/tss2/GetCommandAuditDigest_fp.h0000644000175000017500000001021412742246532016226 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: GetCommandAuditDigest_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef GETCOMMANDAUDITDIGEST_FP_H #define GETCOMMANDAUDITDIGEST_FP_H typedef struct { TPMI_RH_ENDORSEMENT privacyHandle; TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } GetCommandAuditDigest_In; #define RC_GetCommandAuditDigest_privacyHandle (TPM_RC_H + TPM_RC_1) #define RC_GetCommandAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) #define RC_GetCommandAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_GetCommandAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_ATTEST auditInfo; TPMT_SIGNATURE signature; } GetCommandAuditDigest_Out; TPM_RC TPM2_GetCommandAuditDigest( GetCommandAuditDigest_In *in, // IN: input parameter list GetCommandAuditDigest_Out *out // OUT: output parameter list ); #endif ./utils/tss2/TestParms_fp.h0000644000175000017500000000714012742246532014007 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: TestParms_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef TESTPARMS_FP_H #define TESTPARMS_FP_H typedef struct { TPMT_PUBLIC_PARMS parameters; } TestParms_In; #define RC_TestParms_parameters (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_TestParms( TestParms_In *in // IN: input parameter list ); #endif ./utils/tss2/tsserror.h0000644000175000017500000001623313115776262013271 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Error Codes */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tsserror.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a public header. That defines TSS error codes. tss.h includes it for convenience. */ #ifndef TSSERROR_H #define TSSERROR_H /* the base for these errors is 11 << 16 = 000bxxxx */ #define TSS_RC_OUT_OF_MEMORY 0x000b0001 /* Out of memory,(malloc failed) */ #define TSS_RC_ALLOC_INPUT 0x000b0002 /* The input to an allocation is not NULL */ #define TSS_RC_MALLOC_SIZE 0x000b0003 /* The malloc size is too large or zero */ #define TSS_RC_INSUFFICIENT_BUFFER 0x000b0004 /* A buffer was insufficient for a copy */ #define TSS_RC_BAD_PROPERTY 0x000b0005 /* The property parameter is out of range */ #define TSS_RC_BAD_PROPERTY_VALUE 0x000b0006 /* The property value is invalid */ #define TSS_RC_INSUPPORTED_INTERFACE 0x000b0007 /* The TPM interface type is not supported */ #define TSS_RC_NO_CONNECTION 0x000b0008 /* Failure connecting to lower layer */ #define TSS_RC_BAD_CONNECTION 0x000b0009 /* Failure communicating with lower layer */ #define TSS_RC_MALFORMED_RESPONSE 0x000b000a /* A response packet was fundamentally malformed */ #define TSS_RC_NULL_PARAMETER 0x000b000b /* A required parameter was NULL */ #define TSS_RC_NOT_IMPLEMENTED 0x000b000c /* TSS function is not implemented */ #define TSS_RC_FILE_OPEN 0x000b0010 /* The file could not be opened */ #define TSS_RC_FILE_SEEK 0x000b0011 /* A file seek failed */ #define TSS_RC_FILE_FTELL 0x000b0012 /* A file ftell failed */ #define TSS_RC_FILE_READ 0x000b0013 /* A file read failed */ #define TSS_RC_FILE_CLOSE 0x000b0014 /* A file close failed */ #define TSS_RC_FILE_WRITE 0x000b0015 /* A file write failed */ #define TSS_RC_FILE_REMOVE 0x000b0016 /* A file remove failed */ #define TSS_RC_RNG_FAILURE 0x000b0020 /* Random number generator failed */ #define TSS_RC_BAD_PWAP_NONCE 0x000b0030 /* Bad PWAP response nonce */ #define TSS_RC_BAD_PWAP_ATTRIBUTES 0x000b0031 /* Bad PWAP response attributes */ #define TSS_RC_BAD_PWAP_HMAC 0x000b0032 /* Bad PWAP response HMAC */ #define TSS_RC_NAME_NOT_IMPLEMENTED 0x000b0040 /* Name calculation not implemented for handle type */ #define TSS_RC_MALFORMED_NV_PUBLIC 0x000b0041 /* The NV public structure does not match the name */ #define TSS_RC_NAME_FILENAME 0x000b0042 /* The name filename function has inconsistent arguments */ #define TSS_RC_MALFORMED_PUBLIC 0x000b0043 /* The public structure does not match the name */ #define TSS_RC_DECRYPT_SESSIONS 0x000b0050 /* More than one command decrypt session */ #define TSS_RC_ENCRYPT_SESSIONS 0x000b0051 /* More than one response encrypt session */ #define TSS_RC_NO_DECRYPT_PARAMETER 0x000b0052 /* Command has no decrypt parameter */ #define TSS_RC_NO_ENCRYPT_PARAMETER 0x000b0053 /* Response has no encrypt parameter */ #define TSS_RC_BAD_DECRYPT_ALGORITHM 0x000b0054 /* Session had an unimplemented decrypt symmetric algorithm */ #define TSS_RC_BAD_ENCRYPT_ALGORITHM 0x000b0055 /* Session had an unimplemented encrypt symmetric algorithm */ #define TSS_RC_AES_ENCRYPT_FAILURE 0x000b0056 /* AES encryption failed */ #define TSS_RC_AES_DECRYPT_FAILURE 0x000b0057 /* AES decryption failed */ #define TSS_RC_BAD_ENCRYPT_SIZE 0x000b0058 /* Parameter encryption size mismatch */ #define TSS_RC_AES_KEYGEN_FAILURE 0x000b0059 /* AES key generation failed */ #define TSS_RC_BAD_SALT_KEY 0x000b0060 /* tpmKey is unsuitable for salt */ #define TSS_RC_KDFA_FAILED 0x000b0070 /* KDFa function failed */ #define TSS_RC_HMAC 0x000b0071 /* An HMAC calculation failed */ #define TSS_RC_HMAC_SIZE 0x000b0072 /* Response HMAC is the wrong size */ #define TSS_RC_HMAC_VERIFY 0x000b0073 /* HMAC does not verify */ #define TSS_RC_BAD_HASH_ALGORITHM 0x000b0074 /* Unimplemented hash algorithm */ #define TSS_RC_HASH 0x000b0075 /* A hash calculation failed */ #define TSS_RC_RSA_KEY_CONVERT 0x000b0076 /* RSA key conversion failed */ #define TSS_RC_RSA_PADDING 0x000b0077 /* RSA add padding failed */ #define TSS_RC_RSA_ENCRYPT 0x000b0078 /* RSA public encrypt failed */ #define TSS_RC_BIGNUM 0x000b0079 /* BIGNUM operation failed */ #define TSS_RC_RSA_SIGNATURE 0x000b007a /* RSA signature is bad */ #define TSS_RC_EC_SIGNATURE 0x000b007b /* EC signature is bad */ #define TSS_RC_EC_KEY_CONVERT 0x000b007c /* EC key conversion failed */ #define TSS_RC_BAD_SIGNATURE_ALGORITHM 0x000b007d /* Unimplemented signature algorithm */ #define TSS_RC_X509_ERROR 0x000b007e /* X509 parse error */ #define TSS_RC_COMMAND_UNIMPLEMENTED 0x000b0080 /* Unimplemented command */ #define TSS_RC_IN_PARAMETER 0x000b0081 /* Bad in parameter to TSS_Execute */ #define TSS_RC_OUT_PARAMETER 0x000b0082 /* Bad out parameter to TSS_Execute */ #define TSS_RC_BAD_HANDLE_NUMBER 0x000b0083 /* Bad handle number for this command */ #define TSS_RC_KDFE_FAILED 0x000b0084 /* KDFe function failed */ #define TSS_RC_EC_EPHEMERAL_FAILURE 0x000b0085 /* Failed while making or using EC ephemeral key */ #define TSS_RC_NO_SESSION_SLOT 0x000b0090 /* TSS context has no session slot for handle */ #define TSS_RC_NO_OBJECTPUBLIC_SLOT 0x000b0091 /* TSS context has no object public slot for handle */ #define TSS_RC_NO_NVPUBLIC_SLOT 0x000b0092 /* TSS context has no NV public slot for handle */ #endif ./utils/tss2/PolicyNvWritten_fp.h0000644000175000017500000000734312742246532015212 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyNvWritten_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYNVWRITTEN_FP_H #define POLICYNVWRITTEN_FP_H typedef struct { TPMI_SH_POLICY policySession; TPMI_YES_NO writtenSet; } PolicyNvWritten_In; #define RC_PolicyNvWritten_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyNvWritten_writtenSet (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PolicyNvWritten( PolicyNvWritten_In *in // IN: input parameter list ); #endif ./utils/tss2/SequenceUpdate_fp.h0000644000175000017500000000733112742246532015002 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: SequenceUpdate_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SEQUENCEUPDATE_FP_H #define SEQUENCEUPDATE_FP_H typedef struct { TPMI_DH_OBJECT sequenceHandle; TPM2B_MAX_BUFFER buffer; } SequenceUpdate_In; #define RC_SequenceUpdate_sequenceHandle (TPM_RC_P + TPM_RC_1) #define RC_SequenceUpdate_buffer (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_SequenceUpdate( SequenceUpdate_In *in // IN: input parameter list ); #endif ./utils/tss2/Quote_fp.h0000644000175000017500000000771412742246532013171 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Quote_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef QUOTE_FP_H #define QUOTE_FP_H typedef struct { TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; TPML_PCR_SELECTION PCRselect; } Quote_In; #define RC_Quote_signHandle (TPM_RC_H + TPM_RC_1) #define RC_Quote_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_Quote_inScheme (TPM_RC_P + TPM_RC_2) #define RC_Quote_PCRselect (TPM_RC_P + TPM_RC_3) typedef struct { TPM2B_ATTEST quoted; TPMT_SIGNATURE signature; } Quote_Out; TPM_RC TPM2_Quote( Quote_In *in, // IN: input parameter list Quote_Out *out // OUT: output parameter list ); #endif ./utils/tss2/ContextSave_fp.h0000644000175000017500000000735012742246532014333 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ContextSave_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CONTEXTSAVE_FP_H #define CONTEXTSAVE_FP_H typedef struct { TPMI_DH_CONTEXT saveHandle; } ContextSave_In; #define RC_ContextSave_saveHandle (TPM_RC_P + TPM_RC_1) typedef struct { TPMS_CONTEXT context; } ContextSave_Out; TPM_RC TPM2_ContextSave( ContextSave_In *in, // IN: input parameter list ContextSave_Out *out // OUT: output parameter list ); #endif ./utils/tss2/ECC_Parameters_fp.h0000644000175000017500000000741712742246532014651 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ECC_Parameters_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef ECC_PARAMETERS_FP_H #define ECC_PARAMETERS_FP_H typedef struct { TPMI_ECC_CURVE curveID; } ECC_Parameters_In; #define RC_ECC_Parameters_curveID (TPM_RC_P + TPM_RC_1) typedef struct { TPMS_ALGORITHM_DETAIL_ECC parameters; } ECC_Parameters_Out; TPM_RC TPM2_ECC_Parameters( ECC_Parameters_In *in, // IN: input parameter list ECC_Parameters_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PCR_SetAuthPolicy_fp.h0000644000175000017500000000763512742246532015337 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PCR_SetAuthPolicy_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef PCR_SETAUTHPOLICY_FP_H #define PCR_SETAUTHPOLICY_FP_H typedef struct { TPMI_RH_PLATFORM authHandle; TPM2B_DIGEST authPolicy; TPMI_ALG_HASH hashAlg; TPMI_DH_PCR pcrNum; } PCR_SetAuthPolicy_In; #define RC_PCR_SetAuthPolicy_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_SetAuthPolicy_authPolicy (TPM_RC_P + TPM_RC_1) #define RC_PCR_SetAuthPolicy_hashAlg (TPM_RC_P + TPM_RC_2) #define RC_PCR_SetAuthPolicy_pcrNum (TPM_RC_P + TPM_RC_3) TPM_RC TPM2_PCR_SetAuthPolicy( PCR_SetAuthPolicy_In *in // IN: input parameter list ); #endif ./utils/tss2/IncrementalSelfTest_fp.h0000644000175000017500000000744012742246532016003 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: IncrementalSelfTest_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef INCREMENTALSELFTEST_FP_H #define INCREMENTALSELFTEST_FP_H typedef struct{ TPML_ALG toTest; } IncrementalSelfTest_In; typedef struct{ TPML_ALG toDoList; } IncrementalSelfTest_Out; #define RC_IncrementalSelfTest_toTest (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_IncrementalSelfTest( IncrementalSelfTest_In *in, // IN: input parameter list IncrementalSelfTest_Out *out // OUT: output parameter list ); #endif ./utils/tss2/tss.h0000644000175000017500000000652513115776262012222 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Primary API */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id:tss.h 656 2016-06-28 16:49:29Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef TSS_H #define TSS_H #ifndef TPM_TSS #define TPM_TSS #endif #include #include /* include this as a convenience to applications */ #include #include typedef struct TSS_CONTEXT TSS_CONTEXT; #define TPM_TRACE_LEVEL 1 #define TPM_DATA_DIR 2 #define TPM_COMMAND_PORT 3 #define TPM_PLATFORM_PORT 4 #define TPM_SERVER_NAME 5 #define TPM_INTERFACE_TYPE 6 #define TPM_DEVICE 7 #define TPM_ENCRYPT_SESSIONS 8 #define TPM_SERVER_TYPE 9 #ifdef __cplusplus extern "C" { #endif /* extra parameters as required */ typedef struct { const char *bindPassword; TPM2B_DIGEST salt; } StartAuthSession_Extra; typedef union { StartAuthSession_Extra StartAuthSession; } EXTRA_PARAMETERS; LIB_EXPORT TPM_RC TSS_Create(TSS_CONTEXT **tssContext); LIB_EXPORT TPM_RC TSS_Delete(TSS_CONTEXT *tssContext); LIB_EXPORT TPM_RC TSS_Execute(TSS_CONTEXT *tssContext, RESPONSE_PARAMETERS *out, COMMAND_PARAMETERS *in, EXTRA_PARAMETERS *extra, TPM_CC commandCode, ...); LIB_EXPORT TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext, int property, const char *value); #ifdef __cplusplus } #endif #endif ./utils/tss2/ClockSet_fp.h0000644000175000017500000000722312742246532013576 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ClockSet_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CLOCKSET_FP_H #define CLOCKSET_FP_H typedef struct { TPMI_RH_PROVISION auth; UINT64 newTime; } ClockSet_In; #define RC_ClockSet_auth (TPM_RC_H + TPM_RC_1) #define RC_ClockSet_newTime (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_ClockSet( ClockSet_In *in // IN: input parameter list ); #endif ./utils/tss2/Commit_fp.h0000644000175000017500000000773712742246532013331 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Commit_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef COMMIT_FP_H #define COMMIT_FP_H typedef struct { TPMI_DH_OBJECT signHandle; TPM2B_ECC_POINT P1; TPM2B_SENSITIVE_DATA s2; TPM2B_ECC_PARAMETER y2; } Commit_In; #define RC_Commit_signHandle (TPM_RC_H + TPM_RC_1) #define RC_Commit_P1 (TPM_RC_P + TPM_RC_1) #define RC_Commit_s2 (TPM_RC_P + TPM_RC_2) #define RC_Commit_y2 (TPM_RC_P + TPM_RC_3) typedef struct { TPM2B_ECC_POINT K; TPM2B_ECC_POINT L; TPM2B_ECC_POINT E; UINT16 counter; } Commit_Out; TPM_RC TPM2_Commit( Commit_In *in, // IN: input parameter list Commit_Out *out // OUT: output parameter list ); #endif ./utils/tss2/tsscrypto.h0000644000175000017500000001174213115776262013460 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Library Dependent Crypto Support */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tsscrypto.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a semi-public header. The API should be stable, but is less guaranteed. It is useful for applications that need some basic crypto functions. */ #ifndef TSSCRYPTO_H #define TSSCRYPTO_H #include #include #include #include #include #ifndef TPM_TSS #define TPM_TSS #endif #include /* ECC salt */ typedef struct { EC_GROUP *G; BN_CTX *ctx; } CURVE_DATA; #ifdef __cplusplus extern "C" { #endif LIB_EXPORT TPM_RC TSS_Crypto_Init(void); LIB_EXPORT TPM_RC TSS_Hash_Generate_valist(TPMT_HA *digest, va_list ap); LIB_EXPORT TPM_RC TSS_HMAC_Generate_valist(TPMT_HA *digest, const TPM2B_KEY *hmacKey, va_list ap); LIB_EXPORT void TSS_XOR(unsigned char *out, const unsigned char *in1, const unsigned char *in2, size_t length); LIB_EXPORT TPM_RC TSS_RandBytes(unsigned char *buffer, uint32_t size); LIB_EXPORT TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen, const unsigned char *from, uint32_t fLen, const unsigned char *p, int plen, TPMI_ALG_HASH halg); LIB_EXPORT TPM_RC TSS_RSAPublicEncrypt(unsigned char* encrypt_data, size_t encrypt_data_size, const unsigned char *decrypt_data, size_t decrypt_data_size, unsigned char *narr, uint32_t nbytes, unsigned char *earr, uint32_t ebytes, unsigned char *p, int pl, TPMI_ALG_HASH halg); LIB_EXPORT TPM_RC TSS_RSAGeneratePublicToken(RSA **rsa_pub_key, /* freed by caller */ const unsigned char *narr, /* public modulus */ uint32_t nbytes, const unsigned char *earr, /* public exponent */ uint32_t ebytes); TPM_RC TSS_ECC_Salt(TPM2B_DIGEST *salt, TPM2B_ENCRYPTED_SECRET *encryptedSalt, TPMT_PUBLIC *publicArea); TPM_RC TSS_AES_GetEncKeySize(size_t *tssSessionEncKeySize); TPM_RC TSS_AES_GetDecKeySize(size_t *tssSessionDecKeySize); TPM_RC TSS_AES_KeyGenerate(void *tssSessionEncKey, void *tssSessionDecKey); TPM_RC TSS_AES_Encrypt(void *tssSessionEncKey, unsigned char **encrypt_data, uint32_t *encrypt_length, const unsigned char *decrypt_data, uint32_t decrypt_length); TPM_RC TSS_AES_Decrypt(void *tssSessionDecKey, unsigned char **decrypt_data, uint32_t *decrypt_length, const unsigned char *encrypt_data, uint32_t encrypt_length); TPM_RC TSS_AES_EncryptCFB(uint8_t *dOut, uint32_t keySizeInBits, uint8_t *key, uint8_t *iv, uint32_t dInSize, uint8_t *dIn); TPM_RC TSS_AES_DecryptCFB(uint8_t *dOut, uint32_t keySizeInBits, uint8_t *key, uint8_t *iv, uint32_t dInSize, uint8_t *dIn); #ifdef __cplusplus } #endif #endif ./utils/tss2/NV_Extend_fp.h0000644000175000017500000000737612742246532013732 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_Extend_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_EXTEND_FP_H #define NV_EXTEND_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPM2B_MAX_NV_BUFFER data; } NV_Extend_In; #define RC_NV_Extend_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Extend_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_NV_Extend_data (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_NV_Extend( NV_Extend_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_Increment_fp.h0000644000175000017500000000730113013664115014404 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_Increment_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_INCREMENT_FP_H #define NV_INCREMENT_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_Increment_In;; #define RC_NV_Increment_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Increment_nvIndex (TPM_RC_H + TPM_RC_2) TPM_RC TPM2_NV_Increment( NV_Increment_In *in // IN: input parameter list ); #endif ./utils/tss2/PCR_SetAuthValue_fp.h0000644000175000017500000000733012742246532015144 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PCR_SetAuthValue_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef PCR_SETAUTHVALUE_FP_H #define PCR_SETAUTHVALUE_FP_H typedef struct { TPMI_DH_PCR pcrHandle; TPM2B_DIGEST auth; } PCR_SetAuthValue_In; #define RC_PCR_SetAuthValue_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_SetAuthValue_auth (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PCR_SetAuthValue( PCR_SetAuthValue_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_GlobalWriteLock_fp.h0000644000175000017500000000722312742246532015516 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_GlobalWriteLock_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_GLOBALWRITELOCK_FP_H #define NV_GLOBALWRITELOCK_FP_H typedef struct { TPMI_RH_PROVISION authHandle; } NV_GlobalWriteLock_In; #define RC_NV_GlobalWriteLock_authHandle (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_NV_GlobalWriteLock( NV_GlobalWriteLock_In *in // IN: input parameter list ); #endif ./utils/tss2/EvictControl_fp.h0000644000175000017500000000745113013664115014476 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: EvictControl_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef EVICTCONTROL_FP_H #define EVICTCONTROL_FP_H typedef struct { TPMI_RH_PROVISION auth; TPMI_DH_OBJECT objectHandle; TPMI_DH_PERSISTENT persistentHandle; } EvictControl_In; #define RC_EvictControl_auth (TPM_RC_H + TPM_RC_1) #define RC_EvictControl_objectHandle (TPM_RC_H + TPM_RC_2) #define RC_EvictControl_persistentHandle (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_EvictControl( EvictControl_In *in // IN: input parameter list ); #endif ./utils/tss2/PolicyLocality_fp.h0000644000175000017500000000732612742246532015033 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyLocality_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYLOCALITY_FP_H #define POLICYLOCALITY_FP_H typedef struct { TPMI_SH_POLICY policySession; TPMA_LOCALITY locality; } PolicyLocality_In; #define RC_PolicyLocality_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyLocality_locality (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PolicyLocality( PolicyLocality_In *in // IN: input parameter list ); #endif ./utils/tss2/Create_fp.h0000644000175000017500000001025513013664115013262 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Create_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 137 */ #ifndef CREATE_FP_H #define CREATE_FP_H typedef struct { TPMI_DH_OBJECT parentHandle; TPM2B_SENSITIVE_CREATE inSensitive; TPM2B_PUBLIC inPublic; TPM2B_DATA outsideInfo; TPML_PCR_SELECTION creationPCR; } Create_In; #define RC_Create_parentHandle (TPM_RC_H + TPM_RC_1) #define RC_Create_inSensitive (TPM_RC_P + TPM_RC_1) #define RC_Create_inPublic (TPM_RC_P + TPM_RC_2) #define RC_Create_outsideInfo (TPM_RC_P + TPM_RC_3) #define RC_Create_creationPCR (TPM_RC_P + TPM_RC_4) typedef struct { TPM2B_PRIVATE outPrivate; TPM2B_PUBLIC outPublic; TPM2B_CREATION_DATA creationData; TPM2B_DIGEST creationHash; TPMT_TK_CREATION creationTicket; } Create_Out; TPM_RC TPM2_Create( Create_In *in, // IN: input parameter list Create_Out *out // OUT: output parameter list ); #endif ./utils/tss2/EventSequenceComplete_fp.h0000644000175000017500000001000412742246532016321 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: EventSequenceComplete_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef EVENTSEQUENCECOMPLETE_FP_H #define EVENTSEQUENCECOMPLETE_FP_H typedef struct { TPMI_DH_PCR pcrHandle; TPMI_DH_OBJECT sequenceHandle; TPM2B_MAX_BUFFER buffer; } EventSequenceComplete_In; #define RC_EventSequenceComplete_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_EventSequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_2) #define RC_EventSequenceComplete_buffer (TPM_RC_P + TPM_RC_1) typedef struct { TPML_DIGEST_VALUES results; } EventSequenceComplete_Out; TPM_RC TPM2_EventSequenceComplete( EventSequenceComplete_In *in, // IN: input parameter list EventSequenceComplete_Out *out // OUT: output parameter list ); #endif ./utils/tss2/EncryptDecrypt2_fp.h0000644000175000017500000001016513013664115015120 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: EncryptDecrypt2_fp.h 803 2016-11-15 20:19:26Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015, 2016 */ /* */ /********************************************************************************/ /* rev 134 */ #ifndef ENCRYPTDECRYPT2_FP_H #define ENCRYPTDECRYPT2_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_MAX_BUFFER inData; TPMI_YES_NO decrypt; TPMI_ALG_SYM_MODE mode; TPM2B_IV ivIn; } EncryptDecrypt2_In; #define RC_EncryptDecrypt2_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_EncryptDecrypt2_inData (TPM_RC_P + TPM_RC_1) #define RC_EncryptDecrypt2_decrypt (TPM_RC_P + TPM_RC_2) #define RC_EncryptDecrypt2_mode (TPM_RC_P + TPM_RC_3) #define RC_EncryptDecrypt2_ivIn (TPM_RC_P + TPM_RC_4) typedef struct { TPM2B_MAX_BUFFER outData; TPM2B_IV ivOut; } EncryptDecrypt2_Out; TPM_RC TPM2_EncryptDecrypt2( EncryptDecrypt2_In *in, // IN: input parameter list EncryptDecrypt2_Out *out // OUT: output parameter list ); #endif ./utils/tss2/NV_DefineSpace_fp.h0000644000175000017500000000744712742246532014650 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_DefineSpace_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_DEFINESPACE_FP_H #define NV_DEFINESPACE_FP_H typedef struct { TPMI_RH_PROVISION authHandle; TPM2B_AUTH auth; TPM2B_NV_PUBLIC publicInfo; } NV_DefineSpace_In; #define RC_NV_DefineSpace_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_DefineSpace_auth (TPM_RC_P + TPM_RC_1) #define RC_NV_DefineSpace_publicInfo (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_NV_DefineSpace( NV_DefineSpace_In *in // IN: input parameter list ); #endif ./utils/tss2/PCR_Reset_fp.h0000644000175000017500000000713012742246532013652 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PCR_Reset_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef PCR_RESET_FP_H #define PCR_RESET_FP_H typedef struct { TPMI_DH_PCR pcrHandle; } PCR_Reset_In; #define RC_PCR_Reset__pcrHandle (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_PCR_Reset( PCR_Reset_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_Read_fp.h0000644000175000017500000000764512742246532013355 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_Read_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_READ_FP_H #define NV_READ_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; UINT16 size; UINT16 offset; } NV_Read_In; #define RC_NV_Read_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Read_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_NV_Read_size (TPM_RC_P + TPM_RC_1) #define RC_NV_Read_offset (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_MAX_NV_BUFFER data; } NV_Read_Out; TPM_RC TPM2_NV_Read( NV_Read_In *in, // IN: input parameter list NV_Read_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyGetDigest_fp.h0000644000175000017500000000744112742246532015130 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyGetDigest_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYGETDIGEST_FP_H #define POLICYGETDIGEST_FP_H typedef struct { TPMI_SH_POLICY policySession; } PolicyGetDigest_In; #define RC_PolicyGetDigest_policySession (TPM_RC_P + TPM_RC_1) typedef struct { TPM2B_DIGEST policyDigest; } PolicyGetDigest_Out; TPM_RC TPM2_PolicyGetDigest( PolicyGetDigest_In *in, // IN: input parameter list PolicyGetDigest_Out *out // OUT: output parameter list ); #endif ./utils/tss2/TPM_Types.h0000644000175000017500000033767513070736653013252 0ustar lo1lo1/********************************************************************************/ /* */ /* Headers from Part 2 */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: TPM_Types.h 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2017 */ /* */ /********************************************************************************/ /* rev 124 */ #ifndef _TPM_TYPES_H #define _TPM_TYPES_H #include #include #ifdef __cplusplus extern "C" { #endif /* The C bit field is non-portable, but the TPM specification reference implementation uses them. These two macros attempt to define the TPM specification bit fields for little and big endian machines. There is no guarantee that either will work with a specific compiler or tool chain. If not, the developer must create a custom structure. TPM_BITFIELD_LE - little endian TPM_BITFIELD_BE - big endian To access the structures as uint's for marshaling and unmarshaling, each bit field is a union with an integral field called 'val'. Yes, I know that this uses anonymous structs, but the alternative yields another level of deferencing, and will likely break more code. I hope your compiler supports this recent addition to the standard. For portable code: If neither macro is defined, this header defines the structures as uint32_t. It defines constants for the various bits, and can be used as: variable & CONSTANT (test for set) !(variable & CONSTANT) (test for clear) variable &= CONSTANT (to set) variable |= ~CONSTANT (to clear) Although the portable structures are all uint32_t, some only use the least significant 8 bits and are marshalled as a uint_8t. */ /* Table 3 - Definition of Base Types */ /* In BaseTypes.h */ /* Table 4 - Defines for Logic Values */ // In Table 39 (Yes, NO) /* In bool.h (TRUE, FALSE) */ #define SET 1 #define CLEAR 0 /* Part 4 5.5 Capabilities.h */ #define MAX_CAP_DATA (MAX_CAP_BUFFER-sizeof(TPM_CAP)-sizeof(UINT32)) #define MAX_CAP_ALGS (MAX_CAP_DATA/sizeof(TPMS_ALG_PROPERTY)) #define MAX_CAP_HANDLES (MAX_CAP_DATA/sizeof(TPM_HANDLE)) #define MAX_CAP_CC (MAX_CAP_DATA/sizeof(TPM_CC)) #define MAX_TPM_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PROPERTY)) #define MAX_PCR_PROPERTIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_PCR_SELECT)) #define MAX_ECC_CURVES (MAX_CAP_DATA/sizeof(TPM_ECC_CURVE)) #define MAX_TAGGED_POLICIES (MAX_CAP_DATA/sizeof(TPMS_TAGGED_POLICY)) /* Table 5 - Definition of Types for Documentation Clarity */ typedef UINT32 TPM_ALGORITHM_ID; /* this is the 1.2 compatible form of the TPM_ALG_ID */ typedef UINT32 TPM_MODIFIER_INDICATOR; typedef UINT32 TPM_AUTHORIZATION_SIZE; /* the authorizationSize parameter in a command */ typedef UINT32 TPM_PARAMETER_SIZE; /* the parameterSizeset parameter in a command */ typedef UINT16 TPM_KEY_SIZE; /* a key size in octets */ typedef UINT16 TPM_KEY_BITS; /* a key size in bits */ /* Table 6 - Definition of (UINT32) TPM_SPEC Constants <> */ typedef UINT32 TPM_SPEC; #define TPM_SPEC_FAMILY 0x322E3000 /* ASCII "2.0" with null terminator */ #define TPM_SPEC_LEVEL 00 /* the level number for the specification */ #define TPM_SPEC_VERSION 124 /* the version number of the spec (01.21 * 100) */ #define TPM_SPEC_YEAR 2015 /* the year of the version */ #define TPM_SPEC_DAY_OF_YEAR 191 /* the day of the year */ /* Table 7 - Definition of (UINT32) TPM_GENERATED Constants */ typedef UINT32 TPM_GENERATED; #define TPM_GENERATED_VALUE 0xff544347 /* 0xFF 'TCG' (FF 54 43 47) */ /* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ typedef UINT16 TPM_ALG_ID; /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants */ typedef UINT16 TPM_ECC_CURVE; /* Table 16 - Definition of (UINT32) TPM_RC Constants (Actions) */ typedef UINT32 TPM_RC; #define TPM_RC_SUCCESS 0x000 #define TPM_RC_BAD_TAG 0x01E /* defined for compatibility with TPM 1.2 */ #define RC_VER1 0x100 /* set for all format 0 response codes */ #define TPM_RC_INITIALIZE (RC_VER1 + 0x000) /* TPM not initialized by TPM2_Startup or already initialized */ #define TPM_RC_FAILURE (RC_VER1 + 0x001) /* commands not being accepted because of a TPM failure */ #define TPM_RC_SEQUENCE (RC_VER1 + 0x003) /* improper use of a sequence handle */ #define TPM_RC_PRIVATE (RC_VER1 + 0x00B) /* not currently used */ #define TPM_RC_HMAC (RC_VER1 + 0x019) /* not currently used */ #define TPM_RC_DISABLED (RC_VER1 + 0x020) /* the command is disabled */ #define TPM_RC_EXCLUSIVE (RC_VER1 + 0x021) /* command failed because audit sequence required exclusivity */ #define TPM_RC_AUTH_TYPE (RC_VER1 + 0x024) /* authorization handle is not correct for command */ #define TPM_RC_AUTH_MISSING (RC_VER1 + 0x025) /* command requires an authorization session for handle and it is not present. */ #define TPM_RC_POLICY (RC_VER1 + 0x026) /* policy failure in math Operation or an invalid authPolicy value */ #define TPM_RC_PCR (RC_VER1 + 0x027) /* PCR check fail */ #define TPM_RC_PCR_CHANGED (RC_VER1 + 0x028) /* PCR have changed since checked. */ #define TPM_RC_UPGRADE (RC_VER1 + 0x02D) /* for all commands other than TPM2_FieldUpgradeData(), this code indicates that the TPM is in field upgrade mode */ #define TPM_RC_TOO_MANY_CONTEXTS (RC_VER1 + 0x02E) /* context ID counter is at maximum. */ #define TPM_RC_AUTH_UNAVAILABLE (RC_VER1 + 0x02F) /* authValue or authPolicy is not available for selected entity. */ #define TPM_RC_REBOOT (RC_VER1 + 0x030) /* a _TPM_Init and Startup(CLEAR) is required before the TPM can resume operation. */ #define TPM_RC_UNBALANCED (RC_VER1 + 0x031) /* the protection algorithms (hash and symmetric) are not reasonably balanced */ #define TPM_RC_COMMAND_SIZE (RC_VER1 + 0x042) /* command commandSize value is inconsistent with contents of the command buffer */ #define TPM_RC_COMMAND_CODE (RC_VER1 + 0x043) /* command code not supported */ #define TPM_RC_AUTHSIZE (RC_VER1 + 0x044) /* the value of authorizationSize is out of range */ #define TPM_RC_AUTH_CONTEXT (RC_VER1 + 0x045) /* use of an authorization session with a context command or another command that cannot have an authorization session.*/ #define TPM_RC_NV_RANGE (RC_VER1 + 0x046) /* NV offset+size is out of range. */ #define TPM_RC_NV_SIZE (RC_VER1 + 0x047) /* Requested allocation size is larger than allowed. */ #define TPM_RC_NV_LOCKED (RC_VER1 + 0x048) /* NV access locked. */ #define TPM_RC_NV_AUTHORIZATION (RC_VER1 + 0x049) /* NV access authorization fails in command actions (this failure does not affect lockout.action) */ #define TPM_RC_NV_UNINITIALIZED (RC_VER1 + 0x04A) /* an NV Index is used before being initialized or the state saved by TPM2_Shutdown(STATE) could not be restored */ #define TPM_RC_NV_SPACE (RC_VER1 + 0x04B) /* insufficient space for NV allocation */ #define TPM_RC_NV_DEFINED (RC_VER1 + 0x04C) /* NV Index or persistent object already defined */ #define TPM_RC_BAD_CONTEXT (RC_VER1 + 0x050) /* context in TPM2_ContextLoad() is not valid */ #define TPM_RC_CPHASH (RC_VER1 + 0x051) /* cpHash value already set or not correct for use */ #define TPM_RC_PARENT (RC_VER1 + 0x052) /* handle for parent is not a valid parent */ #define TPM_RC_NEEDS_TEST (RC_VER1 + 0x053) /* some function needs testing. */ #define TPM_RC_NO_RESULT (RC_VER1 + 0x054) /* returned when an internal function cannot process a request due to an unspecified problem. */ #define TPM_RC_SENSITIVE (RC_VER1 + 0x055) /* the sensitive area did not unmarshal correctly after decryption */ #define RC_MAX_FM0 (RC_VER1 + 0x07F) /* largest version 1 code that is not a warning */ /* The codes in this group may have a value added to them to indicate the handle, session, or parameter to which they apply. */ #define RC_FMT1 0x080 /* This bit is SET in all format 1 response codes */ #define TPM_RC_ASYMMETRIC (RC_FMT1 + 0x001) /* asymmetric algorithm not supported or not correct */ #define TPM_RC_ATTRIBUTES (RC_FMT1 + 0x002) /* inconsistent attributes */ #define TPM_RC_HASH (RC_FMT1 + 0x003) /* hash algorithm not supported or not appropriate */ #define TPM_RC_VALUE (RC_FMT1 + 0x004) /* value is out of range or is not correct for the context */ #define TPM_RC_HIERARCHY (RC_FMT1 + 0x005) /* hierarchy is not enabled or is not correct for the use */ #define TPM_RC_KEY_SIZE (RC_FMT1 + 0x007) /* key size is not supported */ #define TPM_RC_MGF (RC_FMT1 + 0x008) /* mask generation function not supported */ #define TPM_RC_MODE (RC_FMT1 + 0x009) /* mode of operation not supported */ #define TPM_RC_TYPE (RC_FMT1 + 0x00A) /* the type of the value is not appropriate for the use */ #define TPM_RC_HANDLE (RC_FMT1 + 0x00B) /* the handle is not correct for the use */ #define TPM_RC_KDF (RC_FMT1 + 0x00C) /* unsupported key derivation function or function not appropriate for use */ #define TPM_RC_RANGE (RC_FMT1 + 0x00D) /* value was out of allowed range. */ #define TPM_RC_AUTH_FAIL (RC_FMT1 + 0x00E) /* the authorization HMAC check failed and DA counter incremented */ #define TPM_RC_NONCE (RC_FMT1 + 0x00F) /* invalid nonce size or nonce value mismatch */ #define TPM_RC_PP (RC_FMT1 + 0x010) /* authorization requires assertion of PP */ #define TPM_RC_SCHEME (RC_FMT1 + 0x012) /* unsupported or incompatible scheme */ #define TPM_RC_SIZE (RC_FMT1 + 0x015) /* structure is the wrong size */ #define TPM_RC_SYMMETRIC (RC_FMT1 + 0x016) /* unsupported symmetric algorithm or key size, or not appropriate for instance */ #define TPM_RC_TAG (RC_FMT1 + 0x017) /* incorrect structure tag */ #define TPM_RC_SELECTOR (RC_FMT1 + 0x018) /* union selector is incorrect */ #define TPM_RC_INSUFFICIENT (RC_FMT1 + 0x01A) /* the TPM was unable to unmarshal a value because there were not enough octets in the input buffer */ #define TPM_RC_SIGNATURE (RC_FMT1 + 0x01B) /* the signature is not valid */ #define TPM_RC_KEY (RC_FMT1 + 0x01C) /* key fields are not compatible with the selected use */ #define TPM_RC_POLICY_FAIL (RC_FMT1 + 0x01D) /* a policy check failed */ #define TPM_RC_INTEGRITY (RC_FMT1 + 0x01F) /* integrity check failed */ #define TPM_RC_TICKET (RC_FMT1 + 0x020) /* invalid ticket */ #define TPM_RC_RESERVED_BITS (RC_FMT1 + 0x021) /* reserved bits not set to zero as required */ #define TPM_RC_BAD_AUTH (RC_FMT1 + 0x022) /* authorization failure without DA implications */ #define TPM_RC_EXPIRED (RC_FMT1 + 0x023) /* the policy has expired */ #define TPM_RC_POLICY_CC (RC_FMT1 + 0x024) /* the commandCode in the policy is not the commandCode of the command */ #define TPM_RC_BINDING (RC_FMT1 + 0x025) /* public and sensitive portions of an object are not cryptographically bound */ #define TPM_RC_CURVE (RC_FMT1 + 0x026) /* curve not supported */ #define TPM_RC_ECC_POINT (RC_FMT1 + 0x027) /* point is not on the required curve. */ /* aliases for FMT1 commands when parameter number can be added */ #define TPM_RCS_VALUE TPM_RC_VALUE #define TPM_RCS_TYPE TPM_RC_TYPE #define TPM_RCS_HANDLE TPM_RC_HANDLE #define TPM_RCS_SIZE TPM_RC_SIZE #define TPM_RCS_ATTRIBUTES TPM_RC_ATTRIBUTES #define TPM_RCS_NONCE TPM_RC_NONCE #define TPM_RCS_SYMMETRIC TPM_RC_SYMMETRIC #define TPM_RCS_MODE TPM_RC_MODE #define TPM_RCS_SCHEME TPM_RC_SCHEME #define TPM_RCS_KEY TPM_RC_KEY #define TPM_RCS_ECC_POINT TPM_RC_ECC_POINT #define TPM_RCS_HASH TPM_RC_HASH #define TPM_RCS_HIERARCHY TPM_RC_HIERARCHY #define TPM_RCS_TICKET TPM_RC_TICKET #define TPM_RCS_RANGE TPM_RC_RANGE #define TPM_RCS_INTEGRITY TPM_RC_INTEGRITY #define TPM_RCS_POLICY_CC TPM_RC_POLICY_CC #define TPM_RCS_EXPIRED TPM_RC_EXPIRED #define RC_WARN 0x900 /* set for warning response codes */ #define TPM_RC_CONTEXT_GAP (RC_WARN + 0x001) /* gap for context ID is too large */ #define TPM_RC_OBJECT_MEMORY (RC_WARN + 0x002) /* out of memory for object contexts */ #define TPM_RC_SESSION_MEMORY (RC_WARN + 0x003) /* out of memory for session contexts */ #define TPM_RC_MEMORY (RC_WARN + 0x004) /* out of shared object/session memory or need space for internal operations */ #define TPM_RC_SESSION_HANDLES (RC_WARN + 0x005) /* out of session handles - a session must be flushed before a new session may be created */ #define TPM_RC_OBJECT_HANDLES (RC_WARN + 0x006) /* out of object handles - the handle space for objects is depleted and a reboot is required */ #define TPM_RC_LOCALITY (RC_WARN + 0x007) /* bad locality */ #define TPM_RC_YIELDED (RC_WARN + 0x008) /* the TPM has suspended operation on the command; forward progress was made and the command may be retried. */ #define TPM_RC_CANCELED (RC_WARN + 0x009) /* the command was canceled */ #define TPM_RC_CANCELLED TPM_RC_CANCELED #define TPM_RC_TESTING (RC_WARN + 0x00A) /* TPM is performing self-tests */ #define TPM_RC_REFERENCE_H0 (RC_WARN + 0x010) /* the 1st handle in the handle area references a transient object or session that is not loaded */ #define TPM_RC_REFERENCE_H1 (RC_WARN + 0x011) /* the 2nd handle in the handle area references a transient object or session that is not loaded */ #define TPM_RC_REFERENCE_H2 (RC_WARN + 0x012) /* the 3rd handle in the handle area references a transient object or session that is not loaded */ #define TPM_RC_REFERENCE_H3 (RC_WARN + 0x013) /* the 4th handle in the handle area references a transient object or session that is not loaded */ #define TPM_RC_REFERENCE_H4 (RC_WARN + 0x014) /* the 5th handle in the handle area references a transient object or session that is not loaded */ #define TPM_RC_REFERENCE_H5 (RC_WARN + 0x015) /* the 6th handle in the handle area references a transient object or session that is not loaded */ #define TPM_RC_REFERENCE_H6 (RC_WARN + 0x016) /* the 7th handle in the handle area references a transient object or session that is not loaded */ #define TPM_RC_REFERENCE_S0 (RC_WARN + 0x018) /* the 1st authorization session handle references a session that is not loaded */ #define TPM_RC_REFERENCE_S1 (RC_WARN + 0x019) /* the 2nd authorization session handle references a session that is not loaded */ #define TPM_RC_REFERENCE_S2 (RC_WARN + 0x01A) /* the 3rd authorization session handle references a session that is not loaded */ #define TPM_RC_REFERENCE_S3 (RC_WARN + 0x01B) /* the 4th authorization session handle references a session that is not loaded */ #define TPM_RC_REFERENCE_S4 (RC_WARN + 0x01C) /* the 5th session handle references a session that is not loaded */ #define TPM_RC_REFERENCE_S5 (RC_WARN + 0x01D) /* the 6th session handle references a session that is not loaded */ #define TPM_RC_REFERENCE_S6 (RC_WARN + 0x01E) /* the 7th authorization session handle references a session that is not loaded */ #define TPM_RC_NV_RATE (RC_WARN + 0x020) /* the TPM is rate-limiting accesses to prevent wearout of NV */ #define TPM_RC_LOCKOUT (RC_WARN + 0x021) /* authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode */ #define TPM_RC_RETRY (RC_WARN + 0x022) /* the TPM was not able to start the command */ #define TPM_RC_NV_UNAVAILABLE (RC_WARN + 0x023) /* the command may require writing of NV and NV is not current accessible */ #define TPM_RC_NOT_USED (RC_WARN + 0x07F) /* this value is reserved and shall not be returned by the TPM */ #define TPM_RC_H 0x000 /* add to a handle-related error */ #define TPM_RC_P 0x040 /* add to a parameter-related error */ #define TPM_RC_S 0x800 /* add to a session-related error */ #define TPM_RC_1 0x100 /* add to a parameter-, handle-, or session-related error */ #define TPM_RC_2 0x200 /* add to a parameter-, handle-, or session-related error */ #define TPM_RC_3 0x300 /* add to a parameter-, handle-, or session-related error */ #define TPM_RC_4 0x400 /* add to a parameter-, handle-, or session-related error */ #define TPM_RC_5 0x500 /* add to a parameter-, handle-, or session-related error */ #define TPM_RC_6 0x600 /* add to a parameter-, handle-, or session-related error */ #define TPM_RC_7 0x700 /* add to a parameter-, handle-, or session-related error */ #define TPM_RC_8 0x800 /* add to a parameter-related error */ #define TPM_RC_9 0x900 /* add to a parameter-related error */ #define TPM_RC_A 0xA00 /* add to a parameter-related error */ #define TPM_RC_B 0xB00 /* add to a parameter-related error */ #define TPM_RC_C 0xC00 /* add to a parameter-related error */ #define TPM_RC_D 0xD00 /* add to a parameter-related error */ #define TPM_RC_E 0xE00 /* add to a parameter-related error */ #define TPM_RC_F 0xF00 /* add to a parameter-related error */ #define TPM_RC_N_MASK 0xF00 /* number mask */ /* Table 17 - Definition of (INT8) TPM_CLOCK_ADJUST Constants */ typedef INT8 TPM_CLOCK_ADJUST; #define TPM_CLOCK_COARSE_SLOWER -3 /* Slow the Clock update rate by one coarse adjustment step. */ #define TPM_CLOCK_MEDIUM_SLOWER -2 /* Slow the Clock update rate by one medium adjustment step. */ #define TPM_CLOCK_FINE_SLOWER -1 /* Slow the Clock update rate by one fine adjustment step. */ #define TPM_CLOCK_NO_CHANGE 0 /* No change to the Clock update rate. */ #define TPM_CLOCK_FINE_FASTER 1 /* Speed the Clock update rate by one fine adjustment step. */ #define TPM_CLOCK_MEDIUM_FASTER 2 /* Speed the Clock update rate by one medium adjustment step. */ #define TPM_CLOCK_COARSE_FASTER 3 /* Speed the Clock update rate by one coarse adjustment step. */ /* Table 18 - Definition of (UINT16) TPM_EO Constants */ typedef UINT16 TPM_EO; #define TPM_EO_EQ 0x0000 /* A = B */ #define TPM_EO_NEQ 0x0001 /* A != B */ #define TPM_EO_SIGNED_GT 0x0002 /* A > B signed */ #define TPM_EO_UNSIGNED_GT 0x0003 /* A > B unsigned */ #define TPM_EO_SIGNED_LT 0x0004 /* A < B signed */ #define TPM_EO_UNSIGNED_LT 0x0005 /* A < B unsigned */ #define TPM_EO_SIGNED_GE 0x0006 /* A = B signed */ #define TPM_EO_UNSIGNED_GE 0x0007 /* A = B unsigned */ #define TPM_EO_SIGNED_LE 0x0008 /* A = B signed */ #define TPM_EO_UNSIGNED_LE 0x0009 /* A = B unsigned */ #define TPM_EO_BITSET 0x000A /* All bits SET in B are SET in A. ((A&B)=B) */ #define TPM_EO_BITCLEAR 0x000B /* All bits SET in B are CLEAR in A. ((A&B)=0) */ /* Table 19 - Definition of (UINT16) TPM_ST Constants */ typedef UINT16 TPM_ST; #define TPM_ST_RSP_COMMAND 0x00C4 /* tag value for a response */ #define TPM_ST_NULL 0X8000 /* no structure type specified */ #define TPM_ST_NO_SESSIONS 0x8001 /* command/response has no attached sessions*/ #define TPM_ST_SESSIONS 0x8002 /* command/response has one or more attached sessions*/ #define TPM_ST_ATTEST_NV 0x8014 /* tag for an attestation structure */ #define TPM_ST_ATTEST_COMMAND_AUDIT 0x8015 /* tag for an attestation structure */ #define TPM_ST_ATTEST_SESSION_AUDIT 0x8016 /* tag for an attestation structure */ #define TPM_ST_ATTEST_CERTIFY 0x8017 /* tag for an attestation structure */ #define TPM_ST_ATTEST_QUOTE 0x8018 /* tag for an attestation structure */ #define TPM_ST_ATTEST_TIME 0x8019 /* tag for an attestation structure */ #define TPM_ST_ATTEST_CREATION 0x801A /* tag for an attestation structure */ #define TPM_ST_CREATION 0x8021 /* tag for a ticket type */ #define TPM_ST_VERIFIED 0x8022 /* tag for a ticket type */ #define TPM_ST_AUTH_SECRET 0x8023 /* tag for a ticket type */ #define TPM_ST_HASHCHECK 0x8024 /* tag for a ticket type */ #define TPM_ST_AUTH_SIGNED 0x8025 /* tag for a ticket type */ #define TPM_ST_FU_MANIFEST 0x8029 /* tag for a structure describing a Field Upgrade Policy */ /* Table 20 - Definition of (UINT16) TPM_SU Constants */ typedef UINT16 TPM_SU; #define TPM_SU_CLEAR 0x0000 /* on TPM2_Startup(), indicates that the TPM should perform TPM Reset or TPM Restart */ #define TPM_SU_STATE 0x0001 /* on TPM2_Startup(), indicates that the TPM should restore the state saved by TPM2_Shutdown(TPM_SU_STATE) */ /* Table 21 - Definition of (UINT8) TPM_SE Constants */ typedef UINT8 TPM_SE; #define TPM_SE_HMAC 0x00 #define TPM_SE_POLICY 0x01 #define TPM_SE_TRIAL 0x03 /* Table 22 - Definition of (UINT32) TPM_CAP Constants */ typedef UINT32 TPM_CAP; #define TPM_CAP_FIRST 0x00000000 /* */ #define TPM_CAP_ALGS 0x00000000 /* TPM_ALG_ID(1) TPML_ALG_PROPERTY */ #define TPM_CAP_HANDLES 0x00000001 /* TPM_HANDLE TPML_HANDLE */ #define TPM_CAP_COMMANDS 0x00000002 /* TPM_CC TPML_CCA */ #define TPM_CAP_PP_COMMANDS 0x00000003 /* TPM_CC TPML_CC */ #define TPM_CAP_AUDIT_COMMANDS 0x00000004 /* TPM_CC TPML_CC */ #define TPM_CAP_PCRS 0x00000005 /* reserved TPML_PCR_SELECTION */ #define TPM_CAP_TPM_PROPERTIES 0x00000006 /* TPM_PT TPML_TAGGED_TPM_PROPERTY */ #define TPM_CAP_PCR_PROPERTIES 0x00000007 /* TPM_PT_PCR TPML_TAGGED_PCR_PROPERTY */ #define TPM_CAP_ECC_CURVES 0x00000008 /* TPM_ECC_CURVE(1) TPML_ECC_CURVE */ #define TPM_CAP_LAST 0x00000008 /* */ #define TPM_CAP_VENDOR_PROPERTY 0x00000100 /* manufacturer specific manufacturer-specific values */ /* Table 23 - Definition of (UINT32) TPM_PT Constants */ typedef UINT32 TPM_PT; #define TPM_PT_NONE 0x00000000 /* indicates no property type */ #define PT_GROUP 0x00000100 /* The number of properties in each group. */ #define PT_FIXED (PT_GROUP * 1) /* the group of fixed properties returned as TPMS_TAGGED_PROPERTY */ /* The values in this group are only changed due to a firmware change in the TPM. */ #define TPM_PT_FAMILY_INDICATOR (PT_FIXED + 0) /* a 4-octet character string containing the TPM Family value (TPM_SPEC_FAMILY) */ #define TPM_PT_LEVEL (PT_FIXED + 1) /* the level of the specification */ #define TPM_PT_REVISION (PT_FIXED + 2) /* the specification Revision times 100 */ #define TPM_PT_DAY_OF_YEAR (PT_FIXED + 3) /* the specification day of year using TCG calendar */ #define TPM_PT_YEAR (PT_FIXED + 4) /* the specification year using the CE */ #define TPM_PT_MANUFACTURER (PT_FIXED + 5) /* the vendor ID unique to each TPM manufacturer */ #define TPM_PT_VENDOR_STRING_1 (PT_FIXED + 6) /* the first four characters of the vendor ID string */ #define TPM_PT_VENDOR_STRING_2 (PT_FIXED + 7) /* the second four characters of the vendor ID string */ #define TPM_PT_VENDOR_STRING_3 (PT_FIXED + 8) /* the third four characters of the vendor ID string */ #define TPM_PT_VENDOR_STRING_4 (PT_FIXED + 9) /* the fourth four characters of the vendor ID sting */ #define TPM_PT_VENDOR_TPM_TYPE (PT_FIXED + 10) /* vendor-defined value indicating the TPM model */ #define TPM_PT_FIRMWARE_VERSION_1 (PT_FIXED + 11) /* the most-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware */ #define TPM_PT_FIRMWARE_VERSION_2 (PT_FIXED + 12) /* the least-significant 32 bits of a TPM vendor-specific value indicating the version number of the firmware */ #define TPM_PT_INPUT_BUFFER (PT_FIXED + 13) /* the maximum size of a parameter (typically, a TPM2B_MAX_BUFFER) */ #define TPM_PT_HR_TRANSIENT_MIN (PT_FIXED + 14) /* the minimum number of transient objects that can be held in TPM RAM */ #define TPM_PT_HR_PERSISTENT_MIN (PT_FIXED + 15) /* the minimum number of persistent objects that can be held in TPM NV memory */ #define TPM_PT_HR_LOADED_MIN (PT_FIXED + 16) /* the minimum number of authorization sessions that can be held in TPM RAM */ #define TPM_PT_ACTIVE_SESSIONS_MAX (PT_FIXED + 17) /* the number of authorization sessions that may be active at a time */ #define TPM_PT_PCR_COUNT (PT_FIXED + 18) /* the number of PCR implemented */ #define TPM_PT_PCR_SELECT_MIN (PT_FIXED + 19) /* the minimum number of octets in a TPMS_PCR_SELECT.sizeOfSelect */ #define TPM_PT_CONTEXT_GAP_MAX (PT_FIXED + 20) /* the maximum allowed difference (unsigned) between the contextID values of two saved session contexts */ #define TPM_PT_NV_COUNTERS_MAX (PT_FIXED + 22) /* the maximum number of NV Indexes that are allowed to have TPM_NV_COUNTER attribute SET */ #define TPM_PT_NV_INDEX_MAX (PT_FIXED + 23) /* the maximum size of an NV Index data area */ #define TPM_PT_MEMORY (PT_FIXED + 24) /* a TPMA_MEMORY indicating the memory management method for the TPM */ #define TPM_PT_CLOCK_UPDATE (PT_FIXED + 25) /* interval, in milliseconds, between updates to the copy of TPMS_CLOCK_INFO.clock in NV */ #define TPM_PT_CONTEXT_HASH (PT_FIXED + 26) /* the algorithm used for the integrity HMAC on saved contexts and for hashing the fuData of TPM2_FirmwareRead() */ #define TPM_PT_CONTEXT_SYM (PT_FIXED + 27) /* TPM_ALG_ID, the algorithm used for encryption of saved contexts */ #define TPM_PT_CONTEXT_SYM_SIZE (PT_FIXED + 28) /* TPM_KEY_BITS, the size of the key used for encryption of saved contexts */ #define TPM_PT_ORDERLY_COUNT (PT_FIXED + 29) /* the modulus - 1 of the count for NV update of an orderly counter */ #define TPM_PT_MAX_COMMAND_SIZE (PT_FIXED + 30) /* the maximum value for commandSize in a command */ #define TPM_PT_MAX_RESPONSE_SIZE (PT_FIXED + 31) /* the maximum value for responseSize in a response */ #define TPM_PT_MAX_DIGEST (PT_FIXED + 32) /* the maximum size of a digest that can be produced by the TPM */ #define TPM_PT_MAX_OBJECT_CONTEXT (PT_FIXED + 33) /* the maximum size of an object context that will be returned by TPM2_ContextSave */ #define TPM_PT_MAX_SESSION_CONTEXT (PT_FIXED + 34) /* the maximum size of a session context that will be returned by TPM2_ContextSave */ #define TPM_PT_PS_FAMILY_INDICATOR (PT_FIXED + 35) /* platform-specific family (a TPM_PS value)(see Table 26) */ #define TPM_PT_PS_LEVEL (PT_FIXED + 36) /* the level of the platform-specific specification */ #define TPM_PT_PS_REVISION (PT_FIXED + 37) /* the specification Revision times 100 for the platform-specific specification */ #define TPM_PT_PS_DAY_OF_YEAR (PT_FIXED + 38) /* the platform-specific specification day of year using TCG calendar */ #define TPM_PT_PS_YEAR (PT_FIXED + 39) /* the platform-specific specification year using the CE */ #define TPM_PT_SPLIT_MAX (PT_FIXED + 40) /* the number of split signing operations supported by the TPM */ #define TPM_PT_TOTAL_COMMANDS (PT_FIXED + 41) /* total number of commands implemented in the TPM */ #define TPM_PT_LIBRARY_COMMANDS (PT_FIXED + 42) /* number of commands from the TPM library that are implemented */ #define TPM_PT_VENDOR_COMMANDS (PT_FIXED + 43) /* number of vendor commands that are implemented */ #define TPM_PT_NV_BUFFER_MAX (PT_FIXED + 44) /* the maximum data size in one NV write command */ #define PT_VAR (PT_GROUP * 2) /* the group of variable properties returned as TPMS_TAGGED_PROPERTY */ /* The properties in this group change because of a Protected Capability other than a firmware update. The values are not necessarily persistent across all power transitions. */ #define TPM_PT_PERMANENT (PT_VAR + 0) /* TPMA_PERMANENT */ #define TPM_PT_STARTUP_CLEAR (PT_VAR + 1) /* TPMA_STARTUP_CLEAR */ #define TPM_PT_HR_NV_INDEX (PT_VAR + 2) /* the number of NV Indexes currently defined */ #define TPM_PT_HR_LOADED (PT_VAR + 3) /* the number of authorization sessions currently loaded into TPM RAM */ #define TPM_PT_HR_LOADED_AVAIL (PT_VAR + 4) /* the number of additional authorization sessions, of any type, that could be loaded into TPM RAM */ #define TPM_PT_HR_ACTIVE (PT_VAR + 5) /* the number of active authorization sessions currently being tracked by the TPM */ #define TPM_PT_HR_ACTIVE_AVAIL (PT_VAR + 6) /* the number of additional authorization sessions, of any type, that could be created */ #define TPM_PT_HR_TRANSIENT_AVAIL (PT_VAR + 7) /* estimate of the number of additional transient objects that could be loaded into TPM RAM */ #define TPM_PT_HR_PERSISTENT (PT_VAR + 8) /* the number of persistent objects currently loaded into TPM NV memory */ #define TPM_PT_HR_PERSISTENT_AVAIL (PT_VAR + 9) /* the number of additional persistent objects that could be loaded into NV memory */ #define TPM_PT_NV_COUNTERS (PT_VAR + 10) /* the number of defined NV Indexes that have the NV TPM_NV_COUNTER attribute SET */ #define TPM_PT_NV_COUNTERS_AVAIL (PT_VAR + 11) /* the number of additional NV Indexes that can be defined with their TPM_NT of TPM_NV_COUNTER and the TPM_NV_ORDERLY attribute SET */ #define TPM_PT_ALGORITHM_SET (PT_VAR + 12) /* code that limits the algorithms that may be used with the TPM */ #define TPM_PT_LOADED_CURVES (PT_VAR + 13) /* the number of loaded ECC curves */ #define TPM_PT_LOCKOUT_COUNTER (PT_VAR + 14) /* the current value of the lockout counter (failedTries) */ #define TPM_PT_MAX_AUTH_FAIL (PT_VAR + 15) /* the number of authorization failures before DA lockout is invoked */ #define TPM_PT_LOCKOUT_INTERVAL (PT_VAR + 16) /* the number of seconds before the value reported by TPM_PT_LOCKOUT_COUNTER is decremented */ #define TPM_PT_LOCKOUT_RECOVERY (PT_VAR + 17) /* the number of seconds after a lockoutAuth failure before use of lockoutAuth may be attempted again */ #define TPM_PT_NV_WRITE_RECOVERY (PT_VAR + 18) /* number of milliseconds before the TPM will accept another command that will modify NV */ #define TPM_PT_AUDIT_COUNTER_0 (PT_VAR + 19) /* the high-order 32 bits of the command audit counter */ #define TPM_PT_AUDIT_COUNTER_1 (PT_VAR + 20) /* the low-order 32 bits of the command audit counter */ /* Table 24 - Definition of (UINT32) TPM_PT_PCR Constants */ typedef UINT32 TPM_PT_PCR; #define TPM_PT_PCR_FIRST 0x00000000 /* bottom of the range of TPM_PT_PCR properties */ #define TPM_PT_PCR_SAVE 0x00000000 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR is saved and restored by TPM_SU_STATE */ #define TPM_PT_PCR_EXTEND_L0 0x00000001 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 0 */ #define TPM_PT_PCR_RESET_L0 0x00000002 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 0 */ #define TPM_PT_PCR_EXTEND_L1 0x00000003 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 1 */ #define TPM_PT_PCR_RESET_L1 0x00000004 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 1 */ #define TPM_PT_PCR_EXTEND_L2 0x00000005 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 2 */ #define TPM_PT_PCR_RESET_L2 0x00000006 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 2 */ #define TPM_PT_PCR_EXTEND_L3 0x00000007 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 3 */ #define TPM_PT_PCR_RESET_L3 0x00000008 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 3 */ #define TPM_PT_PCR_EXTEND_L4 0x00000009 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be extended from locality 4 */ #define TPM_PT_PCR_RESET_L4 0x0000000A /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 4 */ #define TPM_PT_PCR_NO_INCREMENT 0x00000011 /* a SET bit in the TPMS_PCR_SELECT indicates that modifications to this PCR (reset or Extend) will not increment the pcrUpdateCounter */ #define TPM_PT_PCR_RESET_L4 0x0000000A /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR may be reset by TPM2_PCR_Reset() from locality 4 */ #define TPM_PT_PCR_DRTM_RESET 0x00000012 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR is reset by a DRTM event */ #define TPM_PT_PCR_POLICY 0x00000013 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled by policy */ #define TPM_PT_PCR_AUTH 0x00000014 /* a SET bit in the TPMS_PCR_SELECT indicates that the PCR is controlled by an authorization value */ #define TPM_PT_PCR_LAST 0x00000014 /* top of the range of TPM_PT_PCR properties of the implementation */ /* Table 25 - Definition of (UINT32) TPM_PS Constants */ typedef UINT32 TPM_PS; #define TPM_PS_MAIN 0x00000000 /* not platform specific */ #define TPM_PS_PC 0x00000001 /* PC Client */ #define TPM_PS_PDA 0x00000002 /* PDA (includes all mobile devices that are not specifically cell phones) */ #define TPM_PS_CELL_PHONE 0x00000003 /* Cell Phone */ #define TPM_PS_SERVER 0x00000004 /* Server WG */ #define TPM_PS_PERIPHERAL 0x00000005 /* Peripheral WG */ #define TPM_PS_TSS 0x00000006 /* TSS WG */ #define TPM_PS_STORAGE 0x00000007 /* Storage WG */ #define TPM_PS_AUTHENTICATION 0x00000008 /* Authentication WG */ #define TPM_PS_EMBEDDED 0x00000009 /* Embedded WG */ #define TPM_PS_HARDCOPY 0x0000000A /* Hardcopy WG */ #define TPM_PS_INFRASTRUCTURE 0x0000000B /* Infrastructure WG */ #define TPM_PS_VIRTUALIZATION 0x0000000C /* Virtualization WG */ #define TPM_PS_TNC 0x0000000D /* Trusted Network Connect WG */ #define TPM_PS_MULTI_TENANT 0x0000000E /* Multi-tenant WG */ #define TPM_PS_TC 0x0000000F /* Technical Committee*/ /* Table 26 - Definition of Types for Handles */ typedef UINT32 TPM_HANDLE; /* Handles may refer to objects (keys or data blobs), authorization sessions (HMAC and policy), NV Indexes, permanent TPM locations, and PCR. */ /* Table 27 - Definition of (UINT8) TPM_HT Constants */ typedef UINT8 TPM_HT; #define TPM_HT_PCR 0x00 /* PCR - consecutive numbers, starting at 0, that reference the PCR registers */ #define TPM_HT_NV_INDEX 0x01 /* NV Index - assigned by the caller */ #define TPM_HT_HMAC_SESSION 0x02 /* HMAC Authorization Session - assigned by the TPM when the session is created */ #define TPM_HT_LOADED_SESSION 0x02 /* Loaded Authorization Session - used only in the context of TPM2_GetCapability */ #define TPM_HT_POLICY_SESSION 0x03 /* Policy Authorization Session - assigned by the TPM when the session is created */ #define TPM_HT_SAVED_SESSION 0x03 /* Saved Authorization Session - used only in the context of TPM2_GetCapability */ #define TPM_HT_PERMANENT 0x40 /* Permanent Values - assigned by this specification in Table 27 */ #define TPM_HT_TRANSIENT 0x80 /* Transient Objects - assigned by the TPM when an object is loaded into transient-object memory or when a persistent object is converted to a transient object */ #define TPM_HT_PERSISTENT 0x81 /* Persistent Objects - assigned by the TPM when a loaded transient object is made persistent */ /* Table 28 - Definition of (TPM_HANDLE) TPM_RH Constants */ typedef TPM_HANDLE TPM_RH; #define TPM_RH_FIRST 0x40000000 /* R */ #define TPM_RH_SRK 0x40000000 /* R not used1 */ #define TPM_RH_OWNER 0x40000001 /* K, A, P handle references the Storage Primary Seed (SPS), the ownerAuth, and the ownerPolicy */ #define TPM_RH_REVOKE 0x40000002 /* R not used1 */ #define TPM_RH_TRANSPORT 0x40000003 /* R not used1 */ #define TPM_RH_OPERATOR 0x40000004 /* R not used1 */ #define TPM_RH_ADMIN 0x40000005 /* R not used1 */ #define TPM_RH_EK 0x40000006 /* R not used1 */ #define TPM_RH_NULL 0x40000007 /* K, A, P a handle associated with the null hierarchy, an EmptyAuth authValue, and an Empty Policy authPolicy. */ #define TPM_RH_UNASSIGNED 0x40000008 /* R value reserved to the TPM to indicate a handle location that has not been initialized or assigned */ #define TPM_RS_PW 0x40000009 /* S authorization value used to indicate a password authorization session */ #define TPM_RH_LOCKOUT 0x4000000A /* A references the authorization associated with the dictionary attack lockout reset */ #define TPM_RH_ENDORSEMENT 0x4000000B /* K, A, P references the Endorsement Primary Seed (EPS), endorsementAuth, and endorsementPolicy */ #define TPM_RH_PLATFORM 0x4000000C /* K, A, P references the Platform Primary Seed (PPS), platformAuth, and platformPolicy */ #define TPM_RH_PLATFORM_NV 0x4000000D /* C for phEnableNV */ #define TPM_RH_AUTH_00 0x40000010 /* A Start of a range of authorization values that are vendor-specific. A TPM may support any of the values in this range as are needed for vendor-specific purposes. Disabled if ehEnable is CLEAR. */ #define TPM_RH_AUTH_FF 0x4000010F /* A End of the range of vendor-specific authorization values. */ #define TPM_RH_LAST 0x4000010F /* R the top of the reserved handle area */ /* Table 29 - Definition of (TPM_HANDLE) TPM_HC Constants */ #define HR_HANDLE_MASK 0x00FFFFFF /* to mask off the HR */ #define HR_RANGE_MASK 0xFF000000 /* to mask off the variable part */ #define HR_SHIFT 24 #define HR_PCR (TPM_HT_PCR << HR_SHIFT) #define HR_HMAC_SESSION (TPM_HT_HMAC_SESSION << HR_SHIFT) #define HR_POLICY_SESSION (TPM_HT_POLICY_SESSION << HR_SHIFT) #define HR_TRANSIENT (TPM_HT_TRANSIENT << HR_SHIFT) #define HR_PERSISTENT (TPM_HT_PERSISTENT << HR_SHIFT) #define HR_NV_INDEX (TPM_HT_NV_INDEX << HR_SHIFT) #define HR_PERMANENT (TPM_HT_PERMANENT << HR_SHIFT) #define PCR_FIRST (HR_PCR + 0) /* first PCR */ #define PCR_LAST (PCR_FIRST + IMPLEMENTATION_PCR-1) /* last PCR */ #define HMAC_SESSION_FIRST (HR_HMAC_SESSION + 0) /* first HMAC session */ #define HMAC_SESSION_LAST (HMAC_SESSION_FIRST | 0x00FFFFFF) /* last HMAC session */ #define LOADED_SESSION_FIRST HMAC_SESSION_FIRST /* used in GetCapability */ #define LOADED_SESSION_LAST HMAC_SESSION_LAST /* used in GetCapability */ #define POLICY_SESSION_FIRST (HR_POLICY_SESSION + 0) /* first policy session */ #define POLICY_SESSION_LAST (POLICY_SESSION_FIRST | 0x00FFFFFF) /* last policy session */ #define TRANSIENT_FIRST ((UINT32)(HR_TRANSIENT + 0)) /* first transient object */ #define ACTIVE_SESSION_FIRST POLICY_SESSION_FIRST /* used in GetCapability */ #define ACTIVE_SESSION_LAST POLICY_SESSION_LAST /* used in GetCapability */ #define TRANSIENT_LAST ((UINT32)(TRANSIENT_FIRST+MAX_LOADED_OBJECTS-1)) /* last transient object */ #define PERSISTENT_FIRST ((UINT32)(HR_PERSISTENT + 0)) /* first persistent object */ #define PERSISTENT_LAST ((UINT32)(PERSISTENT_FIRST + 0x00FFFFFF)) /* last persistent object */ #define PLATFORM_PERSISTENT (PERSISTENT_FIRST + 0x00800000) /* first platform persistent object */ #define NV_INDEX_FIRST (HR_NV_INDEX + 0) /* first allowed NV Index */ #define NV_INDEX_LAST (NV_INDEX_FIRST + 0x00FFFFFF) /* last allowed NV Index */ #define PERMANENT_FIRST TPM_RH_FIRST #define PERMANENT_LAST TPM_RH_LAST /* Table 30 - Definition of (UINT32) TPMA_ALGORITHM Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int asymmetric : 1; /* 0 an asymmetric algorithm with public and private portions */ unsigned int symmetric : 1; /* 1 a symmetric block cipher */ unsigned int hash : 1; /* a hash algorithm */ unsigned int object : 1; /* an algorithm that may be used as an object type */ unsigned int Reserved1 : 4; /* 7:4 */ unsigned int signing : 1; /* 8 a signing algorithm */ unsigned int encrypting : 1; /* 9 an encryption/decryption algorithm */ unsigned int method : 1; /* 10 a method such as a key derivative function (KDF) */ unsigned int Reserved2 : 21; /* 31:11 */ }; UINT32 val; } TPMA_ALGORITHM; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int Reserved2 : 21; /* 31:11 */ unsigned int method : 1; /* 10 a method such as a key derivative function (KDF) */ unsigned int encrypting : 1; /* 9 an encryption/decryption algorithm */ unsigned int signing : 1; /* 8 a signing algorithm */ unsigned int Reserved1 : 4; /* 7:4 */ unsigned int object : 1; /* an algorithm that may be used as an object type */ unsigned int hash : 1; /* a hash algorithm */ unsigned int symmetric : 1; /* 1 a symmetric block cipher */ unsigned int asymmetric : 1; /* 0 an asymmetric algorithm with public and private portions */ }; UINT32 val; } TPMA_ALGORITHM; #else typedef struct { UINT32 val; } TPMA_ALGORITHM; #endif #define TPMA_ALGORITHM_ASYMMETRIC 0x00000001 #define TPMA_ALGORITHM_SYMMETRIC 0x00000002 #define TPMA_ALGORITHM_HASH 0x00000004 #define TPMA_ALGORITHM_OBJECT 0x00000008 #define TPMA_ALGORITHM_RESERVED1 0x000000f0 #define TPMA_ALGORITHM_SIGNING 0x00000100 #define TPMA_ALGORITHM_ENCRYPTING 0x00000200 #define TPMA_ALGORITHM_METHOD 0x00000400 #define TPMA_ALGORITHM_RESERVED2 0xfffff800 #define TPMA_ALGORITHM_RESERVED ( \ TPMA_ALGORITHM_RESERVED1 | \ TPMA_ALGORITHM_RESERVED2 ) /* Table 31 - Definition of (UINT32) TPMA_OBJECT Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int Reserved1 : 1; /* 0 shall be zero */ unsigned int fixedTPM : 1; /* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */ unsigned int stClear : 1; /* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */ unsigned int Reserved2 : 1; /* 3 shall be zero */ unsigned int fixedParent : 1; /* 4 The parent of the object may not change. */ unsigned int sensitiveDataOrigin : 1; /* 5 the TPM generated all of the sensitive data other than the authValue. */ unsigned int userWithAuth : 1; /* 6 HMAC session or with a password */ unsigned int adminWithPolicy : 1; /* 7 policy session. */ unsigned int Reserved3 : 2; /* 9:8 shall be zero */ unsigned int noDA : 1; /* 10 The object is not subject to dictionary attack protections. */ unsigned int encryptedDuplication : 1; /* 11 */ unsigned int Reserved4 : 4; /* 15:12 shall be zero */ unsigned int restricted : 1; /* 16 Key usage is restricted to manipulate structures of known format */ unsigned int decrypt : 1; /* 17 The private portion of the key may be used to decrypt. */ unsigned int sign : 1; /* 18 For a symmetric cipher object, the private portion of the key may be used to encrypt. For other objects, the private portion of the key may be used to sign. */ unsigned int Reserved5 : 13; /* 31:19 shall be zero */ }; UINT32 val; } TPMA_OBJECT; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int Reserved5 : 13; /* 31:19 shall be zero */ unsigned int sign : 1; /* 18 For a symmetric cipher object, the private portion of the key may be used to encrypt. For other objects, the private portion of the key may be used to sign. */ unsigned int decrypt : 1; /* 17 The private portion of the key may be used to decrypt. */ unsigned int restricted : 1; /* 16 Key usage is restricted to manipulate structures of known format */ unsigned int Reserved4 : 4; /* 15:12 shall be zero */ unsigned int encryptedDuplication : 1; /* 11 */ unsigned int noDA : 1; /* 10 The object is not subject to dictionary attack protections. */ unsigned int Reserved3 : 2; /* 9:8 shall be zero */ unsigned int adminWithPolicy : 1; /* 7 policy session. */ unsigned int userWithAuth : 1; /* 6 HMAC session or with a password */ unsigned int sensitiveDataOrigin : 1; /* 5 the TPM generated all of the sensitive data other than the authValue. */ unsigned int fixedParent : 1; /* 4 The parent of the object may not change. */ unsigned int Reserved2 : 1; /* 3 shall be zero */ unsigned int stClear : 1; /* 2 Previously saved contexts of this object may not be loaded after Startup(CLEAR). */ unsigned int fixedTPM : 1; /* 1 The hierarchy of the object, as indicated by its Qualified Name, may not change. */ unsigned int Reserved1 : 1; /* 0 shall be zero */ }; UINT32 val; } TPMA_OBJECT; #else typedef struct { UINT32 val; } TPMA_OBJECT; #endif #define TPMA_OBJECT_RESERVED1 0x00000001 #define TPMA_OBJECT_FIXEDTPM 0x00000002 #define TPMA_OBJECT_STCLEAR 0x00000004 #define TPMA_OBJECT_RESERVED2 0x00000008 #define TPMA_OBJECT_FIXEDPARENT 0x00000010 #define TPMA_OBJECT_SENSITIVEDATAORIGIN 0x00000020 #define TPMA_OBJECT_USERWITHAUTH 0x00000040 #define TPMA_OBJECT_ADMINWITHPOLICY 0x00000080 #define TPMA_OBJECT_RESERVED3 0x00000300 #define TPMA_OBJECT_NODA 0x00000400 #define TPMA_OBJECT_ENCRYPTEDDUPLICATION 0x00000800 #define TPMA_OBJECT_RESERVED4 0x0000f000 #define TPMA_OBJECT_RESTRICTED 0x00010000 #define TPMA_OBJECT_DECRYPT 0x00020000 #define TPMA_OBJECT_SIGN 0x00040000 #define TPMA_OBJECT_RESERVED5 0xfff80000 #define TPMA_OBJECT_RESERVED ( \ TPMA_OBJECT_RESERVED1 | \ TPMA_OBJECT_RESERVED2 | \ TPMA_OBJECT_RESERVED3 | \ TPMA_OBJECT_RESERVED4 | \ TPMA_OBJECT_RESERVED5 ) /* Table 32 - Definition of (UINT8) TPMA_SESSION Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int continueSession : 1; /* 0 the session is to remain active after successful completion of the command */ unsigned int auditExclusive : 1; /* 1 executed if the session is exclusive at the start of the command */ unsigned int auditReset : 1; /* 2 audit digest of the session should be initialized */ unsigned int Reserved : 2; /* 4:3 shall be CLEAR */ unsigned int decrypt : 1; /* 5 first parameter in the command is symmetrically encrypted */ unsigned int encrypt : 1; /* 6 TPM should use this session to encrypt the first parameter in the response */ unsigned int audit : 1; /* 7 session is for audit */ }; UINT8 val; } TPMA_SESSION; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int audit : 1; /* 7 session is for audit */ unsigned int encrypt : 1; /* 6 TPM should use this session to encrypt the first parameter in the response */ unsigned int decrypt : 1; /* 5 first parameter in the command is symmetrically encrypted */ unsigned int Reserved : 2; /* 4:3 shall be CLEAR */ unsigned int auditReset : 1; /* 2 audit digest of the session should be initialized */ unsigned int auditExclusive : 1; /* 1 executed if the session is exclusive at the start of the command */ unsigned int continueSession : 1; /* 0 the session is to remain active after successful completion of the command */ }; UINT8 val; } TPMA_SESSION; #else typedef struct { UINT8 val; } TPMA_SESSION; #endif #define TPMA_SESSION_CONTINUESESSION 0x01 #define TPMA_SESSION_AUDITEXCLUSIVE 0x02 #define TPMA_SESSION_AUDITRESET 0x04 #define TPMA_SESSION_DECRYPT 0x20 #define TPMA_SESSION_ENCRYPT 0x40 #define TPMA_SESSION_AUDIT 0x80 #define TPMA_SESSION_RESERVED 0x18 /* Table 33 - Definition of (UINT8) TPMA_LOCALITY Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int TPM_LOC_ZERO : 1; /* 0 */ unsigned int TPM_LOC_ONE : 1; /* 1 */ unsigned int TPM_LOC_TWO : 1; /* 2 */ unsigned int TPM_LOC_THREE : 1; /* 3 */ unsigned int TPM_LOC_FOUR : 1; /* 4 */ unsigned int Extended : 3; /* 7:5 */ }; UINT8 val; } TPMA_LOCALITY; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int Extended : 3; /* 7:5 */ unsigned int TPM_LOC_FOUR : 1; /* 4 */ unsigned int TPM_LOC_THREE : 1; /* 3 */ unsigned int TPM_LOC_TWO : 1; /* 2 */ unsigned int TPM_LOC_ONE : 1; /* 1 */ unsigned int TPM_LOC_ZERO : 1; /* 0 */ }; UINT8 val; } TPMA_LOCALITY; #else typedef struct { UINT8 val; } TPMA_LOCALITY; #endif #define TPMA_LOCALITY_ZERO 0x01 #define TPMA_LOCALITY_ONE 0x02 #define TPMA_LOCALITY_TWO 0x04 #define TPMA_LOCALITY_THREE 0x08 #define TPMA_LOCALITY_FOUR 0x10 #define TPMA_LOCALITY_EXTENDED 0xe0 /* Table 34 - Definition of (UINT32) TPMA_PERMANENT Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int ownerAuthSet : 1; /* 0 TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */ unsigned int endorsementAuthSet : 1; /* 1 TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */ unsigned int lockoutAuthSet : 1; /* 2 TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */ unsigned int Reserved1 : 5; /* 7:3 */ unsigned int disableClear : 1; /* 8 TPM2_Clear() is disabled. */ unsigned int inLockout : 1; /* 9 The TPM is in lockout and commands that require authorization with other than Platform Authorization or Lockout Authorization will not succeed. */ unsigned int tpmGeneratedEPS : 1; /* 10 The EPS was created by the TPM. */ unsigned int Reserved2 : 21; /* 31:11 */ }; UINT32 val; } TPMA_PERMANENT; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int Reserved2 : 21; /* 31:11 */ unsigned int tpmGeneratedEPS : 1; /* 10 The EPS was created by the TPM. */ unsigned int inLockout : 1; /* 9 The TPM is in lockout and commands that require authorization with other than Platform Authorization will not succeed. */ unsigned int disableClear : 1; /* 8 TPM2_Clear() is disabled. */ unsigned int Reserved1 : 5; /* 7:3 */ unsigned int lockoutAuthSet : 1; /* 2 TPM2_HierarchyChangeAuth() with lockoutAuth has been executed since the last TPM2_Clear(). */ unsigned int endorsementAuthSet : 1; /* 1 TPM2_HierarchyChangeAuth() with endorsementAuth has been executed since the last TPM2_Clear(). */ unsigned int ownerAuthSet : 1; /* 0 TPM2_HierarchyChangeAuth() with ownerAuth has been executed since the last TPM2_Clear(). */ }; UINT32 val; } TPMA_PERMANENT; #else typedef struct { UINT32 val; } TPMA_PERMANENT; #endif #define TPMA_PERMANENT_OWNERAUTHSET 0x00000001 #define TPMA_PERMANENT_ENDORSEMENTAUTHSET 0x00000002 #define TPMA_PERMANENT_LOCKOUTAUTHSET 0x00000004 #define TPMA_PERMANENT_RESERVED1 0x000000f8 #define TPMA_PERMANENT_DISABLECLEAR 0x00000100 #define TPMA_PERMANENT_INLOCKOUT 0x00000200 #define TPMA_PERMANENT_TPMGENERATEDEPS 0x00000400 #define TPMA_PERMANENT_RESERVED2 0xfffff800 /* Table 35 - Definition of (UINT32) TPMA_STARTUP_CLEAR Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int phEnable : 1; /* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */ unsigned int shEnable : 1; /* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */ unsigned int ehEnable : 1; /* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */ unsigned int phEnableNV : 1; /* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written. */ unsigned int Reserved : 27; /* 30:4 shall be zero */ unsigned int orderly : 1; /* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */ }; UINT32 val; } TPMA_STARTUP_CLEAR; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int orderly : 1; /* 31 The TPM received a TPM2_Shutdown() and a matching TPM2_Startup(). */ unsigned int Reserved : 27; /* 30:4 shall be zero */ unsigned int phEnableNV : 1; /* 3 NV indices that have TPMA_PLATFORM_CREATE SET may be read or written. */ unsigned int ehEnable : 1; /* 2 The EPS hierarchy is enabled and endorsementAuth may be used to authorize commands. */ unsigned int shEnable : 1; /* 1 The Storage hierarchy is enabled and ownerAuth or ownerPolicy may be used for authorization. */ unsigned int phEnable : 1; /* 0 The platform hierarchy is enabled and platformAuth or platformPolicy may be used for authorization. */ }; UINT32 val; } TPMA_STARTUP_CLEAR; #else typedef struct { UINT32 val; } TPMA_STARTUP_CLEAR; #endif #define TPMA_STARTUP_CLEAR_PHENABLE 0x00000001 #define TPMA_STARTUP_CLEAR_SHENABLE 0x00000002 #define TPMA_STARTUP_CLEAR_EHENABLE 0x00000004 #define TPMA_STARTUP_CLEAR_PHENABLENV 0x00000008 #define TPMA_STARTUP_CLEAR_RESERVED 0x7ffffff0 #define TPMA_STARTUP_CLEAR_ORDERLY 0x80000000 /* Table 36 - Definition of (UINT32) TPMA_MEMORY Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int sharedRAM : 1; /* 0 RAM memory used for authorization session contexts is shared with the memory used for transient objects */ unsigned int sharedNV : 1; /* 1 indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */ unsigned int objectCopiedToRam : 1; /* 2 indicates that the TPM copies persistent objects to a transient-object slot in RAM */ unsigned int Reserved : 29; /* 31:3 shall be zero */ }; UINT32 val; } TPMA_MEMORY; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int Reserved : 29; /* 31:3 shall be zero */ unsigned int objectCopiedToRam : 1; /* 2 indicates that the TPM copies persistent objects to a transient-object slot in RAM */ unsigned int sharedNV : 1; /* 1 indicates that the NV memory used for persistent objects is shared with the NV memory used for NV Index values */ unsigned int sharedRAM : 1; /* 0 RAM memory used for authorization session contexts is shared with the memory used for transient objects */ }; UINT32 val; } TPMA_MEMORY; #else typedef struct { UINT32 val; } TPMA_MEMORY; #endif #define TPMA_MEMORY_SHAREDRAM 0x00000001 #define TPMA_MEMORY_SHAREDNV 0x00000002 #define TPMA_MEMORY_OBJECTCOPIEDTORAM 0x00000004 #define TPMA_MEMORY_RESERVED 0xfffffff8 /* Table 37 - Definition of (TPM_CC) TPMA_CC Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int commandIndex : 16; /* 15:0 indicates the command being selected */ unsigned int Reserved : 6; /* 21:16 shall be zero */ unsigned int nv : 1; /* 22 indicates that the command may write to NV */ unsigned int extensive : 1; /* 23 This command could flush any number of loaded contexts. */ unsigned int flushed : 1; /* 24 The context associated with any transient handle in the command will be flushed when this command completes. */ unsigned int cHandles : 3; /* 27:25 indicates the number of the handles in the handle area for this command */ unsigned int rHandle : 1; /* 28 indicates the presence of the handle area in the input */ unsigned int V : 1; /* 29 indicates that the command is vendor-specific */ unsigned int Res : 2; /* 31:30 allocated for software; shall be zero */ }; UINT32 val; } TPMA_CC; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int Res : 2; /* 31:30 allocated for software; shall be zero */ unsigned int V : 1; /* 29 indicates that the command is vendor-specific */ unsigned int rHandle : 1; /* 28 indicates the presence of the handle area in the input */ unsigned int cHandles : 3; /* 27:25 indicates the number of the handles in the handle area for this command */ unsigned int flushed : 1; /* 24 The context associated with any transient handle in the command will be flushed when this command completes. */ unsigned int extensive : 1; /* 23 This command could flush any number of loaded contexts. */ unsigned int nv : 1; /* 22 indicates that the command may write to NV */ unsigned int Reserved : 6; /* 21:16 shall be zero */ unsigned int commandIndex : 16; /* 15:0 indicates the command being selected */ }; UINT32 val; } TPMA_CC; #else typedef union { struct { UINT32 val; }; } TPMA_CC; #endif #define TPMA_CC_COMMANDINDEX 0x0000ffff #define TPMA_CC_RESERVED1 0x003f0000 #define TPMA_CC_NV 0x00400000 #define TPMA_CC_EXTENSIVE 0x00800000 #define TPMA_CC_FLUSHED 0x01000000 #define TPMA_CC_CHANDLES 0x0e000000 #define TPMA_CC_RHANDLE 0x10000000 #define TPMA_CC_V 0x20000000 #define TPMA_CC_RES 0xc0000000 #define TPMA_CC_RESERVED (0x003f0000 | 0xc0000000) /* Table 38 - Definition of (BYTE) TPMI_YES_NO Type */ typedef BYTE TPMI_YES_NO; #define NO 0 #define YES 1 /* Table 39 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */ typedef TPM_HANDLE TPMI_DH_OBJECT; /* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PARENT Type */ typedef TPM_HANDLE TPMI_DH_PARENT; /* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */ typedef TPM_HANDLE TPMI_DH_PERSISTENT; /* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type */ typedef TPM_HANDLE TPMI_DH_ENTITY; /* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type */ typedef TPM_HANDLE TPMI_DH_PCR; /* Table 43 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type */ typedef TPM_HANDLE TPMI_SH_AUTH_SESSION; /* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type */ typedef TPM_HANDLE TPMI_SH_HMAC; /* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type */ typedef TPM_HANDLE TPMI_SH_POLICY; /* Table 46 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type */ typedef TPM_HANDLE TPMI_DH_CONTEXT; /* Table 47 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type */ typedef TPM_HANDLE TPMI_RH_HIERARCHY; /* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */ typedef TPM_HANDLE TPMI_RH_ENABLES; /* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type */ typedef TPM_HANDLE TPMI_RH_HIERARCHY_AUTH; /* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type */ typedef TPM_HANDLE TPMI_RH_PLATFORM; /* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_OWNER Type */ typedef TPM_HANDLE TPMI_RH_OWNER; /* Table 52 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type */ typedef TPM_HANDLE TPMI_RH_ENDORSEMENT; /* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type */ typedef TPM_HANDLE TPMI_RH_PROVISION; /* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type */ typedef TPM_HANDLE TPMI_RH_CLEAR; /* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type */ typedef TPM_HANDLE TPMI_RH_NV_AUTH; /* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type */ typedef TPM_HANDLE TPMI_RH_LOCKOUT; /* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type */ typedef TPM_HANDLE TPMI_RH_NV_INDEX; /* Table 58 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ typedef TPM_ALG_ID TPMI_ALG_HASH; /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM Type */ typedef TPM_ALG_ID TPMI_ALG_ASYM; /* Table 60 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */ typedef TPM_ALG_ID TPMI_ALG_SYM; /* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ typedef TPM_ALG_ID TPMI_ALG_SYM_OBJECT; /* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */ typedef TPM_ALG_ID TPMI_ALG_SYM_MODE; /* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ typedef TPM_ALG_ID TPMI_ALG_KDF; /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */ typedef TPM_ALG_ID TPMI_ALG_SIG_SCHEME; /* Table 65 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */ typedef TPM_ALG_ID TPMI_ECC_KEY_EXCHANGE; /* Table 66 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */ typedef TPM_ST TPMI_ST_COMMAND_TAG; /* Table 67 - Definition of TPMS_EMPTY Structure */ typedef struct { /* a structure with no member */ BYTE empty[0]; } TPMS_EMPTY; /* Table 68 - Definition of TPMS_ALGORITHM_DESCRIPTION Structure */ typedef struct { TPM_ALG_ID alg; /* an algorithm */ TPMA_ALGORITHM attributes; /* the attributes of the algorithm */ } TPMS_ALGORITHM_DESCRIPTION; /* Table 69 - Definition of TPMU_HA Union */ typedef union { #ifdef TPM_ALG_SHA1 BYTE sha1 [SHA1_DIGEST_SIZE]; /* TPM_ALG_SHA1 */ #endif #ifdef TPM_ALG_SHA256 BYTE sha256 [SHA256_DIGEST_SIZE]; /* TPM_ALG_SHA256 */ #endif #ifdef TPM_ALG_SHA384 BYTE sha384 [SHA384_DIGEST_SIZE]; /* TPM_ALG_SHA384 */ #endif #ifdef TPM_ALG_SHA512 BYTE sha512 [SHA512_DIGEST_SIZE]; /* TPM_ALG_SHA512 */ #endif #ifdef TPM_ALG_SM3_256 BYTE sm3_256 [SM3_256_DIGEST_SIZE]; /* TPM_ALG_SM3_256 */ #endif #ifdef TPM_TSS BYTE tssmax [128]; /* to make union size larger */ #endif } TPMU_HA; /* Table 70 - Definition of TPMT_HA Structure */ typedef struct { TPMI_ALG_HASH hashAlg; /* selector of the hash contained in the digest that implies the size of the digest */ TPMU_HA digest; /* the digest data */ } TPMT_HA; /* Table 71 - Definition of TPM2B_DIGEST Structure */ typedef struct { UINT16 size; BYTE buffer[sizeof(TPMU_HA)]; } DIGEST_2B; typedef union { DIGEST_2B t; TPM2B b; } TPM2B_DIGEST; /* Table 72 - Definition of TPM2B_DATA Structure */ typedef struct { UINT16 size; /* size in octets of the buffer field; may be 0 */ BYTE buffer[sizeof(TPMT_HA)]; } DATA_2B; typedef union { DATA_2B t; TPM2B b; } TPM2B_DATA; /* Table 73 - Definition of Types for TPM2B_NONCE */ typedef TPM2B_DIGEST TPM2B_NONCE; /* size limited to the same as the digest structure */ /* Table 74 - Definition of Types for TPM2B_AUTH */ typedef TPM2B_DIGEST TPM2B_AUTH; /* size limited to the same as the digest structure */ /* This is not in Part 2, but the concatenation of two digests to create an HMAC key is used often enough that it's worth putting in a central location. In Part 1 19.6.8 sessionKey Creation - authValue || salt. In Part 1 19.6.5 HMAC Computation - sessionKey || authValue I think both could be TPMU_HA, but the TPM reference code seems to use TPMT_HA. */ typedef struct { UINT16 size; BYTE buffer[sizeof(TPMU_HA) + /* TPM2B_AUTH authValue */ sizeof(TPMT_HA)]; /* salt */ } KEY_2B; typedef union { KEY_2B t; TPM2B b; } TPM2B_KEY; /* Table 75 - Definition of Types for TPM2B_OPERAND */ typedef TPM2B_DIGEST TPM2B_OPERAND; /* size limited to the same as the digest structure */ /* Table 76 - Definition of TPM2B_EVENT Structure */ typedef struct { UINT16 size; /* size of the operand */ BYTE buffer [1024]; /* the operand */ } EVENT_2B; typedef union { EVENT_2B t; TPM2B b; } TPM2B_EVENT; /* Table 77 - Definition of TPM2B_MAX_BUFFER Structure */ /* MAX_DIGEST_BUFFER is TPM-dependent but is required to be at least 1,024. */ /* #define MAX_DIGEST_BUFFER 1024 in Implementation.h */ typedef struct { UINT16 size; /* size of the buffer */ BYTE buffer [MAX_DIGEST_BUFFER]; /* the operand */ } MAX_BUFFER_2B; typedef union { MAX_BUFFER_2B t; TPM2B b; } TPM2B_MAX_BUFFER; /* Table 78 - Definition of TPM2B_MAX_NV_BUFFER Structure */ typedef struct { UINT16 size; /* size of the buffer */ BYTE buffer [MAX_NV_BUFFER_SIZE]; /* the operand */ } MAX_NV_BUFFER_2B; typedef union { MAX_NV_BUFFER_2B t; TPM2B b; } TPM2B_MAX_NV_BUFFER; /* Table 79 - Definition of TPM2B_TIMEOUT Structure */ typedef TPM2B_DIGEST TPM2B_TIMEOUT; /* size limited to the same as the digest structure */ /* Table 80 - Definition of TPM2B_IV Structure */ typedef struct { UINT16 size; /* size of the IV value */ BYTE buffer [MAX_SYM_BLOCK_SIZE]; /* the IV value */ } IV_2B; typedef union { IV_2B t; TPM2B b; } TPM2B_IV; /* Table 81 - Definition of TPMU_NAME Union <> */ typedef union { TPMT_HA digest; /* when the Name is a digest */ TPM_HANDLE handle; /* when the Name is a handle */ } TPMU_NAME; /* Table 82 - Definition of TPM2B_NAME Structure */ typedef struct { UINT16 size; /* size of the Name structure */ BYTE name[sizeof(TPMU_NAME)]; /* the Name structure */ } NAME_2B; typedef union { NAME_2B t; TPM2B b; } TPM2B_NAME; /* Table 83 - Definition of TPMS_PCR_SELECT Structure */ typedef struct { UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of selected PCR */ } TPMS_PCR_SELECT; /* Table 84 - Definition of TPMS_PCR_SELECTION Structure */ typedef struct { TPMI_ALG_HASH hash; /* the hash algorithm associated with the selection */ UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of selected PCR */ } TPMS_PCR_SELECTION; /* Table 87 - Definition of TPMT_TK_CREATION Structure */ typedef struct { TPM_ST tag; /* ticket structure tag TPM_ST_CREATION */ TPMI_RH_HIERARCHY hierarchy; /* the hierarchy containing name */ TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ } TPMT_TK_CREATION; /* Table 88 - Definition of TPMT_TK_VERIFIED Structure */ typedef struct { TPM_ST tag; /* ticket structure tag TPM_ST_VERIFIED */ TPMI_RH_HIERARCHY hierarchy; /* the hierarchy containing keyName */ TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ } TPMT_TK_VERIFIED; /* Table 89 - Definition of TPMT_TK_AUTH Structure */ typedef struct { TPM_ST tag; /* ticket structure tag TPM_ST_AUTH_SIGNED, TPM_ST_AUTH_SECRET */ TPMI_RH_HIERARCHY hierarchy; /* the hierarchy of the object used to produce the ticket */ TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ } TPMT_TK_AUTH; /* Table 90 - Definition of TPMT_TK_HASHCHECK Structure */ typedef struct { TPM_ST tag; /* ticket structure tag TPM_ST_HASHCHECK */ TPMI_RH_HIERARCHY hierarchy; /* the hierarchy */ TPM2B_DIGEST digest; /* This shall be the HMAC produced using a proof value of hierarchy. */ } TPMT_TK_HASHCHECK; /* Table 91 - Definition of TPMS_ALG_PROPERTY Structure */ typedef struct { TPM_ALG_ID alg; /* an algorithm identifier */ TPMA_ALGORITHM algProperties; /* the attributes of the algorithm */ } TPMS_ALG_PROPERTY; /* Table 92 - Definition of TPMS_TAGGED_PROPERTY Structure */ typedef struct { TPM_PT property; /* a property identifier */ UINT32 value; /* the value of the property */ } TPMS_TAGGED_PROPERTY; /* Table 93 - Definition of TPMS_TAGGED_PCR_SELECT Structure */ typedef struct { TPM_PT_PCR tag; /* the property identifier */ UINT8 sizeofSelect; /* the size in octets of the pcrSelect array */ BYTE pcrSelect [PCR_SELECT_MAX]; /* the bit map of PCR with the identified property */ } TPMS_TAGGED_PCR_SELECT; /* Table 96 - Definition of TPMS_TAGGED_POLICY Structure */ typedef struct { TPM_HANDLE handle; TPMT_HA policyHash; } TPMS_TAGGED_POLICY; /* Table 94 - Definition of TPML_CC Structure */ typedef struct { UINT32 count; /* number of commands in the commandCode list; may be 0 */ TPM_CC commandCodes[MAX_CAP_CC]; /* a list of command codes */ } TPML_CC; /* Table 95 - Definition of TPML_CCA Structure */ typedef struct { UINT32 count; /* number of values in the commandAttributes list; may be 0 */ TPMA_CC commandAttributes[MAX_CAP_CC]; /* a list of command codes attributes */ } TPML_CCA; /* Table 96 - Definition of TPML_ALG Structure */ typedef struct { UINT32 count; /* number of algorithms in the algorithms list; may be 0 */ TPM_ALG_ID algorithms[MAX_ALG_LIST_SIZE]; /* a list of algorithm IDs */ } TPML_ALG; /* Table 97 - Definition of TPML_HANDLE Structure */ typedef struct { UINT32 count; /* the number of handles in the list may have a value of 0 */ TPM_HANDLE handle[MAX_CAP_HANDLES]; /* an array of handles */ } TPML_HANDLE; /* Table 98 - Definition of TPML_DIGEST Structure */ typedef struct { UINT32 count; /* number of digests in the list, minimum is two for TPM2_PolicyOR(). */ TPM2B_DIGEST digests[8]; /* a list of digests */ } TPML_DIGEST; /* Table 99 - Definition of TPML_DIGEST_VALUES Structure */ typedef struct { UINT32 count; /* number of digests in the list */ TPMT_HA digests[HASH_COUNT]; /* a list of tagged digests */ } TPML_DIGEST_VALUES; /* Table 100 - Definition of TPM2B_DIGEST_VALUES Structure */ typedef struct { UINT16 size; /* size of the operand buffer */ BYTE buffer [sizeof(TPML_DIGEST_VALUES)]; /* the operand */ } TPM2B_DIGEST_VALUES; /* Table 101 - Definition of TPML_PCR_SELECTION Structure */ typedef struct { UINT32 count; /* number of selection structures A value of zero is allowed. */ TPMS_PCR_SELECTION pcrSelections[HASH_COUNT]; /* list of selections */ } TPML_PCR_SELECTION; /* Table 102 - Definition of TPML_ALG_PROPERTY Structure */ typedef struct { UINT32 count; /* number of algorithm properties structures A value of zero is allowed. */ TPMS_ALG_PROPERTY algProperties[MAX_CAP_ALGS]; /* list of properties */ } TPML_ALG_PROPERTY; /* Table 103 - Definition of TPML_TAGGED_TPM_PROPERTY Structure */ typedef struct { UINT32 count; /* number of properties A value of zero is allowed. */ TPMS_TAGGED_PROPERTY tpmProperty[MAX_TPM_PROPERTIES]; /* an array of tagged properties */ } TPML_TAGGED_TPM_PROPERTY; /* Table 104 - Definition of TPML_TAGGED_PCR_PROPERTY Structure */ typedef struct { UINT32 count; /* number of properties A value of zero is allowed. */ TPMS_TAGGED_PCR_SELECT pcrProperty[MAX_PCR_PROPERTIES]; /* a tagged PCR selection */ } TPML_TAGGED_PCR_PROPERTY; /* Table 105 - Definition of {ECC} TPML_ECC_CURVE Structure */ typedef struct { UINT32 count; /* number of curves A value of zero is allowed. */ TPM_ECC_CURVE eccCurves[MAX_ECC_CURVES]; /* array of ECC curve identifiers */ } TPML_ECC_CURVE ; /* Table 109 - Definition of TPML_TAGGED_POLICY Structure */ typedef struct { UINT32 count; TPMS_TAGGED_POLICY policies[MAX_TAGGED_POLICIES]; } TPML_TAGGED_POLICY; /* Table 106 - Definition of TPMU_CAPABILITIES Union */ typedef union { TPML_ALG_PROPERTY algorithms; /* TPM_CAP_ALGS */ TPML_HANDLE handles; /* TPM_CAP_HANDLES */ TPML_CCA command; /* TPM_CAP_COMMANDS */ TPML_CC ppCommands; /* TPM_CAP_PP_COMMANDS */ TPML_CC auditCommands; /* TPM_CAP_AUDIT_COMMANDS */ TPML_PCR_SELECTION assignedPCR; /* TPM_CAP_PCRS */ TPML_TAGGED_TPM_PROPERTY tpmProperties; /* TPM_CAP_TPM_PROPERTIES */ TPML_TAGGED_PCR_PROPERTY pcrProperties; /* TPM_CAP_PCR_PROPERTIES */ TPML_ECC_CURVE eccCurves; /* TPM_CAP_ECC_CURVES */ } TPMU_CAPABILITIES; /* Table 107 - Definition of TPMS_CAPABILITY_DATA Structure */ typedef struct { TPM_CAP capability; /* the capability */ TPMU_CAPABILITIES data; /* the capability data */ } TPMS_CAPABILITY_DATA; /* Table 108 - Definition of TPMS_CLOCK_INFO Structure */ typedef struct { UINT64 clock; /* time in milliseconds during which the TPM has been powered */ UINT32 resetCount; /* number of occurrences of TPM Reset since the last TPM2_Clear() */ UINT32 restartCount; /* number of times that TPM2_Shutdown() or _TPM_Hash_Start have occurred since the last TPM Reset or TPM2_Clear(). */ TPMI_YES_NO safe; /* no value of Clock greater than the current value of Clock has been previously reported by the TPM */ } TPMS_CLOCK_INFO; /* Table 109 - Definition of TPMS_TIME_INFO Structure */ typedef struct { UINT64 time; /* time in milliseconds since the last _TPM_Init() or TPM2_Startup() */ TPMS_CLOCK_INFO clockInfo; /* a structure containing the clock information */ } TPMS_TIME_INFO; /* Table 110 - Definition of TPMS_TIME_ATTEST_INFO Structure */ typedef struct { TPMS_TIME_INFO time; /* the Time, clock, resetCount, restartCount, and Safe indicator */ UINT64 firmwareVersion; /* a TPM vendor-specific value indicating the version number of the firmware */ } TPMS_TIME_ATTEST_INFO; /* Table 111 - Definition of TPMS_CERTIFY_INFO Structure */ typedef struct { TPM2B_NAME name; /* Name of the certified object */ TPM2B_NAME qualifiedName; /* Qualified Name of the certified object */ } TPMS_CERTIFY_INFO; /* Table 112 - Definition of TPMS_QUOTE_INFO Structure */ typedef struct { TPML_PCR_SELECTION pcrSelect; /* information on algID, PCR selected and digest */ TPM2B_DIGEST pcrDigest; /* digest of the selected PCR using the hash of the signing key */ } TPMS_QUOTE_INFO; /* Table 113 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ typedef struct { UINT64 auditCounter; /* the monotonic audit counter */ TPM_ALG_ID digestAlg; /* hash algorithm used for the command audit */ TPM2B_DIGEST auditDigest; /* the current value of the audit digest */ TPM2B_DIGEST commandDigest; /* digest of the command codes being audited using digestAlg */ } TPMS_COMMAND_AUDIT_INFO; /* Table 114 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ typedef struct { TPMI_YES_NO exclusiveSession; /* current exclusive status of the session */ TPM2B_DIGEST sessionDigest; /* the current value of the session audit digest */ } TPMS_SESSION_AUDIT_INFO; /* Table 115 - Definition of TPMS_CREATION_INFO Structure */ typedef struct { TPM2B_NAME objectName; /* Name of the object */ TPM2B_DIGEST creationHash; /* creationHash */ } TPMS_CREATION_INFO; /* Table 116 - Definition of TPMS_NV_CERTIFY_INFO Structure */ typedef struct { TPM2B_NAME indexName; /* Name of the NV Index */ UINT16 offset; /* the offset parameter of TPM2_NV_Certify() */ TPM2B_MAX_NV_BUFFER nvContents; /* contents of the NV Index */ } TPMS_NV_CERTIFY_INFO; /* Table 117 - Definition of (TPM_ST) TPMI_ST_ATTEST Type */ typedef TPM_ST TPMI_ST_ATTEST; /* Table 118 - Definition of TPMU_ATTEST Union */ typedef union { TPMS_CERTIFY_INFO certify; /* TPM_ST_ATTEST_CERTIFY */ TPMS_CREATION_INFO creation; /* TPM_ST_ATTEST_CREATION */ TPMS_QUOTE_INFO quote; /* TPM_ST_ATTEST_QUOTE */ TPMS_COMMAND_AUDIT_INFO commandAudit; /* TPM_ST_ATTEST_COMMAND_AUDIT */ TPMS_SESSION_AUDIT_INFO sessionAudit; /* TPM_ST_ATTEST_SESSION_AUDIT */ TPMS_TIME_ATTEST_INFO time; /* TPM_ST_ATTEST_TIME */ TPMS_NV_CERTIFY_INFO nv; /* TPM_ST_ATTEST_NV */ } TPMU_ATTEST; /* Table 119 - Definition of TPMS_ATTEST Structure */ typedef struct { TPM_GENERATED magic; /* the indication that this structure was created by a TPM (always TPM_GENERATED_VALUE) */ TPMI_ST_ATTEST type; /* type of the attestation structure */ TPM2B_NAME qualifiedSigner; /* Qualified Name of the signing key */ TPM2B_DATA extraData; /* external information supplied by caller */ TPMS_CLOCK_INFO clockInfo; /* Clock, resetCount, restartCount, and Safe */ UINT64 firmwareVersion; /* TPM-vendor-specific value identifying the version number of the firmware */ TPMU_ATTEST attested; /* the type-specific attestation information */ } TPMS_ATTEST; /* Table 120 - Definition of TPM2B_ATTEST Structure */ typedef struct { UINT16 size; /* size of the attestationData structure */ BYTE attestationData[sizeof(TPMS_ATTEST)]; /* the signed structure */ } ATTEST_2B; typedef union { ATTEST_2B t; TPM2B b; } TPM2B_ATTEST; /* Table 121 - Definition of TPMS_AUTH_COMMAND Structure */ typedef struct { TPMI_SH_AUTH_SESSION sessionHandle; /* the session handle */ TPM2B_NONCE nonce; /* the session nonce, may be the Empty Buffer */ TPMA_SESSION sessionAttributes; /* the session attributes */ TPM2B_AUTH hmac; /* either an HMAC, a password, or an EmptyAuth */ } TPMS_AUTH_COMMAND; /* Table 126 - Definition of TPMS_AUTH_RESPONSE Structure */ typedef struct { TPM2B_NONCE nonce; /* the session nonce, may be the Empty Buffer */ TPMA_SESSION sessionAttributes; /* the session attributes */ TPM2B_AUTH hmac; /* either an HMAC or an EmptyAuth */ } TPMS_AUTH_RESPONSE; /* Table 127 - Definition of {AES} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ typedef TPM_KEY_BITS TPMI_TDES_KEY_BITS; typedef TPM_KEY_BITS TPMI_AES_KEY_BITS; typedef TPM_KEY_BITS TPMI_SM4_KEY_BITS; typedef TPM_KEY_BITS TPMI_CAMELLIA_KEY_BITS; /* Table 128 - Definition of TPMU_SYM_KEY_BITS Union */ typedef union { #ifdef TPM_ALG_TDES TPMI_TDES_KEY_BITS tdes; /* TPM_ALG_TDES */ #endif #ifdef TPM_ALG_AES TPMI_AES_KEY_BITS aes; /* TPM_ALG_AES */ #endif #ifdef TPM_ALG_SM4 TPMI_SM4_KEY_BITS sm4; /* TPM_ALG_SM4 */ #endif #ifdef TPM_ALG_CAMELLIA TPMI_CAMELLIA_KEY_BITS camellia; /* TPM_ALG_CAMELLIA */ #endif #ifdef TPM_ALG_XOR TPMI_ALG_HASH xorr; /* TPM_ALG_XOR overload for using xor */ #endif TPM_KEY_BITS sym; /* when selector may be any of the symmetric block ciphers */ } TPMU_SYM_KEY_BITS; /* Table 129 - Definition of TPMU_SYM_MODE Union */ typedef union { #ifdef TPM_ALG_TDES TPMI_ALG_SYM_MODE tdes; /* TPM_ALG_TDES */ #endif #ifdef TPM_ALG_AES TPMI_ALG_SYM_MODE aes; /* TPM_ALG_AES */ #endif #ifdef TPM_ALG_SM4 TPMI_ALG_SYM_MODE sm4; /* TPM_ALG_SM4 */ #endif #ifdef TPM_ALG_CAMELLIA TPMI_ALG_SYM_MODE camellia; /* TPM_ALG_CAMELLIA */ #endif TPMI_ALG_SYM_MODE sym; /* when selector may be any of the symmetric block ciphers */ } TPMU_SYM_MODE; /* Table 126 - xDefinition of TPMU_SYM_DETAILS Union */ /* Table 127 - Definition of TPMT_SYM_DEF Structure */ typedef struct { TPMI_ALG_SYM algorithm; /* indicates a symmetric algorithm */ TPMU_SYM_KEY_BITS keyBits; /* a supported key size */ TPMU_SYM_MODE mode; /* the mode for the key */ } TPMT_SYM_DEF; /* Table 128 - Definition of TPMT_SYM_DEF_OBJECT Structure */ typedef struct { TPMI_ALG_SYM_OBJECT algorithm; /* selects a symmetric block cipher */ TPMU_SYM_KEY_BITS keyBits; /* the key size */ TPMU_SYM_MODE mode; /* default mode */ } TPMT_SYM_DEF_OBJECT; /* Table 129 - Definition of TPM2B_SYM_KEY Structure */ typedef struct { UINT16 size; /* size, in octets, of the buffer containing the key; may be zero */ BYTE buffer [MAX_SYM_KEY_BYTES]; /* the key */ } SYM_KEY_2B; typedef union { SYM_KEY_2B t; TPM2B b; } TPM2B_SYM_KEY; /* Table 130 - Definition of TPMS_SYMCIPHER_PARMS Structure */ typedef struct { TPMT_SYM_DEF_OBJECT sym; /* a symmetric block cipher */ } TPMS_SYMCIPHER_PARMS; /* Table 135 - Definition of TPM2B_LABEL Structure */ typedef union { struct { UINT16 size; BYTE buffer[LABEL_MAX_BUFFER]; } t; TPM2B b; } TPM2B_LABEL; /* Table 135 - Definition of TPMS_DERIVE Structure */ typedef struct { TPM2B_LABEL label; TPM2B_LABEL context; } TPMS_DERIVE; /* Table 131 - Definition of TPM2B_SENSITIVE_DATA Structure */ typedef struct { UINT16 size; BYTE buffer[MAX_SYM_DATA]; /* the keyed hash private data structure */ } SENSITIVE_DATA_2B; typedef union { SENSITIVE_DATA_2B t; TPM2B b; } TPM2B_SENSITIVE_DATA; /* Table 132 - Definition of TPMS_SENSITIVE_CREATE Structure */ typedef struct { TPM2B_AUTH userAuth; /* the USER auth secret value */ TPM2B_SENSITIVE_DATA data; /* data to be sealed */ } TPMS_SENSITIVE_CREATE; /* Table 133 - Definition of TPM2B_SENSITIVE_CREATE Structure */ typedef struct { UINT16 size; /* size of sensitive in octets (may not be zero) */ TPMS_SENSITIVE_CREATE sensitive; /* data to be sealed or a symmetric key value. */ } TPM2B_SENSITIVE_CREATE; /* Table 134 - Definition of TPMS_SCHEME_HASH Structure */ typedef struct { TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ } TPMS_SCHEME_HASH; /* Table 135 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ typedef struct { TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ UINT16 count; /* the counter value that is used between TPM2_Commit() and the sign operation */ } TPMS_SCHEME_ECDAA; /* Table 136 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ typedef TPM_ALG_ID TPMI_ALG_KEYEDHASH_SCHEME; /* Table 137 - Definition of Types for HMAC_SIG_SCHEME */ typedef TPMS_SCHEME_HASH TPMS_SCHEME_HMAC; /* Table 138 - Definition of TPMS_SCHEME_XOR Structure */ typedef struct { TPMI_ALG_HASH hashAlg; /* the hash algorithm used to digest the message */ TPMI_ALG_KDF kdf; /* the key derivation function */ } TPMS_SCHEME_XOR; /* Table 139 - Definition of TPMU_SCHEME_KEYEDHASH Union */ typedef union { #ifdef TPM_ALG_HMAC TPMS_SCHEME_HMAC hmac; /* TPM_ALG_HMAC the "signing" scheme */ #endif #ifdef TPM_ALG_XOR TPMS_SCHEME_XOR xorr; /* TPM_ALG_XOR the "obfuscation" scheme */ #endif } TPMU_SCHEME_KEYEDHASH; /* Table 140 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ typedef struct { TPMI_ALG_KEYEDHASH_SCHEME scheme; /* selects the scheme */ TPMU_SCHEME_KEYEDHASH details; /* the scheme parameters */ } TPMT_KEYEDHASH_SCHEME; /* Table 141 - Definition of {RSA} Types for RSA Signature Schemes */ typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSASSA; typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_RSAPSS; /* Table 142 - Definition of {ECC} Types for ECC Signature Schemes */ typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECDSA; typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_SM2; typedef TPMS_SCHEME_HASH TPMS_SIG_SCHEME_ECSCHNORR; typedef TPMS_SCHEME_ECDAA TPMS_SIG_SCHEME_ECDAA; /* Table 143 - Definition of TPMU_SIG_SCHEME Union */ typedef union { #ifdef TPM_ALG_RSASSA TPMS_SIG_SCHEME_RSASSA rsassa; /* TPM_ALG_RSASSA the RSASSA-PKCS1v1_5 scheme */ #endif #ifdef TPM_ALG_RSAPSS TPMS_SIG_SCHEME_RSAPSS rsapss; /* TPM_ALG_RSAPSS the RSASSA-PSS scheme */ #endif #ifdef TPM_ALG_ECDSA TPMS_SIG_SCHEME_ECDSA ecdsa; /* TPM_ALG_ECDSA the ECDSA scheme */ #endif #ifdef TPM_ALG_ECDAA TPMS_SIG_SCHEME_ECDAA ecdaa; /* TPM_ALG_ECDAA the ECDAA scheme */ #endif #ifdef TPM_ALG_SM2 TPMS_SIG_SCHEME_SM2 sm2; /* TPM_ALG_SM2 ECDSA from SM2 */ #endif #ifdef TPM_ALG_ECSCHNORR TPMS_SIG_SCHEME_ECSCHNORR ecSchnorr; /* TPM_ALG_ECSCHNORR the EC Schnorr */ #endif #ifdef TPM_ALG_HMAC TPMS_SCHEME_HMAC hmac; /* TPM_ALG_HMAC the HMAC scheme */ #endif TPMS_SCHEME_HASH any; /* selector that allows access to digest for any signing scheme */ } TPMU_SIG_SCHEME; /* Table 144 - Definition of TPMT_SIG_SCHEME Structure */ typedef struct { TPMI_ALG_SIG_SCHEME scheme; /* scheme selector */ TPMU_SIG_SCHEME details; /* scheme parameters */ } TPMT_SIG_SCHEME; /* Table 145 - Definition of Types for {RSA} Encryption Schemes */ typedef TPMS_SCHEME_HASH TPMS_ENC_SCHEME_OAEP; /* schemes that only need a hash */ typedef TPMS_EMPTY TPMS_ENC_SCHEME_RSAES; /* schemes that need nothing */ /* Table 146 - Definition of Types for {ECC} ECC Key Exchange */ typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECDH; /* schemes that only need a hash */ typedef TPMS_SCHEME_HASH TPMS_KEY_SCHEME_ECMQV; /* schemes that only need a hash */ /* Table 147 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ typedef TPMS_SCHEME_HASH TPMS_SCHEME_MGF1; typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF1_SP800_56A; typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF2; typedef TPMS_SCHEME_HASH TPMS_SCHEME_KDF1_SP800_108; /* Table 148 - Definition of TPMU_KDF_SCHEME Union */ typedef union { #ifdef TPM_ALG_MGF1 TPMS_SCHEME_MGF1 mgf1; /* TPM_ALG_MGF1 */ #endif #ifdef TPM_ALG_KDF1_SP800_56A TPMS_SCHEME_KDF1_SP800_56A kdf1_SP800_56a; /* TPM_ALG_KDF1_SP800_56A */ #endif #ifdef TPM_ALG_KDF2 TPMS_SCHEME_KDF2 kdf2; /* TPM_ALG_KDF2 */ #endif #ifdef TPM_ALG_KDF1_SP800_108 TPMS_SCHEME_KDF1_SP800_108 kdf1_sp800_108; /* TPM_ALG_KDF1_SP800_108 */ #endif } TPMU_KDF_SCHEME; /* Table 149 - Definition of TPMT_KDF_SCHEME Structure */ typedef struct { TPMI_ALG_KDF scheme; /* scheme selector */ TPMU_KDF_SCHEME details; /* scheme parameters */ } TPMT_KDF_SCHEME; /* Table 150 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> */ typedef TPM_ALG_ID TPMI_ALG_ASYM_SCHEME; /* Table 151 - Definition of TPMU_ASYM_SCHEME Union */ typedef union { #ifdef TPM_ALG_ECDH TPMS_KEY_SCHEME_ECDH ecdh; /* TPM_ALG_ECDH */ #endif #ifdef TPM_ALG_ECMQV TPMS_KEY_SCHEME_ECMQV ecmqvh; /* TPM_ALG_ECMQV */ #endif #ifdef TPM_ALG_RSASSA TPMS_SIG_SCHEME_RSASSA rsassa; /* TPM_ALG_RSASSA */ #endif #ifdef TPM_ALG_RSAPSS TPMS_SIG_SCHEME_RSAPSS rsapss; /* TPM_ALG_RSAPSS */ #endif #ifdef TPM_ALG_ECDSA TPMS_SIG_SCHEME_ECDSA ecdsa; /* TPM_ALG_ECDSA */ #endif #ifdef TPM_ALG_ECDAA TPMS_SIG_SCHEME_ECDAA ecdaa; /* TPM_ALG_ECDAA */ #endif #ifdef TPM_ALG_SM2 TPMS_SIG_SCHEME_SM2 sm2; /* TPM_ALG_SM2 */ #endif #ifdef TPM_ALG_ECSCHNORR TPMS_SIG_SCHEME_ECSCHNORR ecSchnorr; /* TPM_ALG_ECSCHNORR */ #endif #ifdef TPM_ALG_RSAES TPMS_ENC_SCHEME_RSAES rsaes; /* TPM_ALG_RSAES */ #endif #ifdef TPM_ALG_OAEP TPMS_ENC_SCHEME_OAEP oaep; /* TPM_ALG_OAEP */ #endif TPMS_SCHEME_HASH anySig; } TPMU_ASYM_SCHEME; /* Table 152 - Definition of TPMT_ASYM_SCHEME Structure <> */ typedef struct { TPMI_ALG_ASYM_SCHEME scheme; /* scheme selector */ TPMU_ASYM_SCHEME details; /* scheme parameters */ } TPMT_ASYM_SCHEME; /* Table 153 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */ typedef TPM_ALG_ID TPMI_ALG_RSA_SCHEME; /* Table 154 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ typedef struct { TPMI_ALG_RSA_SCHEME scheme; /* scheme selector */ TPMU_ASYM_SCHEME details; /* scheme parameters */ } TPMT_RSA_SCHEME; /* Table 155 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */ typedef TPM_ALG_ID TPMI_ALG_RSA_DECRYPT; /* Table 156 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ typedef struct { TPMI_ALG_RSA_DECRYPT scheme; /* scheme selector */ TPMU_ASYM_SCHEME details; /* scheme parameters */ } TPMT_RSA_DECRYPT; /* Table 157 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ typedef struct { UINT16 size; /* size of the buffer */ BYTE buffer[MAX_RSA_KEY_BYTES]; /* Value */ } PUBLIC_KEY_RSA_2B; typedef union { PUBLIC_KEY_RSA_2B t; TPM2B b; } TPM2B_PUBLIC_KEY_RSA; /* Table 158 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ typedef TPM_KEY_BITS TPMI_RSA_KEY_BITS; /* Table 159 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */ typedef struct { UINT16 size; BYTE buffer[MAX_RSA_KEY_BYTES/2]; } PRIVATE_KEY_RSA_2B; typedef union { PRIVATE_KEY_RSA_2B t; TPM2B b; } TPM2B_PRIVATE_KEY_RSA; /* Table 160 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */ typedef struct { UINT16 size; /* size of the buffer */ BYTE buffer[MAX_ECC_KEY_BYTES]; /* the parameter data */ } ECC_PARAMETER_2B; typedef union { ECC_PARAMETER_2B t; TPM2B b; } TPM2B_ECC_PARAMETER; /* Table 161 - Definition of {ECC} TPMS_ECC_POINT Structure */ typedef struct { TPM2B_ECC_PARAMETER x; /* X coordinate */ TPM2B_ECC_PARAMETER y; /* Y coordinate */ } TPMS_ECC_POINT; /* Table 162 - Definition of {ECC} TPM2B_ECC_POINT Structure */ typedef struct { UINT16 size; /* size of the remainder of this structure */ TPMS_ECC_POINT point; /* coordinates */ } TPM2B_ECC_POINT; /* Table 163 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */ typedef TPM_ALG_ID TPMI_ALG_ECC_SCHEME; /* Table 164 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ typedef TPM_ECC_CURVE TPMI_ECC_CURVE; /* Table 165 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ typedef struct { TPMI_ALG_ECC_SCHEME scheme; /* scheme selector */ TPMU_ASYM_SCHEME details; /* scheme parameters */ } TPMT_ECC_SCHEME; /* Table 166 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure */ typedef struct { TPM_ECC_CURVE curveID; /* identifier for the curve */ UINT16 keySize; /* Size in bits of the key */ TPMT_KDF_SCHEME kdf; /* If not TPM_ALG_NULL, the required KDF and hash algorithm used in secret sharing operations */ TPMT_ECC_SCHEME sign; /* If not TPM_ALG_NULL, this is the mandatory signature scheme that is required to be used with this curve. */ TPM2B_ECC_PARAMETER p; /* Fp (the modulus) */ TPM2B_ECC_PARAMETER a; /* coefficient of the linear term in the curve equation */ TPM2B_ECC_PARAMETER b; /* constant term for curve equation */ TPM2B_ECC_PARAMETER gX; /* x coordinate of base point G */ TPM2B_ECC_PARAMETER gY; /* y coordinate of base point G */ TPM2B_ECC_PARAMETER n; /* order of G */ TPM2B_ECC_PARAMETER h; /* cofactor (a size of zero indicates a cofactor of 1) */ } TPMS_ALGORITHM_DETAIL_ECC; /* Table 167 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ typedef struct { TPMI_ALG_HASH hash; /* the hash algorithm used to digest the message TPM_ALG_NULL is not allowed. */ TPM2B_PUBLIC_KEY_RSA sig; /* The signature is the size of a public key. */ } TPMS_SIGNATURE_RSA; /* Table 168 - Definition of Types for {RSA} Signature */ typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSASSA; typedef TPMS_SIGNATURE_RSA TPMS_SIGNATURE_RSAPSS; /* Table 169 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ typedef struct { TPMI_ALG_HASH hash; /* the hash algorithm used in the signature process TPM_ALG_NULL is not allowed. */ TPM2B_ECC_PARAMETER signatureR; TPM2B_ECC_PARAMETER signatureS; } TPMS_SIGNATURE_ECC; /* Table 170 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */ typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDSA; typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECDAA; typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_SM2; typedef TPMS_SIGNATURE_ECC TPMS_SIGNATURE_ECSCHNORR; /* Table 171 - Definition of TPMU_SIGNATURE Union */ typedef union { #ifdef TPM_ALG_RSASSA TPMS_SIGNATURE_RSASSA rsassa; /* TPM_ALG_RSASSA */ #endif #ifdef TPM_ALG_RSAPSS TPMS_SIGNATURE_RSAPSS rsapss; /* TPM_ALG_RSAPSS */ #endif #ifdef TPM_ALG_ECDSA TPMS_SIGNATURE_ECDSA ecdsa; /* TPM_ALG_ECDSA */ #endif #ifdef TPM_ALG_ECDAA TPMS_SIGNATURE_ECDSA ecdaa; /* TPM_ALG_ECDAA */ #endif #ifdef TPM_ALG_SM2 TPMS_SIGNATURE_ECDSA sm2; /* TPM_ALG_SM2 */ #endif #ifdef TPM_ALG_ECSCHNORR TPMS_SIGNATURE_ECDSA ecschnorr; /* TPM_ALG_ECSCHNORR */ #endif #ifdef TPM_ALG_HMAC TPMT_HA hmac; /* TPM_ALG_HMAC */ #endif TPMS_SCHEME_HASH any; /* used to access the hash */ } TPMU_SIGNATURE; /* Table 172 - Definition of TPMT_SIGNATURE Structure */ typedef struct { TPMI_ALG_SIG_SCHEME sigAlg; /* selector of the algorithm used to construct the signature */ TPMU_SIGNATURE signature; /* This shall be the actual signature information. */ } TPMT_SIGNATURE; /* Table 173 - Definition of TPMU_ENCRYPTED_SECRET Union */ typedef union { #ifdef TPM_ALG_ECC BYTE ecc[sizeof(TPMS_ECC_POINT)]; /* TPM_ALG_ECC */ #endif #ifdef TPM_ALG_RSA BYTE rsa[MAX_RSA_KEY_BYTES]; /* TPM_ALG_RSA */ #endif #ifdef TPM_ALG_SYMCIPHER BYTE symmetric[sizeof(TPM2B_DIGEST)]; /* TPM_ALG_SYMCIPHER */ #endif #ifdef TPM_ALG_KEYEDHASH BYTE keyedHash[sizeof(TPM2B_DIGEST)]; /* TPM_ALG_KEYEDHASH */ #endif } TPMU_ENCRYPTED_SECRET; /* Table 174 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ typedef struct { UINT16 size; /* size of the secret value */ BYTE secret[sizeof(TPMU_ENCRYPTED_SECRET)]; /* secret */ } ENCRYPTED_SECRET_2B; typedef union { ENCRYPTED_SECRET_2B t; TPM2B b; } TPM2B_ENCRYPTED_SECRET; /* Table 175 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ typedef TPM_ALG_ID TPMI_ALG_PUBLIC; /* Table 176 - Definition of TPMU_PUBLIC_ID Union */ typedef union { #ifdef TPM_ALG_KEYEDHASH TPM2B_DIGEST keyedHash; /* TPM_ALG_KEYEDHASH */ #endif #ifdef TPM_ALG_SYMCIPHER TPM2B_DIGEST sym; /* TPM_ALG_SYMCIPHER */ #endif #ifdef TPM_ALG_RSA TPM2B_PUBLIC_KEY_RSA rsa; /* TPM_ALG_RSA */ #endif #ifdef TPM_ALG_ECC TPMS_ECC_POINT ecc; /* TPM_ALG_ECC */ #endif TPMS_DERIVE derive; /* only allowed for TPM2_CreateLoaded when parentHandle is a Derivation Parent */ } TPMU_PUBLIC_ID; /* Table 177 - Definition of TPMS_KEYEDHASH_PARMS Structure */ typedef struct { TPMT_KEYEDHASH_SCHEME scheme; /* Indicates the signing method used for a keyedHash signing object */ } TPMS_KEYEDHASH_PARMS; /* Table 178 - Definition of TPMS_ASYM_PARMS Structure <> */ typedef struct { TPMT_SYM_DEF_OBJECT symmetric; /* the companion symmetric algorithm for a restricted decryption key */ TPMT_ASYM_SCHEME scheme; /* for a key with the sign attribute SET, a valid signing scheme for the key type */ } TPMS_ASYM_PARMS; /* Table 179 - Definition of {RSA} TPMS_RSA_PARMS Structure */ typedef struct { TPMT_SYM_DEF_OBJECT symmetric; /* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size, and mode. */ TPMT_RSA_SCHEME scheme; /* for an unrestricted signing key, shall be either TPM_ALG_RSAPSS TPM_ALG_RSASSA or TPM_ALG_NULL */ TPMI_RSA_KEY_BITS keyBits; /* number of bits in the public modulus */ UINT32 exponent; /* the public exponent */ } TPMS_RSA_PARMS; /* Table 180 - Definition of {ECC} TPMS_ECC_PARMS Structure */ typedef struct { TPMT_SYM_DEF_OBJECT symmetric; /* for a restricted decryption key, shall be set to a supported symmetric algorithm, key size. and mode. */ TPMT_ECC_SCHEME scheme; /* If the sign attribute of the key is SET, then this shall be a valid signing scheme. */ TPMI_ECC_CURVE curveID; /* ECC curve ID */ TPMT_KDF_SCHEME kdf; /* an optional key derivation scheme for generating a symmetric key from a Z value */ } TPMS_ECC_PARMS; /* Table 181 - Definition of TPMU_PUBLIC_PARMS Union */ typedef union { #ifdef TPM_ALG_KEYEDHASH TPMS_KEYEDHASH_PARMS keyedHashDetail; /* TPM_ALG_KEYEDHASH */ #endif #ifdef TPM_ALG_SYMCIPHER TPMS_SYMCIPHER_PARMS symDetail; /* TPM_ALG_SYMCIPHER */ #endif #ifdef TPM_ALG_RSA TPMS_RSA_PARMS rsaDetail; /* TPM_ALG_RSA */ #endif #ifdef TPM_ALG_ECC TPMS_ECC_PARMS eccDetail; /* TPM_ALG_ECC */ #endif TPMS_ASYM_PARMS asymDetail; /* common scheme structure for RSA and ECC keys */ } TPMU_PUBLIC_PARMS; /* Table 182 - Definition of TPMT_PUBLIC_PARMS Structure */ typedef struct { TPMI_ALG_PUBLIC type; /* the algorithm to be tested */ TPMU_PUBLIC_PARMS parameters; /* the algorithm details */ } TPMT_PUBLIC_PARMS; /* Table 183 - Definition of TPMT_PUBLIC Structure */ typedef struct { TPMI_ALG_PUBLIC type; /* "algorithm" associated with this object */ TPMI_ALG_HASH nameAlg; /* algorithm used for computing the Name of the object */ TPMA_OBJECT objectAttributes; /* attributes that, along with type, determine the manipulations of this object */ TPM2B_DIGEST authPolicy; /* optional policy for using this key */ TPMU_PUBLIC_PARMS parameters; /* the algorithm or structure details */ TPMU_PUBLIC_ID unique; /* the unique identifier of the structure */ } TPMT_PUBLIC; /* Table 184 - Definition of TPM2B_PUBLIC Structure */ typedef struct { UINT16 size; /* size of publicArea */ TPMT_PUBLIC publicArea; /* the public area */ } TPM2B_PUBLIC; /* Table 192 - Definition of TPM2B_TEMPLATE Structure */ typedef union { struct { UINT16 size; /* size of publicArea */ BYTE buffer[sizeof(TPMT_PUBLIC)]; /* the public area */ } t; TPM2B b; } TPM2B_TEMPLATE; /* Table 185 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure<> */ typedef struct { UINT16 size; BYTE buffer[PRIVATE_VENDOR_SPECIFIC_BYTES]; } PRIVATE_VENDOR_SPECIFIC_2B; typedef union { PRIVATE_VENDOR_SPECIFIC_2B t; TPM2B b; } TPM2B_PRIVATE_VENDOR_SPECIFIC; /* Table 186 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ typedef union { #ifdef TPM_ALG_RSA TPM2B_PRIVATE_KEY_RSA rsa; /* TPM_ALG_RSA a prime factor of the public key */ #endif #ifdef TPM_ALG_ECC TPM2B_ECC_PARAMETER ecc; /* TPM_ALG_ECC the integer private key */ #endif #ifdef TPM_ALG_KEYEDHASH TPM2B_SENSITIVE_DATA bits; /* TPM_ALG_KEYEDHASH the private data */ #endif #ifdef TPM_ALG_SYMCIPHER TPM2B_SYM_KEY sym; /* TPM_ALG_SYMCIPHER the symmetric key */ #endif TPM2B_PRIVATE_VENDOR_SPECIFIC any; /* vendor-specific size for key storage */ } TPMU_SENSITIVE_COMPOSITE; /* Table 187 - Definition of TPMT_SENSITIVE Structure */ typedef struct { TPMI_ALG_PUBLIC sensitiveType; /* identifier for the sensitive area */ TPM2B_AUTH authValue; /* user authorization data */ TPM2B_DIGEST seedValue; /* for asymmetric key object, the optional protection seed; for other objects, the obfuscation value */ TPMU_SENSITIVE_COMPOSITE sensitive; /* the type-specific private data */ } TPMT_SENSITIVE; /* Table 188 - Definition of TPM2B_SENSITIVE Structure */ typedef struct { UINT16 size; /* size of the private structure */ TPMT_SENSITIVE sensitiveArea; /* an unencrypted sensitive area */ } SENSITIVE_2B; typedef union { SENSITIVE_2B t; TPM2B b; } TPM2B_SENSITIVE; /* Table 189 - Definition of _PRIVATE Structure <> */ typedef struct { TPM2B_DIGEST integrityOuter; TPM2B_DIGEST integrityInner; /* could also be a TPM2B_IV */ TPM2B_SENSITIVE sensitive; /* the sensitive area */ } _PRIVATE; /* Table 190 - Definition of TPM2B_PRIVATE Structure */ typedef struct { UINT16 size; /* size of the private structure */ BYTE buffer[sizeof(_PRIVATE)]; /* an encrypted private area */ } PRIVATE_2B; typedef union { PRIVATE_2B t; TPM2B b; } TPM2B_PRIVATE; /* Table 191 - Definition of _ID_OBJECT Structure <> */ typedef struct { TPM2B_DIGEST integrityHMAC; /* HMAC using the nameAlg of the storage key on the target TPM */ TPM2B_DIGEST encIdentity; /* credential protector information returned if name matches the referenced object */ } _ID_OBJECT; /* Table 192 - Definition of TPM2B_ID_OBJECT Structure */ typedef struct { UINT16 size; /* size of the credential structure */ BYTE credential[sizeof(_ID_OBJECT)]; /* an encrypted credential area */ } ID_OBJECT_2B; typedef union { ID_OBJECT_2B t; TPM2B b; } TPM2B_ID_OBJECT; /* Table 193 - Definition of (UINT32) TPM_NV_INDEX Bits <> */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int index : 24; /* 23:0 The Index of the NV location */ unsigned int RH_NV : 8; /* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */ }; UINT32 val; } TPM_NV_INDEX; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int RH_NV : 8; /* 31:24 constant value of TPM_HT_NV_INDEX indicating the NV Index range */ unsigned int index : 24; /* 23:0 The Index of the NV location */ }; UINT32 val; } TPM_NV_INDEX; #else typedef struct { UINT32 val; } TPM_NV_INDEX; #endif #define TPM_NV_INDEX_INDEX 0x00ffffff #define TPM_NV_INDEX_RH_NV 0xff000000 /* Table 194 - Definition of TPM_NT Constants */ #define TPM_NT_ORDINARY 0x0 /* Ordinary - contains data that is opaque to the TPM that can only be modified using TPM2_NV_Write(). */ #define TPM_NT_COUNTER 0x1 /* Counter - contains an 8-octet value that is to be used as a counter and can only be modified with TPM2_NV_Increment() */ #define TPM_NT_BITS 0x2 /* Bit Field - contains an 8-octet value to be used as a bit field and can only be modified with TPM2_NV_SetBits(). */ #define TPM_NT_EXTEND 0x4 /* Extend - contains a digest-sized value used like a PCR. The Index can only be modified using TPM2_NV_Extend(). The extend will use the nameAlg of the Index. */ #define TPM_NT_PIN_FAIL 0x8 /* PIN Fail - contains a PIN limit and a PIN count that increments on a PIN authorization failure */ #define TPM_NT_PIN_PASS 0x9 /* PIN Pass - contains a PIN limit and a PIN count that increments on a PIN authorization success */ /* Table 204 - Definition of TPMS_NV_PIN_COUNTER_PARAMETERS Structure */ typedef struct { uint32_t pinCount; /* This counter shows the current number of successful authValue authorization attempts to access a TPM_NT_PIN_PASS index or the current number of unsuccessful authValue authorization attempts to access a TPM_NT_PIN_FAIL index. */ uint32_t pinLimit; /* This threshold is the value of pinCount at which the authValue authorization of the host TPM_NT_PIN_PASS or TPM_NT_PIN_FAIL index is locked out. */ } TPMS_NV_PIN_COUNTER_PARAMETERS; /* Table 205 - Definition of (UINT32) TPMA_NV Bits */ #if defined TPM_BITFIELD_LE typedef union { struct { unsigned int TPMA_NV_PPWRITE : 1; /* 0 The Index data can be written if Platform Authorization is provided. */ unsigned int TPMA_NV_OWNERWRITE : 1; /* 1 The Index data can be written if Owner Authorization is provided. */ unsigned int TPMA_NV_AUTHWRITE : 1; /* 2 Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */ unsigned int TPMA_NV_POLICYWRITE : 1; /* 3 Authorizations to change the Index contents that require USER role may be provided with a policy session. */ unsigned int TPM_NT : 4; /* 7:4 The type of the index */ unsigned int Reserved1 : 2; /* 9:8 shall be zero reserved for future use */ unsigned int TPMA_NV_POLICY_DELETE : 1; /* 10 Index may not be deleted unless the authPolicy is satisfied. */ unsigned int TPMA_NV_WRITELOCKED : 1; /* 11 Index cannot be written. */ unsigned int TPMA_NV_WRITEALL : 1; /* 12 A partial write of the Index data is not allowed. The write size shall match the defined space size. */ unsigned int TPMA_NV_WRITEDEFINE : 1; /* 13 TPM2_NV_WriteLock() may be used to prevent further writes to this location. */ unsigned int TPMA_NV_WRITE_STCLEAR : 1; /* 14 TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */ unsigned int TPMA_NV_GLOBALLOCK : 1; /* 15 If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */ unsigned int TPMA_NV_PPREAD : 1; /* 16 The Index data can be read if Platform Authorization is provided. */ unsigned int TPMA_NV_OWNERREAD : 1; /* 17 The Index data can be read if Owner Authorization is provided. */ unsigned int TPMA_NV_AUTHREAD : 1; /* 18 The Index data may be read if the authValue is provided. */ unsigned int TPMA_NV_POLICYREAD : 1; /* 19 The Index data may be read if the authPolicy is satisfied. */ unsigned int Reserved2 : 5; /* 24:20 shall be zero reserved for future use */ unsigned int TPMA_NV_NO_DA : 1; /* 25 Authorization failures of the Index do not affect the DA logic */ unsigned int TPMA_NV_ORDERLY : 1; /* 26 NV Index state is only required to be saved when the TPM performs an orderly shutdown */ unsigned int TPMA_NV_CLEAR_STCLEAR : 1; /* 27 TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */ unsigned int TPMA_NV_READLOCKED : 1; /* 28 Reads of the Index are blocked until the next TPM Reset or TPM Restart. */ unsigned int TPMA_NV_WRITTEN : 1; /* 29 Index has been written. */ unsigned int TPMA_NV_PLATFORMCREATE : 1; /* 30 This Index may be undefined with Platform Authorization but not with Owner Authorization. */ unsigned int TPMA_NV_READ_STCLEAR : 1; /* 31 TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */ }; UINT32 val; } TPMA_NV; #elif defined TPM_BITFIELD_BE typedef union { struct { unsigned int TPMA_NV_READ_STCLEAR : 1; /* 31 TPM2_NV_ReadLock() may be used to SET TPMA_NV_READLOCKED for this Index. */ unsigned int TPMA_NV_PLATFORMCREATE : 1; /* 30 This Index may be undefined with Platform Authorization but not with Owner Authorization. */ unsigned int TPMA_NV_WRITTEN : 1; /* 29 Index has been written. */ unsigned int TPMA_NV_READLOCKED : 1; /* 28 Reads of the Index are blocked until the next TPM Reset or TPM Restart. */ unsigned int TPMA_NV_CLEAR_STCLEAR : 1; /* 27 TPMA_NV_WRITTEN for the Index is CLEAR by TPM Reset or TPM Restart. */ unsigned int TPMA_NV_ORDERLY : 1; /* 26 NV Index state is only required to be saved when the TPM performs an orderly shutdown */ unsigned int TPMA_NV_NO_DA : 1; /* 25 Authorization failures of the Index do not affect the DA logic */ unsigned int Reserved2 : 5; /* 24:20 shall be zero reserved for future use */ unsigned int TPMA_NV_POLICYREAD : 1; /* 19 The Index data may be read if the authPolicy is satisfied. */ unsigned int TPMA_NV_AUTHREAD : 1; /* 18 The Index data may be read if the authValue is provided. */ unsigned int TPMA_NV_OWNERREAD : 1; /* 17 The Index data can be read if Owner Authorization is provided. */ unsigned int TPMA_NV_PPREAD : 1; /* 16 The Index data can be read if Platform Authorization is provided. */ unsigned int TPMA_NV_GLOBALLOCK : 1; /* 15 If TPM2_NV_GlobalLock() is successful, then further writes are not permitted until the next TPM Reset or TPM Restart. */ unsigned int TPMA_NV_WRITE_STCLEAR : 1; /* 14 TPM2_NV_WriteLock() may be used to prevent further writes to this location until the next TPM Reset or TPM Restart. */ unsigned int TPMA_NV_WRITEDEFINE : 1; /* 13 TPM2_NV_WriteLock() may be used to prevent further writes to this location. */ unsigned int TPMA_NV_WRITEALL : 1; /* 12 A partial write of the Index data is not allowed. The write size shall match the defined space size. */ unsigned int TPMA_NV_WRITELOCKED : 1; /* 11 Index cannot be written. */ unsigned int TPMA_NV_POLICY_DELETE : 1; /* 10 Index may not be deleted unless the authPolicy is satisfied. */ unsigned int Reserved1 : 2; /* 9:8 shall be zero reserved for future use */ unsigned int TPM_NT : 4; /* 7:4 The type of the index */ unsigned int TPMA_NV_POLICYWRITE : 1; /* 3 Authorizations to change the Index contents that require USER role may be provided with a policy session. */ unsigned int TPMA_NV_AUTHWRITE : 1; /* 2 Authorizations to change the Index contents that require USER role may be provided with an HMAC session or password. */ unsigned int TPMA_NV_OWNERWRITE : 1; /* 1 The Index data can be written if Owner Authorization is provided. */ unsigned int TPMA_NV_PPWRITE : 1; /* 0 The Index data can be written if Platform Authorization is provided. */ }; UINT32 val; } TPMA_NV; #else typedef struct { UINT32 val; } TPMA_NV; #endif #define TPMA_NVA_PPWRITE 0x00000001 #define TPMA_NVA_OWNERWRITE 0x00000002 #define TPMA_NVA_AUTHWRITE 0x00000004 #define TPMA_NVA_POLICYWRITE 0x00000008 #define TPMA_NVA_ORDINARY 0x00000000 #define TPMA_NVA_COUNTER 0x00000010 #define TPMA_NVA_BITS 0x00000020 #define TPMA_NVA_EXTEND 0x00000040 #define TPMA_NVA_PIN_FAIL 0x00000080 #define TPMA_NVA_PIN_PASS 0x00000090 #define TPMA_NVA_RESERVED1 0x00000300 #define TPMA_NVA_POLICY_DELETE 0x00000400 #define TPMA_NVA_WRITELOCKED 0x00000800 #define TPMA_NVA_WRITEALL 0x00001000 #define TPMA_NVA_WRITEDEFINE 0x00002000 #define TPMA_NVA_WRITE_STCLEAR 0x00004000 #define TPMA_NVA_GLOBALLOCK 0x00008000 #define TPMA_NVA_PPREAD 0x00010000 #define TPMA_NVA_OWNERREAD 0x00020000 #define TPMA_NVA_AUTHREAD 0x00040000 #define TPMA_NVA_POLICYREAD 0x00080000 #define TPMA_NVA_RESERVED2 0x01f00000 #define TPMA_NVA_NO_DA 0x02000000 #define TPMA_NVA_ORDERLY 0x04000000 #define TPMA_NVA_CLEAR_STCLEAR 0x08000000 #define TPMA_NVA_READLOCKED 0x10000000 #define TPMA_NVA_WRITTEN 0x20000000 #define TPMA_NVA_PLATFORMCREATE 0x40000000 #define TPMA_NVA_READ_STCLEAR 0x80000000 #define TPMA_NVA_TPM_NT_MASK 0x000000f0 #define TPMA_NV_RESERVED (TPMA_NVA_RESERVED1 | TPMA_NVA_RESERVED2) /* Table 197 - Definition of TPMS_NV_PUBLIC Structure */ typedef struct { TPMI_RH_NV_INDEX nvIndex; /* the handle of the data area */ TPMI_ALG_HASH nameAlg; /* hash algorithm used to compute the name of the Index and used for the authPolicy */ TPMA_NV attributes; /* the Index attributes */ TPM2B_DIGEST authPolicy; /* optional access policy for the Index */ UINT16 dataSize; /* the size of the data area */ } TPMS_NV_PUBLIC; /* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */ typedef struct { UINT16 size; /* size of nvPublic */ TPMS_NV_PUBLIC nvPublic; /* the public area */ } TPM2B_NV_PUBLIC; /* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure */ typedef struct { UINT16 size; BYTE buffer[MAX_CONTEXT_SIZE]; /* the sensitive data */ } CONTEXT_SENSITIVE_2B; typedef union { CONTEXT_SENSITIVE_2B t; TPM2B b; } TPM2B_CONTEXT_SENSITIVE; /* Table 200 - Definition of TPMS_CONTEXT_DATA Structure */ typedef struct { TPM2B_DIGEST integrity; /* the integrity value */ TPM2B_CONTEXT_SENSITIVE encrypted; /* the sensitive area */ } TPMS_CONTEXT_DATA; /* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure */ typedef struct { UINT16 size; BYTE buffer[sizeof(TPMS_CONTEXT_DATA)]; } CONTEXT_DATA_2B; typedef union { CONTEXT_DATA_2B t; TPM2B b; } TPM2B_CONTEXT_DATA; /* Table 202 - Definition of TPMS_CONTEXT Structure */ typedef struct { UINT64 sequence; /* the sequence number of the context */ TPMI_DH_CONTEXT savedHandle; /* a handle indicating if the context is a session, object or sequence object */ TPMI_RH_HIERARCHY hierarchy; /* the hierarchy of the context */ TPM2B_CONTEXT_DATA contextBlob; /* the context data and integrity HMAC */ } TPMS_CONTEXT; /* Table 203 - Context Handle Values */ #define TPM_CONTEXT_HANDLE_HMAC 0x02000000 /* an HMAC session context */ #define TPM_CONTEXT_HANDLE_POLICY_SESSION 0x03000000 /* a policy session context */ #define TPM_CONTEXT_HANDLE_TRANSIENT 0x80000000 /* an ordinary transient object */ #define TPM_CONTEXT_HANDLE_SEQUENCE 0x80000001 /* a sequence object */ #define TPM_CONTEXT_HANDLE_STCLEAR 0x80000002 /* a transient object with the stClear attribute SET */ /* Table 204 - Definition of TPMS_CREATION_DATA Structure */ typedef struct { TPML_PCR_SELECTION pcrSelect; /* list indicating the PCR included in pcrDigest */ TPM2B_DIGEST pcrDigest; /* digest of the selected PCR using nameAlg of the object for which this structure is being created */ TPMA_LOCALITY locality; /* the locality at which the object was created */ TPM_ALG_ID parentNameAlg; /* nameAlg of the parent */ TPM2B_NAME parentName; /* Name of the parent at time of creation */ TPM2B_NAME parentQualifiedName; /* Qualified Name of the parent at the time of creation */ TPM2B_DATA outsideInfo; /* association with additional information added by the key creator */ } TPMS_CREATION_DATA; /* Table 205 - Definition of TPM2B_CREATION_DATA Structure */ typedef struct { UINT16 size; /* size of the creation data */ TPMS_CREATION_DATA creationData; } TPM2B_CREATION_DATA; #ifdef __cplusplus } #endif #endif ./utils/tss2/ECDH_KeyGen_fp.h0000644000175000017500000000740612742246532014037 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ECDH_KeyGen_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef ECDH_KEYGEN_FP_H #define ECDH_KEYGEN_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; } ECDH_KeyGen_In; #define RC_ECDH_KeyGen_keyHandle (TPM_RC_H + TPM_RC_1) typedef struct { TPM2B_ECC_POINT zPoint; TPM2B_ECC_POINT pubPoint; } ECDH_KeyGen_Out; TPM_RC TPM2_ECDH_KeyGen( ECDH_KeyGen_In *in, // IN: input parameter list ECDH_KeyGen_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicySecret_fp.h0000644000175000017500000001026513013664115014465 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicySecret_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 124 */ #ifndef POLICYSECRET_FP_H #define POLICYSECRET_FP_H typedef struct { TPMI_DH_ENTITY authHandle; TPMI_SH_POLICY policySession; TPM2B_NONCE nonceTPM; TPM2B_DIGEST cpHashA; TPM2B_NONCE policyRef; INT32 expiration; } PolicySecret_In; #define RC_PolicySecret_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PolicySecret_policySession (TPM_RC_H + TPM_RC_2) #define RC_PolicySecret_nonceTPM (TPM_RC_P + TPM_RC_1) #define RC_PolicySecret_cpHashA (TPM_RC_P + TPM_RC_2) #define RC_PolicySecret_policyRef (TPM_RC_P + TPM_RC_3) #define RC_PolicySecret_expiration (TPM_RC_P + TPM_RC_4) typedef struct { TPM2B_TIMEOUT timeout; TPMT_TK_AUTH policyTicket; } PolicySecret_Out; TPM_RC TPM2_PolicySecret( PolicySecret_In *in, // IN: input parameter list PolicySecret_Out *out // OUT: output parameter list ); #endif ./utils/tss2/FlushContext_fp.h0000644000175000017500000000715413013664115014511 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: FlushContext_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef FLUSHCONTEXT_FP_H #define FLUSHCONTEXT_FP_H typedef struct { TPMI_DH_CONTEXT flushHandle; } FlushContext_In; #define RC_FlushContext_flushHandle (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_FlushContext( FlushContext_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_UndefineSpace_fp.h0000644000175000017500000000735212742246532015206 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_UndefineSpace_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_UNDEFINESPACE_FP_H #define NV_UNDEFINESPACE_FP_H typedef struct { TPMI_RH_PROVISION authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_UndefineSpace_In; #define RC_NV_UndefineSpace_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_UndefineSpace_nvIndex (TPM_RC_H + TPM_RC_2) TPM_RC TPM2_NV_UndefineSpace( NV_UndefineSpace_In *in // IN: input parameter list ); #endif ./utils/tss2/PCR_Read_fp.h0000644000175000017500000000745112742246532013451 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PCR_Read_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef PCR_READ_FP_H #define PCR_READ_FP_H typedef struct { TPML_PCR_SELECTION pcrSelectionIn; } PCR_Read_In; #define RC_PCR_Read_pcrSelectionIn (TPM_RC_P + TPM_RC_1) typedef struct { UINT32 pcrUpdateCounter; TPML_PCR_SELECTION pcrSelectionOut; TPML_DIGEST pcrValues; } PCR_Read_Out; TPM_RC TPM2_PCR_Read( PCR_Read_In *in, // IN: input parameter list PCR_Read_Out *out // OUT: output parameter list ); #endif ./utils/tss2/GetTime_fp.h0000644000175000017500000000777712742246532013443 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: GetTime_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef GETTIME_FP_H #define GETTIME_FP_H typedef struct { TPMI_RH_ENDORSEMENT privacyAdminHandle; TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } GetTime_In; #define RC_GetTime_privacyAdminHandle (TPM_RC_H + TPM_RC_1) #define RC_GetTime_signHandle (TPM_RC_H + TPM_RC_2) #define RC_GetTime_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_GetTime_inScheme (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_ATTEST timeInfo; TPMT_SIGNATURE signature; } GetTime_Out; TPM_RC TPM2_GetTime( GetTime_In *in, // IN: input parameter list GetTime_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyNV_fp.h0000644000175000017500000000774512742246532013603 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyNV_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYNV_FP_H #define POLICYNV_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPMI_SH_POLICY policySession; TPM2B_OPERAND operandB; UINT16 offset; TPM_EO operation; } PolicyNV_In; #define RC_PolicyNV_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PolicyNV_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_PolicyNV_policySession (TPM_RC_H + TPM_RC_3) #define RC_PolicyNV_operandB (TPM_RC_P + TPM_RC_1) #define RC_PolicyNV_offset (TPM_RC_P + TPM_RC_2) #define RC_PolicyNV_operation (TPM_RC_P + TPM_RC_3) TPM_RC TPM2_PolicyNV( PolicyNV_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_Certify_fp.h0000644000175000017500000001033612742246532014076 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_Certify_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_CERTIFY_FP_H #define NV_CERTIFY_FP_H typedef struct { TPMI_DH_OBJECT signHandle; TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; UINT16 size; UINT16 offset; } NV_Certify_In; #define RC_NV_Certify_signHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_Certify_authHandle (TPM_RC_H + TPM_RC_2) #define RC_NV_Certify_nvIndex (TPM_RC_H + TPM_RC_3) #define RC_NV_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_NV_Certify_inScheme (TPM_RC_P + TPM_RC_2) #define RC_NV_Certify_size (TPM_RC_P + TPM_RC_3) #define RC_NV_Certify_offset (TPM_RC_P + TPM_RC_4) typedef struct { TPM2B_ATTEST certifyInfo; TPMT_SIGNATURE signature; } NV_Certify_Out; TPM_RC TPM2_NV_Certify( NV_Certify_In *in, // IN: input parameter list NV_Certify_Out *out // OUT: output parameter list ); #endif ./utils/tss2/NV_ReadPublic_fp.h0000644000175000017500000000742212742246532014505 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_ReadPublic_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_READPUBLIC_FP_H #define NV_READPUBLIC_FP_H typedef struct { TPMI_RH_NV_INDEX nvIndex; } NV_ReadPublic_In; #define RC_NV_ReadPublic_nvIndex (TPM_RC_P + TPM_RC_1) typedef struct { TPM2B_NV_PUBLIC nvPublic; TPM2B_NAME nvName; } NV_ReadPublic_Out; TPM_RC TPM2_NV_ReadPublic( NV_ReadPublic_In *in, // IN: input parameter list NV_ReadPublic_Out *out // OUT: output parameter list ); #endif ./utils/tss2/VerifySignature_fp.h0000644000175000017500000000770712742246532015224 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: VerifySignature_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef VERIFYSIGNATURE_FP_H #define VERIFYSIGNATURE_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_DIGEST digest; TPMT_SIGNATURE signature; } VerifySignature_In; #define RC_VerifySignature_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_VerifySignature_digest (TPM_RC_P + TPM_RC_1) #define RC_VerifySignature_signature (TPM_RC_P + TPM_RC_2) typedef struct { TPMT_TK_VERIFIED validation; } VerifySignature_Out; TPM_RC TPM2_VerifySignature( VerifySignature_In *in, // IN: input parameter list VerifySignature_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyAuthorizeNV_fp.h0000644000175000017500000000753413013664115015463 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyAuthorizeNV_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015, 2016 */ /* */ /********************************************************************************/ /* rev 136 */ #ifndef POLICYAUTHORIZENV_FP_H #define POLICYAUTHORIZENV_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; TPMI_SH_POLICY policySession; } PolicyAuthorizeNV_In; #define RC_PolicyAuthorizeNV_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PolicyAuthorizeNV_nvIndex (TPM_RC_H + TPM_RC_2) #define RC_PolicyAuthorizeNV_policySession (TPM_RC_H + TPM_RC_3) TPM_RC TPM2_PolicyAuthorizeNV( PolicyAuthorizeNV_In *in // IN: input parameter list ); #endif ./utils/tss2/Certify_fp.h0000644000175000017500000000776412742246532013506 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Certify_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CERTIFY_FP_H #define CERTIFY_FP_H typedef struct { TPMI_DH_OBJECT objectHandle; TPMI_DH_OBJECT signHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } Certify_In; #define RC_Certify_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_Certify_signHandle (TPM_RC_H + TPM_RC_2) #define RC_Certify_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_Certify_inScheme (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_ATTEST certifyInfo; TPMT_SIGNATURE signature; } Certify_Out; TPM_RC TPM2_Certify( Certify_In *in, // IN: input parameter list Certify_Out *out // OUT: output parameter list ); #endif ./utils/tss2/RSA_Decrypt_fp.h0000644000175000017500000000776112742246532014215 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: RSA_Decrypt_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef RSA_DECRYPT_FP_H #define RSA_DECRYPT_FP_H typedef struct { TPMI_DH_OBJECT keyHandle; TPM2B_PUBLIC_KEY_RSA cipherText; TPMT_RSA_DECRYPT inScheme; TPM2B_DATA label; } RSA_Decrypt_In; #define RC_RSA_Decrypt_keyHandle (TPM_RC_H + TPM_RC_1) #define RC_RSA_Decrypt_cipherText (TPM_RC_P + TPM_RC_1) #define RC_RSA_Decrypt_inScheme (TPM_RC_P + TPM_RC_2) #define RC_RSA_Decrypt_label (TPM_RC_P + TPM_RC_3) typedef struct { TPM2B_PUBLIC_KEY_RSA message; } RSA_Decrypt_Out; TPM_RC TPM2_RSA_Decrypt( RSA_Decrypt_In *in, // IN: input parameter list RSA_Decrypt_Out *out // OUT: output parameter list ); #endif ./utils/tss2/MakeCredential_fp.h0000644000175000017500000000773212742246532014744 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: MakeCredential_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef MAKECREDENTIAL_FP_H #define MAKECREDENTIAL_FP_H typedef struct { TPMI_DH_OBJECT handle; TPM2B_DIGEST credential; TPM2B_NAME objectName; } MakeCredential_In; #define RC_MakeCredential_handle (TPM_RC_H + TPM_RC_1) #define RC_MakeCredential_credential (TPM_RC_P + TPM_RC_1) #define RC_MakeCredential_objectName (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_ID_OBJECT credentialBlob; TPM2B_ENCRYPTED_SECRET secret; } MakeCredential_Out; TPM_RC TPM2_MakeCredential( MakeCredential_In *in, // IN: input parameter list MakeCredential_Out *out // OUT: output parameter list ); #endif ./utils/tss2/Duplicate_fp.h0000644000175000017500000001012212742246532013771 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Duplicate_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef DUPLICATE_FP_H #define DUPLICATE_FP_H typedef struct { TPMI_DH_OBJECT objectHandle; TPMI_DH_OBJECT newParentHandle; TPM2B_DATA encryptionKeyIn; TPMT_SYM_DEF_OBJECT symmetricAlg; } Duplicate_In; typedef struct { TPM2B_DATA encryptionKeyOut; TPM2B_PRIVATE duplicate; TPM2B_ENCRYPTED_SECRET outSymSeed; } Duplicate_Out; #define RC_Duplicate_objectHandle (TPM_RC_H + TPM_RC_1) #define RC_Duplicate_newParentHandle (TPM_RC_H + TPM_RC_2) #define RC_Duplicate_encryptionKeyIn (TPM_RC_P + TPM_RC_1) #define RC_Duplicate_symmetricAlg (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_Duplicate( Duplicate_In *in, // IN: input parameter list Duplicate_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PCR_Event_fp.h0000644000175000017500000000746212742246532013661 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PCR_Event_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef PCR_EVENT_FP_H #define PCR_EVENT_FP_H typedef struct { TPMI_DH_PCR pcrHandle; TPM2B_EVENT eventData; } PCR_Event_In; #define RC_PCR_Event_pcrHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_Event_eventData (TPM_RC_P + TPM_RC_1) typedef struct { TPML_DIGEST_VALUES digests; } PCR_Event_Out; TPM_RC TPM2_PCR_Event( PCR_Event_In *in, // IN: input parameter list PCR_Event_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PolicyPhysicalPresence_fp.h0000644000175000017500000000725612742246532016516 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyPhysicalPresence_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYPHYSICALPRESENCE_FP_H #define POLICYPHYSICALPRESENCE_FP_H typedef struct { TPMI_SH_POLICY policySession; } PolicyPhysicalPresence_In; #define RC_PolicyPhysicalPresence_policySession (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_PolicyPhysicalPresence( PolicyPhysicalPresence_In *in // IN: input parameter list ); #endif ./utils/tss2/PolicyCommandCode_fp.h0000644000175000017500000000734712742246532015427 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyCommandCode_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYCOMMANDCODE_FP_H #define POLICYCOMMANDCODE_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM_CC code; } PolicyCommandCode_In; #define RC_PolicyCommandCode_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyCommandCode_code (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PolicyCommandCode( PolicyCommandCode_In *in // IN: input parameter list ); #endif ./utils/tss2/tssprint.h0000644000175000017500000001475113063030732013262 0ustar lo1lo1/********************************************************************************/ /* */ /* Structure Print Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssprint.h 967 2017-03-17 18:58:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a semi-public header. The API is not guaranteed to be stable, and the format of the output is subject to change It is useful for application debug. */ #ifndef TSSPRINT_H #define TSSPRINT_H #include #include #ifndef TPM_TSS #define TPM_TSS #endif #include #ifdef __cplusplus extern "C" { #endif #ifdef TPM_NO_PRINT /* return code to eliminate "statement has no effect" compiler warning */ extern int tssSwallowRc; /* function prototype to match the printf prototype */ int TSS_SwallowPrintf(const char *format, ...); /* macro to compile out printf */ #define printf tssSwallowRc = 0 && TSS_SwallowPrintf #endif LIB_EXPORT uint32_t TSS_Array_Scan(unsigned char **data, size_t *len, const char *string); LIB_EXPORT void TSS_PrintAll(const char *string, const unsigned char* buff, uint32_t length); LIB_EXPORT void TSS_PrintAlli(const char *string, unsigned int indent, const unsigned char* buff, uint32_t length); LIB_EXPORT void TSS_TPM_ALG_ID_Print(TPM_ALG_ID source, unsigned int indent); LIB_EXPORT void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent); LIB_EXPORT void TSS_TPMA_OBJECT_Print(TPMA_OBJECT source, unsigned int indent); LIB_EXPORT void TSS_TPMS_PCR_SELECTION_Print(TPMS_PCR_SELECTION *source, unsigned int indent); LIB_EXPORT void TSS_TPML_PCR_SELECTION_Print(TPML_PCR_SELECTION *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_CLOCK_INFO_Print(TPMS_CLOCK_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_TIME_INFO_Print(TPMS_TIME_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_TIME_ATTEST_INFO_Print(TPMS_TIME_ATTEST_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_CERTIFY_INFO_Print(TPMS_CERTIFY_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_QUOTE_INFO_Print(TPMS_QUOTE_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_SESSION_AUDIT_INFO_Print(TPMS_SESSION_AUDIT_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_CREATION_INFO_Print(TPMS_CREATION_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_NV_CERTIFY_INFO_Print(TPMS_NV_CERTIFY_INFO *source, unsigned int indent); LIB_EXPORT void TSS_TPMI_ST_ATTEST_Print(TPMI_ST_ATTEST selector, unsigned int indent); LIB_EXPORT void TSS_TPMU_ATTEST_Print(TPMU_ATTEST *source, TPMI_ST_ATTEST selector, unsigned int indent); LIB_EXPORT void TSS_TPMS_ATTEST_Print(TPMS_ATTEST *source, unsigned int indent); LIB_EXPORT void TSS_TPM2B_ATTEST_Print(TPM2B_ATTEST *source, unsigned int indent); LIB_EXPORT void TSS_TPMT_SYM_DEF_OBJECT_Print(TPMT_SYM_DEF_OBJECT *source, unsigned int indent); LIB_EXPORT void TSS_TPMT_KDF_SCHEME_Print(TPMT_KDF_SCHEME *source, unsigned int indent); LIB_EXPORT void TSS_TPMT_RSA_SCHEME_Print(TPMT_RSA_SCHEME *source, unsigned int indent); LIB_EXPORT void TSS_TPMI_RSA_KEY_BITS_Print(TPMI_RSA_KEY_BITS source, unsigned int indent); LIB_EXPORT void TSS_TPMI_ECC_CURVE_Print(TPMI_ECC_CURVE source, unsigned int indent); LIB_EXPORT void TSS_TPMT_ECC_SCHEME_Print(TPMT_ECC_SCHEME *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_SIGNATURE_RSA_Print(TPMS_SIGNATURE_RSA *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_SIGNATURE_RSASSA_Print(TPMS_SIGNATURE_RSASSA *source, unsigned int indent); LIB_EXPORT void TSS_TPMU_SIGNATURE_Print(TPMU_SIGNATURE *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent); LIB_EXPORT void TSS_TPMT_SIGNATURE_Print(TPMT_SIGNATURE *source, unsigned int indent); LIB_EXPORT void TSS_TPMU_PUBLIC_ID_Print(TPMU_PUBLIC_ID *source, TPMI_ALG_PUBLIC selector, unsigned int indent); LIB_EXPORT void TSS_TPMI_ALG_PUBLIC_Print(TPMI_ALG_PUBLIC source, unsigned int indent); LIB_EXPORT void TSS_TPMS_ECC_PARMS_Print(TPMS_ECC_PARMS *source, unsigned int indent); LIB_EXPORT void TSS_TPMS_RSA_PARMS_Print(TPMS_RSA_PARMS *source, unsigned int indent); LIB_EXPORT void TSS_TPMU_PUBLIC_PARMS_Print(TPMU_PUBLIC_PARMS *source, UINT32 selector, unsigned int indent); LIB_EXPORT void TSS_TPMT_PUBLIC_Print(TPMT_PUBLIC *source, unsigned int indent); LIB_EXPORT void TSS_TPMA_NV_Print(TPMA_NV source, unsigned int indent); #ifdef __cplusplus } #endif #endif ./utils/tss2/GetTestResult_fp.h0000644000175000017500000000712513013664115014637 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: GetTestResult_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2016 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef GETTESTRESULT_FP_H #define GETTESTRESULT_FP_H typedef struct{ TPM2B_MAX_BUFFER outData; TPM_RC testResult; } GetTestResult_Out; TPM_RC TPM2_GetTestResult( GetTestResult_Out *out // OUT: output parameter list ); #endif ./utils/tss2/SetPrimaryPolicy_fp.h0000644000175000017500000000750712742246532015353 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: SetPrimaryPolicy_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SETPRIMARYPOLICY_FP_H #define SETPRIMARYPOLICY_FP_H typedef struct { TPMI_RH_HIERARCHY_AUTH authHandle; TPM2B_DIGEST authPolicy; TPMI_ALG_HASH hashAlg; } SetPrimaryPolicy_In; #define RC_SetPrimaryPolicy_authHandle (TPM_RC_H + TPM_RC_1) #define RC_SetPrimaryPolicy_authPolicy (TPM_RC_P + TPM_RC_1) #define RC_SetPrimaryPolicy_hashAlg (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_SetPrimaryPolicy( SetPrimaryPolicy_In *in // IN: input parameter list ); #endif ./utils/tss2/NV_WriteLock_fp.h0000644000175000017500000000730013013664115014362 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_WriteLock_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_WRITELOCK_FP_H #define NV_WRITELOCK_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_WriteLock_In; #define RC_NV_WriteLock_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_WriteLock_nvIndex (TPM_RC_H + TPM_RC_2) TPM_RC TPM2_NV_WriteLock( NV_WriteLock_In *in // IN: input parameter list ); #endif ./utils/tss2/TpmBuildSwitches.h0000644000175000017500000001567412743244171014643 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: TpmBuildSwitches.h 684 2016-07-18 21:22:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 122 */ // 5.12 TpmBuildSwitches.h // This file contains the build switches. This contains switches for multiple versions of the crypto-library so some may not apply to your environment. #ifndef _TPM_BUILD_SWITCHES_H #define _TPM_BUILD_SWITCHES_H #define SIMULATION #define FIPS_COMPLIANT // Define TABLE_DRIVEN_DISPATCH to use tables rather than case statements for command dispatch and handle unmarshaling #define TABLE_DRIVEN_DISPATCH #ifndef RSA_KEY_SIEVE // Remove comment on following line to enable the generation of RSA primes using a sieve. // #define RSA_KEY_SIEVE #endif // Define the alignment macro appropriate for the build environment For MS C compiler #define ALIGN_TO(boundary) __declspec(align(boundary)) // For ISO 9899:2011 // #define ALIGN_TO(boundary) _Alignas(boundary) // This switch enables the RNG state save and restore #undef _DRBG_STATE_SAVE #define _DRBG_STATE_SAVE // Comment this out if no state save is wanted // Switch added to support packed lists that leave out space assocaited with unimplemented commands. Comment this out to use linear lists. // NOTE: if vendor specific commands are presnet, the associated list is always in compressed form. #define COMPRESSED_LISTS // Set the alignment size for the crypto. It would be nice to set this according to macros automatically defined by the build environment, but that doesn't seem possible because there isn't any simple set for that. So, this is just a plugged value. Your compiler should complain if this alignment isn't possible. // NOTE: this value can be set at the command line or just plugged in here. #ifdef CRYPTO_ALIGN_16 # define CRYPTO_ALIGNMENT 16 #elif defined CRYPTO_ALIGN_8 # define CRYPTO_ALIGNMENT 8 #elif defined CRYPTO_ALIGN_2 # define CRYPTO_ALIGNMENT 2 #elif defined CRTYPO_ALIGN_1 # define CRYPTO_ALIGNMENT 1 #else # define CRYPTO_ALIGNMENT 4 // For 32-bit builds #endif #define CRYPTO_ALIGNED // kgold // #define CRYPTO_ALIGNED ALIGN_TO(CRYPTO_ALIGNMENT) #ifdef _MSC_VER // This macro is used to handle LIB_EXPORT of function and variable names in lieu of a .def // file. Visual Studio requires that functions be explicity exported and imported. # define LIB_EXPORT __declspec(dllexport) // VS compatible version # define LIB_IMPORT __declspec(dllimport) // This is defined to indicate a function that does not return. Microsoft compilers do not support // the _Noretrun() function parameter. # define NORETURN __declspec(noreturn) # define INLINE __inline #ifdef SELF_TEST #pragma comment(lib, "algorithmtests.lib") #endif #endif // _MSC_VER // The following definitions are used if they have not already been defined. The defaults for these // settings are compatible with ISO/IEC 9899:2011 (E) #ifndef LIB_EXPORT # define LIB_EXPORT # define LIB_IMPORT #endif #ifndef NORETURN /* # define NORETURN _Noreturn */ /* for gcc - kgold */ # define NORETURN #endif #ifndef INLINE # define INLINE inline #endif #ifndef NOT_REFERENCED # define NOT_REFERENCED(x) ((void) (x)) #endif // This definition forces the no-debug setting for the compile unless DEBUG is explicity set. #if !defined DEBUG && !defined NDEBUG # define NDEBUG #endif // The switches in this group can only be enabled when running a simulation #ifdef SIMULATION # define RSA_KEY_CACHE # ifdef DEBUG // This provides fixed seeding of the RNG when doing debug on a simulator. This should allow consistent results on test runs as long as the input parameters to the functions remains the same. # define TPM_RNG_FOR_DEBUG # endif #else # undef RSA_KEY_CACHE # undef TPM_RNG_FOR_DEBUG #endif // SIMULATION #endif // _TPM_BUILD_SWITCHES_H ./utils/tss2/NV_ChangeAuth_fp.h0000644000175000017500000000727712742246532014512 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_ChangeAuth_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_CHANGEAUTH_FP_H #define NV_CHANGEAUTH_FP_H typedef struct { TPMI_RH_NV_INDEX nvIndex; TPM2B_AUTH newAuth; } NV_ChangeAuth_In; #define RC_NV_ChangeAuth_nvIndex (TPM_RC_H + TPM_RC_1) #define RC_NV_ChangeAuth_newAuth (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_NV_ChangeAuth( NV_ChangeAuth_In *in // IN: input parameter list ); #endif ./utils/tss2/PolicyCounterTimer_fp.h0000644000175000017500000000762612742246532015676 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyCounterTimer_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYCOUNTERTIMER_FP_H #define POLICYCOUNTERTIMER_FP_H typedef struct { TPMI_SH_POLICY policySession; TPM2B_OPERAND operandB; UINT16 offset; TPM_EO operation; } PolicyCounterTimer_In; #define RC_PolicyCounterTimer_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyCounterTimer_operandB (TPM_RC_P + TPM_RC_1) #define RC_PolicyCounterTimer_offset (TPM_RC_P + TPM_RC_2) #define RC_PolicyCounterTimer_operation (TPM_RC_P + TPM_RC_3) TPM_RC TPM2_PolicyCounterTimer( PolicyCounterTimer_In *in // IN: input parameter list ); #endif ./utils/tss2/PolicyOR_fp.h0000644000175000017500000000725512742246532013574 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PolicyOR_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef POLICYOR_FP_H #define POLICYOR_FP_H typedef struct { TPMI_SH_POLICY policySession; TPML_DIGEST pHashList; } PolicyOR_In; #define RC_PolicyOR_policySession (TPM_RC_H + TPM_RC_1) #define RC_PolicyOR_pHashList (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_PolicyOR( PolicyOR_In *in // IN: input parameter list ); #endif ./utils/tss2/tsscryptoh.h0000644000175000017500000000665613115776262013640 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Library Independent Crypto Support */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tsscrypto.h 838 2016-11-22 22:44:57Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a semi-public header. The API should be stable, but is less guaranteed. It is useful for applications that need some basic crypto functions. */ #ifndef TSSCRYPTOH_H #define TSSCRYPTOH_H #ifdef __cplusplus extern "C" { #endif LIB_EXPORT uint16_t TSS_GetDigestSize(TPM_ALG_ID hashAlg); LIB_EXPORT uint16_t TSS_GetDigestBlockSize(TPM_ALG_ID hashAlg); LIB_EXPORT TPM_RC TSS_Hash_Generate(TPMT_HA *digest, ...); LIB_EXPORT TPM_RC TSS_HMAC_Generate(TPMT_HA *digest, const TPM2B_KEY *hmacKey, ...); LIB_EXPORT TPM_RC TSS_HMAC_Verify(TPMT_HA *expect, const TPM2B_KEY *hmacKey, UINT32 sizeInBytes, ...); LIB_EXPORT TPM_RC TSS_KDFA(uint8_t *keyStream, TPM_ALG_ID hashAlg, const TPM2B *key, const char *label, const TPM2B *contextU, const TPM2B *contextV, uint32_t sizeInBits); LIB_EXPORT TPM_RC TSS_KDFE(uint8_t *keyStream, TPM_ALG_ID hashAlg, const TPM2B *key, const char *label, const TPM2B *contextU, const TPM2B *contextV, uint32_t sizeInBits); uint16_t TSS_Sym_GetBlockSize(TPM_ALG_ID symmetricAlg, uint16_t keySizeInBits); #ifdef __cplusplus } #endif #endif ./utils/tss2/Parameters.h0000644000175000017500000003421513004201075013467 0ustar lo1lo1/********************************************************************************/ /* */ /* Command and Response Parameter Structures */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Parameters.h 790 2016-10-26 19:21:33Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* TPM and TSS share thses structures */ /* rev 119 */ #ifndef PARAMETERS_H #define PARAMETERS_H #include "TPM_Types.h" #include "ActivateCredential_fp.h" #include "CertifyCreation_fp.h" #include "Certify_fp.h" #include "ChangeEPS_fp.h" #include "ChangePPS_fp.h" #include "ClearControl_fp.h" #include "Clear_fp.h" #include "ClockRateAdjust_fp.h" #include "ClockSet_fp.h" #include "Commit_fp.h" #include "ContextLoad_fp.h" #include "ContextSave_fp.h" #include "CreatePrimary_fp.h" #include "Create_fp.h" #include "CreateLoaded_fp.h" #include "DictionaryAttackLockReset_fp.h" #include "DictionaryAttackParameters_fp.h" #include "Duplicate_fp.h" #include "ECC_Parameters_fp.h" #include "ECDH_KeyGen_fp.h" #include "ECDH_ZGen_fp.h" #include "EC_Ephemeral_fp.h" #include "EncryptDecrypt_fp.h" #include "EncryptDecrypt2_fp.h" #include "EventSequenceComplete_fp.h" #include "EvictControl_fp.h" #include "FlushContext_fp.h" #include "GetCapability_fp.h" #include "GetCommandAuditDigest_fp.h" #include "GetRandom_fp.h" #include "GetSessionAuditDigest_fp.h" #include "GetTestResult_fp.h" #include "GetTime_fp.h" #include "HMAC_Start_fp.h" #include "HMAC_fp.h" #include "HashSequenceStart_fp.h" #include "Hash_fp.h" #include "HierarchyChangeAuth_fp.h" #include "HierarchyControl_fp.h" #include "Import_fp.h" #include "IncrementalSelfTest_fp.h" #include "LoadExternal_fp.h" #include "Load_fp.h" #include "MakeCredential_fp.h" #include "NV_Certify_fp.h" #include "NV_ChangeAuth_fp.h" #include "NV_DefineSpace_fp.h" #include "NV_Extend_fp.h" #include "NV_GlobalWriteLock_fp.h" #include "NV_Increment_fp.h" #include "NV_ReadLock_fp.h" #include "NV_ReadPublic_fp.h" #include "NV_Read_fp.h" #include "NV_SetBits_fp.h" #include "NV_UndefineSpaceSpecial_fp.h" #include "NV_UndefineSpace_fp.h" #include "NV_WriteLock_fp.h" #include "NV_Write_fp.h" #include "ObjectChangeAuth_fp.h" #include "PCR_Allocate_fp.h" #include "PCR_Event_fp.h" #include "PCR_Extend_fp.h" #include "PCR_Read_fp.h" #include "PCR_Reset_fp.h" #include "PCR_SetAuthPolicy_fp.h" #include "PCR_SetAuthValue_fp.h" #include "PP_Commands_fp.h" #include "PolicyAuthValue_fp.h" #include "PolicyAuthorize_fp.h" #include "PolicyCommandCode_fp.h" #include "PolicyCounterTimer_fp.h" #include "PolicyCpHash_fp.h" #include "PolicyDuplicationSelect_fp.h" #include "PolicyGetDigest_fp.h" #include "PolicyLocality_fp.h" #include "PolicyNV_fp.h" #include "PolicyAuthorizeNV_fp.h" #include "PolicyNvWritten_fp.h" #include "PolicyNameHash_fp.h" #include "PolicyOR_fp.h" #include "PolicyPCR_fp.h" #include "PolicyPassword_fp.h" #include "PolicyPhysicalPresence_fp.h" #include "PolicyRestart_fp.h" #include "PolicySecret_fp.h" #include "PolicySigned_fp.h" #include "PolicyTemplate_fp.h" #include "PolicyTicket_fp.h" #include "Quote_fp.h" #include "RSA_Decrypt_fp.h" #include "RSA_Encrypt_fp.h" #include "ReadClock_fp.h" #include "ReadPublic_fp.h" #include "Rewrap_fp.h" #include "SelfTest_fp.h" #include "SequenceComplete_fp.h" #include "SequenceUpdate_fp.h" #include "SetAlgorithmSet_fp.h" #include "SetCommandCodeAuditStatus_fp.h" #include "SetPrimaryPolicy_fp.h" #include "Shutdown_fp.h" #include "Sign_fp.h" #include "StartAuthSession_fp.h" #include "Startup_fp.h" #include "StirRandom_fp.h" #include "TestParms_fp.h" #include "Unseal_fp.h" #include "VerifySignature_fp.h" #include "ZGen_2Phase_fp.h" typedef union { ActivateCredential_In ActivateCredential; CertifyCreation_In CertifyCreation; Certify_In Certify; ChangeEPS_In ChangeEPS; ChangePPS_In ChangePPS; ClearControl_In ClearControl; Clear_In Clear; ClockRateAdjust_In ClockRateAdjust; ClockSet_In ClockSet; Commit_In Commit; ContextLoad_In ContextLoad; ContextSave_In ContextSave; CreatePrimary_In CreatePrimary; Create_In Create; DictionaryAttackLockReset_In DictionaryAttackLockReset; DictionaryAttackParameters_In DictionaryAttackParameters; Duplicate_In Duplicate; ECC_Parameters_In ECC_Parameters; ECDH_KeyGen_In ECDH_KeyGen; ECDH_ZGen_In ECDH_ZGen; EC_Ephemeral_In EC_Ephemeral; EncryptDecrypt_In EncryptDecrypt; EventSequenceComplete_In EventSequenceComplete; EvictControl_In EvictControl; FlushContext_In FlushContext; GetCapability_In GetCapability; GetCommandAuditDigest_In GetCommandAuditDigest; GetRandom_In GetRandom; GetSessionAuditDigest_In GetSessionAuditDigest; GetTime_In GetTime; HMAC_In HMAC; HMAC_Start_In HMAC_Start; HashSequenceStart_In HashSequenceStart; Hash_In Hash; HierarchyChangeAuth_In HierarchyChangeAuth; HierarchyControl_In HierarchyControl; Import_In Import; IncrementalSelfTest_In IncrementalSelfTest; LoadExternal_In LoadExternal; Load_In Load; MakeCredential_In MakeCredential; NV_Certify_In NV_Certify; NV_ChangeAuth_In NV_ChangeAuth; NV_DefineSpace_In NV_DefineSpace; NV_Extend_In NV_Extend; NV_GlobalWriteLock_In NV_GlobalWriteLock; NV_Increment_In NV_Increment; NV_ReadLock_In NV_ReadLock; NV_ReadPublic_In NV_ReadPublic; NV_Read_In NV_Read; NV_SetBits_In NV_SetBits; NV_UndefineSpaceSpecial_In NV_UndefineSpaceSpecial; NV_UndefineSpace_In NV_UndefineSpace; NV_WriteLock_In NV_WriteLock; NV_Write_In NV_Write; ObjectChangeAuth_In ObjectChangeAuth; PCR_Allocate_In PCR_Allocate; PCR_Event_In PCR_Event; PCR_Extend_In PCR_Extend; PCR_Read_In PCR_Read; PCR_Reset_In PCR_Reset; PCR_SetAuthPolicy_In PCR_SetAuthPolicy; PCR_SetAuthValue_In PCR_SetAuthValue; PP_Commands_In PP_Commands; PolicyAuthValue_In PolicyAuthValue; PolicyAuthorize_In PolicyAuthorize; PolicyCommandCode_In PolicyCommandCode; PolicyCounterTimer_In PolicyCounterTimer; PolicyCpHash_In PolicyCpHash; PolicyDuplicationSelect_In PolicyDuplicationSelect; PolicyGetDigest_In PolicyGetDigest; PolicyLocality_In PolicyLocality; PolicyNV_In PolicyNV; PolicyAuthorizeNV_In PolicyAuthorizeNV; PolicyNameHash_In PolicyNameHash; PolicyOR_In PolicyOR; PolicyPCR_In PolicyPCR; PolicyPassword_In PolicyPassword; PolicyPhysicalPresence_In PolicyPhysicalPresence; PolicyRestart_In PolicyRestart; PolicySecret_In PolicySecret; PolicySigned_In PolicySigned; PolicyTicket_In PolicyTicket; Quote_In Quote; RSA_Decrypt_In RSA_Decrypt; RSA_Encrypt_In RSA_Encrypt; ReadPublic_In ReadPublic; Rewrap_In Rewrap; SelfTest_In SelfTest; SequenceComplete_In SequenceComplete; SequenceUpdate_In SequenceUpdate; SetAlgorithmSet_In SetAlgorithmSet; SetCommandCodeAuditStatus_In SetCommandCodeAuditStatus; SetPrimaryPolicy_In SetPrimaryPolicy; Shutdown_In Shutdown; Sign_In Sign; StartAuthSession_In StartAuthSession; Startup_In Startup; StirRandom_In StirRandom; TestParms_In TestParms; Unseal_In Unseal; VerifySignature_In VerifySignature; ZGen_2Phase_In ZGen_2Phase; } COMMAND_PARAMETERS; typedef union { ActivateCredential_Out ActivateCredential; CertifyCreation_Out CertifyCreation; Certify_Out Certify; Commit_Out Commit; ContextLoad_Out ContextLoad; ContextSave_Out ContextSave; CreatePrimary_Out CreatePrimary; Create_Out Create; Duplicate_Out Duplicate; ECC_Parameters_Out ECC_Parameters; ECDH_KeyGen_Out ECDH_KeyGen; ECDH_ZGen_Out ECDH_ZGen; EC_Ephemeral_Out EC_Ephemeral; EncryptDecrypt_Out EncryptDecrypt; EventSequenceComplete_Out EventSequenceComplete; GetCapability_Out GetCapability; GetCommandAuditDigest_Out GetCommandAuditDigest; GetRandom_Out GetRandom; GetSessionAuditDigest_Out GetSessionAuditDigest; GetTestResult_Out GetTestResult; GetTime_Out GetTime; HMAC_Out HMAC; HMAC_Start_Out HMAC_Start; HashSequenceStart_Out HashSequenceStart; Hash_Out Hash; Import_Out Import; IncrementalSelfTest_Out IncrementalSelfTest; LoadExternal_Out LoadExternal; Load_Out Load; MakeCredential_Out MakeCredential; NV_Certify_Out NV_Certify; NV_ReadPublic_Out NV_ReadPublic; NV_Read_Out NV_Read; ObjectChangeAuth_Out ObjectChangeAuth; PCR_Allocate_Out PCR_Allocate; PCR_Event_Out PCR_Event; PCR_Read_Out PCR_Read; PolicyGetDigest_Out PolicyGetDigest; PolicySecret_Out PolicySecret; PolicySigned_Out PolicySigned; Quote_Out Quote; RSA_Decrypt_Out RSA_Decrypt; RSA_Encrypt_Out RSA_Encrypt; ReadClock_Out ReadClock; ReadPublic_Out ReadPublic; Rewrap_Out Rewrap; SequenceComplete_Out SequenceComplete; Sign_Out Sign; StartAuthSession_Out StartAuthSession; Unseal_Out Unseal; VerifySignature_Out VerifySignature; ZGen_2Phase_Out ZGen_2Phase; } RESPONSE_PARAMETERS; /* The TPM implements in and out as globals */ #ifndef TPM_TSS extern COMMAND_PARAMETERS in; extern RESPONSE_PARAMETERS out; #endif #endif ./utils/tss2/ZGen_2Phase_fp.h0000644000175000017500000001007312742246532014131 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ZGen_2Phase_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef ZGEN_2PHASE_FP_H #define ZGEN_2PHASE_FP_H typedef struct { TPMI_DH_OBJECT keyA; TPM2B_ECC_POINT inQsB; TPM2B_ECC_POINT inQeB; TPMI_ECC_KEY_EXCHANGE inScheme; UINT16 counter; } ZGen_2Phase_In; #define RC_ZGen_2Phase_keyA (TPM_RC_H + TPM_RC_1) #define RC_ZGen_2Phase_inQsB (TPM_RC_P + TPM_RC_1) #define RC_ZGen_2Phase_inQeB (TPM_RC_P + TPM_RC_2) #define RC_ZGen_2Phase_inScheme (TPM_RC_P + TPM_RC_3) #define RC_ZGen_2Phase_counter (TPM_RC_P + TPM_RC_4) typedef struct { TPM2B_ECC_POINT outZ1; TPM2B_ECC_POINT outZ2; } ZGen_2Phase_Out; TPM_RC TPM2_ZGen_2Phase( ZGen_2Phase_In *in, // IN: input parameter list ZGen_2Phase_Out *out // OUT: output parameter list ); #endif ./utils/tss2/HMAC_Start_fp.h0000644000175000017500000000755412742246532013763 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: HMAC_Start_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef HMAC_START_FP_H #define HMAC_START_FP_H typedef struct { TPMI_DH_OBJECT handle; TPM2B_AUTH auth; TPMI_ALG_HASH hashAlg; } HMAC_Start_In; typedef struct { TPMI_DH_OBJECT sequenceHandle; } HMAC_Start_Out; #define RC_HMAC_Start_handle (TPM_RC_H + TPM_RC_1) #define RC_HMAC_Start_auth (TPM_RC_P + TPM_RC_1) #define RC_HMAC_Start_hashAlg (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_HMAC_Start( HMAC_Start_In *in, // IN: input parameter list HMAC_Start_Out *out // OUT: output parameter list ); #endif ./utils/tss2/PP_Commands_fp.h0000644000175000017500000000733513013664115014224 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PP_Commands_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2016 */ /* */ /********************************************************************************/ #ifndef PP_COMMANDS_FP_H #define PP_COMMANDS_FP_H typedef struct { TPMI_RH_PLATFORM auth; TPML_CC setList; TPML_CC clearList; } PP_Commands_In; #define RC_PP_Commands_auth (TPM_RC_H + TPM_RC_1) #define RC_PP_Commands_setList (TPM_RC_P + TPM_RC_1) #define RC_PP_Commands_clearList (TPM_RC_P + TPM_RC_2) TPM_RC TPM2_PP_Commands( PP_Commands_In *in // IN: input parameter list ); #endif ./utils/tss2/ClockRateAdjust_fp.h0000644000175000017500000000732712742246532015116 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ClockRateAdjust_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CLOCKRATEADJUST_FP_H #define CLOCKRATEADJUST_FP_H typedef struct { TPMI_RH_PROVISION auth; TPM_CLOCK_ADJUST rateAdjust; } ClockRateAdjust_In; #define RC_ClockRateAdjust_auth (TPM_RC_H + TPM_RC_1) #define RC_ClockRateAdjust_rateAdjust (TPM_RC_P + TPM_RC_1) TPM_RC TPM2_ClockRateAdjust( ClockRateAdjust_In *in // IN: input parameter list ); #endif ./utils/tss2/DictionaryAttackLockReset_fp.h0000644000175000017500000000730612742246532017142 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: DictionaryAttackLockReset_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef DICTIONARYATTACKLOCKRESET_FP_H #define DICTIONARYATTACKLOCKRESET_FP_H typedef struct { TPMI_RH_LOCKOUT lockHandle; } DictionaryAttackLockReset_In; #define RC_DictionaryAttackLockReset_lockHandle (TPM_RC_H + TPM_RC_1) TPM_RC TPM2_DictionaryAttackLockReset( DictionaryAttackLockReset_In *in // IN: input parameter list ); #endif ./utils/tss2/GetCapability_fp.h0000644000175000017500000000770412742246532014614 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: GetCapability_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef GETCAPABILITY_FP_H #define GETCAPABILITY_FP_H typedef struct { TPM_CAP capability; UINT32 property; UINT32 propertyCount; } GetCapability_In; #define RC_GetCapability_capability (TPM_RC_P + TPM_RC_1) #define RC_GetCapability_property (TPM_RC_P + TPM_RC_2) #define RC_GetCapability_propertyCount (TPM_RC_P + TPM_RC_3) typedef struct { TPMI_YES_NO moreData; TPMS_CAPABILITY_DATA capabilityData; } GetCapability_Out; TPM_RC TPM2_GetCapability( GetCapability_In *in, // IN: input parameter list GetCapability_Out *out // OUT: output parameter list ); #endif ./utils/tss2/GetSessionAuditDigest_fp.h0000644000175000017500000001040212742246532016272 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: GetSessionAuditDigest_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef GETSESSIONAUDITDIGEST_FP_H #define GETSESSIONAUDITDIGEST_FP_H typedef struct { TPMI_RH_ENDORSEMENT privacyAdminHandle; TPMI_DH_OBJECT signHandle; TPMI_SH_HMAC sessionHandle; TPM2B_DATA qualifyingData; TPMT_SIG_SCHEME inScheme; } GetSessionAuditDigest_In; #define RC_GetSessionAuditDigest_privacyAdminHandle (TPM_RC_H + TPM_RC_1) #define RC_GetSessionAuditDigest_signHandle (TPM_RC_H + TPM_RC_2) #define RC_GetSessionAuditDigest_sessionHandle (TPM_RC_H + TPM_RC_3) #define RC_GetSessionAuditDigest_qualifyingData (TPM_RC_P + TPM_RC_1) #define RC_GetSessionAuditDigest_inScheme (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_ATTEST auditInfo; TPMT_SIGNATURE signature; } GetSessionAuditDigest_Out; TPM_RC TPM2_GetSessionAuditDigest( GetSessionAuditDigest_In *in, // IN: input parameter list GetSessionAuditDigest_Out *out // OUT: output parameter list ); #endif ./utils/tss2/Unmarshal_fp.h0000644000175000017500000006205613013664115014017 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Unmarshal_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 136 */ #ifndef UNMARSHAL_FP_H #define UNMARSHAL_FP_H #ifndef TPM_TSS #include "TpmTypes.h" #else #include "TPM_Types.h" #endif #ifdef __cplusplus extern "C" { #endif LIB_EXPORT TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC Array_Unmarshal(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_CC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_RC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_PT_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_DH_PARENT_Unmarshal(TPMI_DH_PARENT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd); LIB_EXPORT TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_ALG_PROPERTY_Unmarshal(TPMS_ALG_PROPERTY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_TAGGED_PROPERTY_Unmarshal(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_TAGGED_PCR_SELECT_Unmarshal(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_TAGGED_POLICY_Unmarshal(TPMS_TAGGED_POLICY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size #ifdef TPM_TSS ,uint32_t minCount #endif ); LIB_EXPORT TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPML_TAGGED_POLICY_Unmarshal(TPML_TAGGED_POLICY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_CAPABILITIES_Unmarshal(TPMU_CAPABILITIES *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_TIME_ATTEST_INFO_Unmarshal(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_CERTIFY_INFO_Unmarshal(TPMS_CERTIFY_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_QUOTE_INFO_Unmarshal(TPMS_QUOTE_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_COMMAND_AUDIT_INFO_Unmarshal(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SESSION_AUDIT_INFO_Unmarshal(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_CREATION_INFO_Unmarshal(TPMS_CREATION_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_NV_CERTIFY_INFO_Unmarshal(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_ATTEST_Unmarshal(TPMU_ATTEST *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMS_ATTEST_Unmarshal(TPMS_ATTEST *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_ATTEST_Unmarshal(TPM2B_ATTEST *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_CAPABILITY_DATA_Unmarshal(TPMS_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_AUTH_RESPONSE_Unmarshal(TPMS_AUTH_RESPONSE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_LABEL_Unmarshal(TPM2B_LABEL *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) ; LIB_EXPORT TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_ASYM_SCHEME_Unmarshal(TPMT_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPMS_ALGORITHM_DETAIL_ECC_Unmarshal(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_ASYM_PARMS_Unmarshal(TPMS_ASYM_PARMS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull); LIB_EXPORT TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPMS_CREATION_DATA_Unmarshal(TPMS_CREATION_DATA *target, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TPM2B_CREATION_DATA_Unmarshal(TPM2B_CREATION_DATA *target, BYTE **buffer, INT32 *size); #ifdef __cplusplus } #endif #endif ./utils/tss2/PCR_Allocate_fp.h0000644000175000017500000000764113013664115014314 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: PCR_Allocate_fp.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef PCR_ALLOCATE_FP_H #define PCR_ALLOCATE_FP_H typedef struct { TPMI_RH_PLATFORM authHandle; TPML_PCR_SELECTION pcrAllocation; } PCR_Allocate_In; #define RC_PCR_Allocate_authHandle (TPM_RC_H + TPM_RC_1) #define RC_PCR_Allocate_pcrAllocation (TPM_RC_P + TPM_RC_1) typedef struct { TPMI_YES_NO allocationSuccess; UINT32 maxPCR; UINT32 sizeNeeded; UINT32 sizeAvailable; } PCR_Allocate_Out; TPM_RC TPM2_PCR_Allocate( PCR_Allocate_In *in, // IN: input parameter list PCR_Allocate_Out *out // OUT: output parameter list ); #endif ./utils/tss2/NV_ReadLock_fp.h0000644000175000017500000000726512742246532014164 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: NV_ReadLock_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef NV_READLOCK_FP_H #define NV_READLOCK_FP_H typedef struct { TPMI_RH_NV_AUTH authHandle; TPMI_RH_NV_INDEX nvIndex; } NV_ReadLock_In; #define RC_NV_ReadLock_authHandle (TPM_RC_H + TPM_RC_1) #define RC_NV_ReadLock_nvIndex (TPM_RC_H + TPM_RC_2) TPM_RC TPM2_NV_ReadLock( NV_ReadLock_In *in // IN: input parameter list ); #endif ./utils/tss2/SequenceComplete_fp.h0000644000175000017500000001000212742246532015315 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: SequenceComplete_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef SEQUENCECOMPLETE_FP_H #define SEQUENCECOMPLETE_FP_H typedef struct { TPMI_DH_OBJECT sequenceHandle; TPM2B_MAX_BUFFER buffer; TPMI_RH_HIERARCHY hierarchy; } SequenceComplete_In; #define RC_SequenceComplete_sequenceHandle (TPM_RC_H + TPM_RC_1) #define RC_SequenceComplete_buffer (TPM_RC_P + TPM_RC_1) #define RC_SequenceComplete_hierarchy (TPM_RC_P + TPM_RC_2) typedef struct { TPM2B_DIGEST result; TPMT_TK_HASHCHECK validation; } SequenceComplete_Out; TPM_RC TPM2_SequenceComplete( SequenceComplete_In *in, // IN: input parameter list SequenceComplete_Out *out // OUT: output parameter list ); #endif ./utils/tss2/tssfile.h0000644000175000017500000000652013115776262013055 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS and Application File Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssfile.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a semi-public header. The API is subject to change. It is useful rapid application development, and as sample code. It is risky for production code. */ #ifndef TSSFILE_H #define TSSFILE_H #include #ifndef TPM_TSS #define TPM_TSS #endif #include #include #ifdef __cplusplus extern "C" { #endif LIB_EXPORT int TSS_File_Open(FILE **file, const char *filename, const char* mode); LIB_EXPORT TPM_RC TSS_File_ReadBinaryFile(unsigned char **data, size_t *length, const char *filename); LIB_EXPORT TPM_RC TSS_File_WriteBinaryFile(const unsigned char *data, size_t length, const char *filename); LIB_EXPORT TPM_RC TSS_File_ReadStructure(void *structure, UnmarshalFunction_t unmarshalFunction, const char *filename); LIB_EXPORT TPM_RC TSS_File_WriteStructure(void *structure, MarshalFunction_t marshalFunction, const char *filename); LIB_EXPORT TPM_RC TSS_File_Read2B(TPM2B *tpm2b, uint16_t targetSize, const char *filename); LIB_EXPORT TPM_RC TSS_File_DeleteFile(const char *filename); #ifdef __cplusplus } #endif #endif ./utils/tss2/ContextLoad_fp.h0000644000175000017500000000735012742246532014314 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ContextLoad_fp.h 683 2016-07-15 20:53:46Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef CONTEXTLOAD_FP_H #define CONTEXTLOAD_FP_H typedef struct { TPMS_CONTEXT context; } ContextLoad_In; #define RC_ContextLoad_context (TPM_RC_P + TPM_RC_1) typedef struct { TPMI_DH_CONTEXT loadedHandle; } ContextLoad_Out; TPM_RC TPM2_ContextLoad( ContextLoad_In *in, // IN: input parameter list ContextLoad_Out *out // OUT: output parameter list ); #endif ./utils/tss2/tssmarshal.h0000644000175000017500000014137313115776262013573 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Marshal and Unmarshal */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssmarshal.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is a semi-public header. The API should be stable, but is less guaranteed. It is useful for applications that have to marshal / unmarshal structures for file save / load. */ #ifndef TSSMARSHAL_H #define TSSMARSHAL_H #ifndef TPM_TSS #define TPM_TSS #endif #include "BaseTypes.h" #include #include "ActivateCredential_fp.h" #include "CertifyCreation_fp.h" #include "Certify_fp.h" #include "ChangeEPS_fp.h" #include "ChangePPS_fp.h" #include "ClearControl_fp.h" #include "Clear_fp.h" #include "ClockRateAdjust_fp.h" #include "ClockSet_fp.h" #include "Commit_fp.h" #include "Commit_fp.h" #include "ContextLoad_fp.h" #include "ContextSave_fp.h" #include "CreatePrimary_fp.h" #include "Create_fp.h" #include "CreateLoaded_fp.h" #include "DictionaryAttackLockReset_fp.h" #include "DictionaryAttackParameters_fp.h" #include "Duplicate_fp.h" #include "ECC_Parameters_fp.h" #include "ECDH_KeyGen_fp.h" #include "ECDH_ZGen_fp.h" #include "EC_Ephemeral_fp.h" #include "EncryptDecrypt_fp.h" #include "EncryptDecrypt2_fp.h" #include "EventSequenceComplete_fp.h" #include "EvictControl_fp.h" #include "FlushContext_fp.h" #include "GetCapability_fp.h" #include "GetCommandAuditDigest_fp.h" #include "GetRandom_fp.h" #include "GetSessionAuditDigest_fp.h" #include "GetTestResult_fp.h" #include "GetTime_fp.h" #include "HMAC_Start_fp.h" #include "HMAC_fp.h" #include "HashSequenceStart_fp.h" #include "Hash_fp.h" #include "HierarchyChangeAuth_fp.h" #include "HierarchyControl_fp.h" #include "Import_fp.h" #include "IncrementalSelfTest_fp.h" #include "LoadExternal_fp.h" #include "Load_fp.h" #include "MakeCredential_fp.h" #include "NV_Certify_fp.h" #include "NV_ChangeAuth_fp.h" #include "NV_DefineSpace_fp.h" #include "NV_Extend_fp.h" #include "NV_GlobalWriteLock_fp.h" #include "NV_Increment_fp.h" #include "NV_ReadLock_fp.h" #include "NV_ReadPublic_fp.h" #include "NV_Read_fp.h" #include "NV_SetBits_fp.h" #include "NV_UndefineSpaceSpecial_fp.h" #include "NV_UndefineSpace_fp.h" #include "NV_WriteLock_fp.h" #include "NV_Write_fp.h" #include "ObjectChangeAuth_fp.h" #include "PCR_Allocate_fp.h" #include "PCR_Event_fp.h" #include "PCR_Extend_fp.h" #include "PCR_Read_fp.h" #include "PCR_Reset_fp.h" #include "PCR_SetAuthPolicy_fp.h" #include "PCR_SetAuthValue_fp.h" #include "PP_Commands_fp.h" #include "PolicyAuthValue_fp.h" #include "PolicyAuthorize_fp.h" #include "PolicyAuthorizeNV_fp.h" #include "PolicyCommandCode_fp.h" #include "PolicyCounterTimer_fp.h" #include "PolicyCpHash_fp.h" #include "PolicyDuplicationSelect_fp.h" #include "PolicyGetDigest_fp.h" #include "PolicyLocality_fp.h" #include "PolicyNV_fp.h" #include "PolicyAuthorizeNV_fp.h" #include "PolicyNvWritten_fp.h" #include "PolicyNameHash_fp.h" #include "PolicyOR_fp.h" #include "PolicyPCR_fp.h" #include "PolicyPassword_fp.h" #include "PolicyPhysicalPresence_fp.h" #include "PolicyRestart_fp.h" #include "PolicySecret_fp.h" #include "PolicySigned_fp.h" #include "PolicyTemplate_fp.h" #include "PolicyTicket_fp.h" #include "Quote_fp.h" #include "RSA_Decrypt_fp.h" #include "RSA_Encrypt_fp.h" #include "ReadClock_fp.h" #include "ReadPublic_fp.h" #include "Rewrap_fp.h" #include "SelfTest_fp.h" #include "SequenceComplete_fp.h" #include "SequenceUpdate_fp.h" #include "SetAlgorithmSet_fp.h" #include "SetCommandCodeAuditStatus_fp.h" #include "SetPrimaryPolicy_fp.h" #include "Shutdown_fp.h" #include "Sign_fp.h" #include "StartAuthSession_fp.h" #include "Startup_fp.h" #include "StirRandom_fp.h" #include "TestParms_fp.h" #include "Unseal_fp.h" #include "VerifySignature_fp.h" #include "ZGen_2Phase_fp.h" #ifdef __cplusplus extern "C" { #endif TPM_RC TSS_Startup_In_Marshal(const Startup_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Shutdown_In_Marshal(const Shutdown_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_SelfTest_In_Marshal(const SelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_IncrementalSelfTest_In_Marshal(const IncrementalSelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_StartAuthSession_In_Marshal(const StartAuthSession_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyRestart_In_Marshal(const PolicyRestart_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Create_In_Marshal(const Create_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Load_In_Marshal(const Load_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_LoadExternal_In_Marshal(const LoadExternal_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ReadPublic_In_Marshal(const ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ActivateCredential_In_Marshal(const ActivateCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_MakeCredential_In_Marshal(const MakeCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Unseal_In_Marshal(const Unseal_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ObjectChangeAuth_In_Marshal(const ObjectChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_CreateLoaded_In_Marshal(const CreateLoaded_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Duplicate_In_Marshal(const Duplicate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Rewrap_In_Marshal(const Rewrap_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Import_In_Marshal(const Import_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_RSA_Encrypt_In_Marshal(const RSA_Encrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_RSA_Decrypt_In_Marshal(const RSA_Decrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ECDH_KeyGen_In_Marshal(const ECDH_KeyGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ECDH_ZGen_In_Marshal(const ECDH_ZGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ECC_Parameters_In_Marshal(const ECC_Parameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ZGen_2Phase_In_Marshal(const ZGen_2Phase_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_EncryptDecrypt_In_Marshal(const EncryptDecrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_EncryptDecrypt2_In_Marshal(const EncryptDecrypt2_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Hash_In_Marshal(const Hash_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_HMAC_In_Marshal(const HMAC_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_GetRandom_In_Marshal(const GetRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_StirRandom_In_Marshal(const StirRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_HMAC_Start_In_Marshal(const HMAC_Start_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_HashSequenceStart_In_Marshal(const HashSequenceStart_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_SequenceUpdate_In_Marshal(const SequenceUpdate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_SequenceComplete_In_Marshal(const SequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_EventSequenceComplete_In_Marshal(const EventSequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Certify_In_Marshal(const Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_CertifyCreation_In_Marshal(const CertifyCreation_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Quote_In_Marshal(const Quote_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_GetSessionAuditDigest_In_Marshal(const GetSessionAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_GetCommandAuditDigest_In_Marshal(const GetCommandAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_GetTime_In_Marshal(const GetTime_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Commit_In_Marshal(const Commit_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_EC_Ephemeral_In_Marshal(const EC_Ephemeral_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_VerifySignature_In_Marshal(const VerifySignature_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Sign_In_Marshal(const Sign_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_SetCommandCodeAuditStatus_In_Marshal(const SetCommandCodeAuditStatus_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Extend_In_Marshal(const PCR_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Event_In_Marshal(const PCR_Event_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Read_In_Marshal(const PCR_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Allocate_In_Marshal(const PCR_Allocate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_SetAuthPolicy_In_Marshal(const PCR_SetAuthPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_SetAuthValue_In_Marshal(const PCR_SetAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Reset_In_Marshal(const PCR_Reset_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicySigned_In_Marshal(const PolicySigned_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicySecret_In_Marshal(const PolicySecret_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyTicket_In_Marshal(const PolicyTicket_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyOR_In_Marshal(const PolicyOR_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyPCR_In_Marshal(const PolicyPCR_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyLocality_In_Marshal(const PolicyLocality_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyNV_In_Marshal(const PolicyNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyAuthorizeNV_In_Marshal(const PolicyAuthorizeNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyCounterTimer_In_Marshal(const PolicyCounterTimer_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyCommandCode_In_Marshal(const PolicyCommandCode_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyPhysicalPresence_In_Marshal(const PolicyPhysicalPresence_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyCpHash_In_Marshal(const PolicyCpHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyNameHash_In_Marshal(const PolicyNameHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyDuplicationSelect_In_Marshal(const PolicyDuplicationSelect_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyAuthorize_In_Marshal(const PolicyAuthorize_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyAuthValue_In_Marshal(const PolicyAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyPassword_In_Marshal(const PolicyPassword_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyGetDigest_In_Marshal(const PolicyGetDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyNvWritten_In_Marshal(const PolicyNvWritten_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyTemplate_In_Marshal(const PolicyTemplate_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_CreatePrimary_In_Marshal(const CreatePrimary_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_HierarchyControl_In_Marshal(const HierarchyControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_SetPrimaryPolicy_In_Marshal(const SetPrimaryPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ChangePPS_In_Marshal(const ChangePPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ChangeEPS_In_Marshal(const ChangeEPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_Clear_In_Marshal(const Clear_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ClearControl_In_Marshal(const ClearControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_HierarchyChangeAuth_In_Marshal(const HierarchyChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_DictionaryAttackLockReset_In_Marshal(const DictionaryAttackLockReset_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_DictionaryAttackParameters_In_Marshal(const DictionaryAttackParameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_PP_Commands_In_Marshal(const PP_Commands_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_SetAlgorithmSet_In_Marshal(const SetAlgorithmSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ContextSave_In_Marshal(const ContextSave_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ContextLoad_In_Marshal(const ContextLoad_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_FlushContext_In_Marshal(const FlushContext_In *source, UINT16 *written, BYTE **buffer, INT32 *size) ; TPM_RC TSS_EvictControl_In_Marshal(const EvictControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ClockSet_In_Marshal(const ClockSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_ClockRateAdjust_In_Marshal(const ClockRateAdjust_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_GetCapability_In_Marshal(const GetCapability_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_TestParms_In_Marshal(const TestParms_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_DefineSpace_In_Marshal(const NV_DefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_UndefineSpace_In_Marshal(const NV_UndefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_UndefineSpaceSpecial_In_Marshal(const NV_UndefineSpaceSpecial_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_ReadPublic_In_Marshal(const NV_ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_Write_In_Marshal(const NV_Write_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_Increment_In_Marshal(const NV_Increment_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_Extend_In_Marshal(const NV_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_SetBits_In_Marshal(const NV_SetBits_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_WriteLock_In_Marshal(const NV_WriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_GlobalWriteLock_In_Marshal(const NV_GlobalWriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_Read_In_Marshal(const NV_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_ReadLock_In_Marshal(const NV_ReadLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_ChangeAuth_In_Marshal(const NV_ChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_Certify_In_Marshal(const NV_Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_IncrementalSelfTest_Out_Unmarshal(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_GetTestResult_Out_Unmarshal(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_StartAuthSession_Out_Unmarshal(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Create_Out_Unmarshal(Create_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Load_Out_Unmarshal(Load_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_LoadExternal_Out_Unmarshal(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ReadPublic_Out_Unmarshal(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ActivateCredential_Out_Unmarshal(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_MakeCredential_Out_Unmarshal(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Unseal_Out_Unmarshal(Unseal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ObjectChangeAuth_Out_Unmarshal(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_CreateLoaded_Out_Unmarshal(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Duplicate_Out_Unmarshal(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Rewrap_Out_Unmarshal(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Import_Out_Unmarshal(Import_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_RSA_Encrypt_Out_Unmarshal(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_RSA_Decrypt_Out_Unmarshal(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ECDH_KeyGen_Out_Unmarshal(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ECDH_ZGen_Out_Unmarshal(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ECC_Parameters_Out_Unmarshal(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ZGen_2Phase_Out_Unmarshal(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_EncryptDecrypt_Out_Unmarshal(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_EncryptDecrypt2_Out_Unmarshal(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Hash_Out_Unmarshal(Hash_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_HMAC_Out_Unmarshal(HMAC_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_GetRandom_Out_Unmarshal(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_HMAC_Start_Out_Unmarshal(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_HashSequenceStart_Out_Unmarshal(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_SequenceComplete_Out_Unmarshal(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_EventSequenceComplete_Out_Unmarshal(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Certify_Out_Unmarshal(Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_CertifyCreation_Out_Unmarshal(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Quote_Out_Unmarshal(Quote_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_GetSessionAuditDigest_Out_Unmarshal(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_GetCommandAuditDigest_Out_Unmarshal(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_GetTime_Out_Unmarshal(GetTime_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Commit_Out_Unmarshal(Commit_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_EC_Ephemeral_Out_Unmarshal(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_VerifySignature_Out_Unmarshal(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_Sign_Out_Unmarshal(Sign_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Event_Out_Unmarshal(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Read_Out_Unmarshal(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_PCR_Allocate_Out_Unmarshal(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicySigned_Out_Unmarshal(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicySecret_Out_Unmarshal(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_PolicyGetDigest_Out_Unmarshal(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_CreatePrimary_Out_Unmarshal(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ContextSave_Out_Unmarshal(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ContextLoad_Out_Unmarshal(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_ReadClock_Out_Unmarshal(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_GetCapability_Out_Unmarshal(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_ReadPublic_Out_Unmarshal(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_Read_Out_Unmarshal(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); TPM_RC TSS_NV_Certify_Out_Unmarshal(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_UINT8_Marshal(const UINT8 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_INT8_Marshal(const INT8 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_UINT16_Marshal(const UINT16 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_UINT32_Marshal(const UINT32 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_INT32_Marshal(const INT32 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_UINT64_Marshal(const UINT64 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_Array_Marshal(const BYTE *source, UINT16 sourceSize, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_Marshal(const TPM2B *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_KEY_BITS_Marshal(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_GENERATED_Marshal(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_ALG_ID_Marshal(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_ECC_CURVE_Marshal(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_RC_Marshal(const TPM_RC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_CLOCK_ADJUST_Marshal(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_EO_Marshal(const TPM_EO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_ST_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_SU_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_SE_Marshal(const TPM_SE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_CAP_Marshal(const TPM_CAP *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_PT_Marshal(const TPM_PT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_PT_PCR_Marshal(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_HANDLE_Marshal(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMA_ALGORITHM_Marshal(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMA_OBJECT_Marshal(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMA_SESSION_Marshal(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMA_LOCALITY_Marshal(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM_CC_Marshal(const TPM_CC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMA_CC_Marshal(const TPMA_CC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_YES_NO_Marshal(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_DH_OBJECT_Marshal(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_DH_PERSISTENT_Marshal(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_DH_ENTITY_Marshal(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_DH_PCR_Marshal(const TPMI_DH_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_SH_AUTH_SESSION_Marshal(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_SH_HMAC_Marshal(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_SH_POLICY_Marshal(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_DH_CONTEXT_Marshal(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_HIERARCHY_Marshal(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_ENABLES_Marshal(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_PLATFORM_Marshal(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_ENDORSEMENT_Marshal(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_PROVISION_Marshal(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_CLEAR_Marshal(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_NV_AUTH_Marshal(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_LOCKOUT_Marshal(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RH_NV_INDEX_Marshal(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_HASH_Marshal(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_SYM_Marshal(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_SYM_OBJECT_Marshal(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_SYM_MODE_Marshal(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_KDF_Marshal(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_SIG_SCHEME_Marshal(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ECC_KEY_EXCHANGE_Marshal(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ST_COMMAND_TAG_Marshal(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_HA_Marshal(const TPMU_HA *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_HA_Marshal(const TPMT_HA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_DIGEST_Marshal(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_DATA_Marshal(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_NONCE_Marshal(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_AUTH_Marshal(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_OPERAND_Marshal(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_EVENT_Marshal(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_MAX_BUFFER_Marshal(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_MAX_NV_BUFFER_Marshal(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_TIMEOUT_Marshal(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_IV_Marshal(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_NAME_Marshal(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_PCR_SELECTION_Marshal(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_TK_CREATION_Marshal(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_TK_VERIFIED_Marshal(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_TK_AUTH_Marshal(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_TK_HASHCHECK_Marshal(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_ALG_PROPERTY_Marshal(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_TAGGED_PROPERTY_Marshal(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_TAGGED_PCR_SELECT_Marshal(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_CC_Marshal(const TPML_CC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_CCA_Marshal(const TPML_CCA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_ALG_Marshal(const TPML_ALG *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_HANDLE_Marshal(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_DIGEST_Marshal(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_DIGEST_VALUES_Marshal(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_PCR_SELECTION_Marshal(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_ALG_PROPERTY_Marshal(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_TAGGED_TPM_PROPERTY_Marshal(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_TAGGED_PCR_PROPERTY_Marshal(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPML_ECC_CURVE_Marshal(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_CAPABILITIES_Marshal(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMS_CAPABILITY_DATA_Marshal(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_CLOCK_INFO_Marshal(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_TIME_INFO_Marshal(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_TIME_ATTEST_INFO_Marshal(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_CERTIFY_INFO_Marshal(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_QUOTE_INFO_Marshal(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_COMMAND_AUDIT_INFO_Marshal(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SESSION_AUDIT_INFO_Marshal(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_CREATION_INFO_Marshal(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_NV_CERTIFY_INFO_Marshal(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ST_ATTEST_Marshal(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_ATTEST_Marshal(const TPMU_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMS_ATTEST_Marshal(const TPMS_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_ATTEST_Marshal(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_AUTH_COMMAND_Marshal(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_AES_KEY_BITS_Marshal(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_SYM_KEY_BITS_Marshal(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMU_SYM_MODE_Marshal(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_SYM_DEF_Marshal(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_SYM_DEF_OBJECT_Marshal(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_SYM_KEY_Marshal(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_LABEL_Marshal(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SYMCIPHER_PARMS_Marshal(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_SENSITIVE_DATA_Marshal(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SENSITIVE_CREATE_Marshal(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_SENSITIVE_CREATE_Marshal(const TPM2B_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_HASH_Marshal(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_ECDAA_Marshal(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshal(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_HMAC_Marshal(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_XOR_Marshal(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_SCHEME_KEYEDHASH_Marshal(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_KEYEDHASH_SCHEME_Marshal(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIG_SCHEME_SM2_Marshal(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_SIG_SCHEME_Marshal(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_SIG_SCHEME_Marshal(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_ENC_SCHEME_OAEP_Marshal(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_ENC_SCHEME_RSAES_Marshal(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_KEY_SCHEME_ECDH_Marshal(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_KEY_SCHEME_ECMQV_Marshal(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_MGF1_Marshal(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshal(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_KDF2_Marshal(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SCHEME_KDF1_SP800_108_Marshal(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_KDF_SCHEME_Marshal(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_KDF_SCHEME_Marshal(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_ASYM_SCHEME_Marshal(const TPMU_ASYM_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMI_ALG_RSA_SCHEME_Marshal(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_RSA_SCHEME_Marshal(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_RSA_DECRYPT_Marshal(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_RSA_DECRYPT_Marshal(const TPMT_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_RSA_KEY_BITS_Marshal(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_PRIVATE_KEY_RSA_Marshal(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_ECC_PARAMETER_Marshal(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_ECC_POINT_Marshal(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_ECC_POINT_Marshal(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_ECC_SCHEME_Marshal(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ECC_CURVE_Marshal(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_ECC_SCHEME_Marshal(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshal(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_RSA_Marshal(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_RSASSA_Marshal(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_RSAPSS_Marshal(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_ECC_Marshal(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_ECDSA_Marshal(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_ECDAA_Marshal(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_SM2_Marshal(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_SIGNATURE_ECSCHNORR_Marshal(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_SIGNATURE_Marshal(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_SIGNATURE_Marshal(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_ENCRYPTED_SECRET_Marshal(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMI_ALG_PUBLIC_Marshal(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_PUBLIC_ID_Marshal(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMS_KEYEDHASH_PARMS_Marshal(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_RSA_PARMS_Marshal(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_ECC_PARMS_Marshal(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_PUBLIC_PARMS_Marshal(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_PUBLIC_PARMS_Marshal(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_PUBLIC_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMT_PUBLIC_D_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_PUBLIC_Marshal(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_TEMPLATE_Marshal(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMU_SENSITIVE_COMPOSITE_Marshal(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector); LIB_EXPORT TPM_RC TSS_TPMT_SENSITIVE_Marshal(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_SENSITIVE_Marshal(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_PRIVATE_Marshal(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_ID_OBJECT_Marshal(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMA_NV_Marshal(const TPMA_NV *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_NV_PUBLIC_Marshal(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_NV_PUBLIC_Marshal(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_CONTEXT_SENSITIVE_Marshal(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_CONTEXT_DATA_Marshal(const TPM2B_CONTEXT_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_CONTEXT_Marshal(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPMS_CREATION_DATA_Marshal(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); LIB_EXPORT TPM_RC TSS_TPM2B_CREATION_DATA_Marshal(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size); #ifdef __cplusplus } #endif #endif ./utils/policyauthvalue.c0000644000175000017500000001036113055132457013713 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyAuthValue */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policyauthvalue.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; TPMI_SH_POLICY policySession = 0; PolicyAuthValue_In in; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #define IMA_PCR 10 /* FIXME need better error codes */ #define ERR_STRUCTURE 1 /* this is not the stream for the structure to be parsed */ #define ERR_HASH_ALGORITHM 2 /* unsupported hash algorithm */ #define TCG_EVENT_NAME_LEN_MAX 255 /* FIXME need verification */ #define TCG_TEMPLATE_DATA_LEN_MAX \ sizeof(uint32_t) + /* hash length */ \ 65 + /* hash algorithm as text */ \ 32 + /* file data hash */ \ sizeof(uint32_t) + /* file name length */ \ MAXPATHLEN+1 + /* file name */ \ sizeof(uint32_t) + /* signature length */ \ 32 + 256 /* signature */ /* from security/integrity/integrity.h: */ enum evm_ima_xattr_type { IMA_XATTR_DIGEST = 0x01, EVM_XATTR_HMAC, EVM_IMA_XATTR_DIGSIG, IMA_XATTR_DIGEST_NG, IMA_XATTR_LAST }; /* from include/uapi/linux/hash_info.h: */ enum hash_algo { HASH_ALGO_MD4, HASH_ALGO_MD5, HASH_ALGO_SHA1, HASH_ALGO_RIPE_MD_160, HASH_ALGO_SHA256, HASH_ALGO_SHA384, HASH_ALGO_SHA512, HASH_ALGO_SHA224, HASH_ALGO_RIPE_MD_128, HASH_ALGO_RIPE_MD_256, HASH_ALGO_RIPE_MD_320, HASH_ALGO_WP_256, HASH_ALGO_WP_384, HASH_ALGO_WP_512, HASH_ALGO_TGR_128, HASH_ALGO_TGR_160, HASH_ALGO_TGR_192, HASH_ALGO__LAST }; #define IMA_UNSUPPORTED 0 #define IMA_NG 1 #define IMA_SIG 2 //typedef TPM_DIGEST TPM_PCRVALUE; /* The value inside of the PCR */ typedef struct ImaEvent { uint32_t pcrIndex; uint8_t digest[SHA1_DIGEST_SIZE]; /* IMA hard coded to SHA-1 */ uint32_t name_len; char name[TCG_EVENT_NAME_LEN_MAX + 1]; unsigned int nameInt; /* integer for template data handler */ struct ima_template_desc *template_desc; /* template descriptor */ uint32_t template_data_len; uint8_t *template_data; /* template related data */ } ImaEvent; typedef struct ImaTemplateData { uint32_t hashLength; char hashAlg[64+1]; /* FIXME need verification */ int hashNid; uint32_t fileDataHashLength; uint8_t fileDataHash[SHA256_DIGEST_SIZE]; uint32_t fileNameLength; uint8_t fileName[MAXPATHLEN+1]; uint32_t sigLength; uint32_t sigHeaderLength; uint8_t sigHeader[9]; /* FIXME need verification, length and contents */ uint16_t signatureSize; uint8_t signature[256]; /* FIXME need verification */ } ImaTemplateData; #ifdef __cplusplus extern "C" { #endif void IMA_Event_Init(ImaEvent *imaEvent); void IMA_Event_Free(ImaEvent *imaEvent); void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate); void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData, unsigned int nameInt); uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent, int *endOfFile, FILE *infile, int littleEndian); uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent, size_t *length, uint8_t **buffer, int *endOfBuffer, int littleEndian, int getTemplate); uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData, ImaEvent *imaEvent, int littleEndian); uint32_t IMA_Event_Write(ImaEvent *imaEvent, FILE *outFile); uint32_t IMA_Extend(TPMT_HA *imapcr, ImaEvent *imaEvent, TPMI_ALG_HASH hashAlg); uint32_t IMA_VerifyImaDigest(uint32_t *badEvent, ImaEvent *imaEvent, int eventNum); TPM_RC ImaEvent_Marshal(ImaEvent *source, uint16_t *written, uint8_t **buffer, int32_t *size); #if 0 uint32_t IMA_Event_ToString(char **eventString, ImaEvent *imaEvent); #endif #ifdef __cplusplus } #endif #endif ./utils/clearcontrol.c0000644000175000017500000001602613075204375013171 0ustar lo1lo1/********************************************************************************/ /* */ /* ClearControl */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: clearcontrol.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ClearControl_In in; char authHandleChar = 0; const char *authPassword = NULL; int state = 1; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (authHandleChar == 'l') { in.auth = TPM_RH_LOCKOUT; } else if (authHandleChar == 'p') { in.auth = TPM_RH_PLATFORM; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { if (state != 0) { in.disable = YES; } else { in.disable = NO; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ClearControl, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("clearcontrol: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("clearcontrol: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("clearcontrol\n"); printf("\n"); printf("Runs TPM2_ClearControl\n"); printf("\n"); printf("\t-hi authhandle hierarchy (l, p)\n"); printf("\t\tl lockout, p platform\n"); printf("\t-pwda authorization password (default empty)\n"); printf("\t-state (0 to disable, 1 to enable (default enable)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/readclock.c0000644000175000017500000000754113055132457012432 0ustar lo1lo1/********************************************************************************/ /* */ /* ReadClock */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: readclock.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ReadClock_Out out; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include "tssntc.h" /* Marshal and Unmarshal Functions */ TPM_RC TSS_NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_Array_Marshal((BYTE *)source, sizeof(NTC2_CFG_STRUCT), written, buffer, size); } return rc; } TPM_RC TSS_NTC2_PreConfig_In_Marshal(NTC2_PreConfig_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_NTC2_CFG_STRUCT_Marshal(&source->preConfig, written, buffer, size); } return rc; } TPM_RC TSS_NTC2_GetConfig_Out_Unmarshal(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; tag = tag; if (rc == TPM_RC_SUCCESS) { rc = NTC2_CFG_STRUCT_Unmarshal(&target->preConfig, buffer, size); } return rc; } ./utils/quote.c0000644000175000017500000002753513075204375011646 0ustar lo1lo1/********************************************************************************/ /* */ /* Quote */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: quote.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); static void printSignature(Quote_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Quote_In in; Quote_Out out; TPMI_DH_OBJECT signHandle = 0; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_ALG_HASH palg = TPM_ALG_SHA256; const char *keyPassword = NULL; TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; const char *signatureFilename = NULL; const char *attestInfoFilename = NULL; const char *qualifyingDataFilename = NULL; int useRsa = 1; TPMS_ATTEST tpmsAttest; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); in.PCRselect.pcrSelections[0].sizeofSelect = 3; in.PCRselect.pcrSelections[0].pcrSelect[0] = 0; in.PCRselect.pcrSelections[0].pcrSelect[1] = 0; in.PCRselect.pcrSelections[0].pcrSelect[2] = 0; /* command line argument defaults */ for (i=1 ; (i 23) { printf("Bad PCR handle parameter %u for -hp\n",pcrHandle); printUsage(); } /* accumulate PCR select bits */ else { in.PCRselect.pcrSelections[0].pcrSelect[pcrHandle / 8] |= 1 << (pcrHandle % 8); } } else { printf("Missing parameter for -hp\n"); printUsage(); } } else if (strcmp(argv[i],"-hk") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &signHandle); } else { printf("Missing parameter for -hk\n"); printUsage(); } } else if (strcmp(argv[i],"-pwdk") == 0) { i++; if (i < argc) { keyPassword = argv[i]; } else { printf("-pwdk option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-halg") == 0) { i++; if (i < argc) { if (strcmp(argv[i],"sha1") == 0) { halg = TPM_ALG_SHA1; } else if (strcmp(argv[i],"sha256") == 0) { halg = TPM_ALG_SHA256; } else if (strcmp(argv[i],"sha384") == 0) { halg = TPM_ALG_SHA384; } else { printf("Bad parameter for -halg\n"); printUsage(); } } else { printf("-halg option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-palg") == 0) { i++; if (i < argc) { if (strcmp(argv[i],"sha1") == 0) { palg = TPM_ALG_SHA1; } else if (strcmp(argv[i],"sha256") == 0) { palg = TPM_ALG_SHA256; } else if (strcmp(argv[i],"sha384") == 0) { palg = TPM_ALG_SHA384; } else { printf("Bad parameter for -palg\n"); printUsage(); } } else { printf("-palg option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-salg") == 0) { i++; if (i < argc) { if (strcmp(argv[i],"rsa") == 0) { useRsa = 1; } else if (strcmp(argv[i],"ecc") == 0) { useRsa = 0; } else { printf("Bad parameter for -salg\n"); printUsage(); } } else { printf("-salg option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-os") == 0) { i++; if (i < argc) { signatureFilename = argv[i]; } else { printf("-os option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-oa") == 0) { i++; if (i < argc) { attestInfoFilename = argv[i]; } else { printf("-oa option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-qd") == 0) { i++; if (i < argc) { qualifyingDataFilename = argv[i]; } else { printf("-qd option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-se0") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle0); } else { printf("Missing parameter for -se0\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes0); if (sessionAttributes0 > 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (signHandle == 0) { printf("Missing sign handle parameter -hk\n"); printUsage(); } if (pcrHandle >= IMPLEMENTATION_PCR) { printf("Missing PCR handle parameter -hp\n"); printUsage(); } if (rc == 0) { /* Handle of key that will perform quoting */ in.signHandle = signHandle; /* data supplied by the caller */ if (useRsa) { /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ in.inScheme.scheme = TPM_ALG_RSASSA; /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ in.inScheme.details.rsassa.hashAlg = halg; } else { /* ecc */ in.inScheme.scheme = TPM_ALG_ECDSA; in.inScheme.details.ecdsa.hashAlg = halg; } /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ in.PCRselect.count = 1; /* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ in.PCRselect.pcrSelections[0].hash = palg; } if (rc == 0) { if (qualifyingDataFilename != NULL) { rc = TSS_File_Read2B(&in.qualifyingData.b, sizeof(TPMT_HA), qualifyingDataFilename); } else { in.qualifyingData.t.size = 0; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Quote, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { BYTE *tmpBuffer = out.quoted.t.attestationData; INT32 tmpSize = out.quoted.t.size; rc = TPMS_ATTEST_Unmarshal(&tpmsAttest, &tmpBuffer, &tmpSize); if (verbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); } if (rc == 0) { int match; match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); if (!match) { printf("quote: failed, extraData != qualifyingData\n"); rc = EXIT_FAILURE; } } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } if ((rc == 0) && (attestInfoFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.quoted.t.attestationData, out.quoted.t.size, attestInfoFilename); } if (rc == 0) { if (verbose) printSignature(&out); if (verbose) printf("quote: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("quote: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printSignature(Quote_Out *out) { TSS_PrintAll("Signature", out->signature.signature.rsassa.sig.t.buffer, out->signature.signature.rsassa.sig.t.size); } static void printUsage(void) { printf("\n"); printf("quote\n"); printf("\n"); printf("Runs TPM2_Quote\n"); printf("\n"); printf("\t-hp pcr handle (may be specified more than once)\n"); printf("\t-hk quoting key handle\n"); printf("\t[-pwdk password for quoting key (default empty)]\n"); printf("\t[-halg for signing (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-palg for PCR bank selection (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-salg signature algorithm (rsa, ecc) (default rsa)]\n"); printf("\t[-qd qualifying data file name]\n"); printf("\t[-os quote signature file name (default do not save)]\n"); printf("\t[-oa attestation output file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/nvextend.c0000644000175000017500000001670613055132457012341 0ustar lo1lo1/********************************************************************************/ /* */ /* NV Extend */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvextend.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_Extend_In in; const char *data = NULL; const char *datafilename = NULL; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if ((data == NULL) && (datafilename == NULL)) { printf("Data string or data file must be specified\n"); printUsage(); } if ((data != NULL) && (datafilename != NULL)) { printf("Data string and data file cannot both be specified\n"); printUsage(); } if ((rc == 0) && (data != NULL)) { rc = TSS_TPM2B_StringCopy(&in.data.b, data, MAX_NV_BUFFER_SIZE); } if ((rc == 0) && (datafilename != NULL)) { rc = TSS_File_Read2B(&in.data.b, MAX_NV_BUFFER_SIZE, datafilename); } if (rc == 0) { in.authHandle = nvIndex; in.nvIndex = nvIndex; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_Extend, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvextend: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvextend: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvextend\n"); printf("\n"); printf("Runs TPM2_NV_Extend\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdn password for NV index (default empty)\n"); printf("\t-ic data string\n"); printf("\t-if data file\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/sequencecomplete.c0000644000175000017500000002205313075204375014040 0ustar lo1lo1/********************************************************************************/ /* */ /* SequenceComplete */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: sequencecomplete.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; SequenceComplete_In in; SequenceComplete_Out out; char hierarchyChar = 'n'; TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; TPMI_DH_OBJECT sequenceHandle = 0; const char *inFilename = NULL; const char *outFilename = NULL; const char *ticketFilename = NULL; const char *sequencePassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; size_t length = 0; uint8_t *buffer = NULL; /* for the free */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (hierarchyChar == 'e') { hierarchy = TPM_RH_ENDORSEMENT; } else if (hierarchyChar == 'o') { hierarchy = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { hierarchy = TPM_RH_PLATFORM; } else if (hierarchyChar == 'n') { hierarchy = TPM_RH_NULL; } else { printf("Bad parameter %c for -hi\n", hierarchyChar); printUsage(); } in.hierarchy = hierarchy; } if (sequenceHandle == 0) { printf("Missing sequence handle parameter -hs\n"); printUsage(); } if ((rc == 0) && (inFilename != NULL)) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, inFilename); } if (rc == 0) { if (length > MAX_DIGEST_BUFFER) { printf("Input data too long %u\n", (unsigned int)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { /* Handle of key that will perform update */ in.sequenceHandle = sequenceHandle; /* data for update */ in.buffer.t.size = length; memcpy(in.buffer.t.buffer, buffer, length); } free(buffer); /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_SequenceComplete, sessionHandle0, sequencePassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (outFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.result.t.buffer, out.result.t.size, outFilename); } if ((rc == 0) && (ticketFilename != NULL)) { rc = TSS_File_WriteStructure(&out.validation, (MarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Marshal, ticketFilename); } if (rc == 0) { if (verbose) TSS_PrintAll("Result", out.result.t.buffer, out.result.t.size); if (verbose) printf("sequencecomplete: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("sequencecomplete: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("sequencecomplete\n"); printf("\n"); printf("Runs TPM2_SequenceComplete\n"); printf("\n"); printf("\t-hs sequence handle\n"); printf("\t-pwds password for sequence (default empty)\n"); printf("\t-if input file to be added (default no data)\n"); printf("\t[-of result file name (default do not save)]\n"); printf("\t[-tk ticket file name]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/signapp.c0000644000175000017500000006370613071006020012131 0ustar lo1lo1/********************************************************************************/ /* */ /* Sign Application */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: signapp.c 980 2017-04-04 21:11:44Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* Demo application, and test of "no file TSS" Prerequisite: A provisioned EK certificate. Use 'clientek' in the acs directory to provision a software TPM EK certificate. Program steps: Create an EK. The EK would not normally be the storage root key, but this demonstrates use of a policy session, creating an EK primary key using the EK template, and validation of the EK against the EK certificate. Start a policy session, salt with EK Create a signing key, salted policy session Load the signing key, salted policy session Start an HMAC session, salt with EK, bind to signing key Sign a message, verify the signature Flush the signing key Flush the EK */ #include #include #include #include #include #include #include #include #include #include #include #include #include "ekutils.h" #include "objecttemplates.h" #define KEYPWD "keypwd" static TPM_RC startSession(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION *sessionHandle, TPM_SE sessionType, TPMI_DH_OBJECT tpmKey, TPMI_DH_ENTITY bind, const char *bindPassword); static TPM_RC policyRestart(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC policyCommandCode(TSS_CONTEXT *tssContext, TPM_CC commandCode, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC policyAuthValue(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC policyPassword(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC policySecret(TSS_CONTEXT *tssContext, TPMI_DH_ENTITY authHandle, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC policyGetDigest(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC createKey(TSS_CONTEXT *tssContext, TPM2B_PRIVATE *outPrivate, TPM2B_PUBLIC *outPublic, TPMI_SH_AUTH_SESSION policySessionHandle, TPM_HANDLE parentHandle, const char *keyPassword, int pwSession); static TPM_RC loadKey(TSS_CONTEXT *tssContext, TPM_HANDLE *keyHandle, TPM_HANDLE parentHandle, TPMI_SH_AUTH_SESSION policySessionHandle, TPM2B_PRIVATE *outPrivate, TPM2B_PUBLIC *outPublic, int pwSession); static TPM_RC sign(TSS_CONTEXT *tssContext, TPMT_SIGNATURE *signature, TPM_HANDLE keyHandle, TPMI_SH_AUTH_SESSION sessionHandle, uint32_t sizeInBytes, TPMT_HA *messageDigest); static TPM_RC verify(TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle, uint32_t sizeInBytes, TPMT_HA *messageDigest, TPMT_SIGNATURE *signature); static TPM_RC flush(TSS_CONTEXT *tssContext, TPMI_DH_CONTEXT flushHandle); static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; int pwSession = FALSE; /* default HMAC session */ const char *messageString = NULL; uint32_t sizeInBytes; TPMT_HA messageDigest; /* digest of the message */ TPMI_SH_AUTH_SESSION policySessionHandle = TPM_RH_NULL; TPMI_SH_AUTH_SESSION sessionHandle = TPM_RH_NULL; TPM_HANDLE ekKeyHandle = TPM_RH_NULL; /* primary key handle */ TPM2B_PRIVATE outPrivate; TPM2B_PUBLIC outPublic; TPM_HANDLE keyHandle; TPMT_SIGNATURE signature; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ ERR_load_crypto_strings (); OpenSSL_add_all_algorithms(); /* needed when crypto is local, not in the TSS */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i> HR_SHIFT); if (rc == 0) { signIn.keyHandle = keyHandle; signIn.digest.t.size = sizeInBytes; memcpy(&signIn.digest.t.buffer, (uint8_t *)&messageDigest->digest, sizeInBytes); signIn.inScheme.scheme = TPM_ALG_RSASSA; signIn.inScheme.details.rsassa.hashAlg = TPM_ALG_SHA256; signIn.validation.tag = TPM_ST_HASHCHECK; /* optional, to make a ticket */ signIn.validation.hierarchy = TPM_RH_NULL; signIn.validation.digest.t.size = 0; /* password session */ if (sessionHandle == TPM_RS_PW) { pwd = KEYPWD; } /* policy session is policy password or policy authvalue */ else if (handleType == TPM_HT_POLICY_SESSION) { pwd = KEYPWD; } /* HMAC session - bound (password ignored) */ else { pwd = NULL; } rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&signOut, (COMMAND_PARAMETERS *)&signIn, NULL, TPM_CC_Sign, /* bind, observe that no password is required here */ sessionHandle, pwd, TPMA_SESSION_CONTINUESESSION, TPM_RH_NULL, NULL, 0); } if (rc == 0) { *signature = signOut.signature; } return rc; } /* verify() verifies the signature against the message digest using the previously loaded key in keyHandle. */ static TPM_RC verify(TSS_CONTEXT *tssContext, TPM_HANDLE keyHandle, uint32_t sizeInBytes, /* hash algorithm mapped to size */ TPMT_HA *messageDigest, /* digest of the message */ TPMT_SIGNATURE *signature) { TPM_RC rc = 0; VerifySignature_In verifySignatureIn; VerifySignature_Out verifySignatureOut; if (rc == 0) { verifySignatureIn.keyHandle = keyHandle; verifySignatureIn.digest.t.size = sizeInBytes; memcpy(&verifySignatureIn.digest.t.buffer, (uint8_t *)&messageDigest->digest, sizeInBytes); verifySignatureIn.signature = *signature; } if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&verifySignatureOut, (COMMAND_PARAMETERS *)&verifySignatureIn, NULL, TPM_CC_VerifySignature, TPM_RH_NULL, NULL, 0); } return rc; } /* flush() flushes some handle, either a session or the signing key in this demo. */ static TPM_RC flush(TSS_CONTEXT *tssContext, TPMI_DH_CONTEXT flushHandle) { TPM_RC rc = 0; FlushContext_In in; if (rc == 0) { in.flushHandle = flushHandle; rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_FlushContext, TPM_RH_NULL, NULL, 0); } return rc; } static void printUsage(void) { printf("\n"); printf("signapp\n"); printf("\n"); printf("Runs a TPM2_Sign application, including creating a primary storage key\n"); printf("and creating and loading a signing key\n"); printf("\n"); printf("\t-ic input message to hash and sign\n"); printf("\n"); printf("\t[-pwsess Use a password session, no HMAC or parameter encryption]\n"); printf("\n"); exit(1); } ./utils/tsstbsi.h0000644000175000017500000000506413115776262012206 0ustar lo1lo1/********************************************************************************/ /* */ /* Windows Device Transmit and Receive Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tsstbsi.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is not a public header. It should not be used by applications. */ #ifndef TSSDEV_H #define TSSDEV_H #include #ifdef __cplusplus extern "C" { #endif TPM_RC TSS_Tbsi_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message); TPM_RC TSS_Tbsi_Close(TSS_CONTEXT *tssContext); #ifdef __cplusplus } #endif #endif ./utils/objecttemplates.c0000644000175000017500000005416413133205212013656 0ustar lo1lo1/********************************************************************************/ /* */ /* Object Templates */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: objecttemplates.c 1044 2017-07-17 19:05:46Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* These are templates suitable for creating typical objects. The functions are shared by create and createprimary */ #include #include #include #include #include #include #include #include #include "objecttemplates.h" /* asymPublicTemplate() is a template for an ECC or RSA 2048 key. It can create these types: TYPE_ST: RSA storage key TYPE_DEN: RSA decryption key (not storage key, NULL scheme) TYPE_DEO: RSA decryption key (not storage key, OAEP scheme) TYPE_SI: signing key (unrestricted) TYPE_SIR: signing key (restricted) TYPE_GP: general purpose key If restricted, it uses the RSASSA padding scheme */ TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ TPMA_OBJECT addObjectAttributes, /* add default, can be overridden here */ TPMA_OBJECT deleteObjectAttributes, int keyType, /* see above */ TPMI_ALG_PUBLIC algPublic, /* RSA or ECC */ TPMI_ECC_CURVE curveID, /* for ECC */ TPMI_ALG_HASH nalg, /* Name algorithm */ TPMI_ALG_HASH halg, /* hash algorithm */ const char *policyFilename) /* binary policy, NULL means empty */ { TPM_RC rc = 0; if (rc == 0) { publicArea->objectAttributes = addObjectAttributes; publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; /* Table 185 - TPM2B_PUBLIC inPublic */ /* Table 184 - TPMT_PUBLIC publicArea */ publicArea->type = algPublic; /* RSA or ECC */ publicArea->nameAlg = nalg; /* Table 32 - TPMA_OBJECT objectAttributes */ publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; switch (keyType) { case TYPE_DEN: case TYPE_DEO: publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; break; case TYPE_ST: publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; break; case TYPE_SI: case TYPE_DAA: publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; break; case TYPE_SIR: case TYPE_DAAR: publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; break; case TYPE_GP: publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; break; } publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; } if (rc == 0) { /* Table 72 - TPM2B_DIGEST authPolicy */ /* policy set separately */ /* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */ if (algPublic == TPM_ALG_RSA) { /* Table 180 - Definition of {RSA} TPMS_RSA_PARMS rsaDetail */ /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */ switch (keyType) { case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_GP: /* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */ publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL; break; case TYPE_ST: publicArea->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; /* Table 125 - TPMU_SYM_KEY_BITS keyBits */ publicArea->parameters.rsaDetail.symmetric.keyBits.aes = 128; /* Table 126 - TPMU_SYM_MODE mode */ publicArea->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; break; } /* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME scheme */ switch (keyType) { case TYPE_DEN: case TYPE_GP: case TYPE_ST: case TYPE_SI: publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; break; case TYPE_DEO: publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_OAEP; /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ publicArea->parameters.rsaDetail.scheme.details.oaep.hashAlg = halg; break; case TYPE_SIR: publicArea->parameters.rsaDetail.scheme.scheme = TPM_ALG_RSASSA; /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ /* Table 152 - Definition of TPMU_ASYM_SCHEME rsassa */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH hashAlg */ publicArea->parameters.rsaDetail.scheme.details.rsassa.hashAlg = halg; break; } /* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type keyBits */ publicArea->parameters.rsaDetail.keyBits = 2048; publicArea->parameters.rsaDetail.exponent = 0; /* Table 177 - TPMU_PUBLIC_ID unique */ /* Table 177 - Definition of TPMU_PUBLIC_ID */ publicArea->unique.rsa.t.size = 0; } else { /* algPublic == TPM_ALG_ECC */ /* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure eccDetail */ /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure symmetric */ switch (keyType) { case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_DAA: case TYPE_DAAR: case TYPE_GP: /* Non-storage keys must have TPM_ALG_NULL for the symmetric algorithm */ publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; break; case TYPE_ST: publicArea->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES; /* Table 125 - TPMU_SYM_KEY_BITS keyBits */ publicArea->parameters.eccDetail.symmetric.keyBits.aes = 128; /* Table 126 - TPMU_SYM_MODE mode */ publicArea->parameters.eccDetail.symmetric.mode.aes = TPM_ALG_CFB; break; } /* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure scheme */ /* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type scheme */ switch (keyType) { case TYPE_GP: case TYPE_SI: case TYPE_DEN: case TYPE_DEO: publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */ publicArea->parameters.eccDetail.curveID = curveID; /* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */ /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; break; case TYPE_SIR: publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; /* Table 152 - Definition of TPMU_ASYM_SCHEME details */ /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ publicArea->parameters.eccDetail.scheme.details.ecdsa.hashAlg = halg; /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants curveID */ publicArea->parameters.eccDetail.curveID = curveID; /* Table 150 - Definition of TPMT_KDF_SCHEME Structure kdf */ /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; /* Table 149 - Definition of TPMU_KDF_SCHEME Union */ /* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure hashAlg */ publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = halg; break; case TYPE_DAA: case TYPE_DAAR: publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_ECDAA; publicArea->parameters.eccDetail.scheme.details.ecdaa.hashAlg = halg; publicArea->parameters.eccDetail.scheme.details.ecdaa.count = 1; publicArea->parameters.eccDetail.curveID = curveID; publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; publicArea->unique.ecc.y.t.size = 0; publicArea->unique.ecc.x.t.size = 0; break; case TYPE_ST: publicArea->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; publicArea->parameters.eccDetail.scheme.details.anySig.hashAlg = 0; publicArea->parameters.eccDetail.curveID = TPM_ECC_NIST_P256; publicArea->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; publicArea->parameters.eccDetail.kdf.details.mgf1.hashAlg = 0; break; } /* Table 177 - TPMU_PUBLIC_ID unique */ /* Table 177 - Definition of TPMU_PUBLIC_ID */ publicArea->unique.ecc.x.t.size = 0; publicArea->unique.ecc.y.t.size = 0; } } if (rc == 0) { rc = getPolicy(publicArea, policyFilename); } return rc; } /* symmetricCipherTemplate() is a template for an AES 128 CFB key */ TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea, /* output */ TPMA_OBJECT addObjectAttributes, /* add default, can be overridden here */ TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, /* Name algorithm */ int rev116, /* TPM rev 116 compatibility, sets SIGN */ const char *policyFilename) /* binary policy, NULL means empty */ { TPM_RC rc = 0; if (rc == 0) { publicArea->objectAttributes = addObjectAttributes; /* Table 185 - TPM2B_PUBLIC inPublic */ /* Table 184 - TPMT_PUBLIC publicArea */ publicArea->type = TPM_ALG_SYMCIPHER; publicArea->nameAlg = nalg; /* Table 32 - TPMA_OBJECT objectAttributes */ /* rev 116 used DECRYPT for both decrypt and encrypt. After 116, encrypt required SIGN */ if (!rev116) { /* actually encrypt */ publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; } publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; /* Table 72 - TPM2B_DIGEST authPolicy */ /* policy set separately */ /* Table 182 - Definition of TPMU_PUBLIC_PARMS parameters */ { /* Table 131 - Definition of TPMS_SYMCIPHER_PARMS symDetail */ { /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT sym */ /* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ publicArea->parameters.symDetail.sym.algorithm = TPM_ALG_AES; /* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */ publicArea->parameters.symDetail.sym.keyBits.aes = 128; /* Table 126 - Definition of TPMU_SYM_MODE Union */ publicArea->parameters.symDetail.sym.mode.aes = TPM_ALG_CFB; } } /* Table 177 - TPMU_PUBLIC_ID unique */ /* Table 72 - Definition of TPM2B_DIGEST Structure */ publicArea->unique.sym.t.size = 0; } if (rc == 0) { rc = getPolicy(publicArea, policyFilename); } return rc; } /* keyedHashPublicTemplate() is a template for a HMAC key The key is not restricted */ TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ TPMA_OBJECT addObjectAttributes, /* add default, can be overridden here */ TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, /* Name algorithm */ TPMI_ALG_HASH halg, /* hash algorithm */ const char *policyFilename) /* binary policy, NULL means empty */ { TPM_RC rc = 0; if (rc == 0) { publicArea->objectAttributes = addObjectAttributes; /* Table 185 - TPM2B_PUBLIC inPublic */ /* Table 184 - TPMT_PUBLIC publicArea->*/ /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ publicArea->type = TPM_ALG_KEYEDHASH; /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ publicArea->nameAlg = nalg; /* Table 32 - TPMA_OBJECT objectAttributes */ publicArea->objectAttributes.val |= TPMA_OBJECT_SIGN; publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; /* Table 72 - TPM2B_DIGEST authPolicy */ /* policy set separately */ { /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_HMAC; /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ publicArea->parameters.keyedHashDetail.scheme.details.hmac.hashAlg = halg; } /* Table 177 - TPMU_PUBLIC_ID unique */ /* Table 72 - Definition of TPM2B_DIGEST Structure */ publicArea->unique.sym.t.size = 0; } if (rc == 0) { rc = getPolicy(publicArea, policyFilename); } return rc; } /* derivationParentPublicTemplate() is a template for a HMAC key The key is not restricted */ TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ TPMA_OBJECT addObjectAttributes, /* add default, can be overridden here */ TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, /* Name algorithm */ TPMI_ALG_HASH halg, /* hash algorithm */ const char *policyFilename) /* binary policy, NULL means empty */ { TPM_RC rc = 0; if (rc == 0) { publicArea->objectAttributes = addObjectAttributes; /* Table 185 - TPM2B_PUBLIC inPublic */ /* Table 184 - TPMT_PUBLIC publicArea->*/ /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ publicArea->type = TPM_ALG_KEYEDHASH; /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ publicArea->nameAlg = nalg; /* Table 32 - TPMA_OBJECT objectAttributes */ publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDTPM; publicArea->objectAttributes.val |= TPMA_OBJECT_FIXEDPARENT; publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; publicArea->objectAttributes.val |= TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; publicArea->objectAttributes.val |= TPMA_OBJECT_SENSITIVEDATAORIGIN; publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; publicArea->objectAttributes.val |= TPMA_OBJECT_RESTRICTED; publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; /* Table 72 - TPM2B_DIGEST authPolicy */ /* policy set separately */ { /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_XOR; /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ publicArea->parameters.keyedHashDetail.scheme.details.xorr.kdf = TPM_ALG_KDF1_SP800_108; publicArea->parameters.keyedHashDetail.scheme.details.xorr.hashAlg = halg; } /* Table 177 - TPMU_PUBLIC_ID unique */ /* Table 72 - Definition of TPM2B_DIGEST Structure */ publicArea->unique.sym.t.size = 0; } if (rc == 0) { rc = getPolicy(publicArea, policyFilename); } return rc; } /* blPublicTemplate() is a template for a sealed data blob. */ TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea, /* output */ TPMA_OBJECT addObjectAttributes, /* add default, can be overridden here */ TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, /* Name algorithm */ const char *policyFilename) /* binary policy, NULL means empty */ { TPM_RC rc = 0; if (rc == 0) { publicArea->objectAttributes = addObjectAttributes; /* Table 185 - TPM2B_PUBLIC inPublic */ /* Table 184 - TPMT_PUBLIC publicArea->*/ /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ publicArea->type = TPM_ALG_KEYEDHASH; /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ publicArea->nameAlg = nalg; /* Table 32 - TPMA_OBJECT objectAttributes */ publicArea->objectAttributes.val &= ~TPMA_OBJECT_SIGN; publicArea->objectAttributes.val &= ~TPMA_OBJECT_DECRYPT; publicArea->objectAttributes.val &= ~TPMA_OBJECT_RESTRICTED; publicArea->objectAttributes.val &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN; publicArea->objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; publicArea->objectAttributes.val &= ~TPMA_OBJECT_ADMINWITHPOLICY; publicArea->objectAttributes.val &= ~deleteObjectAttributes.val; /* Table 72 - TPM2B_DIGEST authPolicy */ /* policy set separately */ { /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ publicArea->parameters.keyedHashDetail.scheme.scheme = TPM_ALG_NULL; /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ } /* Table 177 - TPMU_PUBLIC_ID unique */ /* Table 72 - Definition of TPM2B_DIGEST Structure */ publicArea->unique.sym.t.size = 0; } if (rc == 0) { rc = getPolicy(publicArea, policyFilename); } return rc; } TPM_RC getPolicy(TPMT_PUBLIC *publicArea, const char *policyFilename) { TPM_RC rc = 0; if (rc == 0) { if (policyFilename != NULL) { rc = TSS_File_Read2B(&publicArea->authPolicy.b, sizeof(TPMU_HA), policyFilename); } else { publicArea->authPolicy.t.size = 0; /* default empty policy */ } } return rc; } void printUsageTemplate(void) { printf("\t[Asymmetric Key Algorithm]\n"); printf("\t\t-rsa (default)\n"); printf("\t\t-ecc curve\n"); printf("\t\t\tbnp256\n"); printf("\t\t\tnistp256\n"); printf("\t\t\tnistp384\n"); printf("\n"); printf("\tKey attributes\n"); printf("\n"); printf("\t\t-bl data blob for unseal (create only)\n"); printf("\t\t\t-if data file name\n"); printf("\t\t-den decryption, RSA, not storage, NULL scheme\n"); printf("\t\t-deo decryption, RSA, not storage, OAEP scheme\n"); printf("\t\t-des encryption/decryption, AES symmetric\n"); printf("\t\t\t[-116 for TPM rev 116 compatibility]\n"); printf("\t\t-st storage\n"); printf("\t\t\t[default for primary keys]\n"); printf("\t\t-si signing\n"); printf("\t\t-sir restricted signing\n"); printf("\t\t-dau create unrestricted ECDAA key pair\n"); printf("\t\t-dar create restricted ECDAA key pair\n"); printf("\t\t-kh keyed hash (hmac)\n"); printf("\t\t-dp derivation parent\n"); printf("\t\t-gp general purpose, not storage\n"); printf("\n"); printf("\t\t[-kt (can be specified more than once)]\n" "\t\t\tf fixedTPM (default for primary keys and derivation parents)\n" "\t\t\tp fixedParent (default for primary keys and derivation parents)\n" "\t\t\tnf no fixedTPM (default for non-primary keys)\n" "\t\t\tnp no fixedParent (default for non-primary keys)\n"); printf("\t\t[-da object subject to DA protection) (default no)]\n"); printf("\t[-pol policy file (default empty)]\n"); printf("\t[-uwa userWithAuth attribute clear (default set)]\n"); printf("\n"); printf("\t[-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)]\n"); return; } ./utils/policysecret.c0000644000175000017500000002311113075204375013200 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicySecret */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policysecret.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicySecret_In in; PolicySecret_Out out; TPMI_DH_ENTITY authHandle = 0; TPMI_SH_POLICY policySession = 0; const char *nonceTPMFilename = NULL; const char *cpHashAFilename = NULL; const char *policyRefFilename = NULL; INT32 expiration = 0; const char *ticketFilename = NULL; const char *timeoutFilename = NULL; const char *entityPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ in.nonceTPM.b.size = 0; in.cpHashA.b.size = 0; in.policyRef.b.size = 0; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (authHandle == 0) { printf("Missing authorizing entity handle parameter -hs\n"); printUsage(); } if (policySession == 0) { printf("Missing policy session handle parameter -hs\n"); printUsage(); } if (rc == 0) { in.authHandle = authHandle; in.policySession = policySession; } if ((rc == 0) && (nonceTPMFilename != NULL)) { rc = TSS_File_Read2B(&in.nonceTPM.b, sizeof(TPMU_HA), nonceTPMFilename); } if ((rc == 0) && (cpHashAFilename != NULL)) { rc = TSS_File_Read2B(&in.cpHashA.b, sizeof(TPMU_HA), cpHashAFilename); } if ((rc == 0) && (policyRefFilename != NULL)) { rc = TSS_File_Read2B(&in.policyRef.b, sizeof(TPMU_HA), policyRefFilename); } if (rc == 0) { in.expiration = expiration; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicySecret, sessionHandle0, entityPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (ticketFilename != NULL)) { rc = TSS_File_WriteStructure(&out.policyTicket, (MarshalFunction_t)TSS_TPMT_TK_AUTH_Marshal, ticketFilename); } if ((rc == 0) && (timeoutFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.timeout.b.buffer, out.timeout.b.size, timeoutFilename); } if (rc == 0) { if (verbose) printf("policysecret: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policysecret: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policysecret\n"); printf("\n"); printf("Runs TPM2_PolicySecret\n"); printf("\n"); printf("\t-ha authorizing entity handle\n"); printf("\t-hs policy session handle\n"); printf("\t-in nonceTPM file (default none)\n"); printf("\t-cp cpHash file (default none)\n"); printf("\t-pref policyRef file (default none)\n"); printf("\t-exp expiration (default none)\n"); printf("\t-pwde authorizing entity password (default empty)\n"); printf("\t[-tk ticket file name]\n"); printf("\t[-to timeout file name]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/policypcr.c0000644000175000017500000001716313075204375012511 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyPCR */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policypcr.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyPCR_In in; TPMI_SH_POLICY policySession = 0; TPMI_ALG_HASH halg = TPM_ALG_SHA256; uint32_t pcrmask = 0xffffffff; /* pcr register mask */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (policySession == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (pcrmask == 0xffffffff) { printf("Missing handle parameter -bm\n"); printUsage(); } if (rc == 0) { in.policySession = policySession; /* NOTE not implemented yet */ in.pcrDigest.b.size = 0; /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ in.pcrs.count = 1; /* hard code one hash algorithm */ /* Table 85 - Definition of TPMS_PCR_SELECTION Structure - pcrSelections */ in.pcrs.pcrSelections[0].hash = halg; in.pcrs.pcrSelections[0].sizeofSelect= 3; /* hard code 24 PCRs */ /* TCG always marshals lower PCR first */ in.pcrs.pcrSelections[0].pcrSelect[0] = (pcrmask >> 0) & 0xff; in.pcrs.pcrSelections[0].pcrSelect[1] = (pcrmask >> 8) & 0xff; in.pcrs.pcrSelections[0].pcrSelect[2] = (pcrmask >> 16) & 0xff; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyPCR, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policypcr: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policypcr: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policypcr\n"); printf("\n"); printf("Runs TPM2_PolicyPCR\n"); printf("\n"); printf("\t-ha policy session handle\n"); printf("\t-halg (sha1, sha256) (default sha256)\n"); printf("\t-bm pcr mask in hex\n"); printf("\t\te.g., -bm 10000 is PCR 16, 000001 is PCR 0\n"); exit(1); } ./utils/eccparameters.c0000644000175000017500000001211313075204375013311 0ustar lo1lo1/********************************************************************************/ /* */ /* ECC_Parameters */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: eccparameters.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ECC_Parameters_In in; ECC_Parameters_Out out; const char *datafilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); in.curveID = TPM_ECC_NONE; /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include #include #include static void printUsage(void); static void printSignature(NV_Certify_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_Certify_In in; NV_Certify_Out out; TPMI_DH_OBJECT signHandle = 0; const char *keyPassword = NULL; char hierarchyAuthChar = 0; const char *nvPassword = NULL; /* default no password */ TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_RH_NV_INDEX nvIndex = 0; uint16_t size = 0; uint16_t offset = 0; /* default 0 */ const char *signatureFilename = NULL; const char *attestInfoFilename = NULL; int useRsa = 1; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* certifying key */ if (signHandle == 0) { printf("Missing sign handle parameter -hk\n"); printUsage(); } /* Authorization handle */ if (rc == 0) { if (hierarchyAuthChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyAuthChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else if (hierarchyAuthChar == 0) { in.authHandle = nvIndex; } else { printf("\n"); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (size == 0) { printf("Size not specified\n"); printUsage(); } if (rc == 0) { in.signHandle = signHandle; in.nvIndex = nvIndex; in.qualifyingData.t.size = 0; if (useRsa) { /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ in.inScheme.scheme = TPM_ALG_RSASSA; /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ in.inScheme.details.rsassa.hashAlg = halg; } else { /* ecc */ in.inScheme.scheme = TPM_ALG_ECDSA; in.inScheme.details.ecdsa.hashAlg = halg; } in.size = size; in.offset = offset; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_Certify, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, nvPassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } if ((rc == 0) && (attestInfoFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData, out.certifyInfo.t.size, attestInfoFilename); } if (rc == 0) { TPMS_ATTEST tpmsAttest; uint8_t *tmpBuffer = out.certifyInfo.t.attestationData; int32_t tmpSize = out.certifyInfo.t.size; rc = TPMS_ATTEST_Unmarshal(&tpmsAttest, &tmpBuffer, &tmpSize); if (verbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); } if (rc == 0) { if (verbose) printSignature(&out); if (verbose) printf("nvcertify: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvcertify: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printSignature(NV_Certify_Out *out) { TSS_PrintAll("Signature", out->signature.signature.rsassa.sig.t.buffer, out->signature.signature.rsassa.sig.t.size); } static void printUsage(void) { printf("\n"); printf("nvcertify\n"); printf("\n"); printf("Runs TPM2_NV_Certify\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t[-pwdn password for NV index (default empty)]\n"); printf("\t-hk certifying key handle\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-salg signature algorithm (rsa, ecc) (default rsa)]\n"); printf("\t-sz data size\n"); printf("\t[-off offset (default 0)]\n"); printf("\t[-os signature file name (default do not save)]\n"); printf("\t[-oa attestation output file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/import.c0000644000175000017500000002400713074214713012006 0ustar lo1lo1/********************************************************************************/ /* */ /* Import */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: import.c 985 2017-04-14 18:49:47Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Import_In in; Import_Out out; TPMI_DH_OBJECT parentHandle = 0; const char *parentPassword = NULL; const char *encryptionKeyFilename = NULL; const char *objectPublicFilename = NULL; const char *duplicateFilename = NULL; const char *inSymSeedFilename = NULL; const char *outPrivateFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ in.symmetricAlg.algorithm = TPM_ALG_NULL; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((in.symmetricAlg.algorithm == TPM_ALG_NULL) && (encryptionKeyFilename != NULL)) { printf("-ik needs -salg\n"); printUsage(); } if ((in.symmetricAlg.algorithm != TPM_ALG_NULL) && (encryptionKeyFilename == NULL)) { printf("-salg needs -ik\n"); printUsage(); } if (parentHandle == 0) { printf("Missing or bad object handle parameter -hp\n"); printUsage(); } if (objectPublicFilename == NULL) { printf("Missing parameter -ipu\n"); printUsage(); } if (duplicateFilename == NULL) { printf("Missing parameter -id\n"); printUsage(); } if (inSymSeedFilename == NULL) { printf("Missing parameter -iss\n"); printUsage(); } if (outPrivateFilename == NULL) { printf("Missing parameter -opr\n"); printUsage(); } if (rc == 0) { in.parentHandle = parentHandle; } /* optional symmetric encryption key */ if (rc == 0) { if (encryptionKeyFilename != NULL) { rc = TSS_File_Read2B(&in.encryptionKey.b, sizeof(TPMT_HA), encryptionKeyFilename); } else { in.encryptionKey.t.size = 0; } } if (rc == 0) { rc = TSS_File_ReadStructure(&in.objectPublic, (UnmarshalFunction_t)TPM2B_PUBLIC_Unmarshal, objectPublicFilename); } if (rc == 0) { rc = TSS_File_Read2B(&in.duplicate.b, sizeof(_PRIVATE), duplicateFilename); } if (rc == 0) { rc = TSS_File_Read2B(&in.inSymSeed.b, sizeof(TPMU_ENCRYPTED_SECRET), inSymSeedFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Import, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { rc = TSS_File_WriteStructure(&out.outPrivate, (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal, outPrivateFilename); } if (rc == 0) { if (verbose) printf("import: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("import: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("Import\n"); printf("\n"); printf("Runs TPM2_Import\n"); printf("\n"); printf("\t-hp parent handle\n"); printf("\t[-pwdp password for parent (default empty)]\n"); printf("\t[-ik encryption key in file name]\n"); printf("\t-ipu object public area file name\n"); printf("\t-id duplicate file name\n"); printf("\t-iss symmetric seed file name\n"); printf("\t[-salg symmetric algorithm (default none)]\n"); printf("\n"); printf("\t-opr private area file name\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/Platform.h0000644000175000017500000002644613013664115012274 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Platform.h 827 2016-11-18 20:45:01Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 122 */ // C.8 Platform.h #ifndef PLATFORM_H #define PLATFORM_H // C.8.1. Includes and Defines #include #include "stdint.h" #include "TpmError.h" #include // C.8.2. Power Functions // C.8.2.1. _plat__Signal_PowerOn // Signal power on This signal is simulate by a RPC call LIB_EXPORT int _plat__Signal_PowerOn(void); // C.8.2.2. _plat__Signal_Reset // Signal reset This signal is simulate by a RPC call LIB_EXPORT int _plat__Signal_Reset(void); // C.8.2.3. _plat__WasPowerLost() // Indicates if the power was lost before a _TPM__Init(). LIB_EXPORT BOOL _plat__WasPowerLost(BOOL clear); // C.8.2.4. _plat__Signal_PowerOff() // Signal power off This signal is simulate by a RPC call LIB_EXPORT void _plat__Signal_PowerOff(void); // C.8.3. Physical Presence Functions // C.8.3.1. _plat__PhysicalPresenceAsserted() // Check if physical presence is signaled // Return Value Meaning // TRUE if physical presence is signaled // FALSE if physical presence is not signaled LIB_EXPORT BOOL _plat__PhysicalPresenceAsserted(void); // C.8.3.2. _plat__Signal_PhysicalPresenceOn // Signal physical presence on This signal is simulate by a RPC call LIB_EXPORT void _plat__Signal_PhysicalPresenceOn(void); // C.8.3.3. _plat__Signal_PhysicalPresenceOff() // Signal physical presence off This signal is simulate by a RPC call LIB_EXPORT void _plat__Signal_PhysicalPresenceOff(void); // C.8.4. Command Canceling Functions // C.8.4.1. _plat__IsCanceled() // Check if the cancel flag is set // Return Value Meaning // TRUE if cancel flag is set // FALSE if cancel flag is not set LIB_EXPORT BOOL _plat__IsCanceled(void); // C.8.4.2. _plat__SetCancel() // Set cancel flag. LIB_EXPORT void _plat__SetCancel(void); // C.8.4.3. _plat__ClearCancel() // Clear cancel flag LIB_EXPORT void _plat__ClearCancel( void); // C.8.5. NV memory functions // C.8.5.1. _plat__NvErrors() // This function is used by the simulator to set the error flags in the NV subsystem to simulate an // error in the NV loading process LIB_EXPORT void _plat__NvErrors( BOOL recoverable, BOOL unrecoverable ); // C.8.5.2. _plat__NVEnable() // Enable platform NV memory NV memory is automatically enabled at power on event. This function is // mostly for TPM_Manufacture() to access NV memory without a power on event // Return Value Meaning // 0 if success // non-0 if fail LIB_EXPORT int _plat__NVEnable( void *platParameter // IN: platform specific parameters ); // C.8.5.3. _plat__NVDisable() // Disable platform NV memory NV memory is automatically disabled at power off event. This function // is mostly for TPM_Manufacture() to disable NV memory without a power off event LIB_EXPORT void _plat__NVDisable(void); // C.8.5.4. _plat__IsNvAvailable() // Check if NV is available // Return Value Meaning // 0 NV is available // 1 NV is not available due to write failure // 2 NV is not available due to rate limit LIB_EXPORT int _plat__IsNvAvailable(void); // C.8.5.5. _plat__NvCommit() // Update NV chip // Return Value Meaning // 0 NV write success // non-0 NV write fail LIB_EXPORT int _plat__NvCommit(void); // C.8.5.6. _plat__NvMemoryRead() // Read a chunk of NV memory LIB_EXPORT void _plat__NvMemoryRead( unsigned int startOffset, // IN: read start unsigned int size, // IN: size of bytes to read void *data // OUT: data buffer ); // C.8.5.7. _plat__NvIsDifferent() // This function checks to see if the NV is different from the test value. This is so that NV will // not be written if it has not changed. // Return Value Meaning // TRUE the NV location is different from the test value // FALSE the NV location is the same as the test value LIB_EXPORT BOOL _plat__NvIsDifferent( unsigned int startOffset, // IN: read start unsigned int size, // IN: size of bytes to compare void *data // IN: data buffer ); // C.8.5.8. _plat__NvMemoryWrite() // Write a chunk of NV memory LIB_EXPORT void _plat__NvMemoryWrite( unsigned int startOffset, // IN: read start unsigned int size, // IN: size of bytes to read void *data // OUT: data buffer ); // C.8.5.9. _plat__NvMemoryClear() // Function is used to set a range of NV memory bytes to an implementation-dependent value. The // value represents the errase state of the memory. LIB_EXPORT void _plat__NvMemoryClear( unsigned int start, // IN: clear start unsigned int size // IN: number of bytes to be clear ); // C.8.5.10. _plat__NvMemoryMove() // Move a chunk of NV memory from source to destination This function should ensure that if there // overlap, the original data is copied before it is written LIB_EXPORT void _plat__NvMemoryMove( unsigned int sourceOffset, // IN: source offset unsigned int destOffset, // IN: destination offset unsigned int size // IN: size of data being moved ); // C.8.5.11. _plat__SetNvAvail() // Set the current NV state to available. This function is for testing purposes only. It is not // part of the platform NV logic LIB_EXPORT void _plat__SetNvAvail(void); // C.8.5.12. _plat__ClearNvAvail() // Set the current NV state to unavailable. This function is for testing purposes only. It is not // part of the platform NV logic LIB_EXPORT void _plat__ClearNvAvail(void); // C.8.6. Locality Functions // C.8.6.1. _plat__LocalityGet() // Get the most recent command locality in locality value form LIB_EXPORT unsigned char _plat__LocalityGet(void); // C.8.6.2. _plat__LocalitySet() // Set the most recent command locality in locality value form LIB_EXPORT void _plat__LocalitySet( unsigned char locality ); // C.8.7. Clock Constants and Functions // Assume that the nominal divisor is 30000 #define CLOCK_NOMINAL 30000 // A 1% change in rate is 300 counts #define CLOCK_ADJUST_COARSE 300 // A .1 change in rate is 30 counts #define CLOCK_ADJUST_MEDIUM 30 // A minimum change in rate is 1 count #define CLOCK_ADJUST_FINE 1 // The clock tolerance is +/-15% (4500 counts) Allow some guard band (16.7%) #define CLOCK_ADJUST_LIMIT 5000 // C.8.7.1. _plat__ClockReset() // This function sets the current clock time as initial time. This function is called at a power on // event to reset the clock LIB_EXPORT void _plat__ClockReset(void); // C.8.7.2. _plat__ClockTimeFromStart() // Function returns the compensated time from the start of the command when // _plat__ClockTimeFromStart() was called. LIB_EXPORT unsigned long long _plat__ClockTimeFromStart(void); // C.8.7.3. _plat__ClockTimeElapsed() // Get the time elapsed from current to the last time the _plat__ClockTimeElapsed() is called. For // the first _plat__ClockTimeElapsed() call after a power on event, this call report the elapsed // time from power on to the current call LIB_EXPORT unsigned long long _plat__ClockTimeElapsed(void); // C.8.7.4. _plat__ClockAdjustRate() // Adjust the clock rate LIB_EXPORT void _plat__ClockAdjustRate( int adjust // IN: the adjust number. It could be // positive or negative ); // C.8.8. Single Function Files // C.8.8.1. _plat__GetEntropy() // This function is used to get available hardware entropy. In a hardware implementation of this // function, there would be no call to the system to get entropy. If the caller does not ask for any // entropy, then this is a startup indication and firstValue should be reset. // Return Value Meaning // < 0 hardware failure of the entropy generator, this is sticky // >= 0 the returned amount of entropy (bytes) LIB_EXPORT int32_t _plat__GetEntropy( unsigned char *entropy, // output buffer uint32_t amount // amount requested ); #endif ./utils/load.c0000644000175000017500000001703413055132457011420 0ustar lo1lo1/********************************************************************************/ /* */ /* Load */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: load.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Load_In in; Load_Out out; TPMI_DH_OBJECT parentHandle = 0; const char *publicKeyFilename = NULL; const char *privateKeyFilename = NULL; const char *parentPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (parentHandle == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (privateKeyFilename == NULL) { printf("Missing private key parameter -ipr\n"); printUsage(); } if (publicKeyFilename == NULL) { printf("Missing private key parameter -ipu\n"); printUsage(); } if (rc == 0) { rc = TSS_File_ReadStructure(&in.inPrivate, (UnmarshalFunction_t)TPM2B_PRIVATE_Unmarshal, privateKeyFilename); } if (rc == 0) { rc = TSS_File_ReadStructure(&in.inPublic, (UnmarshalFunction_t)TPM2B_PUBLIC_Unmarshal, publicKeyFilename); } if (rc == 0) { in.parentHandle = parentHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Load, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { printf("Handle %08x\n", out.objectHandle); if (verbose) printf("load: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("load: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("load\n"); printf("\n"); printf("Runs TPM2_Load\n"); printf("\n"); printf("\t-hp parent handle\n"); printf("\t-pwdp password for parent key (default empty)\n"); printf("\n"); printf("\t-ipu public key file name\n"); printf("\t-ipr private key file name\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/tssproperties.c0000644000175000017500000003205213070736653013431 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Configuration Properties */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssproperties.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include #include #include #ifndef TPM_TSS_NOCRYPTO #include #endif #include #include "tssproperties.h" /* local prototypes */ static TPM_RC TSS_SetTraceLevel(const char *value); static TPM_RC TSS_SetDataDirectory(TSS_CONTEXT *tssContext, const char *value); static TPM_RC TSS_SetCommandPort(TSS_CONTEXT *tssContext, const char *value); static TPM_RC TSS_SetPlatformPort(TSS_CONTEXT *tssContext, const char *value); static TPM_RC TSS_SetServerName(TSS_CONTEXT *tssContext, const char *value); static TPM_RC TSS_SetServerType(TSS_CONTEXT *tssContext, const char *value); static TPM_RC TSS_SetInterfaceType(TSS_CONTEXT *tssContext, const char *value); static TPM_RC TSS_SetDevice(TSS_CONTEXT *tssContext, const char *value); static TPM_RC TSS_SetEncryptSessions(TSS_CONTEXT *tssContext, const char *value); /* globals for the library */ /* tracing is global to avoid passing the context into every function call */ int tssVerbose = TRUE; /* initial value so TSS_Properties_Init errors emit message */ int tssVverbose = FALSE; /* This is a total hack to ensure that the global verbose flags are only set once. It's used by the two entry points to the TSS, TSS_Create() and TSS_SetProperty() */ int tssFirstCall = TRUE; /* defaults for global settings */ #ifndef TPM_TRACE_LEVEL_DEFAULT #define TPM_TRACE_LEVEL_DEFAULT "0" #endif #ifndef TPM_COMMAND_PORT_DEFAULT #define TPM_COMMAND_PORT_DEFAULT "2321" /* default for MS simulator */ #endif #ifndef TPM_PLATFORM_PORT_DEFAULT #define TPM_PLATFORM_PORT_DEFAULT "2322" /* default for MS simulator */ #endif #ifndef TPM_SERVER_NAME_DEFAULT #define TPM_SERVER_NAME_DEFAULT "localhost" /* default to local machine */ #endif #ifndef TPM_SERVER_TYPE_DEFAULT #define TPM_SERVER_TYPE_DEFAULT "mssim" /* default to MS simulator format */ #endif #ifndef TPM_DATA_DIR_DEFAULT #define TPM_DATA_DIR_DEFAULT "." /* default to current working directory */ #endif #ifndef TPM_INTERFACE_TYPE_DEFAULT #define TPM_INTERFACE_TYPE_DEFAULT "socsim" /* default to MS simulator interface */ #endif #ifndef TPM_DEVICE_DEFAULT #ifdef TPM_POSIX #define TPM_DEVICE_DEFAULT "/dev/tpm0" /* default to Linux device driver */ #endif #ifdef TPM_WINDOWS #define TPM_DEVICE_DEFAULT "tddl.dll" /* default to Windows TPM interface dll */ #endif #endif #ifndef TPM_ENCRYPT_SESSIONS_DEFAULT #define TPM_ENCRYPT_SESSIONS_DEFAULT "1" #endif /* TSS_GlobalProperties_Init() sets the global verbose trace flags at the first entry points to the TSS */ TPM_RC TSS_GlobalProperties_Init(void) { TPM_RC rc = 0; const char *value; /* trace level is global, tssContext can be null */ if (rc == 0) { value = getenv("TPM_TRACE_LEVEL"); rc = TSS_SetTraceLevel(value); } return rc; } /* TSS_Properties_Init() sets the initial TSS_CONTEXT properties based on either the environment variables (if set) or the defaults (if not). */ TPM_RC TSS_Properties_Init(TSS_CONTEXT *tssContext) { TPM_RC rc = 0; const char *value; if (rc == 0) { tssContext->tssAuthContext = NULL; tssContext->tssFirstTransmit = TRUE; /* connection not opened */ #ifdef TPM_WINDOWS tssContext->sock_fd = INVALID_SOCKET; #endif #ifdef TPM_POSIX #ifndef TPM_NOSOCKET tssContext->sock_fd = -1; #endif /* TPM_NOSOCKET */ #endif tssContext->dev_fd = -1; #ifdef TPM_WINDOWS #ifdef TPM_WINDOWS_TBSI tssContext->hContext = 0; /* FIXME: Guess at an illegal value */ #endif #endif #ifndef TPM_TSS_NOCRYPTO tssContext->tssSessionEncKey = NULL; tssContext->tssSessionDecKey = NULL; #endif } /* for a minimal TSS with no file support */ #ifdef TPM_TSS_NOFILE { size_t i; for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { tssContext->sessions[i].sessionHandle = TPM_RH_NULL; tssContext->sessions[i].sessionData = NULL; tssContext->sessions[i].sessionDataLength = 0; } for (i = 0 ; i < (sizeof(tssContext->objectPublic) / sizeof(TSS_OBJECT_PUBLIC)) ; i++) { tssContext->objectPublic[i].objectHandle = TPM_RH_NULL; } for (i = 0 ; i < (sizeof(tssContext->nvPublic) / sizeof(TSS_NVPUBLIC)) ; i++) { tssContext->nvPublic[i].nvIndex = TPM_RH_NULL; } } #endif /* data directory */ if (rc == 0) { value = getenv("TPM_DATA_DIR"); rc = TSS_SetDataDirectory(tssContext, value); } /* flag whether session state should be encrypted */ if (rc == 0) { value = getenv("TPM_ENCRYPT_SESSIONS"); rc = TSS_SetEncryptSessions(tssContext, value); } /* TPM socket command port */ if (rc == 0) { value = getenv("TPM_COMMAND_PORT"); rc = TSS_SetCommandPort(tssContext, value); } /* TPM simulator socket platform port */ if (rc == 0) { value = getenv("TPM_PLATFORM_PORT"); rc = TSS_SetPlatformPort(tssContext, value); } /* TPM socket host name */ if (rc == 0) { value = getenv("TPM_SERVER_NAME"); rc = TSS_SetServerName(tssContext, value); } /* TPM socket server type */ if (rc == 0) { value = getenv("TPM_SERVER_TYPE"); rc = TSS_SetServerType(tssContext, value); } /* TPM interface type */ if (rc == 0) { value = getenv("TPM_INTERFACE_TYPE"); rc = TSS_SetInterfaceType(tssContext, value); } /* TPM device within the interface type */ if (rc == 0) { value = getenv("TPM_DEVICE"); rc = TSS_SetDevice(tssContext, value); } return rc; } /* TSS_SetProperty() sets the property to the value. The format of the property and value the same as that of the environment variable. A NULL value sets the property to the default. */ TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext, int property, const char *value) { TPM_RC rc = 0; /* at the first call to the TSS, initialize global variables */ if (tssFirstCall) { #ifndef TPM_TSS_NOCRYPTO /* crypto module initializations */ if (rc == 0) { rc = TSS_Crypto_Init(); } #endif if (rc == 0) { rc = TSS_GlobalProperties_Init(); } tssFirstCall = FALSE; } if (rc == 0) { switch (property) { case TPM_TRACE_LEVEL: rc = TSS_SetTraceLevel(value); break; case TPM_DATA_DIR: rc = TSS_SetDataDirectory(tssContext, value); break; case TPM_COMMAND_PORT: rc = TSS_SetCommandPort(tssContext, value); break; case TPM_PLATFORM_PORT: rc = TSS_SetPlatformPort(tssContext, value); break; case TPM_SERVER_NAME: rc = TSS_SetServerName(tssContext, value); break; case TPM_SERVER_TYPE: rc = TSS_SetServerType(tssContext, value); break; case TPM_INTERFACE_TYPE: rc = TSS_SetInterfaceType(tssContext, value); break; case TPM_DEVICE: rc = TSS_SetDevice(tssContext, value); break; case TPM_ENCRYPT_SESSIONS: rc = TSS_SetEncryptSessions(tssContext, value); break; default: rc = TSS_RC_BAD_PROPERTY; } } return rc; } /* TSS_SetTraceLevel() sets the trace level. 0: no printing 1: error printing 2: trace printing */ static TPM_RC TSS_SetTraceLevel(const char *value) { TPM_RC rc = 0; int irc; int level; if (rc == 0) { if (value == NULL) { value = TPM_TRACE_LEVEL_DEFAULT; } } if (rc == 0) { irc = sscanf(value, "%u", &level); if (irc != 1) { if (tssVerbose) printf("TSS_SetTraceLevel: Error, value invalid\n"); rc = TSS_RC_BAD_PROPERTY_VALUE; } } if (rc == 0) { switch (level) { case 0: tssVerbose = FALSE; tssVverbose = FALSE; break; case 1: tssVerbose = TRUE; tssVverbose = FALSE; break; default: tssVerbose = TRUE; tssVverbose = TRUE; break; } } return rc; } static TPM_RC TSS_SetDataDirectory(TSS_CONTEXT *tssContext, const char *value) { TPM_RC rc = 0; if (rc == 0) { if (value == NULL) { value = TPM_DATA_DIR_DEFAULT; } } if (rc == 0) { tssContext->tssDataDirectory = value; /* FIXME check length, don't hard code max length, use max path size */ } return rc; } static TPM_RC TSS_SetCommandPort(TSS_CONTEXT *tssContext, const char *value) { int irc; TPM_RC rc = 0; /* close an open connection before changing property */ if (rc == 0) { rc = TSS_Close(tssContext); } if (rc == 0) { if (value == NULL) { value = TPM_COMMAND_PORT_DEFAULT; } } if (rc == 0) { irc = sscanf(value, "%hu", &tssContext->tssCommandPort); if (irc != 1) { if (tssVerbose) printf("TSS_SetCommandPort: Error, value invalid\n"); rc = TSS_RC_BAD_PROPERTY_VALUE; } } return rc; } static TPM_RC TSS_SetPlatformPort(TSS_CONTEXT *tssContext, const char *value) { TPM_RC rc = 0; int irc; /* close an open connection before changing property */ if (rc == 0) { rc = TSS_Close(tssContext); } if (rc == 0) { if (value == NULL) { value = TPM_PLATFORM_PORT_DEFAULT; } } if (rc == 0) { irc = sscanf(value, "%hu", &tssContext->tssPlatformPort); if (irc != 1) { if (tssVerbose) printf("TSS_SetPlatformPort: Error, , value invalid\n"); rc = TSS_RC_BAD_PROPERTY_VALUE; } } return rc; } static TPM_RC TSS_SetServerName(TSS_CONTEXT *tssContext, const char *value) { TPM_RC rc = 0; /* close an open connection before changing property */ if (rc == 0) { rc = TSS_Close(tssContext); } if (rc == 0) { if (value == NULL) { value = TPM_SERVER_NAME_DEFAULT; } } if (rc == 0) { tssContext->tssServerName = value; } return rc; } static TPM_RC TSS_SetServerType(TSS_CONTEXT *tssContext, const char *value) { TPM_RC rc = 0; /* close an open connection before changing property */ if (rc == 0) { rc = TSS_Close(tssContext); } if (rc == 0) { if (value == NULL) { value = TPM_SERVER_TYPE_DEFAULT; } } if (rc == 0) { tssContext->tssServerType = value; } return rc; } static TPM_RC TSS_SetInterfaceType(TSS_CONTEXT *tssContext, const char *value) { TPM_RC rc = 0; /* close an open connection before changing property */ if (rc == 0) { rc = TSS_Close(tssContext); } if (rc == 0) { if (value == NULL) { value = TPM_INTERFACE_TYPE_DEFAULT; } } if (rc == 0) { tssContext->tssInterfaceType = value; } return rc; } static TPM_RC TSS_SetDevice(TSS_CONTEXT *tssContext, const char *value) { TPM_RC rc = 0; /* close an open connection before changing property */ if (rc == 0) { rc = TSS_Close(tssContext); } if (rc == 0) { if (value == NULL) { value = TPM_DEVICE_DEFAULT; } } if (rc == 0) { tssContext->tssDevice = value; } return rc; } static TPM_RC TSS_SetEncryptSessions(TSS_CONTEXT *tssContext, const char *value) { TPM_RC rc = 0; int irc; if (rc == 0) { if (value == NULL) { value = TPM_ENCRYPT_SESSIONS_DEFAULT; } } if (rc == 0) { irc = sscanf(value, "%u", &tssContext->tssEncryptSessions); if (irc != 1) { if (tssVerbose) printf("TSS_SetEncryptSessions: Error, value invalid\n"); rc = TSS_RC_BAD_PROPERTY_VALUE; } } return rc; } ./utils/clockset.c0000644000175000017500000001616513075204375012315 0ustar lo1lo1/********************************************************************************/ /* */ /* ClockSet */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: clockset.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ClockSet_In in; char hierarchyChar = 'p'; TPMI_RH_HIERARCHY authHandle = TPM_RH_PLATFORM; const char *parentPassword = NULL; uint64_t newTime = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (newTime == 0) { printf("Missing or bad parameter -time\n"); printUsage(); } if (rc == 0) { in.newTime = newTime; } /* Table 50 - TPMI_RH_HIERARCHY authHandle */ if (rc == 0) { if (hierarchyChar == 'o') { authHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { authHandle = TPM_RH_PLATFORM; } else { printf("Bad parameter %c for -hi\n", hierarchyChar); printUsage(); } in.auth = authHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ClockSet, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("clockset: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("clockset: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("clockset\n"); printf("\n"); printf("Runs TPM2_ClockSet\n"); printf("\n"); printf("\t-time new time\n"); printf("\t-hi hierarchy (o, p) (default platform)\n"); printf("\t\to owner, p platform\n"); printf("\t-pwdp password for hierarchy (default empty)\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/tssfile.c0000644000175000017500000002001013070736653012143 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS and Application File Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssfile.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include #include #include #include extern int tssVerbose; extern int tssVverbose; /* TSS_File_Open() opens the 'filename' for 'mode' */ int TSS_File_Open(FILE **file, const char *filename, const char* mode) { int rc = 0; if (rc == 0) { *file = fopen(filename, mode); if (*file == NULL) { if (tssVerbose) printf("TSS_File_Open: Error opening %s for %s, %s\n", filename, mode, strerror(errno)); rc = TSS_RC_FILE_OPEN; } } return rc; } /* TSS_File_ReadBinaryFile() reads 'filename'. The results are put into 'data', which must be freed by the caller. 'length' indicates the number of bytes read. */ TPM_RC TSS_File_ReadBinaryFile(unsigned char **data, /* must be freed by caller */ size_t *length, const char *filename) { int rc = 0; long lrc; size_t src; int irc; FILE *file = NULL; *data = NULL; *length = 0; /* open the file */ if (rc == 0) { rc = TSS_File_Open(&file, filename, "rb"); /* closed @1 */ } /* determine the file length */ if (rc == 0) { irc = fseek(file, 0L, SEEK_END); /* seek to end of file */ if (irc == -1L) { if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error seeking to end of %s\n", filename); rc = TSS_RC_FILE_SEEK; } } if (rc == 0) { lrc = ftell(file); /* get position in the stream */ if (lrc == -1L) { if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error ftell'ing %s\n", filename); rc = TSS_RC_FILE_FTELL; } else { *length = (size_t)lrc; /* save the length */ } } if (rc == 0) { irc = fseek(file, 0L, SEEK_SET); /* seek back to the beginning of the file */ if (irc == -1L) { if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error seeking to beginning of %s\n", filename); rc = TSS_RC_FILE_SEEK; } } /* allocate a buffer for the actual data */ if ((rc == 0) && (*length != 0)) { rc = TSS_Malloc(data, *length); } /* read the contents of the file into the data buffer */ if ((rc == 0) && *length != 0) { src = fread(*data, 1, *length, file); if (src != *length) { if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error reading %s, %u bytes, got %lu\n", filename, (unsigned int)*length, (unsigned long)src); rc = TSS_RC_FILE_READ; } } if (file != NULL) { irc = fclose(file); /* @1 */ if (irc != 0) { if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error closing %s\n", filename); rc = TSS_RC_FILE_CLOSE; } } if (rc != 0) { if (tssVerbose) printf("TSS_File_ReadBinaryFile: Error reading %s\n", filename); free(*data); data = NULL; } return rc; } /* TSS_File_WriteBinaryFile() writes 'data' of 'length' to 'filename' */ TPM_RC TSS_File_WriteBinaryFile(const unsigned char *data, size_t length, const char *filename) { long rc = 0; size_t src; int irc; FILE *file = NULL; /* open the file */ if (rc == 0) { rc = TSS_File_Open(&file, filename, "wb"); /* closed @1 */ } /* write the contents of the data buffer into the file */ if (rc == 0) { src = fwrite(data, 1, length, file); if (src != length) { if (tssVerbose) printf("TSS_File_WriteBinaryFile: Error writing %s, %lu bytes, got %lu\n", filename, (unsigned long)length, (unsigned long)src); rc = TSS_RC_FILE_WRITE; } } if (file != NULL) { irc = fclose(file); /* @1 */ if (irc != 0) { if (tssVerbose) printf("TSS_File_WriteBinaryFile: Error closing %s\n", filename); rc = TSS_RC_FILE_CLOSE; } } return rc; } /* TSS_File_ReadStructure() is a general purpose "read a structure" function. It reads the filename, and then unmarshals the structure using "unmarshalFunction". */ TPM_RC TSS_File_ReadStructure(void *structure, UnmarshalFunction_t unmarshalFunction, const char *filename) { TPM_RC rc = 0; uint8_t *buffer = NULL; /* for the free */ uint8_t *buffer1 = NULL; /* for unmarshaling */ size_t length = 0; if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, filename); } if (rc == 0) { int32_t ilength = length; buffer1 = buffer; rc = unmarshalFunction(structure, &buffer1, &ilength); } free(buffer); return rc; } /* TSS_File_WriteStructure() is a general purpose "write a structure" function. It marshals the structure using "marshalFunction", and then writes it to filename. */ TPM_RC TSS_File_WriteStructure(void *structure, MarshalFunction_t marshalFunction, const char *filename) { TPM_RC rc = 0; uint16_t written = 0; uint8_t *buffer = NULL; /* for the free */ if (rc == 0) { rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ &written, structure, marshalFunction); } if (rc == 0) { rc = TSS_File_WriteBinaryFile(buffer, written, filename); } free(buffer); /* @1 */ return rc; } /* TSS_File_Read2B() reads 'filename' and copies the data to 'tpm2b', checking targetSize */ TPM_RC TSS_File_Read2B(TPM2B *tpm2b, uint16_t targetSize, const char *filename) { TPM_RC rc = 0; uint8_t *buffer = NULL; size_t length = 0; if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, filename); } /* copy it into the TPM2B */ if (rc == 0) { rc = TSS_TPM2B_Create(tpm2b, buffer, length, targetSize); } free(buffer); return rc; } /* FIXME need to add - ignore failure if does not exist */ TPM_RC TSS_File_DeleteFile(const char *filename) { TPM_RC rc = 0; int irc; if (rc == 0) { irc = remove(filename); if (irc != 0) { rc = TSS_RC_FILE_REMOVE; } } return rc; } ./utils/gettime.c0000644000175000017500000002502113075204375012133 0ustar lo1lo1/********************************************************************************/ /* */ /* GetTime */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: gettime.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; GetTime_In in; GetTime_Out out; TPMI_DH_OBJECT signHandle = 0; const char *keyPassword = NULL; const char *endorsementPassword = NULL; TPMI_ALG_HASH halg = TPM_ALG_SHA256; const char *signatureFilename = NULL; const char *attestInfoFilename = NULL; const char *qualifyingDataFilename = NULL; int useRsa = 1; TPMS_ATTEST tpmsAttest; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (signHandle == 0) { printf("Missing sign handle parameter -hs\n"); printUsage(); } if (rc == 0) { /* handle of the privacy administrator */ in.privacyAdminHandle = TPM_RH_ENDORSEMENT; /* Handle of key that will perform signing */ in.signHandle = signHandle; if (useRsa) { /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ in.inScheme.scheme = TPM_ALG_RSASSA; /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ in.inScheme.details.rsassa.hashAlg = halg; } else { /* ecc */ in.inScheme.scheme = TPM_ALG_ECDSA; in.inScheme.details.ecdsa.hashAlg = halg; } } /* data supplied by the caller */ if (rc == 0) { if (qualifyingDataFilename != NULL) { rc = TSS_File_Read2B(&in.qualifyingData.b, sizeof(TPMT_HA), qualifyingDataFilename); } else { in.qualifyingData.t.size = 0; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_GetTime, sessionHandle0, endorsementPassword, sessionAttributes0, sessionHandle1, keyPassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { uint8_t *tmpBuffer = out.timeInfo.t.attestationData; int32_t tmpSize = out.timeInfo.t.size; rc = TPMS_ATTEST_Unmarshal(&tpmsAttest, &tmpBuffer, &tmpSize); if (verbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); } if (rc == 0) { int match; match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); if (!match) { printf("quote: failed, extraData != qualifyingData\n"); rc = EXIT_FAILURE; } } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } if ((rc == 0) && (attestInfoFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.timeInfo.t.attestationData, out.timeInfo.t.size, attestInfoFilename); } if (rc == 0) { if (verbose) TSS_TPMT_SIGNATURE_Print(&out.signature, 0); if (verbose) TSS_TPM2B_ATTEST_Print(&out.timeInfo, 0); if (verbose) printf("gettime: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("gettime: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("gettime\n"); printf("\n"); printf("Runs TPM2_GetTime\n"); printf("\n"); printf("\t-hk signing key handle\n"); printf("\t[-pwdk password for signing key (default empty)]\n"); printf("\t[-pwde password for endorsement hierarchy (default empty)]\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-salg signature algorithm (rsa, ecc) (default rsa)]\n"); printf("\t[-qd qualifying data file name]\n"); printf("\t[-os signature file name (default do not save)]\n"); printf("\t[-oa attestation output file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/man/0000751000175000017500000000000013133245153011072 5ustar lo1lo1./utils/man/man1/0000755000175000017500000000000013133245157011736 5ustar lo1lo1./utils/man/man1/tsspolicycountertimer.10000644000175000017500000000361313133245156016514 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYCOUNTERTIMER "1" "July 2017" "policycountertimer " "User Commands" .SH NAME policycountertimer \- Runs TPM2_PolicyCounterTimer .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policycountertimer .PP Runs TPM2_PolicyCounterTimer .HP \fB\-ha\fR policy session handle .HP \fB\-ic\fR data string (operandB) .HP \fB\-if\fR data file (operandB) .IP [\-off offset (default 0)] \fB\-op\fR operation (default A = B) .TP 0 A = B .TP 1 A != B .TP 2 A > B signed .TP 3 A > B unsigned .TP 4 A < B signed .TP 5 A < B unsigned .TP 6 A >= B signed .TP 7 A >= B unsigned .TP 8 A <= B signed .TP 9 A <= B unsigned .TP A All bits SET in B are SET in A. ((A&B)=B) .TP B All bits SET in B are CLEAR in A. ((A&B)=0) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP policycountertimer .PP Runs TPM2_PolicyCounterTimer .HP \fB\-ha\fR policy session handle .HP \fB\-ic\fR data string (operandB) .HP \fB\-if\fR data file (operandB) .IP [\-off offset (default 0)] \fB\-op\fR operation (default A = B) .TP 0 A = B .TP 1 A != B .TP 2 A > B signed .TP 3 A > B unsigned .TP 4 A < B signed .TP 5 A < B unsigned .TP 6 A >= B signed .TP 7 A >= B unsigned .TP 8 A <= B signed .TP 9 A <= B unsigned .TP A All bits SET in B are SET in A. ((A&B)=B) .TP B All bits SET in B are CLEAR in A. ((A&B)=0) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B policycountertimer is maintained as a Texinfo manual. If the .B info and .B policycountertimer programs are properly installed at your site, the command .IP .B info policycountertimer .PP should give you access to the complete manual. ./utils/man/man1/tssstirrandom.10000644000175000017500000000126713133245157014742 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH STIRRANDOM "1" "July 2017" "stirrandom " "User Commands" .SH NAME stirrandom \- Runs TPM2_StirRandom .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP stirrandom .PP Runs TPM2_StirRandom .HP \fB\-if\fR input file name .PP \fB\-\-version\fR is not a valid option .PP stirrandom .PP Runs TPM2_StirRandom .HP \fB\-if\fR input file name .SH "SEE ALSO" The full documentation for .B stirrandom is maintained as a Texinfo manual. If the .B info and .B stirrandom programs are properly installed at your site, the command .IP .B info stirrandom .PP should give you access to the complete manual. ./utils/man/man1/tsspolicypassword.10000644000175000017500000000135713133245156015641 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYPASSWORD "1" "July 2017" "policypassword " "User Commands" .SH NAME policypassword \- Runs TPM2_PolicyPassword .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policypassword .PP Runs TPM2_PolicyPassword .HP \fB\-ha\fR policy session handle .PP \fB\-\-version\fR is not a valid option .PP policypassword .PP Runs TPM2_PolicyPassword .HP \fB\-ha\fR policy session handle .SH "SEE ALSO" The full documentation for .B policypassword is maintained as a Texinfo manual. If the .B info and .B policypassword programs are properly installed at your site, the command .IP .B info policypassword .PP should give you access to the complete manual. ./utils/man/man1/tssimportpem.10000644000175000017500000000341213133245155014564 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH IMPORTPEM "1" "July 2017" "importpem " "User Commands" .SH NAME importpem \- Runs TPM2_Import with PEM input .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP Import PEM .PP Runs TPM2_Import for a PEM RSA key .HP \fB\-hp\fR parent handle .IP [\-pwdp password for parent (default empty)] \fB\-ipem\fR PEM format key pair .IP [\-rsa (default)] [\-ecc (uses NIST P256)] .IP [\-pwdk password for key (default empty)] \fB\-opu\fR public area file name \fB\-opr\fR private area file name [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] [\-pol policy file (default empty)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP Import PEM .PP Runs TPM2_Import for a PEM RSA key .HP \fB\-hp\fR parent handle .IP [\-pwdp password for parent (default empty)] \fB\-ipem\fR PEM format key pair .IP [\-rsa (default)] [\-ecc (uses NIST P256)] .IP [\-pwdk password for key (default empty)] \fB\-opu\fR public area file name \fB\-opr\fR private area file name [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] [\-pol policy file (default empty)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B importpem is maintained as a Texinfo manual. If the .B info and .B importpem programs are properly installed at your site, the command .IP .B info importpem .PP should give you access to the complete manual. ./utils/man/man1/tssclearcontrol.10000644000175000017500000000236313133245153015241 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CLEARCONTROL "1" "July 2017" "clearcontrol " "User Commands" .SH NAME clearcontrol \- Runs TPM2_ClearControl .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP clearcontrol .PP Runs TPM2_ClearControl .HP \fB\-hi\fR authhandle hierarchy (l, p) .IP l lockout, p platform .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-state\fR (0 to disable, 1 to enable (default enable) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP clearcontrol .PP Runs TPM2_ClearControl .HP \fB\-hi\fR authhandle hierarchy (l, p) .IP l lockout, p platform .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-state\fR (0 to disable, 1 to enable (default enable) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B clearcontrol is maintained as a Texinfo manual. If the .B info and .B clearcontrol programs are properly installed at your site, the command .IP .B info clearcontrol .PP should give you access to the complete manual. ./utils/man/man1/tssgettime.10000644000175000017500000000301013133245154014177 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH GETTIME "1" "July 2017" "gettime " "User Commands" .SH NAME gettime \- Runs TPM2_GetTime .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP gettime .PP Runs TPM2_GetTime .HP \fB\-hk\fR signing key handle .IP [\-pwdk password for signing key (default empty)] [\-pwde password for endorsement hierarchy (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP gettime .PP Runs TPM2_GetTime .HP \fB\-hk\fR signing key handle .IP [\-pwdk password for signing key (default empty)] [\-pwde password for endorsement hierarchy (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B gettime is maintained as a Texinfo manual. If the .B info and .B gettime programs are properly installed at your site, the command .IP .B info gettime .PP should give you access to the complete manual. ./utils/man/man1/tsspolicysigned.10000644000175000017500000000342113133245156015242 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYSIGNED "1" "July 2017" "policysigned " "User Commands" .SH NAME policysigned \- Runs TPM2_PolicySigned .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policysigned .PP Runs TPM2_PolicySigned .HP \fB\-hk\fR signature verification key handle .HP \fB\-ha\fR policy session handle .HP \fB\-in\fR nonceTPM file (default none) .HP \fB\-cp\fR cpHash file (default none) .HP \fB\-pref\fR policyRef file (default none) .HP \fB\-exp\fR expiration in decimal (default none) .HP \fB\-halg\fR (sha1, sha256) (default sha256) .HP \fB\-sk\fR RSA signing key file name (PEM format) .IP This utility uses this signing key. A real application might use a smart card or other HSM. .HP \fB\-pwdk\fR signing key password (default null) .IP [\-tk ticket file name] [\-to timeout file name] .PP \fB\-\-version\fR is not a valid option .PP policysigned .PP Runs TPM2_PolicySigned .HP \fB\-hk\fR signature verification key handle .HP \fB\-ha\fR policy session handle .HP \fB\-in\fR nonceTPM file (default none) .HP \fB\-cp\fR cpHash file (default none) .HP \fB\-pref\fR policyRef file (default none) .HP \fB\-exp\fR expiration in decimal (default none) .HP \fB\-halg\fR (sha1, sha256) (default sha256) .HP \fB\-sk\fR RSA signing key file name (PEM format) .IP This utility uses this signing key. A real application might use a smart card or other HSM. .HP \fB\-pwdk\fR signing key password (default null) .IP [\-tk ticket file name] [\-to timeout file name] .SH "SEE ALSO" The full documentation for .B policysigned is maintained as a Texinfo manual. If the .B info and .B policysigned programs are properly installed at your site, the command .IP .B info policysigned .PP should give you access to the complete manual. ./utils/man/man1/tssdictionaryattackparameters.10000644000175000017500000000245513133245154020176 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH DICTIONARYATTACKPARAMETERS "1" "July 2017" "dictionaryattackparameters " "User Commands" .SH NAME dictionaryattackparameters \- Runs TPM2_DictionaryAttackParameters .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP dictionaryattackparameters .PP Runs TPM2_DictionaryAttackParameters .IP [\-pwd lockout auth password (default empty)] [\-nmt new max tries (default 1 try)] [\-nrt new recovery time (default 10 seconds)] [\-lr lockout recovery (default 1 second)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP dictionaryattackparameters .PP Runs TPM2_DictionaryAttackParameters .IP [\-pwd lockout auth password (default empty)] [\-nmt new max tries (default 1 try)] [\-nrt new recovery time (default 10 seconds)] [\-lr lockout recovery (default 1 second)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B dictionaryattackparameters is maintained as a Texinfo manual. If the .B info and .B dictionaryattackparameters programs are properly installed at your site, the command .IP .B info dictionaryattackparameters .PP should give you access to the complete manual. ./utils/man/man1/tsspolicynvwritten.10000644000175000017500000000205413133245156016032 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYNVWRITTEN "1" "July 2017" "policynvwritten " "User Commands" .SH NAME policynvwritten \- Runs TPM2_PolicyNvWritten .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policynvwritten .PP Runs TPM2_PolicyNvWritten .HP \fB\-hs\fR policy session handle .HP \fB\-ws\fR written set (y, n) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP policynvwritten .PP Runs TPM2_PolicyNvWritten .HP \fB\-hs\fR policy session handle .HP \fB\-ws\fR written set (y, n) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B policynvwritten is maintained as a Texinfo manual. If the .B info and .B policynvwritten programs are properly installed at your site, the command .IP .B info policynvwritten .PP should give you access to the complete manual. ./utils/man/man1/tsspolicyauthorize.10000644000175000017500000000237213133245156016007 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYAUTHORIZE "1" "July 2017" "policyauthorize " "User Commands" .SH NAME policyauthorize \- Runs TPM2_PolicyAuthorize .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policyauthorize .PP Runs TPM2_PolicyAuthorize .HP \fB\-ha\fR policy session handle .HP \fB\-appr\fR file name of digest of the policy being approved .IP [\-pref policyRef file] (default none) \fB\-skn\fR signing key Name file name \fB\-tk\fR ticket file name .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP policyauthorize .PP Runs TPM2_PolicyAuthorize .HP \fB\-ha\fR policy session handle .HP \fB\-appr\fR file name of digest of the policy being approved .IP [\-pref policyRef file] (default none) \fB\-skn\fR signing key Name file name \fB\-tk\fR ticket file name .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B policyauthorize is maintained as a Texinfo manual. If the .B info and .B policyauthorize programs are properly installed at your site, the command .IP .B info policyauthorize .PP should give you access to the complete manual. ./utils/man/man1/tsshmac.10000644000175000017500000000227713133245154013467 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH HMAC "1" "July 2017" "hmac " "User Commands" .SH NAME hmac \- Runs TPM2_Hmac .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP hmac .PP Runs TPM2_HMAC .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .IP [\-halg (sha1, sha256, sha384) (default sha256)] \fB\-if\fR input file to be HMACed \fB\-ic\fR data string to be HMACed [\-os hmac file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP hmac .PP Runs TPM2_HMAC .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .IP [\-halg (sha1, sha256, sha384) (default sha256)] \fB\-if\fR input file to be HMACed \fB\-ic\fR data string to be HMACed [\-os hmac file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B hmac is maintained as a Texinfo manual. If the .B info and .B hmac programs are properly installed at your site, the command .IP .B info hmac .PP should give you access to the complete manual. ./utils/man/man1/tssecephemeral.10000644000175000017500000000155713133245154015031 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH ECEPHEMERAL "1" "July 2017" "ecephemeral " "User Commands" .SH NAME ecephemeral \- Runs TPM2_EC_ephemeral .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP ecephmeral .PP Runs TPM2_EC_Ephemeral .HP \fB\-ecc\fR curve .IP bnp256 nistp256 nistp384 .IP [\-oq Q ephemeral public key file name (default do not save)] .PP \fB\-\-version\fR is not a valid option .PP ecephmeral .PP Runs TPM2_EC_Ephemeral .HP \fB\-ecc\fR curve .IP bnp256 nistp256 nistp384 .IP [\-oq Q ephemeral public key file name (default do not save)] .SH "SEE ALSO" The full documentation for .B ecephemeral is maintained as a Texinfo manual. If the .B info and .B ecephemeral programs are properly installed at your site, the command .IP .B info ecephemeral .PP should give you access to the complete manual. ./utils/man/man1/tssimaextend.10000644000175000017500000000254013133245154014526 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH IMAEXTEND "1" "July 2017" "imaextend " "User Commands" .SH NAME imaextend \- Runs imaextend simulation .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP imaextend .PP Runs TPM2_PCR_Extend to Extends a SHA\-1 IMA measurement file (binary) into TPM PCRs The IMA measurement is directly extended into the SHA\-1 bank, and a zero padded measurement is extended into the SHA\-256 bank This handles the case where a zero measurement extends ones into the IMA PCR .HP \fB\-if\fR IMA event log file name .IP [\-le input file is little endian (default big endian) .PP ] .PP \fB\-\-version\fR is not a valid option .PP imaextend .PP Runs TPM2_PCR_Extend to Extends a SHA\-1 IMA measurement file (binary) into TPM PCRs The IMA measurement is directly extended into the SHA\-1 bank, and a zero padded measurement is extended into the SHA\-256 bank This handles the case where a zero measurement extends ones into the IMA PCR .HP \fB\-if\fR IMA event log file name .IP [\-le input file is little endian (default big endian) .PP ] .SH "SEE ALSO" The full documentation for .B imaextend is maintained as a Texinfo manual. If the .B info and .B imaextend programs are properly installed at your site, the command .IP .B info imaextend .PP should give you access to the complete manual. ./utils/man/man1/tssrsadecrypt.10000644000175000017500000000255313133245156014736 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH RSADECRYPT "1" "July 2017" "rsadecrypt " "User Commands" .SH NAME rsadecrypt \- Runs TPM2_RsaDecrypt .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP rsadecrypt .PP Runs TPM2_RSA_Decrypt .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .HP \fB\-ie\fR encrypt file name .HP \fB\-od\fR decrypt file name (default do not save) .IP [\-oid (sha1, sha256, sha384) optionally add OID and PKCS1 padding .IP to the encrypt data (demo of signing with arbitrary OID) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP rsadecrypt .PP Runs TPM2_RSA_Decrypt .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .HP \fB\-ie\fR encrypt file name .HP \fB\-od\fR decrypt file name (default do not save) .IP [\-oid (sha1, sha256, sha384) optionally add OID and PKCS1 padding .IP to the encrypt data (demo of signing with arbitrary OID) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B rsadecrypt is maintained as a Texinfo manual. If the .B info and .B rsadecrypt programs are properly installed at your site, the command .IP .B info rsadecrypt .PP should give you access to the complete manual. ./utils/man/man1/tssnvwritelock.10000644000175000017500000000212313133245155015115 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVWRITELOCK "1" "July 2017" "nvwritelock " "User Commands" .SH NAME nvwritelock \- Runs TPM2_NV_Writelock .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvwritelock .PP Runs TPM2_NV_WriteLock .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvwritelock .PP Runs TPM2_NV_WriteLock .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvwritelock is maintained as a Texinfo manual. If the .B info and .B nvwritelock programs are properly installed at your site, the command .IP .B info nvwritelock .PP should give you access to the complete manual. ./utils/man/man1/tssshutdown.10000644000175000017500000000135313133245157014427 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH SHUTDOWN "1" "July 2017" "shutdown " "User Commands" .SH NAME shutdown \- Runs TPM2_Shutdown .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP shutdown .PP Runs TPM2_Shutdown .HP \fB\-c\fR shutdown clear (default) .HP \fB\-s\fR shutdown state .PP \fB\-\-version\fR is not a valid option .PP shutdown .PP Runs TPM2_Shutdown .HP \fB\-c\fR shutdown clear (default) .HP \fB\-s\fR shutdown state .SH "SEE ALSO" The full documentation for .B shutdown is maintained as a Texinfo manual. If the .B info and .B shutdown programs are properly installed at your site, the command .IP .B info shutdown .PP should give you access to the complete manual. ./utils/man/man1/tsscertifycreation.10000644000175000017500000000323413133245153015742 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CERTIFYCREATION "1" "July 2017" "certifycreation " "User Commands" .SH NAME certifycreation \- Runs TPM2_CertifyCreation .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP certify .PP Runs TPM2_CertifyCreation .HP \fB\-ho\fR object handle .HP \fB\-hk\fR certifying key handle .IP [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] \fB\-tk\fR input ticket file name \fB\-ch\fR input creation hash file name [\-os signature file name] (default do not save) [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP certify .PP Runs TPM2_CertifyCreation .HP \fB\-ho\fR object handle .HP \fB\-hk\fR certifying key handle .IP [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] \fB\-tk\fR input ticket file name \fB\-ch\fR input creation hash file name [\-os signature file name] (default do not save) [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B certifycreation is maintained as a Texinfo manual. If the .B info and .B certifycreation programs are properly installed at your site, the command .IP .B info certifycreation .PP should give you access to the complete manual. ./utils/man/man1/tssimport.10000644000175000017500000000263513133245155014070 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH IMPORT "1" "July 2017" "import " "User Commands" .SH NAME import \- Runs TPM2_Import .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP Import .PP Runs TPM2_Import .HP \fB\-hp\fR parent handle .IP [\-pwdp password for parent (default empty)] [\-ik encryption key in file name] \fB\-ipu\fR object public area file name \fB\-id\fR duplicate file name \fB\-iss\fR symmetric seed file name [\-salg symmetric algorithm (default none)] .HP \fB\-opr\fR private area file name .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP Import .PP Runs TPM2_Import .HP \fB\-hp\fR parent handle .IP [\-pwdp password for parent (default empty)] [\-ik encryption key in file name] \fB\-ipu\fR object public area file name \fB\-id\fR duplicate file name \fB\-iss\fR symmetric seed file name [\-salg symmetric algorithm (default none)] .HP \fB\-opr\fR private area file name .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B import is maintained as a Texinfo manual. If the .B info and .B import programs are properly installed at your site, the command .IP .B info import .PP should give you access to the complete manual. ./utils/man/man1/tsschangepps.10000644000175000017500000000171413133245153014521 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CHANGEPPS "1" "July 2017" "changepps " "User Commands" .SH NAME changepps \- Runs TPM2_ChangePPS .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP changepps .PP Runs TPM2_ChangePPS .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP changepps .PP Runs TPM2_ChangePPS .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B changepps is maintained as a Texinfo manual. If the .B info and .B changepps programs are properly installed at your site, the command .IP .B info changepps .PP should give you access to the complete manual. ./utils/man/man1/tsspolicytemplate.10000644000175000017500000000145113133245156015605 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYTEMPLATE "1" "July 2017" "policytemplate " "User Commands" .SH NAME policytemplate \- Runs TPM2_PolicyTemplate .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policytemplate .PP Runs TPM2_PolicyTemplate .HP \fB\-ha\fR policy session handle .HP \fB\-te\fR template file .PP \fB\-\-version\fR is not a valid option .PP policytemplate .PP Runs TPM2_PolicyTemplate .HP \fB\-ha\fR policy session handle .HP \fB\-te\fR template file .SH "SEE ALSO" The full documentation for .B policytemplate is maintained as a Texinfo manual. If the .B info and .B policytemplate programs are properly installed at your site, the command .IP .B info policytemplate .PP should give you access to the complete manual. ./utils/man/man1/tsspolicyor.10000644000175000017500000000147513133245156014420 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYOR "1" "July 2017" "policyor " "User Commands" .SH NAME policyor \- Runs TPM2_PolicyOR .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policyor .PP Runs TPM2_PolicyOR .HP \fB\-ha\fR policy session handle .HP \fB\-if\fR policy digest file (2\-8 \fB\-if\fR specifiers required) .PP \fB\-\-version\fR is not a valid option .PP policyor .PP Runs TPM2_PolicyOR .HP \fB\-ha\fR policy session handle .HP \fB\-if\fR policy digest file (2\-8 \fB\-if\fR specifiers required) .SH "SEE ALSO" The full documentation for .B policyor is maintained as a Texinfo manual. If the .B info and .B policyor programs are properly installed at your site, the command .IP .B info policyor .PP should give you access to the complete manual. ./utils/man/man1/tssrsaencrypt.10000644000175000017500000000152713133245156014750 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH RSAENCRYPT "1" "July 2017" "rsaencrypt " "User Commands" .SH NAME rsaencrypt \- Runs TPM2_RsaEncrypt .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP rsaencrypt .PP Runs TPM2_RSA_Encrypt .HP \fB\-hk\fR key handle .HP \fB\-id\fR decrypt file name .IP [\-oe encrypt file name (default do not save)] .PP \fB\-\-version\fR is not a valid option .PP rsaencrypt .PP Runs TPM2_RSA_Encrypt .HP \fB\-hk\fR key handle .HP \fB\-id\fR decrypt file name .IP [\-oe encrypt file name (default do not save)] .SH "SEE ALSO" The full documentation for .B rsaencrypt is maintained as a Texinfo manual. If the .B info and .B rsaencrypt programs are properly installed at your site, the command .IP .B info rsaencrypt .PP should give you access to the complete manual. ./utils/man/man1/tssnvglobalwritelock.10000644000175000017500000000213713133245155016303 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVGLOBALWRITELOCK "1" "July 2017" "nvglobalwritelock " "User Commands" .SH NAME nvglobalwritelock \- Runs TPM2_NV_GlobalWriteLock .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvglobalwritelock .PP Runs TPM2_NV_GlobalWriteLock .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-pwd\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvglobalwritelock .PP Runs TPM2_NV_GlobalWriteLock .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-pwd\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvglobalwritelock is maintained as a Texinfo manual. If the .B info and .B nvglobalwritelock programs are properly installed at your site, the command .IP .B info nvglobalwritelock .PP should give you access to the complete manual. ./utils/man/man1/tssnvundefinespace.10000644000175000017500000000216113133245155015725 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVUNDEFINESPACE "1" "July 2017" "nvundefinespace " "User Commands" .SH NAME nvundefinespace \- Runs TPM2_NV_UndefineSpace .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvundefinespace .PP Runs TPM2_NV_UndefineSpace .HP \fB\-hi\fR hierarchy (o, p) .IP o owner, p platform .HP \fB\-ha\fR NV index handle .HP \fB\-pwdp\fR password for hierarchy (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvundefinespace .PP Runs TPM2_NV_UndefineSpace .HP \fB\-hi\fR hierarchy (o, p) .IP o owner, p platform .HP \fB\-ha\fR NV index handle .HP \fB\-pwdp\fR password for hierarchy (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvundefinespace is maintained as a Texinfo manual. If the .B info and .B nvundefinespace programs are properly installed at your site, the command .IP .B info nvundefinespace .PP should give you access to the complete manual. ./utils/man/man1/tssgetcapability.10000644000175000017500000000322013133245154015365 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH GETCAPABILITY "1" "July 2017" "getcapability " "User Commands" .SH NAME getcapability \- Runs TPM2_GetCapability .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP getcapability .PP Runs TPM2_GetCapability .HP \fB\-cap\fR capability .HP \fB\-pr\fR property (defaults to 0) .HP \fB\-pc\fR propertyCount (defaults to 64) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 80 command audit .PP \fB\-cap\fR values .PP TPM_CAP_ALGS 0 TPM_CAP_HANDLES 1 TPM_CAP_COMMANDS 2 TPM_CAP_PP_COMMANDS 3 TPM_CAP_AUDIT_COMMANDS 4 TPM_CAP_PCRS 5 TPM_CAP_TPM_PROPERTIES 6 TPM_CAP_PCR_PROPERTIES 7 TPM_CAP_ECC_CURVES 8 .PP \fB\-\-version\fR is not a valid option .PP getcapability .PP Runs TPM2_GetCapability .HP \fB\-cap\fR capability .HP \fB\-pr\fR property (defaults to 0) .HP \fB\-pc\fR propertyCount (defaults to 64) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 80 command audit .PP \fB\-cap\fR values .PP TPM_CAP_ALGS 0 TPM_CAP_HANDLES 1 TPM_CAP_COMMANDS 2 TPM_CAP_PP_COMMANDS 3 TPM_CAP_AUDIT_COMMANDS 4 TPM_CAP_PCRS 5 TPM_CAP_TPM_PROPERTIES 6 TPM_CAP_PCR_PROPERTIES 7 TPM_CAP_ECC_CURVES 8 .SH "SEE ALSO" The full documentation for .B getcapability is maintained as a Texinfo manual. If the .B info and .B getcapability programs are properly installed at your site, the command .IP .B info getcapability .PP should give you access to the complete manual. ./utils/man/man1/tssclockset.10000644000175000017500000000207513133245153014361 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CLOCKSET "1" "July 2017" "clockset " "User Commands" .SH NAME clockset \- Runs TPM2_ClockSet .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP clockset .PP Runs TPM2_ClockSet .HP \fB\-time\fR new time .HP \fB\-hi\fR hierarchy (o, p) (default platform) .IP o owner, p platform .HP \fB\-pwdp\fR password for hierarchy (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP clockset .PP Runs TPM2_ClockSet .HP \fB\-time\fR new time .HP \fB\-hi\fR hierarchy (o, p) (default platform) .IP o owner, p platform .HP \fB\-pwdp\fR password for hierarchy (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B clockset is maintained as a Texinfo manual. If the .B info and .B clockset programs are properly installed at your site, the command .IP .B info clockset .PP should give you access to the complete manual. ./utils/man/man1/tsscreateek.10000644000175000017500000000315313133245154014334 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CREATEEK "1" "July 2017" "createek " "User Commands" .SH NAME createek \- Runs createek demo .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP createek .PP Parses and prints the various EK NV indexes specified by the IWG Creates a primary key based on the EK NV indexes .PP \fB\-te\fR print EK Template \fB\-no\fR print EK nonce \fB\-ce\fR print EK certificate \fB\-cp\fR CreatePrimary using the EK template and EK nonce .IP [\-noflush Do not flush the primary key after validation .PP [\-root filename validate EK certificates against the root)] .IP filename contains a list of PEM certificate filenames, one per line the list may contain up to 100 certificates .PP \fB\-alg\fR (rsa or ec) .PP \fB\-\-version\fR is not a valid option .PP createek .PP Parses and prints the various EK NV indexes specified by the IWG Creates a primary key based on the EK NV indexes .PP \fB\-te\fR print EK Template \fB\-no\fR print EK nonce \fB\-ce\fR print EK certificate \fB\-cp\fR CreatePrimary using the EK template and EK nonce .IP [\-noflush Do not flush the primary key after validation .PP [\-root filename validate EK certificates against the root)] .IP filename contains a list of PEM certificate filenames, one per line the list may contain up to 100 certificates .PP \fB\-alg\fR (rsa or ec) .SH "SEE ALSO" The full documentation for .B createek is maintained as a Texinfo manual. If the .B info and .B createek programs are properly installed at your site, the command .IP .B info createek .PP should give you access to the complete manual. ./utils/man/man1/tsssequencecomplete.10000644000175000017500000000242313133245156016113 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH SEQUENCECOMPLETE "1" "July 2017" "sequencecomplete " "User Commands" .SH NAME sequencecomplete \- Runs TPM2_SequenceComplete .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP sequencecomplete .PP Runs TPM2_SequenceComplete .HP \fB\-hs\fR sequence handle .HP \fB\-pwds\fR password for sequence (default empty) .HP \fB\-if\fR input file to be added (default no data) .TP [\-of result file name (default do not save)] .IP [\-tk ticket file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP sequencecomplete .PP Runs TPM2_SequenceComplete .HP \fB\-hs\fR sequence handle .HP \fB\-pwds\fR password for sequence (default empty) .HP \fB\-if\fR input file to be added (default no data) .TP [\-of result file name (default do not save)] .IP [\-tk ticket file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B sequencecomplete is maintained as a Texinfo manual. If the .B info and .B sequencecomplete programs are properly installed at your site, the command .IP .B info sequencecomplete .PP should give you access to the complete manual. ./utils/man/man1/tsstimepacket.10000644000175000017500000000156313133245157014705 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH TIMEPACKET "1" "July 2017" "timepacket " "User Commands" .SH NAME timepacket \- Runs timepacket profiler .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP timepacket .PP Times the supplied packet .HP \fB\-if\fR packet in hexascii (requires one space at end of packet) .IP [\-l number of loops to time (default 1)] .PP \fB\-\-version\fR is not a valid option .PP timepacket .PP Times the supplied packet .HP \fB\-if\fR packet in hexascii (requires one space at end of packet) .IP [\-l number of loops to time (default 1)] .SH "SEE ALSO" The full documentation for .B timepacket is maintained as a Texinfo manual. If the .B info and .B timepacket programs are properly installed at your site, the command .IP .B info timepacket .PP should give you access to the complete manual. ./utils/man/man1/tssverifysignature.10000644000175000017500000000342013133245157015777 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH VERIFYSIGNATURE "1" "July 2017" "verifysignature " "User Commands" .SH NAME verifysignature \- Runs TPM2_VerifySignature .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP verifysignature .PP Runs TPM2_VerifySignature and/or verifies using the PEM public key .IP [\-hk key handle] [\-ipem public key PEM format file name to verify signature] .IP One of \fB\-hk\fR, \fB\-ipem\fR must be specified .IP [\-halg (sha1, sha256, sha384) (default sha256)] [asymmetric key algorithm] .IP [\-rsa (default)] [\-ecc curve (P256)] .HP \fB\-if\fR input message file name .HP \fB\-ih\fR input hash file name .HP \fB\-is\fR signature file name .IP [\-raw (flag) signature specified by \fB\-is\fR is in raw format] .IP (default TPMT_SIGNATURE) .IP [\-tk ticket file name (requires \fB\-ha\fR)] .PP \fB\-\-version\fR is not a valid option .PP verifysignature .PP Runs TPM2_VerifySignature and/or verifies using the PEM public key .IP [\-hk key handle] [\-ipem public key PEM format file name to verify signature] .IP One of \fB\-hk\fR, \fB\-ipem\fR must be specified .IP [\-halg (sha1, sha256, sha384) (default sha256)] [asymmetric key algorithm] .IP [\-rsa (default)] [\-ecc curve (P256)] .HP \fB\-if\fR input message file name .HP \fB\-ih\fR input hash file name .HP \fB\-is\fR signature file name .IP [\-raw (flag) signature specified by \fB\-is\fR is in raw format] .IP (default TPMT_SIGNATURE) .IP [\-tk ticket file name (requires \fB\-ha\fR)] .SH "SEE ALSO" The full documentation for .B verifysignature is maintained as a Texinfo manual. If the .B info and .B verifysignature programs are properly installed at your site, the command .IP .B info verifysignature .PP should give you access to the complete manual. ./utils/man/man1/tsspolicycommandcode.10000644000175000017500000000151013133245156016237 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYCOMMANDCODE "1" "July 2017" "policycommandcode " "User Commands" .SH NAME policycommandcode \- Runs TPM2_PolicyCommandCode .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policycommandcode .PP Runs TPM2_PolicyCommandCode .HP \fB\-ha\fR policy session handle .HP \fB\-cc\fR command code .PP \fB\-\-version\fR is not a valid option .PP policycommandcode .PP Runs TPM2_PolicyCommandCode .HP \fB\-ha\fR policy session handle .HP \fB\-cc\fR command code .SH "SEE ALSO" The full documentation for .B policycommandcode is maintained as a Texinfo manual. If the .B info and .B policycommandcode programs are properly installed at your site, the command .IP .B info policycommandcode .PP should give you access to the complete manual. ./utils/man/man1/tsscommit.10000644000175000017500000000225713133245153014044 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH COMMIT "1" "July 2017" "commit " "User Commands" .SH NAME commit \- Runs TPM2_Commit .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP commit .PP Runs TPM2_Commit .HP \fB\-hk\fR key handle .IP [\-pt point file name] [\-s2 s2 file name] [\-y2 y2 file name] [\-Kf data file] [\-Lf data file] [\-Ef data file] [\-pwdk password for key (default empty)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP commit .PP Runs TPM2_Commit .HP \fB\-hk\fR key handle .IP [\-pt point file name] [\-s2 s2 file name] [\-y2 y2 file name] [\-Kf data file] [\-Lf data file] [\-Ef data file] [\-pwdk password for key (default empty)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B commit is maintained as a Texinfo manual. If the .B info and .B commit programs are properly installed at your site, the command .IP .B info commit .PP should give you access to the complete manual. ./utils/man/man1/tssntc2getconfig.10000644000175000017500000000171213133245155015305 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NTC2GETCONFIG "1" "July 2017" "ntc2getconfig " "User Commands" .SH NAME ntc2getconfig \- Runs TPM2_Ntc2GetConfig .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP ntc2getconfig .PP Runs NTC2_GetConfig .PP [\-verify Verify results against System P default (default no verify)] [\-verifylocked Verify that the preconfig is locked (default verify not locked)] .PP \fB\-\-version\fR is not a valid option .PP ntc2getconfig .PP Runs NTC2_GetConfig .PP [\-verify Verify results against System P default (default no verify)] [\-verifylocked Verify that the preconfig is locked (default verify not locked)] .SH "SEE ALSO" The full documentation for .B ntc2getconfig is maintained as a Texinfo manual. If the .B info and .B ntc2getconfig programs are properly installed at your site, the command .IP .B info ntc2getconfig .PP should give you access to the complete manual. ./utils/man/man1/tssquote.10000644000175000017500000000324413133245156013711 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH QUOTE "1" "July 2017" "quote " "User Commands" .SH NAME quote \- Runs TPM2_Quote .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP quote .PP Runs TPM2_Quote .HP \fB\-hp\fR pcr handle (may be specified more than once) .HP \fB\-hk\fR quoting key handle .IP [\-pwdk password for quoting key (default empty)] [\-halg for signing (sha1, sha256, sha384) (default sha256)] [\-palg for PCR bank selection (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os quote signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP quote .PP Runs TPM2_Quote .HP \fB\-hp\fR pcr handle (may be specified more than once) .HP \fB\-hk\fR quoting key handle .IP [\-pwdk password for quoting key (default empty)] [\-halg for signing (sha1, sha256, sha384) (default sha256)] [\-palg for PCR bank selection (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os quote signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B quote is maintained as a Texinfo manual. If the .B info and .B quote programs are properly installed at your site, the command .IP .B info quote .PP should give you access to the complete manual. ./utils/man/man1/tssnvsetbits.10000644000175000017500000000206513133245155014574 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVSETBITS "1" "July 2017" "nvsetbits " "User Commands" .SH NAME nvsetbits \- Runs TPM2_NV_SetBits .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvsetbits .PP Runs TPM2_NV_SetBits .HP \fB\-ha\fR NV index handle .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-bit\fR bit to set, can be specified multiple times .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvsetbits .PP Runs TPM2_NV_SetBits .HP \fB\-ha\fR NV index handle .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-bit\fR bit to set, can be specified multiple times .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvsetbits is maintained as a Texinfo manual. If the .B info and .B nvsetbits programs are properly installed at your site, the command .IP .B info nvsetbits .PP should give you access to the complete manual. ./utils/man/man1/tssnvread.10000644000175000017500000000232213133245155014026 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVREAD "1" "July 2017" "nvread " "User Commands" .SH NAME nvread \- Runs TPM2_NV_Read .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvread .PP Runs TPM2_NV_Read .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle [\-pwdn password for NV index (default empty)] [\-sz data size (default 0)] [\-off offset (default 0)] [\-of data file (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvread .PP Runs TPM2_NV_Read .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle [\-pwdn password for NV index (default empty)] [\-sz data size (default 0)] [\-off offset (default 0)] [\-of data file (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvread is maintained as a Texinfo manual. If the .B info and .B nvread programs are properly installed at your site, the command .IP .B info nvread .PP should give you access to the complete manual. ./utils/man/man1/tsseventextend.10000644000175000017500000000176313133245154015107 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH EVENTEXTEND "1" "July 2017" "eventextend " "User Commands" .SH NAME eventextend \- Runs TPM2_EventExtend .SH SYNOPSIS .B eventextend \fI\,-if \/\fR[\fI\,-v\/\fR] .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP Extends a measurement file (binary) into TPM PCRs .IP Where the arguments are... .HP \fB\-if\fR is the file containing the data to be extended .PP \fB\-\-version\fR is not a valid option Usage: eventextend \fB\-if\fR [\-v] .PP Extends a measurement file (binary) into TPM PCRs .IP Where the arguments are... .HP \fB\-if\fR is the file containing the data to be extended .SH "SEE ALSO" The full documentation for .B eventextend is maintained as a Texinfo manual. If the .B info and .B eventextend programs are properly installed at your site, the command .IP .B info eventextend .PP should give you access to the complete manual. ./utils/man/man1/tsspolicygetdigest.10000644000175000017500000000155413133245156015755 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYGETDIGEST "1" "July 2017" "policygetdigest " "User Commands" .SH NAME policygetdigest \- Runs TPM2_PolicyGetDigest .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policygetdigest .PP Runs TPM2_PolicyGetDigest .HP \fB\-ha\fR policy session handle .IP [\-of binary digest file name (default do not save)] .PP \fB\-\-version\fR is not a valid option .PP policygetdigest .PP Runs TPM2_PolicyGetDigest .HP \fB\-ha\fR policy session handle .IP [\-of binary digest file name (default do not save)] .SH "SEE ALSO" The full documentation for .B policygetdigest is maintained as a Texinfo manual. If the .B info and .B policygetdigest programs are properly installed at your site, the command .IP .B info policygetdigest .PP should give you access to the complete manual. ./utils/man/man1/tsspolicyauthvalue.10000644000175000017500000000137213133245156015772 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYAUTHVALUE "1" "July 2017" "policyauthvalue " "User Commands" .SH NAME policyauthvalue \- Runs TPM2_PolicyAuthValue .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policyauthvalue .PP Runs TPM2_PolicyAuthValue .HP \fB\-ha\fR policy session handle .PP \fB\-\-version\fR is not a valid option .PP policyauthvalue .PP Runs TPM2_PolicyAuthValue .HP \fB\-ha\fR policy session handle .SH "SEE ALSO" The full documentation for .B policyauthvalue is maintained as a Texinfo manual. If the .B info and .B policyauthvalue programs are properly installed at your site, the command .IP .B info policyauthvalue .PP should give you access to the complete manual. ./utils/man/man1/tssloadexternal.10000644000175000017500000000303113133245155015227 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH LOADEXTERNAL "1" "July 2017" "loadexternal " "User Commands" .SH NAME loadexternal \- Runs TPM2_LoadExternal .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP loadexternal .PP Runs TPM2_LoadExternal .IP [\-hi hierarchy (e, o, p, n) (default NULL)] [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg (sha1, sha256, sha384) (default sha256)] [Asymmetric Key Algorithm] .IP [\-rsa (default)] [\-ecc curve (uses NIST P\-256)] .HP \fB\-ipu\fR TPM2B_PUBLIC public key file name .HP \fB\-ipem\fR PEM format public key file name .HP \fB\-ider\fR DER format RSA plaintext key pair file name .IP [\-si signing (default)] [\-st storage] .PP \fB\-\-version\fR is not a valid option .PP loadexternal .PP Runs TPM2_LoadExternal .IP [\-hi hierarchy (e, o, p, n) (default NULL)] [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg (sha1, sha256, sha384) (default sha256)] [Asymmetric Key Algorithm] .IP [\-rsa (default)] [\-ecc curve (uses NIST P\-256)] .HP \fB\-ipu\fR TPM2B_PUBLIC public key file name .HP \fB\-ipem\fR PEM format public key file name .HP \fB\-ider\fR DER format RSA plaintext key pair file name .IP [\-si signing (default)] [\-st storage] .SH "SEE ALSO" The full documentation for .B loadexternal is maintained as a Texinfo manual. If the .B info and .B loadexternal programs are properly installed at your site, the command .IP .B info loadexternal .PP should give you access to the complete manual. ./utils/man/man1/tssflushcontext.10000644000175000017500000000127313133245154015300 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH FLUSHCONTEXT "1" "July 2017" "flushcontext " "User Commands" .SH NAME flushcontext \- Runs TPM2_FlushContext .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP flushcontext .PP Runs TPM2_FlushContext .HP \fB\-ha\fR handle .PP \fB\-\-version\fR is not a valid option .PP flushcontext .PP Runs TPM2_FlushContext .HP \fB\-ha\fR handle .SH "SEE ALSO" The full documentation for .B flushcontext is maintained as a Texinfo manual. If the .B info and .B flushcontext programs are properly installed at your site, the command .IP .B info flushcontext .PP should give you access to the complete manual. ./utils/man/man1/tssreadpublic.10000644000175000017500000000223713133245156014667 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH READPUBLIC "1" "July 2017" "readpublic " "User Commands" .SH NAME readpublic \- Runs TPM2_ReadPublic .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP readpublic .PP Runs TPM2_ReadPublic .HP \fB\-ho\fR object handle .IP [\-opu public key file name (default do not save)] [\-opem public key PEM format file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt 80 audit .PP \fB\-\-version\fR is not a valid option .PP readpublic .PP Runs TPM2_ReadPublic .HP \fB\-ho\fR object handle .IP [\-opu public key file name (default do not save)] [\-opem public key PEM format file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt 80 audit .SH "SEE ALSO" The full documentation for .B readpublic is maintained as a Texinfo manual. If the .B info and .B readpublic programs are properly installed at your site, the command .IP .B info readpublic .PP should give you access to the complete manual. ./utils/man/man1/tsssignapp.10000644000175000017500000000177213133245157014222 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH SIGNAPP "1" "July 2017" "signapp " "User Commands" .SH NAME signapp \- Runs TPM2_Signapp .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP signapp .PP Runs a TPM2_Sign application, including creating a primary storage key and creating and loading a signing key .HP \fB\-ic\fR input message to hash and sign .IP [\-pwsess Use a password session, no HMAC or parameter encryption] .PP \fB\-\-version\fR is not a valid option .PP signapp .PP Runs a TPM2_Sign application, including creating a primary storage key and creating and loading a signing key .HP \fB\-ic\fR input message to hash and sign .IP [\-pwsess Use a password session, no HMAC or parameter encryption] .SH "SEE ALSO" The full documentation for .B signapp is maintained as a Texinfo manual. If the .B info and .B signapp programs are properly installed at your site, the command .IP .B info signapp .PP should give you access to the complete manual. ./utils/man/man1/tssntc2preconfig.10000644000175000017500000000314213133245155015313 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NTC2PRECONFIG "1" "July 2017" "ntc2preconfig " "User Commands" .SH NAME ntc2preconfig \- Runs TPM2_Ntc2Preconfig .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP ntc2preconfig .PP Runs NTC2_PreConfig .PP \fB\-prequired\fR \- sets the required values for System P, write only \fB\-override\fR \- permits individual register values, read\-modify\-write .PP Values to set, each is a hex byte, (default do not change) [\-i2cLoc1_2 byte] [\-i2cLoc3_4 byte] [\-AltCfg byte] [\-Direction byte] [\-PullUp byte] [\-PushPull byte] [\-CFG_A byte] [\-CFG_B byte] [\-CFG_C byte] [\-CFG_D byte] [\-CFG_E byte] [\-CFG_F byte] [\-CFG_G byte] [\-CFG_H byte] [\-CFG_I byte] [\-CFG_J byte] [\-IsValid byte] .PP \fB\-\-version\fR is not a valid option .PP ntc2preconfig .PP Runs NTC2_PreConfig .PP \fB\-prequired\fR \- sets the required values for System P, write only \fB\-override\fR \- permits individual register values, read\-modify\-write .PP Values to set, each is a hex byte, (default do not change) [\-i2cLoc1_2 byte] [\-i2cLoc3_4 byte] [\-AltCfg byte] [\-Direction byte] [\-PullUp byte] [\-PushPull byte] [\-CFG_A byte] [\-CFG_B byte] [\-CFG_C byte] [\-CFG_D byte] [\-CFG_E byte] [\-CFG_F byte] [\-CFG_G byte] [\-CFG_H byte] [\-CFG_I byte] [\-CFG_J byte] [\-IsValid byte] .SH "SEE ALSO" The full documentation for .B ntc2preconfig is maintained as a Texinfo manual. If the .B info and .B ntc2preconfig programs are properly installed at your site, the command .IP .B info ntc2preconfig .PP should give you access to the complete manual. ./utils/man/man1/tssnvundefinespacespecial.10000644000175000017500000000227213133245155017271 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVUNDEFINESPACESPECIAL "1" "July 2017" "nvundefinespacespecial " "User Commands" .SH NAME nvundefinespacespecial \- Runs TPM2_NV_UndefineSpaceSpecial .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvundefinespacespecial .PP Runs TPM2_NV_UndefineSpaceSpecial .HP \fB\-ha\fR NV index handle .HP \fB\-pwdp\fR password for platform (default empty) .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvundefinespacespecial .PP Runs TPM2_NV_UndefineSpaceSpecial .HP \fB\-ha\fR NV index handle .HP \fB\-pwdp\fR password for platform (default empty) .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvundefinespacespecial is maintained as a Texinfo manual. If the .B info and .B nvundefinespacespecial programs are properly installed at your site, the command .IP .B info nvundefinespacespecial .PP should give you access to the complete manual. ./utils/man/man1/tssload.10000644000175000017500000000203113133245155013463 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH LOAD "1" "July 2017" "load " "User Commands" .SH NAME load \- Runs TPM2_Load .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP load .PP Runs TPM2_Load .HP \fB\-hp\fR parent handle .HP \fB\-pwdp\fR password for parent key (default empty) .HP \fB\-ipu\fR public key file name .HP \fB\-ipr\fR private key file name .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP load .PP Runs TPM2_Load .HP \fB\-hp\fR parent handle .HP \fB\-pwdp\fR password for parent key (default empty) .HP \fB\-ipu\fR public key file name .HP \fB\-ipr\fR private key file name .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B load is maintained as a Texinfo manual. If the .B info and .B load programs are properly installed at your site, the command .IP .B info load .PP should give you access to the complete manual. ./utils/man/man1/tsshmacstart.10000644000175000017500000000216613133245154014542 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH HMACSTART "1" "July 2017" "hmacstart " "User Commands" .SH NAME hmacstart \- Runs TPM2_HmacStart .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP hmac .PP Runs TPM2_Hmac_Start .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .HP \fB\-pwda\fR password for sequence (default empty) .IP [\-halg (sha1, sha256, sha384) (default sha256)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP hmac .PP Runs TPM2_Hmac_Start .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .HP \fB\-pwda\fR password for sequence (default empty) .IP [\-halg (sha1, sha256, sha384) (default sha256)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B hmacstart is maintained as a Texinfo manual. If the .B info and .B hmacstart programs are properly installed at your site, the command .IP .B info hmacstart .PP should give you access to the complete manual. ./utils/man/man1/tssevictcontrol.10000644000175000017500000000235713133245154015271 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH EVICTCONTROL "1" "July 2017" "evictcontrol " "User Commands" .SH NAME evictcontrol \- Runs TPM2_EvictControl .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP evictcontrol .PP Runs TPM2_EvictControl .HP \fB\-hi\fR authhandle hierarchy (o, p) .IP o owner, p platform .HP \fB\-ho\fR object handle .HP \fB\-hp\fR persistent handle .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP evictcontrol .PP Runs TPM2_EvictControl .HP \fB\-hi\fR authhandle hierarchy (o, p) .IP o owner, p platform .HP \fB\-ho\fR object handle .HP \fB\-hp\fR persistent handle .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B evictcontrol is maintained as a Texinfo manual. If the .B info and .B evictcontrol programs are properly installed at your site, the command .IP .B info evictcontrol .PP should give you access to the complete manual. ./utils/man/man1/tsspolicyrestart.10000644000175000017500000000134413133245156015457 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYRESTART "1" "July 2017" "policyrestart " "User Commands" .SH NAME policyrestart \- Runs TPM2_PolicyRestart .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policyrestart .PP Runs TPM2_PolicyRestart .HP \fB\-ha\fR policy session handle .PP \fB\-\-version\fR is not a valid option .PP policyrestart .PP Runs TPM2_PolicyRestart .HP \fB\-ha\fR policy session handle .SH "SEE ALSO" The full documentation for .B policyrestart is maintained as a Texinfo manual. If the .B info and .B policyrestart programs are properly installed at your site, the command .IP .B info policyrestart .PP should give you access to the complete manual. ./utils/man/man1/tsscreateloaded.10000644000175000017500000001022713133245154015165 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CREATELOADED "1" "July 2017" "createloaded " "User Commands" .SH NAME createloaded \- Runs TPM2_CreateLoaded .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP createloaded .PP Runs TPM2_CreateLoaded .HP \fB\-hp\fR parent handle (can be hierarchy) .IP 40000001 Owner 4000000c Platform 4000000b Endorsement .IP [Asymmetric Key Algorithm] .IP \fB\-rsa\fR (default) \fB\-ecc\fR curve .TP bnp256 nistp256 nistp384 .IP Key attributes .TP \fB\-bl\fR data blob for unseal (create only) \fB\-if\fR data file name .IP \fB\-den\fR decryption, RSA, not storage, NULL scheme \fB\-deo\fR decryption, RSA, not storage, OAEP scheme \fB\-des\fR encryption/decryption, AES symmetric .IP [\-116 for TPM rev 116 compatibility] .TP \fB\-st\fR storage [default for primary keys] .IP \fB\-si\fR signing \fB\-sir\fR restricted signing \fB\-dau\fR create unrestricted ECDAA key pair \fB\-dar\fR create restricted ECDAA key pair \fB\-kh\fR keyed hash (hmac) \fB\-dp\fR derivation parent \fB\-gp\fR general purpose, not storage .TP [\-kt (can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non\-primary keys) np no fixedParent (default for non\-primary keys) .IP [\-da object subject to DA protection) (default no)] .IP [\-pol policy file (default empty)] [\-uwa userWithAuth attribute clear (default set)] .IP [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] .IP [\-der object's parent is a derivation parent] .IP [\-pwdk password for key (default empty)] [\-pwdp password for parent key (default empty)] .IP [\-opu public key file name (default do not save)] [\-opr private key file name (default do not save)] [\-opem public key PEM format file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP createloaded .PP Runs TPM2_CreateLoaded .HP \fB\-hp\fR parent handle (can be hierarchy) .IP 40000001 Owner 4000000c Platform 4000000b Endorsement .IP [Asymmetric Key Algorithm] .IP \fB\-rsa\fR (default) \fB\-ecc\fR curve .TP bnp256 nistp256 nistp384 .IP Key attributes .TP \fB\-bl\fR data blob for unseal (create only) \fB\-if\fR data file name .IP \fB\-den\fR decryption, RSA, not storage, NULL scheme \fB\-deo\fR decryption, RSA, not storage, OAEP scheme \fB\-des\fR encryption/decryption, AES symmetric .IP [\-116 for TPM rev 116 compatibility] .TP \fB\-st\fR storage [default for primary keys] .IP \fB\-si\fR signing \fB\-sir\fR restricted signing \fB\-dau\fR create unrestricted ECDAA key pair \fB\-dar\fR create restricted ECDAA key pair \fB\-kh\fR keyed hash (hmac) \fB\-dp\fR derivation parent \fB\-gp\fR general purpose, not storage .TP [\-kt (can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non\-primary keys) np no fixedParent (default for non\-primary keys) .IP [\-da object subject to DA protection) (default no)] .IP [\-pol policy file (default empty)] [\-uwa userWithAuth attribute clear (default set)] .IP [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] .IP [\-der object's parent is a derivation parent] .IP [\-pwdk password for key (default empty)] [\-pwdp password for parent key (default empty)] .IP [\-opu public key file name (default do not save)] [\-opr private key file name (default do not save)] [\-opem public key PEM format file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B createloaded is maintained as a Texinfo manual. If the .B info and .B createloaded programs are properly installed at your site, the command .IP .B info createloaded .PP should give you access to the complete manual. ./utils/man/man1/tssreturncode.10000644000175000017500000000073413133245156014727 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH RETURNCODE "1" "July 2017" "returncode TPM_RC_SUCCESS" "User Commands" .SH NAME returncode \- Runs returncode parser .SH DESCRIPTION TPM_RC_SUCCESS .SH "SEE ALSO" The full documentation for .B returncode is maintained as a Texinfo manual. If the .B info and .B returncode programs are properly installed at your site, the command .IP .B info returncode .PP should give you access to the complete manual. ./utils/man/man1/tsspolicynv.10000644000175000017500000000407313133245156014420 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYNV "1" "July 2017" "policynv " "User Commands" .SH NAME policynv \- Runs TPM2_PolicyNv .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policynv .PP Runs TPM2_PolicyNV .IP [\-hi hierarchy authHandle (o, p)] .IP default NV index .HP \fB\-ha\fR NV index handle (operand A) .IP [\-pwda password for authorization (default empty)] \fB\-hs\fR policy session handle \fB\-ic\fR data string (operandB) \fB\-if\fR data file (operandB) [\-off offset (default 0)] \fB\-op\fR operation (default A = B) .TP 0 A = B .TP 1 A != B .TP 2 A > B signed .TP 3 A > B unsigned .TP 4 A < B signed .TP 5 A < B unsigned .TP 6 A >= B signed .TP 7 A >= B unsigned .TP 8 A <= B signed .TP 9 A <= B unsigned .TP A All bits SET in B are SET in A. ((A&B)=B) .TP B All bits SET in B are CLEAR in A. ((A&B)=0) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP policynv .PP Runs TPM2_PolicyNV .IP [\-hi hierarchy authHandle (o, p)] .IP default NV index .HP \fB\-ha\fR NV index handle (operand A) .IP [\-pwda password for authorization (default empty)] \fB\-hs\fR policy session handle \fB\-ic\fR data string (operandB) \fB\-if\fR data file (operandB) [\-off offset (default 0)] \fB\-op\fR operation (default A = B) .TP 0 A = B .TP 1 A != B .TP 2 A > B signed .TP 3 A > B unsigned .TP 4 A < B signed .TP 5 A < B unsigned .TP 6 A >= B signed .TP 7 A >= B unsigned .TP 8 A <= B signed .TP 9 A <= B unsigned .TP A All bits SET in B are SET in A. ((A&B)=B) .TP B All bits SET in B are CLEAR in A. ((A&B)=0) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B policynv is maintained as a Texinfo manual. If the .B info and .B policynv programs are properly installed at your site, the command .IP .B info policynv .PP should give you access to the complete manual. ./utils/man/man1/tsspowerup.10000644000175000017500000000123613133245156014254 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POWERUP "1" "July 2017" "powerup " "User Commands" .SH NAME powerup \- Runs powerup simulation .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP powerup .PP Powers the simulator off and on, and powers up NV .PP \fB\-\-version\fR is not a valid option .PP powerup .PP Powers the simulator off and on, and powers up NV .SH "SEE ALSO" The full documentation for .B powerup is maintained as a Texinfo manual. If the .B info and .B powerup programs are properly installed at your site, the command .IP .B info powerup .PP should give you access to the complete manual. ./utils/man/man1/tssunseal.10000644000175000017500000000177113133245157014047 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH UNSEAL "1" "July 2017" "unseal " "User Commands" .SH NAME unseal \- Runs TPM2_Unseal .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP unseal .PP Runs TPM2_Unseal .HP \fB\-ha\fR sealed data item handle .IP [\-pwd password sealed data item (default empty)] [\-of output data (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP unseal .PP Runs TPM2_Unseal .HP \fB\-ha\fR sealed data item handle .IP [\-pwd password sealed data item (default empty)] [\-of output data (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B unseal is maintained as a Texinfo manual. If the .B info and .B unseal programs are properly installed at your site, the command .IP .B info unseal .PP should give you access to the complete manual. ./utils/man/man1/tssclear.10000644000175000017500000000205213133245153013633 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CLEAR "1" "July 2017" "clear " "User Commands" .SH NAME clear \- Runs TPM2_Clear .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP clear .PP Runs TPM2_Clear .HP \fB\-hi\fR authhandle hierarchy (l, p) .IP l lockout, p platform .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP clear .PP Runs TPM2_Clear .HP \fB\-hi\fR authhandle hierarchy (l, p) .IP l lockout, p platform .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B clear is maintained as a Texinfo manual. If the .B info and .B clear programs are properly installed at your site, the command .IP .B info clear .PP should give you access to the complete manual. ./utils/man/man1/tssstartup.10000644000175000017500000000151613133245157014257 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH STARTUP "1" "July 2017" "startup " "User Commands" .SH NAME startup \- Runs TPM2_Startup .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP startup .PP Runs TPM2_Startup .IP [\-c startup clear (default)] [\-s startup state] [\-st run TPM2_SelfTest] [\-sto run only TPM2_SelfTest (no startup)] .PP \fB\-\-version\fR is not a valid option .PP startup .PP Runs TPM2_Startup .IP [\-c startup clear (default)] [\-s startup state] [\-st run TPM2_SelfTest] [\-sto run only TPM2_SelfTest (no startup)] .SH "SEE ALSO" The full documentation for .B startup is maintained as a Texinfo manual. If the .B info and .B startup programs are properly installed at your site, the command .IP .B info startup .PP should give you access to the complete manual. ./utils/man/man1/tssreadclock.10000644000175000017500000000115613133245156014503 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH READCLOCK "1" "July 2017" "readclock " "User Commands" .SH NAME readclock \- Runs TPM2_ReadClock .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP readclock .PP Runs TPM2_ReadClock .PP \fB\-\-version\fR is not a valid option .PP readclock .PP Runs TPM2_ReadClock .SH "SEE ALSO" The full documentation for .B readclock is maintained as a Texinfo manual. If the .B info and .B readclock programs are properly installed at your site, the command .IP .B info readclock .PP should give you access to the complete manual. ./utils/man/man1/tsspcrreset.10000644000175000017500000000123213133245156014376 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH PCRRESET "1" "July 2017" "pcrreset " "User Commands" .SH NAME pcrreset \- Runs TPM2_PCR_Reset .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP pcrreset .PP Runs TPM2_PCR_Reset .HP \fB\-ha\fR pcr handle .PP \fB\-\-version\fR is not a valid option .PP pcrreset .PP Runs TPM2_PCR_Reset .HP \fB\-ha\fR pcr handle .SH "SEE ALSO" The full documentation for .B pcrreset is maintained as a Texinfo manual. If the .B info and .B pcrreset programs are properly installed at your site, the command .IP .B info pcrreset .PP should give you access to the complete manual. ./utils/man/man1/tsscreate.10000644000175000017500000000773713133245154014030 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CREATE "1" "July 2017" "create " "User Commands" .SH NAME create \- Runs TPM2_Create .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP create .PP Runs TPM2_Create .HP \fB\-hp\fR parent handle .IP [Asymmetric Key Algorithm] .IP \fB\-rsa\fR (default) \fB\-ecc\fR curve .TP bnp256 nistp256 nistp384 .IP Key attributes .TP \fB\-bl\fR data blob for unseal (create only) \fB\-if\fR data file name .IP \fB\-den\fR decryption, RSA, not storage, NULL scheme \fB\-deo\fR decryption, RSA, not storage, OAEP scheme \fB\-des\fR encryption/decryption, AES symmetric .IP [\-116 for TPM rev 116 compatibility] .TP \fB\-st\fR storage [default for primary keys] .IP \fB\-si\fR signing \fB\-sir\fR restricted signing \fB\-dau\fR create unrestricted ECDAA key pair \fB\-dar\fR create restricted ECDAA key pair \fB\-kh\fR keyed hash (hmac) \fB\-dp\fR derivation parent \fB\-gp\fR general purpose, not storage .TP [\-kt (can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non\-primary keys) np no fixedParent (default for non\-primary keys) .IP [\-da object subject to DA protection) (default no)] .IP [\-pol policy file (default empty)] [\-uwa userWithAuth attribute clear (default set)] .IP [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] .IP [\-pwdk password for key (default empty)] [\-pwdp password for parent key (default empty)] .IP [\-opu public key file name (default do not save)] [\-opr private key file name (default do not save)] [\-opem public key PEM format file name (default do not save)] [\-tk output ticket file name] [\-ch output creation hash file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP create .PP Runs TPM2_Create .HP \fB\-hp\fR parent handle .IP [Asymmetric Key Algorithm] .IP \fB\-rsa\fR (default) \fB\-ecc\fR curve .TP bnp256 nistp256 nistp384 .IP Key attributes .TP \fB\-bl\fR data blob for unseal (create only) \fB\-if\fR data file name .IP \fB\-den\fR decryption, RSA, not storage, NULL scheme \fB\-deo\fR decryption, RSA, not storage, OAEP scheme \fB\-des\fR encryption/decryption, AES symmetric .IP [\-116 for TPM rev 116 compatibility] .TP \fB\-st\fR storage [default for primary keys] .IP \fB\-si\fR signing \fB\-sir\fR restricted signing \fB\-dau\fR create unrestricted ECDAA key pair \fB\-dar\fR create restricted ECDAA key pair \fB\-kh\fR keyed hash (hmac) \fB\-dp\fR derivation parent \fB\-gp\fR general purpose, not storage .TP [\-kt (can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non\-primary keys) np no fixedParent (default for non\-primary keys) .IP [\-da object subject to DA protection) (default no)] .IP [\-pol policy file (default empty)] [\-uwa userWithAuth attribute clear (default set)] .IP [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] .IP [\-pwdk password for key (default empty)] [\-pwdp password for parent key (default empty)] .IP [\-opu public key file name (default do not save)] [\-opr private key file name (default do not save)] [\-opem public key PEM format file name (default do not save)] [\-tk output ticket file name] [\-ch output creation hash file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B create is maintained as a Texinfo manual. If the .B info and .B create programs are properly installed at your site, the command .IP .B info create .PP should give you access to the complete manual. ./utils/man/man1/tsspolicyauthorizenv.10000644000175000017500000000242413133245156016351 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYAUTHORIZENV "1" "July 2017" "policyauthorizenv " "User Commands" .SH NAME policyauthorizenv \- Runs TPM2_PolicyAuthorizeNV .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policyauthorizenv .PP Runs TPM2_PolicyAuthorizeNV .IP [\-hi hierarchy authHandle (o, p)] .IP default NV index .HP \fB\-ha\fR NV index handle .IP [\-pwda password for authorization (default empty)] \fB\-hs\fR policy session handle \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP policyauthorizenv .PP Runs TPM2_PolicyAuthorizeNV .IP [\-hi hierarchy authHandle (o, p)] .IP default NV index .HP \fB\-ha\fR NV index handle .IP [\-pwda password for authorization (default empty)] \fB\-hs\fR policy session handle \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B policyauthorizenv is maintained as a Texinfo manual. If the .B info and .B policyauthorizenv programs are properly installed at your site, the command .IP .B info policyauthorizenv .PP should give you access to the complete manual. ./utils/man/man1/tsscreateprimary.10000644000175000017500000001035413133245154015421 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CREATEPRIMARY "1" "July 2017" "createprimary " "User Commands" .SH NAME createprimary \- Runs TPM2_CreatePrimary .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP createprimary creates a primary storage key .PP Runs TPM2_CreatePrimary .IP [\-hi hierarchy (e, o, p, n) (default null)] [\-pwdp password for hierarchy (default empty)] [\-pwdpi password file name for hierarchy (default empty)] [\-pwdk password for key (default empty)] [\-iu inPublic unique field file (default none)] [\-opu public key file name (default do not save)] [oipem public key PEM format file name (default do not save)] [\-tk output ticket file name] [\-ch output creation hash file name] .IP [Asymmetric Key Algorithm] .IP \fB\-rsa\fR (default) \fB\-ecc\fR curve .TP bnp256 nistp256 nistp384 .IP Key attributes .TP \fB\-bl\fR data blob for unseal (create only) \fB\-if\fR data file name .IP \fB\-den\fR decryption, RSA, not storage, NULL scheme \fB\-deo\fR decryption, RSA, not storage, OAEP scheme \fB\-des\fR encryption/decryption, AES symmetric .IP [\-116 for TPM rev 116 compatibility] .TP \fB\-st\fR storage [default for primary keys] .IP \fB\-si\fR signing \fB\-sir\fR restricted signing \fB\-dau\fR create unrestricted ECDAA key pair \fB\-dar\fR create restricted ECDAA key pair \fB\-kh\fR keyed hash (hmac) \fB\-dp\fR derivation parent \fB\-gp\fR general purpose, not storage .TP [\-kt (can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non\-primary keys) np no fixedParent (default for non\-primary keys) .IP [\-da object subject to DA protection) (default no)] .IP [\-pol policy file (default empty)] [\-uwa userWithAuth attribute clear (default set)] .IP [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP createprimary creates a primary storage key .PP Runs TPM2_CreatePrimary .IP [\-hi hierarchy (e, o, p, n) (default null)] [\-pwdp password for hierarchy (default empty)] [\-pwdpi password file name for hierarchy (default empty)] [\-pwdk password for key (default empty)] [\-iu inPublic unique field file (default none)] [\-opu public key file name (default do not save)] [oipem public key PEM format file name (default do not save)] [\-tk output ticket file name] [\-ch output creation hash file name] .IP [Asymmetric Key Algorithm] .IP \fB\-rsa\fR (default) \fB\-ecc\fR curve .TP bnp256 nistp256 nistp384 .IP Key attributes .TP \fB\-bl\fR data blob for unseal (create only) \fB\-if\fR data file name .IP \fB\-den\fR decryption, RSA, not storage, NULL scheme \fB\-deo\fR decryption, RSA, not storage, OAEP scheme \fB\-des\fR encryption/decryption, AES symmetric .IP [\-116 for TPM rev 116 compatibility] .TP \fB\-st\fR storage [default for primary keys] .IP \fB\-si\fR signing \fB\-sir\fR restricted signing \fB\-dau\fR create unrestricted ECDAA key pair \fB\-dar\fR create restricted ECDAA key pair \fB\-kh\fR keyed hash (hmac) \fB\-dp\fR derivation parent \fB\-gp\fR general purpose, not storage .TP [\-kt (can be specified more than once)] f fixedTPM (default for primary keys and derivation parents) p fixedParent (default for primary keys and derivation parents) nf no fixedTPM (default for non\-primary keys) np no fixedParent (default for non\-primary keys) .IP [\-da object subject to DA protection) (default no)] .IP [\-pol policy file (default empty)] [\-uwa userWithAuth attribute clear (default set)] .IP [\-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)] [\-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B createprimary is maintained as a Texinfo manual. If the .B info and .B createprimary programs are properly installed at your site, the command .IP .B info createprimary .PP should give you access to the complete manual. ./utils/man/man1/tsspolicysecret.10000644000175000017500000000313313133245156015256 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYSECRET "1" "July 2017" "policysecret " "User Commands" .SH NAME policysecret \- Runs TPM2_PolicySecret .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policysecret .PP Runs TPM2_PolicySecret .HP \fB\-ha\fR authorizing entity handle .HP \fB\-hs\fR policy session handle .HP \fB\-in\fR nonceTPM file (default none) .HP \fB\-cp\fR cpHash file (default none) .HP \fB\-pref\fR policyRef file (default none) .HP \fB\-exp\fR expiration (default none) .HP \fB\-pwde\fR authorizing entity password (default empty) .IP [\-tk ticket file name] [\-to timeout file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP policysecret .PP Runs TPM2_PolicySecret .HP \fB\-ha\fR authorizing entity handle .HP \fB\-hs\fR policy session handle .HP \fB\-in\fR nonceTPM file (default none) .HP \fB\-cp\fR cpHash file (default none) .HP \fB\-pref\fR policyRef file (default none) .HP \fB\-exp\fR expiration (default none) .HP \fB\-pwde\fR authorizing entity password (default empty) .IP [\-tk ticket file name] [\-to timeout file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B policysecret is maintained as a Texinfo manual. If the .B info and .B policysecret programs are properly installed at your site, the command .IP .B info policysecret .PP should give you access to the complete manual. ./utils/man/man1/tsshierarchycontrol.10000644000175000017500000000265313133245154016134 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH HIERARCHYCONTROL "1" "July 2017" "hierarchycontrol " "User Commands" .SH NAME hierarchycontrol \- Runs TPM2_Hierarchycontrol .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP hierarchycontrol .PP Runs TPM2_HierarchyControl .HP \fB\-hi\fR authhandle hierarchy (e, o, p) .HP \fB\-he\fR enable hierarchy (e, o, p, n) .IP e endorsement, o owner, p platform, n null .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-state\fR (0 to disable, 1 to enable) (default enable) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP hierarchycontrol .PP Runs TPM2_HierarchyControl .HP \fB\-hi\fR authhandle hierarchy (e, o, p) .HP \fB\-he\fR enable hierarchy (e, o, p, n) .IP e endorsement, o owner, p platform, n null .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-state\fR (0 to disable, 1 to enable) (default enable) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B hierarchycontrol is maintained as a Texinfo manual. If the .B info and .B hierarchycontrol programs are properly installed at your site, the command .IP .B info hierarchycontrol .PP should give you access to the complete manual. ./utils/man/man1/tssclockrateadjust.10000644000175000017500000000207213133245153015731 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CLOCKRATEADJUST "1" "July 2017" "clockrateadjust " "User Commands" .SH NAME clockrateadjust \- Runs TPM2_ClockRateAdjust .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP clockrateadjust .PP Runs TPM2_ClockRateAdjust .IP [\-hi hierarchy auth (p, o) (default p)] [\-pwdp hierarchy password (default empty)] [\-adj rate adjust (default 0)] \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP clockrateadjust .PP Runs TPM2_ClockRateAdjust .IP [\-hi hierarchy auth (p, o) (default p)] [\-pwdp hierarchy password (default empty)] [\-adj rate adjust (default 0)] \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B clockrateadjust is maintained as a Texinfo manual. If the .B info and .B clockrateadjust programs are properly installed at your site, the command .IP .B info clockrateadjust .PP should give you access to the complete manual. ./utils/man/man1/tsscontextsave.10000644000175000017500000000142613133245154015115 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CONTEXTSAVE "1" "July 2017" "contextsave " "User Commands" .SH NAME contextsave \- Runs TPM2_Contextsave .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP contextsave .PP Runs TPM2_ContextSave .HP \fB\-ha\fR handle .IP [\-of context file name (default do not save)] .PP \fB\-\-version\fR is not a valid option .PP contextsave .PP Runs TPM2_ContextSave .HP \fB\-ha\fR handle .IP [\-of context file name (default do not save)] .SH "SEE ALSO" The full documentation for .B contextsave is maintained as a Texinfo manual. If the .B info and .B contextsave programs are properly installed at your site, the command .IP .B info contextsave .PP should give you access to the complete manual. ./utils/man/man1/tssnvincrement.10000644000175000017500000000172313133245155015103 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVINCREMENT "1" "July 2017" "nvincrement " "User Commands" .SH NAME nvincrement \- Runs TPM2_NV_Increment .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvincrement .PP Runs TPM2_NV_Increment .HP \fB\-ha\fR NV index handle .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvincrement .PP Runs TPM2_NV_Increment .HP \fB\-ha\fR NV index handle .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvincrement is maintained as a Texinfo manual. If the .B info and .B nvincrement programs are properly installed at your site, the command .IP .B info nvincrement .PP should give you access to the complete manual. ./utils/man/man1/tsspcrextend.10000644000175000017500000000212513133245155014544 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH PCREXTEND "1" "July 2017" "pcrextend " "User Commands" .SH NAME pcrextend \- Runs TPM2_PCR_Extend .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP pcrextend .PP Runs TPM2_PCR_Extend .HP \fB\-ha\fR pcr handle .IP [\-halg (sha1, sha256, sha384) (default sha256)] .IP \fB\-halg\fR may be specified more than once .HP \fB\-ic\fR data string, 0 pad appended to halg length .HP \fB\-if\fR data file, 0 pad appended to halg length .PP \fB\-\-version\fR is not a valid option .PP pcrextend .PP Runs TPM2_PCR_Extend .HP \fB\-ha\fR pcr handle .IP [\-halg (sha1, sha256, sha384) (default sha256)] .IP \fB\-halg\fR may be specified more than once .HP \fB\-ic\fR data string, 0 pad appended to halg length .HP \fB\-if\fR data file, 0 pad appended to halg length .SH "SEE ALSO" The full documentation for .B pcrextend is maintained as a Texinfo manual. If the .B info and .B pcrextend programs are properly installed at your site, the command .IP .B info pcrextend .PP should give you access to the complete manual. ./utils/man/man1/tssnvreadpublic.10000644000175000017500000000216413133245155015231 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVREADPUBLIC "1" "July 2017" "nvreadpublic " "User Commands" .SH NAME nvreadpublic \- Runs TPM2_NV_ReadPublic .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvreadpublic .PP Runs TPM2_NV_ReadPublic .HP \fB\-ha\fR NV index handle .IP [\-nalg expected name hash algorithm (sha1, sha256, sha384) (default sha256)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt 80 audit .PP \fB\-\-version\fR is not a valid option .PP nvreadpublic .PP Runs TPM2_NV_ReadPublic .HP \fB\-ha\fR NV index handle .IP [\-nalg expected name hash algorithm (sha1, sha256, sha384) (default sha256)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt 80 audit .SH "SEE ALSO" The full documentation for .B nvreadpublic is maintained as a Texinfo manual. If the .B info and .B nvreadpublic programs are properly installed at your site, the command .IP .B info nvreadpublic .PP should give you access to the complete manual. ./utils/man/man1/tsspolicypcr.10000644000175000017500000000170413133245156014557 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYPCR "1" "July 2017" "policypcr " "User Commands" .SH NAME policypcr \- Runs TPM2_PolicyPCR .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policypcr .PP Runs TPM2_PolicyPCR .HP \fB\-ha\fR policy session handle .HP \fB\-halg\fR (sha1, sha256) (default sha256) .HP \fB\-bm\fR pcr mask in hex .IP e.g., \fB\-bm\fR 10000 is PCR 16, 000001 is PCR 0 .PP \fB\-\-version\fR is not a valid option .PP policypcr .PP Runs TPM2_PolicyPCR .HP \fB\-ha\fR policy session handle .HP \fB\-halg\fR (sha1, sha256) (default sha256) .HP \fB\-bm\fR pcr mask in hex .IP e.g., \fB\-bm\fR 10000 is PCR 16, 000001 is PCR 0 .SH "SEE ALSO" The full documentation for .B policypcr is maintained as a Texinfo manual. If the .B info and .B policypcr programs are properly installed at your site, the command .IP .B info policypcr .PP should give you access to the complete manual. ./utils/man/man1/tssntc2lockconfig.10000644000175000017500000000134113133245155015454 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NTC2LOCKCONFIG "1" "July 2017" "ntc2lockconfig " "User Commands" .SH NAME ntc2lockconfig \- Runs TPM2_Ntc2LockConfig .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP ntc2lockpreconfig .PP Runs NTC2_LockPreConfig .PP \fB\-lock\fR (required) .PP \fB\-\-version\fR is not a valid option .PP ntc2lockpreconfig .PP Runs NTC2_LockPreConfig .PP \fB\-lock\fR (required) .SH "SEE ALSO" The full documentation for .B ntc2lockconfig is maintained as a Texinfo manual. If the .B info and .B ntc2lockconfig programs are properly installed at your site, the command .IP .B info ntc2lockconfig .PP should give you access to the complete manual. ./utils/man/man1/tssnvchangeauth.10000644000175000017500000000204013133245155015217 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVCHANGEAUTH "1" "July 2017" "nvchangeauth " "User Commands" .SH NAME nvchangeauth \- Runs TPM2_NV_ChangeAuth .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvchangeauth .PP Runs TPM2_NV_ChangeAuth .HP \fB\-ha\fR NV index handle .HP \fB\-pwdo\fR password (default empty) .HP \fB\-pwdn\fR new password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvchangeauth .PP Runs TPM2_NV_ChangeAuth .HP \fB\-ha\fR NV index handle .HP \fB\-pwdo\fR password (default empty) .HP \fB\-pwdn\fR new password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvchangeauth is maintained as a Texinfo manual. If the .B info and .B nvchangeauth programs are properly installed at your site, the command .IP .B info nvchangeauth .PP should give you access to the complete manual. ./utils/man/man1/tsspcrread.10000644000175000017500000000255113133245155014173 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH PCRREAD "1" "July 2017" "pcrread " "User Commands" .SH NAME pcrread \- Runs TPM2_PCR_Read .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP pcrread .PP Runs TPM2_PCR_Read .HP \fB\-ha\fR pcr handle .HP \fB\-halg\fR (sha1, sha256, sha384) (default sha256) .IP \fB\-halg\fR may be specified more than once .IP [\-of data file for first algorithm specified, in binary] .IP (default do not save) .IP [\-ns no space, no text, no newlines, first algorithm] .IP Used for scripting policy construction .HP \fB\-se0\fR session handle / attributes .IP 01 continue 80 audit .PP \fB\-\-version\fR is not a valid option .PP pcrread .PP Runs TPM2_PCR_Read .HP \fB\-ha\fR pcr handle .HP \fB\-halg\fR (sha1, sha256, sha384) (default sha256) .IP \fB\-halg\fR may be specified more than once .IP [\-of data file for first algorithm specified, in binary] .IP (default do not save) .IP [\-ns no space, no text, no newlines, first algorithm] .IP Used for scripting policy construction .HP \fB\-se0\fR session handle / attributes .IP 01 continue 80 audit .SH "SEE ALSO" The full documentation for .B pcrread is maintained as a Texinfo manual. If the .B info and .B pcrread programs are properly installed at your site, the command .IP .B info pcrread .PP should give you access to the complete manual. ./utils/man/man1/tssnvcertify.10000644000175000017500000000312113133245155014556 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVCERTIFY "1" "July 2017" "nvcertify " "User Commands" .SH NAME nvcertify \- Runs TPM2_NV_Certify .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvcertify .PP Runs TPM2_NV_Certify .HP \fB\-ha\fR NV index handle .IP [\-pwdn password for NV index (default empty)] \fB\-hk\fR certifying key handle [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] \fB\-sz\fR data size [\-off offset (default 0)] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvcertify .PP Runs TPM2_NV_Certify .HP \fB\-ha\fR NV index handle .IP [\-pwdn password for NV index (default empty)] \fB\-hk\fR certifying key handle [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] \fB\-sz\fR data size [\-off offset (default 0)] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvcertify is maintained as a Texinfo manual. If the .B info and .B nvcertify programs are properly installed at your site, the command .IP .B info nvcertify .PP should give you access to the complete manual. ./utils/man/man1/tsswriteapp.10000644000175000017500000000207113133245157014405 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH WRITEAPP "1" "July 2017" "writeapp " "User Commands" .SH NAME writeapp \- Runs writeapp demo .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP writeapp .PP writeapp is a sample NV write application. Provisions an NV location, then does two writes with password 'pwd' using a bound, salted HMAC session using AES CFB parameter encryption. .IP [\-pwsess Use a password session, no HMAC or parameter encryption] .PP \fB\-\-version\fR is not a valid option .PP writeapp .PP writeapp is a sample NV write application. Provisions an NV location, then does two writes with password 'pwd' using a bound, salted HMAC session using AES CFB parameter encryption. .IP [\-pwsess Use a password session, no HMAC or parameter encryption] .SH "SEE ALSO" The full documentation for .B writeapp is maintained as a Texinfo manual. If the .B info and .B writeapp programs are properly installed at your site, the command .IP .B info writeapp .PP should give you access to the complete manual. ./utils/man/man1/tssdictionaryattacklockreset.10000644000175000017500000000204213133245154020016 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH DICTIONARYATTACKLOCKRESET "1" "July 2017" "dictionaryattacklockreset " "User Commands" .SH NAME dictionaryattacklockreset \- Runs TPM2_DictionaryAttackLockReset .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP dictionaryattacklockreset .PP Runs TPM2_DictionaryAttackLockReset .IP [\-pwd lockout auth password (default empty)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP dictionaryattacklockreset .PP Runs TPM2_DictionaryAttackLockReset .IP [\-pwd lockout auth password (default empty)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B dictionaryattacklockreset is maintained as a Texinfo manual. If the .B info and .B dictionaryattacklockreset programs are properly installed at your site, the command .IP .B info dictionaryattacklockreset .PP should give you access to the complete manual. ./utils/man/man1/tssmakecredential.10000644000175000017500000000254113133245155015522 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH MAKECREDENTIAL "1" "July 2017" "makecredential " "User Commands" .SH NAME makecredential \- Runs TPM2_MakeCredential .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP makecredential .PP Runs TPM2_MakeCredential .HP \fB\-ha\fR handle of encryption key public area .HP \fB\-icred\fR input credential file name .HP \fB\-in\fR object name file name .IP [\-ocred output credential file name (default do not save)] [\-os secret file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle (default NULL) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP makecredential .PP Runs TPM2_MakeCredential .HP \fB\-ha\fR handle of encryption key public area .HP \fB\-icred\fR input credential file name .HP \fB\-in\fR object name file name .IP [\-ocred output credential file name (default do not save)] [\-os secret file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle (default NULL) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B makecredential is maintained as a Texinfo manual. If the .B info and .B makecredential programs are properly installed at your site, the command .IP .B info makecredential .PP should give you access to the complete manual. ./utils/man/man1/tssstartauthsession.10000644000175000017500000000270313133245157016177 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH STARTAUTHSESSION "1" "July 2017" "startauthsession " "User Commands" .SH NAME startauthsession \- Runs TPM2_StartAuthSession .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP startauthsession .PP Runs TPM2_StartAuthSession .IP [\-halg (sha1, sha256, sha384) (default sha256)] \fB\-se\fR .TP h HMAC session [\-hs salt handle (default TPM_RH_NULL)] [\-bi bind handle (default TPM_RH_NULL)] [\-pwdb bind password (default empty)] .IP p Policy session t Trial policy session .IP [\-sym (xor, aes) symmetric parameter encryption algorithm (default xor)] [\-on nonceTPM file for policy session (default do not save)] .PP \fB\-\-version\fR is not a valid option .PP startauthsession .PP Runs TPM2_StartAuthSession .IP [\-halg (sha1, sha256, sha384) (default sha256)] \fB\-se\fR .TP h HMAC session [\-hs salt handle (default TPM_RH_NULL)] [\-bi bind handle (default TPM_RH_NULL)] [\-pwdb bind password (default empty)] .IP p Policy session t Trial policy session .IP [\-sym (xor, aes) symmetric parameter encryption algorithm (default xor)] [\-on nonceTPM file for policy session (default do not save)] .SH "SEE ALSO" The full documentation for .B startauthsession is maintained as a Texinfo manual. If the .B info and .B startauthsession programs are properly installed at your site, the command .IP .B info startauthsession .PP should give you access to the complete manual. ./utils/man/man1/tsshashsequencestart.10000644000175000017500000000221613133245154016302 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH HASHSEQUENCESTART "1" "July 2017" "hashsequencestart " "User Commands" .SH NAME hashsequencestart \- Runs TPM2_HashSequenceStart .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP hashsequencestart .PP Runs TPM2_HashSequenceStart .HP \fB\-pwda\fR password for sequence (default empty) .HP \fB\-halg\fR (sha1, sha256, sha384, null) (default sha256) .IP null is an event sequence .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP hashsequencestart .PP Runs TPM2_HashSequenceStart .HP \fB\-pwda\fR password for sequence (default empty) .HP \fB\-halg\fR (sha1, sha256, sha384, null) (default sha256) .IP null is an event sequence .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B hashsequencestart is maintained as a Texinfo manual. If the .B info and .B hashsequencestart programs are properly installed at your site, the command .IP .B info hashsequencestart .PP should give you access to the complete manual. ./utils/man/man1/tsspcrevent.10000644000175000017500000000172213133245155014400 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH PCREVENT "1" "July 2017" "pcrevent " "User Commands" .SH NAME pcrevent \- Runs TPM2_PCR_Event .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP pcrevent .PP Runs TPM2_PCR_Event .HP \fB\-ha\fR pcr handle .HP \fB\-ic\fR data string .HP \fB\-if\fR data file .IP [\-of1 sha1 output digest file] [\-of2 sha256 output digest file] [\-of3 sha384 output digest file] .PP \fB\-\-version\fR is not a valid option .PP pcrevent .PP Runs TPM2_PCR_Event .HP \fB\-ha\fR pcr handle .HP \fB\-ic\fR data string .HP \fB\-if\fR data file .IP [\-of1 sha1 output digest file] [\-of2 sha256 output digest file] [\-of3 sha384 output digest file] .SH "SEE ALSO" The full documentation for .B pcrevent is maintained as a Texinfo manual. If the .B info and .B pcrevent programs are properly installed at your site, the command .IP .B info pcrevent .PP should give you access to the complete manual. ./utils/man/man1/tsspolicymakerpcr.10000644000175000017500000000314413133245156015577 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYMAKERPCR "1" "July 2017" "policymakerpcr " "User Commands" .SH NAME policymakerpcr \- Runs policymakerpcr utility .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policymakerpcr .PP Creates a policyPCR term suitable for input to policymaker (hex ascii) .PP Assumes that the byte mask and PCR values are consistent .PP [\-halg hash algorithm (sha1 sha256 sha384) (default sha256)] \fB\-bm\fR pcr byte mask in hex, big endian .IP e.g. 010000 selects PCR 16 e.g. ffffff selects all 24 PCRs .PP \fB\-if\fR input file \- PCR values, hex ascii, one per line, 24 max .IP required unless pcr mask is 0 .PP [\-of output file \- policy hash in binary] [\-pr stdout \- policy hash in hex ascii] .PP \fB\-\-version\fR is not a valid option .PP policymakerpcr .PP Creates a policyPCR term suitable for input to policymaker (hex ascii) .PP Assumes that the byte mask and PCR values are consistent .PP [\-halg hash algorithm (sha1 sha256 sha384) (default sha256)] \fB\-bm\fR pcr byte mask in hex, big endian .IP e.g. 010000 selects PCR 16 e.g. ffffff selects all 24 PCRs .PP \fB\-if\fR input file \- PCR values, hex ascii, one per line, 24 max .IP required unless pcr mask is 0 .PP [\-of output file \- policy hash in binary] [\-pr stdout \- policy hash in hex ascii] .SH "SEE ALSO" The full documentation for .B policymakerpcr is maintained as a Texinfo manual. If the .B info and .B policymakerpcr programs are properly installed at your site, the command .IP .B info policymakerpcr .PP should give you access to the complete manual. ./utils/man/man1/tssgetsessionauditdigest.10000644000175000017500000000330013133245154017155 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH GETSESSIONAUDITDIGEST "1" "July 2017" "getsessionauditdigest " "User Commands" .SH NAME getsessionauditdigest \- Runs TPM2_GetSessionAuditDigest .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP getsessionauditdigest .PP Runs TPM2_GetSessionAuditDigest .IP [\-pwde endorsement hierarchy password (default empty)] \fB\-hk\fR signing key handle [\-pwdk password for key (default empty)] \fB\-hs\fR audit session handle [\-halg (sha1, sha256, sha384) (default sha256)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] [\-od session digest file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP getsessionauditdigest .PP Runs TPM2_GetSessionAuditDigest .IP [\-pwde endorsement hierarchy password (default empty)] \fB\-hk\fR signing key handle [\-pwdk password for key (default empty)] \fB\-hs\fR audit session handle [\-halg (sha1, sha256, sha384) (default sha256)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] [\-od session digest file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B getsessionauditdigest is maintained as a Texinfo manual. If the .B info and .B getsessionauditdigest programs are properly installed at your site, the command .IP .B info getsessionauditdigest .PP should give you access to the complete manual. ./utils/man/man1/tssduplicate.10000644000175000017500000000313613133245154014524 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH DUPLICATE "1" "July 2017" "duplicate " "User Commands" .SH NAME duplicate \- Runs TPM2_Duplicate .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP Duplicate .PP Runs TPM2_Duplicate .HP \fB\-ho\fR object handle .IP [\-pwdo password for object (default empty)] [\-hp new parent handle (default TPM_RH_NULL)] [\-ik encryption key in file name] [\-salg symmetric algorithm (aes)(default none)] .IP [\-oek encryption key out file name (default do not save)] [\-od duplicate private area file name (default do not save)] [\-oss symmetric seed file name (default do not save)] \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP Duplicate .PP Runs TPM2_Duplicate .HP \fB\-ho\fR object handle .IP [\-pwdo password for object (default empty)] [\-hp new parent handle (default TPM_RH_NULL)] [\-ik encryption key in file name] [\-salg symmetric algorithm (aes)(default none)] .IP [\-oek encryption key out file name (default do not save)] [\-od duplicate private area file name (default do not save)] [\-oss symmetric seed file name (default do not save)] \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B duplicate is maintained as a Texinfo manual. If the .B info and .B duplicate programs are properly installed at your site, the command .IP .B info duplicate .PP should give you access to the complete manual. ./utils/man/man1/tsseventsequencecomplete.10000644000175000017500000000303413133245154017152 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH EVENTSEQUENCECOMPLETE "1" "July 2017" "eventsequencecomplete " "User Commands" .SH NAME eventsequencecomplete \- Runs TPM2_EventSequenceComplete .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP eventsequencecomplete .PP Runs TPM2_EventSequenceComplete .IP [\-ha pcr handle (default NULL)] \fB\-hs\fR sequence handle [\-pwds password for sequence (default empty)] [\-if input file to be added (default no data)] [\-of1 sha1 output digest file (default do not save)] [\-of2 sha256 output digest file (default do not save)] [\-of3 sha384 output digest file (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP eventsequencecomplete .PP Runs TPM2_EventSequenceComplete .IP [\-ha pcr handle (default NULL)] \fB\-hs\fR sequence handle [\-pwds password for sequence (default empty)] [\-if input file to be added (default no data)] [\-of1 sha1 output digest file (default do not save)] [\-of2 sha256 output digest file (default do not save)] [\-of3 sha384 output digest file (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B eventsequencecomplete is maintained as a Texinfo manual. If the .B info and .B eventsequencecomplete programs are properly installed at your site, the command .IP .B info eventsequencecomplete .PP should give you access to the complete manual. ./utils/man/man1/tsssequenceupdate.10000644000175000017500000000207713133245157015573 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH SEQUENCEUPDATE "1" "July 2017" "sequenceupdate " "User Commands" .SH NAME sequenceupdate \- Runs TPM2_SequenceUpdate .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP sequenceupdate .PP Runs TPM2_SequenceUpdate .HP \fB\-hs\fR sequence handle .HP \fB\-pwds\fR password for sequence (default empty) .HP \fB\-if\fR input file to be HMACed .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP sequenceupdate .PP Runs TPM2_SequenceUpdate .HP \fB\-hs\fR sequence handle .HP \fB\-pwds\fR password for sequence (default empty) .HP \fB\-if\fR input file to be HMACed .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B sequenceupdate is maintained as a Texinfo manual. If the .B info and .B sequenceupdate programs are properly installed at your site, the command .IP .B info sequenceupdate .PP should give you access to the complete manual. ./utils/man/man1/tssnvreadlock.10000644000175000017500000000211013133245155014672 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVREADLOCK "1" "July 2017" "nvreadlock " "User Commands" .SH NAME nvreadlock \- Runs TPM2_NV_ReadLock .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvreadlock .PP Runs TPM2_NV_ReadLock .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvreadlock .PP Runs TPM2_NV_ReadLock .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvreadlock is maintained as a Texinfo manual. If the .B info and .B nvreadlock programs are properly installed at your site, the command .IP .B info nvreadlock .PP should give you access to the complete manual. ./utils/man/man1/tsseccparameters.10000644000175000017500000000157513133245154015375 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH ECCPARAMETERS "1" "July 2017" "eccparameters " "User Commands" .SH NAME eccparameters \- Runs TPM2_ECC_Parameters .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP eccparameters .PP Runs TPM2_ECC_Parameters .HP \fB\-cv\fR curve ID .IP bnp256 nistp256 nistp384 .IP [\-of data file, ECC parameters (default do not save)] .PP \fB\-\-version\fR is not a valid option .PP eccparameters .PP Runs TPM2_ECC_Parameters .HP \fB\-cv\fR curve ID .IP bnp256 nistp256 nistp384 .IP [\-of data file, ECC parameters (default do not save)] .SH "SEE ALSO" The full documentation for .B eccparameters is maintained as a Texinfo manual. If the .B info and .B eccparameters programs are properly installed at your site, the command .IP .B info eccparameters .PP should give you access to the complete manual. ./utils/man/man1/tssnvdefinespace.10000644000175000017500000000704713133245155015372 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVDEFINESPACE "1" "July 2017" "nvdefinespace " "User Commands" .SH NAME nvdefinespace \- Runs TPM2_NV_DefineSpace .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvdefinespace .PP Runs TPM2_NV_DefineSpace .HP \fB\-ha\fR NV index handle .IP 01xxxxxx .HP \fB\-hi\fR authorizing hierarchy (o, p) .IP o owner, p platform p sets PLATFORMCREATE .IP [\-pwdp password for hierarchy (default empty)] [\-hia hierarchy authorization (o, p)(default index authorization)] .IP default AUTHWRITE, AUTHREAD o sets OWNERWRITE, OWNERREAD p sets PPWRITE, PPREAD (platform) .IP [\-pwdn password for NV index (default empty)] .IP ssts AUTHWRITE (if not PIN index), AUTHREAD .IP [\-nalg name algorithm (sha1, sha256, sha384) (default sha256)] [\-sz data size (default 0)] .IP Ignored for other than ordinary index .IP [\-ty index type (o, c, b, e, p, f) (default ordinary)] .IP ordinary, counter, bits, extend, pin pass, pin fail .IP [\-pol policy file (default empty)] .IP sets POLICYWRITE, POLICYREAD .IP [+at attributes to add (may be specified more than once)] .TP ppw (PPWRITE) ppr (PPREAD) .TP ow (OWNERWRITE) or (OWNERREAD) .TP aw (AUTHWRITE) ar (AUTHREAD) .TP wd (WRITEDEFINE) gl (GLOBALLOCK) .TP rst (READ_STCLEAR) wst (WRITE_STCLEAR) .TP wa (WRITEALL) ody (ORDERLY) .TP pold (POLICY_DELETE) stc (CLEAR_STCLEAR) .IP [\-at attributes to delete (may be specified more than once)] .TP ppw (PPWRITE) ppr (PPREAD) .TP ow (OWNERWRITE) or (OWNERREAD) .TP aw (AUTHWRITE) ar (AUTHREAD) .TP pw (POLICYWRITE) pr (POLICYREAD) .TP da (NO_DA) (default set) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvdefinespace .PP Runs TPM2_NV_DefineSpace .HP \fB\-ha\fR NV index handle .IP 01xxxxxx .HP \fB\-hi\fR authorizing hierarchy (o, p) .IP o owner, p platform p sets PLATFORMCREATE .IP [\-pwdp password for hierarchy (default empty)] [\-hia hierarchy authorization (o, p)(default index authorization)] .IP default AUTHWRITE, AUTHREAD o sets OWNERWRITE, OWNERREAD p sets PPWRITE, PPREAD (platform) .IP [\-pwdn password for NV index (default empty)] .IP ssts AUTHWRITE (if not PIN index), AUTHREAD .IP [\-nalg name algorithm (sha1, sha256, sha384) (default sha256)] [\-sz data size (default 0)] .IP Ignored for other than ordinary index .IP [\-ty index type (o, c, b, e, p, f) (default ordinary)] .IP ordinary, counter, bits, extend, pin pass, pin fail .IP [\-pol policy file (default empty)] .IP sets POLICYWRITE, POLICYREAD .IP [+at attributes to add (may be specified more than once)] .TP ppw (PPWRITE) ppr (PPREAD) .TP ow (OWNERWRITE) or (OWNERREAD) .TP aw (AUTHWRITE) ar (AUTHREAD) .TP wd (WRITEDEFINE) gl (GLOBALLOCK) .TP rst (READ_STCLEAR) wst (WRITE_STCLEAR) .TP wa (WRITEALL) ody (ORDERLY) .TP pold (POLICY_DELETE) stc (CLEAR_STCLEAR) .IP [\-at attributes to delete (may be specified more than once)] .TP ppw (PPWRITE) ppr (PPREAD) .TP ow (OWNERWRITE) or (OWNERREAD) .TP aw (AUTHWRITE) ar (AUTHREAD) .TP pw (POLICYWRITE) pr (POLICYREAD) .TP da (NO_DA) (default set) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvdefinespace is maintained as a Texinfo manual. If the .B info and .B nvdefinespace programs are properly installed at your site, the command .IP .B info nvdefinespace .PP should give you access to the complete manual. ./utils/man/man1/tsssign.10000644000175000017500000000276313133245157013522 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH SIGN "1" "July 2017" "sign " "User Commands" .SH NAME sign \- Runs TPM2_Sign .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP sign .PP Runs TPM2_Sign .HP \fB\-hk\fR key handle .IP [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-rsa (RSASSA scheme)] [\-ecc (ECDSA scheme)] .IP Verify only supported for RSA now .HP \fB\-if\fR input message to hash and sign .IP [\-ipu public key file name to verify signature (default no verify)] [\-os signature file name (default do not save)] [\-tk ticket file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP sign .PP Runs TPM2_Sign .HP \fB\-hk\fR key handle .IP [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-rsa (RSASSA scheme)] [\-ecc (ECDSA scheme)] .IP Verify only supported for RSA now .HP \fB\-if\fR input message to hash and sign .IP [\-ipu public key file name to verify signature (default no verify)] [\-os signature file name (default do not save)] [\-tk ticket file name] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B sign is maintained as a Texinfo manual. If the .B info and .B sign programs are properly installed at your site, the command .IP .B info sign .PP should give you access to the complete manual. ./utils/man/man1/tssnvwrite.10000644000175000017500000000277713133245155014263 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVWRITE "1" "July 2017" "nvwrite " "User Commands" .SH NAME nvwrite \- Runs TPM2_NV_Write .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvwrite .PP Runs TPM2_NV_Write .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle \fB\-pwdn\fR password for NV index (default empty) [\-ic data string] [\-if data file] [\-id data values, pinPass and pinLimit (4 bytes each)] .IP if none is specified, a 0 byte write occurs \fB\-id\fR is normally used for pin pass or pin fail indexes .HP \fB\-off\fR offset (default 0) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvwrite .PP Runs TPM2_NV_Write .IP [\-hia hierarchy authorization (o, p)(default index authorization)] \fB\-ha\fR NV index handle \fB\-pwdn\fR password for NV index (default empty) [\-ic data string] [\-if data file] [\-id data values, pinPass and pinLimit (4 bytes each)] .IP if none is specified, a 0 byte write occurs \fB\-id\fR is normally used for pin pass or pin fail indexes .HP \fB\-off\fR offset (default 0) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvwrite is maintained as a Texinfo manual. If the .B info and .B nvwrite programs are properly installed at your site, the command .IP .B info nvwrite .PP should give you access to the complete manual. ./utils/man/man1/tsspolicycphash.10000644000175000017500000000141713133245156015242 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYCPHASH "1" "July 2017" "policycphash " "User Commands" .SH NAME policycphash \- Runs TPM2_PolicyCpHash .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policycphash .PP Runs TPM2_PolicyCpHash .HP \fB\-ha\fR policy session handle .HP \fB\-cp\fR cpHash file .PP \fB\-\-version\fR is not a valid option .PP policycphash .PP Runs TPM2_PolicyCpHash .HP \fB\-ha\fR policy session handle .HP \fB\-cp\fR cpHash file .SH "SEE ALSO" The full documentation for .B policycphash is maintained as a Texinfo manual. If the .B info and .B policycphash programs are properly installed at your site, the command .IP .B info policycphash .PP should give you access to the complete manual. ./utils/man/man1/tssgetrandom.10000644000175000017500000000256613133245154014540 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH GETRANDOM "1" "July 2017" "getrandom " "User Commands" .SH NAME getrandom \- Runs TPM2_GetRandom .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP getrandom .PP Runs TPM2_GetRandom .HP \fB\-by\fR bytes requested .IP [\-of output file, with \fB\-nz\fR, appends nul terminator (default do not save)] [\-nz get random number with no zero bytes (for authorization value)] [\-ns no space, no text, no newlines] .IP just a string of hexascii suitable for a symmetric key .HP \fB\-se[0\-2]\fR session handle / attributes .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP getrandom .PP Runs TPM2_GetRandom .HP \fB\-by\fR bytes requested .IP [\-of output file, with \fB\-nz\fR, appends nul terminator (default do not save)] [\-nz get random number with no zero bytes (for authorization value)] [\-ns no space, no text, no newlines] .IP just a string of hexascii suitable for a symmetric key .HP \fB\-se[0\-2]\fR session handle / attributes .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B getrandom is maintained as a Texinfo manual. If the .B info and .B getrandom programs are properly installed at your site, the command .IP .B info getrandom .PP should give you access to the complete manual. ./utils/man/man1/tssnvextend.10000644000175000017500000000203213133245155014400 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH NVEXTEND "1" "July 2017" "nvextend " "User Commands" .SH NAME nvextend \- Runs TPM2_NV_Extend .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP nvextend .PP Runs TPM2_NV_Extend .HP \fB\-ha\fR NV index handle .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-ic\fR data string .HP \fB\-if\fR data file .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP nvextend .PP Runs TPM2_NV_Extend .HP \fB\-ha\fR NV index handle .HP \fB\-pwdn\fR password for NV index (default empty) .HP \fB\-ic\fR data string .HP \fB\-if\fR data file .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B nvextend is maintained as a Texinfo manual. If the .B info and .B nvextend programs are properly installed at your site, the command .IP .B info nvextend .PP should give you access to the complete manual. ./utils/man/man1/tssgetcommandauditdigest.10000644000175000017500000000320013133245154017107 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH GETCOMMANDAUDITDIGEST "1" "July 2017" "getcommandauditdigest " "User Commands" .SH NAME getcommandauditdigest \- Runs TPM2_GetCommandAuditDigest .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP getcommandauditdigest .PP Runs TPM2_GetCommandAuditDigest .IP [\-pwde endorsement hierarchy password (default empty)] \fB\-hk\fR signing key handle [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP getcommandauditdigest .PP Runs TPM2_GetCommandAuditDigest .IP [\-pwde endorsement hierarchy password (default empty)] \fB\-hk\fR signing key handle [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B getcommandauditdigest is maintained as a Texinfo manual. If the .B info and .B getcommandauditdigest programs are properly installed at your site, the command .IP .B info getcommandauditdigest .PP should give you access to the complete manual. ./utils/man/man1/tssobjectchangeauth.10000644000175000017500000000243313133245155016050 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH OBJECTCHANGEAUTH "1" "July 2017" "objectchangeauth " "User Commands" .SH NAME objectchangeauth \- Runs TPM2_Objectchangeauth .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP objectchangeauth .PP Runs TPM2_ObjectChangeAuth .HP \fB\-hp\fR parent handle .HP \fB\-ho\fR object handle .HP \fB\-pwdo\fR password for object (default empty) .HP \fB\-pwdn\fR new password for object (default empty) .IP [\-opr private key file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP objectchangeauth .PP Runs TPM2_ObjectChangeAuth .HP \fB\-hp\fR parent handle .HP \fB\-ho\fR object handle .HP \fB\-pwdo\fR password for object (default empty) .HP \fB\-pwdn\fR new password for object (default empty) .IP [\-opr private key file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B objectchangeauth is maintained as a Texinfo manual. If the .B info and .B objectchangeauth programs are properly installed at your site, the command .IP .B info objectchangeauth .PP should give you access to the complete manual. ./utils/man/man1/tsspolicymaker.10000644000175000017500000000213513133245156015071 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYMAKER "1" "July 2017" "policymaker " "User Commands" .SH NAME policymaker \- Runs policymaker utility .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option policymaker .PP [\-halg hash algorithm (sha1 sha256 sha384) (default sha256) [\-nz do not extend starting with zeros, just hash the last line] \fB\-if\fR input policy statements in hex ascii [\-of] output file \- policy hash in binary [\-pr] stdout \- policy hash in hex ascii .PP \fB\-\-version\fR is not a valid option policymaker .PP [\-halg hash algorithm (sha1 sha256 sha384) (default sha256) [\-nz do not extend starting with zeros, just hash the last line] \fB\-if\fR input policy statements in hex ascii [\-of] output file \- policy hash in binary [\-pr] stdout \- policy hash in hex ascii .SH "SEE ALSO" The full documentation for .B policymaker is maintained as a Texinfo manual. If the .B info and .B policymaker programs are properly installed at your site, the command .IP .B info policymaker .PP should give you access to the complete manual. ./utils/man/man1/tsspolicyticket.10000644000175000017500000000245113133245156015256 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH POLICYTICKET "1" "July 2017" "policyticket " "User Commands" .SH NAME policyticket \- Runs TPM2_PolicyTicket .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP policyticket .PP Runs TPM2_PolicyTicket .HP \fB\-ha\fR policy session handle .HP \fB\-to\fR timeout file name .HP \fB\-cp\fR cpHash file (default none) .HP \fB\-pref\fR policyRef file (default none) .HP \fB\-na\fR authName file (not hierarchy) .HP \fB\-hi\fR hierarchy (e, o, p)(authName is hierarchy) .IP e endorsement, o owner, p platform .HP \fB\-tk\fR ticket file name .PP \fB\-\-version\fR is not a valid option .PP policyticket .PP Runs TPM2_PolicyTicket .HP \fB\-ha\fR policy session handle .HP \fB\-to\fR timeout file name .HP \fB\-cp\fR cpHash file (default none) .HP \fB\-pref\fR policyRef file (default none) .HP \fB\-na\fR authName file (not hierarchy) .HP \fB\-hi\fR hierarchy (e, o, p)(authName is hierarchy) .IP e endorsement, o owner, p platform .HP \fB\-tk\fR ticket file name .SH "SEE ALSO" The full documentation for .B policyticket is maintained as a Texinfo manual. If the .B info and .B policyticket programs are properly installed at your site, the command .IP .B info policyticket .PP should give you access to the complete manual. ./utils/man/man1/tsscontextload.10000644000175000017500000000130613133245154015073 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CONTEXTLOAD "1" "July 2017" "contextload " "User Commands" .SH NAME contextload \- Runs TPM2_ContextLoad .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP contextload .PP Runs TPM2_ContextLoad .HP \fB\-if\fR context file name .PP \fB\-\-version\fR is not a valid option .PP contextload .PP Runs TPM2_ContextLoad .HP \fB\-if\fR context file name .SH "SEE ALSO" The full documentation for .B contextload is maintained as a Texinfo manual. If the .B info and .B contextload programs are properly installed at your site, the command .IP .B info contextload .PP should give you access to the complete manual. ./utils/man/man1/tsshash.10000644000175000017500000000225313133245154013474 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH HASH "1" "July 2017" "hash " "User Commands" .SH NAME hash \- Runs TPM2_Hash .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP hash .PP Runs TPM2_Hash .HP \fB\-hi\fR hierarchy (e, o, p, n) (default null) .IP e endorsement, o owner, p platform, n null .IP [\-halg (sha1, sha256, sha384) (default sha256)] \fB\-if\fR input file to be hashed \fB\-ic\fR data string to be hashed [\-oh hash file name (default do not save)] [\-tk ticket file name (default do not save)] .PP \fB\-\-version\fR is not a valid option .PP hash .PP Runs TPM2_Hash .HP \fB\-hi\fR hierarchy (e, o, p, n) (default null) .IP e endorsement, o owner, p platform, n null .IP [\-halg (sha1, sha256, sha384) (default sha256)] \fB\-if\fR input file to be hashed \fB\-ic\fR data string to be hashed [\-oh hash file name (default do not save)] [\-tk ticket file name (default do not save)] .SH "SEE ALSO" The full documentation for .B hash is maintained as a Texinfo manual. If the .B info and .B hash programs are properly installed at your site, the command .IP .B info hash .PP should give you access to the complete manual. ./utils/man/man1/tsschangeeps.10000644000175000017500000000171413133245153014506 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CHANGEEPS "1" "July 2017" "changeeps " "User Commands" .SH NAME changeeps \- Runs TPM2_ChangeEPS .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP changeeps .PP Runs TPM2_ChangeEPS .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP changeeps .PP Runs TPM2_ChangeEPS .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B changeeps is maintained as a Texinfo manual. If the .B info and .B changeeps programs are properly installed at your site, the command .IP .B info changeeps .PP should give you access to the complete manual. ./utils/man/man1/tssactivatecredential.10000644000175000017500000000325113133245153016402 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH ACTIVATECREDENTIAL "1" "July 2017" "activatecredential " "User Commands" .SH NAME activatecredential \- Runs TPM2_Activatecredential .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP activatecredential .PP Runs TPM2_ActivateCredential .HP \fB\-ha\fR activation handle of object associated with the certificate .HP \fB\-hk\fR handle of loaded decryption key .HP \fB\-icred\fR input credential file name .HP \fB\-is\fR secret file name .IP [\-pwda password for activation key (default empty)] [\-pwdk password for decryption key (default empty)] .IP [\-ocred output credential file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP activatecredential .PP Runs TPM2_ActivateCredential .HP \fB\-ha\fR activation handle of object associated with the certificate .HP \fB\-hk\fR handle of loaded decryption key .HP \fB\-icred\fR input credential file name .HP \fB\-is\fR secret file name .IP [\-pwda password for activation key (default empty)] [\-pwdk password for decryption key (default empty)] .IP [\-ocred output credential file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B activatecredential is maintained as a Texinfo manual. If the .B info and .B activatecredential programs are properly installed at your site, the command .IP .B info activatecredential .PP should give you access to the complete manual. ./utils/man/man1/tsspcrallocate.10000644000175000017500000000214113133245155015037 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH PCRALLOCATE "1" "July 2017" "pcrallocate " "User Commands" .SH NAME pcrallocate \- Runs TPM2_PCR_Allocate .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP pcrallocate .PP Runs TPM2_PCR_Allocate .PP Allocates SHA\-1 and/or SHA\-256 banks for a full set of PCR 0\-23. Not all TPMs support two banks .IP [\-pwdp platform hierarchy password (default empty)] \fB\-sha1\fR allocate a SHA\-1 bank \fB\-sha256\fR allocate a SHA\-256 bank .PP \fB\-\-version\fR is not a valid option .PP pcrallocate .PP Runs TPM2_PCR_Allocate .PP Allocates SHA\-1 and/or SHA\-256 banks for a full set of PCR 0\-23. Not all TPMs support two banks .IP [\-pwdp platform hierarchy password (default empty)] \fB\-sha1\fR allocate a SHA\-1 bank \fB\-sha256\fR allocate a SHA\-256 bank .SH "SEE ALSO" The full documentation for .B pcrallocate is maintained as a Texinfo manual. If the .B info and .B pcrallocate programs are properly installed at your site, the command .IP .B info pcrallocate .PP should give you access to the complete manual. ./utils/man/man1/tssrewrap.10000644000175000017500000000302513133245156014051 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH REWRAP "1" "July 2017" "rewrap " "User Commands" .SH NAME rewrap \- Runs TPM2_Rewrap .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP Rewrap .PP Runs TPM2_Rewrap .HP \fB\-ho\fR handle of object old parent .IP [\-pwdo password for old parent] (default empty) \fB\-hn\fR handle of object new parent \fB\-id\fR duplicate private area file name \fB\-in\fR object name file name \fB\-iss\fR input symmetric seed file name [\-od rewrap private area file name (default do not save)] [\-oss symmetric seed file name (default do not save)] \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP Rewrap .PP Runs TPM2_Rewrap .HP \fB\-ho\fR handle of object old parent .IP [\-pwdo password for old parent] (default empty) \fB\-hn\fR handle of object new parent \fB\-id\fR duplicate private area file name \fB\-in\fR object name file name \fB\-iss\fR input symmetric seed file name [\-od rewrap private area file name (default do not save)] [\-oss symmetric seed file name (default do not save)] \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B rewrap is maintained as a Texinfo manual. If the .B info and .B rewrap programs are properly installed at your site, the command .IP .B info rewrap .PP should give you access to the complete manual. ./utils/man/man1/tsscertify.10000644000175000017500000000302013133245153014206 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH CERTIFY "1" "July 2017" "certify " "User Commands" .SH NAME certify \- Runs TPM2_Certify .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP certify .PP Runs TPM2_Certify .HP \fB\-ho\fR object handle .IP [\-pwdo password for object (default empty)] \fB\-hk\fR certifying key handle [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP certify .PP Runs TPM2_Certify .HP \fB\-ho\fR object handle .IP [\-pwdo password for object (default empty)] \fB\-hk\fR certifying key handle [\-pwdk password for key (default empty)] [\-halg (sha1, sha256, sha384) (default sha256)] [\-salg signature algorithm (rsa, ecc) (default rsa)] [\-qd qualifying data file name] [\-os signature file name (default do not save)] [\-oa attestation output file name (default do not save)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B certify is maintained as a Texinfo manual. If the .B info and .B certify programs are properly installed at your site, the command .IP .B info certify .PP should give you access to the complete manual. ./utils/man/man1/tsshierarchychangeauth.10000644000175000017500000000316613133245154016563 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH HIERARCHYCHANGEAUTH "1" "July 2017" "hierarchychangeauth " "User Commands" .SH NAME hierarchychangeauth \- Runs TPM2_HierarchyChangeauth .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP hierarchychangeauth .PP Runs TPM2_HierarchyChangeAuth .HP \fB\-hi\fR hierarchy (l, e, o, p) .IP l lockout, e endorsement, o owner, p platform .HP \fB\-pwdn\fR new authorization password (default empty) .HP \fB\-pwdni\fR new authorization password file name (default empty) .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-pwdai\fR authorization password file name (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP hierarchychangeauth .PP Runs TPM2_HierarchyChangeAuth .HP \fB\-hi\fR hierarchy (l, e, o, p) .IP l lockout, e endorsement, o owner, p platform .HP \fB\-pwdn\fR new authorization password (default empty) .HP \fB\-pwdni\fR new authorization password file name (default empty) .HP \fB\-pwda\fR authorization password (default empty) .HP \fB\-pwdai\fR authorization password file name (default empty) .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B hierarchychangeauth is maintained as a Texinfo manual. If the .B info and .B hierarchychangeauth programs are properly installed at your site, the command .IP .B info hierarchychangeauth .PP should give you access to the complete manual. ./utils/man/man1/tsssetprimarypolicy.10000644000175000017500000000245513133245157016177 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH SETPRIMARYPOLICY "1" "July 2017" "setprimarypolicy " "User Commands" .SH NAME setprimarypolicy \- Runs TPM2_SetPrimarypolicy .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP setprimarypolicy .PP Runs TPM2_SetPrimaryPolicy .IP [\-hi authhandle hierarchy (l, e, o, p) (default platform)] [\-pwda authorization password (default empty)] [\-pol policy file (default empty policy)] [\-halg (sha1, sha256) (default null)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .PP \fB\-\-version\fR is not a valid option .PP setprimarypolicy .PP Runs TPM2_SetPrimaryPolicy .IP [\-hi authhandle hierarchy (l, e, o, p) (default platform)] [\-pwda authorization password (default empty)] [\-pol policy file (default empty policy)] [\-halg (sha1, sha256) (default null)] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue 20 command decrypt 40 response encrypt .SH "SEE ALSO" The full documentation for .B setprimarypolicy is maintained as a Texinfo manual. If the .B info and .B setprimarypolicy programs are properly installed at your site, the command .IP .B info setprimarypolicy .PP should give you access to the complete manual. ./utils/man/man1/tssencryptdecrypt.10000644000175000017500000000241513133245154015630 0ustar lo1lo1.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.4. .TH ENCRYPTDECRYPT "1" "July 2017" "encryptdecrypt " "User Commands" .SH NAME encryptdecrypt \- Runs TPM2_EncryptDecrypt .SH DESCRIPTION \fB\-\-version\-string\fR=\fI\,v1045\/\fR is not a valid option .PP encryptdecrypt .PP Runs TPM2_EncryptDecrypt .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .HP \fB\-d\fR decrypt (default encrypt) .HP \fB\-if\fR input file name .IP [\-of output file name (default do not save)] [\-2 use TPM2_EncryptDecrypt2] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .PP \fB\-\-version\fR is not a valid option .PP encryptdecrypt .PP Runs TPM2_EncryptDecrypt .HP \fB\-hk\fR key handle .HP \fB\-pwdk\fR password for key (default empty) .HP \fB\-d\fR decrypt (default encrypt) .HP \fB\-if\fR input file name .IP [\-of output file name (default do not save)] [\-2 use TPM2_EncryptDecrypt2] .HP \fB\-se[0\-2]\fR session handle / attributes (default PWAP) .IP 01 continue .SH "SEE ALSO" The full documentation for .B encryptdecrypt is maintained as a Texinfo manual. If the .B info and .B encryptdecrypt programs are properly installed at your site, the command .IP .B info encryptdecrypt .PP should give you access to the complete manual. ./utils/tsstbsi.c0000644000175000017500000002354013035252663012173 0ustar lo1lo1/********************************************************************************/ /* */ /* Windows 7,8,10 Device Transmit and Receive Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tsstbsi.c 907 2017-01-10 21:44:19Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifdef TPM_WINDOWS_TBSI /* Must copy winerror.h with the TBS error codes to: C:\Program Files\MinGW\include Original obtained from http://sourceforge.net/apps/trac/mingw-w64/browser/experimental/headers_additions_test/include/winerror.h?rev=5328 Link with: Windows 7 c:/progra~1/Micros~2/Windows/v7.1/lib/Tbs.lib Windows 8 tbs.lib */ #include #include #include #include #include #include #include #include #include #include #include #include #include "tssproperties.h" #include "tsstbsi.h" /* local prototypes */ static uint32_t TSS_Tbsi_Open( #if defined TPM_WINDOWS_TBSI_WIN7 TBS_CONTEXT_PARAMS *contextParams, #elif defined TPM_WINDOWS_TBSI_WIN8 TBS_CONTEXT_PARAMS2 *contextParams, #endif TBS_HCONTEXT *hContext); static uint32_t TSS_Tbsi_SubmitCommand(TBS_HCONTEXT hContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message); static void TSS_Tbsi_GetTBSError(const char *prefix, TBS_RESULT rc); /* global configuration */ extern int tssVverbose; extern int tssVerbose; /* TSS_Tbsi_Transmit() transmits the command and receives the response. Can return device transmit and receive packet errors, but normally returns the TPM response code. */ TPM_RC TSS_Tbsi_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message) { TPM_RC rc = 0; #if defined TPM_WINDOWS_TBSI_WIN7 TBS_CONTEXT_PARAMS contextParams; contextParams.version = TBS_CONTEXT_VERSION_ONE; #elif defined TPM_WINDOWS_TBSI_WIN8 TBS_CONTEXT_PARAMS2 contextParams; contextParams.version = TBS_CONTEXT_VERSION_TWO; contextParams.includeTpm12 = 0; contextParams.includeTpm20 = 1; #endif *read = MAX_RESPONSE_SIZE; /* open on first transmit */ if (tssContext->tssFirstTransmit) { if (rc == 0) { rc = TSS_Tbsi_Open(&contextParams, &tssContext->hContext); } if (rc == 0) { tssContext->tssFirstTransmit = FALSE; } } /* send the command to the device. Error if the device send fails. */ if (rc == 0) { rc = TSS_Tbsi_SubmitCommand(tssContext->hContext, responseBuffer, read, commandBuffer, written, message); } return rc; } /* TSS_Tbsi_Open() opens the TPM device */ static uint32_t TSS_Tbsi_Open( #if defined TPM_WINDOWS_TBSI_WIN7 TBS_CONTEXT_PARAMS *contextParams, #elif defined TPM_WINDOWS_TBSI_WIN8 TBS_CONTEXT_PARAMS2 *contextParams, #endif TBS_HCONTEXT *hContext) { uint32_t rc = 0; if (rc == 0) { rc = Tbsi_Context_Create(contextParams, hContext); if (tssVverbose) printf("TSS_Tbsi_Open: Tbsi_Context_Create rc %08x\n", rc); if (rc != 0) { if (tssVerbose) TSS_Tbsi_GetTBSError("TSS_Tbsi_Open: Error Tbsi_Context_Create ", rc); rc = TSS_RC_NO_CONNECTION; } } return rc; } /* TSS_Tbsi_Submit_Command sends the command to the TPM and receives the response. If the submit succeeds, returns TPM packet error code. */ static uint32_t TSS_Tbsi_SubmitCommand(TBS_HCONTEXT hContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message) { uint32_t rc = 0; TPM_RC responseCode; if (message != NULL) { if (tssVverbose) printf("TSS_Tbsi_SubmitCommand: %s\n", message); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Tbsi_SubmitCommand: Command", commandBuffer, written); } if (rc == 0) { rc = Tbsip_Submit_Command(hContext, TBS_COMMAND_LOCALITY_ZERO, TBS_COMMAND_PRIORITY_NORMAL, commandBuffer, written, responseBuffer, read); if (rc != 0) { TSS_Tbsi_GetTBSError("Tbsip_Submit_Command", rc); rc = TSS_RC_BAD_CONNECTION; } } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Tbsi_SubmitCommand: Response", responseBuffer, *read); } /* read the TPM return code from the packet */ if (rc == 0) { uint8_t *bufferPtr; INT32 size; bufferPtr = responseBuffer + sizeof(TPM_ST) + sizeof(uint32_t); /* skip to responseCode */ size = sizeof(TPM_RC); /* dummy for call */ rc = UINT32_Unmarshal(&responseCode, &bufferPtr, &size); } if (rc == 0) { rc = responseCode; } return rc; } TPM_RC TSS_Tbsi_Close(TSS_CONTEXT *tssContext) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_Tbsi_Close: Closing connection\n"); rc = Tbsip_Context_Close(tssContext->hContext); return rc; } static void TSS_Tbsi_GetTBSError(const char *prefix, TBS_RESULT rc) { const char *error_string; switch (rc) { /* error codes from the TBS html docs */ case TBS_SUCCESS: error_string = "The function succeeded."; break; case TBS_E_INTERNAL_ERROR: error_string = "An internal software error occurred."; break; case TBS_E_BAD_PARAMETER: error_string = "One or more parameter values are not valid."; break; case TBS_E_INVALID_OUTPUT_POINTER: error_string = "A specified output pointer is bad."; break; case TBS_E_INVALID_CONTEXT: error_string = "The specified context handle does not refer to a valid context."; break; case TBS_E_INSUFFICIENT_BUFFER: error_string = "The specified output buffer is too small."; break; case TBS_E_IOERROR: error_string = "An error occurred while communicating with the TPM."; break; case TBS_E_INVALID_CONTEXT_PARAM: error_string = "A context parameter that is not valid was passed when attempting to create a " "TBS context."; break; case TBS_E_SERVICE_NOT_RUNNING: error_string = "The TBS service is not running and could not be started."; break; case TBS_E_TOO_MANY_TBS_CONTEXTS: error_string = "A new context could not be created because there are too many open contexts."; break; case TBS_E_TOO_MANY_RESOURCES: error_string = "A new virtual resource could not be created because there are too many open " "virtual resources."; break; case TBS_E_SERVICE_START_PENDING: error_string = "The TBS service has been started but is not yet running."; break; case TBS_E_PPI_NOT_SUPPORTED: error_string = "The physical presence interface is not supported."; break; case TBS_E_COMMAND_CANCELED: error_string = "The command was canceled."; break; case TBS_E_BUFFER_TOO_LARGE: error_string = "The input or output buffer is too large."; break; case TBS_E_TPM_NOT_FOUND: error_string = "A compatible Trusted Platform Module (TPM) Security Device cannot be found " "on this computer."; break; case TBS_E_SERVICE_DISABLED: error_string = "The TBS service has been disabled."; break; case TBS_E_NO_EVENT_LOG: error_string = "The TBS event log is not available."; break; case TBS_E_ACCESS_DENIED: error_string = "The caller does not have the appropriate rights to perform the requested operation."; break; case TBS_E_PROVISIONING_NOT_ALLOWED: error_string = "The TPM provisioning action is not allowed by the specified flags."; break; case TBS_E_PPI_FUNCTION_UNSUPPORTED: error_string = "The Physical Presence Interface of this firmware does not support the " "requested method."; break; case TBS_E_OWNERAUTH_NOT_FOUND: error_string = "The requested TPM OwnerAuth value was not found."; break; /* a few error codes from WinError.h */ case TPM_E_COMMAND_BLOCKED: error_string = "The command was blocked."; break; default: error_string = "unknown error type\n"; break; } printf("%s %s\n", prefix, error_string); return; } #endif /* TPM_WINDOWS */ ./utils/getrandom.c0000644000175000017500000002124613075204375012462 0ustar lo1lo1/********************************************************************************/ /* */ /* GetRandom */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: getrandom.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; GetRandom_In in; GetRandom_Out out; uint32_t bytesRequested = 0; uint32_t bytesCopied; const char *outFilename = NULL; unsigned char *randomBuffer = NULL; int noZeros = FALSE; int noSpace = FALSE; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((bytesRequested == 0) || (bytesRequested > 0xffff)) { printf("Missing or bad parameter -by\n"); printUsage(); } /* allocate a buffer for the bytes requested, add 1 for optional nul terminator */ if (rc == 0) { rc = TSS_Malloc(&randomBuffer, bytesRequested + 1); /* freed @1 */ } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* This is somewhat optimized, but if a zero byte is obtained in the last pass, an extra pass is needed. The trade-off is that, in general, asking for more random numbers than needed may slow down the TPM. In any case, needing non-zero values for random auth should not happen very often. */ for (bytesCopied = 0 ; (rc == 0) && (bytesCopied < bytesRequested) ; ) { /* Request whatever is left */ if (rc == 0) { in.bytesRequested = bytesRequested - bytesCopied; } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_GetRandom, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } if (rc == 0) { if (verbose) TSS_PrintAll("randomBytes in pass", out.randomBytes.t.buffer, out.randomBytes.t.size); size_t br; /* copy as many bytes as were received or until bytes requested */ for (br = 0 ; (br < out.randomBytes.t.size) && (bytesCopied < bytesRequested) ; br++) { if (!noZeros || (out.randomBytes.t.buffer[br] != 0)) { randomBuffer[bytesCopied] = out.randomBytes.t.buffer[br]; bytesCopied++; } } } if (rc == 0) { if (noZeros) { randomBuffer[bytesCopied] = 0x00; } } } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (outFilename != NULL)) { rc = TSS_File_WriteBinaryFile(randomBuffer, bytesRequested + (noZeros ? 1 : 0), outFilename); } if (rc == 0) { /* machine readable format */ if (noSpace) { uint32_t bp; for (bp = 0 ; bp < bytesRequested ; bp++) { printf("%02x", randomBuffer[bp]); } printf("\n"); } /* human readable format */ else { TSS_PrintAll("randomBytes", randomBuffer, bytesRequested); } } else { const char *msg; const char *submsg; const char *num; printf("getrandom: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } free(randomBuffer); /* @1 */ return rc; } static void printUsage(void) { printf("\n"); printf("getrandom\n"); printf("\n"); printf("Runs TPM2_GetRandom\n"); printf("\n"); printf("\t-by bytes requested\n"); printf("\t[-of output file, with -nz, appends nul terminator (default do not save)]\n"); printf("\t[-nz get random number with no zero bytes (for authorization value)]\n"); printf("\t[-ns no space, no text, no newlines]\n"); printf("\t\tjust a string of hexascii suitable for a symmetric key\n"); printf("\t-se[0-2] session handle / attributes\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/tssproperties.h0000644000175000017500000001232213051370137013422 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Configuration Properties */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssproperties.h 941 2017-02-16 18:33:03Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is an internal TSS file, subject to change. Applications should not include it. */ #ifndef TSSPROPERTIES_H #define TSSPROPERTIES_H #ifndef TPM_TSS #define TPM_TSS #endif #include #ifdef TPM_WINDOWS #include #include #ifdef TPM_WINDOWS_TBSI /* Windows 7 */ #if defined TPM_WINDOWS_TBSI_WIN7 #include /* Windows 8, 10 */ #elif defined TPM_WINDOWS_TBSI_WIN8 #include #else #error "Must define either TPM_WINDOWS_TBSI_WIN7 or TPM_WINDOWS_TBSI_WIN8" #endif #endif typedef SOCKET TSS_SOCKET_FD; #endif /* TPM_WINDOWS */ #ifdef TPM_POSIX #ifndef TPM_NOSOCKET typedef int TSS_SOCKET_FD; #endif /* TPM_NOSOCKET */ #endif /* TPM_POSIX */ #ifdef __cplusplus extern "C" { #endif #include #include "tssauth.h" /* Structure to hold session data within the context */ typedef struct TSS_SESSIONS { TPMI_SH_AUTH_SESSION sessionHandle; uint8_t *sessionData; uint16_t sessionDataLength; } TSS_SESSIONS; /* Structure to hold transient or persistent object data within the context */ typedef struct TSS_OBJECT_PUBLIC { TPM_HANDLE objectHandle; TPM2B_NAME name; TPM2B_PUBLIC objectPublic; } TSS_OBJECT_PUBLIC; /* Structure to hold NV index data within the context */ typedef struct TSS_NVPUBLIC { TPMI_RH_NV_INDEX nvIndex; TPM2B_NAME name; TPMS_NV_PUBLIC nvPublic; } TSS_NVPUBLIC; /* Context for TSS global parameters. NOTE: Keep this in sync with TSS_Properties_Init() and TSS_Delete() */ struct TSS_CONTEXT { TSS_AUTH_CONTEXT *tssAuthContext; /* directory for persistant storage */ const char *tssDataDirectory; /* encrypt saved session state */ int tssEncryptSessions; /* saved session encryption key. This seems to port to openssl 1.0 and 1.1, but will have to become a malloced void * for other crypto libraries. */ #ifndef TPM_TSS_NOCRYPTO void *tssSessionEncKey; void *tssSessionDecKey; #endif /* a minimal TSS with no file support stores the sessions, objects, and NV metadata in a structure. Scripting will not work, and persistent objects will not work, but a single application will otherwise work. */ #ifdef TPM_TSS_NOFILE TSS_SESSIONS sessions[MAX_ACTIVE_SESSIONS]; TSS_OBJECT_PUBLIC objectPublic[64]; TSS_NVPUBLIC nvPublic[64]; #endif /* ports, host name, server (packet) type for socket interface */ short tssCommandPort; short tssPlatformPort; const char *tssServerName; const char *tssServerType; /* interface type */ const char *tssInterfaceType; /* device driver interface */ const char *tssDevice; /* TRUE for the first time through, indicates that interface open must occur */ int tssFirstTransmit; /* socket file descriptor */ #ifndef TPM_NOSOCKET TSS_SOCKET_FD sock_fd; #endif /* TPM_NOSOCKET */ /* Linux device file descriptor */ int dev_fd; /* Windows device driver handle */ #ifdef TPM_WINDOWS #ifdef TPM_WINDOWS_TBSI TBS_HCONTEXT hContext; #endif #endif }; TPM_RC TSS_GlobalProperties_Init(void); TPM_RC TSS_Properties_Init(TSS_CONTEXT *tssContext); #ifdef __cplusplus } #endif #endif ./utils/verifysignature.c0000644000175000017500000002474313102710032013714 0ustar lo1lo1/********************************************************************************/ /* */ /* VerifySignature */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: verifysignature.c 1002 2017-05-04 20:33:30Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "cryptoutils.h" static void printUsage(void); TPM_RC rawUnmarshal(TPMT_SIGNATURE *target, TPMI_ALG_PUBLIC algPublic, TPMI_ALG_HASH halg, uint8_t *buffer, size_t length); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; VerifySignature_In in; VerifySignature_Out out; TPMI_DH_OBJECT keyHandle = 0; const char *pemFilename = NULL; const char *signatureFilename = NULL; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; const char *messageFilename = NULL; int doHash = TRUE; const char *ticketFilename = NULL; int raw = FALSE; /* default TPMT_SIGNATURE */ unsigned char *data = NULL; /* message */ size_t dataLength; uint8_t *buffer = NULL; /* for the free */ uint8_t *buffer1 = NULL; /* for marshaling */ size_t length = 0; uint32_t sizeInBytes; /* hash algorithm mapped to size */ TPMT_HA digest; /* digest of the message */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i= 0x0600) #ifdef __cplusplus extern "C" { #endif typedef UINT32 TBS_RESULT; typedef enum _TBS_COMMAND_LOCALITY { TBS_COMMAND_LOCALITY_ZERO = 0, TBS_COMMAND_LOCALITY_ONE, TBS_COMMAND_LOCALITY_TWO, TBS_COMMAND_LOCALITY_THREE, TBS_COMMAND_LOCALITY_FOUR } TBS_COMMAND_LOCALITY; typedef enum _TBS_COMMAND_PRIORITY { TBS_COMMAND_PRIORITY_LOW = 100, TBS_COMMAND_PRIORITY_NORMAL = 200, TBS_COMMAND_PRIORITY_HIGH = 300, TBS_COMMAND_PRIORITY_SYSTEM = 400, TBS_COMMAND_PRIORITY_MAX = 0x80000000 } TBS_COMMAND_PRIORITY; typedef struct _TBS_CONTEXT_PARAMS { UINT32 version; } TBS_CONTEXT_PARAMS; /* Added for Windows 8 */ #define TBS_CONTEXT_VERSION_TWO 2 #define TBS_SUCCESS 0 typedef struct tdTBS_CONTEXT_PARAMS2 { UINT32 version; union { struct { UINT32 requestRaw : 1; // if set to 1, request raw context UINT32 includeTpm12 : 1; // if 1.2 device present, can use this UINT32 includeTpm20 : 1; // if 2.0 device present, can use this }; UINT32 asUINT32; }; } TBS_CONTEXT_PARAMS2, *PTBS_CONTEXT_PARAMS2; typedef LPVOID TBS_HCONTEXT; #if defined TPM_WINDOWS_TBSI_WIN7 TBS_RESULT WINAPI Tbsi_Context_Create(const TBS_CONTEXT_PARAMS *pContextParams,TBS_HCONTEXT *phContext); #elif defined TPM_WINDOWS_TBSI_WIN8 TBS_RESULT WINAPI Tbsi_Context_Create(const TBS_CONTEXT_PARAMS2 *pContextParams,TBS_HCONTEXT *phContext); #endif TBS_RESULT WINAPI Tbsi_Get_TCG_Log(TBS_HCONTEXT hContext,BYTE *pOutputBuf,UINT32 *pOutputBufLen); TBS_RESULT WINAPI Tbsi_Physical_Presence_Command(TBS_HCONTEXT hContext,const BYTE *pInputBuf,UINT32 InputBufLen,BYTE *pOutputBuf,UINT32 *pOutputBufLen); TBS_RESULT WINAPI Tbsip_Cancel_Commands(TBS_HCONTEXT hContext); TBS_RESULT WINAPI Tbsip_Context_Close(TBS_HCONTEXT hContext); TBS_RESULT WINAPI Tbsip_Submit_Command(TBS_HCONTEXT hContext,TBS_COMMAND_LOCALITY locality,TBS_COMMAND_PRIORITY priority,const BYTE *pCommandBuf,UINT32 commandBufLen,BYTE *pResultBuf,UINT32 *pResultBufLen); #ifdef __cplusplus } #endif #endif /*(_WIN32_WINNT >= 0x0600)*/ #endif /*_INC_TBH*/ ./utils/hmacstart.c0000644000175000017500000001674513075204375012500 0ustar lo1lo1/********************************************************************************/ /* */ /* HmacStart */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: hmacstart.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; HMAC_Start_In in; HMAC_Start_Out out; TPMI_DH_OBJECT keyHandle = 0; const char *keyPassword = NULL; const char *authPassword = NULL; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (keyHandle == 0) { printf("Missing handle parameter -hk\n"); printUsage(); } if (rc == 0) { /* Handle of key that will perform hmac */ in.handle = keyHandle; /* auth value for sequence */ rc = TSS_TPM2B_StringCopy(&in.auth.b, authPassword, sizeof(TPMU_HA)); } if (rc == 0) { in.hashAlg = halg; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_HMAC_Start, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { printf("hmacstart: handle %08x\n", out.sequenceHandle); if (verbose) printf("hmacstart: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("hmacstart: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("hmac\n"); printf("\n"); printf("Runs TPM2_Hmac_Start\n"); printf("\n"); printf("\t-hk key handle\n"); printf("\t-pwdk password for key (default empty)\n"); printf("\t-pwda password for sequence (default empty)\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/makefile0000640000175000017500000004737313133212577012041 0ustar lo1lo1################################################################################ # # # Linux TPM2 Utilities Makefile # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile 1034 2017-06-30 20:49:51Z kgoldman $ # # # # (c) Copyright IBM Corporation 2014, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # C compiler CC = /usr/bin/gcc # compile - common flags for TSS library and applications CCFLAGS += -DTPM_POSIX # example of pointing to a locally built openssl 1.1 # CCFLAGS += -I/home/kgold/openssl-1.1.0c/include # compile - for TSS library # include the hardening flag PIC needed for compiling for dynamic # linking CCLFLAGS += -I. -DTPM_TSS \ -fPIC # to compile out printf's. Regression test will fail because it tries # to print a structure -DTPM_NO_PRINT # example of changing the default interface type # -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" # compile - for applications # include the hardening flag PIE needed for compiling for # static linking CCAFLAGS += -I. \ -fPIE # link - common flags flags TSS library and applications LNFLAGS += -DTPM_POSIX \ -L. # This seems to be required on some Ubuntu distros due to an issue with the gold linker # -fuse-ld=bfd # example of pointing to a locally built openssl 1.1 # LNFLAGS += -L/home/kgold/openssl-1.1.0c # This also requires setting the environment variable LD_LIBRARY_PATH. E.g., # setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl-1.1.0c # link - for TSS library # hardening flags for linking shared objects LNLFLAGS += -shared -Wl,-z,now # This is an alternative to using the bfd linker on Ubuntu LNLLIBS += -lcrypto # link - for applications, TSS path, TSS and OpenSSl libraries # hardening flags for linking executables LNAFLAGS += -pie -Wl,-z,now -Wl,-rpath,. LNALIBS += -ltss -lcrypto # shared library # versioned shared library LIBTSSVERSIONED=libtss.so.0.1 # soname field of the shared library # which will be made symbolic link to the versioned shared library # this is used to provide version backward-compatibility information LIBTSSSONAME=libtss.so.0 # symbolic link to the versioned shared library # this allows linking to the shared library with '-ltss' os := $(shell uname -o) ifeq ($(os),Cygwin) LIBTSS=libtss.dll else LIBTSS=libtss.so endif # executable extension EXE = # TSS_HEADERS= # default TSS library TSS_OBJS = tssfile.o \ tsscryptoh.o \ tsscrypto.o # common to all builds include makefile-common # default build target all: $(ALL) # TSS shared library source tss.o: $(TSS_HEADERS) tss.c $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c tssproperties.o: $(TSS_HEADERS) tssproperties.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c tssauth.o: $(TSS_HEADERS) tssauth.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c tssmarshal.o: $(TSS_HEADERS) tssmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c tsscrypto.o: $(TSS_HEADERS) tsscrypto.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c tssutils.o: $(TSS_HEADERS) tssutils.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c tssfile.o: $(TSS_HEADERS) tssfile.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c tsssocket.o: $(TSS_HEADERS) tsssocket.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c tssdev.o: $(TSS_HEADERS) tssdev.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c tsstransmit.o: $(TSS_HEADERS) tsstransmit.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c tssccattributes.o: $(TSS_HEADERS) tssccattributes.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c fail.o: $(TSS_HEADERS) fail.c $(CC) $(CCFLAGS) $(CCLFLAGS) fail.c tssprint.o: $(TSS_HEADERS) tssprint.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c Unmarshal.o: $(TSS_HEADERS) Unmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c Commands.o: $(TSS_HEADERS) Commands.c $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c ntc2lib.o: $(TSS_HEADERS) ntc2lib.c $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c tssntc.o: $(TSS_HEADERS) tssntc.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c # TSS shared library build $(LIBTSS): $(TSS_OBJS) $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS) rm -f $(LIBTSSSONAME) ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) rm -f $(LIBTSS) ln -sf $(LIBTSSSONAME) $(LIBTSS) .PHONY: clean .PRECIOUS: %.o clean: rm -f *.o *~ \ h*.bin \ rm -f $(LIBTSSSONAME) \ rm -f $(LIBTSSVERSIONED) \ $(ALL) # applications activatecredential: tss2/tss.h activatecredential.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential eventextend: eventextend.o eventlib.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o eventlib.o $(LNALIBS) -o eventextend imaextend: imaextend.o imalib.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o imalib.o $(LNALIBS) -o imaextend certify: tss2/tss.h certify.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify certifycreation: tss2/tss.h certifycreation.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation changeeps: tss2/tss.h changeeps.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps changepps: tss2/tss.h changepps.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps clear: tss2/tss.h clear.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear clearcontrol: tss2/tss.h clearcontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol clockrateadjust: tss2/tss.h clockrateadjust.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust clockset: tss2/tss.h clockset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset commit: tss2/tss.h commit.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit contextload: tss2/tss.h contextload.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload contextsave: tss2/tss.h contextsave.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave create: tss2/tss.h create.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o cryptoutils.o $(LNALIBS) -o create createloaded: tss2/tss.h createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createloaded createprimary: tss2/tss.h createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createprimary dictionaryattacklockreset: tss2/tss.h dictionaryattacklockreset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset dictionaryattackparameters: tss2/tss.h dictionaryattackparameters.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters duplicate: tss2/tss.h duplicate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate eccparameters: tss2/tss.h eccparameters.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters ecephemeral: tss2/tss.h ecephemeral.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral encryptdecrypt: tss2/tss.h encryptdecrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt eventsequencecomplete: tss2/tss.h eventsequencecomplete.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete evictcontrol: tss2/tss.h evictcontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol flushcontext: tss2/tss.h flushcontext.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext getcommandauditdigest: tss2/tss.h getcommandauditdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest getcapability: tss2/tss.h getcapability.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability getrandom: tss2/tss.h getrandom.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom getsessionauditdigest: tss2/tss.h getsessionauditdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest gettime: tss2/tss.h gettime.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime hashsequencestart: tss2/tss.h hashsequencestart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart hash: tss2/tss.h hash.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash hierarchycontrol: tss2/tss.h hierarchycontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol hierarchychangeauth: tss2/tss.h hierarchychangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth hmac: tss2/tss.h hmac.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac hmacstart: tss2/tss.h hmacstart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart import: tss2/tss.h import.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import importpem: tss2/tss.h importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LNALIBS) -o importpem load: tss2/tss.h load.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load loadexternal: tss2/tss.h loadexternal.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o cryptoutils.o ekutils.o $(LNALIBS) -o loadexternal makecredential: tss2/tss.h makecredential.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential nvcertify: tss2/tss.h nvcertify.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify nvchangeauth: tss2/tss.h nvchangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth nvdefinespace: tss2/tss.h nvdefinespace.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace nvextend: tss2/tss.h nvextend.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend nvglobalwritelock: tss2/tss.h nvglobalwritelock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock nvincrement: tss2/tss.h nvincrement.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement nvread: tss2/tss.h nvread.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o cryptoutils.o ekutils.o $(LNALIBS) -o nvread nvreadlock: tss2/tss.h nvreadlock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock nvreadpublic: tss2/tss.h nvreadpublic.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic nvsetbits: tss2/tss.h nvsetbits.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits nvundefinespace: tss2/tss.h nvundefinespace.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace nvundefinespacespecial: tss2/tss.h nvundefinespacespecial.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial nvwrite: tss2/tss.h nvwrite.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o cryptoutils.o ekutils.o $(LNALIBS) -o nvwrite nvwritelock: tss2/tss.h nvwritelock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock objectchangeauth: tss2/tss.h objectchangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth pcrallocate: tss2/tss.h pcrallocate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate pcrevent: tss2/tss.h pcrevent.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent pcrextend: tss2/tss.h pcrextend.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend pcrread: tss2/tss.h pcrread.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread pcrreset: tss2/tss.h pcrreset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset policyauthorize: tss2/tss.h policyauthorize.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize policyauthvalue: tss2/tss.h policyauthvalue.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue policycommandcode: tss2/tss.h policycommandcode.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode policycphash: tss2/tss.h policycphash.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash policycountertimer : tss2/tss.h policycountertimer.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer policygetdigest: tss2/tss.h policygetdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest policymaker: tss2/tss.h policymaker.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker policymakerpcr: tss2/tss.h policymakerpcr.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr policyauthorizenv: tss2/tss.h policyauthorizenv.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv policynv: tss2/tss.h policynv.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv policynvwritten: tss2/tss.h policynvwritten.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten policyor: tss2/tss.h policyor.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor policypassword: tss2/tss.h policypassword.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword policypcr: tss2/tss.h policypcr.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr policyrestart: tss2/tss.h policyrestart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart policysigned: tss2/tss.h policysigned.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned policysecret: tss2/tss.h policysecret.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret policytemplate: tss2/tss.h policytemplate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate policyticket: tss2/tss.h policyticket.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket quote: tss2/tss.h quote.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote powerup: tss2/tss.h powerup.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup readclock: tss2/tss.h readclock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock readpublic: tss2/tss.h readpublic.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o cryptoutils.o $(LNALIBS) -o readpublic returncode: tss2/tss.h returncode.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode rewrap: tss2/tss.h rewrap.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap rsadecrypt: tss2/tss.h rsadecrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt rsaencrypt: tss2/tss.h rsaencrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt sequenceupdate: tss2/tss.h sequenceupdate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate sequencecomplete: tss2/tss.h sequencecomplete.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete setprimarypolicy: tss2/tss.h setprimarypolicy.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy shutdown: tss2/tss.h shutdown.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown sign: tss2/tss.h sign.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sign.o $(LNALIBS) -o sign startauthsession: tss2/tss.h startauthsession.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession startup: tss2/tss.h startup.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup stirrandom: tss2/tss.h stirrandom.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom unseal: tss2/tss.h unseal.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal verifysignature: tss2/tss.h verifysignature.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o cryptoutils.o $(LNALIBS) -o verifysignature signapp: tss2/tss.h signapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o ekutils.o cryptoutils.o $(LNALIBS) -o signapp writeapp: tss2/tss.h writeapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o ekutils.o cryptoutils.o $(LNALIBS) -o writeapp timepacket: tss2/tss.h timepacket.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket createek: createek.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createek.o cryptoutils.o ekutils.o $(LNALIBS) -o createek ntc2getconfig: ntc2getconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig ntc2preconfig: ntc2preconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig ntc2lockconfig: ntc2lockconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig # for applications, not for TSS library %.o: %.c tss2/tss.h $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ ./utils/nvread.c0000644000175000017500000002266113075204375011763 0ustar lo1lo1/********************************************************************************/ /* */ /* NV Read */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvread.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include "ekutils.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_Read_In in; NV_Read_Out out; uint16_t offset = 0; /* default 0 */ uint16_t readLength = 0; /* bytes to read */ char hierarchyAuthChar = 0; const char *datafilename = NULL; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; unsigned char *readBuffer = NULL; uint32_t nvBufferMax; uint16_t bytesRead; /* bytes read so far */ int done = FALSE; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } /* Authorization handle */ if (rc == 0) { if (hierarchyAuthChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyAuthChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else if (hierarchyAuthChar == 0) { in.authHandle = nvIndex; } else { printf("\n"); printUsage(); } } if (rc == 0) { if (readLength > 0) { readBuffer = malloc(readLength); /* freed @1 */ if (readBuffer == NULL) { printf("Cannot malloc %u bytes for read buffer\n", readLength); exit(1); } } else { readBuffer = NULL; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* data may have to be read in chunks. Read the TPM_PT_NV_BUFFER_MAX, the chunk size */ if (rc == 0) { rc = readNvBufferMax(tssContext, &nvBufferMax); } if (rc == 0) { in.nvIndex = nvIndex; in.offset = offset; /* start at supplied offset */ bytesRead = 0; /* bytes read so far */ } /* call TSS to execute the command */ while ((rc == 0) && !done) { if (rc == 0) { /* read a chunk */ in.offset = offset + bytesRead; if ((uint32_t)(readLength - bytesRead) < nvBufferMax) { in.size = readLength - bytesRead; /* last chunk */ } else { in.size = nvBufferMax; /* next chunk */ } } if (rc == 0) { if (verbose) printf("nvread: reading %u bytes\n", in.size); rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_Read, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } /* copy the results to the read buffer */ if (rc == 0) { memcpy(readBuffer + bytesRead, out.data.b.buffer, out.data.b.size); bytesRead += out.data.b.size; if (bytesRead == readLength) { done = TRUE; } } } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (datafilename != NULL)) { rc = TSS_File_WriteBinaryFile(readBuffer, readLength, datafilename); } if (rc == 0) { if (verbose) printf("nvread: success\n"); TSS_PrintAll("nvread: data", readBuffer, readLength); } else { const char *msg; const char *submsg; const char *num; printf("nvread: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } free(readBuffer); /* @1 */ return rc; } static void printUsage(void) { printf("\n"); printf("nvread\n"); printf("\n"); printf("Runs TPM2_NV_Read\n"); printf("\n"); printf("\t[-hia hierarchy authorization (o, p)(default index authorization)]\n"); printf("\t-ha NV index handle\n"); printf("\t[-pwdn password for NV index (default empty)]\n"); printf("\t[-sz data size (default 0)]\n"); printf("\t[-off offset (default 0)]\n"); printf("\t[-of data file (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/policycountertimer.c0000644000175000017500000002101413075204375014433 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyCounterTimer */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policycountertimer.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyCounterTimer_In in; TPMI_SH_POLICY policySession = 0; const char *operandBData = NULL; const char *operandBFilename = NULL; uint16_t offset = 0; /* default 0 */ TPM_EO operation = 0; /* default A = B */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (policySession == 0) { printf("Missing policy session handle parameter -hs\n"); printUsage(); } if ((operandBData == NULL) && (operandBFilename == NULL)) { printf("operandB data string or data file must be specified\n"); printUsage(); } if ((operandBData != NULL) && (operandBFilename != NULL)) { printf("operandB data string and data file cannot both be specified\n"); printUsage(); } if (rc == 0) { in.policySession = policySession; in.offset = offset; in.operation = operation; } if (operandBData != NULL) { rc = TSS_TPM2B_StringCopy(&in.operandB.b, operandBData, sizeof(TPMU_HA)); } if (operandBFilename != NULL) { rc = TSS_File_Read2B(&in.operandB.b, sizeof(TPMU_HA), operandBFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyCounterTimer, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policycountertimer: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policycountertimer: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policycountertimer\n"); printf("\n"); printf("Runs TPM2_PolicyCounterTimer\n"); printf("\n"); printf("\t-ha policy session handle\n"); printf("\t-ic data string (operandB)\n"); printf("\t-if data file (operandB) \n"); printf("\t[-off offset (default 0)]\n"); printf("\t-op operation (default A = B)\n"); printf("\t\t0 A = B \n"); printf("\t\t1 A != B \n"); printf("\t\t2 A > B signed \n"); printf("\t\t3 A > B unsigned \n"); printf("\t\t4 A < B signed \n"); printf("\t\t5 A < B unsigned \n"); printf("\t\t6 A >= B signed \n"); printf("\t\t7 A >= B unsigned \n"); printf("\t\t8 A <= B signed \n"); printf("\t\t9 A <= B unsigned \n"); printf("\t\tA All bits SET in B are SET in A. ((A&B)=B) \n"); printf("\t\tB All bits SET in B are CLEAR in A. ((A&B)=0) \n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/cryptoutils.h0000644000175000017500000001567513115776262013125 0ustar lo1lo1/********************************************************************************/ /* */ /* OpenSSL Crypto Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: cryptoutils.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef CRYPTUTILS_H #define CRYPTUTILS_H #include #include #ifdef __cplusplus extern "C" { #endif TPM_RC convertPemToEvpPrivKey(EVP_PKEY **evpPkey, const char *pemKeyFilename, const char *password); TPM_RC convertPemToEvpPubKey(EVP_PKEY **evpPkey, const char *pemKeyFilename); TPM_RC convertEvpPkeyToEckey(EC_KEY **ecKey, EVP_PKEY *evpPkey); TPM_RC convertEvpPkeyToRsakey(RSA **rsaKey, EVP_PKEY *evpPkey); TPM_RC convertEcKeyToPrivateKeyBin(int *privateKeyBytes, uint8_t **privateKeyBin, const EC_KEY *ecKey); TPM_RC convertRsaKeyToPrivateKeyBin(int *privateKeyBytes, uint8_t **privateKeyBin, const RSA *rsaKey); TPM_RC convertEcKeyToPublicKeyBin(int *modulusBytes, uint8_t **modulusBin, const EC_KEY *ecKey); TPM_RC convertRsaKeyToPublicKeyBin(int *modulusBytes, uint8_t **modulusBin, const RSA *rsaKey); TPM_RC convertEcPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, int privateKeyBytes, uint8_t *privateKeyBin, const char *password); TPM_RC convertRsaPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, TPM2B_SENSITIVE *objectSensitive, int privateKeyBytes, uint8_t *privateKeyBin, const char *password); TPM_RC convertEcPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, int modulusBytes, uint8_t *modulusBin); TPM_RC convertRsaPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, int modulusBytes, uint8_t *modulusBin); TPM_RC convertEcKeyToPrivate(TPM2B_PRIVATE *objectPrivate, EC_KEY *ecKey, const char *password); TPM_RC convertRsaKeyToPrivate(TPM2B_PRIVATE *objectPrivate, TPM2B_SENSITIVE *objectSensitive, RSA *rsaKey, const char *password); TPM_RC convertEcKeyToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, EC_KEY *ecKey); TPM_RC convertRsaKeyToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, RSA *rsaKey); TPM_RC convertEcPemToKeyPair(TPM2B_PUBLIC *objectPublic, TPM2B_PRIVATE *objectPrivate, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename, const char *password); TPM_RC convertEcPemToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename); TPM_RC convertRsaPemToKeyPair(TPM2B_PUBLIC *objectPublic, TPM2B_PRIVATE *objectPrivate, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename, const char *password); TPM_RC convertRsaDerToKeyPair(TPM2B_PUBLIC *objectPublic, TPM2B_SENSITIVE *objectSensitive, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *derKeyFilename); TPM_RC convertRsaPemToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename); TPM_RC getRsaKeyParts(const BIGNUM **n, const BIGNUM **e, const BIGNUM **d, const BIGNUM **p, const BIGNUM **q, const RSA *rsaKey); int getRsaPubkeyAlgorithm(EVP_PKEY *pkey); TPM_RC convertPublicToPEM(const TPM2B_PUBLIC *public, const char *pemFilename); TPM_RC convertRsaPublicToEvpPubKey(EVP_PKEY **evpPubkey, const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa); TPM_RC convertEcPublicToEvpPubKey(EVP_PKEY **evpPubkey, const TPMS_ECC_POINT *tpmsEccPoint); TPM_RC convertEvpPubkeyToPem(EVP_PKEY *evpPubkey, const char *pemFilename); TPM_RC verifySignatureFromPem(unsigned char *message, unsigned int messageSize, TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, const char *pemFilename); TPM_RC verifyRSASignatureFromEvpPubKey(unsigned char *message, unsigned int messageSize, TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, EVP_PKEY *evpPkey); TPM_RC verifyEcSignatureFromEvpPubKey(unsigned char *message, unsigned int messageSize, TPMT_SIGNATURE *tSignature, EVP_PKEY *evpPkey); TPM_RC convertRsaBinToTSignature(TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, uint8_t *signatureBin, size_t signatureBinLen); TPM_RC convertEcBinToTSignature(TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, const uint8_t *signatureBin, size_t signatureBinLen); TPM_RC convertBin2Bn(BIGNUM **bn, const unsigned char *bin, unsigned int bytes); #ifdef __cplusplus } #endif #endif ./utils/makefile.mak0000644000175000017500000001716613125534557012617 0ustar lo1lo1################################################################################# # # # Windows MinGW TPM2 Makefile # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile.mak 1034 2017-06-30 20:49:51Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015. # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # C compiler CC = "c:/program files/mingw/bin/gcc.exe" # compile - common flags for TSS library and applications CCFLAGS += \ -DTPM_WINDOWS \ -I. \ -I"c:/program files/MinGW/include" \ -I"c:/program files/openssl/include" \ # compile - for TSS library CCLFLAGS += -DTPM_TSS # link - common flags flags TSS library and applications LNFLAGS += \ -D_MT \ -DTPM_WINDOWS \ -I"c:/program files/MinGW/include" \ -I"c:/program files/openssl/include" \ -I. # link - for TSS library LNLFLAGS += # link - for applications, TSS path, TSS and OpenSSl libraries LNAFLAGS += LNLIBS = "c:/program files/openssl/lib/mingw/libeay32.a" \ "c:/program files/openssl/lib/mingw/ssleay32.a" \ "c:/program files/MinGW/lib/libws2_32.a" # shared library LIBTSS=libtss.dll # executable extension EXE=.exe # ALL = # default TSS library TSS_OBJS = tssfile.o \ tsscryptoh.o \ tsscrypto.o # common to all builds include makefile-common # Uncomment for TBSI # CCFLAGS += -DTPM_WINDOWS_TBSI \ # -DTPM_WINDOWS_TBSI_WIN8 \ # -D_WIN32_WINNT=0x0600 # TSS_OBJS += tsstbsi.o # LNLIBS += C:\PROGRA~2\WI3CF2~1\8.0\Lib\win8\um\x86\Tbs.lib # #LNLIBS += c:/progra~1/Micros~2/Windows/v7.1/lib/Tbs.lib # default build target all: $(ALL) # TSS shared library source tss.o: $(TSS_HEADERS) tss.c $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c tssproperties.o: $(TSS_HEADERS) tssproperties.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c tssauth.o: $(TSS_HEADERS) tssauth.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c tssmarshal.o: $(TSS_HEADERS) tssmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c tsscrypto.o: $(TSS_HEADERS) tsscrypto.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c tssutils.o: $(TSS_HEADERS) tssutils.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c tssfile.o: $(TSS_HEADERS) tssfile.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c tsssocket.o: $(TSS_HEADERS) tsssocket.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c tssdev.o: $(TSS_HEADERS) tssdev.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c tsstransmit.o: $(TSS_HEADERS) tsstransmit.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c tssccattributes.o: $(TSS_HEADERS) tssccattributes.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c fail.o: $(TSS_HEADERS) fail.c $(CC) $(CCFLAGS) $(CCLFLAGS) fail.c tssprint.o: $(TSS_HEADERS) tssprint.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c Unmarshal.o: $(TSS_HEADERS) Unmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c Commands.o: $(TSS_HEADERS) Commands.c $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c ntc2lib.o: $(TSS_HEADERS) ntc2lib.c $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c tssntc.o: $(TSS_HEADERS) tssntc.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c # TSS shared library build $(LIBTSS): $(TSS_OBJS) $(CC) $(LNFLAGS) $(LNLFLAGS) -shared -o $(LIBTSS) $(TSS_OBJS) \ -Wl,--out-implib,libtss.a $(LNLIBS) .PHONY: clean .PRECIOUS: %.o clean: rm -f *.o *~ \ $(LIBTSS) \ $(ALL) create.exe: create.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) createloaded.exe: createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) createprimary.exe: createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o objecttemplates.o cryptoutils.o $(LNLIBS) $(LIBTSS) eventextend.exe: eventextend.o eventlib.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o eventlib.o $(LNLIBS) $(LIBTSS) imaextend.exe: imaextend.o imalib.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o imalib.o $(LNLIBS) $(LIBTSS) createek.exe: createek.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) importpem.exe: importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o objecttemplates.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) loadexternal.exe: loadexternal.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o cryptoutils.o ekutils.o $(LNLIBS) $(LIBTSS) nvread.exe: nvread.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) nvwrite.exe: nvwrite.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) readpublic.exe: readpublic.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o cryptoutils.o $(LNLIBS) $(LIBTSS) verifysignature.exe: verifysignature.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o cryptoutils.o $(LNLIBS) $(LIBTSS) signapp.exe: signapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) writeapp.exe: writeapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) pprovision.exe: pprovision.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o ekutils.o cryptoutils.o $(LNLIBS) $(LIBTSS) %.exe: %.o applink.o $(LIBTSS) $(CC) $(LNFLAGS) -L. -ltss $< -o $@ applink.o $(LNLIBS) $(LIBTSS) %.o: %.c $(CC) $(CCFLAGS) $< -o $@ ./utils/contextsave.c0000644000175000017500000001142013075204375013036 0ustar lo1lo1/********************************************************************************/ /* */ /* ContextSave */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: contextsave.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ContextSave_In in; ContextSave_Out out; TPMI_DH_CONTEXT saveHandle = 0; const char *contextFilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include extern int tssVverbose; extern int tssVerbose; /* local prototypes */ static TPM_RC TSS_MGF1(unsigned char *mask, uint32_t maskLen, const unsigned char *mgfSeed, uint16_t mgfSeedlen, TPMI_ALG_HASH halg); /* TSS_HMAC_Generate() can be called directly to HMAC a list of streams. The ... arguments are a message list of the form int length, unsigned char *buffer terminated by a 0 length */ /* On call, digest->hashAlg is the desired hash algorithm */ TPM_RC TSS_HMAC_Generate(TPMT_HA *digest, /* largest size of a digest */ const TPM2B_KEY *hmacKey, ...) { TPM_RC rc = 0; va_list ap; va_start(ap, hmacKey); rc = TSS_HMAC_Generate_valist(digest, hmacKey, ap); va_end(ap); return rc; } /* TSS_HMAC_Verify() can be called directly to check the HMAC of a list of streams. The ... arguments are a list of the form int length, unsigned char *buffer terminated by a 0 length */ TPM_RC TSS_HMAC_Verify(TPMT_HA *expect, const TPM2B_KEY *hmacKey, uint32_t sizeInBytes, ...) { TPM_RC rc = 0; int irc; va_list ap; TPMT_HA actual; actual.hashAlg = expect->hashAlg; /* algorithm for the HMAC calculation */ va_start(ap, sizeInBytes); if (rc == 0) { rc = TSS_HMAC_Generate_valist(&actual, hmacKey, ap); } if (rc == 0) { irc = memcmp((uint8_t *)&expect->digest, &actual.digest, sizeInBytes); if (irc != 0) { TSS_PrintAll("TSS_HMAC_Verify: calculated HMAC", (uint8_t *)&actual.digest, sizeInBytes); rc = TSS_RC_HMAC_VERIFY; } } va_end(ap); return rc; } /* TSS_KDFA() 11.4.9 Key Derivation Function As defined in SP800-108, the inner loop for building the key stream is: K(i) = HMAC (KI , [i]2 || Label || 00 || Context || [L]2) */ TPM_RC TSS_KDFA(uint8_t *keyStream, /* OUT: key buffer */ TPM_ALG_ID hashAlg, /* IN: hash algorithm used in HMAC */ const TPM2B *key, /* IN: HMAC key */ const char *label, /* IN: KDFa label, NUL terminated */ const TPM2B *contextU, /* IN: context U */ const TPM2B *contextV, /* IN: context V */ uint32_t sizeInBits) /* IN: size of generated key in bits */ { TPM_RC rc = 0; uint32_t bytes = ((sizeInBits + 7) / 8); /* bytes left to produce */ uint8_t *stream; uint32_t sizeInBitsNbo = htonl(sizeInBits); /* KDFa L2 */ uint16_t bytesThisPass; /* in one HMAC operation */ uint32_t counter; /* counter value */ uint32_t counterNbo; /* counter in big endian */ TPMT_HA hmac; /* hmac result for this pass */ if (rc == 0) { hmac.hashAlg = hashAlg; /* for TSS_HMAC_Generate() */ bytesThisPass = TSS_GetDigestSize(hashAlg); /* start with hashAlg sized chunks */ if (bytesThisPass == 0) { if (tssVerbose) printf("TSS_KDFA: KDFa failed\n"); rc = TSS_RC_KDFA_FAILED; } } /* Generate required bytes */ for (stream = keyStream, counter = 1 ; /* beginning of stream, KDFa counter starts at 1 */ (rc == 0) && bytes > 0 ; /* bytes left to produce */ stream += bytesThisPass, bytes -= bytesThisPass, counter++) { /* last pass, can be less than hashAlg sized chunks */ if (bytes < bytesThisPass) { bytesThisPass = bytes; } counterNbo = htonl(counter); /* counter for this pass in BE format */ rc = TSS_HMAC_Generate(&hmac, /* largest size of an HMAC */ (const TPM2B_KEY *)key, /* FIXME */ sizeof(UINT32), &counterNbo, /* KDFa i2 counter */ strlen(label) + 1, label, /* KDFa label, use NUL as the KDFa 00 byte */ contextU->size, contextU->buffer, /* KDFa Context */ contextV->size, contextV->buffer, /* KDFa Context */ sizeof(UINT32), &sizeInBitsNbo, /* KDFa L2 */ 0, NULL); memcpy(stream, &hmac.digest.tssmax, bytesThisPass); } return rc; } /* TSS_KDFE() 11.4.9.3 Key Derivation Function for ECDH Digest = Hash(counter || Z || Use || PartyUInfo || PartyVInfo || bits ) where counter is initialized to 1 and incremented for each iteration Z is the X-coordinate of the product of a public (TPM) ECC key and a different private ECC key Use is a NULL-terminated string that indicates the use of the key ("DUPLICATE", "IDENTITY", "SECRET", etc) PartyUInfo is the X-coordinate of the public point of an ephemeral key PartyVInfo is the X-coordinate of the public point of the TPM key bits is a 32-bit value indicating the number of bits to be returned */ TPM_RC TSS_KDFE(uint8_t *keyStream, /* OUT: key buffer */ TPM_ALG_ID hashAlg, /* IN: hash algorithm used */ const TPM2B *key, /* IN: Z */ const char *label, /* IN: KDFe label, NUL terminated */ const TPM2B *contextU, /* IN: context U */ const TPM2B *contextV, /* IN: context V */ uint32_t sizeInBits) /* IN: size of generated key in bits */ { TPM_RC rc = 0; uint32_t bytes = ((sizeInBits + 7) / 8); /* bytes left to produce */ uint8_t *stream; uint16_t bytesThisPass; /* in one Hash operation */ uint32_t counter; /* counter value */ uint32_t counterNbo; /* counter in big endian */ TPMT_HA digest; /* result for this pass */ if (rc == 0) { digest.hashAlg = hashAlg; /* for TSS_Hash_Generate() */ bytesThisPass = TSS_GetDigestSize(hashAlg); /* start with hashAlg sized chunks */ if (bytesThisPass == 0) { if (tssVerbose) printf("TSS_KDFE: KDFe failed\n"); rc = TSS_RC_KDFE_FAILED; } } /* Generate required bytes */ for (stream = keyStream, counter = 1 ; /* beginning of stream, KDFe counter starts at 1 */ (rc == 0) && bytes > 0 ; /* bytes left to produce */ stream += bytesThisPass, bytes -= bytesThisPass, counter++) { /* last pass, can be less than hashAlg sized chunks */ if (bytes < bytesThisPass) { bytesThisPass = bytes; } counterNbo = htonl(counter); /* counter for this pass in BE format */ rc = TSS_Hash_Generate(&digest, /* largest size of a digest */ sizeof(UINT32), &counterNbo, /* KDFe i2 counter */ key->size, key->buffer, /* FIXME */ strlen(label) + 1, label, /* KDFe label, use NUL as the KDFe 00 byte */ contextU->size, contextU->buffer, /* KDFe Context */ contextV->size, contextV->buffer, /* KDFe Context */ 0, NULL); memcpy(stream, &digest.digest.tssmax, bytesThisPass); } return rc; } /* On call, digest->hashAlg is the desired hash algorithm ... is a list of int length, unsigned char *buffer pairs. length 0 is ignored, buffer NULL terminates list. */ TPM_RC TSS_Hash_Generate(TPMT_HA *digest, /* largest size of a digest */ ...) { TPM_RC rc = 0; va_list ap; va_start(ap, digest); rc = TSS_Hash_Generate_valist(digest, ap); va_end(ap); return rc; } /* TSS_GetDigestSize() returns the digest size in bytes based on the hash algorithm. Returns 0 for an unknown algorithm. */ uint16_t TSS_GetDigestSize(TPM_ALG_ID hashAlg) { uint16_t size; switch (hashAlg) { case TPM_ALG_SHA1: size = SHA1_DIGEST_SIZE; break; case TPM_ALG_SHA256: size = SHA256_DIGEST_SIZE; break; case TPM_ALG_SHA384: size = SHA384_DIGEST_SIZE; break; #if 0 case TPM_ALG_SHA512: size = SHA512_DIGEST_SIZE; break; case TPM_ALG_SM3_256: size = SM3_256_DIGEST_SIZE; break; #endif default: size = 0; } return size; } uint16_t TSS_GetDigestBlockSize(TPM_ALG_ID hashAlg) { uint16_t size; switch (hashAlg) { case TPM_ALG_SHA1: size = SHA1_BLOCK_SIZE; break; case TPM_ALG_SHA256: size = SHA256_BLOCK_SIZE; break; case TPM_ALG_SHA384: size = SHA384_BLOCK_SIZE; break; #if 0 case TPM_ALG_SHA512: size = SHA512_BLOCK_SIZE; break; case TPM_ALG_SM3_256: size = SM3_256_BLOCK_SIZE; break; #endif default: size = 0; } return size; } /* TPM_MGF1() generates an MGF1 'array' of length 'arrayLen' from 'seed' of length 'seedlen' The openSSL DLL doesn't export MGF1 in Windows or Linux 1.0.0, so this version is created from scratch. Algorithm and comments (not the code) from: PKCS #1: RSA Cryptography Specifications Version 2.1 B.2.1 MGF1 Prototype designed to be compatible with openSSL MGF1 is a Mask Generation Function based on a hash function. MGF1 (mgfSeed, maskLen) Options: Hash hash function (hLen denotes the length in octets of the hash function output) Input: mgfSeed seed from which mask is generated, an octet string maskLen intended length in octets of the mask, at most 2^32(hLen) Output: mask mask, an octet string of length l; or "mask too long" Error: "mask too long' */ static TPM_RC TSS_MGF1(unsigned char *mask, uint32_t maskLen, const unsigned char *mgfSeed, uint16_t mgfSeedlen, TPMI_ALG_HASH halg) { TPM_RC rc = 0; unsigned char counter[4]; /* 4 octets */ uint32_t count; /* counter as an integral type */ uint32_t outLen; TPMT_HA digest; uint16_t digestSize = TSS_GetDigestSize(halg); digest.hashAlg = halg; #if 0 if (rc == 0) { /* this is possible with arrayLen on a 64 bit architecture, comment to quiet beam */ if ((maskLen / TPM_DIGEST_SIZE) > 0xffffffff) { /* constant condition */ if (tssVerbose) printf("TSS_MGF1: Error (fatal), Output length too large for 32 bit counter\n"); rc = TPM_FAIL; /* should never occur */ } } #endif /* 1.If l > 2^32(hLen), output "mask too long" and stop. */ /* NOTE Checked by caller */ /* 2. Let T be the empty octet string. */ /* 3. For counter from 0 to [masklen/hLen] - 1, do the following: */ for (count = 0, outLen = 0 ; (rc == 0) && (outLen < maskLen) ; count++) { /* a. Convert counter to an octet string C of length 4 octets - see Section 4.1 */ /* C = I2OSP(counter, 4) NOTE Basically big endian */ uint32_t count_n = htonl(count); memcpy(counter, &count_n, 4); /* b.Concatenate the hash of the seed mgfSeed and C to the octet string T: */ /* T = T || Hash (mgfSeed || C) */ /* If the entire digest is needed for the mask */ if ((outLen + digestSize) < maskLen) { rc = TSS_Hash_Generate(&digest, mgfSeedlen, mgfSeed, 4, counter, 0, NULL); memcpy(mask + outLen, &digest.digest, digestSize); outLen += digestSize; } /* if the mask is not modulo TPM_DIGEST_SIZE, only part of the final digest is needed */ else { /* hash to a temporary digest variable */ rc = TSS_Hash_Generate(&digest, mgfSeedlen, mgfSeed, 4, counter, 0, NULL); /* copy what's needed */ memcpy(mask + outLen, &digest.digest, maskLen - outLen); outLen = maskLen; /* outLen = outLen + maskLen - outLen */ } } /* 4.Output the leading l octets of T as the octet string mask. */ return rc; } /* OAEP Padding */ /* TSS_RSA_padding_add_PKCS1_OAEP() is a variation of the the openSSL function int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, unsigned char *f, int fl, unsigned char *p, int pl); It is used because the openssl function is hard coded to SHA1. This function was independently written from the PKCS1 specification "9.1.1.1 Encoding Operation" and PKCS#1 v2.2, intended to be unencumbered by any license. | <- emLen -> | | lHash | PS | 01 | Message | SHA flen | db | | dbMask | | seed | SHA | seedMask | | 00 | maskSeed | maskedDB | */ TPM_RC TSS_RSA_padding_add_PKCS1_OAEP(unsigned char *em, uint32_t emLen, const unsigned char *from, uint32_t fLen, const unsigned char *p, int plen, TPMI_ALG_HASH halg) { TPM_RC rc = 0; TPMT_HA lHash; unsigned char *db; unsigned char *dbMask = NULL; /* freed @1 */ unsigned char *seed = NULL; /* freed @2 */ unsigned char *maskedDb; unsigned char *seedMask; unsigned char *maskedSeed; uint16_t hlen = TSS_GetDigestSize(halg); /* 1.a. If the length of L is greater than the input limitation for */ /* the hash function (2^61-1 octets for SHA-1) then output "parameter */ /* string too long" and stop. */ if (rc == 0) { if (plen > 0xffff) { if (tssVerbose) printf("TSS_RSA_padding_add_PKCS1_OAEP: Error, " "label %u too long\n", plen); rc = TSS_RC_RSA_PADDING; } } /* 1.b. If ||M|| > emLen-2hLen-1 then output "message too long" and stop. */ if (rc == 0) { if (emLen < ((2 * hlen) + 2 + fLen)) { if (tssVerbose) printf("TSS_RSA_padding_add_PKCS1_OAEP: Error, " "message length %u too large for encoded length %u\n", fLen, emLen); rc = TSS_RC_RSA_PADDING; } } /* 2.a. Let lHash = Hash(L), an octet string of length hLen. */ if (rc == 0) { lHash.hashAlg = halg; rc = TSS_Hash_Generate(&lHash, plen, p, 0, NULL); } if (rc == 0) { /* 2.b. Generate an octet string PS consisting of emLen-||M||-2hLen-2 zero octets. The length of PS may be 0. */ /* 2.c. Concatenate lHash, PS, a single octet of 0x01 the message M, to form a data block DB as: DB = lHash || PS || 01 || M */ /* NOTE Since db is eventually maskedDb, part of em, create directly in em */ db = em + hlen + 1; memcpy(db, &lHash.digest, hlen); /* lHash */ /* PSlen = emlen - flen - (2 * hlen) - 2 */ memset(db + hlen, 0, /* PS */ emLen - fLen - (2 * hlen) - 2); /* position of 0x01 in db is hlen + PSlen = hlen + emlen - flen - (2 * hlen) - 2 = emlen - hlen - flen - 2 */ db[emLen - fLen - hlen - 2] = 0x01; memcpy(db + emLen - fLen - hlen - 1, from, fLen); /* M */ } /* 2.d. Generate a random octet string seed of length hLen. */ if (rc == 0) { rc = TSS_Malloc(&seed, hlen); } if (rc == 0) { rc = TSS_RandBytes(seed, hlen); } if (rc == 0) { rc = TSS_Malloc(&dbMask, emLen - hlen - 1); } if (rc == 0) { /* 2.e. Let dbMask = MGF(seed, emLen-hLen-1). */ rc = TSS_MGF1(dbMask, emLen - hlen -1, /* dbLen */ seed, hlen, halg); } if (rc == 0) { /* 2.f. Let maskedDB = DB xor dbMask. */ /* NOTE Since maskedDB is eventually em, XOR directly to em */ maskedDb = em + hlen + 1; TSS_XOR(maskedDb, db, dbMask, emLen - hlen -1); /* 2.g. Let seedMask = MGF(maskedDB, hLen). */ /* NOTE Since seedMask is eventually em, create directly to em */ seedMask = em + 1; rc = TSS_MGF1(seedMask, hlen, maskedDb, emLen - hlen - 1, halg); } if (rc == 0) { /* 2.h. Let maskedSeed = seed xor seedMask. */ /* NOTE Since maskedSeed is eventually em, create directly to em */ maskedSeed = em + 1; TSS_XOR(maskedSeed, seed, seedMask, hlen); /* 2.i. 0x00, maskedSeed, and maskedDb to form EM */ /* NOTE Created directly in em */ } free(dbMask); /* @1 */ free(seed); /* @2 */ return rc; } /* TPM_XOR XOR's 'in1' and 'in2' of 'length', putting the result in 'out' */ void TSS_XOR(unsigned char *out, const unsigned char *in1, const unsigned char *in2, size_t length) { size_t i; for (i = 0 ; i < length ; i++) { out[i] = in1[i] ^ in2[i]; } return; } /* AES */ #define TSS_AES_KEY_BITS 128 uint16_t TSS_Sym_GetBlockSize(TPM_ALG_ID symmetricAlg, uint16_t keySizeInBits) { keySizeInBits = keySizeInBits; switch (symmetricAlg) { #ifdef TPM_ALG_AES case TPM_ALG_AES: #endif #ifdef TPM_ALG_SM4 /* Both AES and SM4 use the same block size */ case TPM_ALG_SM4: #endif return 16; default: return 0; } return 0; } ./utils/nvincrement.c0000644000175000017500000001477213055132457013037 0ustar lo1lo1/********************************************************************************/ /* */ /* NV_Increment */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvincrement.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_Increment_In in; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (rc == 0) { in.authHandle = nvIndex; in.nvIndex = nvIndex; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_Increment, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvincrement: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvincrement: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvincrement\n"); printf("\n"); printf("Runs TPM2_NV_Increment\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdn password for NV index (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/hmac.c0000644000175000017500000002247313075204375011415 0ustar lo1lo1/********************************************************************************/ /* */ /* Hmac */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: hmac.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); static void printHmac(HMAC_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; HMAC_In in; HMAC_Out out; TPMI_DH_OBJECT keyHandle = 0; TPMI_ALG_HASH halg = TPM_ALG_SHA256; const char *inFilename = NULL; const char *inString = NULL; const char *hmacFilename = NULL; const char *keyPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; size_t length = 0; uint8_t *buffer = NULL; /* for the free */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (keyHandle == 0) { printf("Missing handle parameter -hk\n"); printUsage(); } if ((inFilename == NULL) && (inString == NULL)) { printf("Input file -if or input string -ic must be specified\n"); printUsage(); } if ((inFilename != NULL) && (inString != NULL)) { printf("Input file -if and input string -ic cannot both be specified\n"); printUsage(); } if (inFilename != NULL) { if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, inFilename); } if (rc == 0) { if (length > MAX_DIGEST_BUFFER) { printf("Input data too long %lu\n", (unsigned long)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { /* data to be HMACed */ in.buffer.t.size = length; memcpy(in.buffer.t.buffer, buffer, length); } } if (inString != NULL) { if (rc == 0) { length = strlen(inString); if (length > MAX_DIGEST_BUFFER) { printf("Input data too long %lu\n", (unsigned long)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { /* data to be hashed */ in.buffer.t.size = length; memcpy(in.buffer.t.buffer, inString, length); } } if (rc == 0) { /* Handle of key that will perform hmac */ in.handle = keyHandle; /* use key's hash algorithm */ in.hashAlg = halg; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_HMAC, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (hmacFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.outHMAC.t.buffer, out.outHMAC.t.size, hmacFilename); } free(buffer); if (rc == 0) { if (verbose) printHmac(&out); if (verbose) printf("hmac: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("hmac: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printHmac(HMAC_Out *out) { TSS_PrintAll("HMAC", out->outHMAC.t.buffer, out->outHMAC.t.size); } static void printUsage(void) { printf("\n"); printf("hmac\n"); printf("\n"); printf("Runs TPM2_HMAC\n"); printf("\n"); printf("\t-hk key handle\n"); printf("\t-pwdk password for key (default empty)\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t-if input file to be HMACed\n"); printf("\t-ic data string to be HMACed\n"); printf("\t[-os hmac file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/TpmError.h0000644000175000017500000001126413013164666012260 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: TpmError.h 802 2016-11-15 20:06:21Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 122 */ // 5.7 TpmError.h #ifndef _TPM_ERROR_H #define _TPM_ERROR_H #include #define FATAL_ERROR_ALLOCATION (1) #define FATAL_ERROR_DIVIDE_ZERO (2) #define FATAL_ERROR_INTERNAL (3) #define FATAL_ERROR_PARAMETER (4) #define FATAL_ERROR_ENTROPY (5) #define FATAL_ERROR_SELF_TEST (6) #define FATAL_ERROR_CRYPTO (7) #define FATAL_ERROR_NV_UNRECOVERABLE (8) #define FATAL_ERROR_REMANUFACTURED (9) /* indicates that the TPM has been re-manufactured after an unrecoverable NV error */ #define FATAL_ERROR_DRBG (10) #define FATAL_ERROR_MOVE_SIZE (11) #define FATAL_ERROR_COUNTER_OVERFLOW (12) #define FATAL_ERROR_FORCED (666) // These are the crypto assertion routines. When a function returns an unexpected and unrecoverable // result, the assertion fails and the TpmFail() is called NORETURN void TpmFail(const char *function, int line, int code); typedef void (*FAIL_FUNCTION)(const char *, int, int); #define FAIL(a) (TpmFail(__FUNCTION__, __LINE__, a)) #if defined(EMPTY_ASSERT) # define pAssert(a) ((void)0) #else # define pAssert(a) (!!(a) ? 1 : (FAIL(FATAL_ERROR_PARAMETER))) #endif #endif // _TPM_ERROR_H ./utils/ekutils.c0000644000175000017500000011616513111312670012154 0ustar lo1lo1/********************************************************************************/ /* */ /* EK Index Parsing Utilities (and more) */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ekutils.c 1013 2017-05-24 14:16:24Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* These functions are worthwhile sample code that probably (judgment call) do not belong in the TSS library. They started as code to manipulate EKs, EK templates, and EK certificates. Other useful X509 certificate crypto functions are migrating here. Much of it is OpenSSL specific, but it also provides examples of how to port from OpenSSL 1.0 to 1.1. */ #include #include #include #include #include #include #include #include #include #include #include #include #include "cryptoutils.h" #include "ekutils.h" /* windows apparently uses _MAX_PATH in stdlib.h */ #ifndef PATH_MAX #define PATH_MAX _MAX_PATH #endif /* The print flag is set by the caller, depending on whether it wants information displayed. verbose is a global, used for verbose debug print Errors are always printed. */ extern int verbose; /* readNvBufferMax() determines the maximum NV read/write block size. The limit is typically set by the TPM property TPM_PT_NV_BUFFER_MAX. However, it's possible that a value could be larger than the TSS side structure MAX_NV_BUFFER_SIZE. */ TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext, uint32_t *nvBufferMax) { TPM_RC rc = 0; GetCapability_In in; GetCapability_Out out; in.capability = TPM_CAP_TPM_PROPERTIES; in.property = TPM_PT_NV_BUFFER_MAX; in.propertyCount = 1; /* ask for one property */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_GetCapability, TPM_RH_NULL, NULL, 0); } /* sanity check that the property name is correct (demo of how to parse the structure) */ if (rc == 0) { if ((out.capabilityData.data.tpmProperties.count > 0) && (out.capabilityData.data.tpmProperties.tpmProperty[0].property == TPM_PT_NV_BUFFER_MAX)) { *nvBufferMax = out.capabilityData.data.tpmProperties.tpmProperty[0].value; } else { if (verbose) printf("readNvBufferMax: wrong property returned: %08x\n", out.capabilityData.data.tpmProperties.tpmProperty[0].property); /* hard code a value for a back level HW TPM that does not implement TPM_PT_NV_BUFFER_MAX yet */ *nvBufferMax = 512; } if (verbose) printf("readNvBufferMax: TPM max read/write: %u\n", *nvBufferMax); /* in addition, the maximum TSS side structure MAX_NV_BUFFER_SIZE is accounted for. The TSS value is typically larger than the TPM value. */ if (*nvBufferMax > MAX_NV_BUFFER_SIZE) { *nvBufferMax = MAX_NV_BUFFER_SIZE; } if (verbose) printf("readNvBufferMax: combined max read/write: %u\n", *nvBufferMax); } else { const char *msg; const char *submsg; const char *num; printf("getcapability: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } /* getIndexSize() uses TPM2_NV_ReadPublic() to return the NV index size */ TPM_RC getIndexSize(TSS_CONTEXT *tssContext, uint16_t *dataSize, TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; NV_ReadPublic_In in; NV_ReadPublic_Out out; if (rc == 0) { /* if (verbose) printf("getIndexSize: index %08x\n", nvIndex); */ in.nvIndex = nvIndex; } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_ReadPublic, TPM_RH_NULL, NULL, 0); /* only print if verbose, since EK nonce and template index may not exist */ if ((rc != 0) && verbose) { const char *msg; const char *submsg; const char *num; printf("nvreadpublic: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); } } if (rc == 0) { /* if (verbose) printf("getIndexSize: size %u\n", out.nvPublic.t.nvPublic.dataSize); */ *dataSize = out.nvPublic.nvPublic.dataSize; } return rc; } /* getIndexData() uses TPM2_NV_Read() to return the NV index contents. It assumes index authorization with an empty password */ TPM_RC getIndexData(TSS_CONTEXT *tssContext, unsigned char **readBuffer, /* freed by caller */ TPMI_RH_NV_INDEX nvIndex, uint16_t readDataSize) /* total size to read */ { TPM_RC rc = 0; int done = FALSE; uint32_t nvBufferMax; uint16_t bytesRead; /* bytes read so far */ NV_Read_In in; NV_Read_Out out; /* data may have to be read in chunks. Read the TPM_PT_NV_BUFFER_MAX, the chunk size */ if (rc == 0) { rc = readNvBufferMax(tssContext, &nvBufferMax); } if (rc == 0) { if (verbose) printf("getIndexData: index %08x\n", nvIndex); in.authHandle = nvIndex; /* index authorization */ in.nvIndex = nvIndex; in.offset = 0; /* start at beginning */ bytesRead = 0; /* bytes read so far */ } if (rc == 0) { rc = TSS_Malloc(readBuffer, readDataSize); } /* call TSS to execute the command */ while ((rc == 0) && !done) { if (rc == 0) { /* read a chunk */ in.offset = bytesRead; if ((uint32_t)(readDataSize - bytesRead) < nvBufferMax) { in.size = readDataSize - bytesRead; /* last chunk */ } else { in.size = nvBufferMax; /* next chunk */ } } if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_Read, TPM_RS_PW, NULL, 0, TPM_RH_NULL, NULL, 0); if (rc != 0) { const char *msg; const char *submsg; const char *num; printf("nvread: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); } } /* copy the results to the read buffer */ if (rc == 0) { memcpy(*readBuffer + bytesRead, out.data.b.buffer, out.data.b.size); bytesRead += out.data.b.size; if (bytesRead == readDataSize) { done = TRUE; } } } return rc; } /* getIndexContents() uses TPM2_NV_ReadPublic() to get the NV index size, then uses TPM2_NV_Read() to read the entire contents. */ TPM_RC getIndexContents(TSS_CONTEXT *tssContext, unsigned char **readBuffer, /* freed by caller */ uint16_t *readBufferSize, /* total size read */ TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; /* first read the public index size */ if (rc == 0) { rc = getIndexSize(tssContext, readBufferSize, nvIndex); } /* read the entire index */ if (rc == 0) { rc = getIndexData(tssContext, readBuffer, /* freed by caller */ nvIndex, *readBufferSize); /* total size to read */ } return rc; } /* IWG (TCG Infrastructure Work Group) default EK primary key policy */ static const unsigned char iwgPolicy[] = { 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xB3, 0xF8, 0x1A, 0x90, 0xCC, 0x8D, 0x46, 0xA5, 0xD7, 0x24, 0xFD, 0x52, 0xD7, 0x6E, 0x06, 0x52, 0x0B, 0x64, 0xF2, 0xA1, 0xDA, 0x1B, 0x33, 0x14, 0x69, 0xAA }; /* RSA EK primary key IWG default template */ void getRsaTemplate(TPMT_PUBLIC *tpmtPublic) { tpmtPublic->type = TPM_ALG_RSA; tpmtPublic->nameAlg = TPM_ALG_SHA256; tpmtPublic->objectAttributes.val = TPMA_OBJECT_FIXEDTPM | TPMA_OBJECT_FIXEDPARENT | TPMA_OBJECT_SENSITIVEDATAORIGIN | TPMA_OBJECT_ADMINWITHPOLICY | TPMA_OBJECT_RESTRICTED | TPMA_OBJECT_DECRYPT; tpmtPublic->authPolicy.t.size = 32; memcpy(&tpmtPublic->authPolicy.t.buffer, iwgPolicy, 32); tpmtPublic->parameters.rsaDetail.symmetric.algorithm = TPM_ALG_AES; tpmtPublic->parameters.rsaDetail.symmetric.keyBits.aes = 128; tpmtPublic->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; tpmtPublic->parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; tpmtPublic->parameters.rsaDetail.scheme.details.anySig.hashAlg = 0; tpmtPublic->parameters.rsaDetail.keyBits = 2048; tpmtPublic->parameters.rsaDetail.exponent = 0; tpmtPublic->unique.rsa.t.size = 256; memset(&tpmtPublic->unique.rsa.t.buffer, 0, 256); return; } /* ECC EK primary key IWG default template */ void getEccTemplate(TPMT_PUBLIC *tpmtPublic) { tpmtPublic->type = TPM_ALG_ECC; tpmtPublic->nameAlg = TPM_ALG_SHA256; tpmtPublic->objectAttributes.val = TPMA_OBJECT_FIXEDTPM | TPMA_OBJECT_FIXEDPARENT | TPMA_OBJECT_SENSITIVEDATAORIGIN | TPMA_OBJECT_ADMINWITHPOLICY | TPMA_OBJECT_RESTRICTED | TPMA_OBJECT_DECRYPT; tpmtPublic->authPolicy.t.size = sizeof(iwgPolicy); memcpy(tpmtPublic->authPolicy.t.buffer, iwgPolicy, sizeof(iwgPolicy)); tpmtPublic->parameters.eccDetail.symmetric.algorithm = TPM_ALG_AES; tpmtPublic->parameters.eccDetail.symmetric.keyBits.aes = 128; tpmtPublic->parameters.rsaDetail.symmetric.mode.aes = TPM_ALG_CFB; tpmtPublic->parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; tpmtPublic->parameters.eccDetail.scheme.details.anySig.hashAlg = 0; tpmtPublic->parameters.eccDetail.curveID = TPM_ECC_NIST_P256; tpmtPublic->parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; tpmtPublic->parameters.eccDetail.kdf.details.mgf1.hashAlg = 0; tpmtPublic->unique.ecc.x.t.size = 32; memset(&tpmtPublic->unique.ecc.x.t.buffer, 0, 32); tpmtPublic->unique.ecc.y.t.size = 32; memset(&tpmtPublic->unique.ecc.y.t.buffer, 0, 32); return; } /* getIndexX509Certificate() reads the X509 certificate from the nvIndex and converts the DER (binary) to OpenSSL X509 format */ TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext, X509 **certificate, /* freed by caller */ TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; unsigned char *certData = NULL; /* freed @1 */ uint16_t certSize; /* read the certificate from NV to a DER stream */ if (rc == 0) { rc = getIndexContents(tssContext, &certData, &certSize, nvIndex); } /* unmarshal the DER stream to an OpenSSL X509 structure */ if (rc == 0) { unsigned char *tmpData = NULL; tmpData = certData; /* tmp pointer because d2i moves the pointer */ *certificate = d2i_X509(NULL, /* freed by caller */ (const unsigned char **)&tmpData, certSize); if (*certificate == NULL) { printf("getIndexX509Certificate: Could not parse X509 certificate\n"); rc = TPM_RC_INTEGRITY; } } free(certData); /* @1 */ return rc; } /* getPubkeyFromDerCertFile() gets an OpenSSL RSA public key token from a DER format X509 certificate stored in a file. Returns both the OpenSSL X509 certificate token and RSA public key token. */ #ifndef TPM_TSS_NOFILE uint32_t getPubkeyFromDerCertFile(RSA **rsaPkey, X509 **x509, const char *derCertificateFileName) { uint32_t rc = 0; FILE *fp = NULL; /* open the file */ if (rc == 0) { fp = fopen(derCertificateFileName, "rb"); if (fp == NULL) { printf("getPubkeyFromDerCertFile: opening %s\n", derCertificateFileName); rc = 1; } } /* read the file and convert the X509 DER to OpenSSL format */ if (rc == 0) { *x509 = d2i_X509_fp(fp, NULL); if (*x509 == NULL) { printf("getPubkeyFromDerCertFile: converting %s\n", derCertificateFileName); rc = 1; } } /* extract the OpenSSL format public key from the X509 token */ if (rc == 0) { rc = getPubKeyFromX509Cert(rsaPkey, *x509); } /* for debug, print the X509 certificate */ if (rc == 0) { if (verbose) X509_print_fp(stdout, *x509); } if (fp != NULL) { fclose(fp); } return rc; } #endif #ifndef TPM_TSS_NOFILE /* getPubKeyFromX509Cert() gets an OpenSSL RSA public key token from an OpenSSL X509 certificate token. */ uint32_t getPubKeyFromX509Cert(RSA **rsaPkey, X509 *x509) { uint32_t rc = 0; EVP_PKEY *evpPkey = NULL; if (rc == 0) { evpPkey = X509_get_pubkey(x509); /* freed @1 */ if (evpPkey == NULL) { printf("getPubKeyFromX509Cert: X509_get_pubkey failed\n"); rc = 1; } } if (rc == 0) { *rsaPkey = EVP_PKEY_get1_RSA(evpPkey); if (*rsaPkey == NULL) { printf("getPubKeyFromX509Cert: EVP_PKEY_get1_RSA failed\n"); rc = 1; } } if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } #endif /* getRootCertificateFilenames() reads listFilename, which is a list of filenames. The intent is that the filenames are a list of EK TPM vendor root certificates in PEM format. It accepts up to MAX_ROOTS filenames, which is a #define. */ #ifndef TPM_TSS_NOFILE TPM_RC getRootCertificateFilenames(char *rootFilename[], unsigned int *rootFileCount, const char *listFilename, int print) { TPM_RC rc = 0; int done = 0; FILE *listFile = NULL; /* closed @1 */ *rootFileCount = 0; if (rc == 0) { listFile = fopen(listFilename, "rb"); /* closed @1 */ if (listFile == NULL) { printf("getRootCertificateFilenames: Error opening list file %s\n", listFilename); rc = TSS_RC_FILE_OPEN; } } while ((rc == 0) && !done && (*rootFileCount < MAX_ROOTS)) { if (rc == 0) { rootFilename[*rootFileCount] = malloc(PATH_MAX); if (rootFilename[*rootFileCount] == NULL) { printf("getRootCertificateFilenames: Error allocating memory\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { char *tmpptr = fgets(rootFilename[*rootFileCount], PATH_MAX-1, listFile); if (tmpptr == NULL) { /* end of file */ free(rootFilename[*rootFileCount]); /* free malloced but unused entry */ done = 1; } } size_t rootFilenameLength; if ((rc == 0) && !done) { rootFilenameLength = strlen(rootFilename[*rootFileCount]); if (rootFilename[*rootFileCount][rootFilenameLength-1] != '\n') { printf("getRootCertificateFilenames: filename %s too long\n", rootFilename[*rootFileCount]); rc = TSS_RC_OUT_OF_MEMORY; free(rootFilename[*rootFileCount]); /* free malloced but bad entry */ done = 1; } } if ((rc == 0) && !done) { rootFilename[*rootFileCount][rootFilenameLength-1] = '\0'; /* remove newline */ if (print) printf("getRootCertificateFilenames: Root file name %u\n%s\n", *rootFileCount, rootFilename[*rootFileCount]); (*rootFileCount)++; } } if (listFile != NULL) { fclose(listFile); /* @1 */ } return rc; } #endif /* getCaStore() creates an OpenSSL X509_STORE, populated by the root certificates in the rootFilename array. Depending on the vendor, some certificates may be intermediate certificates. OpenSSL handles this internally by walking the chain back to the root. The caCert array is returned because it must be freed after the caStore is freed NOTE: There is no TPM interaction. */ #ifndef TPM_TSS_NOFILE TPM_RC getCaStore(X509_STORE **caStore, /* freed by caller */ X509 *caCert[], /* freed by caller */ const char *rootFilename[], unsigned int rootFileCount) { TPM_RC rc = 0; FILE *caCertFile = NULL; /* closed @1 */ unsigned int i; if (rc == 0) { *caStore = X509_STORE_new(); if (*caStore == NULL) { printf("getCaStore: X509_store_new failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } for (i = 0 ; (i < rootFileCount) && (rc == 0) ; i++) { /* read a root certificate from the file */ caCertFile = fopen(rootFilename[i], "rb"); /* closed @1 */ if (caCertFile == NULL) { printf("getCaStore: Error opening CA root certificate file %s\n", rootFilename[i]); rc = TSS_RC_FILE_OPEN; } /* convert the root certificate from PEM to X509 */ if (rc == 0) { caCert[i] = PEM_read_X509(caCertFile , NULL, 0, NULL); /* freed by caller */ if (caCert[i] == NULL) { printf("getCaStore: Error reading CA root certificate file %s\n", rootFilename[i]); rc = TSS_RC_FILE_READ; } } /* add the CA X509 certificate to the certificate store */ if (rc == 0) { X509_STORE_add_cert(*caStore, caCert[i]); } if (caCertFile != NULL) { fclose(caCertFile); /* @1 */ caCertFile = NULL; } } return rc; } #endif #ifndef TPM_TSS_NOFILE /* verifyCertificate() verifies a certificate (typically an EK certificate against the root CA certificate (typically the TPM vendor CA certificate chain) The 'rootFileCount' root certificates are stored in the files whose paths are in the array 'rootFilename' */ TPM_RC verifyCertificate(X509 *x509Certificate, const char *rootFilename[], unsigned int rootFileCount, int print) { TPM_RC rc = 0; unsigned int i; X509_STORE *caStore = NULL; /* freed @1 */ X509 *caCert[MAX_ROOTS]; /* freed @2 */ X509_STORE_CTX *verifyCtx = NULL; /* freed @3 */ for (i = 0 ; i < rootFileCount ; i++) { caCert[i] = NULL; /* for free @2 */ } /* get the root CA certificate chain */ if (rc == 0) { rc = getCaStore(&caStore, /* freed @1 */ caCert, /* freed @2 */ rootFilename, rootFileCount); } /* create the certificate verify context */ if (rc == 0) { verifyCtx = X509_STORE_CTX_new(); /* freed @3 */ if (verifyCtx == NULL) { printf("verifyCertificate: X509_STORE_CTX_new failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } /* add the root certificate store and EK certificate to be verified to the verify context */ if (rc == 0) { int irc = X509_STORE_CTX_init(verifyCtx, caStore, x509Certificate, NULL); if (irc != 1) { printf("verifyCertificate: " "Error in X509_STORE_CTX_init initializing verify context\n"); rc = TSS_RC_RSA_SIGNATURE; } } /* walk the certificate chain */ if (rc == 0) { int irc = X509_verify_cert(verifyCtx); if (irc != 1) { printf("verifyCertificate: Error in X509_verify_cert verifying certificate\n"); rc = TSS_RC_RSA_SIGNATURE; } else { if (print) printf("EK certificate verified against the root\n"); } } if (caStore != NULL) { X509_STORE_free(caStore); /* @1 */ } for (i = 0 ; i < rootFileCount ; i++) { X509_free(caCert[i]); /* @2 */ } if (verifyCtx != NULL) { X509_STORE_CTX_free(verifyCtx); /* @3 */ } return rc; } #endif /* processEKNonce()reads the EK nonce from NV and returns the contents and size */ TPM_RC processEKNonce(TSS_CONTEXT *tssContext, unsigned char **nonce, /* freed by caller */ uint16_t *nonceSize, TPMI_RH_NV_INDEX ekNonceIndex, int print) { TPM_RC rc = 0; if (rc == 0) { rc = getIndexContents(tssContext, nonce, nonceSize, ekNonceIndex); } /* optional tracing */ if (rc == 0) { if (print) TSS_PrintAll("EK Nonce: ", *nonce, *nonceSize); } return rc; } /* processEKTemplate() reads the EK template from NV and returns the unmarshaled TPMT_PUBLIC */ TPM_RC processEKTemplate(TSS_CONTEXT *tssContext, TPMT_PUBLIC *tpmtPublic, TPMI_RH_NV_INDEX ekTemplateIndex, int print) { TPM_RC rc = 0; uint16_t dataSize; unsigned char *data = NULL; /* freed @1 */ INT32 tmpDataSize; unsigned char *tmpData = NULL; if (rc == 0) { rc = getIndexContents(tssContext, &data, &dataSize, ekTemplateIndex); } /* unmarshal the data stream */ if (rc == 0) { tmpData = data; /* temps because unmarshal moves the pointers */ tmpDataSize = dataSize; rc = TPMT_PUBLIC_Unmarshal(tpmtPublic, &tmpData, &tmpDataSize, YES); } /* optional tracing */ if (rc == 0) { if (print) TSS_TPMT_PUBLIC_Print(tpmtPublic, 0); } free(data); /* @1 */ return rc; } /* processEKCertificate() reads the EK certificate from NV and returns an openssl X509 certificate structure. It also extracts and returns the public modulus. */ TPM_RC processEKCertificate(TSS_CONTEXT *tssContext, X509 **ekCertificate, /* freed by caller */ uint8_t **modulusBin, /* freed by caller */ int *modulusBytes, TPMI_RH_NV_INDEX ekCertIndex, int print) { TPM_RC rc = 0; /* read the EK X509 certificate from NV */ if (rc == 0) { rc = getIndexX509Certificate(tssContext, ekCertificate, /* freed by caller */ ekCertIndex); } if (rc == 0) { rc = convertCertificatePubKey(modulusBin, /* freed by caller */ modulusBytes, *ekCertificate, ekCertIndex, print); } return rc; } /* convertX509ToDer() serializes the openSSL X509 structure to a DER certificate */ TPM_RC convertX509ToDer(uint32_t *certLength, unsigned char **certificate, /* output, freed by caller */ X509 *x509Certificate) /* input */ { TPM_RC rc = 0; /* general return code */ int irc; /* for debug */ if ((rc == 0) && verbose) { irc = X509_print_fp(stdout, x509Certificate); if (irc != 1) { printf("ERROR: convertX509ToDer: Error in certificate print X509_print_fp()\n"); rc = TSS_RC_X509_ERROR; } } /* sanity check for memory leak */ if (rc == 0) { if (*certificate != NULL) { printf("ERROR: convertX509ToDer: Error, certificate not NULL at entry\n"); rc = TSS_RC_X509_ERROR; } } /* convert the X509 structure to binary (internal to DER format) */ if (rc == 0) { if (verbose) printf("convertX509ToDer: Serializing certificate\n"); irc = i2d_X509(x509Certificate, certificate); if (irc < 0) { printf("ERROR: convertX509ToDer: Error in certificate serialization i2d_X509()\n"); rc = TSS_RC_X509_ERROR; } else { *certLength = irc; } } return rc; } /* convertX509ToRsa extracts the public key from an X509 structure to an openssl RSA structure */ TPM_RC convertX509ToRsa(RSA **rsaPkey, /* freed by caller */ X509 *x509) { TPM_RC rc = 0; if (verbose) printf("convertX509ToRsa: Entry\n\n"); EVP_PKEY *evpPkey = NULL; if (rc == 0) { evpPkey = X509_get_pubkey(x509); /* freed @1 */ if (evpPkey == NULL) { printf("ERROR: convertX509ToRsa: X509_get_pubkey failed\n"); rc = TSS_RC_RSA_KEY_CONVERT; } } if (rc == 0) { *rsaPkey = EVP_PKEY_get1_RSA(evpPkey); if (*rsaPkey == NULL) { printf("ERROR: convertX509ToRsa: EVP_PKEY_get1_RSA failed\n"); rc = TSS_RC_RSA_KEY_CONVERT; } } if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } /* convertX509ToEc extracts the public key from an X509 structure to an openssl RSAEC_KEY structure */ TPM_RC convertX509ToEc(EC_KEY **ecKey, /* freed by caller */ X509 *x509) { TPM_RC rc = 0; if (verbose) printf("convertX509ToEc: Entry\n\n"); EVP_PKEY *evpPkey = NULL; if (rc == 0) { evpPkey = X509_get_pubkey(x509); /* freed @1 */ if (evpPkey == NULL) { printf("ERROR: convertX509ToEc: X509_get_pubkey failed\n"); rc = TSS_RC_EC_KEY_CONVERT; } } if (rc == 0) { *ecKey = EVP_PKEY_get1_EC_KEY(evpPkey); if (*ecKey == NULL) { printf("ERROR: convertX509ToEc: EVP_PKEY_get1_EC_KEY failed\n"); rc = TSS_RC_EC_KEY_CONVERT; } } if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } /* convertCertificatePubKey() returns the public modulus from an openssl X509 certificate structure. ekCertIndex determines whether the algorithm is RSA or ECC. */ TPM_RC convertCertificatePubKey(uint8_t **modulusBin, /* freed by caller */ int *modulusBytes, X509 *ekCertificate, TPMI_RH_NV_INDEX ekCertIndex, int print) { TPM_RC rc = 0; EVP_PKEY *pkey = NULL; int pkeyType; /* RSA or EC */ /* use openssl to print the X509 certificate */ #ifndef TPM_TSS_NOFILE if (rc == 0) { if (print) X509_print_fp(stdout, ekCertificate); } #endif /* extract the public key */ if (rc == 0) { pkey = X509_get_pubkey(ekCertificate); /* freed @2 */ if (pkey == NULL) { printf("ERROR: Could not extract public key from X509 certificate\n"); rc = TPM_RC_INTEGRITY; } } if (rc == 0) { pkeyType = getRsaPubkeyAlgorithm(pkey); } if (ekCertIndex == EK_CERT_RSA_INDEX) { RSA *rsaKey = NULL; /* check that the public key algorithm matches the ekCertIndex algorithm */ if (rc == 0) { if (pkeyType != EVP_PKEY_RSA) { printf("ERROR: Public key from X509 certificate is not RSA\n"); rc = TPM_RC_INTEGRITY; } } /* convert the public key to OpenSSL structure */ if (rc == 0) { rsaKey = EVP_PKEY_get1_RSA(pkey); /* freed @3 */ if (rsaKey == NULL) { printf("ERROR: Could not extract RSA public key from X509 certificate\n"); rc = TPM_RC_INTEGRITY; } } if (rc == 0) { rc = convertRsaKeyToPublicKeyBin(modulusBytes, modulusBin, /* freed by caller */ rsaKey); } if (rc == 0) { if (print) TSS_PrintAll("Certificate public key:", *modulusBin, *modulusBytes); } RSA_free(rsaKey); /* @3 */ } else { /* EC index */ EC_KEY *ecKey = NULL; /* check that the public key algorithm matches the ekCertIndex algorithm */ if (rc == 0) { if (pkeyType != EVP_PKEY_EC) { printf("Public key from X509 certificate is not EC\n"); rc = TPM_RC_INTEGRITY; } } /* convert the public key to OpenSSL structure */ if (rc == 0) { ecKey = EVP_PKEY_get1_EC_KEY(pkey); /* freed @3 */ if (ecKey == NULL) { printf("Could not extract EC public key from X509 certificate\n"); rc = TPM_RC_INTEGRITY; } } if (rc == 0) { rc = convertEcKeyToPublicKeyBin(modulusBytes, modulusBin, /* freed by caller */ ecKey); } if (rc == 0) { if (print) TSS_PrintAll("Certificate public key:", *modulusBin, *modulusBytes); } EC_KEY_free(ecKey); /* @3 */ } EVP_PKEY_free(pkey); /* @2 */ return rc; } /* convertPemToX509() converts an in-memory PEM format X509 certificate to an openssl X509 structure. */ uint32_t convertPemToX509(X509 **x509, /* freed by caller */ const char *pemCertificate) { uint32_t rc = 0; if (verbose) printf("convertPemToX509: pemCertificate\n%s\n", pemCertificate); BIO *bio = NULL; /* create a BIO that uses an in-memory buffer */ if (rc == 0) { bio = BIO_new(BIO_s_mem()); /* freed @1 */ if (bio == NULL) { printf("ERROR: convertPemToX509: BIO_new failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } /* write the PEM from memory to BIO */ int pemLength; int writeLen = 0; if (rc == 0) { pemLength = strlen(pemCertificate); writeLen = BIO_write(bio, pemCertificate, pemLength); if (writeLen != pemLength) { printf("ERROR: convertPemToX509: BIO_write failed\n"); rc = TPM_RC_INTEGRITY; } } /* convert the properly formatted PEM to X509 structure */ if (rc == 0) { *x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL); if (*x509 == NULL) { printf("\tERROR: convertPemToX509: PEM_read_bio_X509 failed\n"); rc = TPM_RC_INTEGRITY; } } /* for debug */ if (rc == 0) { if (verbose) X509_print_fp(stdout, *x509); } if (bio != NULL) { BIO_free(bio); /* @1 */ } return rc; } /* processRoot() validates the certificate at ekCertIndex against the root CA certificates at rootFilename. */ #ifndef TPM_TSS_NOFILE TPM_RC processRoot(TSS_CONTEXT *tssContext, TPMI_RH_NV_INDEX ekCertIndex, const char *rootFilename[], unsigned int rootFileCount, int print) { TPM_RC rc = 0; X509 *ekCertificate = NULL; /* freed @1 */ /* read the EK X509 certificate from NV */ if (rc == 0) { rc = getIndexX509Certificate(tssContext, &ekCertificate, /* freed @1 */ ekCertIndex); } if (rc == 0) { rc = verifyCertificate(ekCertificate, rootFilename, rootFileCount, print); } if (ekCertificate != NULL) { X509_free(ekCertificate); /* @1 */ } return rc; } #endif /* processCreatePrimary() combines the EK nonce and EK template from NV to form the createprimary input. It creates the primary key. ekCertIndex determines whether an RSA or ECC key is created. If nonce is NULL, the default IWG templates are used. If nonce is non-NULL, the nonce and tpmtPublicIn are used. After returning the TPMT_PUBLIC, flushes the primary key unless noFlush is TRUE. If noFlush is FALSE, returns the loaded handle, else returns TPM_RH_NULL. */ TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext, TPM_HANDLE *keyHandle, /* primary key handle */ TPMI_RH_NV_INDEX ekCertIndex, unsigned char *nonce, uint16_t nonceSize, TPMT_PUBLIC *tpmtPublicIn, /* template */ TPMT_PUBLIC *tpmtPublicOut, /* primary key */ unsigned int noFlush, /* TRUE - don't flush the primary key */ int print) { TPM_RC rc = 0; CreatePrimary_In inCreatePrimary; CreatePrimary_Out outCreatePrimary; /* set up the createprimary in parameters */ if (rc == 0) { inCreatePrimary.primaryHandle = TPM_RH_ENDORSEMENT; inCreatePrimary.inSensitive.sensitive.userAuth.t.size = 0; inCreatePrimary.inSensitive.sensitive.data.t.size = 0; /* creation data */ inCreatePrimary.outsideInfo.t.size = 0; inCreatePrimary.creationPCR.count = 0; } /* construct the template from the NV template and nonce */ if ((rc == 0) && (nonce != NULL)) { inCreatePrimary.inPublic.publicArea = *tpmtPublicIn; if (ekCertIndex == EK_CERT_RSA_INDEX) { /* RSA primary key */ /* unique field is 256 bytes */ inCreatePrimary.inPublic.publicArea.unique.rsa.t.size = 256; /* first part is nonce */ memcpy(inCreatePrimary.inPublic.publicArea.unique.rsa.t.buffer, nonce, nonceSize); /* padded with zeros */ memset(inCreatePrimary.inPublic.publicArea.unique.rsa.t.buffer + nonceSize, 0, 256 - nonceSize); } else { /* EC primary key */ /* unique field is X and Y points */ /* X gets nonce and pad */ inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.size = 32; memcpy(inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.buffer, nonce, nonceSize); memset(inCreatePrimary.inPublic.publicArea.unique.ecc.x.t.buffer + nonceSize, 0, 32 - nonceSize); /* Y gets zeros */ inCreatePrimary.inPublic.publicArea.unique.ecc.y.t.size = 32; memset(inCreatePrimary.inPublic.publicArea.unique.ecc.y.t.buffer, 0, 32); } } /* construct the template from the default IWG template */ if ((rc == 0) && (nonce == NULL)) { if (ekCertIndex == EK_CERT_RSA_INDEX) { /* RSA primary key */ getRsaTemplate(&inCreatePrimary.inPublic.publicArea); } else { /* EC primary key */ getEccTemplate(&inCreatePrimary.inPublic.publicArea); } } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&outCreatePrimary, (COMMAND_PARAMETERS *)&inCreatePrimary, NULL, TPM_CC_CreatePrimary, TPM_RS_PW, NULL, 0, TPM_RH_NULL, NULL, 0); if (rc != 0) { const char *msg; const char *submsg; const char *num; printf("createprimary: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); } } /* return the primary key */ if (rc == 0) { *tpmtPublicOut = outCreatePrimary.outPublic.publicArea; } /* flush the primary key */ if (rc == 0) { if (print) printf("Primary key Handle %08x\n", outCreatePrimary.objectHandle); if (!noFlush) { /* flush the primary key */ *keyHandle = TPM_RH_NULL; FlushContext_In inFlushContext; inFlushContext.flushHandle = outCreatePrimary.objectHandle; rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&inFlushContext, NULL, TPM_CC_FlushContext, TPM_RH_NULL, NULL, 0); if (rc != 0) { const char *msg; const char *submsg; const char *num; printf("flushcontext: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); } } else { /* not flushed, return the handle */ *keyHandle = outCreatePrimary.objectHandle; } } /* trace the public key */ if (rc == 0) { if (ekCertIndex == EK_CERT_RSA_INDEX) { if (print) TSS_PrintAll("createprimary: RSA public key", outCreatePrimary.outPublic.publicArea.unique.rsa.t.buffer, outCreatePrimary.outPublic.publicArea.unique.rsa.t.size); } else { if (print) TSS_PrintAll("createprimary: ECC public key x", outCreatePrimary.outPublic.publicArea.unique.ecc.x.t.buffer, outCreatePrimary.outPublic.publicArea.unique.ecc.x.t.size); if (print) TSS_PrintAll("createprimary: ECC public key y", outCreatePrimary.outPublic.publicArea.unique.ecc.y.t.buffer, outCreatePrimary.outPublic.publicArea.unique.ecc.y.t.size); } } return rc; } /* processValidatePrimary() compares the public key in the EK certificate to the public key output of createprimary. */ TPM_RC processValidatePrimary(uint8_t *publicKeyBin, /* from certificate */ int publicKeyBytes, TPMT_PUBLIC *tpmtPublic, /* primary key */ TPMI_RH_NV_INDEX ekCertIndex, int print) { TPM_RC rc = 0; print = print; /* compare the X509 certificate public key to the createprimary public key */ if (ekCertIndex == EK_CERT_RSA_INDEX) { int irc; /* RSA just has a public modulus */ if (rc == 0) { if (tpmtPublic->unique.rsa.t.size != publicKeyBytes) { printf("X509 certificate key length %u does not match output of createprimary %u\n", publicKeyBytes, tpmtPublic->unique.rsa.t.size); rc = TPM_RC_INTEGRITY; } } if (rc == 0) { irc = memcmp(publicKeyBin, tpmtPublic->unique.rsa.t.buffer, publicKeyBytes); if (irc != 0) { printf("Public key from X509 certificate does not match output of createprimary\n"); rc = TPM_RC_INTEGRITY; } } } else { int irc; /* ECC has X and Y points */ /* compression algorithm is the extra byte at the beginning of the certificate */ if (rc == 0) { if (tpmtPublic->unique.ecc.x.t.size + tpmtPublic->unique.ecc.x.t.size + 1 != publicKeyBytes) { printf("X509 certificate key length %u does not match " "output of createprimary x %u +y %u\n", publicKeyBytes, tpmtPublic->unique.ecc.x.t.size, tpmtPublic->unique.ecc.y.t.size); rc = TPM_RC_INTEGRITY; } } /* check X */ if (rc == 0) { irc = memcmp(publicKeyBin +1, tpmtPublic->unique.ecc.x.t.buffer, tpmtPublic->unique.ecc.x.t.size); if (irc != 0) { printf("Public key X from X509 certificate does not match " "output of createprimary\n"); rc = TPM_RC_INTEGRITY; } } /* check Y */ if (rc == 0) { irc = memcmp(publicKeyBin + 1 + tpmtPublic->unique.ecc.x.t.size, tpmtPublic->unique.ecc.y.t.buffer, tpmtPublic->unique.ecc.y.t.size); if (irc != 0) { printf("Public key Y from X509 certificate does not match " "output of createprimary\n"); rc = TPM_RC_INTEGRITY; } } } if (rc == 0) { if (print) printf("processValidatePrimary: " "Public key from X509 certificate matches output of createprimary\n"); } return rc; } /* processPrimary() reads the EK nonce and EK template from NV. It combines them to form the createprimary input. It creates the primary key. It reads the EK certificate from NV. It extracts the public key. Finally, it compares the public key in the certificate to the public key output of createprimary. */ TPM_RC processPrimary(TSS_CONTEXT *tssContext, TPM_HANDLE *keyHandle, /* primary key handle */ TPMI_RH_NV_INDEX ekCertIndex, TPMI_RH_NV_INDEX ekNonceIndex, TPMI_RH_NV_INDEX ekTemplateIndex, unsigned int noFlush, /* TRUE - don't flush the primary key */ int print) { TPM_RC rc = 0; X509 *ekCertificate = NULL; unsigned char *nonce = NULL; uint16_t nonceSize; TPMT_PUBLIC tpmtPublicIn; /* template */ TPMT_PUBLIC tpmtPublicOut; /* primary key */ uint8_t *publicKeyBin = NULL; /* from certificate */ int publicKeyBytes; /* get the EK nonce */ if (rc == 0) { rc = processEKNonce(tssContext, &nonce, &nonceSize, ekNonceIndex, print); /* freed @1 */ if ((rc & 0xff) == TPM_RC_HANDLE) { if (print) printf("EK nonce not found, use default template\n"); rc = 0; } } if (rc == 0) { /* if the nonce was found, get the EK template */ if (nonce != NULL) { rc = processEKTemplate(tssContext, &tpmtPublicIn, ekTemplateIndex, print); } } /* create the primary key */ if (rc == 0) { rc = processCreatePrimary(tssContext, keyHandle, ekCertIndex, nonce, nonceSize, /* EK nonce, can be NULL */ &tpmtPublicIn, /* template */ &tpmtPublicOut, /* primary key */ noFlush, print); } /* get the EK certificate */ if (rc == 0) { rc = processEKCertificate(tssContext, &ekCertificate, /* freed @2 */ &publicKeyBin, &publicKeyBytes, /* freed @3 */ ekCertIndex, print); } /* compare the public key in the EK certificate to the public key output */ if (rc == 0) { rc = processValidatePrimary(publicKeyBin, /* certificate */ publicKeyBytes, &tpmtPublicOut, /* primary key */ ekCertIndex, print); } if (rc == 0) { if (print) printf("Public key from X509 certificate matches output of createprimary\n"); } free(nonce); /* @1 */ if (ekCertificate != NULL) { X509_free(ekCertificate); /* @2 */ } free(publicKeyBin); /* @3 */ return rc; } ./utils/ntc2preconfig.c0000644000175000017500000004141713070736653013253 0ustar lo1lo1/********************************************************************************/ /* */ /* Nuvoton Preconfig */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ntc2preconfig.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* The function permits configuring either standard manufacturing values or individual registers. The hard coded values are in ../src/ntc2lib.h. They are configured as a set. That file also has certain required values that cannot be changed. To override the standard manufacturing values, cautiously use -override. This can brick the TPM, since it's setting up the bus interface. Override does a red-modify-write, reading the registers and substiuting the new values. */ #include #include #include #include #include #include #include #include "ntc2lib.h" static void printUsage(void); static TPM_RC fixedConfig(NTC2_CFG_STRUCT *preConfig); static void pRequiredConfig(NTC2_CFG_STRUCT *preConfig); static void mergeConfig(NTC2_CFG_STRUCT *preConfigOut, const NTC2_CFG_STRUCT *preConfigIn, const NTC2_CFG_STRUCT *preConfigSet); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NTC2_GetConfig_Out out; NTC2_PreConfig_In in; NTC2_CFG_STRUCT preConfigSet; /* flags mark values to change */ NTC2_CFG_STRUCT preConfigIn; /* values to change */ int pRequiredVal = FALSE; /* TRUE to set P required values */ int override = FALSE; /* TRUE to override P required values */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); memset(&preConfigSet, 0, sizeof(NTC2_CFG_STRUCT)); /* default nothing to change */ /* command line argument defaults */ for (i=1 ; (ii2cLoc1_2 = PREQUIRED_i2cLoc1_2; preConfig->i2cLoc3_4 = PREQUIRED_i2cLoc3_4; preConfig->AltCfg = PREQUIRED_AltCfg; preConfig->Direction = PREQUIRED_Direction; preConfig->PullUp = PREQUIRED_PullUp; preConfig->PushPull = PREQUIRED_PushPull; preConfig->CFG_A = PREQUIRED_CFG_A; preConfig->CFG_B = PREQUIRED_CFG_B; preConfig->CFG_C = PREQUIRED_CFG_C; preConfig->CFG_D = PREQUIRED_CFG_D; preConfig->CFG_E = PREQUIRED_CFG_E; preConfig->CFG_F = PREQUIRED_CFG_F; preConfig->CFG_G = PREQUIRED_CFG_G; preConfig->CFG_H = PREQUIRED_CFG_H; preConfig->CFG_I = PREQUIRED_CFG_I; preConfig->CFG_J = PREQUIRED_CFG_J; preConfig->IsValid = PREQUIRED_IsValid; preConfig->IsLocked = PREQUIRED_IsLocked; return; } /* fixedConfig() is a sanity check that the TPM is not being configured incorrectly. Certain values are fixed. For -prequired, this is a simple consistency check on the required and fixed #define values For -override, this is a validation of the user input */ static TPM_RC fixedConfig(NTC2_CFG_STRUCT *preConfig) { if (preConfig->Direction != FIXED_Direction) { printf("Direction is not the required value %02x\n", FIXED_Direction); return TPM_RC_RANGE; } if (preConfig->PullUp != FIXED_PullUp) { printf("PullUp is not the required value %02x\n", FIXED_PullUp); return TPM_RC_RANGE; } if (preConfig->PushPull != FIXED_PushPull) { printf("PushPull is not the required value %02x\n", FIXED_PushPull); return TPM_RC_RANGE; } if (preConfig->CFG_F != FIXED_CFG_F) { printf("CFG_F is not the required value %02x\n", FIXED_CFG_F); return TPM_RC_RANGE; } if (preConfig->CFG_I != FIXED_CFG_I) { printf("CFG_I is not the required value %02x\n", FIXED_CFG_I); return TPM_RC_RANGE; } if (preConfig->CFG_J != FIXED_CFG_J) { printf("CFG_J is not the required value %02x\n", FIXED_CFG_J); return TPM_RC_RANGE; } if (preConfig->IsValid != FIXED_IsValid) { printf("IsValid is not the required value %02x\n", FIXED_IsValid); return TPM_RC_RANGE; } return 0; } /* mergeConfig() handles the read modify write setup. preConfigIn are the new values preConfigSet are booleans, true for the new values preConfigOut at input are the current values, at output are the merged values */ static void mergeConfig(NTC2_CFG_STRUCT *preConfigOut, const NTC2_CFG_STRUCT *preConfigIn, const NTC2_CFG_STRUCT *preConfigSet) { if (preConfigSet->i2cLoc1_2) { preConfigOut->i2cLoc1_2 = preConfigIn->i2cLoc1_2; } if (preConfigSet->i2cLoc3_4) { preConfigOut->i2cLoc3_4 = preConfigIn->i2cLoc3_4; } if (preConfigSet->AltCfg) { preConfigOut->AltCfg = preConfigIn->AltCfg; } if (preConfigSet->Direction) { preConfigOut->Direction = preConfigIn->Direction; } if (preConfigSet->PullUp) { preConfigOut->PullUp = preConfigIn->PullUp; } if (preConfigSet->PushPull) { preConfigOut->PushPull = preConfigIn->PushPull; } if (preConfigSet->CFG_A) { preConfigOut->CFG_A = preConfigIn->CFG_A; } if (preConfigSet->CFG_B) { preConfigOut->CFG_B = preConfigIn->CFG_B; } if (preConfigSet->CFG_C) { preConfigOut->CFG_C = preConfigIn->CFG_C; } if (preConfigSet->CFG_D) { preConfigOut->CFG_D = preConfigIn->CFG_D; } if (preConfigSet->CFG_E) { preConfigOut->CFG_E = preConfigIn->CFG_E; } if (preConfigSet->CFG_F) { preConfigOut->CFG_F = preConfigIn->CFG_F; } if (preConfigSet->CFG_G) { preConfigOut->CFG_G = preConfigIn->CFG_G; } if (preConfigSet->CFG_H) { preConfigOut->CFG_H = preConfigIn->CFG_H; } if (preConfigSet->CFG_I) { preConfigOut->CFG_I = preConfigIn->CFG_I; } if (preConfigSet->CFG_J) { preConfigOut->CFG_J = preConfigIn->CFG_J; } if (preConfigSet->IsValid) { preConfigOut->IsValid = preConfigIn->IsValid; } return; } static void printUsage(void) { printf("\n"); printf("ntc2preconfig\n"); printf("\n"); printf("Runs NTC2_PreConfig\n"); printf("\n"); printf("-prequired - sets the required values for System P, write only\n"); printf("-override - permits individual register values, read-modify-write\n"); printf("\n"); printf("Values to set, each is a hex byte, (default do not change)\n"); printf("[-i2cLoc1_2 byte]\n"); printf("[-i2cLoc3_4 byte]\n"); printf("[-AltCfg byte]\n"); printf("[-Direction byte]\n"); printf("[-PullUp byte]\n"); printf("[-PushPull byte]\n"); printf("[-CFG_A byte]\n"); printf("[-CFG_B byte]\n"); printf("[-CFG_C byte]\n"); printf("[-CFG_D byte]\n"); printf("[-CFG_E byte]\n"); printf("[-CFG_F byte]\n"); printf("[-CFG_G byte]\n"); printf("[-CFG_H byte]\n"); printf("[-CFG_I byte]\n"); printf("[-CFG_J byte]\n"); printf("[-IsValid byte]\n"); exit(1); } ./utils/sign.c0000644000175000017500000002760713075475774011466 0ustar lo1lo1/********************************************************************************/ /* */ /* Sign */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: sign.c 989 2017-04-18 20:50:04Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Sign_In in; Sign_Out out; TPMI_DH_OBJECT keyHandle = 0; TPMI_ALG_HASH halg = TPM_ALG_SHA256; int nid = NID_sha256; TPMI_ALG_SIG_SCHEME scheme = TPM_ALG_RSASSA; const char *messageFilename = NULL; const char *ticketFilename = NULL; const char *publicKeyFilename = NULL; const char *signatureFilename = NULL; const char *keyPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; unsigned char *data = NULL; /* message */ size_t length; uint32_t sizeInBytes; /* hash algorithm mapped to size */ TPMT_HA digest; /* digest of the message */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (messageFilename == NULL) { printf("Missing message file name -if\n"); printUsage(); } if (keyHandle == 0) { printf("Missing handle parameter -hk\n"); printUsage(); } if (rc == 0) { rc = TSS_File_ReadBinaryFile(&data, /* must be freed by caller */ &length, messageFilename); } /* hash the file */ if (rc == 0) { digest.hashAlg = halg; sizeInBytes = TSS_GetDigestSize(digest.hashAlg); rc = TSS_Hash_Generate(&digest, length, data, 0, NULL); } if (rc == 0) { /* Handle of key that will perform signing */ in.keyHandle = keyHandle; /* digest to be signed */ in.digest.t.size = sizeInBytes; memcpy(&in.digest.t.buffer, (uint8_t *)&digest.digest, sizeInBytes); /* Table 145 - Definition of TPMT_SIG_SCHEME inScheme */ in.inScheme.scheme = scheme; /* Table 144 - Definition of TPMU_SIG_SCHEME details > */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ if (scheme == TPM_ALG_RSASSA) { in.inScheme.details.rsassa.hashAlg = halg; } else { in.inScheme.details.ecdsa.hashAlg = halg; } } if (rc == 0) { if (ticketFilename == NULL) { /* proof that digest was created by the TPM (NULL ticket) */ /* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */ in.validation.tag = TPM_ST_HASHCHECK; in.validation.hierarchy = TPM_RH_NULL; in.validation.digest.t.size = 0; } else { rc = TSS_File_ReadStructure(&in.validation, (UnmarshalFunction_t)TPMT_TK_HASHCHECK_Unmarshal, ticketFilename); } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Sign, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } /* if a public key was specified, use openssl to verify the signature using an openssl RSA format key token */ if (publicKeyFilename != NULL) { TPM2B_PUBLIC public; RSA *rsaPubKey = NULL; if (rc == 0) { rc = TSS_File_ReadStructure(&public, (UnmarshalFunction_t)TPM2B_PUBLIC_Unmarshal, publicKeyFilename); } /* construct the OpenSSL RSA public key token */ if (rc == 0) { unsigned char earr[3] = {0x01, 0x00, 0x01}; rc = TSS_RSAGeneratePublicToken(&rsaPubKey, /* freed @1 */ public.publicArea.unique.rsa.t.buffer, /* public modulus */ public.publicArea.unique.rsa.t.size, earr, /* public exponent */ sizeof(earr)); } /* construct an openssl RSA public key token */ if (rc == 0) { int irc; irc = RSA_verify(nid, (uint8_t *)&in.digest.t.buffer, in.digest.t.size, (uint8_t *)&out.signature.signature.rsassa.sig.t.buffer, out.signature.signature.rsassa.sig.t.size, rsaPubKey); if (verbose) printf("RSAVerify: RSA_verify rc %d\n", irc); if (irc != 1) { printf("RSAVerify: Bad signature\n"); rc = TSS_RC_RSA_SIGNATURE; } } if (rsaPubKey != NULL) { RSA_free(rsaPubKey); /* @1 */ } } free(data); if (rc == 0) { if (verbose) printf("sign: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("sign: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("sign\n"); printf("\n"); printf("Runs TPM2_Sign\n"); printf("\n"); printf("\t-hk key handle\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-rsa (RSASSA scheme)]\n"); printf("\t[-ecc (ECDSA scheme)]\n"); printf("\t\tVerify only supported for RSA now\n"); printf("\t-if input message to hash and sign\n"); printf("\t[-ipu public key file name to verify signature (default no verify)]\n"); printf("\t[-os signature file name (default do not save)]\n"); printf("\t[-tk ticket file name]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/tssccattributes.c0000644000175000017500000000764312763611640013735 0ustar lo1lo1/********************************************************************************/ /* */ /* Command Code Attributes */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssprint.c 703 2016-07-28 17:21:46Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* NOTE: This is a replica of CommandAttributeData.c, but endian independent. It must be kept in sync with the TPM reference implementation. */ #include #include #include #include #include "tssccattributes.h" COMMAND_INDEX CommandCodeToCommandIndex(TPM_CC commandCode) { COMMAND_INDEX i; /* s_ccAttr has terminating 0x0000 command code and V */ for (i = 0 ; (s_ccAttr[i].commandCode != 0) || (s_ccAttr[i].V != 0) ; i++) { if (s_ccAttr[i].commandCode == commandCode) { return i; } } return UNIMPLEMENTED_COMMAND_INDEX; } uint32_t getCommandHandleCount(COMMAND_INDEX index) { return s_ccAttr[index].cHandles; } uint32_t getresponseHandleCount(COMMAND_INDEX index) { return s_ccAttr[index].rHandle; } /* from CommandCodeAttributes.c */ int getDecryptSize(COMMAND_INDEX commandIndex) { COMMAND_ATTRIBUTES ca = s_commandAttributes[commandIndex]; if(ca & DECRYPT_2) return 2; if(ca & DECRYPT_4) return 4; return 0; } int getEncryptSize(COMMAND_INDEX commandIndex) { COMMAND_ATTRIBUTES ca = s_commandAttributes[commandIndex]; if(ca & ENCRYPT_2) return 2; if(ca & ENCRYPT_4) return 4; return 0; } AUTH_ROLE getCommandAuthRole( COMMAND_INDEX commandIndex, // IN: command index UINT32 handleIndex // IN: handle index (zero based) ) { if(0 == handleIndex ) { // Any auth role set? COMMAND_ATTRIBUTES properties = s_commandAttributes[commandIndex]; if(properties & HANDLE_1_USER) return AUTH_USER; if(properties & HANDLE_1_ADMIN) return AUTH_ADMIN; if(properties & HANDLE_1_DUP) return AUTH_DUP; } else if (1 == handleIndex) { if(s_commandAttributes[commandIndex] & HANDLE_2_USER) return AUTH_USER; } return AUTH_NONE; } ./utils/hierarchycontrol.c0000644000175000017500000001750113075204375014060 0ustar lo1lo1/********************************************************************************/ /* */ /* HierarchyControl */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: hierarchycontrol.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; HierarchyControl_In in; char authHandleChar = 0; char enableHandleChar = 0; int state = 1; const char *authPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (authHandleChar == 'e') { in.authHandle = TPM_RH_ENDORSEMENT; } else if (authHandleChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (authHandleChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { if (enableHandleChar == 'e') { in.enable = TPM_RH_ENDORSEMENT; } else if (enableHandleChar == 'o') { in.enable = TPM_RH_OWNER; } else if (enableHandleChar == 'p') { in.enable = TPM_RH_PLATFORM; } else if (enableHandleChar == 'n') { in.enable = TPM_RH_PLATFORM_NV; } else { printf("Missing or illegal -he\n"); printUsage(); } } if (rc == 0) { if (state != 0) { in.state = YES; } else { in.state = NO; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_HierarchyControl, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("hierarchycontrol: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("hierarchycontrol: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("hierarchycontrol\n"); printf("\n"); printf("Runs TPM2_HierarchyControl\n"); printf("\n"); printf("\t-hi authhandle hierarchy (e, o, p)\n"); printf("\t-he enable hierarchy (e, o, p, n)\n"); printf("\t\te endorsement, o owner, p platform, n null\n"); printf("\t-pwda authorization password (default empty)\n"); printf("\t-state (0 to disable, 1 to enable) (default enable)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/tssdev.h0000644000175000017500000000505513115776262012023 0ustar lo1lo1/********************************************************************************/ /* */ /* Linux Device Transmit and Receive Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssdev.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is not a public header. It should not be used by applications. */ #ifndef TSSDEV_H #define TSSDEV_H #include #ifdef __cplusplus extern "C" { #endif TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message); TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext); #ifdef __cplusplus } #endif #endif ./utils/CommandAttributeData.c0000644000175000017500000010653713057615213014542 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: CommandAttributeData.c 954 2017-03-07 20:39:39Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ // 9.3 CommandAttributeData.c #include "CommandAttributes.h" #if defined COMPRESSED_LISTS # define PAD_LIST 0 #else # define PAD_LIST 1 #endif // This is the command code attribute array for GetCapability(). Both this array and // s_commandAttributes provides command code attributes, but tuned for different purpose /* bitfield is: command index reserved nv extensive flushed cHandles rHandle V reserved */ #ifndef TPM_TSS const TPMA_CC s_ccAttr [] = { #else #include "tssccattributes.h" const TPMA_CC_TSS s_ccAttr [] = { #endif #if (PAD_LIST || CC_NV_UndefineSpaceSpecial) {{0x011f, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_UndefineSpaceSpecial #endif #if (PAD_LIST || CC_EvictControl) {{0x0120, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_EvictControl #endif #if (PAD_LIST || CC_HierarchyControl) {{0x0121, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_HierarchyControl #endif #if (PAD_LIST || CC_NV_UndefineSpace) {{0x0122, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_UndefineSpace #endif #if (PAD_LIST) {{0x0123, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command #endif #if (PAD_LIST || CC_ChangeEPS) {{0x0124, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_ChangeEPS #endif #if (PAD_LIST || CC_ChangePPS) {{0x0125, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_ChangePPS #endif #if (PAD_LIST || CC_Clear) {{0x0126, 0, 1, 1, 0, 1, 0, 0, 0}}, // TPM_CC_Clear #endif #if (PAD_LIST || CC_ClearControl) {{0x0127, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ClearControl #endif #if (PAD_LIST || CC_ClockSet) {{0x0128, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ClockSet #endif #if (PAD_LIST || CC_HierarchyChangeAuth) {{0x0129, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_HierarchyChangeAuth #endif #if (PAD_LIST || CC_NV_DefineSpace) {{0x012a, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_DefineSpace #endif #if (PAD_LIST || CC_PCR_Allocate) {{0x012b, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Allocate #endif #if (PAD_LIST || CC_PCR_SetAuthPolicy) {{0x012c, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_SetAuthPolicy #endif #if (PAD_LIST || CC_PP_Commands) {{0x012d, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PP_Commands #endif #if (PAD_LIST || CC_SetPrimaryPolicy) {{0x012e, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SetPrimaryPolicy #endif #if (PAD_LIST || CC_FieldUpgradeStart) {{0x012f, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_FieldUpgradeStart #endif #if (PAD_LIST || CC_ClockRateAdjust) {{0x0130, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ClockRateAdjust #endif #if (PAD_LIST || CC_CreatePrimary) {{0x0131, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_CreatePrimary #endif #if (PAD_LIST || CC_NV_GlobalWriteLock) {{0x0132, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_GlobalWriteLock #endif #if (PAD_LIST || CC_GetCommandAuditDigest) {{0x0133, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_GetCommandAuditDigest #endif #if (PAD_LIST || CC_NV_Increment) {{0x0134, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Increment #endif #if (PAD_LIST || CC_NV_SetBits) {{0x0135, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_SetBits #endif #if (PAD_LIST || CC_NV_Extend) {{0x0136, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Extend #endif #if (PAD_LIST || CC_NV_Write) {{0x0137, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Write #endif #if (PAD_LIST || CC_NV_WriteLock) {{0x0138, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_WriteLock #endif #if (PAD_LIST || CC_DictionaryAttackLockReset) {{0x0139, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_DictionaryAttackLockReset #endif #if (PAD_LIST || CC_DictionaryAttackParameters) {{0x013a, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_DictionaryAttackParameters #endif #if (PAD_LIST || CC_NV_ChangeAuth) {{0x013b, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_ChangeAuth #endif #if (PAD_LIST || CC_PCR_Event) {{0x013c, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Event #endif #if (PAD_LIST || CC_PCR_Reset) {{0x013d, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Reset #endif #if (PAD_LIST || CC_SequenceComplete) {{0x013e, 0, 0, 0, 1, 1, 0, 0, 0}}, // TPM_CC_SequenceComplete #endif #if (PAD_LIST || CC_SetAlgorithmSet) {{0x013f, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SetAlgorithmSet #endif #if (PAD_LIST || CC_SetCommandCodeAuditStatus) {{0x0140, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SetCommandCodeAuditStatus #endif #if (PAD_LIST || CC_FieldUpgradeData) {{0x0141, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_FieldUpgradeData #endif #if (PAD_LIST || CC_IncrementalSelfTest) {{0x0142, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_IncrementalSelfTest #endif #if (PAD_LIST || CC_SelfTest) {{0x0143, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_SelfTest #endif #if (PAD_LIST || CC_Startup) {{0x0144, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_Startup #endif #if (PAD_LIST || CC_Shutdown) {{0x0145, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_Shutdown #endif #if (PAD_LIST || CC_StirRandom) {{0x0146, 0, 1, 0, 0, 0, 0, 0, 0}}, // TPM_CC_StirRandom #endif #if (PAD_LIST || CC_ActivateCredential) {{0x0147, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_ActivateCredential #endif #if (PAD_LIST || CC_Certify) {{0x0148, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_Certify #endif #if (PAD_LIST || CC_PolicyNV) {{0x0149, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_PolicyNV #endif #if (PAD_LIST || CC_CertifyCreation) {{0x014a, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_CertifyCreation #endif #if (PAD_LIST || CC_Duplicate) {{0x014b, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_Duplicate #endif #if (PAD_LIST || CC_GetTime) {{0x014c, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_GetTime #endif #if (PAD_LIST || CC_GetSessionAuditDigest) {{0x014d, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_GetSessionAuditDigest #endif #if (PAD_LIST || CC_NV_Read) {{0x014e, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_Read #endif #if (PAD_LIST || CC_NV_ReadLock) {{0x014f, 0, 1, 0, 0, 2, 0, 0, 0}}, // TPM_CC_NV_ReadLock #endif #if (PAD_LIST || CC_ObjectChangeAuth) {{0x0150, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_ObjectChangeAuth #endif #if (PAD_LIST || CC_PolicySecret) {{0x0151, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_PolicySecret #endif #if (PAD_LIST || CC_Rewrap) {{0x0152, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_Rewrap #endif #if (PAD_LIST || CC_Create) {{0x0153, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Create #endif #if (PAD_LIST || CC_ECDH_ZGen) {{0x0154, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ECDH_ZGen #endif #if (PAD_LIST || CC_HMAC) {{0x0155, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_HMAC #endif #if (PAD_LIST || CC_Import) {{0x0156, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Import #endif #if (PAD_LIST || CC_Load) {{0x0157, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_Load #endif #if (PAD_LIST || CC_Quote) {{0x0158, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Quote #endif #if (PAD_LIST || CC_RSA_Decrypt) {{0x0159, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_RSA_Decrypt #endif #if (PAD_LIST) {{0x015a, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command #endif #if (PAD_LIST || CC_HMAC_Start) {{0x015b, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_HMAC_Start #endif #if (PAD_LIST || CC_SequenceUpdate) {{0x015c, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_SequenceUpdate #endif #if (PAD_LIST || CC_Sign) {{0x015d, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Sign #endif #if (PAD_LIST || CC_Unseal) {{0x015e, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Unseal #endif #if (PAD_LIST) {{0x015f, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command #endif #if (PAD_LIST || CC_PolicySigned) {{0x0160, 0, 0, 0, 0, 2, 0, 0, 0}}, // TPM_CC_PolicySigned #endif #if (PAD_LIST || CC_ContextLoad) {{0x0161, 0, 0, 0, 0, 0, 1, 0, 0}}, // TPM_CC_ContextLoad #endif #if (PAD_LIST || CC_ContextSave) {{0x0162, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ContextSave #endif #if (PAD_LIST || CC_ECDH_KeyGen) {{0x0163, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ECDH_KeyGen #endif #if (PAD_LIST || CC_EncryptDecrypt) {{0x0164, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_EncryptDecrypt #endif #if (PAD_LIST || CC_FlushContext) {{0x0165, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_FlushContext #endif #if (PAD_LIST) {{0x0166, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command #endif #if (PAD_LIST || CC_LoadExternal) {{0x0167, 0, 0, 0, 0, 0, 1, 0, 0}}, // TPM_CC_LoadExternal #endif #if (PAD_LIST || CC_MakeCredential) {{0x0168, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_MakeCredential #endif #if (PAD_LIST || CC_NV_ReadPublic) {{0x0169, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_NV_ReadPublic #endif #if (PAD_LIST || CC_PolicyAuthorize) {{0x016a, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyAuthorize #endif #if (PAD_LIST || CC_PolicyAuthValue) {{0x016b, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyAuthValue #endif #if (PAD_LIST || CC_PolicyCommandCode) {{0x016c, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyCommandCode #endif #if (PAD_LIST || CC_PolicyCounterTimer) {{0x016d, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyCounterTimer #endif #if (PAD_LIST || CC_PolicyCpHash) {{0x016e, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyCpHash #endif #if (PAD_LIST || CC_PolicyLocality) {{0x016f, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyLocality #endif #if (PAD_LIST || CC_PolicyNameHash) {{0x0170, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyNameHash #endif #if (PAD_LIST || CC_PolicyOR) {{0x0171, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyOR #endif #if (PAD_LIST || CC_PolicyTicket) {{0x0172, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyTicket #endif #if (PAD_LIST || CC_ReadPublic) {{0x0173, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ReadPublic #endif #if (PAD_LIST || CC_RSA_Encrypt) {{0x0174, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_RSA_Encrypt #endif #if (PAD_LIST) {{0x0175, 0, 0, 0, 0, 0, 0, 0, 0}}, // No command #endif #if (PAD_LIST || CC_StartAuthSession) {{0x0176, 0, 0, 0, 0, 2, 1, 0, 0}}, // TPM_CC_StartAuthSession #endif #if (PAD_LIST || CC_VerifySignature) {{0x0177, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_VerifySignature #endif #if (PAD_LIST || CC_ECC_Parameters) {{0x0178, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_ECC_Parameters #endif #if (PAD_LIST || CC_FirmwareRead) {{0x0179, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_FirmwareRead #endif #if (PAD_LIST || CC_GetCapability) {{0x017a, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_GetCapability #endif #if (PAD_LIST || CC_GetRandom) {{0x017b, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_GetRandom #endif #if (PAD_LIST || CC_GetTestResult) {{0x017c, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_GetTestResult #endif #if (PAD_LIST || CC_Hash) {{0x017d, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_Hash #endif #if (PAD_LIST || CC_PCR_Read) {{0x017e, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_PCR_Read #endif #if (PAD_LIST || CC_PolicyPCR) {{0x017f, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyPCR #endif #if (PAD_LIST || CC_PolicyRestart) {{0x0180, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyRestart #endif #if (PAD_LIST || CC_ReadClock) {{0x0181, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_ReadClock #endif #if (PAD_LIST || CC_PCR_Extend) {{0x0182, 0, 1, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_Extend #endif #if (PAD_LIST || CC_PCR_SetAuthValue) {{0x0183, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PCR_SetAuthValue #endif #if (PAD_LIST || CC_NV_Certify) {{0x0184, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_NV_Certify #endif #if (PAD_LIST || CC_EventSequenceComplete) {{0x0185, 0, 1, 0, 1, 2, 0, 0, 0}}, // TPM_CC_EventSequenceComplete #endif #if (PAD_LIST || CC_HashSequenceStart) {{0x0186, 0, 0, 0, 0, 0, 1, 0, 0}}, // TPM_CC_HashSequenceStart #endif #if (PAD_LIST || CC_PolicyPhysicalPresence) {{0x0187, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyPhysicalPresence #endif #if (PAD_LIST || CC_PolicyDuplicationSelect) {{0x0188, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyDuplicationSelect #endif #if (PAD_LIST || CC_PolicyGetDigest) {{0x0189, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyGetDigest #endif #if (PAD_LIST || CC_TestParms) {{0x018a, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_TestParms #endif #if (PAD_LIST || CC_Commit) {{0x018b, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_Commit #endif #if (PAD_LIST || CC_PolicyPassword) {{0x018c, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyPassword #endif #if (PAD_LIST || CC_ZGen_2Phase) {{0x018d, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_ZGen_2Phase #endif #if (PAD_LIST || CC_EC_Ephemeral) {{0x018e, 0, 0, 0, 0, 0, 0, 0, 0}}, // TPM_CC_EC_Ephemeral #endif #if (PAD_LIST || CC_PolicyNvWritten) {{0x018f, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyNvWritten #endif #if (PAD_LIST || CC_PolicyTemplate) {{0x0190, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_PolicyTemplate #endif #if (PAD_LIST || CC_CreateLoaded) {{0x0191, 0, 0, 0, 0, 1, 1, 0, 0}}, // TPM_CC_CreateLoaded #endif #if (PAD_LIST || CC_PolicyAuthorizeNV) {{0x0192, 0, 0, 0, 0, 3, 0, 0, 0}}, // TPM_CC_PolicyAuthorizeNV #endif #if (PAD_LIST || CC_EncryptDecrypt2) {{0x0193, 0, 0, 0, 0, 1, 0, 0, 0}}, // TPM_CC_EncryptDecrypt2 #endif #if (PAD_LIST || CC_Vendor_TCG_Test) {{0x0000, 0, 0, 0, 0, 0, 0, 1, 0}}, // TPM_CC_Vendor_TCG_Test #endif #ifdef TPM_NUVOTON #if (PAD_LIST || CC_NTC2_PreConfig) #ifndef TPM_TSS {{0x0211, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_PreConfig #else {{0x20000211, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_PreConfig #endif #endif #if (PAD_LIST || CC_NTC2_LockPreConfig) #ifndef TPM_TSS {{0x0212, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_LockPreConfig #else {{0x20000212, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_LockPreConfig #endif #endif #if (PAD_LIST || CC_NTC2_GetConfig) #ifndef TPM_TSS {{0x0213, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_GetConfig #else {{0x20000213, 0, 1, 0, 0, 0, 0, 1, 0}}, // TPM_CC_NTC2_GetConfig #endif #endif #endif {{0x0000, 0, 0, 0, 0, 0, 0, 0, 0}}, // kg - terminator? }; // This is the command code attribute structure. const COMMAND_ATTRIBUTES s_commandAttributes [] = { #if (PAD_LIST || CC_NV_UndefineSpaceSpecial) (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpaceSpecial * // 0x011f (IS_IMPLEMENTED+HANDLE_1_ADMIN+HANDLE_2_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_EvictControl) (COMMAND_ATTRIBUTES)(CC_EvictControl * // 0x0120 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_HierarchyControl) (COMMAND_ATTRIBUTES)(CC_HierarchyControl * // 0x0121 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_NV_UndefineSpace) (COMMAND_ATTRIBUTES)(CC_NV_UndefineSpace * // 0x0122 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST) (COMMAND_ATTRIBUTES)(0), // 0x0123 #endif #if (PAD_LIST || CC_ChangeEPS) (COMMAND_ATTRIBUTES)(CC_ChangeEPS * // 0x0124 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_ChangePPS) (COMMAND_ATTRIBUTES)(CC_ChangePPS * // 0x0125 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_Clear) (COMMAND_ATTRIBUTES)(CC_Clear * // 0x0126 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_ClearControl) (COMMAND_ATTRIBUTES)(CC_ClearControl * // 0x0127 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_ClockSet) (COMMAND_ATTRIBUTES)(CC_ClockSet * // 0x0128 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_HierarchyChangeAuth) (COMMAND_ATTRIBUTES)(CC_HierarchyChangeAuth * // 0x0129 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_NV_DefineSpace) (COMMAND_ATTRIBUTES)(CC_NV_DefineSpace * // 0x012a (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_PCR_Allocate) (COMMAND_ATTRIBUTES)(CC_PCR_Allocate * // 0x012b (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_PCR_SetAuthPolicy) (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthPolicy * // 0x012c (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_PP_Commands) (COMMAND_ATTRIBUTES)(CC_PP_Commands * // 0x012d (IS_IMPLEMENTED+HANDLE_1_USER+PP_REQUIRED)), #endif #if (PAD_LIST || CC_SetPrimaryPolicy) (COMMAND_ATTRIBUTES)(CC_SetPrimaryPolicy * // 0x012e (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_FieldUpgradeStart) (COMMAND_ATTRIBUTES)(CC_FieldUpgradeStart * // 0x012f (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+PP_COMMAND)), #endif #if (PAD_LIST || CC_ClockRateAdjust) (COMMAND_ATTRIBUTES)(CC_ClockRateAdjust * // 0x0130 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_CreatePrimary) (COMMAND_ATTRIBUTES)(CC_CreatePrimary * // 0x0131 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_NV_GlobalWriteLock) (COMMAND_ATTRIBUTES)(CC_NV_GlobalWriteLock * // 0x0132 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_GetCommandAuditDigest) (COMMAND_ATTRIBUTES)(CC_GetCommandAuditDigest * // 0x0133 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_Increment) (COMMAND_ATTRIBUTES)(CC_NV_Increment * // 0x0134 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_SetBits) (COMMAND_ATTRIBUTES)(CC_NV_SetBits * // 0x0135 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_Extend) (COMMAND_ATTRIBUTES)(CC_NV_Extend * // 0x0136 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_Write) (COMMAND_ATTRIBUTES)(CC_NV_Write * // 0x0137 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_WriteLock) (COMMAND_ATTRIBUTES)(CC_NV_WriteLock * // 0x0138 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_DictionaryAttackLockReset) (COMMAND_ATTRIBUTES)(CC_DictionaryAttackLockReset * // 0x0139 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_DictionaryAttackParameters) (COMMAND_ATTRIBUTES)(CC_DictionaryAttackParameters * // 0x013a (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_ChangeAuth) (COMMAND_ATTRIBUTES)(CC_NV_ChangeAuth * // 0x013b (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN)), #endif #if (PAD_LIST || CC_PCR_Event) (COMMAND_ATTRIBUTES)(CC_PCR_Event * // 0x013c (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_PCR_Reset) (COMMAND_ATTRIBUTES)(CC_PCR_Reset * // 0x013d (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_SequenceComplete) (COMMAND_ATTRIBUTES)(CC_SequenceComplete * // 0x013e (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_SetAlgorithmSet) (COMMAND_ATTRIBUTES)(CC_SetAlgorithmSet * // 0x013f (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_SetCommandCodeAuditStatus) (COMMAND_ATTRIBUTES)(CC_SetCommandCodeAuditStatus * // 0x0140 (IS_IMPLEMENTED+HANDLE_1_USER+PP_COMMAND)), #endif #if (PAD_LIST || CC_FieldUpgradeData) (COMMAND_ATTRIBUTES)(CC_FieldUpgradeData * // 0x0141 (IS_IMPLEMENTED+DECRYPT_2)), #endif #if (PAD_LIST || CC_IncrementalSelfTest) (COMMAND_ATTRIBUTES)(CC_IncrementalSelfTest * // 0x0142 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_SelfTest) (COMMAND_ATTRIBUTES)(CC_SelfTest * // 0x0143 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_Startup) (COMMAND_ATTRIBUTES)(CC_Startup * // 0x0144 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST || CC_Shutdown) (COMMAND_ATTRIBUTES)(CC_Shutdown * // 0x0145 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_StirRandom) (COMMAND_ATTRIBUTES)(CC_StirRandom * // 0x0146 (IS_IMPLEMENTED+DECRYPT_2)), #endif #if (PAD_LIST || CC_ActivateCredential) (COMMAND_ATTRIBUTES)(CC_ActivateCredential * // 0x0147 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Certify) (COMMAND_ATTRIBUTES)(CC_Certify * // 0x0148 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyNV) (COMMAND_ATTRIBUTES)(CC_PolicyNV * // 0x0149 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_CertifyCreation) (COMMAND_ATTRIBUTES)(CC_CertifyCreation * // 0x014a (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Duplicate) (COMMAND_ATTRIBUTES)(CC_Duplicate * // 0x014b (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_DUP+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetTime) (COMMAND_ATTRIBUTES)(CC_GetTime * // 0x014c (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetSessionAuditDigest) (COMMAND_ATTRIBUTES)(CC_GetSessionAuditDigest * // 0x014d (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_Read) (COMMAND_ATTRIBUTES)(CC_NV_Read * // 0x014e (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_ReadLock) (COMMAND_ATTRIBUTES)(CC_NV_ReadLock * // 0x014f (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_ObjectChangeAuth) (COMMAND_ATTRIBUTES)(CC_ObjectChangeAuth * // 0x0150 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_ADMIN+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicySecret) (COMMAND_ATTRIBUTES)(CC_PolicySecret * // 0x0151 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ALLOW_TRIAL+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Rewrap) (COMMAND_ATTRIBUTES)(CC_Rewrap * // 0x0152 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Create) (COMMAND_ATTRIBUTES)(CC_Create * // 0x0153 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_ECDH_ZGen) (COMMAND_ATTRIBUTES)(CC_ECDH_ZGen * // 0x0154 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_HMAC) (COMMAND_ATTRIBUTES)(CC_HMAC * // 0x0155 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Import) (COMMAND_ATTRIBUTES)(CC_Import * // 0x0156 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Load) (COMMAND_ATTRIBUTES)(CC_Load * // 0x0157 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_Quote) (COMMAND_ATTRIBUTES)(CC_Quote * // 0x0158 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_RSA_Decrypt) (COMMAND_ATTRIBUTES)(CC_RSA_Decrypt * // 0x0159 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST) (COMMAND_ATTRIBUTES)(0), // 0x015a #endif #if (PAD_LIST || CC_HMAC_Start) (COMMAND_ATTRIBUTES)(CC_HMAC_Start * // 0x015b (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+R_HANDLE)), #endif #if (PAD_LIST || CC_SequenceUpdate) (COMMAND_ATTRIBUTES)(CC_SequenceUpdate * // 0x015c (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_Sign) (COMMAND_ATTRIBUTES)(CC_Sign * // 0x015d (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_Unseal) (COMMAND_ATTRIBUTES)(CC_Unseal * // 0x015e (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST) (COMMAND_ATTRIBUTES)(0), // 0x015f #endif #if (PAD_LIST || CC_PolicySigned) (COMMAND_ATTRIBUTES)(CC_PolicySigned * // 0x0160 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL+ENCRYPT_2)), #endif #if (PAD_LIST || CC_ContextLoad) (COMMAND_ATTRIBUTES)(CC_ContextLoad * // 0x0161 (IS_IMPLEMENTED+NO_SESSIONS+R_HANDLE)), #endif #if (PAD_LIST || CC_ContextSave) (COMMAND_ATTRIBUTES)(CC_ContextSave * // 0x0162 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST || CC_ECDH_KeyGen) (COMMAND_ATTRIBUTES)(CC_ECDH_KeyGen * // 0x0163 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_EncryptDecrypt) (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt * // 0x0164 (IS_IMPLEMENTED+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_FlushContext) (COMMAND_ATTRIBUTES)(CC_FlushContext * // 0x0165 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST) (COMMAND_ATTRIBUTES)(0), // 0x0166 #endif #if (PAD_LIST || CC_LoadExternal) (COMMAND_ATTRIBUTES)(CC_LoadExternal * // 0x0167 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_MakeCredential) (COMMAND_ATTRIBUTES)(CC_MakeCredential * // 0x0168 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #if (PAD_LIST || CC_NV_ReadPublic) (COMMAND_ATTRIBUTES)(CC_NV_ReadPublic * // 0x0169 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyAuthorize) (COMMAND_ATTRIBUTES)(CC_PolicyAuthorize * // 0x016a (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyAuthValue) (COMMAND_ATTRIBUTES)(CC_PolicyAuthValue * // 0x016b (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyCommandCode) (COMMAND_ATTRIBUTES)(CC_PolicyCommandCode * // 0x016c (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyCounterTimer) (COMMAND_ATTRIBUTES)(CC_PolicyCounterTimer * // 0x016d (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyCpHash) (COMMAND_ATTRIBUTES)(CC_PolicyCpHash * // 0x016e (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyLocality) (COMMAND_ATTRIBUTES)(CC_PolicyLocality * // 0x016f (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyNameHash) (COMMAND_ATTRIBUTES)(CC_PolicyNameHash * // 0x0170 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyOR) (COMMAND_ATTRIBUTES)(CC_PolicyOR * // 0x0171 (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyTicket) (COMMAND_ATTRIBUTES)(CC_PolicyTicket * // 0x0172 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_ReadPublic) (COMMAND_ATTRIBUTES)(CC_ReadPublic * // 0x0173 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_RSA_Encrypt) (COMMAND_ATTRIBUTES)(CC_RSA_Encrypt * // 0x0174 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #if (PAD_LIST) (COMMAND_ATTRIBUTES)(0), // 0x0175 #endif #if (PAD_LIST || CC_StartAuthSession) (COMMAND_ATTRIBUTES)(CC_StartAuthSession * // 0x0176 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_VerifySignature) (COMMAND_ATTRIBUTES)(CC_VerifySignature * // 0x0177 (IS_IMPLEMENTED+DECRYPT_2)), #endif #if (PAD_LIST || CC_ECC_Parameters) (COMMAND_ATTRIBUTES)(CC_ECC_Parameters * // 0x0178 (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_FirmwareRead) (COMMAND_ATTRIBUTES)(CC_FirmwareRead * // 0x0179 (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetCapability) (COMMAND_ATTRIBUTES)(CC_GetCapability * // 0x017a (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_GetRandom) (COMMAND_ATTRIBUTES)(CC_GetRandom * // 0x017b (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_GetTestResult) (COMMAND_ATTRIBUTES)(CC_GetTestResult * // 0x017c (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Hash) (COMMAND_ATTRIBUTES)(CC_Hash * // 0x017d (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PCR_Read) (COMMAND_ATTRIBUTES)(CC_PCR_Read * // 0x017e (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_PolicyPCR) (COMMAND_ATTRIBUTES)(CC_PolicyPCR * // 0x017f (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyRestart) (COMMAND_ATTRIBUTES)(CC_PolicyRestart * // 0x0180 (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_ReadClock) (COMMAND_ATTRIBUTES)(CC_ReadClock * // 0x0181 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST || CC_PCR_Extend) (COMMAND_ATTRIBUTES)(CC_PCR_Extend * // 0x0182 (IS_IMPLEMENTED+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_PCR_SetAuthValue) (COMMAND_ATTRIBUTES)(CC_PCR_SetAuthValue * // 0x0183 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER)), #endif #if (PAD_LIST || CC_NV_Certify) (COMMAND_ATTRIBUTES)(CC_NV_Certify * // 0x0184 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_EventSequenceComplete) (COMMAND_ATTRIBUTES)(CC_EventSequenceComplete * // 0x0185 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+HANDLE_2_USER)), #endif #if (PAD_LIST || CC_HashSequenceStart) (COMMAND_ATTRIBUTES)(CC_HashSequenceStart * // 0x0186 (IS_IMPLEMENTED+DECRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_PolicyPhysicalPresence) (COMMAND_ATTRIBUTES)(CC_PolicyPhysicalPresence * // 0x0187 (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyDuplicationSelect) (COMMAND_ATTRIBUTES)(CC_PolicyDuplicationSelect * // 0x0188 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyGetDigest) (COMMAND_ATTRIBUTES)(CC_PolicyGetDigest * // 0x0189 (IS_IMPLEMENTED+ALLOW_TRIAL+ENCRYPT_2)), #endif #if (PAD_LIST || CC_TestParms) (COMMAND_ATTRIBUTES)(CC_TestParms * // 0x018a (IS_IMPLEMENTED)), #endif #if (PAD_LIST || CC_Commit) (COMMAND_ATTRIBUTES)(CC_Commit * // 0x018b (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyPassword) (COMMAND_ATTRIBUTES)(CC_PolicyPassword * // 0x018c (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_ZGen_2Phase) (COMMAND_ATTRIBUTES)(CC_ZGen_2Phase * // 0x018d (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_EC_Ephemeral) (COMMAND_ATTRIBUTES)(CC_EC_Ephemeral * // 0x018e (IS_IMPLEMENTED+ENCRYPT_2)), #endif #if (PAD_LIST || CC_PolicyNvWritten) (COMMAND_ATTRIBUTES)(CC_PolicyNvWritten * // 0x018f (IS_IMPLEMENTED+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_PolicyTemplate) (COMMAND_ATTRIBUTES)(CC_PolicyTemplate * // 0x0190 (IS_IMPLEMENTED+DECRYPT_2+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_CreateLoaded) (COMMAND_ATTRIBUTES)(CC_CreateLoaded * // 0x0191 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+PP_COMMAND+ENCRYPT_2+R_HANDLE)), #endif #if (PAD_LIST || CC_PolicyAuthorizeNV) (COMMAND_ATTRIBUTES)(CC_PolicyAuthorizeNV * // 0x0192 (IS_IMPLEMENTED+HANDLE_1_USER+ALLOW_TRIAL)), #endif #if (PAD_LIST || CC_EncryptDecrypt2) (COMMAND_ATTRIBUTES)(CC_EncryptDecrypt2 * // 0x0193 (IS_IMPLEMENTED+DECRYPT_2+HANDLE_1_USER+ENCRYPT_2)), #endif #if (PAD_LIST || CC_Vendor_TCG_Test) (COMMAND_ATTRIBUTES)(CC_Vendor_TCG_Test * // 0x0000 (IS_IMPLEMENTED+DECRYPT_2+ENCRYPT_2)), #endif #ifdef TPM_NUVOTON #if (PAD_LIST || CC_NTC2_PreConfig) (COMMAND_ATTRIBUTES)(CC_NTC2_PreConfig * // 0x20000211 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST || CC_NTC2_LockPreConfig) (COMMAND_ATTRIBUTES)(CC_NTC2_LockPreConfig * // 0x20000212 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #if (PAD_LIST || CC_NTC2_GetConfig) (COMMAND_ATTRIBUTES)(CC_NTC2_GetConfig * // 0x20000213 (IS_IMPLEMENTED+NO_SESSIONS)), #endif #endif 0 }; ./utils/create.c0000644000175000017500000004353413133205212011733 0ustar lo1lo1/********************************************************************************/ /* */ /* Create */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: create.c 1044 2017-07-17 19:05:46Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include #include "objecttemplates.h" #include "cryptoutils.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Create_In in; Create_Out out; TPMI_DH_OBJECT parentHandle = 0; TPMA_OBJECT addObjectAttributes; TPMA_OBJECT deleteObjectAttributes; int keyType = 0; uint32_t keyTypeSpecified = 0; int rev116 = FALSE; TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; TPMI_ECC_CURVE curveID = TPM_ECC_NONE; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_ALG_HASH nalg = TPM_ALG_SHA256; const char *policyFilename = NULL; const char *publicKeyFilename = NULL; const char *privateKeyFilename = NULL; const char *pemFilename = NULL; const char *ticketFilename = NULL; const char *creationHashFilename = NULL; const char *dataFilename = NULL; const char *keyPassword = NULL; const char *parentPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ addObjectAttributes.val = 0; addObjectAttributes.val |= TPMA_OBJECT_NODA; deleteObjectAttributes.val = 0; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (parentHandle == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (keyTypeSpecified != 1) { printf("Missing or too many key attributes\n"); printUsage(); } switch (keyType) { case TYPE_BL: if (dataFilename == NULL) { printf("-bl needs -if (sealed data object needs data to seal)\n"); printUsage(); } break; case TYPE_DAA: case TYPE_DAAR: if (algPublic != TPM_ALG_ECC) { printf("-dau and -dar needs -ecc\n"); printUsage(); } /* fall through to next test is intentional */ case TYPE_ST: case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_GP: if (dataFilename != NULL) { printf("asymmetric key cannot have -if (sensitive data)\n"); printUsage(); } case TYPE_DES: case TYPE_KH: case TYPE_DP: /* inSensitive optional for symmetric keys */ break; } if (rc == 0) { in.parentHandle = parentHandle; } /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE inSensitive */ if (rc == 0) { /* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure sensitive */ /* Table 75 - Definition of Types for TPM2B_AUTH userAuth */ if (keyPassword == NULL) { in.inSensitive.sensitive.userAuth.t.size = 0; } else { rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b, keyPassword, sizeof(TPMU_HA)); } } if (rc == 0) { /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */ if (dataFilename != NULL) { rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b, MAX_SYM_DATA, dataFilename); } else { in.inSensitive.sensitive.data.t.size = 0; } } /* TPM2B_PUBLIC */ if (rc == 0) { switch (keyType) { case TYPE_BL: rc = blPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, policyFilename); break; case TYPE_ST: case TYPE_DAA: case TYPE_DAAR: case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_GP: rc = asymPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, keyType, algPublic, curveID, nalg, halg, policyFilename); break; case TYPE_DES: rc = symmetricCipherTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, rev116, policyFilename); break; case TYPE_KH: rc = keyedHashPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, halg, policyFilename); break; case TYPE_DP: rc = derivationParentPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, halg, policyFilename); } } if (rc == 0) { /* TPM2B_DATA outsideInfo */ in.outsideInfo.t.size = 0; /* Table 102 - TPML_PCR_SELECTION creationPCR */ in.creationPCR.count = 0; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Create, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* validate the creation data */ { uint16_t written = 0;; uint8_t *buffer = NULL; /* for the free */ uint32_t sizeInBytes; TPMT_HA digest; /* get the digest size from the Name algorithm */ if (rc == 0) { sizeInBytes = TSS_GetDigestSize(nalg); if (out.creationHash.b.size != sizeInBytes) { printf("create: failed, " "creationData size %u incompatible with name algorithm %04x\n", out.creationHash.b.size, nalg); rc = EXIT_FAILURE; } } /* re-marshal the output structure */ if (rc == 0) { rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ &written, &out.creationData.creationData, (MarshalFunction_t)TSS_TPMS_CREATION_DATA_Marshal); } /* recalculate the creationHash from creationData */ if (rc == 0) { digest.hashAlg = nalg; /* Name digest algorithm */ rc = TSS_Hash_Generate(&digest, written, buffer, 0, NULL); } /* compare the digest to creation hash */ if (rc == 0) { int irc; irc = memcmp((uint8_t *)&digest.digest, &out.creationHash.b.buffer, sizeInBytes); if (irc != 0) { printf("create: failed, creationData hash does not match creationHash\n"); rc = EXIT_FAILURE; } } free(buffer); /* @1 */ } /* save the private key */ if ((rc == 0) && (privateKeyFilename != NULL)) { rc = TSS_File_WriteStructure(&out.outPrivate, (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal, privateKeyFilename); } /* save the public key */ if ((rc == 0) && (publicKeyFilename != NULL)) { rc = TSS_File_WriteStructure(&out.outPublic, (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal, publicKeyFilename); } /* save the optional PEM public key */ if ((rc == 0) && (pemFilename != NULL)) { rc = convertPublicToPEM(&out.outPublic, pemFilename); } /* save the optional creation ticket */ if ((rc == 0) && (ticketFilename != NULL)) { rc = TSS_File_WriteStructure(&out.creationTicket, (MarshalFunction_t)TSS_TPMT_TK_CREATION_Marshal, ticketFilename); } /* save the optional creation hash */ if ((rc == 0) && (creationHashFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.creationHash.b.buffer, out.creationHash.b.size, creationHashFilename); } if (rc == 0) { if (verbose) printf("create: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("create: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("create\n"); printf("\n"); printf("Runs TPM2_Create\n"); printf("\n"); printf("\t-hp parent handle\n"); printf("\n"); printUsageTemplate(); printf("\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-pwdp password for parent key (default empty)]\n"); printf("\n"); printf("\t[-opu public key file name (default do not save)]\n"); printf("\t[-opr private key file name (default do not save)]\n"); printf("\t[-opem public key PEM format file name (default do not save)]\n"); printf("\t[-tk output ticket file name]\n"); printf("\t[-ch output creation hash file name]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/fail.h0000644000175000017500000000450012743244171011413 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: fail.h 684 2016-07-18 21:22:01Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef FAIL_H #define FAIL_H // 5.7 TpmError.h void TpmFail(const char *function, int line, int code); #define FAIL(a) (TpmFail(__FUNCTION__, __LINE__, a)) #define pAssert(a) (!!(a) ? 1 : (FAIL(FATAL_ERROR_PARAMETER), 0)) #endif ./utils/loadexternal.c0000644000175000017500000002563113102710032013145 0ustar lo1lo1/********************************************************************************/ /* */ /* Load External */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: loadexternal.c 1002 2017-05-04 20:33:30Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* DER example: Create a key pair in PEM format > openssl genrsa -out keypair.pem -aes256 -passout pass:rrrr 2048 Convert to plaintext DER format > openssl rsa -inform pem -outform der -in keypair.pem -out keypair.der -passin pass:rrrr */ #include #include #include #include #include #include #include #include #include #include #include #include #include "objecttemplates.h" #include "cryptoutils.h" #include "ekutils.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; LoadExternal_In in; LoadExternal_Out out; char hierarchyChar = 0; TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; int keyType = TYPE_SI; uint32_t keyTypeSpecified = 0; TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_ALG_HASH nalg = TPM_ALG_SHA256; const char *publicKeyFilename = NULL; const char *derKeyFilename = NULL; const char *pemKeyFilename = NULL; unsigned int inputCount = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (inputCount != 1) { printf("Missing or too many parameters -ipu, -ipem, -ider\n"); printUsage(); } if (keyTypeSpecified > 1) { printf("Too many key attributes\n"); printUsage(); } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (hierarchyChar == 'e') { hierarchy = TPM_RH_ENDORSEMENT; } else if (hierarchyChar == 'o') { hierarchy = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { hierarchy = TPM_RH_PLATFORM; } else if (hierarchyChar == 'n') { hierarchy = TPM_RH_NULL; } } if (rc == 0) { in.inPrivate.t.size = 0; /* default - mark optional inPrivate not used */ /* TPM format key, output from create */ if (publicKeyFilename != NULL) { rc = TSS_File_ReadStructure(&in.inPublic, (UnmarshalFunction_t)TPM2B_PUBLIC_Unmarshal, publicKeyFilename); } /* PEM format, output from e.g. openssl */ else if (pemKeyFilename != NULL) { if (algPublic == TPM_ALG_RSA) { rc = convertRsaPemToPublic(&in.inPublic, keyType, nalg, halg, pemKeyFilename); } /* TPM_ALG_ECC */ else { rc = convertEcPemToPublic(&in.inPublic, keyType, nalg, halg, pemKeyFilename); } } else if (derKeyFilename != NULL) { rc = convertRsaDerToKeyPair(&in.inPublic, &in.inPrivate, keyType, nalg, halg, derKeyFilename); in.inPrivate.t.size = 1; /* mark that private area should be loaded */ } else { printf("Failure parsing -ipu, -ipem, -ider\n"); printUsage(); } } if (rc == 0) { in.hierarchy = hierarchy; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_LoadExternal, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { printf("Handle %08x\n", out.objectHandle); if (verbose) printf("loadexternal: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("loadexternal: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("loadexternal\n"); printf("\n"); printf("Runs TPM2_LoadExternal\n"); printf("\n"); printf("\t[-hi hierarchy (e, o, p, n) (default NULL)]\n"); printf("\t[-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[Asymmetric Key Algorithm]\n"); printf("\t\t[-rsa (default)]\n"); printf("\t\t[-ecc curve (uses NIST P-256)]\n"); printf("\t-ipu TPM2B_PUBLIC public key file name\n"); printf("\t-ipem PEM format public key file name\n"); printf("\t-ider DER format RSA plaintext key pair file name\n"); printf("\t[-si signing (default)]\n"); printf("\t[-st storage]\n"); exit(1); } ./utils/Unmarshal.c0000644000175000017500000031050613062056104012423 0ustar lo1lo1/********************************************************************************/ /* */ /* Parameter Unmarshaling */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Unmarshal.c 790 2016-10-26 19:21:33Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include /* TSS needs TPM_TSS for TSS side structures */ #include TPM_RC UINT8_Unmarshal(UINT8 *target, BYTE **buffer, INT32 *size) { if ((UINT32)*size < sizeof(UINT8)) { return TPM_RC_INSUFFICIENT; } *target = (*buffer)[0]; *buffer += sizeof(UINT8); *size -= sizeof(UINT8); return TPM_RC_SUCCESS; } TPM_RC INT8_Unmarshal(INT8 *target, BYTE **buffer, INT32 *size) { return UINT8_Unmarshal((UINT8 *)target, buffer, size); } TPM_RC UINT16_Unmarshal(UINT16 *target, BYTE **buffer, INT32 *size) { if ((UINT32)*size < sizeof(UINT16)) { return TPM_RC_INSUFFICIENT; } *target = ((UINT16)((*buffer)[0]) << 8) | ((UINT16)((*buffer)[1]) << 0); *buffer += sizeof(UINT16); *size -= sizeof(UINT16); return TPM_RC_SUCCESS; } TPM_RC UINT32_Unmarshal(UINT32 *target, BYTE **buffer, INT32 *size) { if ((UINT32)*size < sizeof(UINT32)) { return TPM_RC_INSUFFICIENT; } *target = ((UINT32)((*buffer)[0]) << 24) | ((UINT32)((*buffer)[1]) << 16) | ((UINT32)((*buffer)[2]) << 8) | ((UINT32)((*buffer)[3]) << 0); *buffer += sizeof(UINT32); *size -= sizeof(UINT32); return TPM_RC_SUCCESS; } TPM_RC INT32_Unmarshal(INT32 *target, BYTE **buffer, INT32 *size) { return UINT32_Unmarshal((UINT32 *)target, buffer, size); } TPM_RC UINT64_Unmarshal(UINT64 *target, BYTE **buffer, INT32 *size) { if ((UINT32)*size < sizeof(UINT64)) { return TPM_RC_INSUFFICIENT; } *target = ((UINT64)((*buffer)[0]) << 56) | ((UINT64)((*buffer)[1]) << 48) | ((UINT64)((*buffer)[2]) << 40) | ((UINT64)((*buffer)[3]) << 32) | ((UINT64)((*buffer)[4]) << 24) | ((UINT64)((*buffer)[5]) << 16) | ((UINT64)((*buffer)[6]) << 8) | ((UINT64)((*buffer)[7]) << 0); *buffer += sizeof(UINT64); *size -= sizeof(UINT64); return TPM_RC_SUCCESS; } TPM_RC Array_Unmarshal(BYTE *targetBuffer, UINT16 targetSize, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (targetSize > *size) { rc = TPM_RC_INSUFFICIENT; } else { memcpy(targetBuffer, *buffer, targetSize); *buffer += targetSize; *size -= targetSize; } return rc; } TPM_RC TPM2B_Unmarshal(TPM2B *target, UINT16 targetSize, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size > targetSize) { rc = TPM_RC_SIZE; } } if (rc == TPM_RC_SUCCESS) { rc = Array_Unmarshal(target->buffer, target->size, buffer, size); } return rc; } /* Table 5 - Definition of Types for Documentation Clarity */ TPM_RC TPM_KEY_BITS_Unmarshal(TPM_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(target, buffer, size); } return rc; } /* Table 7 - Definition of (UINT32) TPM_GENERATED Constants */ TPM_RC TPM_GENERATED_Unmarshal(TPM_GENERATED *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (*target != TPM_GENERATED_VALUE) { rc = TPM_RC_VALUE; } } return rc; } /* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ TPM_RC TPM_ALG_ID_Unmarshal(TPM_ALG_ID *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(target, buffer, size); } return rc; } /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants */ #ifdef TPM_ALG_ECC TPM_RC TPM_ECC_CURVE_Unmarshal(TPM_ECC_CURVE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_ECC_NONE: case TPM_ECC_NIST_P192: case TPM_ECC_NIST_P224: case TPM_ECC_NIST_P256: case TPM_ECC_NIST_P384: case TPM_ECC_NIST_P521: case TPM_ECC_BN_P256: case TPM_ECC_BN_P638: case TPM_ECC_SM2_P256: break; default: rc = TPM_RC_CURVE; } } return rc; } #endif /* Table 13 - Definition of (UINT32) TPM_CC Constants (Numeric Order) */ TPM_RC TPM_CC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(target, buffer, size); } return rc; } /* Table 17 - Definition of (UINT32) TPM_RC Constants (Actions) */ TPM_RC TPM_RC_Unmarshal(TPM_RC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(target, buffer, size); } return rc; } /* Table 18 - Definition of (INT8) TPM_CLOCK_ADJUST Constants */ TPM_RC TPM_CLOCK_ADJUST_Unmarshal(TPM_CLOCK_ADJUST *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = INT8_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_CLOCK_COARSE_SLOWER: case TPM_CLOCK_MEDIUM_SLOWER: case TPM_CLOCK_FINE_SLOWER: case TPM_CLOCK_NO_CHANGE: case TPM_CLOCK_FINE_FASTER: case TPM_CLOCK_MEDIUM_FASTER: case TPM_CLOCK_COARSE_FASTER: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 19 - Definition of (UINT16) TPM_EO Constants */ TPM_RC TPM_EO_Unmarshal(TPM_EO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_EO_EQ: case TPM_EO_NEQ: case TPM_EO_SIGNED_GT: case TPM_EO_UNSIGNED_GT: case TPM_EO_SIGNED_LT: case TPM_EO_UNSIGNED_LT: case TPM_EO_SIGNED_GE: case TPM_EO_UNSIGNED_GE: case TPM_EO_SIGNED_LE: case TPM_EO_UNSIGNED_LE: case TPM_EO_BITSET: case TPM_EO_BITCLEAR: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 20 - Definition of (UINT16) TPM_ST Constants */ TPM_RC TPM_ST_Unmarshal(TPM_ST *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_ST_RSP_COMMAND: case TPM_ST_NULL: case TPM_ST_NO_SESSIONS: case TPM_ST_SESSIONS: case TPM_ST_ATTEST_NV: case TPM_ST_ATTEST_COMMAND_AUDIT: case TPM_ST_ATTEST_SESSION_AUDIT: case TPM_ST_ATTEST_CERTIFY: case TPM_ST_ATTEST_QUOTE: case TPM_ST_ATTEST_TIME: case TPM_ST_ATTEST_CREATION: case TPM_ST_CREATION: case TPM_ST_VERIFIED: case TPM_ST_AUTH_SECRET: case TPM_ST_HASHCHECK: case TPM_ST_AUTH_SIGNED: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 21 - Definition of (UINT16) TPM_SU Constants */ TPM_RC TPM_SU_Unmarshal(TPM_SU *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_SU_CLEAR: case TPM_SU_STATE: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 22 - Definition of (UINT8) TPM_SE Constants */ TPM_RC TPM_SE_Unmarshal(TPM_SE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT8_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_SE_HMAC: case TPM_SE_POLICY: case TPM_SE_TRIAL: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 23 - Definition of (UINT32) TPM_CAP Constants */ TPM_RC TPM_CAP_Unmarshal(TPM_CAP *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_CAP_ALGS: case TPM_CAP_HANDLES: case TPM_CAP_COMMANDS: case TPM_CAP_PP_COMMANDS: case TPM_CAP_AUDIT_COMMANDS: case TPM_CAP_PCRS: case TPM_CAP_TPM_PROPERTIES: case TPM_CAP_PCR_PROPERTIES: case TPM_CAP_ECC_CURVES: case TPM_CAP_VENDOR_PROPERTY: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 24 - Definition of (UINT32) TPM_PT Constants */ TPM_RC TPM_PT_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(target, buffer, size); } return rc; } /* Table 25 - Definition of (UINT32) TPM_PT_PCR Constants */ TPM_RC TPM_PT_PCR_Unmarshal(TPM_PT_PCR *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(target, buffer, size); } return rc; } /* Table 27 - Definition of Types for Handles */ TPM_RC TPM_HANDLE_Unmarshal(TPM_HANDLE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(target, buffer, size); } return rc; } /* Table 31 - Definition of (UINT32) TPMA_ALGORITHM Bits */ TPM_RC TPMA_ALGORITHM_Unmarshal(TPMA_ALGORITHM *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->val, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->val & TPMA_ALGORITHM_RESERVED) { rc = TPM_RC_RESERVED_BITS; } } return rc; } /* Table 32 - Definition of (UINT32) TPMA_OBJECT Bits */ TPM_RC TPMA_OBJECT_Unmarshal(TPMA_OBJECT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->val, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->val & TPMA_OBJECT_RESERVED) { rc = TPM_RC_RESERVED_BITS; } } return rc; } /* Table 33 - Definition of (UINT8) TPMA_SESSION Bits */ TPM_RC TPMA_SESSION_Unmarshal(TPMA_SESSION *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT8_Unmarshal(&target->val, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->val & TPMA_SESSION_RESERVED) { rc = TPM_RC_RESERVED_BITS; } } return rc; } /* Table 34 - Definition of (UINT8) TPMA_LOCALITY Bits */ TPM_RC TPMA_LOCALITY_Unmarshal(TPMA_LOCALITY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT8_Unmarshal(&target->val, buffer, size); } return rc; } /* Table 38 - Definition of (TPM_CC) TPMA_CC Bits */ TPM_RC TPMA_CC_Unmarshal(TPMA_CC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->val, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->val & TPMA_CC_RESERVED) { rc = TPM_RC_RESERVED_BITS; } } return rc; } /* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */ TPM_RC TPMI_YES_NO_Unmarshal(TPMI_YES_NO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT8_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case NO: case YES: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */ TPM_RC TPMI_DH_OBJECT_Unmarshal(TPMI_DH_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST); BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull; if (isNotTransient && isNotPersistent && isNotLegalNull) { rc = TPM_RC_VALUE; } } return rc; } /* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */ TPM_RC TPMI_DH_PERSISTENT_Unmarshal(TPMI_DH_PERSISTENT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); if (isNotPersistent) { rc = TPM_RC_VALUE; } } return rc; } /* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type */ TPM_RC TPMI_DH_ENTITY_Unmarshal(TPMI_DH_ENTITY *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotOwner = *target != TPM_RH_OWNER; BOOL isNotEndorsement = *target != TPM_RH_ENDORSEMENT; BOOL isNotPlatform = *target != TPM_RH_PLATFORM; BOOL isNotLockout = *target != TPM_RH_LOCKOUT; BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST); BOOL isNotPersistent = (*target < PERSISTENT_FIRST) || (*target > PERSISTENT_LAST); BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); #if PCR_FIRST != 0 BOOL isNotPcr = (*target < PCR_FIRST) || (*target > PCR_LAST); #else BOOL isNotPcr = (*target > PCR_LAST); #endif BOOL isNotAuth = (*target < TPM_RH_AUTH_00) || (*target > TPM_RH_AUTH_FF); BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull; if (isNotOwner && isNotEndorsement && isNotPlatform && isNotLockout && isNotTransient && isNotPersistent && isNotNv && isNotPcr && isNotAuth && isNotLegalNull) { rc = TPM_RC_VALUE; } } return rc; } /* Table 43 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type */ TPM_RC TPMI_DH_PCR_Unmarshal(TPMI_DH_PCR *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { #if PCR_FIRST != 0 BOOL isNotPcr = (*target < PCR_FIRST) || (*target > PCR_LAST); #else BOOL isNotPcr = (*target > PCR_LAST); #endif BOOL isNotLegalNull = (*target != TPM_RH_NULL) || !allowNull; if (isNotPcr && isNotLegalNull) { rc = TPM_RC_VALUE; } } return rc; } /* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type */ TPM_RC TPMI_SH_AUTH_SESSION_Unmarshal(TPMI_SH_AUTH_SESSION *target, BYTE **buffer, INT32 *size, BOOL allowPwd) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); BOOL isNotLegalPwd = (*target != TPM_RS_PW) || !allowPwd; if (isNotHmacSession && isNotPolicySession && isNotLegalPwd) { rc = TPM_RC_VALUE; } } return rc; } /* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type */ TPM_RC TPMI_SH_HMAC_Unmarshal(TPMI_SH_HMAC *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST ) || (*target > HMAC_SESSION_LAST); if (isNotHmacSession) { rc = TPM_RC_VALUE; } } return rc; } /* Table 46 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type */ TPM_RC TPMI_SH_POLICY_Unmarshal(TPMI_SH_POLICY *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); if (isNotPolicySession) { rc = TPM_RC_VALUE; } } return rc; } /* Table 47 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type */ TPM_RC TPMI_DH_CONTEXT_Unmarshal(TPMI_DH_CONTEXT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotHmacSession = (*target < HMAC_SESSION_FIRST) || (*target > HMAC_SESSION_LAST); BOOL isNotPolicySession = (*target < POLICY_SESSION_FIRST) || (*target > POLICY_SESSION_LAST); BOOL isNotTransient = (*target < TRANSIENT_FIRST) || (*target > TRANSIENT_LAST); if (isNotHmacSession && isNotPolicySession && isNotTransient) { rc = TPM_RC_VALUE; } } return rc; } /* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type */ TPM_RC TPMI_RH_HIERARCHY_Unmarshal(TPMI_RH_HIERARCHY *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: break; case TPM_RH_NULL: if (allowNull) { break; } default: rc = TPM_RC_VALUE; } } return rc; } /* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */ TPM_RC TPMI_RH_ENABLES_Unmarshal(TPMI_RH_ENABLES *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: case TPM_RH_PLATFORM_NV: break; case TPM_RH_NULL: if (allowNull) { break; } default: rc = TPM_RC_VALUE; } } return rc; } /* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type */ TPM_RC TPMI_RH_HIERARCHY_AUTH_Unmarshal(TPMI_RH_HIERARCHY_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: case TPM_RH_ENDORSEMENT: case TPM_RH_LOCKOUT: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type */ TPM_RC TPMI_RH_PLATFORM_Unmarshal(TPMI_RH_PLATFORM *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_PLATFORM: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type */ TPM_RC TPMI_RH_ENDORSEMENT_Unmarshal(TPMI_RH_ENDORSEMENT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_ENDORSEMENT: break; case TPM_RH_NULL: if (allowNull) { break; } default: rc = TPM_RC_VALUE; } } return rc; } /* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type */ TPM_RC TPMI_RH_PROVISION_Unmarshal(TPMI_RH_PROVISION *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type */ TPM_RC TPMI_RH_CLEAR_Unmarshal(TPMI_RH_CLEAR *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_LOCKOUT: case TPM_RH_PLATFORM: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type */ TPM_RC TPMI_RH_NV_AUTH_Unmarshal(TPMI_RH_NV_AUTH *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_OWNER: case TPM_RH_PLATFORM: break; default: { BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); if (isNotNv) { rc = TPM_RC_VALUE; } } } } return rc; } /* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type */ TPM_RC TPMI_RH_LOCKOUT_Unmarshal(TPMI_RH_LOCKOUT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_RH_LOCKOUT: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 58 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type */ TPM_RC TPMI_RH_NV_INDEX_Unmarshal(TPMI_RH_NV_INDEX *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; allowNull = allowNull; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { BOOL isNotNv = (*target < NV_INDEX_FIRST) || (*target > NV_INDEX_LAST); if (isNotNv) { rc = TPM_RC_VALUE; } } return rc; } /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ TPM_RC TPMI_ALG_HASH_Unmarshal(TPMI_ALG_HASH *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_SHA1 case TPM_ALG_SHA1: #endif #ifdef TPM_ALG_SHA256 case TPM_ALG_SHA256: #endif #ifdef TPM_ALG_SHA384 case TPM_ALG_SHA384: #endif #ifdef TPM_ALG_SHA512 case TPM_ALG_SHA512: #endif #ifdef TPM_ALG_SM3_256 case TPM_ALG_SM3_256: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_HASH; } } return rc; } /* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */ TPM_RC TPMI_ALG_SYM_Unmarshal(TPMI_ALG_SYM *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_AES case TPM_ALG_AES: #endif #ifdef TPM_ALG_SM4 case TPM_ALG_SM4: #endif #ifdef TPM_ALG_CAMELLIA case TPM_ALG_CAMELLIA: #endif #ifdef TPM_ALG_XOR case TPM_ALG_XOR: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_SYMMETRIC; } } return rc; } /* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ TPM_RC TPMI_ALG_SYM_OBJECT_Unmarshal(TPMI_ALG_SYM_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_AES case TPM_ALG_AES: #endif #ifdef TPM_ALG_SM4 case TPM_ALG_SM4: #endif #ifdef TPM_ALG_CAMELLIA case TPM_ALG_CAMELLIA: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_SYMMETRIC; } } return rc; } /* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */ TPM_RC TPMI_ALG_SYM_MODE_Unmarshal(TPMI_ALG_SYM_MODE *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_CTR case TPM_ALG_CTR: #endif #ifdef TPM_ALG_OFB case TPM_ALG_OFB: #endif #ifdef TPM_ALG_CBC case TPM_ALG_CBC: #endif #ifdef TPM_ALG_CFB case TPM_ALG_CFB: #endif #ifdef TPM_ALG_ECB case TPM_ALG_ECB: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_MODE; } } return rc; } /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ TPM_RC TPMI_ALG_KDF_Unmarshal(TPMI_ALG_KDF *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_MGF1 case TPM_ALG_MGF1: #endif #ifdef TPM_ALG_KDF1_SP800_56A case TPM_ALG_KDF1_SP800_56A: #endif #ifdef TPM_ALG_KDF2 case TPM_ALG_KDF2: #endif #ifdef TPM_ALG_KDF1_SP800_108 case TPM_ALG_KDF1_SP800_108: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_KDF; } } return rc; } /* Table 65 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */ TPM_RC TPMI_ALG_SIG_SCHEME_Unmarshal(TPMI_ALG_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: #endif #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_SCHEME; } } return rc; } /* Table 66 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */ TPM_RC TPMI_ECC_KEY_EXCHANGE_Unmarshal(TPMI_ECC_KEY_EXCHANGE *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_ECDH case TPM_ALG_ECDH: #endif #ifdef TPM_ALG_ECMQV case TPM_ALG_ECMQV: #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_SCHEME; } } return rc; } /* Table 67 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */ TPM_RC TPMI_ST_COMMAND_TAG_Unmarshal(TPMI_ST_COMMAND_TAG *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ST_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_ST_NO_SESSIONS: case TPM_ST_SESSIONS: break; default: rc = TPM_RC_BAD_TAG; } } return rc; } /* Table 68 - Definition of TPMS_EMPTY Structure */ TPM_RC TPMS_EMPTY_Unmarshal(TPMS_EMPTY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; target = target; buffer = buffer; size = size; return rc; } /* Table 70 - Definition of TPMU_HA Union */ TPM_RC TPMU_HA_Unmarshal(TPMU_HA *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_SHA1 case TPM_ALG_SHA1: rc = Array_Unmarshal(target->sha1, SHA1_DIGEST_SIZE, buffer, size); break; #endif #ifdef TPM_ALG_SHA256 case TPM_ALG_SHA256: rc = Array_Unmarshal(target->sha256, SHA256_DIGEST_SIZE, buffer, size); break; #endif #ifdef TPM_ALG_SHA384 case TPM_ALG_SHA384: rc = Array_Unmarshal(target->sha384, SHA384_DIGEST_SIZE, buffer, size); break; #endif #ifdef TPM_ALG_SHA512 case TPM_ALG_SHA512: rc = Array_Unmarshal(target->sha512, SHA512_DIGEST_SIZE, buffer, size); break; #endif #ifdef TPM_ALG_SM3_256 case TPM_ALG_SM3_256: rc = Array_Unmarshal(target->sm3_256, SM3_256_DIGEST_SIZE, buffer, size); break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 71 - Definition of TPMT_HA Structure */ TPM_RC TPMT_HA_Unmarshal(TPMT_HA *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_HA_Unmarshal(&target->digest, buffer, size, target->hashAlg); } return rc; } /* Table 72 - Definition of TPM2B_DIGEST Structure */ TPM_RC TPM2B_DIGEST_Unmarshal(TPM2B_DIGEST *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(TPMU_HA), buffer, size); } return rc; } /* Table 73 - Definition of TPM2B_DATA Structure */ TPM_RC TPM2B_DATA_Unmarshal(TPM2B_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(TPMT_HA), buffer, size); } return rc; } /* Table 74 - Definition of Types for TPM2B_NONCE */ TPM_RC TPM2B_NONCE_Unmarshal(TPM2B_NONCE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(target, buffer, size); } return rc; } /* Table 75 - Definition of Types for TPM2B_AUTH */ TPM_RC TPM2B_AUTH_Unmarshal(TPM2B_AUTH *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(target, buffer, size); } return rc; } /* Table 76 - Definition of Types for TPM2B_OPERAND */ TPM_RC TPM2B_OPERAND_Unmarshal(TPM2B_OPERAND *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(target, buffer, size); } return rc; } /* Table 77 - Definition of TPM2B_EVENT Structure */ TPM_RC TPM2B_EVENT_Unmarshal(TPM2B_EVENT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(EVENT_2B) - sizeof(UINT16), buffer, size); } return rc; } /* Table 78 - Definition of TPM2B_MAX_BUFFER Structure */ TPM_RC TPM2B_MAX_BUFFER_Unmarshal(TPM2B_MAX_BUFFER *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_DIGEST_BUFFER, buffer, size); } return rc; } /* Table 79 - Definition of TPM2B_MAX_NV_BUFFER Structure */ TPM_RC TPM2B_MAX_NV_BUFFER_Unmarshal(TPM2B_MAX_NV_BUFFER *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_NV_BUFFER_SIZE, buffer, size); } return rc; } /* Table 80 - Definition of TPM2B_TIMEOUT Structure */ TPM_RC TPM2B_TIMEOUT_Unmarshal(TPM2B_TIMEOUT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(target, buffer, size); } return rc; } /* Table 81 - Definition of TPM2B_IV Structure */ TPM_RC TPM2B_IV_Unmarshal(TPM2B_IV *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_SYM_BLOCK_SIZE, buffer, size); } return rc; } /* Table 83 - Definition of TPM2B_NAME Structure */ TPM_RC TPM2B_NAME_Unmarshal(TPM2B_NAME *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(TPMU_NAME), buffer, size); } return rc; } /* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ TPM_RC TPMS_PCR_SELECTION_Unmarshal(TPMS_PCR_SELECTION *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hash, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = UINT8_Unmarshal(&target->sizeofSelect, buffer, size); } if (rc == TPM_RC_SUCCESS) { if ((target->sizeofSelect < PCR_SELECT_MIN) || (target->sizeofSelect > PCR_SELECT_MAX)) { rc = TPM_RC_VALUE; } } if (rc == TPM_RC_SUCCESS) { rc = Array_Unmarshal(target->pcrSelect, target->sizeofSelect, buffer, size); } return rc; } /* Table 88 - Definition of TPMT_TK_CREATION Structure */ TPM_RC TPMT_TK_CREATION_Unmarshal(TPMT_TK_CREATION *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ST_Unmarshal(&target->tag, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->tag != TPM_ST_CREATION) { rc = TPM_RC_TAG; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->digest, buffer, size); } return rc; } /* Table 89 - Definition of TPMT_TK_VERIFIED Structure */ TPM_RC TPMT_TK_VERIFIED_Unmarshal(TPMT_TK_VERIFIED *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ST_Unmarshal(&target->tag, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->tag != TPM_ST_VERIFIED) { rc = TPM_RC_TAG; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->digest, buffer, size); } return rc; } /* Table 90 - Definition of TPMT_TK_AUTH Structure */ TPM_RC TPMT_TK_AUTH_Unmarshal(TPMT_TK_AUTH *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ST_Unmarshal(&target->tag, buffer, size); } if (rc == TPM_RC_SUCCESS) { if ((target->tag != TPM_ST_AUTH_SIGNED) && (target->tag != TPM_ST_AUTH_SECRET)) { rc = TPM_RC_TAG; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->digest, buffer, size); } return rc; } /* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */ TPM_RC TPMT_TK_HASHCHECK_Unmarshal(TPMT_TK_HASHCHECK *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ST_Unmarshal(&target->tag, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->tag != TPM_ST_HASHCHECK) { rc = TPM_RC_TAG; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->digest, buffer, size); } return rc; } /* Table 92 - Definition of TPMS_ALG_PROPERTY Structure */ TPM_RC TPMS_ALG_PROPERTY_Unmarshal(TPMS_ALG_PROPERTY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(&target->alg, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMA_ALGORITHM_Unmarshal(&target->algProperties, buffer, size); } return rc; } /* Table 93 - Definition of TPMS_TAGGED_PROPERTY Structure */ TPM_RC TPMS_TAGGED_PROPERTY_Unmarshal(TPMS_TAGGED_PROPERTY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_PT_Unmarshal(&target->property, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->value, buffer, size); } return rc; } /* Table 94 - Definition of TPMS_TAGGED_PCR_SELECT Structure */ TPM_RC TPMS_TAGGED_PCR_SELECT_Unmarshal(TPMS_TAGGED_PCR_SELECT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_PT_PCR_Unmarshal(&target->tag, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT8_Unmarshal(&target->sizeofSelect, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = Array_Unmarshal(target->pcrSelect, target->sizeofSelect, buffer, size); } return rc; } /* Table 95 - Definition of TPML_CC Structure */ TPM_RC TPML_CC_Unmarshal(TPML_CC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_CAP_CC) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPM_CC_Unmarshal(&target->commandCodes[i], buffer, size); } return rc; } /* Table 96 - Definition of TPML_CCA Structure */ TPM_RC TPML_CCA_Unmarshal(TPML_CCA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_CAP_CC) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPMA_CC_Unmarshal(&target->commandAttributes[i], buffer, size); } return rc; } /* Table 97 - Definition of TPML_ALG Structure */ TPM_RC TPML_ALG_Unmarshal(TPML_ALG *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_ALG_LIST_SIZE) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPM_ALG_ID_Unmarshal(&target->algorithms[i], buffer, size); } return rc; } /* Table 98 - Definition of TPML_HANDLE Structure */ TPM_RC TPML_HANDLE_Unmarshal(TPML_HANDLE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_CAP_HANDLES) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPM_HANDLE_Unmarshal(&target->handle[i], buffer, size); } return rc; } /* Table 99 - Definition of TPML_DIGEST Structure */ /* PolicyOr has a restriction of at least a count of two. This function is also used to unmarshal PCR_Read, where a count of one is permitted. */ TPM_RC TPML_DIGEST_Unmarshal(TPML_DIGEST *target, BYTE **buffer, INT32 *size, uint32_t minCount) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count < minCount) { rc = TPM_RC_SIZE; } } if (rc == TPM_RC_SUCCESS) { if (target->count > 8) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPM2B_DIGEST_Unmarshal(&target->digests[i], buffer, size); } return rc; } /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ TPM_RC TPML_DIGEST_VALUES_Unmarshal(TPML_DIGEST_VALUES *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > HASH_COUNT) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPMT_HA_Unmarshal(&target->digests[i], buffer, size, NO); } return rc; } /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ TPM_RC TPML_PCR_SELECTION_Unmarshal(TPML_PCR_SELECTION *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > HASH_COUNT) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPMS_PCR_SELECTION_Unmarshal(&target->pcrSelections[i], buffer, size); } return rc; } /* Table 103 - Definition of TPML_ALG_PROPERTY Structure */ TPM_RC TPML_ALG_PROPERTY_Unmarshal(TPML_ALG_PROPERTY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_CAP_ALGS) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPMS_ALG_PROPERTY_Unmarshal(&target->algProperties[i], buffer, size); } return rc; } /* Table 104 - Definition of TPML_TAGGED_TPM_PROPERTY Structure */ TPM_RC TPML_TAGGED_TPM_PROPERTY_Unmarshal(TPML_TAGGED_TPM_PROPERTY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_TPM_PROPERTIES) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPMS_TAGGED_PROPERTY_Unmarshal(&target->tpmProperty[i], buffer, size); } return rc; } /* Table 105 - Definition of TPML_TAGGED_PCR_PROPERTY Structure */ TPM_RC TPML_TAGGED_PCR_PROPERTY_Unmarshal(TPML_TAGGED_PCR_PROPERTY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_PCR_PROPERTIES) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPMS_TAGGED_PCR_SELECT_Unmarshal(&target->pcrProperty[i], buffer, size); } return rc; } /* Table 106 - Definition of {ECC} TPML_ECC_CURVE Structure */ TPM_RC TPML_ECC_CURVE_Unmarshal(TPML_ECC_CURVE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 i; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->count, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->count > MAX_ECC_CURVES) { rc = TPM_RC_SIZE; } } for (i = 0 ; (rc == TPM_RC_SUCCESS) && (i < target->count) ; i++) { rc = TPM_ECC_CURVE_Unmarshal(&target->eccCurves[i], buffer, size); } return rc; } /* Table 107 - Definition of TPMU_CAPABILITIES Union */ TPM_RC TPMU_CAPABILITIES_Unmarshal(TPMU_CAPABILITIES *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { case TPM_CAP_ALGS: rc = TPML_ALG_PROPERTY_Unmarshal(&target->algorithms, buffer, size); break; case TPM_CAP_HANDLES: rc = TPML_HANDLE_Unmarshal(&target->handles, buffer, size); break; case TPM_CAP_COMMANDS: rc = TPML_CCA_Unmarshal(&target->command, buffer, size); break; case TPM_CAP_PP_COMMANDS: rc = TPML_CC_Unmarshal(&target->ppCommands, buffer, size); break; case TPM_CAP_AUDIT_COMMANDS: rc = TPML_CC_Unmarshal(&target->auditCommands, buffer, size); break; case TPM_CAP_PCRS: rc = TPML_PCR_SELECTION_Unmarshal(&target->assignedPCR, buffer, size); break; case TPM_CAP_TPM_PROPERTIES: rc = TPML_TAGGED_TPM_PROPERTY_Unmarshal(&target->tpmProperties, buffer, size); break; case TPM_CAP_PCR_PROPERTIES: rc = TPML_TAGGED_PCR_PROPERTY_Unmarshal(&target->pcrProperties, buffer, size); break; case TPM_CAP_ECC_CURVES: rc = TPML_ECC_CURVE_Unmarshal(&target->eccCurves, buffer, size); break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 108 - Definition of TPMS_CAPABILITY_DATA Structure */ TPM_RC TPMS_CAPABILITY_DATA_Unmarshal(TPMS_CAPABILITY_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_CAP_Unmarshal(&target->capability, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_CAPABILITIES_Unmarshal(&target->data, buffer, size, target->capability); } return rc; } /* Table 109 - Definition of TPMS_CLOCK_INFO Structure */ TPM_RC TPMS_CLOCK_INFO_Unmarshal(TPMS_CLOCK_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->clock, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->resetCount, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->restartCount, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->safe, buffer, size); } return rc; } /* Table 110 - Definition of TPMS_TIME_INFO Structure */ TPM_RC TPMS_TIME_INFO_Unmarshal(TPMS_TIME_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->time, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMS_CLOCK_INFO_Unmarshal(&target->clockInfo, buffer, size); } return rc; } /* Table 111 - Definition of TPMS_TIME_ATTEST_INFO Structure */ TPM_RC TPMS_TIME_ATTEST_INFO_Unmarshal(TPMS_TIME_ATTEST_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_TIME_INFO_Unmarshal(&target->time, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->firmwareVersion, buffer, size); } return rc; } /* Table 112 - Definition of TPMS_CERTIFY_INFO Structure */ TPM_RC TPMS_CERTIFY_INFO_Unmarshal(TPMS_CERTIFY_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->name, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->qualifiedName, buffer, size); } return rc; } /* Table 113 - Definition of TPMS_QUOTE_INFO Structure */ TPM_RC TPMS_QUOTE_INFO_Unmarshal(TPMS_QUOTE_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->pcrSelect, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->pcrDigest, buffer, size); } return rc; } /* Table 114 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ TPM_RC TPMS_COMMAND_AUDIT_INFO_Unmarshal(TPMS_COMMAND_AUDIT_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->auditCounter, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(&target->digestAlg, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->auditDigest, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->commandDigest, buffer, size); } return rc; } /* Table 115 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ TPM_RC TPMS_SESSION_AUDIT_INFO_Unmarshal(TPMS_SESSION_AUDIT_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->exclusiveSession, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->sessionDigest, buffer, size); } return rc; } /* Table 116 - Definition of TPMS_CREATION_INFO Structure */ TPM_RC TPMS_CREATION_INFO_Unmarshal(TPMS_CREATION_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->objectName, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->creationHash, buffer, size); } return rc; } /* Table 117 - Definition of TPMS_NV_CERTIFY_INFO Structure */ TPM_RC TPMS_NV_CERTIFY_INFO_Unmarshal(TPMS_NV_CERTIFY_INFO *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->indexName, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->offset, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_NV_BUFFER_Unmarshal(&target->nvContents, buffer, size); } return rc; } /* Table 118 - Definition of (TPM_ST) TPMI_ST_ATTEST Type */ TPM_RC TPMI_ST_ATTEST_Unmarshal(TPMI_ST_ATTEST *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ST_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case TPM_ST_ATTEST_CERTIFY: case TPM_ST_ATTEST_CREATION: case TPM_ST_ATTEST_QUOTE: case TPM_ST_ATTEST_COMMAND_AUDIT: case TPM_ST_ATTEST_SESSION_AUDIT: case TPM_ST_ATTEST_TIME: case TPM_ST_ATTEST_NV: break; default: rc = TPM_RC_SELECTOR; } } return rc; } /* Table 119 - Definition of TPMU_ATTEST Union */ TPM_RC TPMU_ATTEST_Unmarshal(TPMU_ATTEST *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { case TPM_ST_ATTEST_CERTIFY: rc = TPMS_CERTIFY_INFO_Unmarshal(&target->certify, buffer, size); break; case TPM_ST_ATTEST_CREATION: rc = TPMS_CREATION_INFO_Unmarshal(&target->creation, buffer, size); break; case TPM_ST_ATTEST_QUOTE: rc = TPMS_QUOTE_INFO_Unmarshal(&target->quote, buffer, size); break; case TPM_ST_ATTEST_COMMAND_AUDIT: rc = TPMS_COMMAND_AUDIT_INFO_Unmarshal(&target->commandAudit, buffer, size); break; case TPM_ST_ATTEST_SESSION_AUDIT: rc = TPMS_SESSION_AUDIT_INFO_Unmarshal(&target->sessionAudit, buffer, size); break; case TPM_ST_ATTEST_TIME: rc = TPMS_TIME_ATTEST_INFO_Unmarshal(&target->time, buffer, size); break; case TPM_ST_ATTEST_NV: rc = TPMS_NV_CERTIFY_INFO_Unmarshal(&target->nv, buffer, size); break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 120 - Definition of TPMS_ATTEST Structure */ TPM_RC TPMS_ATTEST_Unmarshal(TPMS_ATTEST *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_GENERATED_Unmarshal(&target->magic, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ST_ATTEST_Unmarshal(&target->type, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->qualifiedSigner, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->extraData, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMS_CLOCK_INFO_Unmarshal(&target->clockInfo, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->firmwareVersion, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_ATTEST_Unmarshal(&target->attested, buffer, size, target->type); } return rc; } /* Table 121 - Definition of TPM2B_ATTEST Structure */ TPM_RC TPM2B_ATTEST_Unmarshal(TPM2B_ATTEST *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(TPMS_ATTEST), buffer, size); } return rc; } /* Table 123 - Definition of TPMS_AUTH_RESPONSE Structure */ TPM_RC TPMS_AUTH_RESPONSE_Unmarshal(TPMS_AUTH_RESPONSE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->nonce, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMA_SESSION_Unmarshal(&target->sessionAttributes, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->hmac, buffer, size); } return rc; } /* Table 124 - Definition of {!ALG.S} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ #ifdef TPM_ALG_AES TPM_RC TPMI_AES_KEY_BITS_Unmarshal(TPMI_AES_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case 128: case 256: break; default: rc = TPM_RC_VALUE; } } return rc; } #endif #ifdef TPM_ALG_CAMELLIA TPM_RC TPMI_CAMELLIA_KEY_BITS_Unmarshal(TPMI_CAMELLIA_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case 128: break; default: rc = TPM_RC_VALUE; } } return rc; } #endif #ifdef TPM_ALG_SM4 TPM_RC TPMI_SM4_KEY_BITS_Unmarshal(TPMI_SM4_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case 128: break; default: rc = TPM_RC_VALUE; } } return rc; } #endif /* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */ TPM_RC TPMU_SYM_KEY_BITS_Unmarshal(TPMU_SYM_KEY_BITS *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_AES case TPM_ALG_AES: rc = TPMI_AES_KEY_BITS_Unmarshal(&target->aes, buffer, size); break; #endif #ifdef TPM_ALG_SM4 case TPM_ALG_SM4: rc = TPMI_SM4_KEY_BITS_Unmarshal(&target->sm4, buffer, size); break; #endif #ifdef TPM_ALG_CAMELLIA case TPM_ALG_CAMELLIA: rc = TPMI_CAMELLIA_KEY_BITS_Unmarshal(&target->camellia, buffer, size); break; #endif #ifdef TPM_ALG_XOR case TPM_ALG_XOR: rc = TPMI_ALG_HASH_Unmarshal(&target->xorr, buffer, size, NO); break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 126 - Definition of TPMU_SYM_MODE Union */ TPM_RC TPMU_SYM_MODE_Unmarshal(TPMU_SYM_MODE *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_AES case TPM_ALG_AES: rc = TPMI_ALG_SYM_MODE_Unmarshal(&target->aes, buffer, size, YES); break; #endif #ifdef TPM_ALG_SM4 case TPM_ALG_SM4: rc = TPMI_ALG_SYM_MODE_Unmarshal(&target->sm4, buffer, size, YES); break; #endif #ifdef TPM_ALG_CAMELLIA case TPM_ALG_CAMELLIA: rc = TPMI_ALG_SYM_MODE_Unmarshal(&target->camellia, buffer, size, YES); break; #endif case TPM_ALG_XOR: case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 128 - Definition of TPMT_SYM_DEF Structure */ TPM_RC TPMT_SYM_DEF_Unmarshal(TPMT_SYM_DEF *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_SYM_Unmarshal(&target->algorithm, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SYM_KEY_BITS_Unmarshal(&target->keyBits, buffer, size, target->algorithm); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SYM_MODE_Unmarshal(&target->mode, buffer, size, target->algorithm); } return rc; } /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ TPM_RC TPMT_SYM_DEF_OBJECT_Unmarshal(TPMT_SYM_DEF_OBJECT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_SYM_OBJECT_Unmarshal(&target->algorithm, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SYM_KEY_BITS_Unmarshal(&target->keyBits, buffer, size, target->algorithm); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SYM_MODE_Unmarshal(&target->mode, buffer, size, target->algorithm); } return rc; } /* Table 130 - Definition of TPM2B_SYM_KEY Structure */ TPM_RC TPM2B_SYM_KEY_Unmarshal(TPM2B_SYM_KEY *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_SYM_KEY_BYTES, buffer, size); } return rc; } /* Table 131 - Definition of TPMS_SYMCIPHER_PARMS Structure */ TPM_RC TPMS_SYMCIPHER_PARMS_Unmarshal(TPMS_SYMCIPHER_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMT_SYM_DEF_OBJECT_Unmarshal(&target->sym, buffer, size, NO); } return rc; } /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure */ TPM_RC TPM2B_SENSITIVE_DATA_Unmarshal(TPM2B_SENSITIVE_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_SYM_DATA, buffer, size); } return rc; } /* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure */ TPM_RC TPMS_SENSITIVE_CREATE_Unmarshal(TPMS_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->userAuth, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_DATA_Unmarshal(&target->data, buffer, size); } return rc; } /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE Structure */ TPM_RC TPM2B_SENSITIVE_CREATE_Unmarshal(TPM2B_SENSITIVE_CREATE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; INT32 startSize; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size == 0) { rc = TPM_RC_SIZE; } } if (rc == TPM_RC_SUCCESS) { startSize = *size; } if (rc == TPM_RC_SUCCESS) { rc = TPMS_SENSITIVE_CREATE_Unmarshal(&target->sensitive, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size != startSize - *size) { rc = TPM_RC_SIZE; } } return rc; } /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ TPM_RC TPMS_SCHEME_HASH_Unmarshal(TPMS_SCHEME_HASH *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, NO); } return rc; } /* Table 136 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ TPM_RC TPMS_SCHEME_ECDAA_Unmarshal(TPMS_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->count, buffer, size); } return rc; } /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ TPM_RC TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(TPMI_ALG_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: #endif #ifdef TPM_ALG_XOR case TPM_ALG_XOR: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_VALUE; } } return rc; } /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ TPM_RC TPMS_SCHEME_HMAC_Unmarshal(TPMS_SCHEME_HMAC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 139 - Definition of TPMS_SCHEME_XOR Structure */ TPM_RC TPMS_SCHEME_XOR_Unmarshal(TPMS_SCHEME_XOR *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_KDF_Unmarshal(&target->kdf, buffer, size, YES); } return rc; } /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ TPM_RC TPMU_SCHEME_KEYEDHASH_Unmarshal(TPMU_SCHEME_KEYEDHASH *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: rc = TPMS_SCHEME_HMAC_Unmarshal(&target->hmac, buffer, size); break; #endif #ifdef TPM_ALG_XOR case TPM_ALG_XOR: rc = TPMS_SCHEME_XOR_Unmarshal(&target->xorr, buffer, size); break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ TPM_RC TPMT_KEYEDHASH_SCHEME_Unmarshal(TPMT_KEYEDHASH_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_KEYEDHASH_SCHEME_Unmarshal(&target->scheme, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SCHEME_KEYEDHASH_Unmarshal(&target->details, buffer, size, target->scheme); } return rc; } /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ TPM_RC TPMS_SIG_SCHEME_RSAPSS_Unmarshal(TPMS_SIG_SCHEME_RSAPSS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ TPM_RC TPMS_SIG_SCHEME_ECDAA_Unmarshal(TPMS_SIG_SCHEME_ECDAA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_ECDAA_Unmarshal(target, buffer, size); } return rc; } /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ TPM_RC TPMS_SIG_SCHEME_ECDSA_Unmarshal(TPMS_SIG_SCHEME_ECDSA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ TPM_RC TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(TPMS_SIG_SCHEME_ECSCHNORR *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ TPM_RC TPMS_SIG_SCHEME_SM2_Unmarshal(TPMS_SIG_SCHEME_SM2 *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ TPM_RC TPMU_SIG_SCHEME_Unmarshal(TPMU_SIG_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: rc = TPMS_SIG_SCHEME_RSASSA_Unmarshal(&target->rsassa, buffer, size); break; #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: rc = TPMS_SIG_SCHEME_RSAPSS_Unmarshal(&target->rsapss, buffer, size); break; #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: rc = TPMS_SIG_SCHEME_ECDSA_Unmarshal(&target->ecdsa, buffer, size); break; #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: rc = TPMS_SIG_SCHEME_ECDAA_Unmarshal(&target->ecdaa, buffer, size); break; #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: rc = TPMS_SIG_SCHEME_SM2_Unmarshal(&target->sm2, buffer, size); break; #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: rc = TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(&target->ecSchnorr, buffer, size); break; #endif #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: rc = TPMS_SCHEME_HMAC_Unmarshal(&target->hmac, buffer, size); break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ TPM_RC TPMT_SIG_SCHEME_Unmarshal(TPMT_SIG_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_SIG_SCHEME_Unmarshal(&target->scheme, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SIG_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme); } return rc; } /* Table 146 - Definition of Types for {RSA} Encryption Schemes */ TPM_RC TPMS_ENC_SCHEME_OAEP_Unmarshal(TPMS_ENC_SCHEME_OAEP *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 146 - Definition of Types for {RSA} Encryption Schemes */ TPM_RC TPMS_ENC_SCHEME_RSAES_Unmarshal(TPMS_ENC_SCHEME_RSAES *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_EMPTY_Unmarshal(target, buffer, size); } return rc; } /* Table 147 - Definition of Types for {ECC} ECC Key Exchange */ TPM_RC TPMS_KEY_SCHEME_ECDH_Unmarshal(TPMS_KEY_SCHEME_ECDH *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 147 - Definition of Types for {ECC} ECC Key Exchange */ TPM_RC TPMS_KEY_SCHEME_ECMQV_Unmarshal(TPMS_KEY_SCHEME_ECMQV *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ TPM_RC TPMS_SCHEME_KDF1_SP800_108_Unmarshal(TPMS_SCHEME_KDF1_SP800_108 *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ TPM_RC TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(TPMS_SCHEME_KDF1_SP800_56A *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ TPM_RC TPMS_SCHEME_KDF2_Unmarshal(TPMS_SCHEME_KDF2 *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ TPM_RC TPMS_SCHEME_MGF1_Unmarshal(TPMS_SCHEME_MGF1 *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); } return rc; } /* Table 149 - Definition of TPMU_KDF_SCHEME Union */ TPM_RC TPMU_KDF_SCHEME_Unmarshal(TPMU_KDF_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_MGF1 case TPM_ALG_MGF1: rc = TPMS_SCHEME_MGF1_Unmarshal(&target->mgf1, buffer, size); break; #endif #ifdef TPM_ALG_KDF1_SP800_56A case TPM_ALG_KDF1_SP800_56A: rc = TPMS_SCHEME_KDF1_SP800_56A_Unmarshal(&target->kdf1_SP800_56a, buffer, size); break; #endif #ifdef TPM_ALG_KDF2 case TPM_ALG_KDF2: rc = TPMS_SCHEME_KDF2_Unmarshal(&target->kdf2, buffer, size); break; #endif #ifdef TPM_ALG_KDF1_SP800_108 case TPM_ALG_KDF1_SP800_108: rc = TPMS_SCHEME_KDF1_SP800_108_Unmarshal(&target->kdf1_sp800_108, buffer, size); break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 150 - Definition of TPMT_KDF_SCHEME Structure */ TPM_RC TPMT_KDF_SCHEME_Unmarshal(TPMT_KDF_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_KDF_Unmarshal(&target->scheme, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_KDF_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme); } return rc; } /* Table 151 - Definition of (TPM_ALG_ID) TPMI_ALG_ASYM_SCHEME Type <> */ #if 0 TPM_RC TPMI_ALG_ASYM_SCHEME_Unmarshal(TPMI_ALG_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_ECDH case TPM_ALG_ECDH: #endif #ifdef TPM_ALG_ECMQV case TPM_ALG_ECMQV: #endif #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: #endif #ifdef TPM_ALG_RSAES case TPM_ALG_RSAES: #endif #ifdef TPM_ALG_OAEP case TPM_ALG_OAEP: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_VALUE; } } return rc; } #endif /* Table 152 - Definition of TPMU_ASYM_SCHEME Union */ TPM_RC TPMU_ASYM_SCHEME_Unmarshal(TPMU_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_ECDH case TPM_ALG_ECDH: rc = TPMS_KEY_SCHEME_ECDH_Unmarshal(&target->ecdh, buffer, size); break; #endif #ifdef TPM_ALG_ECMQV case TPM_ALG_ECMQV: rc = TPMS_KEY_SCHEME_ECMQV_Unmarshal(&target->ecmqvh, buffer, size); break; #endif #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: rc = TPMS_SIG_SCHEME_RSASSA_Unmarshal(&target->rsassa, buffer, size); break; #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: rc = TPMS_SIG_SCHEME_RSAPSS_Unmarshal(&target->rsapss, buffer, size); break; #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: rc = TPMS_SIG_SCHEME_ECDSA_Unmarshal(&target->ecdsa, buffer, size); break; #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: rc = TPMS_SIG_SCHEME_ECDAA_Unmarshal(&target->ecdaa, buffer, size); break; #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: rc = TPMS_SIG_SCHEME_SM2_Unmarshal(&target->sm2, buffer, size); break; #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: rc = TPMS_SIG_SCHEME_ECSCHNORR_Unmarshal(&target->ecSchnorr, buffer, size); break; #endif #ifdef TPM_ALG_RSAES case TPM_ALG_RSAES: rc = TPMS_ENC_SCHEME_RSAES_Unmarshal(&target->rsaes, buffer, size); break; #endif #ifdef TPM_ALG_OAEP case TPM_ALG_OAEP: rc = TPMS_ENC_SCHEME_OAEP_Unmarshal(&target->oaep, buffer, size); break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 153 - Definition of TPMT_ASYM_SCHEME Structure <> */ #if 0 TPM_RC TPMT_ASYM_SCHEME_Unmarshal(TPMT_ASYM_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_ASYM_SCHEME_Unmarshal(&target->scheme, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_ASYM_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme); } return rc; } #endif /* Table 154 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */ TPM_RC TPMI_ALG_RSA_SCHEME_Unmarshal(TPMI_ALG_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: #endif #ifdef TPM_ALG_RSAES case TPM_ALG_RSAES: #endif #ifdef TPM_ALG_OAEP case TPM_ALG_OAEP: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_VALUE; } } return rc; } /* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ TPM_RC TPMT_RSA_SCHEME_Unmarshal(TPMT_RSA_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_RSA_SCHEME_Unmarshal(&target->scheme, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_ASYM_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme); } return rc; } /* Table 156 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */ TPM_RC TPMI_ALG_RSA_DECRYPT_Unmarshal(TPMI_ALG_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_RSAES case TPM_ALG_RSAES: #endif #ifdef TPM_ALG_OAEP case TPM_ALG_OAEP: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_VALUE; } } return rc; } /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ TPM_RC TPMT_RSA_DECRYPT_Unmarshal(TPMT_RSA_DECRYPT *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_RSA_DECRYPT_Unmarshal(&target->scheme, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_ASYM_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme); } return rc; } /* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ TPM_RC TPM2B_PUBLIC_KEY_RSA_Unmarshal(TPM2B_PUBLIC_KEY_RSA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_RSA_KEY_BYTES, buffer, size); } return rc; } /* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ TPM_RC TPMI_RSA_KEY_BITS_Unmarshal(TPMI_RSA_KEY_BITS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_KEY_BITS_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { case 1024: case 2048: break; default: rc = TPM_RC_VALUE; } } return rc; } /* Table 160 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */ TPM_RC TPM2B_PRIVATE_KEY_RSA_Unmarshal(TPM2B_PRIVATE_KEY_RSA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_RSA_KEY_BYTES/2, buffer, size); } return rc; } /* Table 161 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */ TPM_RC TPM2B_ECC_PARAMETER_Unmarshal(TPM2B_ECC_PARAMETER *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_ECC_KEY_BYTES, buffer, size); } return rc; } /* Table 162 - Definition of {ECC} TPMS_ECC_POINT Structure */ TPM_RC TPMS_ECC_POINT_Unmarshal(TPMS_ECC_POINT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->x, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->y, buffer, size); } return rc; } /* Table 163 - Definition of {ECC} TPM2B_ECC_POINT Structure */ TPM_RC TPM2B_ECC_POINT_Unmarshal(TPM2B_ECC_POINT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; INT32 startSize; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size == 0) { rc = TPM_RC_SIZE; } } if (rc == TPM_RC_SUCCESS) { startSize = *size; } if (rc == TPM_RC_SUCCESS) { rc = TPMS_ECC_POINT_Unmarshal(&target->point, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size != startSize - *size) { rc = TPM_RC_SIZE; } } return rc; } /* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */ TPM_RC TPMI_ALG_ECC_SCHEME_Unmarshal(TPMI_ALG_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: #endif #ifdef TPM_ALG_ECDH case TPM_ALG_ECDH: #endif #ifdef TPM_ALG_ECMQV case TPM_ALG_ECMQV: #endif break; case TPM_ALG_NULL: if (allowNull) { break; } default: rc = TPM_RC_SCHEME; } } return rc; } /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ TPM_RC TPMI_ECC_CURVE_Unmarshal(TPMI_ECC_CURVE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ECC_CURVE_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ECC_BN_P256 case TPM_ECC_BN_P256: #endif #ifdef TPM_ECC_NIST_P256 case TPM_ECC_NIST_P256: #endif #ifdef TPM_ECC_NIST_P384 case TPM_ECC_NIST_P384: #endif break; default: rc = TPM_RC_CURVE; } } return rc; } /* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ TPM_RC TPMT_ECC_SCHEME_Unmarshal(TPMT_ECC_SCHEME *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_ECC_SCHEME_Unmarshal(&target->scheme, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_ASYM_SCHEME_Unmarshal(&target->details, buffer, size, target->scheme); } return rc; } /* Table 167 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure */ TPM_RC TPMS_ALGORITHM_DETAIL_ECC_Unmarshal(TPMS_ALGORITHM_DETAIL_ECC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ECC_CURVE_Unmarshal(&target->curveID, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->keySize, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_KDF_SCHEME_Unmarshal(&target->kdf, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_ECC_SCHEME_Unmarshal(&target->sign, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->p, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->a, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->b, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->gX, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->gY, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->n, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->h, buffer, size); } return rc; } /* Table 168 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ TPM_RC TPMS_SIGNATURE_RSA_Unmarshal(TPMS_SIGNATURE_RSA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hash, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&target->sig, buffer, size); } return rc; } /* Table 169 - Definition of Types for {RSA} Signature */ TPM_RC TPMS_SIGNATURE_RSASSA_Unmarshal(TPMS_SIGNATURE_RSASSA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SIGNATURE_RSA_Unmarshal(target, buffer, size); } return rc; } /* Table 169 - Definition of Types for {RSA} Signature */ TPM_RC TPMS_SIGNATURE_RSAPSS_Unmarshal(TPMS_SIGNATURE_RSAPSS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SIGNATURE_RSA_Unmarshal(target, buffer, size); } return rc; } /* Table 170 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ TPM_RC TPMS_SIGNATURE_ECC_Unmarshal(TPMS_SIGNATURE_ECC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hash, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->signatureR, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->signatureS, buffer, size); } return rc; } /* Table 171 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */ TPM_RC TPMS_SIGNATURE_ECDSA_Unmarshal(TPMS_SIGNATURE_ECDSA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SIGNATURE_ECC_Unmarshal(target, buffer, size); } return rc; } TPM_RC TPMS_SIGNATURE_ECDAA_Unmarshal(TPMS_SIGNATURE_ECDAA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SIGNATURE_ECC_Unmarshal(target, buffer, size); } return rc; } TPM_RC TPMS_SIGNATURE_SM2_Unmarshal(TPMS_SIGNATURE_SM2 *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SIGNATURE_ECC_Unmarshal(target, buffer, size); } return rc; } TPM_RC TPMS_SIGNATURE_ECSCHNORR_Unmarshal(TPMS_SIGNATURE_ECSCHNORR *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMS_SIGNATURE_ECC_Unmarshal(target, buffer, size); } return rc; } /* Table 172 - Definition of TPMU_SIGNATURE Union */ TPM_RC TPMU_SIGNATURE_Unmarshal(TPMU_SIGNATURE *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: rc = TPMS_SIGNATURE_RSASSA_Unmarshal(&target->rsassa, buffer, size); break; #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: rc = TPMS_SIGNATURE_RSAPSS_Unmarshal(&target->rsapss, buffer, size); break; #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: rc = TPMS_SIGNATURE_ECDSA_Unmarshal(&target->ecdsa, buffer, size); break; #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: rc = TPMS_SIGNATURE_ECDAA_Unmarshal(&target->ecdaa, buffer, size); break; #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: rc = TPMS_SIGNATURE_SM2_Unmarshal(&target->sm2, buffer, size); break; #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: rc = TPMS_SIGNATURE_ECSCHNORR_Unmarshal(&target->ecschnorr, buffer, size); break; #endif #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: rc = TPMT_HA_Unmarshal(&target->hmac, buffer, size, NO); break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 173 - Definition of TPMT_SIGNATURE Structure */ TPM_RC TPMT_SIGNATURE_Unmarshal(TPMT_SIGNATURE *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_SIG_SCHEME_Unmarshal(&target->sigAlg, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SIGNATURE_Unmarshal(&target->signature, buffer, size, target->sigAlg); } return rc; } /* Table 175 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ TPM_RC TPM2B_ENCRYPTED_SECRET_Unmarshal(TPM2B_ENCRYPTED_SECRET *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(TPMU_ENCRYPTED_SECRET), buffer, size); } return rc; } /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ TPM_RC TPMI_ALG_PUBLIC_Unmarshal(TPMI_ALG_PUBLIC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(target, buffer, size); } if (rc == TPM_RC_SUCCESS) { switch (*target) { #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: #endif break; default: rc = TPM_RC_TYPE; } } return rc; } /* Table 177 - Definition of TPMU_PUBLIC_ID Union */ TPM_RC TPMU_PUBLIC_ID_Unmarshal(TPMU_PUBLIC_ID *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: rc = TPM2B_DIGEST_Unmarshal(&target->keyedHash, buffer, size); break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: rc = TPM2B_DIGEST_Unmarshal(&target->sym, buffer, size); break; #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: rc = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&target->rsa, buffer, size); break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: rc = TPMS_ECC_POINT_Unmarshal(&target->ecc, buffer, size); break; #endif default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ TPM_RC TPMS_KEYEDHASH_PARMS_Unmarshal(TPMS_KEYEDHASH_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMT_KEYEDHASH_SCHEME_Unmarshal(&target->scheme, buffer, size, YES); } return rc; } /* Table 179 - Definition of TPMS_ASYM_PARMS Structure <> */ #if 0 TPM_RC TPMS_ASYM_PARMS_Unmarshal(TPMS_ASYM_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMT_SYM_DEF_OBJECT_Unmarshal(&target->symmetric, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_ASYM_SCHEME_Unmarshal(&target->scheme, buffer, size, YES); } return rc; } #endif /* Table 180 - Definition of {RSA} TPMS_RSA_PARMS Structure */ TPM_RC TPMS_RSA_PARMS_Unmarshal(TPMS_RSA_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMT_SYM_DEF_OBJECT_Unmarshal(&target->symmetric, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_RSA_SCHEME_Unmarshal(&target->scheme, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RSA_KEY_BITS_Unmarshal(&target->keyBits, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->exponent, buffer, size); } return rc; } /* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure */ TPM_RC TPMS_ECC_PARMS_Unmarshal(TPMS_ECC_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMT_SYM_DEF_OBJECT_Unmarshal(&target->symmetric, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_ECC_SCHEME_Unmarshal(&target->scheme, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ECC_CURVE_Unmarshal(&target->curveID, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_KDF_SCHEME_Unmarshal(&target->kdf, buffer, size, YES); } return rc; } /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ TPM_RC TPMU_PUBLIC_PARMS_Unmarshal(TPMU_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: rc = TPMS_KEYEDHASH_PARMS_Unmarshal(&target->keyedHashDetail, buffer, size); break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: rc = TPMS_SYMCIPHER_PARMS_Unmarshal(&target->symDetail, buffer, size); break; #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: rc = TPMS_RSA_PARMS_Unmarshal(&target->rsaDetail, buffer, size); break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: rc = TPMS_ECC_PARMS_Unmarshal(&target->eccDetail, buffer, size); break; #endif default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 183 - Definition of TPMT_PUBLIC_PARMS Structure */ TPM_RC TPMT_PUBLIC_PARMS_Unmarshal(TPMT_PUBLIC_PARMS *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_PUBLIC_Unmarshal(&target->type, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_PUBLIC_PARMS_Unmarshal(&target->parameters, buffer, size, target->type); } return rc; } /* Table 184 - Definition of TPMT_PUBLIC Structure */ TPM_RC TPMT_PUBLIC_Unmarshal(TPMT_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_PUBLIC_Unmarshal(&target->type, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->nameAlg, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { rc = TPMA_OBJECT_Unmarshal(&target->objectAttributes, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->authPolicy, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_PUBLIC_PARMS_Unmarshal(&target->parameters, buffer, size, target->type); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_PUBLIC_ID_Unmarshal(&target->unique, buffer, size, target->type); } return rc; } /* Table 185 - Definition of TPM2B_PUBLIC Structure */ TPM_RC TPM2B_PUBLIC_Unmarshal(TPM2B_PUBLIC *target, BYTE **buffer, INT32 *size, BOOL allowNull) { TPM_RC rc = TPM_RC_SUCCESS; INT32 startSize; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size == 0) { rc = TPM_RC_SIZE; } } if (rc == TPM_RC_SUCCESS) { startSize = *size; } if (rc == TPM_RC_SUCCESS) { rc = TPMT_PUBLIC_Unmarshal(&target->publicArea, buffer, size, allowNull); } if (rc == TPM_RC_SUCCESS) { if (target->size != startSize - *size) { rc = TPM_RC_SIZE; } } return rc; } /* Table 192 - Definition of TPM2B_TEMPLATE Structure */ TPM_RC TPM2B_TEMPLATE_Unmarshal(TPM2B_TEMPLATE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(TPMT_PUBLIC), buffer, size); } return rc; } /* Table 186 - Definition of TPM2B_PRIVATE_VENDOR_SPECIFIC Structure<> */ #if 0 TPM_RC TPM2B_PRIVATE_VENDOR_SPECIFIC_Unmarshal(TPM2B_PRIVATE_VENDOR_SPECIFIC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, PRIVATE_VENDOR_SPECIFIC_BYTES, buffer, size); } return rc; } #endif /* Table 187 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ TPM_RC TPMU_SENSITIVE_COMPOSITE_Unmarshal(TPMU_SENSITIVE_COMPOSITE *target, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = TPM_RC_SUCCESS; switch (selector) { #ifdef TPM_ALG_RSA case TPM_ALG_RSA: rc = TPM2B_PRIVATE_KEY_RSA_Unmarshal(&target->rsa, buffer, size); break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->ecc, buffer, size); break; #endif #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: rc = TPM2B_SENSITIVE_DATA_Unmarshal(&target->bits, buffer, size); break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: rc = TPM2B_SYM_KEY_Unmarshal(&target->sym, buffer, size); break; #endif default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 188 - Definition of TPMT_SENSITIVE Structure */ TPM_RC TPMT_SENSITIVE_Unmarshal(TPMT_SENSITIVE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_PUBLIC_Unmarshal(&target->sensitiveType, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->authValue, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->seedValue, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMU_SENSITIVE_COMPOSITE_Unmarshal(&target->sensitive, buffer, size, target->sensitiveType); } return rc; } /* Table 189 - Definition of TPM2B_SENSITIVE Structure */ TPM_RC TPM2B_SENSITIVE_Unmarshal(TPM2B_SENSITIVE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; INT32 startSize; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->t.size, buffer, size); } if (target->t.size != 0) { if (rc == TPM_RC_SUCCESS) { startSize = *size; } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SENSITIVE_Unmarshal(&target->t.sensitiveArea, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->t.size != startSize - *size) { rc = TPM_RC_SIZE; } } } return rc; } /* Table 191 - Definition of TPM2B_PRIVATE Structure */ TPM_RC TPM2B_PRIVATE_Unmarshal(TPM2B_PRIVATE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(_PRIVATE), buffer, size); } return rc; } /* Table 193 - Definition of TPM2B_ID_OBJECT Structure */ TPM_RC TPM2B_ID_OBJECT_Unmarshal(TPM2B_ID_OBJECT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(_ID_OBJECT), buffer, size); } return rc; } /* Table 196 - Definition of (UINT32) TPMA_NV Bits */ TPM_RC TPMA_NV_Unmarshal(TPMA_NV *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->val, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->val & TPMA_NV_RESERVED) { rc = TPM_RC_RESERVED_BITS; } } return rc; } /* Table 197 - Definition of TPMS_NV_PUBLIC Structure */ TPM_RC TPMS_NV_PUBLIC_Unmarshal(TPMS_NV_PUBLIC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_NV_INDEX_Unmarshal(&target->nvIndex, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->nameAlg, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPMA_NV_Unmarshal(&target->attributes, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->authPolicy, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->dataSize, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->dataSize > MAX_NV_INDEX_SIZE) { rc = TPM_RC_SIZE; } } return rc; } /* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */ TPM_RC TPM2B_NV_PUBLIC_Unmarshal(TPM2B_NV_PUBLIC *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; INT32 startSize; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size == 0) { rc = TPM_RC_SIZE; } } if (rc == TPM_RC_SUCCESS) { startSize = *size; } if (rc == TPM_RC_SUCCESS) { rc = TPMS_NV_PUBLIC_Unmarshal(&target->nvPublic, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size != startSize - *size) { rc = TPM_RC_SIZE; } } return rc; } /* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure */ TPM_RC TPM2B_CONTEXT_SENSITIVE_Unmarshal(TPM2B_CONTEXT_SENSITIVE *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, MAX_CONTEXT_SIZE, buffer, size); } return rc; } /* Table 200 - Definition of TPMS_CONTEXT_DATA Structure */ TPM_RC TPMS_CONTEXT_DATA_Unmarshal(TPMS_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->integrity, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_CONTEXT_SENSITIVE_Unmarshal(&target->encrypted, buffer, size); } return rc; } /* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure */ TPM_RC TPM2B_CONTEXT_DATA_Unmarshal(TPM2B_CONTEXT_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_Unmarshal(&target->b, sizeof(TPMS_CONTEXT_DATA), buffer, size); } return rc; } /* Table 202 - Definition of TPMS_CONTEXT Structure */ TPM_RC TPMS_CONTEXT_Unmarshal(TPMS_CONTEXT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->sequence, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_DH_CONTEXT_Unmarshal(&target->savedHandle, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_CONTEXT_DATA_Unmarshal(&target->contextBlob, buffer, size); } return rc; } /* Table 204 - Definition of TPMS_CREATION_DATA Structure */ TPM_RC TPMS_CREATION_DATA_Unmarshal(TPMS_CREATION_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->pcrSelect, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->pcrDigest, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMA_LOCALITY_Unmarshal(&target->locality, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM_ALG_ID_Unmarshal(&target->parentNameAlg, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->parentName, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->parentQualifiedName, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->outsideInfo, buffer, size); } return rc; } /* Table 205 - Definition of TPM2B_CREATION_DATA Structure */ TPM_RC TPM2B_CREATION_DATA_Unmarshal(TPM2B_CREATION_DATA *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; INT32 startSize; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size == 0) { rc = TPM_RC_SIZE; } } if (rc == TPM_RC_SUCCESS) { startSize = *size; } if (rc == TPM_RC_SUCCESS) { rc = TPMS_CREATION_DATA_Unmarshal(&target->creationData, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (target->size != startSize - *size) { rc = TPM_RC_SIZE; } } return rc; } ./utils/pcrallocate.c0000644000175000017500000001674313075204375013001 0ustar lo1lo1/********************************************************************************/ /* */ /* PCR_Allocate */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: pcrallocate.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PCR_Allocate_In in; PCR_Allocate_Out out; int sha256 = FALSE; int sha1 = FALSE; const char *parentPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* at least one bank must be selected */ if (rc == 0) { if (!sha1 && !sha256) { printf("Either -sha1 or -sha256 must be specified\n"); printUsage(); } } if (rc == 0) { in.authHandle = TPM_RH_PLATFORM; in.pcrAllocation.count = 2; uint8_t sha1mask = 0x00; /* default don't select the bank */ uint8_t sha256mask = 0x00; if (sha1) { sha1mask = 0xff; /* select all SHA-1 PCRs */ } if (sha256) { sha256mask = 0xff; /* select all SHA-256 PCRs */ } /* SHA-1 bank */ in.pcrAllocation.pcrSelections[0].hash = TPM_ALG_SHA1; in.pcrAllocation.pcrSelections[0].sizeofSelect = 3; in.pcrAllocation.pcrSelections[0].pcrSelect[0] = sha1mask; in.pcrAllocation.pcrSelections[0].pcrSelect[1] = sha1mask; in.pcrAllocation.pcrSelections[0].pcrSelect[2] = sha1mask; /* SHA-256 bank */ in.pcrAllocation.pcrSelections[1].hash = TPM_ALG_SHA256; in.pcrAllocation.pcrSelections[1].sizeofSelect = 3; in.pcrAllocation.pcrSelections[1].pcrSelect[0] = sha256mask; in.pcrAllocation.pcrSelections[1].pcrSelect[1] = sha256mask; in.pcrAllocation.pcrSelections[1].pcrSelect[2] = sha256mask; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PCR_Allocate, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("pcrallocate: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("pcrallocate: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("pcrallocate\n"); printf("\n"); printf("Runs TPM2_PCR_Allocate\n"); printf("\n"); printf("\nAllocates SHA-1 and/or SHA-256 banks for a full set of PCR 0-23. Not all\n" "TPMs support two banks\n"); printf("\n"); printf("\t[-pwdp platform hierarchy password (default empty)]\n"); printf("\t-sha1 allocate a SHA-1 bank\n"); printf("\t-sha256 allocate a SHA-256 bank\n"); exit(1); } ./utils/duplicate.c0000644000175000017500000002341513075204375012454 0ustar lo1lo1/********************************************************************************/ /* */ /* Duplicate */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: duplicate.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Duplicate_In in; Duplicate_Out out; TPMI_DH_OBJECT objectHandle = 0; TPMI_DH_OBJECT newParentHandle = TPM_RH_NULL; const char *encryptionKeyInFilename = NULL; const char *encryptionKeyOutFilename = NULL; const char *duplicateFilename = NULL; const char *outSymSeedFilename = NULL; const char *objectPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ in.symmetricAlg.algorithm = TPM_ALG_NULL; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (objectHandle == 0) { printf("Missing or bad object handle parameter -ho\n"); printUsage(); } if ((in.symmetricAlg.algorithm == TPM_ALG_NULL) && (encryptionKeyInFilename != NULL)) { printf("-ik needs -salg\n"); printUsage(); } if ((in.symmetricAlg.algorithm != TPM_ALG_NULL) && (encryptionKeyInFilename == NULL)) { printf("-salg needs -ik\n"); printUsage(); } if (rc == 0) { in.objectHandle = objectHandle; in.newParentHandle = newParentHandle; } /* optional symmetric encryption key */ if (encryptionKeyInFilename != NULL) { rc = TSS_File_Read2B(&in.encryptionKeyIn.b, sizeof(TPMT_HA), encryptionKeyInFilename); } else { in.encryptionKeyIn.t.size = 0; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Duplicate, sessionHandle0, objectPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (encryptionKeyOutFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.encryptionKeyOut.t.buffer, out.encryptionKeyOut.t.size, encryptionKeyOutFilename); } if ((rc == 0) && (duplicateFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.duplicate.t.buffer, out.duplicate.t.size, duplicateFilename); } if ((rc == 0) && (outSymSeedFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.outSymSeed.t.secret, out.outSymSeed.t.size, outSymSeedFilename); } if (rc == 0) { if (verbose) printf("duplicate: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("duplicate: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("Duplicate\n"); printf("\n"); printf("Runs TPM2_Duplicate\n"); printf("\n"); printf("\t-ho object handle\n"); printf("\t[-pwdo password for object (default empty)]\n"); printf("\t[-hp new parent handle (default TPM_RH_NULL)]\n"); printf("\t[-ik encryption key in file name]\n"); printf("\t[-salg symmetric algorithm (aes)(default none)]\n"); printf("\n"); printf("\t[-oek encryption key out file name (default do not save)]\n"); printf("\t[-od duplicate private area file name (default do not save)]\n"); printf("\t[-oss symmetric seed file name (default do not save)]\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/pcrread.c0000644000175000017500000002057313133162315012114 0ustar lo1lo1/********************************************************************************/ /* */ /* PCR_Read */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: pcrread.c 1043 2017-07-17 16:24:45Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printPcrRead(PCR_Read_Out *out); static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PCR_Read_In in; PCR_Read_Out out; TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; const char *datafilename = NULL; int noSpace = FALSE; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); in.pcrSelectionIn.count = 0xffffffff; /* command line argument defaults */ for (i=1 ; (i HASH_COUNT) { printf("Too many -halg specifiers, %u permitted\n", HASH_COUNT); printUsage(); } i++; if (i < argc) { if (strcmp(argv[i],"sha1") == 0) { in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA1; } else if (strcmp(argv[i],"sha256") == 0) { in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA256; } else if (strcmp(argv[i],"sha384") == 0) { in.pcrSelectionIn.pcrSelections[in.pcrSelectionIn.count-1].hash = TPM_ALG_SHA384; } else { printf("Bad parameter for -halg\n"); printUsage(); } } else { printf("-halg option needs a value\n"); printUsage(); } } else if (strcmp(argv[i], "-of") == 0) { i++; if (i < argc) { datafilename = argv[i]; } else { printf("-of option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-ns") == 0) { noSpace = TRUE; } else if (strcmp(argv[i],"-se0") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle0); } else { printf("Missing parameter for -se0\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes0); if (sessionAttributes0 > 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (pcrHandle >= IMPLEMENTATION_PCR) { printf("Missing or bad PCR handle parameter -ha\n"); printUsage(); } /* handle default hash algorithm */ if (in.pcrSelectionIn.count == 0xffffffff) { /* if none specified */ in.pcrSelectionIn.count = 1; in.pcrSelectionIn.pcrSelections[0].hash = TPM_ALG_SHA256; } if (rc == 0) { uint16_t c; /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ /* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ for (c = 0 ; c < in.pcrSelectionIn.count ; c++) { in.pcrSelectionIn.pcrSelections[c].sizeofSelect = 3; in.pcrSelectionIn.pcrSelections[c].pcrSelect[0] = 0; in.pcrSelectionIn.pcrSelections[c].pcrSelect[1] = 0; in.pcrSelectionIn.pcrSelections[c].pcrSelect[2] = 0; in.pcrSelectionIn.pcrSelections[c].pcrSelect[pcrHandle / 8] = 1 << (pcrHandle % 8); } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PCR_Read, sessionHandle0, NULL, sessionAttributes0, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* first hash algorithm, in binary */ if ((rc == 0) && (datafilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.pcrValues.digests[0].t.buffer, out.pcrValues.digests[0].t.size, datafilename); } if (rc == 0) { /* machine readable format, first hash algorithm */ if (noSpace) { /* TPM can return count 0 if the requested algorithm is not allocated */ if (out.pcrValues.count != 0) { uint32_t bp; for (bp = 0 ; bp < out.pcrValues.digests[0].t.size ; bp++) { printf("%02x", out.pcrValues.digests[0].t.buffer[bp]); } printf("\n"); } else { printf("count %u\n", out.pcrValues.count); } } /* human readable format, all hash algorithms */ else { printPcrRead(&out); if (verbose) printf("pcrread: success\n"); } } else { const char *msg; const char *submsg; const char *num; printf("pcrread: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printPcrRead(PCR_Read_Out *out) { uint32_t i; /* Table 99 - Definition of TPML_DIGEST Structure */ printf("count %u\n", out->pcrValues.count); for (i = 0 ; i < out->pcrValues.count ; i++) { TSS_PrintAll("digest", out->pcrValues.digests[i].t.buffer, out->pcrValues.digests[i].t.size); } return; } static void printUsage(void) { printf("\n"); printf("pcrread\n"); printf("\n"); printf("Runs TPM2_PCR_Read\n"); printf("\n"); printf("\t-ha pcr handle\n"); printf("\t-halg (sha1, sha256, sha384) (default sha256)\n"); printf("\t\t-halg may be specified more than once\n"); printf("\t[-of data file for first algorithm specified, in binary]\n"); printf("\t\t(default do not save)\n"); printf("\t[-ns no space, no text, no newlines, first algorithm]\n"); printf("\t\tUsed for scripting policy construction\n"); printf("\t-se0 session handle / attributes\n"); printf("\t\t01 continue\n"); printf("\t\t80 audit\n"); exit(1); } ./utils/policies/0000751000175000017500000000000013133212571012124 5ustar lo1lo1./utils/policies/policyccquote.txt0000644000175000017500000000002012522511134015542 0ustar lo1lo10000016c00000158./utils/policies/policycccreate-auth.txt0000644000175000017500000000003212522511134016612 0ustar lo1lo10000016c00000153 0000016b ./utils/policies/policypcr0.bin0000644000175000017500000000002412550023745014707 0ustar lo1lo1./utils/policies/sha256aaa.bin0000644000175000017500000000004012522753714014301 0ustar lo1lo14mϰ\gIS륌JțW/ ~./utils/policies/policysigned.txt0000644000175000017500000000006613040237116015363 0ustar lo1lo10000016000044234c24fc1b9de6693a62453417d2734d7538f6f ./utils/policies/sha384exthaaa.bin0000644000175000017500000000006012523170377015175 0ustar lo1lo1ap9┇F]d2[EK$%6@6DذPM./utils/policies/policyauthorize.bin0000644000175000017500000000004013040237116016045 0ustar lo1lo1FԌ~ qʞw{Su:DeKα!P./utils/policies/policytemplatehash.bin0000644000175000017500000000004013011163114016504 0ustar lo1lo1C+D7yGpK$Z~FX./utils/policies/policynvargs.txt0000644000175000017500000000001512522511134015403 0ustar lo1lo1 ./utils/policies/sha256extaaa.bin0000644000175000017500000000004012523150515015011 0ustar lo1lo1w$ĶE_Qbf+AۚJI./utils/policies/policytemplate.bin0000644000175000017500000000004013011163114015640 0ustar lo1lo1dڑ6((Sت}E%Xh-"./utils/policies/policyccsign-auth.bin0000644000175000017500000000004012522511134016237 0ustar lo1lo1~ DKL(KSL./utils/policies/policyccquote.bin0000644000175000017500000000004012522511134015475 0ustar lo1lo19h#<>>'HjN0L'./utils/policies/policyccsign-auth.txt0000644000175000017500000000003212522511134016307 0ustar lo1lo10000016c0000015d 0000016b ./utils/policies/sha1exthaaa.bin0000644000175000017500000000002412523170377015017 0ustar lo1lo1S?!U>#./utils/policies/policyauthorize.txt0000644000175000017500000000006613040237116016124 0ustar lo1lo10000016a00044234c24fc1b9de6693a62453417d2734d7538f6f ./utils/policies/policycountertimer.bin0000644000175000017500000000002412522511134016554 0ustar lo1lo1愁'U9hc!ȓP%ݪ&B./utils/policies/policywrittenset.bin0000644000175000017500000000002412522511134016244 0ustar lo1lo10sH_e" ./utils/policies/policywrittenset.txt0000644000175000017500000000001312522511134016311 0ustar lo1lo10000018f01 ./utils/policies/sha1extaaa0.bin0000644000175000017500000000002412522753714014730 0ustar lo1lo1GysqT-G./utils/policies/policycccertify.txt0000644000175000017500000000002113055362236016064 0ustar lo1lo10000016c00000148 ./utils/policies/policycphashhash.txt0000644000175000017500000000001112522511134016211 0ustar lo1lo10@ ./utils/policies/policypcr0.txt0000644000175000017500000000005012522511134014746 0ustar lo1lo10000000000000000000000000000000000000000./utils/policies/policycphashhash.bin0000644000175000017500000000002412522511134016146 0ustar lo1lo1 gX./utils/policies/rsapubkey.pem0000644000175000017500000000070312743723476014661 0ustar lo1lo1-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukO2Z2rjxNm7EWi82TpW hXmJo5fPf2enN4KzF35qVM4KjYdpVODWQ377Lq3edqriP1Ji2dUvqoUHNrkfwSOH EHHKWXO++if4o+kI5YdC1MzwXMVHI2Yrn7fAteGArM7Ox9GRcdzmicw38HMWWGtM OBUkaLZnO7rJW1VPQQw1IG9d+hFepXfrNl75zz2S2mceWecFRGBFE8DPW+zMQIMm qFtt9g9+LIw0b1fn13DsMW7JX3J126ZwgTH6BEmSIY04xz2Tz0Z0+GNb+mwDypP9 1o0l0ITkETMsfabpGgEfC2x+67lQJR986MyLZ+WDK+3LeT2b4mA2bxpRa6yDrEv/ gQIDAQAB -----END PUBLIC KEY----- ./utils/policies/policysecretp.txt0000644000175000017500000000002212522511134015546 0ustar lo1lo1000001514000000C ./utils/policies/policyccundefinespacespecial-auth.bin0000644000175000017500000000004012531160651021455 0ustar lo1lo1|ʲ%a=e/|Dk./utils/policies/sha384extaaa.bin0000644000175000017500000000006012523150515015015 0ustar lo1lo1_uNI5N*囏V ;`i2Y./utils/policies/policypcr.txt0000644000175000017500000000013512743723476014715 0ustar lo1lo10000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13 ./utils/policies/policypcr16aaasha256.txt0000644000175000017500000000010112545310010016421 0ustar lo1lo1c2119764d11613bf07b7e204c35f93732b4ae336b4354ebc16e8d0c3963ebebb ./utils/policies/policycccertify.bin0000644000175000017500000000004013055362236016016 0ustar lo1lo1:X?yDx[z3%Ԛ!QXP./utils/policies/policyccduplicate.txt0000644000175000017500000000002112523217323016364 0ustar lo1lo10000016c0000014b ./utils/policies/aaa0000644000175000017500000000000312522677723012605 0ustar lo1lo1aaa./utils/policies/policyor.bin0000644000175000017500000000004012522511134014452 0ustar lo1lo1k:W*9`9M{8VWsa)./utils/policies/rsaprivkey.pem0000644000175000017500000000334612743723476015061 0ustar lo1lo1-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,2530131EB712F2DC51A71D0DEB7BFB49 L9oEHVuNLTSmh3KQShMi20qZXgWG1KxpHelQxp1sq7AAMXDDkysT5mRksNv/TfVc pD31VlKWTWsoN1tYv6slg2b39EKyo8nLy4h0qQXzsu8TE/tEpd/1ROqnDEZBemfU 5dJf2OwSYe80qTlgJWVp0Hl15iiKZgq4ADyvWWL4arjyEoZT1bSAOOC9HOHxQAng dRl1jM63k5t9VF/PlQVcA4BTWkRahL+6sPswtkxHT1bZtgqo2Y0qnsH9vxln+RT0 L2AX0mFYvtm0dHTbsNaixfXSQEiCVQC+jrFvxdAi1Bzcqm4GKsfMduTkkYqb962t vnBvme7FF81Eu1+5x45krFpIRAIIlYCL5lliEDQDVVbsc26E9uLczU852FQ2aRlW XV2U3F+jorlA86Fi3bYcWH8zCrjzOnuaqMQA3S5fHPxN5RzLDV4hTPOmlVJT4xDk d3hnuTZm7TNhWQ8e7CR/6eEQ+QN6+7cU8hpFbMoclsbBNLa+8WI81mPVwgZtKXuo 4+5wTbJalk5AjiKJhoH6pWT6CynTWjs4N5faiQ/u2lp9yESI265hcB8grjz3Bzts 3feKCbh+uMDA03u6whxkH7roDlBYCwf1OFgbLFXUeefUXnsQwnytmigZ1K9jXcx3 n/rONzdj4Juh9R55L/bjNCun7scQwr1ksV6NH1LIbIl87yhQJ3zvh6+jDEbvuV/o CVlCyHiyL2tGvAMGoVUko6xj+b2KM47fTA/BBvoB6d12aICasYqrF5Kl0o2MApI+ c116mFS0K+LQ1XddmRNyR0ACswAxN7fy/TuLdbS3N8w47E+5xQ8dbB+qJhuz60jY RoUZzYUVf1LNoleShMoB/tEgichf6LZ4yVRO2L0LaFCgFlPsmfvtQ0o4BhgrvmLu sRy/iZuENaXKwJ8KInWqJNH4yBWOD9gRo1vva719P261h1IoHvclehLXOs81TBZk 7uRr2eFH8LXEYuJpa97Dkx4ZmbMBDbxTQGEV+zj/ZJWIY2Sl0Zi/TLSVig54SeUQ 8L1qQRvOUO3952ynH0YeZfuWhODnoeWXDR4AHveY5vn1DSTlKZerEpMZIjDtqHcL BZK4g+4X/yZ3Wtm3zwRhZlI0WNT7nLNGF8d/4QgUP4XydGuDGjK4mt0/5dqYvjtL y82gzwwtWiouSAWRdONEtP00IyeMb1m0xjUou/GcEWnG7GUjikJGZft2yOl7o3pZ 2EX6uY/TLN23B0sfXohyxjTRnK01X1aEnNrEOYcL7cpQ+iipaBa2PQRUtTsAzQf1 p5UWxHI/BDg8Tlbc9Vka9JmvBiAnsU+2ak4oOiivCDJUrFjTheSND11xIjJrmfX7 QhwMt+EKJ7Jr6RD3qWzW62G2BB9pdk4jVdGmEtlFupYnZSY/ZqAaJHye/NbCkeSI P1c5JEQFnOJRXRWUA2Wo5ZcBR6F1vECp8hsRm6ukBa6WppG7ybsQ5FYmpFvR9MmN d8bdlYBR2ou09xc4i+bNjMN+uaRa9T4/WLbc5tsMIcJNrVoUYilBOebuPzAze3Bv NVSgeXLgpT5How1WxoDKapn8mRlf4GwhgHjHkFVYOYkFpj5k2uW64s1XXCMuWPMz -----END RSA PRIVATE KEY----- ./utils/policies/sha384extaaa0.bin0000644000175000017500000000006012522753714015106 0ustar lo1lo1))c4r'@PDkm:s|G,9!>Ť#./utils/policies/policysecretp.bin0000644000175000017500000000004012522511134015477 0ustar lo1lo1ȱ).,٭%O?-јQah./utils/policies/bits48321601.bin0000644000175000017500000000001012522511134014401 0ustar lo1lo1./utils/policies/policyccundefinespacespecial-auth.txt0000644000175000017500000000003212531160651021525 0ustar lo1lo10000016c0000011f 0000016b ./utils/policies/policypcr16aaasha256.bin0000644000175000017500000000004012545310010016354 0ustar lo1lo1vD`ڹ6ÕۄΚy ./utils/policies/policynvnv.bin0000644000175000017500000000002412522511134015023 0ustar lo1lo1LO{f[ٜ~W*./utils/policies/policycccreate-auth.bin0000644000175000017500000000004012522511134016542 0ustar lo1lo1KP?.мkI ZT ӐD./utils/policies/sha256exthaaa.bin0000644000175000017500000000004012523170377015171 0ustar lo1lo1߁={& \Тaf۫./utils/policies/msgtpmgen.bin0000644000175000017500000000002412522511134014615 0ustar lo1lo1TCG1234567890123456./utils/policies/policysecretnvpp.txt0000644000175000017500000000011612661421506016305 0ustar lo1lo100000151000bda1cbd54bb81546c1c7630ddd409503a0d6d0305161b1588d66bc8fa17daad81 ./utils/policies/policysecretnvpf.bin0000644000175000017500000000004012661670303016221 0ustar lo1lo1VR'0ܾY  [./utils/policies/policypcr16aaasha1.bin0000644000175000017500000000002412545310010016202 0ustar lo1lo1C]Qc$./utils/policies/zero8.bin0000644000175000017500000000001012522511134013656 0ustar lo1lo1./utils/policies/sha384aaa.bin0000644000175000017500000000006012522753714014305 0ustar lo1lo1Ju6WIc2{}},z"=3ADbH|r ?6./utils/policies/policysecretnv.bin0000644000175000017500000000004012761122660015672 0ustar lo1lo1Ɠʮ 7 mAN/Ƴ./utils/policies/policycphash.bin0000644000175000017500000000002412522511134015302 0ustar lo1lo1l0|riRo./utils/policies/policyccnvchangeauth-auth.txt0000644000175000017500000000003212522511134020022 0ustar lo1lo10000016c0000013b 0000016b ./utils/policies/policytemplate.txt0000644000175000017500000000005513011163114015715 0ustar lo1lo10001000b000404720000001000100800000000000000 ./utils/policies/policysigned.bin0000644000175000017500000000004013040237116015304 0ustar lo1lo1zNvL^YeY=T./utils/policies/policyor.txt0000644000175000017500000000021012522511134014520 0ustar lo1lo100000171cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27./utils/policies/policyccsign.txt0000644000175000017500000000002012522511134015345 0ustar lo1lo10000016c0000015d./utils/policies/policysecretnv.txt0000644000175000017500000000011612761122660015745 0ustar lo1lo100000151000be0651081c2fcda306993da43d1de5b24be426e2d61907b42835469136c97681f ./utils/policies/policyccsign.bin0000644000175000017500000000004012522511134015300 0ustar lo1lo1i&';@m };wp̼Ѫ./utils/policies/sha1.bin0000644000175000017500000000000213003737052013450 0ustar lo1lo1./utils/policies/policyauthorizenv.txt0000644000175000017500000000011513003737052016466 0ustar lo1lo100000192000b5e8ebdf045819419070c7d5777bfeb61ffac4996ea4b6fbade6da42b632d4918 ./utils/policies/policyccduplicate.bin0000644000175000017500000000004012523217323016316 0ustar lo1lo1kNR,ٓV+R J./utils/policies/policyauthorizenv.bin0000644000175000017500000000004013003737052016414 0ustar lo1lo1fa{3m,v 0./utils/policies/policypcr.bin0000644000175000017500000000002412522511134014620 0ustar lo1lo13<`C4o7!v./utils/policies/policycountertimer.txt0000644000175000017500000000006112522511134016624 0ustar lo1lo10000016d7a5836fe287e11ac39ee88d3c0794916d50b73c3 ./utils/policies/policycountertimerargs.txt0000644000175000017500000000001412522511134017477 0ustar lo1lo1./utils/policies/policysecretnvpp.bin0000644000175000017500000000004012661670303016233 0ustar lo1lo1V& #include #include #include #include #include #include #include #include #include #include static void printUsage(void); static int Format_FromHexascii(unsigned char *binary, const char *string, size_t length); static int Format_ByteFromHexascii(unsigned char *byte, const char *string); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ char *prc = NULL; /* pointer return code */ const char *inFilename = NULL; const char *outFilename = NULL; int pr = FALSE; int nz = FALSE; TPMT_HA digest; uint32_t sizeInBytes; /* hash algorithm mapped to size */ uint32_t startSizeInBytes; /* starting buffer for extend */ FILE *inFile = NULL; FILE *outFile = NULL; /* command line defaults */ digest.hashAlg = TPM_ALG_SHA256; ERR_load_crypto_strings (); OpenSSL_add_all_algorithms (); for (i=1 ; (i= '0') && (c <= '9')) { *byte += c - '0'; } else if ((c >= 'a') && (c <= 'f')) { *byte += c + 10 - 'a'; } else if ((c >= 'A') && (c <= 'F')) { *byte += c + 10 - 'A'; } else { printf("Format_ByteFromHexascii: " "Error: Line has non hex ascii character: %c\n", c); rc = EXIT_FAILURE; } } return rc; } static void printUsage(void) { printf("policymaker\n"); printf("\n"); printf("[-halg hash algorithm (sha1 sha256 sha384) (default sha256)\n"); printf("[-nz do not extend starting with zeros, just hash the last line]\n"); printf("-if input policy statements in hex ascii\n"); printf("[-of] output file - policy hash in binary\n"); printf("[-pr] stdout - policy hash in hex ascii\n"); printf("\n"); exit(1); } ./utils/tssccattributes.h0000644000175000017500000000560412757135641013742 0ustar lo1lo1/********************************************************************************/ /* */ /* Command Code Attributes */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssprint.c 703 2016-07-28 17:21:46Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef TSSCCATTRIBUTES_H #define TSSCCATTRIBUTES_H #include #include "CommandAttributes.h" typedef uint16_t COMMAND_INDEX; /* From Global.h */ typedef UINT32 AUTH_ROLE; #define AUTH_NONE ((AUTH_ROLE)(0)) #define AUTH_USER ((AUTH_ROLE)(1)) #define AUTH_ADMIN ((AUTH_ROLE)(2)) #define AUTH_DUP ((AUTH_ROLE)(3)) #define UNIMPLEMENTED_COMMAND_INDEX ((COMMAND_INDEX)(~0)) COMMAND_INDEX CommandCodeToCommandIndex(TPM_CC commandCode); uint32_t getCommandHandleCount(COMMAND_INDEX index); uint32_t getresponseHandleCount(COMMAND_INDEX index); int getDecryptSize(COMMAND_INDEX commandIndex); int getEncryptSize(COMMAND_INDEX commandIndex); AUTH_ROLE getCommandAuthRole(COMMAND_INDEX commandIndex, UINT32 handleIndex); #endif ./utils/timepacket.c0000644000175000017500000001334613120276604012625 0ustar lo1lo1/********************************************************************************/ /* */ /* Time a TPM Command */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: pcrextend.c 851 2016-12-02 19:46:05Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; const char *commandFilename = NULL; unsigned char *commandBufferString = NULL; unsigned char *commandBuffer = NULL; size_t commandStringLength; size_t commandLength; unsigned int loops = 1; unsigned int count; uint8_t responseBuffer[MAX_RESPONSE_SIZE];; uint32_t responseLength; time_t startTime; time_t endTime; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #include static void printUsage(void); static void printPolicyPCR(FILE *out, uint32_t sizeInBytes, TPML_PCR_SELECTION *pcrs, TPMT_HA *digest); static int Format_FromHexascii(unsigned char *binary, const char *string, size_t length); static int Format_ByteFromHexascii(unsigned char *byte, const char *string); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ char *prc = NULL; /* pointer return code */ const char *inFilename = NULL; const char *outFilename = NULL; FILE *inFile = NULL; FILE *outFile = NULL; uint32_t sizeInBytes; /* hash algorithm mapped to size */ uint32_t pcrmask = 0xffffffff; /* pcr register mask */ TPML_PCR_SELECTION pcrs; unsigned int pcrCount = 0; TPMU_HA pcr[IMPLEMENTATION_PCR]; /* all the PCRs */ int pr = FALSE; TPMT_HA digest; uint8_t pcrBytes[IMPLEMENTATION_PCR * MAX_DIGEST_SIZE]; uint16_t pcrLength; /* command line defaults */ digest.hashAlg = TPM_ALG_SHA256; ERR_load_crypto_strings (); OpenSSL_add_all_algorithms (); for (i=1 ; (i> 0) & 0xff; pcrs.pcrSelections[0].pcrSelect[1] = (pcrmask >> 8) & 0xff; pcrs.pcrSelections[0].pcrSelect[2] = (pcrmask >> 16) & 0xff; } /* read the input file to the PCR array, assumes the PCR select bm has the correct number of bits */ /* iterate through each line */ for (pcrCount = 0 ; (rc == 0) && (pcrCount < IMPLEMENTATION_PCR) && (inFile != NULL) ; pcrCount++) { char lineString[256]; /* returned line in hex ascii */ uint32_t lineLength; if (rc == 0) { prc = fgets(lineString, sizeof(lineString), inFile); } /* no more lines, pcrCount is number of PCRs processed */ if (rc == 0) { if (prc == NULL) { break; } } if (rc == 0) { lineLength = strlen(lineString); if (lineLength == 0) { break; } if (lineString[lineLength-1] == '\n') { lineString[lineLength-1] = '0'; lineLength--; } } if (rc == 0) { if (lineLength != (sizeInBytes *2)) { printf("Line length %u is not twice digest size %u\n", lineLength, sizeInBytes); rc = -1; } } /* convert hex ascii to binary */ if ((rc == 0) && (prc != NULL)) { rc = Format_FromHexascii((uint8_t *)&pcr[pcrCount], lineString, lineLength/2); } if (rc == 0) { if (verbose) printf("PCR %u\n", pcrCount); if (verbose) TSS_PrintAll("PCR", (uint8_t *)&pcr[pcrCount], sizeInBytes); } } /* serialize PCRs */ if (rc == 0) { unsigned int pc; uint8_t *buffer = pcrBytes; INT32 size = IMPLEMENTATION_PCR * MAX_DIGEST_SIZE; pcrLength = 0; for (pc = 0 ; (rc == 0) && (pc < pcrCount) ; pc++) { rc = TSS_Array_Marshal((uint8_t *)&pcr[pc], sizeInBytes, &pcrLength, &buffer, &size); } } /* hash the marshaled PCR array */ if (rc == 0) { rc = TSS_Hash_Generate(&digest, pcrLength, pcrBytes, 0, NULL); } if (rc == 0) { if (verbose) TSS_PrintAll("PCR composite digest", (uint8_t *)&digest.digest, sizeInBytes); } if ((rc == 0) && pr) { printPolicyPCR(stdout, sizeInBytes, &pcrs, &digest); } if (outFilename != NULL) { if (rc == 0) { outFile = fopen(outFilename, "wb"); if (outFile == NULL) { printf("Error opening %s for %s, %s\n", outFilename , "W", strerror(errno)); rc = EXIT_FAILURE; } } if (rc == 0) { printPolicyPCR(outFile, sizeInBytes, &pcrs, &digest); } } if (inFile != NULL) { fclose(inFile); } if (outFile != NULL) { fclose(outFile); } if (rc != 0) { rc = EXIT_FAILURE; } return rc; } static void printPolicyPCR(FILE *out, uint32_t sizeInBytes, TPML_PCR_SELECTION *pcrs, TPMT_HA *digest) { unsigned int i; uint8_t *pcrDigest = (uint8_t *)&digest->digest; fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 24)); fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 16)); fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 8)); fprintf(out, "%02x", 0xff & (TPM_CC_PolicyPCR >> 0)); /* NOTE only handles count of 1, 1 hash algorithm */ fprintf(out, "%08x", pcrs->count); fprintf(out, "%02x", 0xff & (pcrs->pcrSelections[0].hash >> 8)); fprintf(out, "%02x", 0xff & (pcrs->pcrSelections[0].hash >> 0)); fprintf(out, "%02x", pcrs->pcrSelections[0].sizeofSelect); fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[0]); fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[1]); fprintf(out, "%02x", pcrs->pcrSelections[0].pcrSelect[2]); for (i = 0 ; i < sizeInBytes ; i++) { fprintf(out, "%02x", pcrDigest[i]); } fprintf(out, "\n"); return; } /* Format_FromHexAscii() converts 'string' in hex ascii to 'binary' of 'length' It assumes that the string has enough bytes to accommodate the length. */ static int Format_FromHexascii(unsigned char *binary, const char *string, size_t length) { int rc = 0; size_t i; for (i = 0 ; (rc == 0) && (i < length) ; i++) { rc = Format_ByteFromHexascii(binary + i, string + (i * 2)); } return rc; } /* Format_ByteFromHexAscii() converts two bytes of hex ascii to one byte of binary */ static int Format_ByteFromHexascii(unsigned char *byte, const char *string) { int rc = 0; size_t i; char c; *byte = 0; for (i = 0 ; (rc == 0) && (i < 2) ; i++) { (*byte) <<= 4; /* big endian, shift up the nibble */ c = *(string + i); /* extract the next character from the string */ if ((c >= '0') && (c <= '9')) { *byte += c - '0'; } else if ((c >= 'a') && (c <= 'f')) { *byte += c + 10 - 'a'; } else if ((c >= 'A') && (c <= 'F')) { *byte += c + 10 - 'A'; } else { printf("Format_ByteFromHexascii: " "Error: Line has non hex ascii character: %c\n", c); rc = EXIT_FAILURE; } } return rc; } static void printUsage(void) { printf("\n"); printf("policymakerpcr\n"); printf("\n"); printf("Creates a policyPCR term suitable for input to policymaker (hex ascii)\n"); printf("\n"); printf("Assumes that the byte mask and PCR values are consistent\n"); printf("\n"); printf("[-halg hash algorithm (sha1 sha256 sha384) (default sha256)]\n"); printf("-bm pcr byte mask in hex, big endian\n"); printf("\te.g. 010000 selects PCR 16\n"); printf("\te.g. ffffff selects all 24 PCRs\n"); printf("-if input file - PCR values, hex ascii, one per line, %u max\n", IMPLEMENTATION_PCR); printf("\trequired unless pcr mask is 0\n"); printf("[-of output file - policy hash in binary]\n"); printf("[-pr stdout - policy hash in hex ascii]\n"); printf("\n"); exit(1); } ./utils/tsssocket.h0000644000175000017500000000530613115776262012534 0ustar lo1lo1/********************************************************************************/ /* */ /* Socket Transmit and Receive Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tsssocket.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef TSSSOCKET_H #define TSSSOCKET_H /* This is not a public header. It should not be used by applications. */ #include #include #ifdef __cplusplus extern "C" { #endif TPM_RC TSS_Socket_TransmitPlatform(TSS_CONTEXT *tssContext, uint32_t command, const char *message); TPM_RC TSS_Socket_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message); TPM_RC TSS_Socket_Close(TSS_CONTEXT *tssContext); #ifdef __cplusplus } #endif #endif ./utils/nvwrite.c0000644000175000017500000002600213127706237012175 0ustar lo1lo1/********************************************************************************/ /* */ /* NV Write */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvwrite.c 1040 2017-07-07 13:29:03Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include "ekutils.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_Write_In in; uint16_t offset = 0; /* default 0 */ uint32_t pinPass; uint32_t pinLimit; int inData = FALSE; unsigned int dataSource = 0; const char *commandData = NULL; const char *datafilename = NULL; char hierarchyAuthChar = 0; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; uint32_t nvBufferMax; size_t writeLength; /* file bytes to write */ unsigned char *writeBuffer = NULL; /* file buffer to write */ uint16_t bytesWritten; /* bytes written so far */ int done = FALSE; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (dataSource > 1) { printf("More than one input data source (-if, -ic, -id\n"); printUsage(); } /* Authorization handle */ if (rc == 0) { if (hierarchyAuthChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyAuthChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else if (hierarchyAuthChar == 0) { in.authHandle = nvIndex; } else { printf("\n"); printUsage(); } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* data may have to be written in chunks. Read the chunk size */ if (rc == 0) { rc = readNvBufferMax(tssContext, &nvBufferMax); } /* if there is no input data source, default to 0 byte write */ if (dataSource == 0) { in.data.b.size = 0; } /* -if, file data can be written in chunks */ if (datafilename != NULL) { rc = TSS_File_ReadBinaryFile(&writeBuffer, /* freed @1 */ &writeLength, datafilename); } /* -id, for pin pass or pin fail */ if (inData) { uint32_t tmpData; in.data.b.size = sizeof(uint32_t) + sizeof(uint32_t); tmpData = htonl(pinPass); memcpy(in.data.b.buffer, &tmpData, sizeof(tmpData)); tmpData = htonl(pinLimit); memcpy(in.data.b.buffer + sizeof(tmpData), &tmpData, sizeof(tmpData)); } /* -ic, command line data must fit in one write */ if (commandData != NULL) { rc = TSS_TPM2B_StringCopy(&in.data.b, commandData, nvBufferMax); } if (rc == 0) { in.nvIndex = nvIndex; in.offset = offset; /* beginning offset */ bytesWritten = 0; } while ((rc == 0) && !done) { uint16_t writeBytes; /* bytes to write in this pass */ if (rc == 0) { /* for data from file, write a chunk */ if (datafilename != NULL) { in.offset = offset + bytesWritten; if ((uint32_t)(writeLength - bytesWritten) < nvBufferMax) { writeBytes = writeLength - bytesWritten; /* last chunk */ } else { writeBytes = nvBufferMax; /* next chunk */ } rc = TSS_TPM2B_Create(&in.data.b, writeBuffer + bytesWritten, writeBytes, MAX_NV_BUFFER_SIZE); } } /* call TSS to execute the command */ if (rc == 0) { if (verbose) printf("nvwrite: writing %u bytes\n", in.data.b.size); rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_Write, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } /* data file can be written in chunks, other options are single write */ if (rc == 0) { if (datafilename == NULL) { done = TRUE; } else { bytesWritten += writeBytes; if (bytesWritten == writeLength) { done = TRUE; } } } } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvwrite: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvwrite: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); if (rc == TSS_RC_FILE_OPEN) { printf("Possible cause: missing nvreadpublic before nvwrite\n"); } rc = EXIT_FAILURE; } free(writeBuffer); /* @1 */ return rc; } static void printUsage(void) { printf("\n"); printf("nvwrite\n"); printf("\n"); printf("Runs TPM2_NV_Write\n"); printf("\n"); printf("\t[-hia hierarchy authorization (o, p)(default index authorization)]\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdn password for NV index (default empty)\n"); printf("\t[-ic data string]\n"); printf("\t[-if data file]\n"); printf("\t[-id data values, pinPass and pinLimit (4 bytes each)]\n"); printf("\t\tif none is specified, a 0 byte write occurs\n"); printf("\t\t-id is normally used for pin pass or pin fail indexes\n"); printf("\t-off offset (default 0)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/dictionaryattackparameters.c0000644000175000017500000001621413073673132016121 0ustar lo1lo1/********************************************************************************/ /* */ /* DictionaryAttackParameters */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: dictionaryattackparameters.c 982 2017-04-13 13:00:10Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; DictionaryAttackParameters_In in; const char *password = NULL; uint32_t newMaxTries = 1; uint32_t newRecoveryTime = 10; uint32_t lockoutRecovery = 1; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (rc == 0) { in.lockHandle = TPM_RH_LOCKOUT; in.newMaxTries = newMaxTries ; in.newRecoveryTime = newRecoveryTime; in.lockoutRecovery = lockoutRecovery; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_DictionaryAttackParameters, sessionHandle0, password, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("dictionaryattackparameters: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("dictionaryattackparameters: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("dictionaryattackparameters\n"); printf("\n"); printf("Runs TPM2_DictionaryAttackParameters\n"); printf("\n"); printf("\t[-pwd lockout auth password (default empty)]\n"); printf("\t[-nmt new max tries (default 1 try)]\n"); printf("\t[-nrt new recovery time (default 10 seconds)]\n"); printf("\t[-lr lockout recovery (default 1 second)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/activatecredential.c0000644000175000017500000002213313073673132014330 0ustar lo1lo1/********************************************************************************/ /* */ /* ActivateCredential */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: activatecredential.c 982 2017-04-13 13:00:10Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ActivateCredential_In in; ActivateCredential_Out out; TPMI_DH_OBJECT activateHandle = 0; TPMI_DH_OBJECT keyHandle = 0; const char *inputCredentialFilename = NULL; const char *secretFilename = NULL; const char *outputCredentialFilename = NULL; const char *activatePassword = NULL; const char *keyPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (activateHandle == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (keyHandle == 0) { printf("Missing handle parameter -hk\n"); printUsage(); } if (inputCredentialFilename == NULL) { printf("Missing name parameter -icred\n"); printUsage(); } if (secretFilename == NULL) { printf("Missing name parameter -is\n"); printUsage(); } if (rc == 0) { in.activateHandle = activateHandle; in.keyHandle = keyHandle; } /* read the credential */ if (rc == 0) { rc = TSS_File_ReadStructure(&in.credentialBlob, (UnmarshalFunction_t)TPM2B_ID_OBJECT_Unmarshal, inputCredentialFilename); } /* read the secret */ if (rc == 0) { rc = TSS_File_ReadStructure(&in.secret, (UnmarshalFunction_t)TPM2B_ENCRYPTED_SECRET_Unmarshal, secretFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ActivateCredential, sessionHandle0, activatePassword, sessionAttributes0, sessionHandle1, keyPassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* optionally save the certInfo */ if ((rc == 0) && (outputCredentialFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.certInfo.t.buffer, out.certInfo.t.size, outputCredentialFilename); } if (rc == 0) { if (verbose) printf("activatecredential: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("activatecredential: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("activatecredential\n"); printf("\n"); printf("Runs TPM2_ActivateCredential\n"); printf("\n"); printf("\t-ha activation handle of object associated with the certificate\n"); printf("\t-hk handle of loaded decryption key\n"); printf("\t-icred input credential file name\n"); printf("\t-is secret file name\n"); printf("\n"); printf("\t[-pwda password for activation key (default empty)]\n"); printf("\t[-pwdk password for decryption key (default empty)]\n"); printf("\n"); printf("\t[-ocred output credential file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/swap.h0000644000175000017500000001311413013165404011443 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: swap.h 819 2016-11-16 23:25:56Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ // 5.10 swap.h #ifndef _SWAP_H #define _SWAP_H #include #if NO_AUTO_ALIGN == YES || LITTLE_ENDIAN_TPM == YES // The aggregation macros for machines that do not allow unaligned access or for little-endian // machines. Aggregate bytes into an UINT #define BYTE_ARRAY_TO_UINT8(b) (UINT8)((b)[0]) #define BYTE_ARRAY_TO_UINT16(b) (UINT16)( ((b)[0] << 8) \ + (b)[1]) #define BYTE_ARRAY_TO_UINT32(b) (UINT32)( ((b)[0] << 24) \ + ((b)[1] << 16) \ + ((b)[2] << 8 ) \ + (b)[3]) #define BYTE_ARRAY_TO_UINT64(b) (UINT64)( ((UINT64)(b)[0] << 56) \ + ((UINT64)(b)[1] << 48) \ + ((UINT64)(b)[2] << 40) \ + ((UINT64)(b)[3] << 32) \ + ((UINT64)(b)[4] << 24) \ + ((UINT64)(b)[5] << 16) \ + ((UINT64)(b)[6] << 8) \ + (UINT64)(b)[7]) // Disaggregate a UINT into a byte array #define UINT8_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)(i)) #define UINT16_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)((i) >> 8), \ (b)[1] = (BYTE) (i) \ ) #define UINT32_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)((i) >> 24), \ (b)[1] = (BYTE)((i) >> 16), \ (b)[2] = (BYTE)((i) >> 8), \ (b)[3] = (BYTE) (i) \ ) #define UINT64_TO_BYTE_ARRAY(i, b) ((b)[0] = (BYTE)((i) >> 56), \ (b)[1] = (BYTE)((i) >> 48), \ (b)[2] = (BYTE)((i) >> 40), \ (b)[3] = (BYTE)((i) >> 32), \ (b)[4] = (BYTE)((i) >> 24), \ (b)[5] = (BYTE)((i) >> 16), \ (b)[6] = (BYTE)((i) >> 8), \ (b)[7] = (BYTE) (i) \ ) #else // the big-endian macros for machines that allow unaligned memory access Aggregate a byte array into a UINT #define BYTE_ARRAY_TO_UINT8(b) *((UINT8 *)(b)) #define BYTE_ARRAY_TO_UINT16(b) *((UINT16 *)(b)) #define BYTE_ARRAY_TO_UINT32(b) *((UINT32 *)(b)) #define BYTE_ARRAY_TO_UINT64(b) *((UINT64 *)(b)) // Disaggregate a UINT into a byte array #define UINT8_TO_BYTE_ARRAY(i, b) (*((UINT8 *)(b)) = (i)) #define UINT16_TO_BYTE_ARRAY(i, b) (*((UINT16 *)(b)) = (i)) #define UINT32_TO_BYTE_ARRAY(i, b) (*((UINT32 *)(b)) = (i)) #define UINT64_TO_BYTE_ARRAY(i, b) (*((UINT64 *)(b)) = (i)) #endif // NO_AUTO_ALIGN == YES #endif // _SWAP_H ./utils/makecredential.c0000644000175000017500000002065713055132457013456 0ustar lo1lo1/********************************************************************************/ /* */ /* MakeCredential */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: makecredential.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; MakeCredential_In in; MakeCredential_Out out; TPMI_DH_OBJECT pubHandle = 0; const char *inputCredentialFilename = NULL; const char *nameFilename = NULL; const char *outputCredentialFilename = NULL; const char *secretFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (pubHandle == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (inputCredentialFilename == NULL) { printf("Missing name parameter -icred\n"); printUsage(); } if (nameFilename == NULL) { printf("Missing name parameter -in\n"); printUsage(); } if (rc == 0) { in.handle = pubHandle; } /* read the credential information */ if (rc == 0) { rc = TSS_File_Read2B(&in.credential.b, sizeof(TPMU_HA), inputCredentialFilename); } /* read the object Name */ if (rc == 0) { rc = TSS_File_Read2B(&in.objectName.b, sizeof(TPMU_NAME), nameFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_MakeCredential, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* optionally save the credential */ if ((rc == 0) && (outputCredentialFilename != NULL)) { rc = TSS_File_WriteStructure(&out.credentialBlob, (MarshalFunction_t)TSS_TPM2B_ID_OBJECT_Marshal, outputCredentialFilename); } /* optionally save the secret */ if ((rc == 0) && (secretFilename != NULL)) { rc = TSS_File_WriteStructure(&out.secret, (MarshalFunction_t)TSS_TPM2B_ENCRYPTED_SECRET_Marshal, secretFilename); } if (rc == 0) { if (verbose) printf("makecredential: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("makecredential: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("makecredential\n"); printf("\n"); printf("Runs TPM2_MakeCredential\n"); printf("\n"); printf("\t-ha handle of encryption key public area\n"); printf("\t-icred input credential file name\n"); printf("\t-in object name file name\n"); printf("\n"); printf("\t[-ocred output credential file name (default do not save)]\n"); printf("\t[-os secret file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle (default NULL)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/nvundefinespace.c0000644000175000017500000001613113055132457013653 0ustar lo1lo1/********************************************************************************/ /* */ /* NV Undefine Space */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvundefinespace.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_UndefineSpace_In in; char hierarchyChar = 0; TPMI_RH_NV_INDEX nvIndex = 0; const char *parentPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (hierarchyChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { in.nvIndex = nvIndex; /* the NV Index to remove from NV space */ } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_UndefineSpace, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvundefinespace: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvundefinespace: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvundefinespace\n"); printf("\n"); printf("Runs TPM2_NV_UndefineSpace\n"); printf("\n"); printf("\t-hi hierarchy (o, p)\n"); printf("\t\to owner, p platform\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdp password for hierarchy (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/readpublic.c0000644000175000017500000001725413131160440012603 0ustar lo1lo1/********************************************************************************/ /* */ /* ReadPublic */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: readpublic.c 1042 2017-07-11 14:30:56Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include "cryptoutils.h" static void printReadPublic(ReadPublic_Out *out); static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ReadPublic_In in; ReadPublic_Out out; TPMI_DH_PCR objectHandle = TPM_RH_NULL; const char *publicKeyFilename = NULL; const char *pemFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (objectHandle == TPM_RH_NULL) { printf("Missing or bad object handle parameter -ho\n"); printUsage(); } if (rc == 0) { in.objectHandle = objectHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ReadPublic, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* save the public key */ if ((rc == 0) && (publicKeyFilename != NULL)) { rc = TSS_File_WriteStructure(&out.outPublic, (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal, publicKeyFilename); } /* save the optional PEM public key */ if ((rc == 0) && (pemFilename != NULL)) { rc = convertPublicToPEM(&out.outPublic, pemFilename); } if (rc == 0) { if (verbose) printReadPublic(&out); if (verbose) printf("readpublic: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("readpublic: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printReadPublic(ReadPublic_Out *out) { TSS_PrintAll("authPolicy", out->outPublic.publicArea.authPolicy.t.buffer, out->outPublic.publicArea.authPolicy.t.size); TSS_PrintAll("name", out->name.t.name, out->name.t.size); } static void printUsage(void) { printf("\n"); printf("readpublic\n"); printf("\n"); printf("Runs TPM2_ReadPublic\n"); printf("\n"); printf("\t-ho object handle\n"); printf("\t[-opu public key file name (default do not save)]\n"); printf("\t[-opem public key PEM format file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); printf("\t\t80 audit\n"); exit(1); } ./utils/writeapp.c0000644000175000017500000003033713071006020012315 0ustar lo1lo1/********************************************************************************/ /* */ /* NV Write Application */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: writeapp.c 980 2017-04-04 21:11:44Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* Demo application, and test of "no file TSS" Create an EK Start a session, salt with EK Define an NV index, salted session Flush the session Start a session, salt with EK, bind to unwritten NV index Write NV, changes the Name, bound, salt, encrypt session Start a session, salt with EK, bind to written NV index Write NV, bound, salt, encrypt session Undefine NV index Flush EK */ #define NVINDEX 0x01000000 #define NVPWD "pwd" #include #include #include #include #include #include #include #include "ekutils.h" #include "cryptoutils.h" static TPM_RC nvReadPublic(TSS_CONTEXT *tssContext); static TPM_RC startSession(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION *sessionHandle, TPMI_DH_OBJECT tpmKey, TPMI_DH_ENTITY bind); static TPM_RC flush(TSS_CONTEXT *tssContext, TPMI_DH_CONTEXT flushHandle); static TPM_RC defineSpace(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC nvWrite(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC undefineSpace(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; TSS_CONTEXT *tssContext = NULL; int pwSession = FALSE; /* default HMAC session */ TPM_HANDLE ekKeyHandle = TPM_RH_NULL; /* primary key handle */ TPMI_SH_AUTH_SESSION sessionHandle = TPM_RH_NULL; int i; /* argc iterator */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i #include #include #include /* for endian conversion */ #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_ReadPublic_In in; NV_ReadPublic_Out out; TPMI_RH_NV_INDEX nvIndex = 0; TPMI_ALG_HASH nalg = TPM_ALG_SHA256; TPMI_ALG_HASH nameHashAlg; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (rc == 0) { in.nvIndex = nvIndex; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_ReadPublic, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* NOTE: The caller validates the result to the extent that it does not trust the NV index to be defined properly */ /* Table 197 - Definition of TPM2B_NV_PUBLIC Structure - nvPublic*/ /* Table 196 - Definition of TPMS_NV_PUBLIC Structure */ /* Table 83 - Definition of TPM2B_NAME Structure t */ /* TPMS_NV_PUBLIC hash alg vs expected */ if (rc == 0) { if (out.nvPublic.nvPublic.nameAlg != nalg) { printf("nvreadpublic: TPM2B_NV_PUBLIC hash algorithm does not match expected\n"); rc = TSS_RC_MALFORMED_NV_PUBLIC; } } /* TPM2B_NAME hash algorithm vs expected */ if (rc == 0) { uint16_t tmp16; memcpy(&tmp16, out.nvName.t.name, sizeof(uint16_t)); /* nameHashAlg = ntohs(*(TPMI_ALG_HASH *)(out.nvName.t.name)); */ nameHashAlg = ntohs(tmp16); if (nameHashAlg != nalg) { printf("nvreadpublic: TPM2B_NAME hash algorithm does not match expected\n"); rc = TSS_RC_MALFORMED_NV_PUBLIC; } } /* TPMS_NV_PUBLIC index vs expected */ if (rc == 0) { if (out.nvPublic.nvPublic.nvIndex != in.nvIndex) { printf("nvreadpublic: TPM2B_NV_PUBLIC index does not match expected\n"); rc = TSS_RC_MALFORMED_NV_PUBLIC; } } if (rc == 0) { printf("nvreadpublic: name algorithm %04x\n", out.nvPublic.nvPublic.nameAlg); printf("nvreadpublic: data size %u\n", out.nvPublic.nvPublic.dataSize); printf("nvreadpublic: attributes %08x\n", out.nvPublic.nvPublic.attributes.val); TSS_TPMA_NV_Print(out.nvPublic.nvPublic.attributes, 0); TSS_PrintAll("nvreadpublic: policy", out.nvPublic.nvPublic.authPolicy.t.buffer, out.nvPublic.nvPublic.authPolicy.t.size); TSS_PrintAll("nvreadpublic: name", out.nvName.t.name, out.nvName.t.size); if (verbose) printf("nvreadpublic: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvreadpublic: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvreadpublic\n"); printf("\n"); printf("Runs TPM2_NV_ReadPublic\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t[-nalg expected name hash algorithm (sha1, sha256, sha384) (default sha256)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); printf("\t\t80 audit\n"); exit(1); } ./utils/returncode.c0000644000175000017500000000552612771260131012651 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: returncode.c 753 2016-09-23 17:03:21Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include static void printUsage(void); int main(int argc, char *argv[]) { TPM_RC rc; const char *msg; const char *submsg; const char *num; if (argc < 2) { printf("returncode: needs argument\n"); return EXIT_FAILURE; } if (strcmp(argv[1], "-h") == 0) { printUsage(); } rc = strtoul(argv[1], NULL, 16); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); return 0; } static void printUsage(void) { printf("\n"); printf("returncode hex-number\n"); printf("\n"); printf("Returns the TPM_RC name and text for the return code\n"); printf("\n"); exit(1); } ./utils/tssresponsecode.c0000644000175000017500000005160713102710032013710 0ustar lo1lo1/********************************************************************************/ /* */ /* TPM2 Response Code Printer */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssresponsecode.c 1002 2017-05-04 20:33:30Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include /* The intended usage is: const char *msg; const char *submsg; const char *num; TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); */ /* 39.4 Response Code Details */ /* tables to map response code to text */ typedef struct { TPM_RC rc; const char *text; } RC_TABLE; static const char *TSS_ResponseCode_RcToText(const RC_TABLE *table, size_t tableSize, TPM_RC rc); static const char *TSS_ResponseCode_NumberToText(unsigned int num); const RC_TABLE ver1Table [] = { {TPM_RC_INITIALIZE, "TPM_RC_INITIALIZE - TPM not initialized by TPM2_Startup or already initialized"}, {TPM_RC_FAILURE, "TPM_RC_FAILURE - commands not being accepted because of a TPM failure"}, {TPM_RC_SEQUENCE, "TPM_RC_SEQUENCE - improper use of a sequence handle"}, {TPM_RC_PRIVATE, "TPM_RC_PRIVATE - not currently used"}, {TPM_RC_HMAC, "TPM_RC_HMAC - HMAC failure"}, {TPM_RC_DISABLED, "TPM_RC_DISABLED - the command is disabled"}, {TPM_RC_EXCLUSIVE, "TPM_RC_EXCLUSIVE - command failed because audit sequence required exclusivity"}, {TPM_RC_AUTH_TYPE, "TPM_RC_AUTH_TYPE - authorization handle is not correct for command"}, {TPM_RC_AUTH_MISSING, "TPM_RC_AUTH_MISSING - command requires an authorization session"}, {TPM_RC_POLICY, "TPM_RC_POLICY - policy failure in math operation or an invalid authPolicy value"}, {TPM_RC_PCR, "TPM_RC_PCR - PCR check fail"}, {TPM_RC_PCR_CHANGED, "TPM_RC_PCR_CHANGED - PCR have changed since checked."}, {TPM_RC_UPGRADE, "TPM_RC_UPGRADE - TPM is in field upgrade mode"}, {TPM_RC_TOO_MANY_CONTEXTS, "TPM_RC_TOO_MANY_CONTEXTS - context ID counter is at maximum."}, {TPM_RC_AUTH_UNAVAILABLE, "TPM_RC_AUTH_UNAVAILABLE - authValue or authPolicy is not available for selected entity."}, {TPM_RC_REBOOT, "TPM_RC_REBOOT - a _TPM_Init and Startup(CLEAR) is required"}, {TPM_RC_UNBALANCED, "TPM_RC_UNBALANCED - the protection algorithms (hash and symmetric) are not reasonably balanced"}, {TPM_RC_COMMAND_SIZE, "TPM_RC_COMMAND_SIZE - command commandSize value is inconsistent with contents of the command buffer"}, {TPM_RC_COMMAND_CODE, "TPM_RC_COMMAND_CODE - command code not supported"}, {TPM_RC_AUTHSIZE, "TPM_RC_AUTHSIZE - the value of authorizationSize is out of range"}, {TPM_RC_AUTH_CONTEXT, "TPM_RC_AUTH_CONTEXT - use of an authorization session with a command that cannot have an authorization session"}, {TPM_RC_NV_RANGE, "TPM_RC_NV_RANGE - NV offset+size is out of range."}, {TPM_RC_NV_SIZE, "TPM_RC_NV_SIZE - Requested allocation size is larger than allowed."}, {TPM_RC_NV_LOCKED, "TPM_RC_NV_LOCKED - NV access locked."}, {TPM_RC_NV_AUTHORIZATION, "TPM_RC_NV_AUTHORIZATION - NV access authorization fails"}, {TPM_RC_NV_UNINITIALIZED, "TPM_RC_NV_UNINITIALIZED - an NV Index is used before being initialized"}, {TPM_RC_NV_SPACE, "TPM_RC_NV_SPACE - insufficient space for NV allocation"}, {TPM_RC_NV_DEFINED, "TPM_RC_NV_DEFINED - NV Index or persistent object already defined"}, {TPM_RC_BAD_CONTEXT, "TPM_RC_BAD_CONTEXT - context in TPM2_ContextLoad() is not valid"}, {TPM_RC_CPHASH, "TPM_RC_CPHASH - cpHash value already set or not correct for use"}, {TPM_RC_PARENT, "TPM_RC_PARENT - handle for parent is not a valid parent"}, {TPM_RC_NEEDS_TEST, "TPM_RC_NEEDS_TEST - some function needs testing."}, {TPM_RC_NO_RESULT, "TPM_RC_NO_RESULT - internal function cannot process a request due to an unspecified problem."}, {TPM_RC_SENSITIVE, "TPM_RC_SENSITIVE - the sensitive area did not unmarshal correctly after decryption"}, }; /* RC_FMT1 response code to text */ const RC_TABLE fmt1Table [] = { {TPM_RC_ASYMMETRIC, "TPM_RC_ASYMMETRIC - asymmetric algorithm not supported or not correct"}, {TPM_RC_ATTRIBUTES, "TPM_RC_ATTRIBUTES - inconsistent attributes"}, {TPM_RC_HASH, "TPM_RC_HASH - hash algorithm not supported or not appropriate"}, {TPM_RC_VALUE, "TPM_RC_VALUE - value is out of range or is not correct for the context"}, {TPM_RC_HIERARCHY, "TPM_RC_HIERARCHY - hierarchy is not enabled or is not correct for the use"}, {TPM_RC_KEY_SIZE, "TPM_RC_KEY_SIZE - key size is not supported"}, {TPM_RC_MGF, "TPM_RC_MGF - mask generation function not supported"}, {TPM_RC_MODE, "TPM_RC_MODE - mode of operation not supported"}, {TPM_RC_TYPE, "TPM_RC_TYPE - the type of the value is not appropriate for the use"}, {TPM_RC_HANDLE, "TPM_RC_HANDLE - the handle is not correct for the use"}, {TPM_RC_KDF, "TPM_RC_KDF - unsupported key derivation function or function not appropriate for use"}, {TPM_RC_RANGE, "TPM_RC_RANGE - value was out of allowed range."}, {TPM_RC_AUTH_FAIL, "TPM_RC_AUTH_FAIL - the authorization HMAC check failed and DA counter incremented"}, {TPM_RC_NONCE, "TPM_RC_NONCE - invalid nonce size or nonce value mismatch"}, {TPM_RC_PP, "TPM_RC_PP - authorization requires assertion of PP"}, {TPM_RC_SCHEME, "TPM_RC_SCHEME - unsupported or incompatible scheme"}, {TPM_RC_SIZE, "TPM_RC_SIZE - structure is the wrong size"}, {TPM_RC_SYMMETRIC, "TPM_RC_SYMMETRIC - unsupported symmetric algorithm or key size, or not appropriate for instance"}, {TPM_RC_TAG, "TPM_RC_TAG - incorrect structure tag"}, {TPM_RC_SELECTOR, "TPM_RC_SELECTOR - union selector is incorrect"}, {TPM_RC_INSUFFICIENT, "TPM_RC_INSUFFICIENT - the TPM was unable to unmarshal a value because there were not enough octets in the input buffer"}, {TPM_RC_SIGNATURE, "TPM_RC_SIGNATURE - the signature is not valid"}, {TPM_RC_KEY, "TPM_RC_KEY - key fields are not compatible with the selected use"}, {TPM_RC_POLICY_FAIL, "TPM_RC_POLICY_FAIL - a policy check failed"}, {TPM_RC_INTEGRITY, "TPM_RC_INTEGRITY - integrity check failed"}, {TPM_RC_TICKET, "TPM_RC_TICKET - invalid ticket"}, {TPM_RC_RESERVED_BITS, "TPM_RC_RESERVED_BITS - reserved bits not set to zero as required"}, {TPM_RC_BAD_AUTH, "TPM_RC_BAD_AUTH - authorization failure without DA implications"}, {TPM_RC_EXPIRED, "TPM_RC_EXPIRED - the policy has expired"}, {TPM_RC_POLICY_CC, "TPM_RC_POLICY_CC - the commandCode in the policy is not the commandCode of the command"}, {TPM_RC_BINDING, "TPM_RC_BINDING - public and sensitive portions of an object are not cryptographically bound"}, {TPM_RC_CURVE, "TPM_RC_CURVE - curve not supported "}, {TPM_RC_ECC_POINT, "TPM_RC_ECC_POINT - point is not on the required curve."}, }; /* RC_WARN response code to text */ const RC_TABLE warnTable [] = { {TPM_RC_CONTEXT_GAP, "TPM_RC_CONTEXT_GAP - gap for context ID is too large"}, {TPM_RC_OBJECT_MEMORY, "TPM_RC_OBJECT_MEMORY - out of memory for object contexts"}, {TPM_RC_SESSION_MEMORY, "TPM_RC_SESSION_MEMORY - out of memory for session contexts"}, {TPM_RC_MEMORY, "TPM_RC_MEMORY - out of shared object/session memory or need space for internal operations"}, {TPM_RC_SESSION_HANDLES, "TPM_RC_SESSION_HANDLES - out of session handles - a session must be flushed before a new session may be created"}, {TPM_RC_OBJECT_HANDLES, "TPM_RC_OBJECT_HANDLES - out of object handles - the handle space for objects is depleted and a reboot is required"}, {TPM_RC_LOCALITY, "TPM_RC_LOCALITY - bad locality"}, {TPM_RC_YIELDED, "TPM_RC_YIELDED - the TPM has suspended operation on the command; forward progress was made and the command may be retried."}, {TPM_RC_CANCELED, "TPM_RC_CANCELED - the command was canceled"}, {TPM_RC_TESTING, "TPM_RC_TESTING - TPM is performing self-tests"}, {TPM_RC_REFERENCE_H0, "TPM_RC_REFERENCE_H0 - the 1st handle in the handle area references a transient object or session that is not loaded"}, {TPM_RC_REFERENCE_H1, "TPM_RC_REFERENCE_H1 - the 2nd handle in the handle area references a transient object or session that is not loaded"}, {TPM_RC_REFERENCE_H2, "TPM_RC_REFERENCE_H2 - the 3rd handle in the handle area references a transient object or session that is not loaded"}, {TPM_RC_REFERENCE_H3, "TPM_RC_REFERENCE_H3 - the 4th handle in the handle area references a transient object or session that is not loaded"}, {TPM_RC_REFERENCE_H4, "TPM_RC_REFERENCE_H4 - the 5th handle in the handle area references a transient object or session that is not loaded"}, {TPM_RC_REFERENCE_H5, "TPM_RC_REFERENCE_H5 - the 6th handle in the handle area references a transient object or session that is not loaded"}, {TPM_RC_REFERENCE_H6, "TPM_RC_REFERENCE_H6 - the 7th handle in the handle area references a transient object or session that is not loaded"}, {TPM_RC_REFERENCE_S0, "TPM_RC_REFERENCE_S0 - the 1st authorization session handle references a session that is not loaded"}, {TPM_RC_REFERENCE_S1, "TPM_RC_REFERENCE_S1 - the 2nd authorization session handle references a session that is not loaded"}, {TPM_RC_REFERENCE_S2, "TPM_RC_REFERENCE_S2 - the 3rd authorization session handle references a session that is not loaded"}, {TPM_RC_REFERENCE_S3, "TPM_RC_REFERENCE_S3 - the 4th authorization session handle references a session that is not loaded"}, {TPM_RC_REFERENCE_S4, "TPM_RC_REFERENCE_S4 - the 5th session handle references a session that is not loaded"}, {TPM_RC_REFERENCE_S5, "TPM_RC_REFERENCE_S5 - the 6th session handle references a session that is not loaded"}, {TPM_RC_REFERENCE_S6, "TPM_RC_REFERENCE_S6 - the 7th authorization session handle references a session that is not loaded"}, {TPM_RC_NV_RATE, "TPM_RC_NV_RATE - the TPM is rate-limiting accesses to prevent wearout of NV"}, {TPM_RC_LOCKOUT, "TPM_RC_LOCKOUT - authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode"}, {TPM_RC_RETRY, "TPM_RC_RETRY - the TPM was not able to start the command"}, {TPM_RC_NV_UNAVAILABLE, "the command may require writing of NV and NV is not current accessible"}, {TPM_RC_NOT_USED, "TPM_RC_NOT_USED - this value is reserved and shall not be returned by the TPM"}, }; /* parameter and handle number to text */ const char *num_table [] = { "unspecified", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15" }; /* from tsserror.h */ const RC_TABLE tssTable [] = { {TSS_RC_OUT_OF_MEMORY, "TSS_RC_OUT_OF_MEMORY - Out of memory (malloc failed)"}, {TSS_RC_ALLOC_INPUT, "TSS_RC_ALLOC_INPUT - The input to an allocation is not NULL"}, {TSS_RC_MALLOC_SIZE, "TSS_RC_MALLOC_SIZE - The malloc size is too large or zero"}, {TSS_RC_INSUFFICIENT_BUFFER, "TSS_RC_INSUFFICIENT_BUFFER - A buffer was insufficient for a copy"}, {TSS_RC_BAD_PROPERTY, "TSS_RC_BAD_PROPERTY - The property parameter is out of range"}, {TSS_RC_BAD_PROPERTY_VALUE, "TSS_RC_BAD_PROPERTY_VALUE - The property value is invalid"}, {TSS_RC_INSUPPORTED_INTERFACE, "TSS_RC_INSUPPORTED_INTERFACE - The TPM interface type is not supported"}, {TSS_RC_NO_CONNECTION, "TSS_RC_NO_CONNECTION - Failure connecting to lower layer"}, {TSS_RC_BAD_CONNECTION, "TSS_RC_BAD_CONNECTION - Failure communicating with lower layer"}, {TSS_RC_MALFORMED_RESPONSE, "TSS_RC_MALFORMED_RESPONSE - A response packet was fundamentally malformed"}, {TSS_RC_NULL_PARAMETER, "TSS_RC_NULL_PARAMETER - A required parameter was NULL"}, {TSS_RC_NOT_IMPLEMENTED, "TSS_RC_NOT_IMPLEMENTED - TSS function is not implemented"}, {TSS_RC_FILE_OPEN, "TSS_RC_FILE_OPEN - The file could not be opened"}, {TSS_RC_FILE_SEEK, "TSS_RC_FILE_SEEK - A file seek failed"}, {TSS_RC_FILE_FTELL, "TSS_RC_FILE_FTELL - A file ftell failed"}, {TSS_RC_FILE_READ, "TSS_RC_FILE_READ - A file read failed"}, {TSS_RC_FILE_CLOSE, "TSS_RC_FILE_CLOSE - A file close failed"}, {TSS_RC_FILE_WRITE, "TSS_RC_FILE_WRITE - A file write failed"}, {TSS_RC_FILE_REMOVE, "TSS_RC_FILE_REMOVE - A file remove failed"}, {TSS_RC_RNG_FAILURE, "TSS_RC_RNG_FAILURE - The random number generator failed"}, {TSS_RC_BAD_PWAP_NONCE, "TSS_RC_BAD_PWAP_NONCE - Bad PWAP response nonce"}, {TSS_RC_BAD_PWAP_ATTRIBUTES, "TSS_RC_BAD_PWAP_ATTRIBUTES - Bad PWAP response attributes"}, {TSS_RC_BAD_PWAP_HMAC, "TSS_RC_BAD_PWAP_HMAC - Bad PWAP response HMAC"}, {TSS_RC_NAME_NOT_IMPLEMENTED, "TSS_RC_NAME_NOT_IMPLEMENTED - name calculation not implemented for handle type"}, {TSS_RC_MALFORMED_NV_PUBLIC, "TSS_RC_MALFORMED_NV_PUBLIC - The NV public structure does not match the name"}, {TSS_RC_NAME_FILENAME, "TSS_RC_NAME_FILENAME - The name filename function has inconsistent arguments"}, {TSS_RC_DECRYPT_SESSIONS, "TSS_RC_DECRYPT_SESSIONS - More than one command decrypt session"}, {TSS_RC_ENCRYPT_SESSIONS, "TSS_RC_ENCRYPT_SESSIONS - More than one response encrypt session"}, {TSS_RC_NO_DECRYPT_PARAMETER, "TSS_RC_NO_DECRYPT_PARAMETER - and has no decrypt parameter"}, {TSS_RC_NO_ENCRYPT_PARAMETER, "TSS_RC_NO_ENCRYPT_PARAMETER - nse has no encrypt parameter"}, {TSS_RC_BAD_DECRYPT_ALGORITHM, "TSS_RC_BAD_DECRYPT_ALGORITHM - ion had an unimplemented decrypt symmetric algorithm"}, {TSS_RC_BAD_ENCRYPT_ALGORITHM, "TSS_RC_BAD_ENCRYPT_ALGORITHM - ion had an unimplemented encrypt symmetric algorithm"}, {TSS_RC_AES_ENCRYPT_FAILURE, "TSS_RC_AES_ENCRYPT_FAILURE - AES encryption failed"}, {TSS_RC_AES_DECRYPT_FAILURE, "TSS_RC_AES_DECRYPT_FAILURE - AES decryption failed"}, {TSS_RC_BAD_ENCRYPT_SIZE, "TSS_RC_BAD_ENCRYPT_SIZE - Parameter encryption size mismatch"}, {TSS_RC_AES_KEYGEN_FAILURE, "TSS_RC_AES_KEYGEN_FAILURE - AES key generation failed"}, {TSS_RC_BAD_SALT_KEY, "TSS_RC_BAD_SALT_KEY - Key is unsuitable for salt"}, {TSS_RC_KDFA_FAILED, "TSS_RC_KDFA_FAILED - KDFa function failed"}, {TSS_RC_HMAC, "TSS_RC_HMAC - An HMAC calculation failed"}, {TSS_RC_HMAC_SIZE, "TSS_RC_HMAC_SIZE - nse HMAC is the wrong size"}, {TSS_RC_HMAC_VERIFY, "TSS_RC_HMAC_VERIFY - MAC does not verify"}, {TSS_RC_BAD_HASH_ALGORITHM, "TSS_RC_BAD_HASH_ALGORITHM - Unimplemented hash algorithm"}, {TSS_RC_HASH, "TSS_RC_HASH - A hash calculation failed"}, {TSS_RC_RSA_KEY_CONVERT, "TSS_RC_RSA_KEY_CONVERT - RSA key conversion failed"}, {TSS_RC_RSA_PADDING, "TSS_RC_RSA_PADDING - RSA add padding failed"}, {TSS_RC_RSA_ENCRYPT, "TSS_RC_RSA_ENCRYPT - RSA public encrypt failed"}, {TSS_RC_BIGNUM, "TSS_RC_BIGNUM - NUM operation failed"}, {TSS_RC_RSA_SIGNATURE, "TSS_RC_RSA_SIGNATURE - RSA signature is bad"}, {TSS_RC_EC_SIGNATURE, "TSS_RC_EC_SIGNATURE - EC signature is bad"}, {TSS_RC_EC_KEY_CONVERT, "TSS_RC_EC_KEY_CONVERT - EC key conversion failed"}, {TSS_RC_X509_ERROR, "TSS_RC_X509_ERROR - X509 parse error"}, {TSS_RC_BAD_SIGNATURE_ALGORITHM, "TSS_RC_BAD_SIGNATURE_ALGORITHM - Unimplemented signature algorithm"}, {TSS_RC_COMMAND_UNIMPLEMENTED, "TSS_RC_COMMAND_UNIMPLEMENTED - Unimplemented command"}, {TSS_RC_IN_PARAMETER, "TSS_RC_IN_PARAMETER - Bad in parameter to TSS_Execute"}, {TSS_RC_OUT_PARAMETER, "TSS_RC_OUT_PARAMETER - Bad out parameter to TSS_Execute"}, {TSS_RC_BAD_HANDLE_NUMBER, "TSS_RC_BAD_HANDLE_NUMBER - Bad handle number for this command"}, {TSS_RC_KDFE_FAILED, "TSS_RC_KDFE_FAILED - KDFe function failed"}, {TSS_RC_EC_EPHEMERAL_FAILURE, "TSS_RC_EC_EPHEMERAL_FAILURE - Failed while making or using EC ephemeral key"}, {TSS_RC_NO_SESSION_SLOT, "TSS_RC_NO_SESSION_SLOT - TSS context has no session slot for handle"}, {TSS_RC_NO_OBJECTPUBLIC_SLOT, "TSS_RC_NO_OBJECTPUBLIC_SLOT - TSS context has no object public slot for handle"}, {TSS_RC_NO_NVPUBLIC_SLOT, "TSS_RC_NO_NVPUBLIC_SLOT -TSS context has no NV public slot for handle"} }; #define BITS1108 0xf00 #define BITS1108SHIFT 8 #define BITS1008 0x700 #define BITS1008SHIFT 8 #define BITS0600 0x07f #define BITS0500 0x03f #define BITS87 0x180 #define BIT11 0x800 #define BIT10 0x400 #define BIT7 0x080 #define BIT6 0x040 #define TSSMASK 0x00ff0000 /* 23:16 */ /* Test cases TPM 1.2 001 TPM param 1c1 TPM handle 181 TPM session 981 TSS b0001 */ /* TSS namespace starts with bit 16 */ #define TSS_RC_LEVEL_SHIFT 16 /* TSS error level name space */ #define TSS_ERROR_LEVEL (11 << TSS_RC_LEVEL_SHIFT ) /* Figure 26 - Response Code Evaluation */ void TSS_ResponseCode_toString(const char **msg, const char **submsg, const char **num, TPM_RC rc) { *submsg = ""; /* sometimes no sub-message */ *num = ""; /* sometime no number */ if (rc == 0) { *msg = "TPM_RC_SUCCESS"; } /* if TSS 11 << 16 */ else if ((rc & TSSMASK) == TSS_ERROR_LEVEL) { *msg = TSS_ResponseCode_RcToText(tssTable, sizeof(tssTable) / sizeof(RC_TABLE), rc); } /* if bits 8:7 are 00 */ else if ((rc & BITS87) == 0) { /* TPM 1.2 x000 0xxx xxxx */ *msg = "TPM 1.2 response code"; } /* if bits 8:7 are not 00 */ else { /* if bit 7 is 0 */ if ((rc & BIT7) == 0) { /* if bit 10 is 1 */ if ((rc & BIT10) != 0) { /* vendor defined x101 0xxx xxxx */ *msg = "TPM2 vendor defined response code"; } /* if bit 10 is 0 */ else { /* if bit 11 is 1 */ if ((rc & BIT11) != 0) { /* warning 1001 0xxx xxxx RC_WARN */ *msg = TSS_ResponseCode_RcToText(warnTable, sizeof(warnTable) / sizeof(RC_TABLE), rc & (BITS0600 | RC_WARN)); } /* if bit 11 is 0 */ else { /* error 0001 0xxx xxxx RC_VER1 */ *msg = TSS_ResponseCode_RcToText(ver1Table, sizeof(ver1Table) / sizeof(RC_TABLE), rc & (BITS0600 | RC_VER1)); } } } /* if bit 7 is 1 RC_FMT1 */ else { /* if bit 6 is 1 */ if ((rc & BIT6) != 0) { /* error xxxx 11xx xxxx */ *msg = TSS_ResponseCode_RcToText(fmt1Table, sizeof(fmt1Table) / sizeof(RC_TABLE), rc & (BITS0500 | RC_FMT1)); *submsg = " Parameter number "; *num = TSS_ResponseCode_NumberToText((rc & BITS1108) >> BITS1108SHIFT); } /* if bit 6 is 0 */ else { /* if bit 11 is 1 */ if ((rc & BIT11) != 0) { /* error 1xxx 10xx xxxx */ *msg = TSS_ResponseCode_RcToText(fmt1Table, sizeof(fmt1Table) / sizeof(RC_TABLE), rc & (BITS0500 | RC_FMT1)); *submsg = " Session number "; *num = TSS_ResponseCode_NumberToText((rc & BITS1008) >> BITS1008SHIFT); } /* if bit 11 is 0 */ else { /* error 0xxx 10xx xxxx */ *msg = TSS_ResponseCode_RcToText(fmt1Table, sizeof(fmt1Table) / sizeof(RC_TABLE), rc & (BITS0500 | RC_FMT1)); *submsg = " Handle number "; *num = TSS_ResponseCode_NumberToText((rc & BITS1008) >> BITS1008SHIFT); } } } } return; } static const char *TSS_ResponseCode_RcToText(const RC_TABLE *table, size_t tableSize, TPM_RC rc) { size_t i; for (i = 0 ; i < tableSize ; i++) { if (table[i].rc == rc) { return table[i].text; } } return "response code unknown"; } static const char *TSS_ResponseCode_NumberToText(unsigned int num) { if (num < (sizeof(num_table) / sizeof(const char *))) { return num_table[num]; } else { return "out of bounds"; } } ./utils/nvdefinespace.c0000644000175000017500000004140513075204375013313 0ustar lo1lo1/********************************************************************************/ /* */ /* NV Define Space */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvdefinespace.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; #define TPMA_NVA_CLEAR_STCLEAR 0x08000000 int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_DefineSpace_In in; char hierarchyChar = 0; char hierarchyAuthChar = '\0'; TPMI_ALG_HASH nalg = TPM_ALG_SHA256; unsigned int hashSize = SHA256_DIGEST_SIZE; char typeChar = 'o'; unsigned int typeCount = 0; TPMI_RH_NV_INDEX nvIndex = 0; uint16_t dataSize = 0; TPMA_NV nvAttributes; /* final attributes to command */ TPMA_NV setAttributes; /* attributes to add to defaults*/ TPMA_NV clearAttributes; /* attributes to subtract from defaults */ const char *policyFilename = NULL; const char *nvPassword = NULL; const char *parentPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* nvAttributes first accumumates attributes that are default side effects of other arguments. E.g., specifying a policy sets POLICYWRITE and POLICYREAD. After all arguments are processed, setAttributes and clearAttributes may optional fine tune the attributes. E.g., POLICYWRITE can be cleared. */ /* default values */ nvAttributes.val = 0; setAttributes.val = TPMA_NVA_NO_DA; clearAttributes.val = 0; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (typeCount > 1) { printf("-ty can only be specified once\n"); printUsage(); } /* Authorization attributes */ if (rc == 0) { if (hierarchyAuthChar == 'o') { nvAttributes.val |= TPMA_NVA_OWNERWRITE | TPMA_NVA_OWNERREAD; } else if (hierarchyAuthChar == 'p') { nvAttributes.val |= TPMA_NVA_PPWRITE | TPMA_NVA_PPREAD; } else if (hierarchyAuthChar == '\0') { nvAttributes.val |= TPMA_NVA_AUTHWRITE | TPMA_NVA_AUTHREAD; } else { printf("-hia has bad parameter\n"); printUsage(); } } if (rc == 0) { if (hierarchyChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { in.authHandle = TPM_RH_PLATFORM; nvAttributes.val |= TPMA_NVA_PLATFORMCREATE; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { switch (typeChar) { case 'o': nvAttributes.val |= TPMA_NVA_ORDINARY; break; case 'c': nvAttributes.val |= TPMA_NVA_COUNTER; dataSize = 8; break; case 'b': nvAttributes.val |= TPMA_NVA_BITS; dataSize = 8; break; case 'e': nvAttributes.val |= TPMA_NVA_EXTEND; dataSize = hashSize; break; case 'p': nvAttributes.val |= TPMA_NVA_PIN_PASS; dataSize = 8; break; case 'f': nvAttributes.val |= TPMA_NVA_PIN_FAIL; dataSize = 8; break; default: printf("Illegal -ty\n"); printUsage(); } } /* Table 75 - Definition of Types for TPM2B_AUTH */ if (rc == 0) { if (nvPassword == NULL) { in.auth.b.size = 0; } /* if there was a password specified, permit index authorization */ else { /* PIN index cannot use index AUTHWRITE authorization */ if (((nvAttributes.val & TPMA_NVA_TPM_NT_MASK) != TPMA_NVA_PIN_FAIL) && ((nvAttributes.val & TPMA_NVA_TPM_NT_MASK) != TPMA_NVA_PIN_PASS)) { nvAttributes.val |= TPMA_NVA_AUTHWRITE; } nvAttributes.val |= TPMA_NVA_AUTHREAD; rc = TSS_TPM2B_StringCopy(&in.auth.b, nvPassword, sizeof(TPMU_HA)); } } /* optional authorization policy */ if (rc == 0) { if (policyFilename != NULL) { if (rc == 0) { nvAttributes.val |= TPMA_NVA_POLICYWRITE | TPMA_NVA_POLICYREAD; rc = TSS_File_Read2B(&in.publicInfo.nvPublic.authPolicy.b, sizeof(TPMU_HA), policyFilename); } /* sanity check that the size of the policy hash matches the name algorithm */ if (rc == 0) { if (in.publicInfo.nvPublic.authPolicy.b.size != hashSize) { printf("Policy size %u does not match name algorithm %u\n", in.publicInfo.nvPublic.authPolicy.b.size, hashSize); rc = TPM_RC_POLICY; } } } else { in.publicInfo.nvPublic.authPolicy.t.size = 0; /* default empty policy */ } } /* Table 197 - Definition of TPM2B_NV_PUBLIC Structure publicInfo */ /* Table 196 - Definition of TPMS_NV_PUBLIC Structure nvPublic */ if (rc == 0) { in.publicInfo.nvPublic.nvIndex = nvIndex; /* the handle of the data area */ in.publicInfo.nvPublic.nameAlg = nalg; /* hash algorithm used to compute the name of the Index and used for the authPolicy */ in.publicInfo.nvPublic.attributes = nvAttributes; /* the default Index attributes */ /* additional set attributes */ in.publicInfo.nvPublic.attributes.val |= setAttributes.val; /* clear attributes */ in.publicInfo.nvPublic.attributes.val &= ~(clearAttributes.val); in.publicInfo.nvPublic.dataSize = dataSize; /* the size of the data area */ } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_DefineSpace, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { printf("nvdefinespace: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvdefinespace: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvdefinespace\n"); printf("\n"); printf("Runs TPM2_NV_DefineSpace\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t\t01xxxxxx\n"); printf("\t-hi authorizing hierarchy (o, p)\n"); printf("\t\to owner, p platform\n"); printf("\t\tp sets PLATFORMCREATE\n"); printf("\t[-pwdp password for hierarchy (default empty)]\n"); printf("\t[-hia hierarchy authorization (o, p)(default index authorization)]\n"); printf("\t\tdefault AUTHWRITE, AUTHREAD\n"); printf("\t\to sets OWNERWRITE, OWNERREAD\n"); printf("\t\tp sets PPWRITE, PPREAD (platform)\n"); printf("\t[-pwdn password for NV index (default empty)]\n"); printf("\t\tssts AUTHWRITE (if not PIN index), AUTHREAD\n"); printf("\t[-nalg name algorithm (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-sz data size (default 0)]\n"); printf("\t\tIgnored for other than ordinary index\n"); printf("\t[-ty index type (o, c, b, e, p, f) (default ordinary)]\n"); printf("\t\tordinary, counter, bits, extend, pin pass, pin fail\n"); printf("\t[-pol policy file (default empty)]\n"); printf("\t\tsets POLICYWRITE, POLICYREAD\n"); printf("\t[+at attributes to add (may be specified more than once)]\n"); printf("\t\tppw (PPWRITE)\t\tppr (PPREAD)\n"); printf("\t\tow (OWNERWRITE)\tor (OWNERREAD)\n"); printf("\t\taw (AUTHWRITE)\tar (AUTHREAD)\n"); printf("\t\twd (WRITEDEFINE)\tgl (GLOBALLOCK)\n"); printf("\t\trst (READ_STCLEAR)\twst (WRITE_STCLEAR)\n"); printf("\t\twa (WRITEALL)\t\tody (ORDERLY)\n"); printf("\t\tpold (POLICY_DELETE)\tstc (CLEAR_STCLEAR)\n"); printf("\t[-at attributes to delete (may be specified more than once)]\n"); printf("\t\tppw (PPWRITE)\t\tppr (PPREAD)\n"); printf("\t\tow (OWNERWRITE)\tor (OWNERREAD)\n"); printf("\t\taw (AUTHWRITE)\tar (AUTHREAD)\n"); printf("\t\tpw (POLICYWRITE)\tpr (POLICYREAD)\n"); printf("\t\tda (NO_DA) (default set)\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/tsscrypto.c0000644000175000017500000012731513103122732012544 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Library Dependent Crypto Support */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* ECC Salt functions written by Bill Martin */ /* $Id: tsscrypto.c 1005 2017-05-05 16:18:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* Interface to OpenSSL version 1.0 crypto library */ #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #include #include #include #include #include #include #include #include #include extern int tssVverbose; extern int tssVerbose; /* local prototypes */ static TPM_RC TSS_Hash_GetMd(const EVP_MD **md, TPMI_ALG_HASH hashAlg); static TPM_RC TSS_ECC_GeneratePlatformEphemeralKey(CURVE_DATA *eCurveData, EC_KEY *myecc); static TPM_RC TSS_BN_new(BIGNUM **bn); static TPM_RC TSS_BN_hex2bn(BIGNUM **bn, const char *str); static TPM_RC TSS_bin2bn(BIGNUM **bn, const unsigned char *bin, unsigned int bytes); /* Initialization */ TPM_RC TSS_Crypto_Init(void) { TPM_RC rc = 0; ERR_load_crypto_strings (); OpenSSL_add_all_algorithms(); return rc; } /* Digests */ static TPM_RC TSS_Hash_GetMd(const EVP_MD **md, TPMI_ALG_HASH hashAlg) { TPM_RC rc = 0; if (rc == 0) { switch (hashAlg) { #ifdef TPM_ALG_SHA1 case TPM_ALG_SHA1: *md = EVP_get_digestbyname("sha1"); break; #endif #ifdef TPM_ALG_SHA256 case TPM_ALG_SHA256: *md = EVP_get_digestbyname("sha256"); break; #endif #ifdef TPM_ALG_SHA384 case TPM_ALG_SHA384: *md = EVP_get_digestbyname("sha384"); break; #endif #ifdef TPM_ALG_SHA512 case TPM_ALG_SHA512: *md = EVP_get_digestbyname("sha512"); break; #endif default: rc = TSS_RC_BAD_HASH_ALGORITHM; } } return rc; } /* On call, digest->hashAlg is the desired hash algorithm length 0 is ignored, buffer NULL terminates list. */ TPM_RC TSS_HMAC_Generate_valist(TPMT_HA *digest, /* largest size of a digest */ const TPM2B_KEY *hmacKey, va_list ap) { TPM_RC rc = 0; int irc = 0; int done = FALSE; const EVP_MD *md; /* message digest method */ #if OPENSSL_VERSION_NUMBER < 0x10100000 HMAC_CTX ctx; #else HMAC_CTX *ctx; #endif int length; uint8_t *buffer; #if OPENSSL_VERSION_NUMBER < 0x10100000 HMAC_CTX_init(&ctx); #else ctx = HMAC_CTX_new(); #endif if (rc == 0) { rc = TSS_Hash_GetMd(&md, digest->hashAlg); } if (rc == 0) { #if OPENSSL_VERSION_NUMBER < 0x10100000 irc = HMAC_Init_ex(&ctx, hmacKey->b.buffer, hmacKey->b.size, /* HMAC key */ md, /* message digest method */ NULL); #else irc = HMAC_Init_ex(ctx, hmacKey->b.buffer, hmacKey->b.size, /* HMAC key */ md, /* message digest method */ NULL); #endif if (irc == 0) { rc = TSS_RC_HMAC; } } while ((rc == 0) && !done) { length = va_arg(ap, int); /* first vararg is the length */ buffer = va_arg(ap, unsigned char *); /* second vararg is the array */ if (buffer != NULL) { /* loop until a NULL buffer terminates */ if (length < 0) { if (tssVerbose) printf("TSS_HMAC_Generate: Length is negative\n"); rc = TSS_RC_HMAC; } else { #if OPENSSL_VERSION_NUMBER < 0x10100000 irc = HMAC_Update(&ctx, buffer, length); #else irc = HMAC_Update(ctx, buffer, length); #endif if (irc == 0) { if (tssVerbose) printf("TSS_HMAC_Generate: HMAC_Update failed\n"); rc = TSS_RC_HMAC; } } } else { done = TRUE; } } if (rc == 0) { #if OPENSSL_VERSION_NUMBER < 0x10100000 irc = HMAC_Final(&ctx, (uint8_t *)&digest->digest, NULL); #else irc = HMAC_Final(ctx, (uint8_t *)&digest->digest, NULL); #endif if (irc == 0) { rc = TSS_RC_HMAC; } } #if OPENSSL_VERSION_NUMBER < 0x10100000 HMAC_CTX_cleanup(&ctx); #else HMAC_CTX_free(ctx); #endif return rc; } /* valist is int length, unsigned char *buffer pairs length 0 is ignored, buffer NULL terminates list. */ TPM_RC TSS_Hash_Generate_valist(TPMT_HA *digest, /* largest size of a digest */ va_list ap) { TPM_RC rc = 0; int irc = 0; int done = FALSE; int length; uint8_t *buffer; EVP_MD_CTX *mdctx; const EVP_MD *md; if (rc == 0) { mdctx = EVP_MD_CTX_create(); if (mdctx == NULL) { if (tssVerbose) printf("TSS_Hash_Generate: malloc EVP_MD_CTX failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { rc = TSS_Hash_GetMd(&md, digest->hashAlg); } if (rc == 0) { irc = EVP_DigestInit_ex(mdctx, md, NULL); if (irc != 1) { rc = TSS_RC_HASH; } } while ((rc == 0) && !done) { length = va_arg(ap, int); /* first vararg is the length */ buffer = va_arg(ap, unsigned char *); /* second vararg is the array */ if (buffer != NULL) { /* loop until a NULL buffer terminates */ if (length < 0) { if (tssVerbose) printf("TSS_Hash_Generate: Length is negative\n"); rc = TSS_RC_HASH; } else { if (length != 0) { EVP_DigestUpdate(mdctx, buffer, length); } } } else { done = TRUE; } } if (rc == 0) { EVP_DigestFinal_ex(mdctx, (uint8_t *)&digest->digest, NULL); } EVP_MD_CTX_destroy(mdctx); return rc; } /* Random Numbers */ TPM_RC TSS_RandBytes(unsigned char *buffer, uint32_t size) { TPM_RC rc = 0; int irc = 0; irc = RAND_bytes(buffer, size); if (irc != 1) { if (tssVerbose) printf("TSS_RandBytes: Random number generation failed\n"); rc = TSS_RC_RNG_FAILURE; } return rc; } /* RSA functions */ /* TSS_RSAGeneratePublicToken() generates an RSA key token from n and e */ TPM_RC TSS_RSAGeneratePublicToken(RSA **rsa_pub_key, /* freed by caller */ const unsigned char *narr, /* public modulus */ uint32_t nbytes, const unsigned char *earr, /* public exponent */ uint32_t ebytes) { TPM_RC rc = 0; BIGNUM * n = NULL; BIGNUM * e = NULL; /* sanity check for the free */ if (rc == 0) { if (*rsa_pub_key != NULL) { if (tssVerbose) printf("TSS_RSAGeneratePublicToken: Error (fatal), token %p should be NULL\n", *rsa_pub_key ); rc = TSS_RC_ALLOC_INPUT; } } /* construct the OpenSSL private key object */ if (rc == 0) { *rsa_pub_key = RSA_new(); /* freed by caller */ if (*rsa_pub_key == NULL) { if (tssVerbose) printf("TSS_RSAGeneratePublicToken: Error in RSA_new()\n"); rc = TSS_RC_RSA_KEY_CONVERT; } } if (rc == 0) { rc = TSS_bin2bn(&n, narr, nbytes); /* freed by caller */ } if (rc == 0) { rc = TSS_bin2bn(&e, earr, ebytes); /* freed by caller */ } if (rc == 0) { #if OPENSSL_VERSION_NUMBER < 0x10100000 (*rsa_pub_key)->n = n; (*rsa_pub_key)->e = e; (*rsa_pub_key)->d = NULL; #else int irc = RSA_set0_key(*rsa_pub_key, n, e, NULL); if (irc != 1) { if (tssVerbose) printf("TSS_RSAGeneratePublicToken: Error in RSA_set0_key()\n"); rc = TSS_RC_RSA_KEY_CONVERT; } #endif } return rc; } /* TSS_RSAPublicEncrypt() pads 'decrypt_data' to 'encrypt_data_size' and encrypts using the public key 'n, e'. */ TPM_RC TSS_RSAPublicEncrypt(unsigned char *encrypt_data, /* encrypted data */ size_t encrypt_data_size, /* size of encrypted data buffer */ const unsigned char *decrypt_data, /* decrypted data */ size_t decrypt_data_size, unsigned char *narr, /* public modulus */ uint32_t nbytes, unsigned char *earr, /* public exponent */ uint32_t ebytes, unsigned char *p, /* encoding parameter */ int pl, TPMI_ALG_HASH halg) /* OAEP hash algorithm */ { TPM_RC rc = 0; int irc; RSA *rsa_pub_key = NULL; unsigned char *padded_data = NULL; if (tssVverbose) printf(" TSS_RSAPublicEncrypt: Input data size %lu\n", (unsigned long)decrypt_data_size); /* intermediate buffer for the decrypted but still padded data */ if (rc == 0) { rc = TSS_Malloc(&padded_data, encrypt_data_size); /* freed @2 */ } /* construct the OpenSSL public key object */ if (rc == 0) { rc = TSS_RSAGeneratePublicToken(&rsa_pub_key, /* freed @1 */ narr, /* public modulus */ nbytes, earr, /* public exponent */ ebytes); } if (rc == 0) { padded_data[0] = 0x00; rc = TSS_RSA_padding_add_PKCS1_OAEP(padded_data, /* to */ encrypt_data_size, /* to length */ decrypt_data, /* from */ decrypt_data_size, /* from length */ p, /* encoding parameter */ pl, /* encoding parameter length */ halg); /* OAEP hash algorithm */ } if (rc == 0) { if (tssVverbose) printf(" TSS_RSAPublicEncrypt: Padded data size %lu\n", (unsigned long)encrypt_data_size); if (tssVverbose) TSS_PrintAll(" TPM_RSAPublicEncrypt: Padded data", padded_data, encrypt_data_size); /* encrypt with public key. Must pad first and then encrypt because the encrypt call cannot specify an encoding parameter */ /* returns the size of the encrypted data. On error, -1 is returned */ irc = RSA_public_encrypt(encrypt_data_size, /* from length */ padded_data, /* from - the clear text data */ encrypt_data, /* the padded and encrypted data */ rsa_pub_key, /* key */ RSA_NO_PADDING); /* padding */ if (irc < 0) { if (tssVerbose) printf("TSS_RSAPublicEncrypt: Error in RSA_public_encrypt()\n"); rc = TSS_RC_RSA_ENCRYPT; } } if (rc == 0) { if (tssVverbose) printf(" TSS_RSAPublicEncrypt: RSA_public_encrypt() success\n"); } if (rsa_pub_key != NULL) { RSA_free(rsa_pub_key); /* @1 */ } free(padded_data); /* @2 */ return rc; } /* TSS_GeneratePlatformEphemeralKey sets the EC parameters to NIST P256 for generating the ephemeral key. Some OpenSSL versions do not come with NIST p256. */ static TPM_RC TSS_ECC_GeneratePlatformEphemeralKey(CURVE_DATA *eCurveData, EC_KEY *myecc) { TPM_RC rc = 0; BIGNUM *p = NULL; BIGNUM *a = NULL; BIGNUM *b = NULL; BIGNUM *x = NULL; BIGNUM *y = NULL; BIGNUM *z = NULL; EC_POINT *G = NULL; /* generator */ /* ---------------------------------------------------------- * * Set the EC parameters to NISTp256. Openssl versions might * * not have NISTP256 as a possible parameter so we make it * * possible by setting the curve ourselves. * * ---------------------------------------------------------- */ /* NIST P256 from FIPS 186-3 */ if (rc == 0) { if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting p\n"); rc = TSS_BN_hex2bn(&p, /* freed @1 */ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF"); } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting a\n"); rc = TSS_BN_hex2bn(&a, /* freed @2 */ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC"); } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Converting b\n"); rc = TSS_BN_hex2bn(&b, /* freed @3 */ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B"); } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: New group\n"); eCurveData->G = EC_GROUP_new(EC_GFp_mont_method()); /* freed @4 */ if (eCurveData->G == NULL) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " "Error creating new group\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Set the curve prime\n"); if (EC_GROUP_set_curve_GFp(eCurveData->G, p, a, b, eCurveData->ctx) == 0) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " "Error seting curve prime\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { G = EC_POINT_new(eCurveData->G); /* freed @5 */ if (G == NULL ){ if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: EC_POINT_new failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { rc = TSS_BN_hex2bn(&x, /* freed @6 */ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"); } if (rc == 0) { rc = TSS_BN_hex2bn(&y, /* freed @7 */ "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5"); } if (rc == 0) { if (EC_POINT_set_affine_coordinates_GFp(eCurveData->G, G, x, y, eCurveData->ctx) == 0) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " "Cannot create TPM public point from coordinates\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } /* sanity check to see if point is on the curve */ if (rc == 0) { if (EC_POINT_is_on_curve(eCurveData->G, G, eCurveData->ctx) == 0) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " "Point not on curve\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { rc = TSS_BN_hex2bn(&z, /* freed @8 */ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); } if (rc == 0) { if (EC_GROUP_set_generator(eCurveData->G, G, z, BN_value_one()) == 0) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " "EC_GROUP_set_generator()\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { if (EC_GROUP_check(eCurveData->G, eCurveData->ctx) == 0) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " "EC_GROUP_check()\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { if (EC_KEY_set_group(myecc, eCurveData->G) == 0) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: Error, " "EC_KEY_set_group()\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { #if 0 if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " "Address of eCurveData->G is %p\n", eCurveData->G); if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " "Address of eCurveData->CTX is %p\n", eCurveData->ctx); #endif if (tssVverbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " "Set group for key\n"); } /* Create the public/private EC key pair here */ if (rc == 0) { if (EC_KEY_generate_key(myecc) == 0) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " "Error generating the ECC key.\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { if (!EC_KEY_check_key(myecc)) { if (tssVerbose) printf("TSS_ECC_GeneratePlatformEphemeralKey: " "Error on EC_KEY_check_key()\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (p != NULL) BN_clear_free(p); /* @1 */ if (a != NULL) BN_clear_free(a); /* @2 */ if (b != NULL) BN_clear_free(b); /* @3 */ if (rc != 0) { EC_GROUP_free(eCurveData->G); /* @4 */ EC_POINT_free(G); /* @5 */ } if (x != NULL) BN_clear_free(x); /* @6 */ if (y != NULL) BN_clear_free(y); /* @7 */ if (z != NULL) BN_clear_free(z); /* @8 */ /* don't free the key info. This curve was constructed out of parameters, not of the openssl library */ /* EC_KEY_free(myecc) */ /* EC_POINT_free(G); */ return rc; } /* TSS_ECC_Salt() returns both the plaintext and excrypted salt, based on the salt key bPublic. */ TPM_RC TSS_ECC_Salt(TPM2B_DIGEST *salt, TPM2B_ENCRYPTED_SECRET *encryptedSalt, TPMT_PUBLIC *publicArea) { TPM_RC rc = 0; EC_KEY *myecc = NULL; /* ephemeral key */ const BIGNUM *d_caller; /* ephemeral private key */ const EC_POINT *callerPointPub; /* ephemeral public key */ EC_POINT *tpmPointPub = NULL; BIGNUM *p_tpmX = NULL; BIGNUM *bigY = NULL; BIGNUM *zBn = NULL; EC_POINT *rPoint = NULL; BIGNUM *thepoint = NULL; BIGNUM *sharedX = NULL; BIGNUM *yBn = NULL; uint32_t sizeInBytes; uint32_t sizeInBits; uint8_t *sharedXBin = NULL; unsigned int lengthSharedXBin; BIGNUM *p_caller_Xbn = NULL; BIGNUM *p_caller_Ybn = NULL; uint8_t *p_caller_Xbin = NULL; uint8_t *p_caller_Ybin = NULL; uint8_t *p_tpmXbin = NULL; unsigned int length_p_caller_Xbin; unsigned int length_p_caller_Ybin; unsigned int length_p_tpmXbin; TPM2B_ECC_PARAMETER sharedX_For_KDFE; TPM2B_ECC_PARAMETER p_caller_X_For_KDFE; TPM2B_ECC_PARAMETER p_tpmX_For_KDFE; CURVE_DATA eCurveData; /* only NIST P256 is currently supported */ if (rc == 0) { if ((publicArea->parameters.eccDetail.curveID != TPM_ECC_NIST_P256)) { if (tssVerbose) printf("TSS_ECC_Salt: ECC curve ID %04x not supported\n", publicArea->parameters.eccDetail.curveID); rc = TSS_RC_BAD_SALT_KEY; } } if (rc == 0) { myecc = EC_KEY_new(); /* freed @1 */ if (myecc == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: EC_KEY_new failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { eCurveData.ctx = BN_CTX_new(); /* freed @16 */ if (eCurveData.ctx == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: BN_CTX_new failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } /* Generate the TSS EC ephemeral key pair outside the TPM for the salt. The public part of this key is actually the 'encrypted' salt. */ if (rc == 0) { if (tssVverbose) printf("TSS_ECC_Salt: " "Calling TSS_ECC_GeneratePlatformEphemeralKey\n"); rc = TSS_ECC_GeneratePlatformEphemeralKey(&eCurveData, myecc); } if (rc == 0) { d_caller = EC_KEY_get0_private_key(myecc); /* ephemeral private key */ callerPointPub = EC_KEY_get0_public_key(myecc); /* ephemeral public key */ } /* validate that the public point is on the NIST P-256 curve */ if (rc == 0) { if (EC_POINT_is_on_curve(eCurveData.G, callerPointPub, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: " "Generated point not on curve\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { /* let d_caller be private scalar and P_caller be public point */ /* p_tpm is public point. p_tpmX is to be X-coordinate and p_tpmY the Y-coordinate */ /* Allocate the space for P_tpm */ tpmPointPub = EC_POINT_new(eCurveData.G); /* freed @2 */ if (tpmPointPub == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: EC_POINT_new failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } /* grab the public point x and y using the parameters passed in */ if (rc == 0) { if (tssVverbose) printf("TSS_ECC_Salt: " "Salt key sizes are X: %d and Y: %d\n", publicArea->unique.ecc.x.t.size, publicArea->unique.ecc.y.t.size); p_tpmX = BN_bin2bn((const unsigned char *)&publicArea->unique.ecc.x.t.buffer, publicArea->unique.ecc.x.t.size, NULL); /* freed @3 */ if (p_tpmX == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: BN_bin2bn p_tpmX failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { bigY = BN_bin2bn((const unsigned char*)&publicArea->unique.ecc.y.t.buffer, publicArea->unique.ecc.y.t.size, bigY); /* freed @15 */ if (bigY == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: BN_bin2bn bigY failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_Salt: " "Salt public key X %s\n", BN_bn2hex(p_tpmX)); if (tssVverbose) printf("TSS_ECC_Salt: " "Salt public key Y %s\n", BN_bn2hex(bigY)); } /* Create the openssl form of the TPM salt public key as EC_POINT using coordinates */ if (rc == 0) { if (EC_POINT_set_affine_coordinates_GFp (eCurveData.G, tpmPointPub, p_tpmX, bigY, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: " "Cannot create TPM public point from coordinates\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } /* RFC 2440 Named curve prime256v1 */ if (rc == 0) { rc = TSS_BN_hex2bn(&zBn, /* freed @4 */ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551"); } /* add the generator z to the group we are constructing */ if (rc == 0) { if (EC_GROUP_set_generator(eCurveData.G, tpmPointPub, zBn, BN_value_one()) == 0) { if(tssVerbose) printf ("TSS_ECC_Salt: " "Error EC_GROUP_set_generator()\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } /* Check for validity of our group */ if (rc == 0) { if (EC_GROUP_check(eCurveData.G, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: " "ec_group_check() failed\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } /* Check to see if what we think is the TPM point is on the curve */ if (rc == 0) { if (EC_POINT_is_on_curve(eCurveData.G, tpmPointPub, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: Error, " "Point not on curve\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } else { if (tssVverbose) printf("TSS_ECC_Salt: " "Validated that TPM EC point is on curve\n"); } } if (rc == 0) { rPoint = EC_POINT_new(eCurveData.G); if (rPoint == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: " "Cannot create rPoint\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } /* Point multiply the TPM public point by the ephemeral scalar. This will produce the point from which we get the shared X coordinate, which we keep for use in KDFE. The TPM will calculate the same X. */ if (rc == 0) { if (EC_POINT_mul(eCurveData.G, rPoint, NULL, tpmPointPub, d_caller, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: " "EC_POINT_mul failed\n") ; rc = TSS_RC_EC_EPHEMERAL_FAILURE; } else { if (tssVverbose) printf("TSS_ECC_Salt: " "EC_POINT_mul() succeeded\n"); } } /* Check to see if calculated point is on the curve, just for extra sanity */ if (rc == 0) { if (EC_POINT_is_on_curve(eCurveData.G, rPoint, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: Error," "Point r is not on curve\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } else { if (tssVverbose) printf("TSS_ECC_Salt: " "Point calculated by EC_POINT_mul() is on the curve\n"); } } if (rc == 0) { thepoint = EC_POINT_point2bn(eCurveData.G, rPoint, POINT_CONVERSION_UNCOMPRESSED, NULL, eCurveData.ctx); /* freed @6 */ if (thepoint == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: " "EC_POINT_point2bn thepoint failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } /* get sharedX */ if (rc == 0) { rc = TSS_BN_new(&sharedX); /* freed @7 */ } if (rc == 0) { rc = TSS_BN_new(&yBn); /* freed @8 */ } if (rc == 0) { if (EC_POINT_get_affine_coordinates_GFp(eCurveData.G, rPoint, sharedX, yBn, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: " "EC_POINT_get_affine_coordinates_GFp() failed\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { sizeInBytes = TSS_GetDigestSize(publicArea->nameAlg); sizeInBits = sizeInBytes * 8; sharedXBin = malloc(BN_num_bytes(sharedX)); /* freed @9 */ if (sharedXBin == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: " "malloc sharedXBin failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { lengthSharedXBin = (unsigned int)BN_bn2bin(sharedX, sharedXBin); if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: sharedXBin", sharedXBin, lengthSharedXBin); } /* encrypted salt is just the ephemeral public key */ if (rc == 0) { rc = TSS_BN_new(&p_caller_Xbn); /* freed 10 */ } if (rc == 0) { rc = TSS_BN_new(&p_caller_Ybn); /* freed @11 */ } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_Salt: " "Allocated space for ephemeral BIGNUM X, Y\n"); } /* Get the X-coordinate and Y-Coordinate */ if (rc == 0) { if (EC_POINT_get_affine_coordinates_GFp(eCurveData.G, callerPointPub, p_caller_Xbn, p_caller_Ybn, eCurveData.ctx) == 0) { if (tssVerbose) printf("TSS_ECC_Salt: " "EC_POINT_get_affine_coordinates_GFp() failed\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } else { if (tssVverbose) printf("TSS_ECC_Salt: " "Retrieved X and Y coordinates from ephemeral public\n"); } } if (rc == 0) { p_caller_Xbin = malloc(BN_num_bytes(p_caller_Xbn)); /* freed @12 */ if (p_caller_Xbin == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: " "malloc p_caller_Xbin failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { p_caller_Ybin = malloc(BN_num_bytes(p_caller_Ybn)); /* freed @13 */ if (p_caller_Ybin == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: " "malloc p_caller_Ybin failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_Salt: " "Allocated space for ephemeral binary X and y\n"); } if (rc == 0) { p_tpmXbin = malloc(BN_num_bytes(p_tpmX)); /* freed @14 */ if (p_tpmXbin == NULL) { if (tssVerbose) printf("TSS_ECC_Salt: " "malloc p_tpmXbin failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { length_p_tpmXbin = (unsigned int)BN_bn2bin(p_tpmX, p_tpmXbin); if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_tpmXbin ", p_tpmXbin, length_p_tpmXbin); length_p_caller_Xbin = (unsigned int)BN_bn2bin(p_caller_Xbn, p_caller_Xbin); if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_Xbin", p_caller_Xbin, length_p_caller_Xbin); length_p_caller_Ybin = (unsigned int)BN_bn2bin(p_caller_Ybn, p_caller_Ybin); if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_Ybin", p_caller_Ybin, length_p_caller_Ybin); } /* in->encryptedSalt TPM2B_ENCRYPTED_SECRET is a size and TPMU_ENCRYPTED_SECRET secret. TPMU_ENCRYPTED_SECRET is a TPMS_ECC_POINT TPMS_ECC_POINT has two TPMB_ECC_PARAMETER, x and y */ if (rc == 0) { /* TPMS_ECC_POINT 256/8 is a hard coded value for NIST P256, the only curve currently supported */ uint8_t *secret = encryptedSalt->t.secret; /* TPMU_ENCRYPTED_SECRET pointer for clarity */ /* TPM2B_ENCRYPTED_SECRET size */ encryptedSalt->t.size = sizeof(uint16_t) + (256/8) + sizeof(uint16_t) + (256/8); /* leading zeros, because some points may be less than 32 bytes */ memset(secret, 0, sizeof(TPMU_ENCRYPTED_SECRET)); /* TPMB_ECC_PARAMETER X point */ *(uint16_t *)(secret) = htons(256/8); memcpy(secret + sizeof(uint16_t) + (256/8) - length_p_caller_Xbin, p_caller_Xbin, length_p_caller_Xbin); /* TPMB_ECC_PARAMETER Y point */ *(uint16_t *)(secret + sizeof(uint16_t) + (256/8)) = htons(256/8); memcpy(secret + sizeof(uint16_t) + (256/8) + sizeof(uint16_t) + (256/8) - length_p_caller_Ybin, p_caller_Ybin, length_p_caller_Ybin); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: ECC encrypted salt", encryptedSalt->t.secret, encryptedSalt->t.size); } /* sharedX_For_KDFE */ if (rc == 0) { if (lengthSharedXBin > sizeof(sharedX_For_KDFE.t.buffer)) { if (tssVerbose) printf("TSS_ECC_Salt: " "lengthSharedXBin %u too large\n", lengthSharedXBin); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { sharedX_For_KDFE.t.size = 32; memset(sharedX_For_KDFE.t.buffer, 0, sizeof(sharedX_For_KDFE.t.buffer)); memcpy(sharedX_For_KDFE.t.buffer + 32 - lengthSharedXBin, sharedXBin, lengthSharedXBin); if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: sharedX_For_KDFE", sharedX_For_KDFE.t.buffer, sharedX_For_KDFE.t.size); } /* p_caller_X_For_KDFE */ if (rc == 0) { if (length_p_caller_Xbin > sizeof(p_caller_X_For_KDFE.t.buffer)) { if (tssVerbose) printf("TSS_ECC_Salt: " "length_p_caller_Xbin %u too large\n", length_p_caller_Xbin); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { p_caller_X_For_KDFE.t.size = 32; memset(p_caller_X_For_KDFE.t.buffer, 0, sizeof(p_caller_X_For_KDFE.t.buffer)); memcpy(p_caller_X_For_KDFE.t.buffer + 32 - length_p_caller_Xbin, p_caller_Xbin, length_p_caller_Xbin); if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_caller_X_For_KDFE", p_caller_X_For_KDFE.t.buffer, p_caller_X_For_KDFE.t.size); } /* p_tpmX_For_KDFE */ if (rc == 0) { if (length_p_tpmXbin > sizeof(p_tpmX_For_KDFE.t.buffer)) { if (tssVerbose) printf("TSS_ECC_Salt: " "length_p_tpmXbin %u too large\n", length_p_tpmXbin); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } if (rc == 0) { p_tpmX_For_KDFE .t.size = 32; memset(p_tpmX_For_KDFE.t.buffer, 0, sizeof(p_tpmX_For_KDFE.t.buffer)); memcpy(p_tpmX_For_KDFE.t.buffer + 32 - length_p_tpmXbin, p_tpmXbin, length_p_tpmXbin); if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: p_tpmX_For_KDFE", p_tpmX_For_KDFE.t.buffer, p_tpmX_For_KDFE.t.size); } if (rc == 0) { if (tssVverbose) printf("TSS_ECC_Salt: " "Calling TSS_KDFE\n"); /* TPM2B_DIGEST salt size is the largest supported digest algorithm. This has already been validated when unmarshaling the Name hash algorithm. */ /* salt = KDFe(tpmKey_NameAlg, sharedX, "SECRET", P_caller, P_tpm, tpmKey_NameAlgSizeBits) */ salt->t.size = sizeInBytes; rc = TSS_KDFE((uint8_t *)&salt->t.buffer, /* KDFe output */ publicArea->nameAlg, /* hash algorithm */ &sharedX_For_KDFE.b, /* Z (key) */ "SECRET", /* KDFe label */ &p_caller_X_For_KDFE.b, /* context U */ &p_tpmX_For_KDFE.b, /* context V */ sizeInBits); /* required size of key in bits */ } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_ECC_Salt: salt", (uint8_t *)&salt->t.buffer, salt->t.size); } /* cleanup */ if (myecc != NULL) EC_KEY_free(myecc); /* @1 */ if (tpmPointPub != NULL) EC_POINT_free(tpmPointPub); /* @2 */ if (p_tpmX != NULL) BN_clear_free(p_tpmX); /* @3 */ if (zBn != NULL) BN_clear_free(zBn); /* @4 */ if (rPoint != NULL) EC_POINT_free(rPoint); /* @5 */ if (thepoint != NULL) BN_clear_free(thepoint); /* @6 */ if (sharedX != NULL) BN_clear_free(sharedX); /* @7 */ if (yBn != NULL) BN_clear_free(yBn); /* @8 */ free(sharedXBin); /* @9 */ if (p_caller_Xbn != NULL) BN_clear_free(p_caller_Xbn); /* @10 */ if (p_caller_Ybn != NULL) BN_clear_free(p_caller_Ybn); /* @11 */ free(p_caller_Xbin); /* @12 */ free(p_caller_Ybin); /* @13 */ free(p_tpmXbin); /* @14 */ if (bigY != NULL) BN_clear_free(bigY); /* @15 */ if (eCurveData.ctx != NULL) BN_CTX_free(eCurveData.ctx); /* @16 */ return rc; } /* TSS_BN_new() wraps the openSSL function in a TPM error handler */ static TPM_RC TSS_BN_new(BIGNUM **bn) /* freed by caller */ { TPM_RC rc = 0; if (rc == 0) { if (*bn != NULL) { if (tssVerbose) printf("TSS_BN_new: Error (fatal), *bn %p should be NULL before BN_new()\n", *bn); rc = TSS_RC_ALLOC_INPUT; } } if (rc == 0) { *bn = BN_new(); if (*bn == NULL) { if (tssVerbose) printf("TSS_BN_new: BN_new() failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } return rc; } /* TSS_BN_hex2bn() wraps the openSSL function in a TPM error handler */ static TPM_RC TSS_BN_hex2bn(BIGNUM **bn, const char *str) /* freed by caller */ { TPM_RC rc = 0; if (rc == 0) { if (*bn != NULL) { if (tssVerbose) printf("TSS_BN_hex2bn: Error (fatal), *bn %p should be NULL before BN_new()\n", *bn); rc = TSS_RC_ALLOC_INPUT; } } if (rc == 0) { int irc; irc = BN_hex2bn(bn, str); if (irc == 0) { if (tssVerbose) printf("TSS_BN_hex2bn: BN_hex2bn() failed\n"); rc = TSS_RC_EC_EPHEMERAL_FAILURE; } } return rc; } /* TSS_bin2bn() wraps the openSSL function in a TPM error handler Converts a char array to bignum bn must be freed by the caller. */ static TPM_RC TSS_bin2bn(BIGNUM **bn, const unsigned char *bin, unsigned int bytes) { TPM_RC rc = 0; /* BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM and places it in ret. If ret is NULL, a new BIGNUM is created. BN_bin2bn() returns the BIGNUM, NULL on error. */ if (rc == 0) { *bn = BN_bin2bn(bin, bytes, *bn); if (*bn == NULL) { if (tssVerbose) printf("TSS_bin2bn: Error in BN_bin2bn\n"); rc = TSS_RC_BIGNUM; } } return rc; } /* AES */ TPM_RC TSS_AES_GetEncKeySize(size_t *tssSessionEncKeySize) { *tssSessionEncKeySize = sizeof(AES_KEY); return 0; } TPM_RC TSS_AES_GetDecKeySize(size_t *tssSessionDecKeySize) { *tssSessionDecKeySize = sizeof(AES_KEY); return 0; } #define TSS_AES_KEY_BITS 128 TPM_RC TSS_AES_KeyGenerate(void *tssSessionEncKey, void *tssSessionDecKey) { TPM_RC rc = 0; int irc; unsigned char userKey[AES_128_BLOCK_SIZE_BYTES]; const char *envKeyString = NULL; unsigned char *envKeyBin = NULL; size_t envKeyBinLen; if (rc == 0) { envKeyString = getenv("TPM_SESSION_ENCKEY"); } if (envKeyString == NULL) { /* If the env variable TPM_SESSION_ENCKEY is not set, generate a random key for this TSS_CONTEXT */ if (rc == 0) { rc = TSS_RandBytes(userKey, AES_128_BLOCK_SIZE_BYTES); } } /* The env variable TPM_SESSION_ENCKEY can set a (typically constant) encryption key. This is useful for scripting, where the env variable is set to a random seed at the beginning of the script. */ else { /* hexascii to binary */ if (rc == 0) { rc = TSS_Array_Scan(&envKeyBin, &envKeyBinLen, envKeyString); } /* range check */ if (rc == 0) { if (envKeyBinLen != AES_128_BLOCK_SIZE_BYTES) { if (tssVerbose) printf("TSS_AES_KeyGenerate: Error, env variable length %lu not %lu\n", (unsigned long)envKeyBinLen, (unsigned long)sizeof(userKey)); rc = TSS_RC_BAD_PROPERTY_VALUE; } } /* copy the binary to the common userKey for use below */ if (rc == 0) { memcpy(userKey, envKeyBin, envKeyBinLen); } } /* translate to an openssl key token */ if (rc == 0) { irc = AES_set_encrypt_key(userKey, TSS_AES_KEY_BITS, tssSessionEncKey); /* should never occur, null pointers or bad bit size */ if (irc != 0) { if (tssVerbose) printf("TSS_AES_KeyGenerate: Error setting openssl AES encryption key\n"); rc = TSS_RC_AES_KEYGEN_FAILURE; } } if (rc == 0) { irc = AES_set_decrypt_key(userKey, TSS_AES_KEY_BITS, tssSessionDecKey); /* should never occur, null pointers or bad bit size */ if (irc != 0) { if (tssVerbose) printf("TSS_AES_KeyGenerate: Error setting openssl AES decryption key\n"); rc = TSS_RC_AES_KEYGEN_FAILURE; } } free(envKeyBin); return rc; } /* TSS_AES_Encrypt() is AES non-portable code to encrypt 'decrypt_data' to 'encrypt_data' using CBC. This function uses the session encryption key for encrypting session state. The stream is padded as per PKCS#7 / RFC2630 'encrypt_data' must be free by the caller */ TPM_RC TSS_AES_Encrypt(void *tssSessionEncKey, unsigned char **encrypt_data, /* output, caller frees */ uint32_t *encrypt_length, /* output */ const unsigned char *decrypt_data, /* input */ uint32_t decrypt_length) /* input */ { TPM_RC rc = 0; uint32_t pad_length; unsigned char *decrypt_data_pad; unsigned char ivec[AES_128_BLOCK_SIZE_BYTES]; /* initial chaining vector */ decrypt_data_pad = NULL; /* freed @1 */ if (rc == 0) { /* calculate the pad length and padded data length */ pad_length = AES_128_BLOCK_SIZE_BYTES - (decrypt_length % AES_128_BLOCK_SIZE_BYTES); *encrypt_length = decrypt_length + pad_length; /* allocate memory for the encrypted response */ rc = TSS_Malloc(encrypt_data, *encrypt_length); } /* allocate memory for the padded decrypted data */ if (rc == 0) { rc = TSS_Malloc(&decrypt_data_pad, *encrypt_length); } /* pad the decrypted clear text data */ if (rc == 0) { /* unpadded original data */ memcpy(decrypt_data_pad, decrypt_data, decrypt_length); /* last gets pad = pad length */ memset(decrypt_data_pad + decrypt_length, pad_length, pad_length); /* set the IV */ memset(ivec, 0, sizeof(ivec)); /* encrypt the padded input to the output */ AES_cbc_encrypt(decrypt_data_pad, *encrypt_data, *encrypt_length, tssSessionEncKey, ivec, AES_ENCRYPT); } free(decrypt_data_pad); /* @1 */ return rc; } /* TSS_AES_Decrypt() is AES non-portable code to decrypt 'encrypt_data' to 'decrypt_data' using CBC. This function uses the session encryption key for decrypting session state. The stream must be padded as per PKCS#7 / RFC2630 decrypt_data must be free by the caller */ TPM_RC TSS_AES_Decrypt(void *tssSessionDecKey, unsigned char **decrypt_data, /* output, caller frees */ uint32_t *decrypt_length, /* output */ const unsigned char *encrypt_data, /* input */ uint32_t encrypt_length) /* input */ { TPM_RC rc = 0; uint32_t pad_length; uint32_t i; unsigned char *pad_data; unsigned char ivec[AES_128_BLOCK_SIZE_BYTES]; /* initial chaining vector */ /* sanity check encrypted length */ if (rc == 0) { if (encrypt_length < AES_128_BLOCK_SIZE_BYTES) { if (tssVerbose) printf("TSS_AES_Decrypt: Error, bad length %u\n", encrypt_length); rc = TSS_RC_AES_DECRYPT_FAILURE; } } /* allocate memory for the padded decrypted data */ if (rc == 0) { rc = TSS_Malloc(decrypt_data, encrypt_length); } /* decrypt the input to the padded output */ if (rc == 0) { /* set the IV */ memset(ivec, 0, sizeof(ivec)); /* decrypt the padded input to the output */ AES_cbc_encrypt(encrypt_data, *decrypt_data, encrypt_length, tssSessionDecKey, ivec, AES_DECRYPT); } /* get the pad length */ if (rc == 0) { /* get the pad length from the last byte */ pad_length = (uint32_t)*(*decrypt_data + encrypt_length - 1); /* sanity check the pad length */ if ((pad_length == 0) || (pad_length > AES_128_BLOCK_SIZE_BYTES)) { if (tssVerbose) printf("TSS_AES_Decrypt: Error, illegal pad length\n"); rc = TSS_RC_AES_DECRYPT_FAILURE; } } if (rc == 0) { /* get the unpadded length */ *decrypt_length = encrypt_length - pad_length; /* pad starting point */ pad_data = *decrypt_data + *decrypt_length; /* sanity check the pad */ for (i = 0 ; (rc == 0) && (i < pad_length) ; i++, pad_data++) { if (*pad_data != pad_length) { if (tssVerbose) printf("TSS_AES_Decrypt: Error, bad pad %02x at index %u\n", *pad_data, i); rc = TSS_RC_AES_DECRYPT_FAILURE; } } } return rc; } TPM_RC TSS_AES_EncryptCFB(uint8_t *dOut, /* OUT: the encrypted */ uint32_t keySizeInBits, /* IN: key size in bit */ uint8_t *key, /* IN: key buffer. The size of this buffer in */ uint8_t *iv, /* IN/OUT: IV for decryption */ uint32_t dInSize, /* IN: data size */ uint8_t *dIn) /* IN: data buffer */ { TPM_RC rc = 0; int irc; int blockSize; AES_KEY aeskey; int32_t dSize; /* signed version of dInSize */ /* Create AES encryption key token */ if (rc == 0) { irc = AES_set_encrypt_key(key, keySizeInBits, &aeskey); if (irc != 0) { if (tssVerbose) printf("TSS_AES_EncryptCFB: Error setting openssl AES encryption key\n"); rc = TSS_RC_AES_KEYGEN_FAILURE; /* should never occur, null pointers or bad bit size */ } } if (rc == 0) { /* Encrypt the current IV into the new IV, XOR in the data, and copy to output */ for(dSize = (INT32)dInSize ; dSize > 0 ; dSize -= 16, dOut += 16, dIn += 16) { /* Encrypt the current value of the IV to the intermediate value. Store in old iv, since it's not needed anymore. */ AES_encrypt(iv, iv, &aeskey); blockSize = (dSize < 16) ? dSize : 16; /* last block can be < 16 */ TSS_XOR(dOut, dIn, iv, blockSize); memcpy(iv, dOut, blockSize); } } return rc; } TPM_RC TSS_AES_DecryptCFB(uint8_t *dOut, /* OUT: the decrypted data */ uint32_t keySizeInBits, /* IN: key size in bit */ uint8_t *key, /* IN: key buffer. The size of this buffer in */ uint8_t *iv, /* IN/OUT: IV for decryption. */ uint32_t dInSize, /* IN: data size */ uint8_t *dIn) /* IN: data buffer */ { TPM_RC rc = 0; int irc; uint8_t tmp[16]; int blockSize; AES_KEY aesKey; int32_t dSize; /* Create AES encryption key token */ if (rc == 0) { irc = AES_set_encrypt_key(key, keySizeInBits, &aesKey); if (irc != 0) { if (tssVerbose) printf("TSS_AES_DecryptCFB: Error setting openssl AES encryption key\n"); rc = TSS_RC_AES_KEYGEN_FAILURE; /* should never occur, null pointers or bad bit size */ } } if (rc == 0) { for (dSize = (INT32)dInSize ; dSize > 0; dSize -= 16, dOut += 16, dIn += 16) { /* Encrypt the IV into the temp buffer */ AES_encrypt(iv, tmp, &aesKey); blockSize = (dSize < 16) ? dSize : 16; /* last block can be < 16 */ TSS_XOR(dOut, dIn, tmp, blockSize); memcpy(iv, dIn, blockSize); } } return rc; } ./utils/getcommandauditdigest.c0000644000175000017500000002545113075204375015051 0ustar lo1lo1/********************************************************************************/ /* */ /* GetCommandAuditDigest */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: getcommandauditdigest.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); static void printSignature(GetCommandAuditDigest_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; GetCommandAuditDigest_In in; GetCommandAuditDigest_Out out; const char *privacyAdminPassword = NULL; TPMI_DH_OBJECT signHandle = 0; const char *signPassword = NULL; TPMI_ALG_HASH halg = TPM_ALG_SHA256; const char *signatureFilename = NULL; const char *attestInfoFilename = NULL; const char *qualifyingDataFilename = NULL; int useRsa = 1; TPMS_ATTEST tpmsAttest; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (signHandle == 0) { printf("Missing sign handle parameter -hk\n"); printUsage(); } if (rc == 0) { /* Handle of key that authorized the audit */ in.privacyHandle = TPM_RH_ENDORSEMENT; in.signHandle = signHandle; if (useRsa) { /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ in.inScheme.scheme = TPM_ALG_RSASSA; /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ in.inScheme.details.rsassa.hashAlg = halg; } else { /* ecc */ in.inScheme.scheme = TPM_ALG_ECDSA; in.inScheme.details.ecdsa.hashAlg = halg; } } /* data supplied by the caller */ if (rc == 0) { if (qualifyingDataFilename != NULL) { rc = TSS_File_Read2B(&in.qualifyingData.b, sizeof(TPMT_HA), qualifyingDataFilename); } else { in.qualifyingData.t.size = 0; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_GetCommandAuditDigest, sessionHandle0, privacyAdminPassword, sessionAttributes0, sessionHandle1, signPassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { uint8_t *tmpBuffer = out.auditInfo.t.attestationData; int32_t tmpSize = out.auditInfo.t.size; rc = TPMS_ATTEST_Unmarshal(&tpmsAttest, &tmpBuffer, &tmpSize); if (verbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); } if (rc == 0) { int match; match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); if (!match) { printf("getcommandauditdigest: failed, extraData != qualifyingData\n"); rc = EXIT_FAILURE; } } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } if ((rc == 0) && (attestInfoFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.auditInfo.t.attestationData, out.auditInfo.t.size, attestInfoFilename); } if (rc == 0) { if (verbose) printSignature(&out); if (verbose) printf("getcommandauditdigest: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("getcommandauditdigest: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printSignature(GetCommandAuditDigest_Out *out) { TSS_PrintAll("Signature", out->signature.signature.rsassa.sig.t.buffer, out->signature.signature.rsassa.sig.t.size); } static void printUsage(void) { printf("\n"); printf("getcommandauditdigest\n"); printf("\n"); printf("Runs TPM2_GetCommandAuditDigest\n"); printf("\n"); printf("\t[-pwde endorsement hierarchy password (default empty)]\n"); printf("\t-hk signing key handle\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-salg signature algorithm (rsa, ecc) (default rsa)]\n"); printf("\t[-qd qualifying data file name]\n"); printf("\t[-os signature file name (default do not save)]\n"); printf("\t[-oa attestation output file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/policypassword.c0000644000175000017500000001035213071216651013554 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyPassword */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policypassword.c 981 2017-04-05 16:39:05Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; TPMI_SH_POLICY policySession = 0; PolicyPassword_In in; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Rewrap_In in; Rewrap_Out out; TPMI_DH_OBJECT oldParent = 0; TPMI_DH_OBJECT newParent = 0; const char *oldParentPassword = NULL; const char *inDuplicateFilename = NULL; const char *nameFilename = NULL; const char *inSymSeedFilename = NULL; const char *outDuplicateFilename = NULL; const char *outSymSeedFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (oldParent == 0) { printf("Missing or bad object old parent handle -ho\n"); printUsage(); } if (newParent == 0) { printf("Missing or bad object new parent handle -hn\n"); printUsage(); } if (inDuplicateFilename == NULL) { printf("Missing duplicate private area parameter -id\n"); printUsage(); } if (nameFilename == NULL) { printf("Missing name parameter -in\n"); printUsage(); } if (inSymSeedFilename == NULL) { printf("Missing input symmetric seed parameter -iss\n"); printUsage(); } if (rc == 0) { in.oldParent = oldParent; in.newParent = newParent; } if (rc == 0) { rc = TSS_File_Read2B(&in.inDuplicate.b, sizeof(_PRIVATE), inDuplicateFilename); } if (rc == 0) { rc = TSS_File_Read2B(&in.name.b, sizeof(TPMU_NAME), nameFilename); } if (rc == 0) { rc = TSS_File_Read2B(&in.inSymSeed.b, sizeof(TPMU_ENCRYPTED_SECRET), inSymSeedFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Rewrap, sessionHandle0, oldParentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (outDuplicateFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.outDuplicate.t.buffer, out.outDuplicate.t.size, outDuplicateFilename); } if ((rc == 0) && (outSymSeedFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.outSymSeed.t.secret, out.outSymSeed.t.size, outSymSeedFilename); } if (rc == 0) { if (verbose) printf("rewrap: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("rewrap: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("Rewrap\n"); printf("\n"); printf("Runs TPM2_Rewrap\n"); printf("\n"); printf("\t-ho handle of object old parent\n"); printf("\t[-pwdo password for old parent] (default empty)\n"); printf("\t-hn handle of object new parent\n"); printf("\t-id duplicate private area file name\n"); printf("\t-in object name file name\n"); printf("\t-iss input symmetric seed file name"); printf("\n"); printf("\t[-od rewrap private area file name (default do not save)]\n"); printf("\t[-oss symmetric seed file name (default do not save)]\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/pcrevent.c0000644000175000017500000001723413055132457012331 0ustar lo1lo1/********************************************************************************/ /* */ /* PCR_Event */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: pcrevent.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PCR_Event_In in; PCR_Event_Out out; TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; const char *data = NULL; const char *datafilename = NULL; const char *outFilename1 = NULL; const char *outFilename2 = NULL; const char *outFilename3 = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i= IMPLEMENTATION_PCR) { printf("Missing or bad PCR handle parameter -ha\n"); printUsage(); } if ((data == NULL) && (datafilename == NULL)) { printf("Data string or data file must be specified\n"); printUsage(); } if ((data != NULL) && (datafilename != NULL)) { printf("Data string and data file cannot both be specified\n"); printUsage(); } if (rc == 0) { in.pcrHandle = pcrHandle; } if (rc == 0) { if (data != NULL) { if (verbose) printf("Event data %u bytes\n", (unsigned int)strlen(data)); rc = TSS_TPM2B_StringCopy(&in.eventData.b, data, 1024); } } if (datafilename != NULL) { rc = TSS_File_Read2B(&in.eventData.b, 1024, datafilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PCR_Event, TPM_RS_PW, NULL, 0, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { uint32_t c; printf("pcrevent: success\n"); /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ /* Table 71 - Definition of TPMT_HA Structure digests[] */ /* Table 70 - Definition of TPMU_HA Union digests */ printf("pcrevent: count %u\n", out.digests.count); for (c = 0 ; c < out.digests.count ;c++) { switch (out.digests.digests[c].hashAlg) { case TPM_ALG_SHA1: if (verbose) printf("Hash algorithm SHA-1\n"); if (verbose) TSS_PrintAll("Digest", (uint8_t *)&out.digests.digests[c].digest.sha1, SHA1_DIGEST_SIZE); if (outFilename1 != NULL) { rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha1, SHA1_DIGEST_SIZE, outFilename1); } break; case TPM_ALG_SHA256: if (verbose) printf("Hash algorithm SHA-256\n"); if (verbose) TSS_PrintAll("Digest", (uint8_t *)&out.digests.digests[c].digest.sha256, SHA256_DIGEST_SIZE); if (outFilename2 != NULL) { rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha256, SHA256_DIGEST_SIZE, outFilename2); } break; case TPM_ALG_SHA384: if (verbose) printf("Hash algorithm SHA-384\n"); if (verbose) TSS_PrintAll("Digest", (uint8_t *)&out.digests.digests[c].digest.sha384, SHA384_DIGEST_SIZE); if (outFilename3 != NULL) { rc = TSS_File_WriteBinaryFile((uint8_t *)&out.digests.digests[c].digest.sha384, SHA384_DIGEST_SIZE, outFilename3); } break; default: printf("Hash algorithm %04x unknown\n", out.digests.digests[c].hashAlg); break; } } } else { const char *msg; const char *submsg; const char *num; printf("pcrevent: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("pcrevent\n"); printf("\n"); printf("Runs TPM2_PCR_Event\n"); printf("\n"); printf("\t-ha pcr handle\n"); printf("\t-ic data string\n"); printf("\t-if data file\n"); printf("\t[-of1 sha1 output digest file]\n"); printf("\t[-of2 sha256 output digest file]\n"); printf("\t[-of3 sha384 output digest file]\n"); exit(1); } ./utils/tssutils.c0000644000175000017500000002155113070736653012377 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS and Application Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssutils.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #define TSS_ALLOC_MAX 0x10000 /* 64k bytes */ extern int tssVerbose; extern int tssVverbose; /* TSS_Malloc() is a general purpose wrapper around malloc() */ TPM_RC TSS_Malloc(unsigned char **buffer, uint32_t size) { TPM_RC rc = 0; /* assertion test. The coding style requires that all allocated pointers are initialized to NULL. A non-NULL value indicates either a missing initialization or a pointer reuse (a memory leak). */ if (rc == 0) { if (*buffer != NULL) { if (tssVerbose) printf("TSS_Malloc: Error (fatal), *buffer %p should be NULL before malloc\n", *buffer); rc = TSS_RC_ALLOC_INPUT; } } /* verify that the size is not "too large" */ if (rc == 0) { if (size > TSS_ALLOC_MAX) { if (tssVerbose) printf("TSS_Malloc: Error, size %u greater than maximum allowed\n", size); rc = TSS_RC_MALLOC_SIZE; } } /* verify that the size is not 0, this would be implementation defined and should never occur */ if (rc == 0) { if (size == 0) { if (tssVerbose) printf("TSS_Malloc: Error (fatal), size is zero\n"); rc = TSS_RC_MALLOC_SIZE; } } if (rc == 0) { *buffer = malloc(size); if (*buffer == NULL) { if (tssVerbose) printf("TSS_Malloc: Error allocating %u bytes\n", size); rc = TSS_RC_OUT_OF_MEMORY; } } return rc; } TPM_RC TSS_Realloc(unsigned char **buffer, uint32_t size) { TPM_RC rc = 0; unsigned char *tmpptr; /* verify that the size is not "too large" */ if (rc == 0) { if (size > TSS_ALLOC_MAX) { if (tssVerbose) printf("TSS_Realloc: Error, size %u greater than maximum allowed\n", size); rc = TSS_RC_MALLOC_SIZE; } } /* verify that the size is not 0, this should never occur */ if (rc == 0) { if (size == 0) { if (tssVerbose) printf("TSS_Malloc: Error (fatal), size is zero\n"); rc = TSS_RC_MALLOC_SIZE; } } if (rc == 0) { tmpptr = realloc(*buffer, size); if (tmpptr == NULL) { if (tssVerbose) printf("TSS_Realloc: Error reallocating %u bytes\n", size); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { *buffer = tmpptr; } return rc; } /* TSS_Structure_Marshal() is a general purpose "marshal a structure" function. It marshals the structure using "marshalFunction", and returns the malloc'ed stream. */ TPM_RC TSS_Structure_Marshal(uint8_t **buffer, /* freed by caller */ uint16_t *written, void *structure, MarshalFunction_t marshalFunction) { TPM_RC rc = 0; uint8_t *buffer1 = NULL; /* for marshaling, moves pointer */ /* marshal once to calculates the byte length */ if (rc == 0) { *written = 0; rc = marshalFunction(structure, written, NULL, NULL); } if (rc == 0) { rc = TSS_Malloc(buffer, *written); } if (rc == 0) { buffer1 = *buffer; *written = 0; rc = marshalFunction(structure, written, &buffer1, NULL); } return rc; } /* TSS_TPM2B_Copy() copies source to target if the source fits the target size */ TPM_RC TSS_TPM2B_Copy(TPM2B *target, TPM2B *source, uint16_t targetSize) { TPM_RC rc = 0; if (rc == 0) { if (source->size > targetSize) { if (tssVerbose) printf("TSS_TPM2B_Copy: size %u greater than target %u\n", source->size, targetSize); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { memmove(target->buffer, source->buffer, source->size); target->size = source->size; } return rc; } /* TSS_TPM2B_Append() appends the source TPM2B to the target TPM2B. It checks that the source fits the target size. The target size is the total size, not the size remaining. */ TPM_RC TSS_TPM2B_Append(TPM2B *target, TPM2B *source, uint16_t targetSize) { TPM_RC rc = 0; if (rc == 0) { if (target->size + source->size > targetSize) { if (tssVerbose) printf("TSS_TPM2B_Append: size %u greater than target %u\n", target->size + source->size, targetSize); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { memmove(target->buffer + target->size, source->buffer, source->size); target->size += source->size; } return rc; } /* TSS_TPM2B_Create() copies the buffer of 'size' into target, checking targetSize */ TPM_RC TSS_TPM2B_Create(TPM2B *target, uint8_t *buffer, uint16_t size, uint16_t targetSize) { TPM_RC rc = 0; if (rc == 0) { if (size > targetSize) { if (tssVerbose) printf("TSS_TPM2B_Create: size %u greater than target %u\n", size, targetSize); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { target->size = size; memmove(target->buffer, buffer, size); } return rc; } /* TSS_TPM2B_CreateUint32() creates a TPM2B from a uint32_t, typically a permanent handle */ TPM_RC TSS_TPM2B_CreateUint32(TPM2B *target, uint32_t source, uint16_t targetSize) { TPM_RC rc = 0; if (rc == 0) { if (sizeof(uint32_t) > targetSize) { if (tssVerbose) printf("TSS_TPM2B_CreateUint32: size %u greater than target %u\n", (unsigned int)sizeof(uint32_t), targetSize); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { uint32_t sourceNbo = htonl(source); memmove(target->buffer, (uint8_t *)&sourceNbo, sizeof(uint32_t)); target->size = sizeof(uint32_t); } return rc; } /* TSS_TPM2B_StringCopy() copies a NUL terminated string (omitting the NUL) from source to target. It checks that the string will fit in targetSize. If source is NULL, creates a TPM2B of size 0. */ TPM_RC TSS_TPM2B_StringCopy(TPM2B *target, const char *source, uint16_t targetSize) { TPM_RC rc = 0; size_t length; if (source != NULL) { if (rc == 0) { length = strlen(source); if (length > targetSize) { if (tssVerbose) printf("TSS_TPM2B_StringCopy: size %u greater than target %u\n", (unsigned int)length, targetSize); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { target->size = length; memcpy(target->buffer, source, length); } } else { target->size = 0; } return rc; } int TSS_TPM2B_Compare(TPM2B *expect, TPM2B *actual) { int irc; int match = YES; if (match == YES) { if (expect->size != actual->size) { match = NO; } } if (match == YES) { irc = memcmp(expect->buffer, actual->buffer, expect->size); if (irc != 0) { match = NO; } } return match; } ./utils/fail.c0000644000175000017500000000453212743244171011413 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: fail.c 684 2016-07-18 21:22:01Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include "fail.h" // 9.15.4.2 TpmFail() extern int tssVerbose; void TpmFail( const char *function, int line, int code ) { function = function; if (tssVerbose) printf("Failure: line %d code %d\n", line, code); } ./utils/setprimarypolicy.c0000644000175000017500000002007513075204375014120 0ustar lo1lo1/********************************************************************************/ /* */ /* SetPrimaryPolicy */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: setprimarypolicy.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; SetPrimaryPolicy_In in; char authHandleChar = 'p'; const char *authPassword = NULL; const char *policyFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); in.hashAlg = TPM_ALG_NULL; /* default */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (policyFilename != NULL) { if (in.hashAlg == TPM_ALG_NULL) { printf("-pol requires -halg\n"); printUsage(); } } else { if (in.hashAlg != TPM_ALG_NULL) { printf("-halg requires -pol\n"); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (authHandleChar == 'l') { in.authHandle = TPM_RH_LOCKOUT; } else if (authHandleChar == 'e') { in.authHandle = TPM_RH_ENDORSEMENT; } else if (authHandleChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (authHandleChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else { printf("Missing or illegal -hi\n"); printUsage(); } } /* authorization policy */ if (policyFilename != NULL) { rc = TSS_File_Read2B(&in.authPolicy.b, sizeof(TPMU_HA), policyFilename); } else { in.authPolicy.t.size = 0; /* default empty policy */ } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_SetPrimaryPolicy, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("setprimarypolicy: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("setprimarypolicy: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("setprimarypolicy\n"); printf("\n"); printf("Runs TPM2_SetPrimaryPolicy\n"); printf("\n"); printf("\t[-hi authhandle hierarchy (l, e, o, p) (default platform)]\n"); printf("\t[-pwda authorization password (default empty)]\n"); printf("\t[-pol policy file (default empty policy)]\n"); printf("\t[-halg (sha1, sha256) (default null)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/tsssocket.c0000644000175000017500000004637713071216651012534 0ustar lo1lo1/********************************************************************************/ /* */ /* Socket Transmit and Receive Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tsssocket.c 981 2017-04-05 16:39:05Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include /* TSS_SOCKET_FD encapsulates the differences between the Posix and Windows socket type */ #ifdef TPM_POSIX #include #include #include #include #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #include #include #include "tssproperties.h" #include #include "tsssocket.h" /* local prototypes */ static uint32_t TSS_Socket_Open(TSS_CONTEXT *tssContext, short port); static uint32_t TSS_Socket_SendCommand(TSS_CONTEXT *tssContext, const uint8_t *buffer, uint16_t length, const char *message); static uint32_t TSS_Socket_SendPlatform(TSS_SOCKET_FD sock_fd, uint32_t command, const char *message); static uint32_t TSS_Socket_ReceiveCommand(TSS_CONTEXT *tssContext, uint8_t *buffer, uint32_t *length); static uint32_t TSS_Socket_ReceivePlatform(TSS_SOCKET_FD sock_fd); static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd, uint8_t *buffer, uint32_t nbytes); static uint32_t TSS_Socket_SendBytes(TSS_SOCKET_FD sock_fd, const uint8_t *buffer, size_t length); static uint32_t TSS_Socket_GetServerType(TSS_CONTEXT *tssContext, int *mssim); extern int tssVverbose; extern int tssVerbose; /* TSS_Socket_TransmitPlatform() transmits MS simulator platform administrative commands */ TPM_RC TSS_Socket_TransmitPlatform(TSS_CONTEXT *tssContext, uint32_t command, const char *message) { TPM_RC rc = 0; int mssim; /* boolean, true for MS simulator packet format, false for raw packet format */ /* open on first transmit */ if (tssContext->tssFirstTransmit) { /* detect errors before starting, get the server packet type, MS sim or raw */ if (rc == 0) { rc = TSS_Socket_GetServerType(tssContext, &mssim); } /* the platform administrative commands can only work with the simulator */ if (rc == 0) { if (!mssim) { if (tssVerbose) printf("TSS_Socket_TransmitPlatform: server type %s unsupported\n", tssContext->tssServerType); rc = TSS_RC_INSUPPORTED_INTERFACE; } } if (rc == 0) { rc = TSS_Socket_Open(tssContext, tssContext->tssPlatformPort); } if (rc == 0) { tssContext->tssFirstTransmit = FALSE; } } if (rc == 0) { rc = TSS_Socket_SendPlatform(tssContext->sock_fd, command, message); } if (rc == 0) { rc = TSS_Socket_ReceivePlatform(tssContext->sock_fd); } return rc; } /* TSS_Socket_Transmit() transmits the TPM command and receives the response. It can return socket transmit and receive packet errors, but normally returns the TPM response code. */ TPM_RC TSS_Socket_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message) { TPM_RC rc = 0; int mssim; /* boolean, true for MS simulator packet format, false for raw packet format */ /* open on first transmit */ if (tssContext->tssFirstTransmit) { /* detect errors before starting, get the server packet type, MS sim or raw */ if (rc == 0) { rc = TSS_Socket_GetServerType(tssContext, &mssim); } if (rc == 0) { rc = TSS_Socket_Open(tssContext, tssContext->tssCommandPort); } if (rc == 0) { tssContext->tssFirstTransmit = FALSE; } } /* send the command over the socket. Error if the socket send fails. */ if (rc == 0) { rc = TSS_Socket_SendCommand(tssContext, commandBuffer, written, message); } /* receive the response over the socket. Returns socket errors, malformed response errors. Else returns the TPM response code. */ if (rc == 0) { rc = TSS_Socket_ReceiveCommand(tssContext, responseBuffer, read); } return rc; } /* TSS_Socket_GetssrverType() gets the type of server packet format Currently, the two formats supported are: mssim TRUE - the MS simulator packet FALSE - raw TPM specification Part 3 packets */ static uint32_t TSS_Socket_GetServerType(TSS_CONTEXT *tssContext, int *mssim) { uint32_t rc = 0; if (rc == 0) { if ((strcmp(tssContext->tssServerType, "mssim") == 0)) { *mssim = TRUE; } else if ((strcmp(tssContext->tssServerType, "raw") == 0)) { *mssim = FALSE; } else { if (tssVerbose) printf("TSS_Socket_GetServerType: server type %s unsupported\n", tssContext->tssServerType); rc = TSS_RC_INSUPPORTED_INTERFACE; } } return rc; } /* TSS_Socket_Open() opens the socket to the TPM Host emulation to tssServerName:port */ static uint32_t TSS_Socket_Open(TSS_CONTEXT *tssContext, short port) { #ifdef TPM_WINDOWS WSADATA wsaData; int irc; #endif struct sockaddr_in serv_addr; struct hostent *host = NULL; if (tssVverbose) printf("TSS_Socket_Open: Opening %s:%hu-%s\n", tssContext->tssServerName, port, tssContext->tssServerType); /* create a socket */ #ifdef TPM_WINDOWS if ((irc = WSAStartup(0x202, &wsaData)) != 0) { /* if not successful */ if (tssVerbose) printf("TSS_Socket_Open: Error, WSAStartup failed\n"); WSACleanup(); return TSS_RC_NO_CONNECTION; } if ((tssContext->sock_fd = socket(AF_INET,SOCK_STREAM, 0)) == INVALID_SOCKET) { if (tssVerbose) printf("TSS_Socket_Open: client socket() error: %u\n", tssContext->sock_fd); return TSS_RC_NO_CONNECTION; } #endif #ifdef TPM_POSIX if ((tssContext->sock_fd = socket(AF_INET,SOCK_STREAM, 0)) < 0) { if (tssVerbose) printf("TSS_Socket_Open: client socket error: %d %s\n", errno,strerror(errno)); return TSS_RC_NO_CONNECTION; } #endif memset((char *)&serv_addr,0x0,sizeof(serv_addr)); serv_addr.sin_family = AF_INET; serv_addr.sin_port = htons(port); /* the server host name tssServerName came from the default or an environment variable */ /* first assume server is dotted decimal number and call inet_addr */ if ((int)(serv_addr.sin_addr.s_addr = inet_addr(tssContext->tssServerName)) == -1) { /* if inet_addr fails, assume server is a name and call gethostbyname to look it up */ /* if gethostbyname also fails */ if ((host = gethostbyname(tssContext->tssServerName)) == NULL) { if (tssVerbose) printf("TSS_Socket_Open: server name error, name %s\n", tssContext->tssServerName); return TSS_RC_NO_CONNECTION; } serv_addr.sin_family = host->h_addrtype; memcpy(&serv_addr.sin_addr, host->h_addr, host->h_length); } /* establish the connection to the TPM server */ #ifdef TPM_POSIX if (connect(tssContext->sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) < 0) { if (tssVerbose) printf("TSS_Socket_Open: Error on connect to %s:%u\n", tssContext->tssServerName, port); if (tssVerbose) printf("TSS_Socket_Open: client connect: error %d %s\n", errno,strerror(errno)); return TSS_RC_NO_CONNECTION; } #endif #ifdef TPM_WINDOWS if (connect(tssContext->sock_fd, (struct sockaddr *)&serv_addr, sizeof(serv_addr)) != 0) { if (tssVerbose) printf("TSS_Socket_Open: Error on connect to %s:%u\n", tssContext->tssServerName, port); if (tssVerbose) printf("TSS_Socket_Open: client connect: error %d %s\n", errno,strerror(errno)); return TSS_RC_NO_CONNECTION; } #endif else { /* printf("TSS_Socket_Open: client connect: success\n"); */ } return 0; } /* TSS_Socket_SendCommand() sends the TPM command packet over the socket. The MS simulator packet is of the form: TPM_SEND_COMMAND locality 0 length TPM command packet (this is the raw packet format) Returns an error if the socket send fails. */ static uint32_t TSS_Socket_SendCommand(TSS_CONTEXT *tssContext, const uint8_t *buffer, uint16_t length, const char *message) { uint32_t rc = 0; int mssim; /* boolean, true for MS simulator packet format, false for raw packet format */ if (message != NULL) { if (tssVverbose) printf("TSS_Socket_SendCommand: %s\n", message); } /* trace the command packet */ if ((rc == 0) && tssVverbose) { TSS_PrintAll("TSS_Socket_SendCommand", buffer, length); } /* get the server packet type, MS sim or raw */ if (rc == 0) { rc = TSS_Socket_GetServerType(tssContext, &mssim); } /* MS simulator wants a command type, locality, length */ if ((rc == 0) && mssim) { uint32_t commandType = htonl(TPM_SEND_COMMAND); /* command type is network byte order */ rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t)); } if ((rc == 0) && mssim) { uint8_t locality = 0; rc = TSS_Socket_SendBytes(tssContext->sock_fd, &locality, sizeof(uint8_t)); } if ((rc == 0) && mssim) { uint32_t lengthNbo = htonl(length); /* length is network byte order */ rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&lengthNbo, sizeof(uint32_t)); } /* all packet formats (types) send the TPM command packet */ if (rc == 0) { rc = TSS_Socket_SendBytes(tssContext->sock_fd, buffer, length); } return rc; } /* TSS_Socket_SendPlatform() transmits MS simulator platform administrative commands. This function should only be called if the TPM supports administrative commands. Returns an error if the socket send fails. */ static uint32_t TSS_Socket_SendPlatform(TSS_SOCKET_FD sock_fd, uint32_t command, const char *message) { uint32_t rc = 0; if (message != NULL) { if (tssVverbose) printf("TSS_Socket_SendPlatform: %s\n", message); } if (tssVverbose) printf("TSS_Socket_SendPlatform: Command %08x\n", command); /* MS simulator platform commands */ if (rc == 0) { uint32_t commandNbo = htonl(command); /* command is network byte order */ rc = TSS_Socket_SendBytes(sock_fd, (uint8_t *)&commandNbo , sizeof(uint32_t)); } return rc; } /* TSS_Socket_SendBytes() is the low level sent function that transmits the buffer over the socket. It handles partial writes by looping. */ static uint32_t TSS_Socket_SendBytes(TSS_SOCKET_FD sock_fd, const uint8_t *buffer, size_t length) { int nwritten = 0; size_t nleft = 0; unsigned int offset = 0; nleft = length; while (nleft > 0) { #ifdef TPM_POSIX nwritten = write(sock_fd, &buffer[offset], nleft); if (nwritten < 0) { /* error */ if (tssVerbose) printf("TSS_Socket_SendBytes: write error %d\n", (int)nwritten); return TSS_RC_BAD_CONNECTION; } #endif #ifdef TPM_WINDOWS /* cast for winsock. Unix uses void * */ nwritten = send(sock_fd, (char *)(&buffer[offset]), nleft, 0); if (nwritten == SOCKET_ERROR) { /* error */ if (tssVerbose) printf("TSS_Socket_SendBytes: write error %d\n", (int)nwritten); return TSS_RC_BAD_CONNECTION; } #endif nleft -= nwritten; offset += nwritten; } return 0; } /* TSS_Socket_ReceiveCommand() reads a TPM response packet from the socket. 'buffer' must be at least MAX_RESPONSE_SIZE bytes. The bytes read are returned in 'length'. The MS simulator packet is of the form: length TPM response packet (this is the raw packet format) acknowledgement uint32_t zero If the receive succeeds, returns TPM packet error code. Validates that the packet length and the packet responseSize match */ static uint32_t TSS_Socket_ReceiveCommand(TSS_CONTEXT *tssContext, uint8_t *buffer, uint32_t *length) { uint32_t rc = 0; uint32_t responseSize = 0; uint32_t responseLength = 0; uint8_t *bufferPtr = buffer; /* the moving buffer */ TPM_RC responseCode; INT32 size; /* dummy for unmarshal call */ int mssim; /* boolean, true for MS simulator packet format, false for raw packet format */ /* get the server packet type, MS sim or raw */ if (rc == 0) { rc = TSS_Socket_GetServerType(tssContext, &mssim); } /* read the length prepended by the simulator */ if ((rc == 0) && mssim) { rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, (uint8_t *)&responseLength, sizeof(uint32_t)); responseLength = ntohl(responseLength); } /* read the tag and responseSize */ if (rc == 0) { rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, bufferPtr, sizeof(TPM_ST) + sizeof(uint32_t)); } /* extract the responseSize */ if (rc == 0) { /* skip over tag to responseSize */ bufferPtr += sizeof(TPM_ST); size = sizeof(uint32_t); /* dummy for call */ rc = UINT32_Unmarshal(&responseSize, &bufferPtr, &size); *length = responseSize; /* returned length */ /* check the response size, see TSS_CONTEXT structure */ if (responseSize > MAX_RESPONSE_SIZE) { if (tssVerbose) printf("TSS_Socket_ReceiveCommand: ERROR: responseSize %u greater than %u\n", responseSize, MAX_RESPONSE_SIZE); rc = TSS_RC_BAD_CONNECTION; } /* check that MS sim prepended length is the same as the response TPM packet length parameter */ if (mssim && (responseSize != responseLength)) { if (tssVerbose) printf("TSS_Socket_ReceiveCommand: " "ERROR: responseSize %u not equal to responseLength %u\n", responseSize, responseLength); rc = TSS_RC_BAD_CONNECTION; } } /* read the rest of the packet */ if (rc == 0) { rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, bufferPtr, responseSize - (sizeof(TPM_ST) + sizeof(uint32_t))); } if ((rc == 0) && tssVverbose) { TSS_PrintAll("TSS_Socket_ReceiveCommand", buffer, responseSize); } /* read the MS sim acknowledgement */ TPM_RC acknowledgement; if ((rc == 0) && mssim) { rc = TSS_Socket_ReceiveBytes(tssContext->sock_fd, (uint8_t *)&acknowledgement, sizeof(uint32_t)); } /* extract the TPM return code from the packet */ if (rc == 0) { /* skip to responseCode */ bufferPtr = buffer + sizeof(TPM_ST) + sizeof(uint32_t); size = sizeof(TPM_RC); /* dummy for call */ rc = UINT32_Unmarshal(&responseCode, &bufferPtr, &size); } /* if there is no other (receive or unmarshal) error, return the TPM response code */ if (rc == 0) { rc = responseCode; } /* if there is no other (TPM response) error, return the MS simulator packet acknowledgement */ if ((rc == 0) && mssim) { rc = ntohl(acknowledgement); /* should always be zero */ } return rc; } /* TSS_Socket_ReceivePlatform reads MS simulator platform administrative responses. This function should only be called if the TPM supports administrative commands. The acknowledgement is a uint32_t zero. */ static uint32_t TSS_Socket_ReceivePlatform(TSS_SOCKET_FD sock_fd) { uint32_t rc = 0; TPM_RC acknowledgement; /* read the MS sim acknowledgement */ if (rc == 0) { rc = TSS_Socket_ReceiveBytes(sock_fd, (uint8_t *)&acknowledgement, sizeof(uint32_t)); } /* if there is no other error, return the MS simulator packet acknowledgement */ if (rc == 0) { rc = ntohl(acknowledgement); /* should always be zero */ } return rc; } /* TSS_Socket_ReceiveBytes() is the low level receive function that reads the buffer over the socket. 'buffer' must be atleast 'nbytes'. It handles partial reads by looping. */ static uint32_t TSS_Socket_ReceiveBytes(TSS_SOCKET_FD sock_fd, uint8_t *buffer, uint32_t nbytes) { int nread = 0; int nleft = 0; nleft = nbytes; while (nleft > 0) { #ifdef TPM_POSIX nread = read(sock_fd, buffer, nleft); if (nread < 0) { /* error */ if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read error %d\n", nread); return TSS_RC_BAD_CONNECTION; } #endif #ifdef TPM_WINDOWS /* cast for winsock. Unix uses void * */ nread = recv(sock_fd, (char *)buffer, nleft, 0); if (nread == SOCKET_ERROR) { /* error */ if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read error %d\n", nread); return TSS_RC_BAD_CONNECTION; } #endif else if (nread == 0) { /* EOF */ if (tssVerbose) printf("TSS_Socket_ReceiveBytes: read EOF\n"); return TSS_RC_BAD_CONNECTION; } nleft -= nread; buffer += nread; } return 0; } /* TSS_Socket_Close() closes the socket. It sends the TPM_SESSION_END required by the MS simulator. */ TPM_RC TSS_Socket_Close(TSS_CONTEXT *tssContext) { uint32_t rc = 0; int mssim; /* boolean, true for MS simulator packet format, false for raw packet format */ if (tssVverbose) printf("TSS_Socket_Close: Closing %s-%s\n", tssContext->tssServerName, tssContext->tssServerType); /* get the server packet type, MS sim or raw */ if (rc == 0) { rc = TSS_Socket_GetServerType(tssContext, &mssim); } /* the MS simulator expects a TPM_SESSION_END command before close */ if ((rc == 0) && mssim) { uint32_t commandType = htonl(TPM_SESSION_END); rc = TSS_Socket_SendBytes(tssContext->sock_fd, (uint8_t *)&commandType, sizeof(uint32_t)); } #ifdef TPM_POSIX if (close(tssContext->sock_fd) != 0) { if (tssVerbose) printf("TSS_Socket_Close: close error\n"); rc = TSS_RC_BAD_CONNECTION; } #endif #ifdef TPM_WINDOWS /* gracefully shut down the socket */ { int irc; irc = shutdown(tssContext->sock_fd, SD_SEND); if (irc == SOCKET_ERROR) { /* error */ if (tssVerbose) printf("TSS_Socket_Close: shutdown error\n"); rc = TSS_RC_BAD_CONNECTION; } } closesocket(tssContext->sock_fd); WSACleanup(); #endif return rc; } ./utils/nvundefinespacespecial.c0000644000175000017500000001563613055132457015225 0ustar lo1lo1/********************************************************************************/ /* */ /* NV Undefine Space Special */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvundefinespacespecial.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_UndefineSpaceSpecial_In in; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ const char *platformPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (rc == 0) { in.platform = TPM_RH_PLATFORM; in.nvIndex = nvIndex; /* the NV Index to remove from NV space */ } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_UndefineSpaceSpecial, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, platformPassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvundefinespacespecial: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvundefinespacespecial: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvundefinespacespecial\n"); printf("\n"); printf("Runs TPM2_NV_UndefineSpaceSpecial\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdp password for platform (default empty)\n"); printf("\t-pwdn password for NV index (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/policyor.c0000644000175000017500000001563713055132457012350 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyOR */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policyor.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; uint32_t j; PolicyOR_In in; TPMI_SH_POLICY policySession = 0; const char *pHashListFilename[8]; uint32_t count = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (policySession == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (count < 2) { printf("-if must be specified 2 to 8 times\n"); printUsage(); } if (rc == 0) { in.policySession = policySession; in.pHashList.count = count; } /* -if is specified 2-8 times and fills the pHashListFilename array of policy AND term file names */ for (j = 0 ; ((j < count) && (rc == 0)) ; j++) { rc = TSS_File_Read2B(&in.pHashList.digests[j].b, sizeof(TPMU_HA), pHashListFilename[j]); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyOR, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policyor: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policyor: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policyor\n"); printf("\n"); printf("Runs TPM2_PolicyOR\n"); printf("\n"); printf("\t-ha policy session handle\n"); printf("\t-if policy digest file (2-8 -if specifiers required)\n"); exit(1); } ./utils/makefile-common0000640000175000017500000001352013133212576013311 0ustar lo1lo1################################################################################# # # # # # TPM2 Library and Utilities makefile - Common to all variations # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile-common 2 2014-12-26 17:40:17Z kgoldman $ # # # # (c) Copyright IBM Corporation 2014 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # compile - common flags for TSS library and applications CCFLAGS += \ -Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ -Wformat=2 -Wold-style-definition \ -ggdb -O0 -c # to compile with optimizations on (warning will result) # -O3 -c # to compile with plaintext session state (see documentation) # -DTPM_ENCRYPT_SESSIONS_DEFAULT="\"0\"" CCFLAGS += -DTPM_NUVOTON # link - common flags for Posix and Windows, for TSS library and applications #LNFLAGS += -ggdb ALL += $(LIBTSS) \ $(LIBTSSA) \ activatecredential$(EXE) \ eventextend$(EXE) \ imaextend$(EXE) \ certify$(EXE) \ certifycreation$(EXE) \ changeeps$(EXE) \ changepps$(EXE) \ clear$(EXE) \ clearcontrol$(EXE) \ clockrateadjust$(EXE) \ clockset$(EXE) \ commit$(EXE) \ contextload$(EXE) \ contextsave$(EXE) \ create$(EXE) \ createloaded$(EXE) \ createprimary$(EXE) \ dictionaryattacklockreset$(EXE) \ dictionaryattackparameters$(EXE) \ duplicate$(EXE) \ eccparameters$(EXE) \ ecephemeral$(EXE) \ encryptdecrypt$(EXE) \ evictcontrol$(EXE) \ eventsequencecomplete$(EXE) \ flushcontext$(EXE) \ getcommandauditdigest$(EXE) \ getcapability$(EXE) \ getrandom$(EXE) \ getsessionauditdigest$(EXE) \ gettime$(EXE) \ hash$(EXE) \ hashsequencestart$(EXE) \ hierarchycontrol$(EXE) \ hierarchychangeauth$(EXE) \ hmac$(EXE) \ hmacstart$(EXE) \ import$(EXE) \ importpem$(EXE) \ load$(EXE) \ loadexternal$(EXE) \ makecredential$(EXE) \ nvcertify$(EXE) \ nvchangeauth$(EXE) \ nvdefinespace$(EXE) \ nvextend$(EXE) \ nvglobalwritelock$(EXE) \ nvincrement$(EXE) \ nvread$(EXE) \ nvreadlock$(EXE) \ nvreadpublic$(EXE) \ nvsetbits$(EXE) \ nvundefinespace$(EXE) \ nvundefinespacespecial$(EXE) \ nvwrite$(EXE) \ nvwritelock$(EXE) \ objectchangeauth$(EXE) \ pcrallocate$(EXE) \ pcrevent$(EXE) \ pcrextend$(EXE) \ pcrread$(EXE) \ pcrreset$(EXE) \ policyauthorize$(EXE) \ policyauthvalue$(EXE) \ policycommandcode$(EXE) \ policycphash$(EXE) \ policycountertimer$(EXE) \ policygetdigest$(EXE) \ policymaker$(EXE) \ policymakerpcr$(EXE) \ policynv$(EXE) \ policyauthorizenv$(EXE) \ policynvwritten$(EXE) \ policypassword$(EXE) \ policypcr$(EXE) \ policyor$(EXE) \ policyrestart$(EXE) \ policysigned$(EXE) \ policysecret$(EXE) \ policytemplate$(EXE) \ policyticket$(EXE) \ powerup$(EXE) \ quote$(EXE) \ readclock$(EXE) \ readpublic$(EXE) \ returncode$(EXE) \ rewrap$(EXE) \ rsadecrypt$(EXE) \ rsaencrypt$(EXE) \ sequencecomplete$(EXE) \ sequenceupdate$(EXE) \ setprimarypolicy$(EXE) \ shutdown$(EXE) \ sign$(EXE) \ startauthsession$(EXE) \ startup$(EXE) \ stirrandom$(EXE) \ unseal$(EXE) \ verifysignature$(EXE) \ \ signapp$(EXE) \ writeapp$(EXE) \ timepacket$(EXE) \ createek$(EXE) ALL += \ ntc2getconfig$(EXE) \ ntc2preconfig$(EXE) \ ntc2lockconfig$(EXE) # TSS shared library headers TSS_HEADERS += \ tssauth.h \ tssccattributes.h \ tssdev.h \ tsssocket.h \ fail.h \ tss2/tss.h \ tss2/tsscryptoh.h \ tss2/tsscrypto.h \ tss2/tsserror.h \ tss2/tssfile.h \ tss2/tssmarshal.h \ tss2/tssprint.h \ tssproperties.h \ tss2/tsstransmit.h \ tss2/tssresponsecode.h \ tss2/tssutils.h # TSS shared library object files TSS_OBJS += tss.o \ tssproperties.o \ tssmarshal.o \ tssauth.o \ tssutils.o \ tsssocket.o \ tssdev.o \ tsstransmit.o \ tssresponsecode.o \ tssccattributes.o \ fail.o \ tssprint.o \ Unmarshal.o \ Commands.o \ CommandAttributeData.o TSS_OBJS += ntc2lib.o \ tssntc.o ./utils/ekutils.h0000644000175000017500000001362313115776262012173 0ustar lo1lo1/********************************************************************************/ /* */ /* IWG EK Index Parsing Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ekutils.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef EKUTILS_H #define EKUTILS_H #include #include #include /* legacy TCG IWG NV indexes */ #define EK_CERT_RSA_INDEX 0x01c00002 #define EK_NONCE_RSA_INDEX 0x01c00003 #define EK_TEMPLATE_RSA_INDEX 0x01c00004 #define EK_CERT_EC_INDEX 0x01c0000a #define EK_NONCE_EC_INDEX 0x01c0000b #define EK_TEMPLATE_EC_INDEX 0x01c0000c #define MAX_ROOTS 100 /* 100 should be more than enough */ #ifdef __cplusplus extern "C" { #endif TPM_RC readNvBufferMax(TSS_CONTEXT *tssContext, uint32_t *nvBufferMax); TPM_RC getIndexSize(TSS_CONTEXT *tssContext, uint16_t *dataSize, TPMI_RH_NV_INDEX nvIndex); TPM_RC getIndexData(TSS_CONTEXT *tssContext, unsigned char **buffer, TPMI_RH_NV_INDEX nvIndex, uint16_t dataSize); TPM_RC getIndexContents(TSS_CONTEXT *tssContext, unsigned char **buffer, uint16_t *bufferSize, TPMI_RH_NV_INDEX nvIndex); void getRsaTemplate(TPMT_PUBLIC *tpmtPublic); void getEccTemplate(TPMT_PUBLIC *tpmtPublic); TPM_RC getIndexX509Certificate(TSS_CONTEXT *tssContext, X509 **certificate, TPMI_RH_NV_INDEX nvIndex); uint32_t getPubkeyFromDerCertFile(RSA **rsaPkey, X509 **x509, const char *derCertificateFileName); uint32_t getPubKeyFromX509Cert(RSA **rsaPkey, X509 *x509); TPM_RC getRootCertificateFilenames(char *rootFilename[], unsigned int *rootFileCount, const char *listFilename, int print); TPM_RC getCaStore(X509_STORE **caStore, X509 *caCert[], const char *rootFilename[], unsigned int rootFileCount); TPM_RC verifyCertificate(X509 *x509Certificate, const char *rootFilename[], unsigned int rootFileCount, int print); TPM_RC processEKNonce(TSS_CONTEXT *tssContext, unsigned char **nonce, uint16_t *nonceSize, TPMI_RH_NV_INDEX ekNonceIndex, int print); TPM_RC processEKTemplate(TSS_CONTEXT *tssContext, TPMT_PUBLIC *tpmtPublic, TPMI_RH_NV_INDEX ekTemplateIndex, int print); TPM_RC processEKCertificate(TSS_CONTEXT *tssContext, X509 **ekCertificate, uint8_t **modulusBin, int *modulusBytes, TPMI_RH_NV_INDEX ekCertIndex, int print); TPM_RC convertX509ToDer(uint32_t *certLength, unsigned char **certificate, X509 *x509Certificate); TPM_RC convertX509ToRsa(RSA **rsaPkey, X509 *x509); TPM_RC convertX509ToEc(EC_KEY **ecKey, X509 *x509); TPM_RC convertPemToX509(X509 **x509, const char *pemCertificate); TPM_RC convertCertificatePubKey(uint8_t **modulusBin, int *modulusBytes, X509 *ekCertificate, TPMI_RH_NV_INDEX ekCertIndex, int print); TPM_RC processRoot(TSS_CONTEXT *tssContext, TPMI_RH_NV_INDEX ekCertIndex, const char *rootFilename[], unsigned int rootFileCount, int print); TPM_RC processCreatePrimary(TSS_CONTEXT *tssContext, TPM_HANDLE *keyHandle, TPMI_RH_NV_INDEX ekCertIndex, unsigned char *nonce, uint16_t nonceSize, TPMT_PUBLIC *tpmtPublicIn, TPMT_PUBLIC *tpmtPublicOut, unsigned int noFlush, int print); TPM_RC processValidatePrimary(uint8_t *publicKeyBin, int publicKeyBytes, TPMT_PUBLIC *tpmtPublic, TPMI_RH_NV_INDEX ekCertIndex, int print); TPM_RC processPrimary(TSS_CONTEXT *tssContext, TPM_HANDLE *keyHandle, TPMI_RH_NV_INDEX ekCertIndex, TPMI_RH_NV_INDEX ekNonceIndex, TPMI_RH_NV_INDEX ekTemplateIndex, unsigned int noFlush, int print); TPM_RC TSS_RSAGetKey(const BIGNUM **n, const BIGNUM **e, const BIGNUM **d, const BIGNUM **p, const BIGNUM **q, const RSA *rsaKey); int TSS_Pubkey_GetAlgorithm(EVP_PKEY *pkey); #ifdef __cplusplus } #endif #endif ./utils/regtests/0000751000175000017500000000000013133212570012154 5ustar lo1lo1./utils/regtests/testbind.bat0000644000175000017500000005065713026012054014475 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testbind.bat 875 2016-12-19 17:09:00Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# REM setlocal enableDelayedExpansion echo "" echo "Bind session" echo "" echo "" echo "Bind session to Primary Key" echo "" echo "Bind session bound to primary key at 80000000" %TPM_EXE_PATH%startauthsession -se h -bi 80000000 -pwdb pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session, same object 80000000" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session, same object 80000000, wrong password does not matter" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create second primary key with different password 000 and Name" %TPM_EXE_PATH%createprimary -hi o -pwdk 000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Bind session bound to second primary key at 80000001, correct password" %TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb 000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session, different object 80000000" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session, different object 80000000, wrong password - should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Bind session bound to primary key at 80000000, wrong password" %TPM_EXE_PATH%startauthsession -se h -bi 80000000 -pwdb xxx > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session, same object 80000000 - should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the failing session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the second primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Bind session to Hierarchy" echo "" echo "Change platform hierarchy auth" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Bind session bound to platform hierarchy" %TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session, wrong password - should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create storage key using that bind session" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Bind session bound to platform hierarchy, wrong password" %TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb xxx > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session - should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Change platform hierarchy auth back to null" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Bind session to NV" echo "" echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out echo "NV Define Space" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 3 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Bind session bound to unwritten NV index at 01000000" %TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write HMAC using bind session to set written" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Bind session bound to written NV index at 01000000" %TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Write HMAC using bind session" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read HMAC using bind session" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read HMAC using bind session, wrong password does not matter" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn xxx -sz 3 -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using that bind session" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Encrypt with bind to same object" echo "" for %%M in (xor aes) do ( echo "Start an HMAC auth session with %%M encryption and bind to primary key at 80000000" %TPM_EXE_PATH%startauthsession -se h -sym %%M -bi 80000000 -pwdb pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using bind session, same object, wrong password" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using bind session, same object 80000000" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the key, with %%M encryption" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sealed object" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the %%M session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "Encrypt with bind to different object" echo "" for %%M in (xor aes) do ( echo "Start an HMAC auth session with %%M encryption and bind to platform auth" %TPM_EXE_PATH%startauthsession -se h -sym %%M -bi 4000000c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using bind session, different object, wrong password, should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create storage key using bind session, different object" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp pps -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the key, with %%M encryption" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sealed object" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the %%M session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "Encrypt with bind to different object, xor" echo "" echo "Start an HMAC auth session with xor encryption and bind to platform auth" %TPM_EXE_PATH%startauthsession -se h -sym xor -bi 4000000c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using bind session, different object, wrong password, should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create storage key using bind session, different object" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp pps -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the key, with xor encryption" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sealed object" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the xor session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Encrypt with bind to different object, aes" echo "" echo "Start an HMAC auth session with aes encryption and bind to platform auth" %TPM_EXE_PATH%startauthsession -se h -sym aes -bi 4000000c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create storage key using bind session, different object, wrong password, should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create storage key using bind session, different object" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp pps -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the key, with aes encryption" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps -se0 02000000 61 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sealed object" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the aes session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "PolicyAuthValue and bind to different object, command encryption" echo "" echo "Create a signing key under the primary key - policy command code - sign, auth" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session, bind to primary key" %TPM_EXE_PATH%startauthsession -se p -bi 80000000 -pwdb pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authvalue" %TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, command encrypt" %TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature" %TPM_EXE_PATH%verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "PolicyAuthValue and bind to same object, command encryption" echo "" echo "Create a signing key under the primary key - policy command code - sign, auth" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authvalue" %TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, command encrypt" %TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature" %TPM_EXE_PATH%verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "PolicyAuthValue and bind to different object, response encryption" echo "" echo "Create a storage key under the primary key - policy command code - create, auth" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp pps -pwdk sto -pol policies/policycccreate-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session, bind to primary key" %TPM_EXE_PATH%startauthsession -se p -bi 80000000 -pwdb pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - create" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authvalue" %TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key with response encryption" %TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key to verify response encryption" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "PolicyAuthValue and bind to same object, response encryption" echo "" echo "Create a storage key under the primary key - policy command code - create, auth" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp pps -pwdk sto -pol policies/policycccreate-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session, bind to storage key" %TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - create" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 153 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authvalue" %TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key with response encryption" %TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key to verify response encryption" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM # getcapability -cap 1 -pr 80000000 REM # getcapability -cap 1 -pr 02000000 ./utils/regtests/teststorage.sh0000755000175000017500000001254713077402444015104 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: teststorage.sh 997 2017-04-24 14:01:08Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # Primary storage key at 80000000 password pps # storage key at 80000001 password sto echo "" echo "Storage key" echo "" echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for NALG in "sha1" "sha256" "sha384" do for SESS in "" "-se0 02000000 1" do echo "Create an unrestricted signing key under the storage key ${NALG} ${SESS}" ${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg ${NALG} ${SESS} > run.out checkSuccess $? echo "Load the signing key under the storage key ${SESS}" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto ${SESS} > run.out checkSuccess $? echo "Read the signing key public area" ${PREFIX}readpublic -ho 80000002 -opu tmppub2.bin > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Load external, storage key public part ${NALG}" ${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu storepub.bin > run.out checkSuccess $? echo "Flush the public key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Load external, signing key public part ${NALG}" ${PREFIX}loadexternal -halg sha256 -nalg ${NALG} -ipu tmppub2.bin > run.out checkSuccess $? echo "Flush the public key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? done done echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "ECC Storage key" echo "" echo "Create a ECC primary storage key 80000001" ${PREFIX}createprimary -ecc nistp256 > run.out checkSuccess $? echo "Create a ECC storage key under the ECC primary storage key 80000001" ${PREFIX}create -hp 80000001 -ecc nistp256 -st -opr tmppriv.bin -opu tmppub.bin > run.out checkSuccess $? echo "Load the ECC storage key 80000002 under the ECC primary key 80000001" ${PREFIX}load -hp 80000001 -ipu tmppub.bin -ipr tmppriv.bin > run.out checkSuccess $? echo "Flush the ECC primary storage key 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Create a signing key under the ECC storage key 80000002" ${PREFIX}create -hp 80000002 -ecc nistp256 -si -opr tmppriv.bin -opu tmppub.bin > run.out checkSuccess $? echo "Load the ECC signing key 80000001 under the ECC storage key 80000002" ${PREFIX}load -hp 80000002 -ipu tmppub.bin -ipr tmppriv.bin > run.out checkSuccess $? echo "Sign a digest with ECC signing key 80000001" ${PREFIX}sign -hk 80000001 -ecc -if policies/sha256aaa.bin -os tmpsig.bin > run.out checkSuccess $? echo "Verify the signature using the ECC signing key 80000001" ${PREFIX}verifysignature -hk 80000001 -ecc -if policies/sha256aaa.bin -is tmpsig.bin > run.out checkSuccess $? echo "Flush the signing key 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the storage key 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? rm -f tmppub2.bin rm -f tmppub.bin rm -f tmppriv.bin rm -f tmpsig.bin # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testprimary.sh0000755000175000017500000001321313075663254015120 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testprimary.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Primary key - CreatePrimary" echo "" echo "Create a primary storage key" ${PREFIX}createprimary -hi p -pwdk pps > run.out checkSuccess $? echo "Read the public part" ${PREFIX}readpublic -ho 80000001 > run.out checkSuccess $? echo "Create a storage key under the primary key" ${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sto > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Load the storage key under the primary key - should fail" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkFailure $? echo "" echo "Primary key - CreatePrimary with no unique field" echo "" # no unique echo "Create a primary storage key with no unique field" ${PREFIX}createprimary -hi p -pwdk pps > run.out checkSuccess $? echo "Create a storage key under the primary key" ${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sto > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # empty unique echo "Create a primary storage key with empty unique field" touch empty.bin ${PREFIX}createprimary -hi p -pwdk pps -iu empty.bin > run.out checkSuccess $? echo "Load the original storage key under the primary key with empty unique field" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Primary key - CreatePrimary with unique field" echo "" # unique echo "Create a primary storage key with unique field" touch empty.bin ${PREFIX}createprimary -hi p -pwdk pps -iu policies/aaa > run.out checkSuccess $? echo "Load the original storage key under the primary key - should fail" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkFailure $? echo "Create a storage key under the primary key" ${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sto > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # same unique echo "Create a primary storage key with same unique field" ${PREFIX}createprimary -hi p -pwdk pps -iu policies/aaa > run.out checkSuccess $? echo "Load the previous storage key under the primary key" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # cleanup rm -f empty.bin # ${PREFIX}getcapability -cap 1 -pr 80000000 ./utils/regtests/teststorage.bat0000644000175000017500000001452413105360404015221 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: teststorage.bat 1008 2017-05-12 16:21:24Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015, 2017 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion REM Primary storage key at 80000000 password pps REM storage key at 80000001 password sto echo "" echo "Storage key" echo "" echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%N in (sha1 sha256 sha384) do ( for %%S in ("" "-se0 02000000 1") do ( echo "Create an unrestricted signing key under the storage key %%N %%~S" %TPM_EXE_PATH%create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk 111 -nalg %%N %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the storage key %%~S" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the signing key public area" %TPM_EXE_PATH%readpublic -ho 80000002 -opu tmppub2.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load external just the storage key public part %%N" %TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu storepub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the public key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load external, signing key public part %%N" %TPM_EXE_PATH%loadexternal -halg sha256 -nalg %%N -ipu tmppub2.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the public key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "ECC Storage key" echo "" echo "Create a ECC primary storage key 80000001" %TPM_EXE_PATH%createprimary -ecc nistp256 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a ECC storage key under the ECC primary storage key 80000001" %TPM_EXE_PATH%create -hp 80000001 -ecc nistp256 -st -opr tmppriv.bin -opu tmppub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the ECC storage key 80000002 under the ECC primary key 80000001" %TPM_EXE_PATH%load -hp 80000001 -ipu tmppub.bin -ipr tmppriv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the ECC primary storage key 80000001" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key under the ECC storage key 80000002" %TPM_EXE_PATH%create -hp 80000002 -ecc nistp256 -si -opr tmppriv.bin -opu tmppub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the ECC signing key 80000001 under the ECC storage key 80000002" %TPM_EXE_PATH%load -hp 80000002 -ipu tmppub.bin -ipr tmppriv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with ECC signing key 80000001" %TPM_EXE_PATH%sign -hk 80000001 -ecc -if policies/sha256aaa.bin -os tmpsig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using the ECC signing key 80000001" %TPM_EXE_PATH%verifysignature -hk 80000001 -ecc -if policies/sha256aaa.bin -is tmpsig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key 80000001" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key 80000002" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -f tmppub2.bin rm -f tmppub.bin rm -f tmppriv.bin rm -f tmpsig.bin exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testnv.bat0000644000175000017500000005721413003415405014202 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testnv.bat 783 2016-10-24 14:30:29Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "NV" echo "" echo "" echo "NV Ordinary Index" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) set NALG=sha1 sha256 sha384 set BADNALG=sha256 sha384 sha1 set i=0 for %%N in (!NALG!) do set /A i+=1 & set NALG[!i!]=%%N set i=0 for %%B in (!BADNALG!) do set /A i+=1 & set BADNALG[!i!]=%%B set L=!i! for /L %%i in (1,1,!L!) do ( for %%S in ("" "-se0 02000000 1") do ( echo "NV Define Space !NALG[%%i]!" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -nalg !NALG[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name bad Name algorithm !BADNALG[%%i]! - should fail" %TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg !BADNALG[%%i]! > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV read - should fail before write %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV write %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 -of tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the read data" diff policies/aaa tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read, invalid offset - should fail %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 -off 1 -of tmp.bin %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV read, invalid size - should fail %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 17 -of tmp.bin %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space again should fail" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Define Space out of range - should fail" %TPM_EXE_PATH%nvdefinespace -hi o -ha 02000000 -pwdn nnn -sz 16 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "" echo "NV Set Bits Index" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "NV Define Space" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty b > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read - should fail before write %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Set bits 0, 16, 32, 48 %%~S" %TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn -bit 0 -bit 16 -bit 32 -bit 48 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the set bits %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the read data" diff policies/bits48321601.bin tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV Counter Index" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "NV Define Space" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the count - should fail before write %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Increment the count %%~S" %TPM_EXE_PATH%nvincrement -ha 01000000 -pwdn nnn %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the count %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM FIXME need some way to verify the count echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV Extend Index" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( set SZ=20 32 48 set HALG=sha1 sha256 sha384 set i=0 for %%a in (!SZ!) do set /A i+=1 & set SZ[!i!]=%%a set i=0 for %%b in (!HALG!) do set /A i+=1 & set HALG[!i!]=%%b set L=!i! for /L %%i in (1,1,!L!) do ( echo "NV Define Space !HALG[%%i]!" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty e -nalg !HALG[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public !HALG[%%i]!" %TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg !HALG[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read, unwritten Name - should fail before write %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 32 -of tmp.bin %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV extend %%~S" %TPM_EXE_PATH%nvextend -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read size !SZ[%%i]!} %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz !SZ[%%i]! -of tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the read data !HALG[%%i]!" diff policies/!HALG[%%i]!extaaa.bin tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 REM getcapability -cap 1 -pr 01000000 echo "" echo "NV Owner auth" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "Set owner auth %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi o -pwdn ooo %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Define an NV index with owner auth %%~S" %TPM_EXE_PATH%nvdefinespace -hi o -hia o -ha 01000000 -pwdp ooo %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read public, get Name, not written" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write with NV password %%~S - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn %%~S> run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV write with owner password %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia o -pwdn ooo %%~S> run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read with NV password %%~S - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV read with owner password %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -hia o -pwdn ooo %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine authorizing index %%~S" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 -pwdp ooo %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear owner auth %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi o -pwda ooo %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 REM getcapability -cap 1 -pr 01000000 echo "" echo "NV Platform auth" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "Set platform auth %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp %%~S> run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Define an NV index with platform auth %%~S" %TPM_EXE_PATH%nvdefinespace -hi p -hia p -ha 01000000 -pwdp ppp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read public, get Name, not written" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write with NV password %%~S - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV write with platform password %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -pwdn ppp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read with NV password %%~S - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV write with platform password %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -pwdn ppp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine authorizing index %%~S" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 -pwdp ppp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear platform auth %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Write Lock" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "NV Define Space with write define" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at wd > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Write lock %%~S" %TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write %%~S - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV read %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Read Lock" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "NV Define Space with read stclear" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read lock %%~S" %TPM_EXE_PATH%nvreadlock -ha 01000000 -pwdn nnn %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read %%~S - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Global Lock" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "NV Define Space 01000000 with global lock" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at gl > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Define Space 01000001 with global lock" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at gl > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write 01000000 %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write 01000001 %%~S" %TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV global lock" %TPM_EXE_PATH%nvglobalwritelock -hia p IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, 01000000, locked" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, 01000001, locked" %TPM_EXE_PATH%nvreadpublic -ha 01000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write 01000000 %%~S - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV write 01000001 %%~S - should fail" %TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV read 01000000 %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read 01000001 %%~S" %TPM_EXE_PATH%nvread -ha 01000001 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space 01000000" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space 01000001" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV Change Authorization" echo "" REM policy is policycommandcode + policyauthvalue REM aa 83 a5 98 d9 3a 56 c9 ca 6f ea 7c 3f fc 4e 10 REM 63 57 ff 6d 93 e1 1a 9b 4a c2 b6 aa e1 2b a0 de echo "NV Define Space with POLICY_DELETE and no policy - should fail" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 +at pold > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Start an HMAC session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "NV Define Space 0100000" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code" %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 0000013b IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authvalue" %TPM_EXE_PATH%policyauthvalue -ha 03000001 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Change authorization" %TPM_EXE_PATH%nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write %%~S, old auth - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV read %%~S, old auth - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 3 %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV write %%~S" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn xxx -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read %%~S" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn xxx -sz 3 %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 03000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV Change Authorization with bind" echo "" echo "NV Define Space 0100000" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC session, bind to NV index" %TPM_EXE_PATH%startauthsession -se h -bi 01000000 -pwdb nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code" %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 0000013b IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authvalue" %TPM_EXE_PATH%policyauthvalue -ha 03000001 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Change authorization" %TPM_EXE_PATH%nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 03000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV Undefine space special" echo "" REM policy is policy command code + policy password echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%P in (policyauthvalue policypassword) do ( echo "NV Define Space 0100000" %TPM_EXE_PATH%nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 +at pold -pol policies/policyccundefinespacespecial-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Undefine space special - should fail" %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -pwdn nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Undefine space special - should fail" %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy command code, NV undefine space special" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 11f > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Undefine space special - should fail" %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy %%P" %TPM_EXE_PATH%%%P -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Undefine space special" %TPM_EXE_PATH%nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 REM getcapability -cap 1 -pr 01000000 ./utils/regtests/testpolicy138.sh0000755000175000017500000002016713011163114015152 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testpolicy138.sh 793 2016-11-10 21:27:40Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # Policy command code - sign # cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16 # 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811 # NV index name after written # 000b # 5e8e bdf0 4581 9419 070c 7d57 77bf eb61 # ffac 4996 ea4b 6fba de6d a42b 632d 4918 # Policy Authorize NV with above Name # 66 1f a1 02 db cd c2 f6 a0 61 7b 33 a0 ee 6d 95 # ab f6 2c 76 b4 98 b2 91 10 0d 30 91 19 f4 11 fa # Policy in NV index 01000000 # signing key 80000001 echo "" echo "Policy Authorize NV" echo "" echo "Start a policy session 03000000" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Create a signing key, policyauthnv" ${PREFIX}create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyauthorizenv.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "NV Define Space" ${PREFIX}nvdefinespace -hi o -ha 01000000 -sz 50 > run.out checkSuccess $? echo "NV not written, policyauthorizenv - should fail" ${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out checkFailure $? echo "Write algorithm ID into NV index 01000000" ${PREFIX}nvwrite -ha 01000000 -off 0 -if policies/sha256.bin > run.out checkSuccess $? echo "Write policy command code sign into NV index 01000000" ${PREFIX}nvwrite -ha 01000000 -off 2 -if policies/policyccsign.bin > run.out checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Policy get digest - should be cc 69 ..." ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Policy Authorize NV against 01000000" ${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 checkSuccess $? echo "Policy get digest - should be 66 1f ..." ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy and wrong password" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out checkSuccess $? echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Policy Authorize NV against 01000000" ${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 checkSuccess $? echo "Quote - policy, should fail" ${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Policy command code - quote" ${PREFIX}policycommandcode -ha 03000000 -cc 158 > run.out checkSuccess $? echo "Policy Authorize NV against 01000000 - should fail" ${PREFIX}policyauthorizenv -ha 01000000 -hs 03000000 > run.out checkFailure $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkSuccess $? echo "Flush the policy session 03000000" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "Flush the signing key 80000001 " ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Policy Template" echo "" # create template hash # run createprimary -si -v, extract template # policies/policytemplate.txt # 00 01 00 0b 00 04 04 72 00 00 00 10 00 10 08 00 # 00 00 00 00 00 00 # policymaker -if policies/policytemplate.txt -pr -of policies/policytemplate.bin -nz # -nz says do not extend, just hash the hexascii line # yields a template hash for policytemplate # ef 64 da 91 18 fc ac 82 f4 36 1b 28 84 28 53 d8 # aa f8 7d fc e1 45 e9 25 cf fe 58 68 aa 2d 22 b6 # prepend the command code 00000190 to ef 64 ... and construct the actual object policy # policymaker -if policies/policytemplatehash.txt -pr -of policies/policytemplatehash.bin # fb 94 b1 43 e5 2b 07 95 b7 ec 44 37 79 99 d6 47 # 70 1c ae 4b 14 24 af 5a b8 7e 46 f2 58 af eb de echo "" echo "Policy Template with TPM2_Create" echo "" echo "Create a primary storage key policy template, 80000001" ${PREFIX}createprimary -hi p -pol policies/policytemplatehash.bin > run.out checkSuccess $? echo "Start a policy session 03000000" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy Template" ${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out checkSuccess $? echo "Policy get digest - should be fb 94 ... " ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Create signing key under primary key" ${PREFIX}create -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out checkSuccess $? echo "" echo "Policy Template with TPM2_CreateLoaded" echo "" echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Policy Template" ${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out checkSuccess $? echo "Policy get digest - should be fb 94 ... " ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Create loaded signing key under primary key" ${PREFIX}createloaded -si -hp 80000001 -kt f -kt p -se0 03000000 1 checkSuccess $? echo "Flush the primary key 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the created key 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "" echo "Policy Template with TPM2_CreatePrimary" echo "" echo "Set primary policy for platform hierarchy" ${PREFIX}setprimarypolicy -hi p -halg sha256 -pol policies/policytemplatehash.bin > run.out checkSuccess $? echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Policy Template" ${PREFIX}policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out checkSuccess $? echo "Policy get digest - should be fb 94 ... " ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Create loaded primary signing key policy template, 80000001" ${PREFIX}createprimary -si -hi p -se0 03000000 0 > run.out checkSuccess $? echo "Flush the primary key 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? rm -f tmppriv.bin rm -f tmppub.bin ./utils/regtests/testchangeauth.sh0000755000175000017500000000707613070757176015560 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testchangeauth.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Object Change Auth" echo "" for BIND in "" "-bi 80000001 -pwdb sig" do for SESS in "" "-se0 02000000 1" do echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Start an HMAC session ${BIND}" ${PREFIX}startauthsession -se h ${BIND} > run.out checkSuccess $? echo "Object change auth, change password to xxx ${SESS}" ${PREFIX}objectchangeauth -ho 80000001 -pwdo sig -pwdn xxx -hp 80000000 -opr tmppriv.bin ${SESS} > run.out checkSuccess $? echo "Load the signing key with the changed auth ${SESS}" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu signpub.bin -pwdp pps ${SESS} > run.out checkSuccess $? echo "Sign a digest with the original key ${SESS}" ${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig ${SESS} > run.out checkSuccess $? echo "Sign a digest with the changed key" ${PREFIX}sign -hk 80000002 -halg sha1 -if policies/aaa -os sig.bin -pwdk xxx > run.out checkSuccess $? echo "Flush the key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? done done # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 # ${PREFIX}flushcontext -ha 80000001 # ${PREFIX}flushcontext -ha 80000002 # ${PREFIX}flushcontext -ha 02000000 ./utils/regtests/testshutdown.bat0000644000175000017500000002256613055364742015452 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testshutdown.bat 948 2017-02-28 21:21:38Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015, 2017 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "TPM Resume (state/state) - suspend" echo "" echo "PCR 0 Extend" %TPM_EXE_PATH%pcrextend -ha 0 -if policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR 0 Read" %TPM_EXE_PATH%pcrread -ha 0 -of tmp1.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Save the session context" %TPM_EXE_PATH%contextsave -ha 02000001 -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Context save the signing key" %TPM_EXE_PATH%contextsave -ha 80000001 -of tmpsk.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Define index with write stclear, read stclear" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst +at wst > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read lock" %TPM_EXE_PATH%nvreadlock -ha 01000000 -pwdn nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Write lock" %TPM_EXE_PATH%nvwritelock -ha 01000000 -pwdn nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Shutdown state" %TPM_EXE_PATH%shutdown -s > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Power cycle" %TPM_EXE_PATH%powerup > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Startup state" %TPM_EXE_PATH%startup -s > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR 0 Read" %TPM_EXE_PATH%pcrread -ha 0 -of tmp2.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify that PCR 0 is restored" diff tmp1.bin tmp2.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Context load the signing key" %TPM_EXE_PATH%contextload -if tmpsk.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Signing Key Self Certify" %TPM_EXE_PATH%certify -hk 80000000 -ho 80000000 -pwdk sig -pwdo sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Signing Key Self Certify - should fail, signing key missing" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Load the signing key - should fail, primary key missing" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a platform primary storage key" %TPM_EXE_PATH%createprimary -hi p -pwdk pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Signing Key Self Certify - should fail, signing key missing" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Load the signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Signing Key Self Certify - should fail, session missing" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Load the saved session context" %TPM_EXE_PATH%contextload -if tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Signing Key Self Certify" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000001 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write - should fail, still locked" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV read - should fail, still locked" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "TPM Restart (state/clear) - hibernate" echo "" echo "Load the signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Context save the signing key" %TPM_EXE_PATH%contextsave -ha 80000001 -of tmpsk.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Save the session" %TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Shutdown state" %TPM_EXE_PATH%shutdown -s > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Power cycle" %TPM_EXE_PATH%powerup > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Startup clear" %TPM_EXE_PATH%startup -c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the session" %TPM_EXE_PATH%contextload -if tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Context load the signing key" %TPM_EXE_PATH%contextload -if tmpsk.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR 0 Read" %TPM_EXE_PATH%pcrread -ha 0 -halg sha1 -of tmp2.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify that PCR 0 is reset" diff policies/policypcr0.bin tmp2.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV read" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Recreate a platform primary storage key" %TPM_EXE_PATH%createprimary -hi p -pwdk pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "TPM Reset (clear/clear) - cold boot" echo "" echo "Start a session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Save the session" %TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Shutdown clear" %TPM_EXE_PATH%shutdown -c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Power cycle" %TPM_EXE_PATH%powerup > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Startup clear" %TPM_EXE_PATH%startup -c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the session - should fail" %TPM_EXE_PATH%contextload -if tmp.bin > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Recreate a platform primary storage key" %TPM_EXE_PATH%createprimary -hi p -pwdk pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM shutdown removes the session rm h02000000.bin rm tmpsk.bin exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 REM getcapability -cap 1 -pr 01000000 ./utils/regtests/testrng.sh0000755000175000017500000000437013070757176014231 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testrng.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Random Number Generator" echo "" echo "Stir Random" ${PREFIX}stirrandom -if policies/aaa > run.out checkSuccess $? echo "Get Random" ${PREFIX}getrandom -by 64 > run.out checkSuccess $? ./utils/regtests/testchangeseed.sh0000755000175000017500000001242113070757176015525 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testchangeseed.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Change PPS" echo "" echo "Flush the primary key" ${PREFIX}flushcontext -ha 80000000 > run.out checkSuccess $? echo "Change PPS, no password" ${PREFIX}changepps > run.out checkSuccess $? echo "Set platform hierarchy auth" ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out checkSuccess $? echo "Change PPS, bad password" ${PREFIX}changepps > run.out checkFailure $? echo "Change PPS, good password" ${PREFIX}changepps -pwda ppp > run.out checkSuccess $? echo "Clear platform hierarchy auth" ${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out checkSuccess $? echo "Create a primary key - platform hierarchy" ${PREFIX}createprimary -hi p -pwdk 111 > run.out checkSuccess $? echo "Create a storage key under the primary key" ${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out checkSuccess $? echo "Change PPS - flushes primary key" ${PREFIX}changepps > run.out checkSuccess $? echo "Load the storage key under the flushed primary key, should fail" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out checkFailure $? echo "Create a different primary key - new PPS" ${PREFIX}createprimary -hi p -pwdk 111 > run.out checkSuccess $? echo "Load the storage key under the new primary key, should fail" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out checkFailure $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 echo "" echo "Change EPS" echo "" echo "Flush the primary key" ${PREFIX}flushcontext -ha 80000000 > run.out checkSuccess $? echo "Change EPS, no password" ${PREFIX}changeeps > run.out checkSuccess $? echo "Create a primary key - endorsement hierarchy" ${PREFIX}createprimary -hi e -pwdk 111 > run.out checkSuccess $? echo "Create a storage key under the primary key" ${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out checkSuccess $? echo "Change EPS, no password" ${PREFIX}changeeps > run.out checkSuccess $? echo "Load the storage key under the flushed primary key, should fail" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out checkFailure $? echo "Create a different primary key - new EPS" ${PREFIX}createprimary -hi e -pwdk 111 > run.out checkSuccess $? echo "Load the storage key under the new primary key, should fail" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out checkFailure $? echo "Create a storage key under the new primary key" ${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out checkSuccess $? echo "Load the storage key under the new primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 ./utils/regtests/testda.bat0000644000175000017500000001372612640606051014150 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testda.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "DA Logic" echo "" echo "Create an signing key with DA protection" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -da > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set DA recovery time to 0, disables DA" %TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with bad password - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with good password, no lockout" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set DA recovery time to 120 sec, enables DA" %TPM_EXE_PATH%dictionaryattackparameters -nrt 120 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with bad password - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with good password, lockout - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Reset DA lock" %TPM_EXE_PATH%dictionaryattacklockreset > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with good password" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set DA recovery time to 120 sec, enables DA, max tries 2" %TPM_EXE_PATH%dictionaryattackparameters -nrt 120 -nmt 2 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with bad password - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with good password, no lockout yet" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with bad password - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with good password, lockout - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Reset DA lock" %TPM_EXE_PATH%dictionaryattacklockreset > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with good password, no lockout" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set DA recovery time to 0, disables DA" %TPM_EXE_PATH%dictionaryattackparameters -nrt 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Lockout Auth" echo "" echo "Change lockout auth" %TPM_EXE_PATH%hierarchychangeauth -hi l -pwdn lll > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Reset DA lock with good password" %TPM_EXE_PATH%dictionaryattacklockreset -pwd lll IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set DA recovery time to 0 with good password" %TPM_EXE_PATH%dictionaryattackparameters -nrt 0 -pwd lll IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear lockout auth" %TPM_EXE_PATH%hierarchychangeauth -hi l -pwda lll IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set DA recovery time to 0" %TPM_EXE_PATH%dictionaryattackparameters -nrt 0 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Reset DA lock" %TPM_EXE_PATH%dictionaryattacklockreset IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 ./utils/regtests/testhierarchy.sh0000755000175000017500000001627013075663254015421 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testhierarchy.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Hierarchy Change Auth" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Generate a random authorization value" ${PREFIX}getrandom -by 32 -nz -of tmp.bin > run.out checkSuccess $? AUTH=("" "-pwda ppp " "" "-pwdai tmp.bin ") NEWAUTH=("-pwdn ppp " "" "-pwdni tmp.bin " "") CPAUTH=("-pwdp ppp " "" "-pwdpi tmp.bin " "") for ((i = 0 ; i < 4 ; i+=2)) do for SESS in "" "-se0 02000000 1" do echo "Change platform hierarchy auth ${AUTH[i]} ${NEWAUTH[i]} ${SESS}" ${PREFIX}hierarchychangeauth -hi p ${AUTH[i]} ${NEWAUTH[i]} ${SESS} > run.out checkSuccess $? echo "Create a primary storage key - should fail" ${PREFIX}createprimary -hi p -pwdk 111 > run.out checkFailure $? echo "Create a primary storage key ${CPAUTH[i]}" ${PREFIX}createprimary -hi p -pwdk 111 ${CPAUTH[i]} > run.out checkSuccess $? echo "Flush the primary key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Change platform hierarchy auth back to null ${AUTH[i+1]} ${NEWAUTH[i+1]} ${SESS}" ${PREFIX}hierarchychangeauth -hi p ${AUTH[i+1]} ${NEWAUTH[i+1]} ${SESS} > run.out checkSuccess $? echo "Create a primary storage key" ${PREFIX}createprimary -pwdk 111 > run.out checkSuccess $? echo "Flush the primary key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Hierarchy Change Auth with bind" echo "" echo "Change platform hierarchy auth" ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out checkSuccess $? echo "Create a primary storage key - should fail" ${PREFIX}createprimary -hi p -pwdk 111 > run.out checkFailure $? echo "Create a primary storage key" ${PREFIX}createprimary -hi p -pwdk 111 -pwdp ppp > run.out checkSuccess $? echo "Flush the primary key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Start an HMAC auth session, bind to platform hierarchy" ${PREFIX}startauthsession -se h -bi 4000000c -pwdb ppp > run.out checkSuccess $? echo "Change platform hierarchy auth back to null" ${PREFIX}hierarchychangeauth -hi p -pwda ppp -se0 02000000 1 > run.out checkSuccess $? echo "Create a primary storage key" ${PREFIX}createprimary -pwdk 111 > run.out checkSuccess $? echo "Flush the primary key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Hierarchy Control" echo "" echo "Enable the owner hierarchy" ${PREFIX}hierarchycontrol -hi p -he o > run.out checkSuccess $? echo "Change the platform hierarchy password" ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out checkSuccess $? echo "Enable the owner hierarchy - no platform hierarchy password, should fail" ${PREFIX}hierarchycontrol -hi p -he o > run.out checkFailure $? echo "Enable the owner hierarchy using platform hierarchy password" ${PREFIX}hierarchycontrol -hi p -he o -pwda ppp > run.out checkSuccess $? echo "Create a primary key in the owner hierarchy - bad password, should fail" ${PREFIX}createprimary -hi o -pwdp xxx > run.out checkFailure $? echo "Create a primary key in the owner hierarchy" ${PREFIX}createprimary -hi o > run.out checkSuccess $? echo "Disable the owner hierarchy using platform hierarchy password" ${PREFIX}hierarchycontrol -hi p -he o -pwda ppp -state 0 > run.out checkSuccess $? echo "Create a primary key in the owner hierarchy, disabled, should fail" ${PREFIX}createprimary -hi o > run.out checkFailure $? echo "Enable the owner hierarchy using platform hierarchy password" ${PREFIX}hierarchycontrol -hi p -he o -pwda ppp -state 1 > run.out checkSuccess $? echo "Create a primary key in the owner hierarchy" ${PREFIX}createprimary -hi o > run.out checkSuccess $? echo "Remove the platform hierarchy password" ${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out checkSuccess $? echo "Flush the primary key in the owner hierarchy" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Clear" echo "" echo "Set storage hierarchy auth" ${PREFIX}hierarchychangeauth -hi o -pwdn ooo > run.out checkSuccess $? echo "Create a primary key - storage hierarchy" ${PREFIX}createprimary -hi o -pwdp ooo > run.out checkSuccess $? echo "Read the public part" ${PREFIX}readpublic -ho 80000001 > run.out checkSuccess $? echo "ClearControl disable" ${PREFIX}clearcontrol -hi p -state 1 > run.out checkSuccess $? echo "Clear - should fail" ${PREFIX}clear -hi p > run.out checkFailure $? echo "ClearControl enable" ${PREFIX}clearcontrol -hi p -state 0 > run.out checkSuccess $? echo "Clear" ${PREFIX}clear -hi p > run.out checkSuccess $? echo "Read the public part - should fail" ${PREFIX}readpublic -ho 80000001 > run.out checkFailure $? echo "Create a primary key - old owner password should fail" ${PREFIX}createprimary -hi o -pwdp ooo > run.out checkFailure $? echo "Create a primary key" ${PREFIX}createprimary -hi o > run.out checkSuccess $? echo "Flush the primary key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 # cleanup rm -f tmp.bin ./utils/regtests/testclocks.sh0000755000175000017500000000612513070757176014721 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testclocks.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Clocks" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "Read Clock" ${PREFIX}readclock > run.out checkSuccess $? CLOCK=`cat run.out | grep "TPMS_CLOCK_INFO clock" | gawk '{ print $3 }'` echo "Clock set, current time ${SESS} - should fail" ${PREFIX}clockset -time ${CLOCK} ${SESS} > run.out checkFailure $? # increment clock by 20 seconds CLOCK=`expr ${CLOCK} + 200000` echo "Clock set, time plus 20 sec ${SESS}" ${PREFIX}clockset -time ${CLOCK} ${SESS} > run.out checkSuccess $? for ADJ in -3 0 3 do echo "Clock rate adjust ${ADJ} ${SESS}" ${PREFIX}clockrateadjust -adj ${ADJ} ${SESS} > run.out checkSuccess $? done for ADJ in -4 4 do echo "Clock rate adjust ${ADJ} ${SESS} - should fail" ${PREFIX}clockrateadjust -adj ${ADJ} ${SESS} > run.out checkFailure $? done done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? ./utils/regtests/testsalt.bat0000644000175000017500000002060513073751306014526 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testsalt.bat 984 2017-04-13 19:34:30Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Salt Session - Load" echo "" for %%A in ("-rsa" "-ecc nistp256") do ( for %%H in (sha1 sha256 sha384) do ( echo "Create a %%A %%H storage key under the primary key " %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -halg %%H %%~A -deo -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 222 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a salted HMAC auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key using the salt" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "" echo "Salt Session - Load External" echo "" echo "Create a key pair in PEM format using openssl" openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048 > run.out echo "Convert key pair to plaintext DER format" openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out for %%H in (sha1 sha256 sha384) do ( echo "Load the openssl key pair in the NULL hierarchy - %%H" %TPM_EXE_PATH%loadexternal -halg %%H -st -ider tmpkeypair.der > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a salted HMAC auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key using the salt" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "Salt Session - CreatePrimary storage key" echo "" for %%H in (sha1 sha256 sha384) do ( echo "Create a primary storage key - %%H" %TPM_EXE_PATH%createprimary -nalg %%H -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a salted HMAC auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key using the salt" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "Salt Session - CreatePrimary RSA key" echo "" for %%H in (sha1 sha256 sha384) do ( echo "Create a primary RSA key - %%H" %TPM_EXE_PATH%createprimary -nalg %%H -halg %%H -hi p -deo > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a salted HMAC auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary HMAC key using the salt" %TPM_EXE_PATH%createprimary -kh -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the HMAC key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the RSA key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "Salt Session - EvictControl" echo "" echo "Load the storage key" %TPM_EXE_PATH%load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Make the storage key persistent" %TPM_EXE_PATH%evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a salted HMAC auth session" %TPM_EXE_PATH%startauthsession -se h -hs 81800000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key using the salt" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key from transient memory" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key from persistent memory" %TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Salt Session - ContextSave and ContextLoad" echo "" echo "Load the storage key at 80000001" %TPM_EXE_PATH%load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Save context for the key at 80000001" %TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key at 80000001" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load context, new storage key at 80000001" %TPM_EXE_PATH%contextload -if tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a salted HMAC auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key using the salt" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the context loaded key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -f tmpkeypair.pem rm -f tmpkeypair.der exit /B 0 REM getcapability -cap 1 -pr 80000000 ./utils/regtests/testnv.sh0000755000175000017500000004643613070757176014077 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testnv.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "NV" echo "" echo "" echo "NV Ordinary Index" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? NALG=(sha1 sha256 sha384) BADNALG=(sha256 sha384 sha1) for ((i = 0 ; i < 3; i++)) do for SESS in "" "-se0 02000000 1" do echo "NV Define Space ${NALG[$i]}" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -nalg ${NALG[$i]} > run.out checkSuccess $? echo "NV Read Public, unwritten Name bad Name algorithm ${BADNALG[$i]} - should fail" ${PREFIX}nvreadpublic -ha 01000000 -nalg ${BADNALG[$i]} > run.out checkFailure $? echo "NV read - should fail before write ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkFailure $? echo "NV write ${SESS}" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV read ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 -of tmp.bin ${SESS} > run.out checkSuccess $? echo "Verify the read data" diff policies/aaa tmp.bin checkSuccess $? echo "NV read, invalid offset - should fail ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 -off 1 -of tmp.bin ${SESS} > run.out checkFailure $? echo "NV read, invalid size - should fail ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 17 -of tmp.bin ${SESS} > run.out checkFailure $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkSuccess $? done done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "NV Undefine Space again should fail" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkFailure $? echo "NV Define Space out of range - should fail" ${PREFIX}nvdefinespace -hi o -ha 02000000 -pwdn nnn -sz 16 > run.out checkFailure $? echo "" echo "NV Set Bits Index" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "NV Define Space" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty b > run.out checkSuccess $? echo "NV read - should fail before write ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkFailure $? echo "Set bits 0, 16, 32, 48 ${SESS}" ${PREFIX}nvsetbits -ha 01000000 -pwdn nnn -bit 0 -bit 16 -bit 32 -bit 48 ${SESS} > run.out checkSuccess $? echo "Read the set bits ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin ${SESS} > run.out checkSuccess $? echo "Verify the read data" diff policies/bits48321601.bin tmp.bin checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "NV Counter Index" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "NV Define Space" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty c > run.out checkSuccess $? echo "NV Read Public, unwritten Name" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "Read the count - should fail before write ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin ${SESS} > run.out checkFailure $? echo "Increment the count ${SESS}" ${PREFIX}nvincrement -ha 01000000 -pwdn nnn ${SESS} > run.out checkSuccess $? echo "Read the count ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 -of tmp.bin ${SESS} > run.out checkSuccess $? # FIXME need some way to verify the count echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "NV Extend Index" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do SZ=(20 32 48) HALG=(sha1 sha256 sha384) for ((i = 0 ; i < 3; i++)) do echo "NV Define Space ${HALG[$i]}" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -ty e -nalg ${HALG[$i]} > run.out checkSuccess $? echo "NV Read Public ${HALG[$i]}" ${PREFIX}nvreadpublic -ha 01000000 -nalg ${HALG[$i]} > run.out checkSuccess $? echo "NV read, unwritten Name - should fail before write ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 32 -of tmp.bin ${SESS} > run.out checkFailure $? echo "NV extend ${SESS}" ${PREFIX}nvextend -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV read size ${SZ[$i]} ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz ${SZ[$i]} -of tmp.bin ${SESS} > run.out checkSuccess $? echo "Verify the read data ${HALG[$i]}" diff policies/${HALG[$i]}extaaa.bin tmp.bin checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkSuccess $? done done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 # getcapability -cap 1 -pr 01000000 echo "" echo "NV Owner auth" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "Set owner auth ${SESS}" ${PREFIX}hierarchychangeauth -hi o -pwdn ooo ${SESS} > run.out checkSuccess $? echo "Define an NV index with owner auth ${SESS}" ${PREFIX}nvdefinespace -hi o -hia o -ha 01000000 -pwdp ooo ${SESS} > run.out checkSuccess $? echo "NV Read public, get Name, not written" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV write with NV password ${SESS} - should fail" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn ${SESS}> run.out checkFailure $? echo "NV write with owner password ${SESS}" ${PREFIX}nvwrite -ha 01000000 -hia o -pwdn ooo ${SESS}> run.out checkSuccess $? echo "NV read with NV password ${SESS} - should fail" ${PREFIX}nvread -ha 01000000 ${SESS} -pwdn nnn > run.out checkFailure $? echo "NV read with owner password ${SESS}" ${PREFIX}nvread -ha 01000000 -hia o -pwdn ooo ${SESS} > run.out checkSuccess $? echo "NV Undefine authorizing index ${SESS}" ${PREFIX}nvundefinespace -hi o -ha 01000000 -pwdp ooo ${SESS} > run.out checkSuccess $? echo "Clear owner auth ${SESS}" ${PREFIX}hierarchychangeauth -hi o -pwda ooo ${SESS} > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 # getcapability -cap 1 -pr 01000000 echo "" echo "NV Platform auth" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "Set platform auth ${SESS}" ${PREFIX}hierarchychangeauth -hi p -pwdn ppp ${SESS}> run.out checkSuccess $? echo "Define an NV index with platform auth ${SESS}" ${PREFIX}nvdefinespace -hi p -hia p -ha 01000000 -pwdp ppp ${SESS} > run.out checkSuccess $? echo "NV Read public, get Name, not written" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV write with NV password ${SESS} - should fail" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn ${SESS} > run.out checkFailure $? echo "NV write with platform password ${SESS}" ${PREFIX}nvwrite -ha 01000000 -hia p -pwdn ppp ${SESS} > run.out checkSuccess $? echo "NV read with NV password ${SESS} - should fail" ${PREFIX}nvread -ha 01000000 -pwdn nnn ${SESS} > run.out checkFailure $? echo "NV write with platform password ${SESS}" ${PREFIX}nvread -ha 01000000 -hia p -pwdn ppp ${SESS} > run.out checkSuccess $? echo "NV Undefine authorizing index ${SESS}" ${PREFIX}nvundefinespace -hi p -ha 01000000 -pwdp ppp ${SESS} > run.out checkSuccess $? echo "Clear platform auth ${SESS}" ${PREFIX}hierarchychangeauth -hi p -pwda ppp ${SESS} > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Write Lock" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "NV Define Space with write define" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at wd > run.out checkSuccess $? echo "NV Read Public, unwritten Name" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV write ${SESS}" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV read ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkSuccess $? echo "Write lock ${SESS}" ${PREFIX}nvwritelock -ha 01000000 -pwdn nnn ${SESS} > run.out checkSuccess $? echo "NV write ${SESS} - should fail" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkFailure $? echo "NV read ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Read Lock" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "NV Define Space with read stclear" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst > run.out checkSuccess $? echo "NV Read Public, unwritten Name" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV write ${SESS}" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV read ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkSuccess $? echo "Read lock ${SESS}" ${PREFIX}nvreadlock -ha 01000000 -pwdn nnn ${SESS} > run.out checkSuccess $? echo "NV write ${SESS}" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV read ${SESS} - should fail" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkFailure $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Global Lock" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "NV Define Space 01000000 with global lock" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at gl > run.out checkSuccess $? echo "NV Define Space 01000001 with global lock" ${PREFIX}nvdefinespace -hi o -ha 01000001 -pwdn nnn -sz 16 +at gl > run.out checkSuccess $? echo "NV write 01000000 ${SESS}" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV write 01000001 ${SESS}" ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV global lock" ${PREFIX}nvglobalwritelock -hia p checkSuccess $? echo "NV Read Public, 01000000, locked" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV Read Public, 01000001, locked" ${PREFIX}nvreadpublic -ha 01000001 > run.out checkSuccess $? echo "NV write 01000000 ${SESS} - should fail" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkFailure $? echo "NV write 01000001 ${SESS} - should fail" ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -if policies/aaa ${SESS} > run.out checkFailure $? echo "NV read 01000000 ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkSuccess $? echo "NV read 01000001 ${SESS}" ${PREFIX}nvread -ha 01000001 -pwdn nnn -sz 16 ${SESS} > run.out checkSuccess $? echo "NV Undefine Space 01000000" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "NV Undefine Space 01000001" ${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? # policy is policycommandcode + policyauthvalue # aa 83 a5 98 d9 3a 56 c9 ca 6f ea 7c 3f fc 4e 10 # 63 57 ff 6d 93 e1 1a 9b 4a c2 b6 aa e1 2b a0 de echo "NV Define Space with POLICY_DELETE and no policy - should fail" ${PREFIX}nvdefinespace -hi o -ha 01000000 +at pold > run.out checkFailure $? echo "" echo "NV Change Authorization" echo "" echo "Start an HMAC session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "NV Define Space 0100000" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out checkSuccess $? echo "NV Read Public, unwritten Name" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV write ${SESS}" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV read ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 ${SESS} > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy command code" ${PREFIX}policycommandcode -ha 03000001 -cc 0000013b checkSuccess $? echo "Policy authvalue" ${PREFIX}policyauthvalue -ha 03000001 checkSuccess $? echo "NV Change authorization" ${PREFIX}nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out checkSuccess $? echo "NV write ${SESS}, old auth - should fail" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa ${SESS} > run.out checkFailure $? echo "NV read ${SESS}, old auth - should fail" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 ${SESS} > run.out checkFailure $? echo "NV write ${SESS}" ${PREFIX}nvwrite -ha 01000000 -pwdn xxx -if policies/aaa ${SESS} > run.out checkSuccess $? echo "NV read ${SESS}" ${PREFIX}nvread -ha 01000000 -pwdn xxx -sz 3 ${SESS} > run.out checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "Flush the auth session" ${PREFIX}flushcontext -ha 03000001 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "NV Change Authorization with bind" echo "" echo "NV Define Space 0100000" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 -pol policies/policyccnvchangeauth-auth.bin > run.out checkSuccess $? echo "Start an HMAC session, bind to NV index" ${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy command code" ${PREFIX}policycommandcode -ha 03000001 -cc 0000013b checkSuccess $? echo "Policy authvalue" ${PREFIX}policyauthvalue -ha 03000001 checkSuccess $? echo "NV Change authorization" ${PREFIX}nvchangeauth -ha 01000000 -pwdo nnn -pwdn xxx -se0 03000001 1 > run.out checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "Flush the auth session" ${PREFIX}flushcontext -ha 03000001 > run.out checkSuccess $? echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "NV Undefine space special" echo "" # policy is policy command code + policy password echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? for POL in "policyauthvalue" "policypassword" do echo "NV Define Space 0100000" ${PREFIX}nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 +at pold -pol policies/policyccundefinespacespecial-auth.bin > run.out checkSuccess $? echo "Undefine space special - should fail" ${PREFIX}nvundefinespacespecial -ha 01000000 -pwdn nnn > run.out checkFailure $? echo "Undefine space special - should fail" ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out checkFailure $? echo "Policy command code, NV undefine space special" ${PREFIX}policycommandcode -ha 03000000 -cc 11f > run.out checkSuccess $? echo "Undefine space special - should fail" ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out checkFailure $? echo "Policy ${POL}" ${PREFIX}${POL} -ha 03000000 > run.out checkSuccess $? echo "Undefine space special" ${PREFIX}nvundefinespacespecial -ha 01000000 -se0 03000000 1 -pwdn nnn > run.out checkSuccess $? done echo "Flush the session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 # ${PREFIX}getcapability -cap 1 -pr 01000000 ./utils/regtests/testaes.sh0000755000175000017500000001035013070757176014206 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testaes.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "AES symmetric key" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "Load the symmetric cipher key under the primary key ${SESS}" ${PREFIX}load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp pps ${SESS} > run.out checkSuccess $? echo "Encrypt using the symmetric cipher key ${SESS}" ${PREFIX}encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Decrypt using the symmetric cipher key ${SESS}" ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Verify the decrypt result" diff msg.bin dec.bin checkSuccess $? echo "Encrypt using the symmetric cipher key 0 length message ${SESS}" ${PREFIX}encryptdecrypt -hk 80000001 -if zero.bin -of enc.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Decrypt using the symmetric cipher key ${SESS}" ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Verify the decrypt result" diff zero.bin dec.bin checkSuccess $? echo "Flush the symmetric cipher key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Create a primary symmetric cipher key ${SESS}" ${PREFIX}createprimary -des -pwdk aesp ${SESS} > run.out checkSuccess $? echo "Encrypt using the symmetric cipher primary key ${SESS}" ${PREFIX}encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp ${SESS}> run.out checkSuccess $? echo "Decrypt using the symmetric cipher primary key ${SESS}" ${PREFIX}encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp ${SESS}> run.out checkSuccess $? echo "Verify the decrypt result" diff msg.bin dec.bin checkSuccess $? echo "Flush the symmetric cipher key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testsign.sh0000755000175000017500000002311713075666323014401 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testsign.sh 991 2017-04-19 13:57:39Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "RSA Signing key" echo "" # loop over unrestricted hash algorithms echo "Load the RSA signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Create a key pair in PEM format using openssl" openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048 > run.out echo "Convert key pair to plaintext DER format" openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out for HALG in sha1 sha256 sha384 do echo "Sign a digest - $HALG" ${PREFIX}sign -hk 80000001 -halg $HALG -if policies/aaa -os sig.bin -pwdk sig -ipu signpub.bin > run.out checkSuccess $? echo "Verify the signature using the TPM - $HALG" ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Verify the signature using PEM - $HALG" ${PREFIX}verifysignature -ipem signpub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Read the public part" ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out checkSuccess $? echo "Verify the signature using readpublic PEM - $HALG" ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Load the openssl key pair in the NULL hierarchy - $HALG" ${PREFIX}loadexternal -halg $HALG -ider tmpkeypair.der > run.out checkSuccess $? echo "Use the TPM as a crypto coprocessor to sign - $HALG" ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os sig.bin > run.out checkSuccess $? echo "Verify the signature - $HALG" ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Flush the openssl signing key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? done echo "Flush the RSA signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "ECC Signing key" echo "" echo "Load the ECC signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp pps > run.out checkSuccess $? for HALG in sha1 sha256 sha384 do echo "Sign a digest - $HALG" ${PREFIX}sign -hk 80000001 -halg $HALG -ecc -if policies/aaa -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Verify the ECC signature using the TPM - $HALG" ${PREFIX}verifysignature -hk 80000001 -halg $HALG -ecc -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Verify the signature using PEM - $HALG" ${PREFIX}verifysignature -ipem signeccpub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Read the public part" ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out checkSuccess $? echo "Verify the signature using readpublic PEM - $HALG" ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? done echo "Flush the ECC signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Primary RSA Signing Key" echo "" # primary signing key 80000001 echo "Create primary signing key - RSA" ${PREFIX}createprimary -si -opu tmppub.bin -opem tmppub.pem -pwdk sig > run.out checkSuccess $? for HALG in sha1 sha256 sha384 do echo "Sign a digest - $HALG" ${PREFIX}sign -hk 80000001 -halg $HALG -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out checkSuccess $? echo "Verify the signature - $HALG" ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Verify the signature using PEM - $HALG" ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Read the public part" ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out checkSuccess $? echo "Verify the signature using readpublic PEM - $HALG" ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? done echo "Flush the primary signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Primary ECC Signing Key" echo "" echo "Create primary signing key - ECC" ${PREFIX}createprimary -si -opu tmppub.bin -opem tmppub.pem -ecc nistp256 -pwdk sig > run.out checkSuccess $? for HALG in sha1 sha256 sha384 do echo "Sign a digest - $HALG" ${PREFIX}sign -hk 80000001 -halg $HALG -ecc -if policies/aaa -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Verify the signature - $HALG" ${PREFIX}verifysignature -hk 80000001 -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Verify the signature using PEM - $HALG" ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Read the public part" ${PREFIX}readpublic -ho 80000001 -opem tmppub.pem > run.out checkSuccess $? echo "Verify the signature using readpublic PEM - $HALG" ${PREFIX}verifysignature -ipem tmppub.pem -halg $HALG -if policies/aaa -is sig.bin > run.out checkSuccess $? done echo "Flush the primary signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Restricted Signing Key" echo "" echo "Create primary signing key - restricted" ${PREFIX}createprimary -sir -opu tmppub.bin -pwdk sig > run.out checkSuccess $? echo "Sign a digest - SHA256 - should fail TPM_RC_TICKET" ${PREFIX}sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out checkFailure $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "External Verification Key" echo "" # create rsaprivkey.pem # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 # extract the public key # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem # sign a test message msg.bin # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin echo "Load external just the public part of PEM RSA" ${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out checkSuccess $? echo "Sign a test message with openssl RSA" openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin echo "Verify the RSA signature" ${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # generate the p256 key # > openssl ecparam -name prime256v1 -genkey -noout -out p256privkey.pem # extract public key # > openssl pkey -inform pem -outform pem -in p256privkey.pem -pubout -out p256pubkey.pem echo "Load external just the public part of PEM ECC" ${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/p256pubkey.pem -ecc > run.out checkSuccess $? echo "Sign a test message with openssl ECC" openssl dgst -sha1 -sign policies/p256privkey.pem -out pssig.bin msg.bin echo "Verify the ECC signature" ${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw -ecc > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? rm -f tmpkeypair.pem rm -f tmpkeypair.der rm -f signpub.pem rm -r pssig.bin rm -r tmppub.bin rm -r tmppub.pem # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testaes138.bat0000644000175000017500000001156313011446307014564 0ustar lo1lo1REM ################################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testaes.sh 714 2016-08-11 21:46:03Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015, 2016 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "AES symmetric key" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "Load the symmetric cipher key under the primary key %%~S" %TPM_EXE_PATH%load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp pps %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Encrypt using the symmetric cipher key %%~S" %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Decrypt using the symmetric cipher key %%~S" %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the decrypt result" diff msg.bin dec.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Encrypt using the symmetric cipher key 0 length message %%~S" %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if zero.bin -of enc.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Decrypt using the symmetric cipher key %%~S" %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the decrypt result" diff zero.bin dec.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the symmetric cipher key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary symmetric cipher key %%~S" %TPM_EXE_PATH%createprimary -des -pwdk aesp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Encrypt using the symmetric cipher primary key %%~S" %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp %%~S> run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Decrypt using the symmetric cipher primary key %%~S" %TPM_EXE_PATH%encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp %%~S> run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the decrypt result" diff msg.bin dec.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the symmetric cipher key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 ./utils/regtests/testcreateloaded.sh0000755000175000017500000001426413075663254016060 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testcreateloaded.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "CreateLoaded" echo "" echo "" echo "CreateLoaded Primary Key" echo "" for HIER in "40000001" "4000000c" "4000000b" do echo "CreateLoaded primary key, parent ${HIER}" ${PREFIX}createloaded -hp ${HIER} -st -kt f -kt p -pwdk ppp > run.out checkSuccess $? echo "Create a storage key under the primary key" ${PREFIX}create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Load the storage key under the primary key - should fail" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out checkFailure $? echo "CreateLoaded recreate owner primary key" ${PREFIX}createloaded -hp ${HIER} -st -kt f -kt p -pwdk ppp > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done echo "" echo "CreateLoaded Child Key" echo "" echo "CreateLoaded child storage key at 80000001, parent 80000000" ${PREFIX}createloaded -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk ppp -opu tmpppub.bin -opr tmpppriv.bin > run.out checkSuccess $? echo "Create a signing key under the child storage key 80000001" ${PREFIX}create -hp 80000001 -si -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out checkSuccess $? echo "Load the signing key at 80000002 under the child storage key 80000001" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out checkSuccess $? echo "Flush the child storage key 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the child signing key 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Reload the createloaded child storage key at 80000001, parent 80000000" ${PREFIX}load -hp 80000000 -ipr tmpppriv.bin -ipu tmpppub.bin -pwdp pps > run.out checkSuccess $? echo "Reload the child signing key at 80000002 under the child storage key 80000001" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out checkSuccess $? echo "Flush the child storage key 80000002 " ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the child signing key 80000001 " ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "CreateLoaded Derived Key" echo "" echo "Create a derivation parent under the primary key" ${PREFIX}create -hp 80000000 -dp -opr tmpdppriv.bin -opu tmpdppub.bin -pwdp pps -pwdk dp > run.out checkSuccess $? echo "Load the derivation parent to 80000001" ${PREFIX}load -hp 80000000 -ipr tmpdppriv.bin -ipu tmpdppub.bin -pwdp pps > run.out checkSuccess $? echo "Create an EC signing key 80000002 under the derivation parent key" ${PREFIX}createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -opem tmppub.pem -pwdp dp -ecc nistp256 > run.out checkSuccess $? echo "Sign a digest" ${PREFIX}sign -hk 80000002 -halg sha256 -ecc -if policies/aaa -os sig.bin > run.out checkSuccess $? echo "Verify the ECC signature using the TPM" ${PREFIX}verifysignature -hk 80000002 -halg sha256 -ecc -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Verify the signature using PEM" ${PREFIX}verifysignature -ipem tmppub.pem -halg sha256 -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Flush the signing key 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the derivation parent" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? rm -f tmpppriv.bin rm -f tmpppub.bin rm -f tmpppub.pem rm -f tmpdppriv.bin rm -f tmpdppub.bin ./utils/regtests/testcredential.bat0000644000175000017500000001072612641074443015700 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testcredential.sh 328 2015-06-09 18:26:00Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# REM REM # primary key 80000000 REM # storage key 80000001 REM # signing key 80000002 REM # policy session 03000000 REM # e5 87 c1 1a b5 0f 9d 87 30 f7 21 e3 fe a4 2b 46 REM # c0 45 5b 24 6f 96 ae e8 5d 18 eb 3b e6 4d 66 6a setlocal enableDelayedExpansion echo "" echo "Credential" echo "" echo "Use a random number as the credential input" %TPM_EXE_PATH%getrandom -by 32 -of tmpcredin.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key, 80000001" %TPM_EXE_PATH%load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a restricted signing key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -sir -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp pps -pwdk sig -pol policies/policyccactivate.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key, 80000002" %TPM_EXE_PATH%load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Encrypt the credential using makecredential" %TPM_EXE_PATH%makecredential -ha 80000001 -icred tmpcredin.bin -in h80000002.bin -ocred tmpcredenc.bin -os tmpsecret.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - activatecredential" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 00000147 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Activate credential" %TPM_EXE_PATH%activatecredential -ha 80000002 -hk 80000001 -icred tmpcredenc.bin -is tmpsecret.bin -pwdk sto -ocred tmpcreddec.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Check the decrypted result" diff tmpcredin.bin tmpcreddec.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm tmprpub.bin rm tmprpriv.bin rm tmpcredin.bin rm tmpcredenc.bin rm tmpcreddec.bin rm tmpsecret.bin REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 exit /B 0 ./utils/regtests/testecc.sh0000755000175000017500000001473513075212665014175 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testecc.sh 988 2017-04-17 19:21:25Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "ECC Ephemeral" echo "" echo "" echo "ECC Parameters and Ephemeral" echo "" for CURVE in "bnp256" "nistp256" "nistp384" do echo "ECC Parameters for curve ${CURVE}" ${PREFIX}eccparameters -cv ${CURVE} > run.out checkSuccess $? for ATTR in "-si" "-sir" do echo "Create ${ATTR} for curve ${CURVE}" ${PREFIX}create -hp 80000000 -pwdp pps ${ATTR} -ecc ${CURVE} > run.out checkSuccess $? done echo "EC Ephemeral for curve ${CURVE}" ${PREFIX}ecephemeral -ecc ${CURVE} > run.out checkSuccess $? done echo "" echo "ECC Commit" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for KEYTYPE in "-dau" "-dar" do for SESS in "" "-se0 02000000 1" do echo "Create a $KEYTYPE ECDAA signing key under the primary key" ${PREFIX}create -hp 80000000 -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp pps -pwdk siga > run.out checkSuccess $? echo "Load the signing key 80000001 under the primary key 80000000" ${PREFIX}load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp pps > run.out checkSuccess $? #${PREFIX}getcapability -cap 1 -pr 80000001 # The trick with commit is first use - empty ECC point and no s2 and y2 parameters # which means no P1, no s2 and no y2. # and output the result and get the efile.bin # feed back the point in efile.bin as the new p1 because it is on the curve. # There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. # example of normal command # ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -pwdk siga > run.out # checkSuccess $? echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}" ${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out checkSuccess $? # We have a point on the curve - in efile.bin. Use E as P1 and feed it back in # All this does is simulate the commit that the FIDO alliance wants to # use in its TPM Join operation. echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}" ${PREFIX}commit -hk 80000001 -pt efile.bin -Ef efile.bin -pwdk siga ${SESS} > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done done for KEYTYPE in "-dau" "-dar" do for SESS in "" "-se0 02000000 1" do echo "Create a $KEYTYPE ECDAA signing primary key" ${PREFIX}createprimary -ecc bnp256 $KEYTYPE -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out checkSuccess $? #${PREFIX}getcapability -cap 1 -pr 80000001 # The trick with commit is first use - empty ECC point and no s2 and y2 parameters # which means no P1, no s2 and no y2. # and output the result and get the efile.bin # feed back the point in efile.bin as the new p1 because it is on the curve. # There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. # example of normal command # ${PREFIX}commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -pwdk siga > run.out # checkSuccess $? echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point ${SESS}" ${PREFIX}commit -hk 80000001 -Ef efile.bin -pwdk siga ${SESS} > run.out checkSuccess $? # We have a point on the curve - in efile.bin. Use E as P1 and feed it back in # All this does is simulate the commit that the FIDO alliance wants to # use in its TPM Join operation. echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point ${SESS}" ${PREFIX}commit -hk 80000001 -pt efile.bin -Ef efile.bin -pwdk siga ${SESS} > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done done echo "Flush the session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? rm -rf efile.bin rm -rf tmprpub.bin rm -rf tmprpriv.bin # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testhmacsession.bat0000644000175000017500000000766513105360404016101 0ustar lo1lo1REM ############################################################################# REM # REM TPM2 regression test # REM Written by Ken Goldman # REM IBM Thomas J. Watson Research Center # REM $Id: testhmacsession.bat 1008 2017-05-12 16:21:24Z kgoldman $ # REM # REM (c) Copyright IBM Corporation 2015, 2017 # REM # REM All rights reserved. # REM # REM Redistribution and use in source and binary forms, with or without # REM modification, are permitted provided that the following conditions are # REM met: # REM # REM Redistributions of source code must retain the above copyright notice, # REM this list of conditions and the following disclaimer. # REM # REM Redistributions in binary form must reproduce the above copyright # REM notice, this list of conditions and the following disclaimer in the # REM documentation and/or other materials provided with the distribution. # REM # REM Neither the names of the IBM Corporation nor the names of its # REM contributors may be used to endorse or promote products derived from # REM this software without specific prior written permission. # REM # REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "HMAC Session" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key - continue true" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk sto -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key - continue false" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk sto -se0 02000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key - should fail" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk sto -se0 02000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "" echo "User with Auth Clear" echo "" echo "Create a signing key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -uwa -opr tmppriv.bin -opu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - should fail with HMAC session" %TPM_EXE_PATH%sign -hk 80000001 -if policies/aaa -se0 02000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the session, not flushed on failure" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0./utils/regtests/initkeys.sh0000755000175000017500000001116413075475774014407 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: initkeys.sh 989 2017-04-18 20:50:04Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo -n "1234567890123456" > msg.bin touch zero.bin # try to undefine any NV index left over from a previous test. Do not check for errors. ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out ${PREFIX}nvundefinespace -hi p -ha 01000000 -pwdp ppp > run.out ${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out # same for persistent objects ${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out echo "" echo "Initialize Regression Test Keys" echo "" echo "Create a platform primary storage key" ${PREFIX}createprimary -hi p -pwdk pps -tk pritk.bin -ch prich.bin > run.out checkSuccess $? echo "Create an RSA storage key under the primary key" ${PREFIX}create -hp 80000000 -st -kt f -kt p -opr storepriv.bin -opu storepub.bin -tk stotk.bin -ch stoch.bin -pwdp pps -pwdk sto > run.out checkSuccess $? echo "Create an ECC storage key under the primary key" ${PREFIX}create -hp 80000000 -ecc nistp256 -st -kt f -kt p -opr storeeccpriv.bin -opu storeeccpub.bin -pwdp pps -pwdk sto > run.out checkSuccess $? echo "Create an unrestricted RSA signing key under the primary key" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr signpriv.bin -opu signpub.bin -opem signpub.pem -pwdp pps -pwdk sig > run.out checkSuccess $? echo "Create an unrestricted ECC signing key under the primary key" ${PREFIX}create -hp 80000000 -ecc nistp256 -si -kt f -kt p -opr signeccpriv.bin -opu signeccpub.bin -opem signeccpub.pem -pwdp pps -pwdk sig > run.out checkSuccess $? echo "Create a restricted RSA signing key under the primary key" ${PREFIX}create -hp 80000000 -sir -kt f -kt p -opr signrpriv.bin -opu signrpub.bin -opem signrpub.pem -pwdp pps -pwdk sig > run.out checkSuccess $? echo "Create an RSA decryption key under the primary key" ${PREFIX}create -hp 80000000 -den -kt f -kt p -opr derpriv.bin -opu derpub.bin -pwdp pps -pwdk dec > run.out checkSuccess $? echo "Create a symmetric cipher key under the primary key" ${PREFIX}create -hp 80000000 -des -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp pps -pwdk aes > run.out RC=$? checkWarning $RC "Symmetric cipher key may not support sign attribute" if [ $RC -ne 0 ]; then echo "Create a rev 116 symmetric cipher key under the primary key" ${PREFIX}create -hp 80000000 -des -116 -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp pps -pwdk aes > run.out checkSuccess $? fi for HALG in sha1 sha256 sha384 do echo "Create a ${HALG} keyed hash key under the primary key" ${PREFIX}create -hp 80000000 -kh -kt f -kt p -opr khpriv${HALG}.bin -opu khpub${HALG}.bin -pwdp pps -pwdk khk -halg ${HALG} > run.out checkSuccess $? done exit ${WARN} ./utils/regtests/testrng.bat0000644000175000017500000000467712640606051014357 0ustar lo1lo1REM ############################################################################# REM # REM TPM2 regression test # REM Written by Ken Goldman # REM IBM Thomas J. Watson Research Center # REM $Id: testrng.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # REM (c) Copyright IBM Corporation 2015 # REM # REM All rights reserved. # REM # REM Redistribution and use in source and binary forms, with or without # REM modification, are permitted provided that the following conditions are # REM met: # REM # REM Redistributions of source code must retain the above copyright notice, # REM this list of conditions and the following disclaimer. # REM # REM Redistributions in binary form must reproduce the above copyright # REM notice, this list of conditions and the following disclaimer in the # REM documentation and/or other materials provided with the distribution. # REM # REM Neither the names of the IBM Corporation nor the names of its # REM contributors may be used to endorse or promote products derived from # REM this software without specific prior written permission. # REM # REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Random Number Generator" echo "" echo "Stir Random" %TPM_EXE_PATH%stirrandom -if policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get Random" %TPM_EXE_PATH%getrandom -by 64 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 ./utils/regtests/testunseal.sh0000755000175000017500000001470513075663254014733 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testunseal.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Seal and Unseal to Password" echo "" echo "Create a sealed data object" ${PREFIX}create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sea -if msg.bin > run.out checkSuccess $? echo "Load the sealed data object" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Unseal the data blob" ${PREFIX}unseal -ha 80000001 -pwd sea -of tmp.bin > run.out checkSuccess $? echo "Verify the unsealed result" diff msg.bin tmp.bin > run.out checkSuccess $? echo "Unseal with bad password - should fail" ${PREFIX}unseal -ha 80000001 -pwd xxx > run.out checkFailure $? echo "Flush the sealed object" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Create a primary sealed data object" ${PREFIX}createprimary -bl -kt f -kt p -pwdk seap -if msg.bin > run.out checkSuccess $? echo "Unseal the primary data blob" ${PREFIX}unseal -ha 80000001 -pwd seap -of tmp.bin > run.out checkSuccess $? echo "Verify the unsealed result" diff msg.bin tmp.bin checkSuccess $? echo "Flush the primary sealed object" ${PREFIX}flushcontext -ha 80000001 checkSuccess $? # SHA-1 # extend of aaa + 0 pad to digest length # 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 # 98 1a a0 a0 # paste that with no white space to file policypcr16aaasha1.txt # create AND term for policy PCR, PCR 16 # > policymakerpcr -halg sha1 -bm 10000 -if policies/policypcr16aaasha1.txt -v -pr -of policies/policypcr.txt # 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d # convert to binary policy # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr16aaasha1.bin -pr -v # 12 b6 dd 16 43 82 ca e4 5d 0e d0 7f 9e 51 d1 63 # a4 24 f5 f2 # SHA-256 # extend of aaa + 0 pad to digest length # c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 # 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb # paste that with no white space to file policypcr16aaasha256.txt # create AND term for policy PCR, PCR 16 # > policymakerpcr -bm 10000 -if policies/policypcr16aaasha256.txt -v -pr -of policies/policypcr.txt # 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13 # convert to binary policy # > policymaker -if policies/policypcr.txt -of policies/policypcr16aaasha256.bin -pr -v # 76 44 f6 11 ea 10 d7 60 da b9 36 c3 95 1e 1d 85 # ec db 84 ce 9a 79 03 dd e1 c7 e0 a2 d9 09 a0 13 # sealed blob 80000001 # policy session 03000000 echo "" echo "Seal and Unseal to PCRs" echo "" for HALG in "sha1" "sha256" do echo "Create a sealed data object ${HALG}" ${PREFIX}create -hp 80000000 -nalg ${HALG} -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sea -if msg.bin -pol policies/policypcr16aaa${HALG}.bin > run.out checkSuccess $? echo "Load the sealed data object" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session ${HALG}" ${PREFIX}startauthsession -se p -halg ${HALG} > run.out checkSuccess $? echo "PCR 16 Reset" ${PREFIX}pcrreset -ha 16 > run.out checkSuccess $? echo "Unseal the data blob - policy failure, policypcr not run" ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out checkFailure $? echo "Policy PCR, update with the wrong PCR 16 value" ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 10000 > run.out checkSuccess $? echo "Unseal the data blob - policy failure, PCR 16 incorrect" ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out checkFailure $? echo "Extend PCR 16 to correct value" ${PREFIX}pcrextend -halg ${HALG} -ha 16 -if policies/aaa checkSuccess $? echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Policy PCR, update with the correct PCR 16 value" ${PREFIX}policypcr -halg ${HALG} -ha 03000000 -bm 10000 > run.out checkSuccess $? echo "Unseal the data blob" ${PREFIX}unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out checkSuccess $? echo "Verify the unsealed result" diff msg.bin tmp.bin > run.out checkSuccess $? echo "Flush the sealed object" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? done # ${PREFIX}getcapability -cap 1 -pr 80000000 ./utils/regtests/testattest.sh0000755000175000017500000002246513070757176014754 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testattest.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Attestation" echo "" # 80000001 RSA signing key # 80000002 ECC signing key echo "Load the RSA signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Load the ECC signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp pps > run.out checkSuccess $? echo "NV Define Space" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out checkSuccess $? echo "NV Read Public, unwritten Name" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV write" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out checkSuccess $? echo "Start an HMAC session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do for HALG in sha1 sha256 sha384 do for SALG in rsa ecc do if [ ${SALG} == rsa ]; then HANDLE=80000001 else HANDLE=80000002 fi echo "Signing Key Self Certify ${HALG} ${SALG} ${SESS}" ${PREFIX}certify -hk ${HANDLE} -ho 80000001 -halg ${HALG} -pwdk sig -pwdo sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out checkSuccess $? echo "Verify the ${SALG} signature ${HALG}" ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "Quote ${HALG} ${SALG} ${SALG} ${SESS}" ${PREFIX}quote -hp 0 -hk ${HANDLE} -halg ${HALG} -palg ${HALG} -pwdk sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out checkSuccess $? echo "Verify the ${SALG} signature ${HALG}" ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "Get Time ${HALG} ${SALG} ${SESS}" ${PREFIX}gettime -hk ${HANDLE} -halg ${HALG} -pwdk sig ${SESS} -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out checkSuccess $? echo "Verify the ${SALG} signature ${HALG}" ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "NV Certify ${HALG} ${SALG} ${SESS}" ${PREFIX}nvcertify -ha 01000000 -pwdn nnn -hk ${HANDLE} -pwdk sig -halg ${HALG} -sz 16 ${SESS} -os sig.bin -oa tmp.bin -salg ${SALG} > run.out checkSuccess $? echo "Verify the ${SALG} signature ${HALG}" ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "Get command audit digest ${HALG} ${SALG} ${SESS}" ${PREFIX}getcommandauditdigest -hk ${HANDLE} -halg ${HALG} ${SESS} -pwdk sig -os sig.bin -oa tmp.bin -qd policies/aaa -salg ${SALG} > run.out checkSuccess $? echo "Verify the ${SALG} signature ${HALG}" ${PREFIX}verifysignature -hk ${HANDLE} -halg ${HALG} -if tmp.bin -is sig.bin > run.out checkSuccess $? done done done echo "Flush the RSA attestation key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the ECC attestation key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkSuccess $? echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Audit" echo "" # 80000001 signing key # 02000000 hmac and audit session echo "" echo "Audit with one session" echo "" echo "Load the audit signing key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? for BIND in "" "-bi 80000001 -pwdb sig" do for HALG in sha1 sha256 sha384 do echo "Start an HMAC auth session ${HALG} ${BIND}" ${PREFIX}startauthsession -se h -halg ${HALG} ${BIND} > run.out checkSuccess $? echo "Sign a digest ${HALG}" ${PREFIX}sign -hk 80000001 -halg ${HALG} -if policies/aaa -os sig.bin -pwdk sig -ipu signpub.bin -se0 02000000 81 > run.out checkSuccess $? echo "Sign a digest ${HALG}" ${PREFIX}sign -hk 80000001 -halg ${HALG} -if policies/aaa -os sig.bin -pwdk sig -se0 02000000 81 -ipu signpub.bin > run.out checkWarning $? "Interaction between bind and audit session response HMAC may not be fixed" echo "Get Session Audit Digest ${HALG}" ${PREFIX}getsessionauditdigest -hs 02000000 -hk 80000001 -pwdk sig -halg ${HALG} -os sig.bin -oa tmp.bin -qd policies/aaa > run.out checkSuccess $? echo "Verify the signature ${HALG}" ${PREFIX}verifysignature -hk 80000001 -halg ${HALG} -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? done done echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # 80000001 signing key # 02000000 hmac session # 02000001 audit session echo "" echo "Audit with HMAC and audit sessions" echo "" echo "Load the audit signing key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do for HALG in sha1 sha256 sha384 do echo "Start an audit session ${HALG}" ${PREFIX}startauthsession -se h -halg ${HALG} > run.out checkSuccess $? echo "Sign a digest ${HALG}" ${PREFIX}sign -hk 80000001 -halg $HALG -if policies/aaa -os sig.bin -pwdk sig -ipu signpub.bin -se0 02000001 81 > run.out checkSuccess $? echo "Get Session Audit Digest ${SESS}" ${PREFIX}getsessionauditdigest -hs 02000001 -hk 80000001 -pwdk sig -os sig.bin -oa tmp.bin ${SESS} -qd policies/aaa > run.out checkSuccess $? echo "Verify the signature" ${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 02000001 > run.out checkSuccess $? done done echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Certify Creation" echo "" echo "Load the RSA signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Certify the creation data for the primary key 80000000" ${PREFIX}certifycreation -ho 80000000 -hk 80000001 -pwdk sig -tk pritk.bin -ch prich.bin -os sig.bin -oa tmp.bin > run.out checkSuccess $? echo "Verify the signature" ${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "Load the RSA storage key under the primary key" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Certify the creation data for the storage key 80000002" ${PREFIX}certifycreation -ho 80000002 -hk 80000001 -pwdk sig -tk stotk.bin -ch stoch.bin -os sig.bin -oa tmp.bin > run.out checkSuccess $? echo "Verify the signature" ${PREFIX}verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out checkSuccess $? echo "Flush the storage key 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the signing key 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? rm -f tmppriv.bin rm -f tmppub.bin rm -f sig.bin rm -f tmp.bin exit ${WARN} # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testencsession.sh0000755000175000017500000002447613070736653015622 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testencsession.sh 978 2017-04-04 15:37:15Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# TWOAUTH0=(01 01 01 01 21 21 41 41 61) TWOAUTH1=(01 21 41 61 01 41 01 21 01) THREEAUTH0=(01 01 01 01 01 21 41) THREEAUTH1=(01 01 01 21 41 01 01) THREEAUTH2=(21 41 61 41 21 41 21) echo "" echo "Parameter Encryption - Basic" echo "" echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? for MODE0 in xor aes do for MODE1 in xor aes do for MODE2 in xor aes do echo "Start an HMAC auth session with $MODE0 encryption" ${PREFIX}startauthsession -se h -sym $MODE0 > run.out checkSuccess $? echo "Start an HMAC auth session with $MODE1 encryption" ${PREFIX}startauthsession -se h -sym $MODE1 > run.out checkSuccess $? echo "Start an HMAC auth session with $MODE2 encryption" ${PREFIX}startauthsession -se h -sym $MODE2 > run.out checkSuccess $? # one auth for AUTH0 in 21 41 61 do echo "Signing Key Self Certify, one auth $AUTH0" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin \ -se0 02000000 $AUTH0 > run.out checkSuccess $? done # two auth for ((i = 0 ; i < 9; i++)) do echo "Signing Key Self Certify, two auth ${TWOAUTH0[i]} ${TWOAUTH1[i]}" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin \ -se0 02000000 ${TWOAUTH0[i]} -se1 02000001 ${TWOAUTH1[i]} > run.out checkSuccess $? done # three auth for ((i = 0 ; i < 7; i++)) do echo "Signing Key Self Certify, three auth ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin \ -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out checkSuccess $? done echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000001 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000002 > run.out checkSuccess $? done done done echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Create a signing key, policy command code certify" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policycccertify.bin > run.out checkSuccess $? echo "" echo "Salt encrypt and decrypt HMAC sessions" echo "" echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Start an auth session" ${PREFIX}startauthsession -se h -hs 80000000 > run.out checkSuccess $? echo "Start an auth session" ${PREFIX}startauthsession -se h -hs 80000000 > run.out checkSuccess $? echo "Start an encrypt session" ${PREFIX}startauthsession -se h -hs 80000000 > run.out checkSuccess $? for ((i = 0 ; i < 7 ; i++)) do echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin \ -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out checkSuccess $? done echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000001 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000002 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Bind encrypt and decrypt HMAC sessions" echo "" echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Start an auth session" ${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out checkSuccess $? echo "Start an auth session" ${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out checkSuccess $? echo "Start an encrypt session" ${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out checkSuccess $? for ((i = 0 ; i < 7 ; i++)) do echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin \ -se0 02000000 ${THREEAUTH0[i]} -se1 02000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out checkSuccess $? done echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000001 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000002 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # policycccertify.txt 0000016c00000148 # policymaker -if policies/policycccertify.txt -of policies/policycccertify.bin -v -pr # 04 8e 9a 3a ce 08 58 3f 79 f3 44 ff 78 5b be a9 # f0 7a c7 fa 33 25 b3 d4 9a 21 dd 51 94 c6 58 50 echo "" echo "Salt encrypt and decrypt policy sessions" echo "" echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start an auth session" ${PREFIX}startauthsession -se h -hs 80000000 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -hs 80000000 > run.out checkSuccess $? echo "Start an encrypt session" ${PREFIX}startauthsession -se h -hs 80000000 > run.out checkSuccess $? for ((i = 0 ; i < 7 ; i++)) do echo "Policy restart" ${PREFIX}policyrestart -ha 03000001 checkSuccess $? echo "Policy command code - certify" ${PREFIX}policycommandcode -ha 03000001 -cc 148 > run.out checkSuccess $? echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk sig -qd policies/aaa -os sig.bin -oa tmp.bin \ -se0 02000000 ${THREEAUTH0[i]} -se1 03000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out checkSuccess $? done echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 03000001 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000002 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Bind encrypt and decrypt policy sessions" echo "" echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start an auth session" ${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -bi 80000001 -pwdb sig > run.out checkSuccess $? echo "Start an encrypt session" ${PREFIX}startauthsession -se h -bi 80000001 -pwdb sig > run.out checkSuccess $? for ((i = 0 ; i < 7 ; i++)) do echo "Policy restart" ${PREFIX}policyrestart -ha 03000001 checkSuccess $? echo "Policy command code - certify" ${PREFIX}policycommandcode -ha 03000001 -cc 148 > run.out checkSuccess $? echo "Signing Key Self Certify, three auth, salted parameter encryption ${THREEAUTH0[i]} ${THREEAUTH1[i]} ${THREEAUTH2[i]}" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk xxx -qd policies/aaa -os sig.bin -oa tmp.bin \ -se0 02000000 ${THREEAUTH0[i]} -se1 03000001 ${THREEAUTH1[i]} -se2 02000002 ${THREEAUTH2[i]} > run.out checkSuccess $? done echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 03000001 > run.out checkSuccess $? echo "Flush the sessions" ${PREFIX}flushcontext -ha 02000002 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 ./utils/regtests/testnvpin.sh0000755000175000017500000004123313075663254014572 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testnvpin.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # PIN Pass index name is # 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09 # 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da # ad 81 # Policy Secret using PIN Pass index is # 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83 # 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d # PIN Fail index name is # 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0 # b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01 # c4 be # Policy Secret using PIN Fail index is # 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c # 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df # 01000000 is PIN pass or PIN fail index # 01000001 is ordinary index with PIN pass policy # 01000002 is ordinary index with PIN fail policy echo "" echo "NV PIN Index" echo "" echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000" ${PREFIX}nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out checkSuccess $? echo "Platform write to set written bit" ${PREFIX}nvwrite -ha 01000001 -hia p -ic 0 > run.out checkSuccess $? echo "NV Define Space, 01000002, ordinary index, with policysecret for pin pass fail 01000000" ${PREFIX}nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin > run.out checkSuccess $? echo "Platform write to set written bit" ${PREFIX}nvwrite -ha 01000002 -hia p -ic 0 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "" echo "NV PIN Pass Index" echo "" echo "Set phEnableNV" ${PREFIX}hierarchycontrol -hi p -he n > run.out checkSuccess $? echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth" ${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out checkSuccess $? echo "Policy Secret with PWAP session, not written - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Platform write, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Platform read does not affect count" ${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out checkSuccess $? echo "Platform read does not affect count, should succeed" ${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out checkSuccess $? echo "Policy Secret with PWAP session, platform auth" ${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out checkSuccess $? echo "Policy write, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session, platform auth" ${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out checkSuccess $? echo "Policy read" ${PREFIX}nvread -ha 01000000 -se0 03000000 1 > run.out checkSuccess $? echo "Platform write, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Index read" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out checkSuccess $? echo "Index read, no uses - should fail" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out checkFailure $? echo "Platform read, no uses" ${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out checkSuccess $? echo "" echo "NV PIN Pass Index in Policy Secret" echo "" echo "Policy Secret with PWAP session, bad password - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out checkFailure $? echo "Platform write, 01000000, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out checkFailure $? echo "Policy Secret with PWAP session" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "Policy Secret with PWAP session, pinCount used - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Policy Get Digest, 50 b9 63 d6 ..." ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Read ordinary index using PIN pass policy secret" ${PREFIX}nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out checkSuccess $? echo "Platform write, 01000000, 1 use, 1 / 2" ${PREFIX}nvwrite -ha 01000000 -hia p -id 1 2 > run.out checkSuccess $? echo "Policy Secret with PWAP session" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "Platform write, 0 uses, 0 / 0" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 0 > run.out checkSuccess $? echo "Policy Secret with PWAP session, pinCount used - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Platform write, 1 use. 1 / 1, already used" ${PREFIX}nvwrite -ha 01000000 -hia p -id 1 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session, pinCount used - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Platform write, 0 uses. 2 / 1, already used" ${PREFIX}nvwrite -ha 01000000 -hia p -id 2 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session, pinCount used - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "" echo "NV PIN Pass Index with Write Lock" echo "" echo "Platform write, 01000000, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Write lock, 01000000" ${PREFIX}nvwritelock -ha 01000000 -hia p > run.out checkSuccess $? echo "Policy Secret with PWAP session" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "Policy Secret with PWAP session, pinCount used - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Platform write, 01000000, locked - should fail" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkFailure $? echo "Reboot" ${PREFIX}powerup > run.out checkSuccess $? echo "Startup" ${PREFIX}startup > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Platform write, 01000000, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "" echo "NV PIN Pass Index with Read Lock" echo "" echo "Platform write, 01000000, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Read lock, 01000000" ${PREFIX}nvreadlock -ha 01000000 -hia p > run.out checkSuccess $? echo "Platform read, locked - should fail" ${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out checkFailure $? echo "Policy Secret with PWAP session, read locked" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "" echo "NV PIN Pass Index with phEnableNV clear" echo "" echo "Platform write, 01000000, 1 use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Clear phEnableNV" ${PREFIX}hierarchycontrol -hi p -he n -state 0 > run.out checkSuccess $? echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Set phEnableNV" ${PREFIX}hierarchycontrol -hi p -he n -state 1 > run.out checkSuccess $? echo "" echo "Cleanup NV PIN Pass" echo "" echo "NV Undefine Space, 01000000 " ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "Flush the policy session, 03000000 " ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "" echo "NV PIN Fail Index" echo "" echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth" ${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out checkSuccess $? echo "Policy Secret with PWAP session, not written - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Platform write, 1 failure, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Platform read" ${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out checkSuccess $? echo "Platform read with bad password - should fail" ${PREFIX}nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out checkFailure $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy Secret with PWAP session, platform auth" ${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out checkSuccess $? echo "Policy write, 01000000, 1 failure" ${PREFIX}nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session, platform auth" ${PREFIX}policysecret -ha 4000000c -hs 03000000 > run.out checkSuccess $? echo "Policy read, 01000000" ${PREFIX}nvread -ha 01000000 -sz 8 -se0 03000000 1 > run.out checkSuccess $? echo "Platform write, 01000000, 1 failure" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Index read, 01000000, correct password" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out checkSuccess $? echo "Index read, 01000000, bad password - should fail" ${PREFIX}nvread -ha 01000000 -pwdn nn -sz 8 > run.out checkFailure $? echo "Index read, 01000000, correct password - should fail" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out checkFailure $? echo "Platform write, 01000000, 1 failure" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Index read, 01000000" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out checkSuccess $? echo "" echo "NV PIN Fail Index in Policy Secret" echo "" echo "Platform write, 2 failures, 0 / 2" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 2 > run.out checkSuccess $? echo "Policy Secret with PWAP session, good password" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out checkFailure $? echo "Policy Secret with PWAP session, good password, resets pinCount" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out checkFailure $? echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out checkFailure $? echo "Policy Secret with PWAP session, good password - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Platform write, 1 failure use, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session, good password, resets pinCount" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "Platform write, 0 failures, 1 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 1 1 > run.out checkSuccess $? echo "Policy Secret with PWAP session, good password, resets pinCount" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "" echo "NV PIN Fail Index with Write Lock" echo "" echo "Platform write, 01000000, 1 fail, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Write lock, 01000000" ${PREFIX}nvwritelock -ha 01000000 -hia p > run.out checkSuccess $? echo "Policy Secret with PWAP session" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "Platform write, 01000000, locked - should fail" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkFailure $? echo "Reboot" ${PREFIX}powerup > run.out checkSuccess $? echo "Startup" ${PREFIX}startup > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "" echo "NV PIN Fail Index with Read Lock" echo "" echo "Platform write, 01000000, 1 failure, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Read lock 01000000" ${PREFIX}nvreadlock -ha 01000000 -hia p > run.out checkSuccess $? echo "Platform read, locked - should fail" ${PREFIX}nvread -ha 01000000 -hia p -sz 8 > run.out checkFailure $? echo "Policy Secret with PWAP session, read locked" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkSuccess $? echo "" echo "NV PIN Fail Index with phEnableNV clear" echo "" echo "Platform write, 01000000, 1 failure, 0 / 1" ${PREFIX}nvwrite -ha 01000000 -hia p -id 0 1 > run.out checkSuccess $? echo "Clear phEnableNV" ${PREFIX}hierarchycontrol -hi p -he n -state 0 > run.out checkSuccess $? echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out checkFailure $? echo "Set phEnableNV" ${PREFIX}hierarchycontrol -hi p -he n -state 1 > run.out checkSuccess $? echo "" echo "Cleanup" echo "" echo "NV Undefine Space 01000000" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "NV Undefine Space 01000001" ${PREFIX}nvundefinespace -hi o -ha 01000001 > run.out checkSuccess $? echo "NV Undefine Space 01000002" ${PREFIX}nvundefinespace -hi o -ha 01000002 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 03000000 > run.out > run.out checkSuccess $? echo "Recreate the primary key" ${PREFIX}createprimary -hi p -pwdk pps > run.out checkSuccess $? echo "" echo "NV PIN define space" echo "" echo "NV Define Space, 01000000, no write auth - should fail" ${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out checkFailure $? echo "NV Define Space, 01000000, no read auth - should fail" ${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out checkFailure $? echo "NV Define Space, 01000000, PIN Pass, auth write - should fail" ${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out checkFailure $? echo "NV Define Space, 01000000, PIN Fail, auth write - should fail" ${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out checkFailure $? echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail" ${PREFIX}nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out checkFailure $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 # ${PREFIX}getcapability -cap 1 -pr 01000000 ./utils/regtests/testchangeseed.bat0000644000175000017500000001417312640606051015647 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testchangeseed.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Change PPS" echo "" echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change PPS, no password" %TPM_EXE_PATH%changepps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set platform hierarchy auth" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change PPS, bad password" %TPM_EXE_PATH%changepps > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Change PPS, good password" %TPM_EXE_PATH%changepps -pwda ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear platform hierarchy auth" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary key - platform hierarchy" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change PPS - flushes primary key" %TPM_EXE_PATH%changepps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the flushed primary key, should fail" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a different primary key - new PPS" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the new primary key, should fail" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 echo "" echo "Change EPS" echo "" echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change EPS, no password" %TPM_EXE_PATH%changeeps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary key - endorsement hierarchy" %TPM_EXE_PATH%createprimary -hi e -pwdk 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change EPS, no password" %TPM_EXE_PATH%changeeps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the flushed primary key, should fail" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a different primary key - new EPS" %TPM_EXE_PATH%createprimary -hi e -pwdk 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the new primary key, should fail" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a storage key under the new primary key" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp 111 -pwdk 222 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the new primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testhmac.bat0000644000175000017500000002263113013166507014471 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testhmac.bat 820 2016-11-16 23:35:35Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Keyed hash HMAC key" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM session 02000000 REM loaded HMAC key 80000001 REM primary HMAC key 80000001 REM sequence object 80000002 for %%H in (sha1 sha256 sha384) do ( for %%S in ("" "-se0 02000000 1") do ( echo "Load the %%H keyed hash key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr khpriv%%H.bin -ipu khpub%%H.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H using the keyed hash key, message from file %%~S" %TPM_EXE_PATH%hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khk -halg %%H %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H start using the keyed hash key %%~S" %TPM_EXE_PATH%hmacstart -hk 80000001 -pwdk khk -pwda aaa %%~S -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H sequence update %%~S" %TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H sequence complete %%~S" %TPM_EXE_PATH%sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the HMAC %%H using the two methods" diff sig.bin tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H using the keyed hash key, message from command line %%~S" %TPM_EXE_PATH%hmac -hk 80000001 -ic 1234567890123456 -os sig.bin -pwdk khk -halg %%H %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the HMAC %%H using the two methods" diff sig.bin tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the %%H HMAC key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create primary HMAC key - $HALG" %TPM_EXE_PATH%createprimary -kh -halg %%H -pwdk khp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H using the keyed hash primary key %%~S" %TPM_EXE_PATH%hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khp -halg %%H %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H start using the keyed hash primary key %%~S" %TPM_EXE_PATH%hmacstart -hk 80000001 -pwdk khp -pwda aaa %%~S -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H sequence update %%~S" %TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "HMAC %%H sequence complete %%~S" %TPM_EXE_PATH%sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the HMAC %%H using the two methods" diff sig.bin tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the %%H primary HMAC key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "" echo "Hash" echo "" for %%H in (sha1 sha256 sha384) do ( for %%S in ("" "-se0 02000000 1") do ( echo "Hash %%H in one call, data from file" %TPM_EXE_PATH%hash -hi p -halg %%H -if policies/aaa -oh tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the hash %%H" diff tmp.bin policies/%%Haaa.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash %%H in one cal, data on command linel" %TPM_EXE_PATH%hash -hi p -halg %%H -ic aaa -oh tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the hash %%H" diff tmp.bin policies/%%Haaa.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash %%H sequence start" %TPM_EXE_PATH%hashsequencestart -halg %%H -pwda aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash %%H sequence update %%~S" %TPM_EXE_PATH%sequenceupdate -hs 80000001 -pwds aaa -if policies/aaa %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash %%H sequence complete %%~S" %TPM_EXE_PATH%sequencecomplete -hi p -hs 80000001 -pwds aaa -of tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the %%H hash" diff tmp.bin policies/%%Haaa.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 echo "" echo "Sign with ticket" echo "" echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signrpriv.bin -ipu signrpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash and create ticket" %TPM_EXE_PATH%hash -hi p -halg sha256 -if msg.bin -oh sig.bin -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with a restricted signing key and no ticket - should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with a restricted signing key and ticket" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash and create null ticket, msg with TPM_GENERATED" %TPM_EXE_PATH%hash -hi p -halg sha256 -if policies/msgtpmgen.bin -oh sig.bin -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with a restricted signing key and ticket - should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg $HALG -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Hash sequence start" %TPM_EXE_PATH%hashsequencestart -halg sha256 -pwda aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash sequence update " %TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if msg.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash sequence complete" %TPM_EXE_PATH%sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with a restricted signing key and no ticket - should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with a restricted signing key and ticket" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash sequence start" %TPM_EXE_PATH%hashsequencestart -halg sha256 -pwda aaa -halg sha256 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash sequence update, msg with TPM_GENERATED" %TPM_EXE_PATH%sequenceupdate -hs 80000002 -pwds aaa -if policies/msgtpmgen.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Hash sequence complete" %TPM_EXE_PATH%sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with a restricted signing key and ticket - should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg $HALG -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testunseal.bat0000644000175000017500000001660512753413247015062 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testunseal.bat 717 2016-08-12 18:34:15Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Seal and Unseal to Password" echo "" echo "Create a sealed data object" %TPM_EXE_PATH%create -hp 80000000 -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sea -if msg.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the sealed data object" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Unseal the data blob" %TPM_EXE_PATH%unseal -ha 80000001 -pwd sea -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the unsealed result" diff msg.bin tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Unseal with bad password - should fail" %TPM_EXE_PATH%unseal -ha 80000001 -pwd xxx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the sealed object" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary sealed data object" %TPM_EXE_PATH%createprimary -bl -kt f -kt p -pwdk seap -if msg.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Unseal the primary data blob" %TPM_EXE_PATH%unseal -ha 80000001 -pwd seap -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the unsealed result" diff msg.bin tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary sealed object" %TPM_EXE_PATH%flushcontext -ha 80000001 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM SHA-1 REM extend of aaa + 0 pad to digest length REM 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 REM 98 1a a0 a0 REM paste that with no white space to file policypcr16aaasha1.txt REM create AND term for policy PCR, PCR 16 REM > policymakerpcr -halg sha1 -bm 10000 -if policies/policypcr16aaasha1.txt -v -pr -of policies/policypcr.txt REM 0000017f00000001000403000001cbf1e9f771d215a017e17979cfd7184f4b674a4d REM convert to binary policy REM > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcr16aaasha1.bin -pr -v REM 12 b6 dd 16 43 82 ca e4 5d 0e d0 7f 9e 51 d1 63 REM a4 24 f5 f2 REM SHA-256 REM extend of aaa + 0 pad to digest length REM c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 REM 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb REM paste that with no white space to file policypcr16aaasha256.txt REM create AND term for policy PCR, PCR 16 REM > policymakerpcr -bm 10000 -if policies/policypcr16aaasha256.txt -v -pr -of policies/policypcr.txt REM 0000017f00000001000b030000012c28901f71751debfba3f3b5bf3be9c54b8b2f8c1411f2c117a0e838ee4e6c13 REM convert to binary policy REM > policymaker -if policies/policypcr.txt -of policies/policypcr16aaasha256.bin -pr -v REM 76 44 f6 11 ea 10 d7 60 da b9 36 c3 95 1e 1d 85 REM ec db 84 ce 9a 79 03 dd e1 c7 e0 a2 d9 09 a0 13 REM sealed blob 80000001 REM policy session 03000000 echo "" echo "Seal and Unseal to PCRs" echo "" for %%H in (sha1 sha256 ) do ( echo "Create a sealed data object %%H" %TPM_EXE_PATH%create -hp 80000000 -nalg %%H -bl -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sea -if msg.bin -pol policies/policypcr16aaa%%H.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the sealed data object" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session %%H" %TPM_EXE_PATH%startauthsession -se p -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR 16 Reset" %TPM_EXE_PATH%pcrreset -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Unseal the data blob - policy failure, policypcr not run" %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy PCR, update with the wrong PCR 16 value" %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 10000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Unseal the data blob - policy failure, PCR 16 incorrect" %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Extend PCR 16 to correct value" %TPM_EXE_PATH%pcrextend -halg %%H -ha 16 -if policies/aaa IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy PCR, update with the correct PCR 16 value" %TPM_EXE_PATH%policypcr -halg %%H -ha 03000000 -bm 10000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Unseal the data blob" %TPM_EXE_PATH%unseal -ha 80000001 -of tmp.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the unsealed result" diff msg.bin tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sealed object" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) exit /B 0 REM getcapability -cap 1 -pr 80000000 ./utils/regtests/.cvsignore0000644000175000017500000000001512541060044014153 0ustar lo1lo1testdevel.sh ./utils/regtests/testpolicy.sh0000755000175000017500000011244313075663254014741 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testpolicy.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # used for the name in policy ticket if [ -z $TPM_DATA_DIR ]; then TPM_DATA_DIR=. fi echo "" echo "Policy Command Code" echo "" echo "Create a signing key under the primary key - policy command code - sign" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Sign a digest" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out checkSuccess $? # sign with correct policy command code # cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16 # 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811 echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Sign a digest - policy, should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Policy get digest - should be cc69 ..." ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy and wrong password" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out checkSuccess $? echo "Sign a digest - policy, should fail, session used " ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? # quote with bad policy or bad command # echo "Start a policy session" # ${PREFIX}startauthsession -se p > run.out # checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Quote - PWAP" ${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Quote - policy, should fail" ${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? # echo "Flush the session" # ${PREFIX}flushcontext -ha 03000000 > run.out # checkSuccess $? # echo "Start a policy session" # ${PREFIX}startauthsession -se p > run.out # checkSuccess $? echo "Policy command code - quote" ${PREFIX}policycommandcode -ha 03000000 -cc 158 > run.out checkSuccess $? echo "Quote - policy, should fail" ${PREFIX}quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out checkFailure $? # echo "Flush the session" # ${PREFIX}flushcontext -ha 03000000 > run.out # checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Policy Command Code and Policy Password / Authvalue" echo "" echo "Create a signing key under the primary key - policy command code - sign, auth" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? # policypassword echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy, should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Sign a digest - policy, should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Policy password" ${PREFIX}policypassword -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy, no password should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Sign a digest - policy, password" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out checkSuccess $? # policyauthvalue # echo "Start a policy session" # ${PREFIX}startauthsession -se p > run.out # checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Policy authvalue" ${PREFIX}policyauthvalue -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy, no password should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Sign a digest - policy, password" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 -pwdk sig > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Policy Password and Policy Authvalue flags" echo "" for COMMAND in policypassword policyauthvalue do echo "Create a signing key under the primary key - policy command code - sign, auth" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Policy ${COMMAND}" ${PREFIX}${COMMAND} -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy, password" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out checkSuccess $? echo "Flush signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Create a signing key under the primary key - policy command code - sign" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Sign a digest - policy and wrong password" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out checkSuccess $? echo "Flush signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? done echo "" echo "Policy Signed" echo "" # create rsaprivkey.pem # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 # extract the public key # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem # sign a test message msg.bin # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin # # create the policy: # after loadexternal, get the name from ${TPM_DATA_DIR}/h80000001.bin # 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f # 00000160 plus the above name as text, add a blank line for empty policyRef # to create policies/policysigned.txt # # > policymaker -if policies/policysigned.txt -of policies/policysigned.bin -pr # # 0000016000044234c24fc1b9de6693a62453417d2734d7538f6f # # 9d 81 7a 4e e0 76 eb b5 cf ee c1 82 05 cc 4c 01 # b3 a0 5e 59 a9 b9 65 a1 59 af 1e cd 3d bf 54 fb # # 80000000 primary key # 80000001 verification public key # 80000002 signing key with policy # 03000000 policy session echo "Load external just the public part of PEM at 80000001" ${PREFIX}loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out checkSuccess $? echo "Sign a test message with openssl" openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin echo "Verify the signature with 80000001" ${PREFIX}verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out checkSuccess $? echo "Create a signing key under the primary key - policy signed" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policysigned.bin > run.out checkSuccess $? echo "Load the signing key under the primary key, at 80000002" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Sign a digest - policy, should fail" ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Policy signed" ${PREFIX}policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg sha1 -pwdk rrrr > run.out checkSuccess $? echo "Get policy digest, should be f877 ..." ${PREFIX}policygetdigest -ha 03000000 -of tmppol.bin > run.out checkSuccess $? echo "Sign a digest - policy signed" ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Start a policy session - save nonceTPM" ${PREFIX}startauthsession -se p -on noncetpm.bin > run.out checkSuccess $? echo "Policy signed with nonceTPM and expiration, create a ticket" ${PREFIX}policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg sha1 -pwdk rrrr -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out checkSuccess $? echo "Sign a digest - policy signed" ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy ticket" ${PREFIX}policyticket -ha 03000000 -to to.bin -na ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out checkSuccess $? echo "Sign a digest - policy ticket" ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Flush the verification public key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 # getcapability -cap 1 -pr 03000000 # exit 0 echo "" echo "Policy Secret with Platform Auth" echo "" # 4000000c platform # 80000000 primary key # 80000001 signing key with policy # 03000000 policy session # 02000001 hmac session echo "Change platform hierarchy auth" ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out checkSuccess $? echo "Create a signing key under the primary key - policy secret using platform auth" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policysecretp.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -on noncetpm.bin > run.out checkSuccess $? echo "Sign a digest - policy, should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkFailure $? echo "Policy Secret with PWAP session, create a ticket" ${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out checkSuccess $? echo "Sign a digest - policy secret" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -on noncetpm.bin > run.out checkSuccess $? echo "Policy Secret using primary key, create a ticket" ${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out checkSuccess $? echo "Sign a digest - policy secret" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy ticket" ${PREFIX}policyticket -ha 03000000 -to to.bin -hi p -tk tkt.bin > run.out checkSuccess $? echo "Sign a digest - policy ticket" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -on noncetpm.bin > run.out checkSuccess $? echo "Start an HMAC session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Policy Secret with HMAC session" ${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp -se0 02000001 0 > run.out checkSuccess $? echo "Sign a digest - policy secret" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Change platform hierarchy auth back to null" ${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Policy Secret with NV Auth" echo "" # Name is # 00 0b e0 65 10 81 c2 fc da 30 69 93 da 43 d1 de # 5b 24 be 42 6e 2d 61 90 7b 42 83 54 69 13 6c 97 # 68 1f # Policy is # c6 93 f9 b0 ef 1a b7 1e ca ae 00 af 1f 0b f4 88 # 37 9e ab 16 c1 f8 0d 9f f9 6d 90 41 4e 2f c6 b3 echo "NV Define Space 0100000" ${PREFIX}nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 -pwdn nnn > run.out checkSuccess $? echo "Create a signing key under the primary key - policy secret NV auth" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policysecretnv.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -on noncetpm.bin > run.out checkSuccess $? echo "Sign a digest - policy, should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkFailure $? echo "Policy Secret with PWAP session" ${PREFIX}policysecret -ha 01000000 -hs 03000000 -pwde nnn -in noncetpm.bin > run.out checkSuccess $? echo "Sign a digest - policy secret" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "NV Undefine Space 0100000" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "" echo "Policy Authorize" echo "" # 80000000 primary # 80000001 verification public key, openssl # 80000002 signing key # 03000000 policy session # Name for 80000001 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f # # policyauthorize.txt # 0000016a00044234c24fc1b9de6693a62453417d2734d7538f6f # # (need blank line for policyRef) # # > policymaker -if policies/policyauthorize.txt -of policies/policyauthorize.bin -pr # # 46 d4 8c 7e 17 0a 71 ca 9e 1f c7 e1 77 e5 7b 53 # 75 df c4 3a 44 c9 65 4b 18 97 ce b1 92 e0 21 50 echo "Create a signing key with policy authorize" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyauthorize.bin > run.out checkSuccess $? echo "Load external just the public part of PEM authorizing key" ${PREFIX}loadexternal -hi p -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Get policy digest, should be zero" ${PREFIX}policygetdigest -ha 03000000 -of policyapproved.bin > run.out checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Get policy digest, should be policy to approve, aHash input" ${PREFIX}policygetdigest -ha 03000000 -of policyapproved.bin > run.out checkSuccess $? echo "Openssl generate and sign aHash (empty policyRef)" openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policyapproved.bin echo "Verify the signature to generate ticket" ${PREFIX}verifysignature -hk 80000001 -halg sha1 -if policyapproved.bin -is pssig.bin -raw -tk tkt.bin > run.out checkSuccess $? echo "Policy authorize using the ticket" ${PREFIX}policyauthorize -ha 03000000 -appr policyapproved.bin -skn ${TPM_DATA_DIR}/h80000001.bin -tk tkt.bin > run.out checkSuccess $? echo "Get policy digest, should be policy authorize" ${PREFIX}policygetdigest -ha 03000000 -of policyapproved.bin > run.out checkSuccess $? echo "Sign a digest" ${PREFIX}sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "Flush the verification public key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? # getcapability -cap 1 -pr 80000000 # getcapability -cap 1 -pr 02000000 # getcapability -cap 1 -pr 03000000 # exit 0 echo "" echo "Set Primary Policy" echo "" echo "Platform policy empty" ${PREFIX}setprimarypolicy -hi p > run.out checkSuccess $? echo "Platform policy empty, bad password" ${PREFIX}setprimarypolicy -hi p -pwda ppp > run.out checkFailure $? echo "Set platform hierarchy auth" ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out checkSuccess $? echo "Platform policy empty, bad password" ${PREFIX}setprimarypolicy -hi p > run.out checkFailure $? echo "Platform policy empty" ${PREFIX}setprimarypolicy -hi p -pwda ppp > run.out checkSuccess $? echo "Platform policy to policy secret platform auth" ${PREFIX}setprimarypolicy -hi p -pwda ppp -halg sha256 -pol policies/policysecretp.bin > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy Secret with PWAP session" ${PREFIX}policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out checkSuccess $? echo "Change platform hierarchy auth to null with policy secret" ${PREFIX}hierarchychangeauth -hi p -se0 03000000 0 > run.out checkSuccess $? echo "" echo "Policy PCR no select" echo "" # create AND term for policy PCR # > policymakerpcr -halg sha1 -bm 0 -v -pr -of policies/policypcr.txt # 0000017f00000001000403000000da39a3ee5e6b4b0d3255bfef95601890afd80709 # convert to binary policy # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v # 6d 38 49 38 e1 d5 8b 56 71 92 55 94 3f 06 69 66 # b6 fa 2c 23 echo "Create a signing key with policy PCR no select" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -nalg sha1 -pol policies/policypcrbm0.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -halg sha1 -se p > run.out checkSuccess $? echo "Policy PCR, update with the correct digest" ${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out checkSuccess $? echo "Policy get digest - should be 6d 38 49 38 ... " ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Sign, should succeed" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkSuccess $? echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Policy PCR, update with the correct digest" ${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 0 > run.out checkSuccess $? echo "PCR extend PCR 0, updates pcr counter" ${PREFIX}pcrextend -ha 0 -halg sha1 -ic policies/aaa > run.out checkSuccess $? echo "Sign, should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Flush the policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "Flush the key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Policy PCR 16" echo "" # policypcr0.txt has 20 * 00 # create AND term for policy PCR # > policymakerpcr -halg sha1 -bm 010000 -if policies/policypcr0.txt -v -pr -of policies/policypcr.txt # 0000017f000000010004030000016768033e216468247bd031a0a2d9876d79818f8f # convert to binary policy # > policymaker -halg sha1 -if policypcr.txt -of policypcr.bin -pr -v # 85 33 11 83 19 03 12 f5 e8 3c 60 43 34 6f 9f 37 # 21 04 76 8e echo "Create a signing key with policy PCR PCR 16 zero" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -nalg sha1 -pol policies/policypcr.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Reset PCR 16 back to zero" ${PREFIX}pcrreset -ha 16 > run.out checkSuccess $? echo "Read PCR 16, should be 00 00 00 00 ..." ${PREFIX}pcrread -ha 16 -halg sha1 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "Sign, policy not satisfied - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkFailure $? echo "Policy PCR, update with the correct digest" ${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out checkSuccess $? echo "Policy get digest - should be 85 33 11 83 ..." ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Sign, should succeed" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkSuccess $? echo "PCR extend PCR 16" ${PREFIX}pcrextend -ha 16 -halg sha1 -ic policies/aaa > run.out checkSuccess $? echo "Read PCR 0, should be 1d 47 f6 8a ..." ${PREFIX}pcrread -ha 16 -halg sha1 > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "Policy PCR, update with the wrong digest" ${PREFIX}policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out checkSuccess $? echo "Policy get digest - should be 66 dd e5 e3" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Sign - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out checkFailure $? echo "Flush the policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "Flush the key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # 01000000 authorizing ndex # 01000001 authorized index # 03000000 policy session # # 4 byte NV index # policynv.txt # policy CC_PolicyNV || args || Name # # policynvargs.txt (binary) # args = hash of 0000 0000 0000 0000 | 0000 | 0000 (eight bytes of zero | offset | op ==) # hash -hi n -halg sha1 -if policynvargs.txt -v # openssl dgst -sha1 policynvargs.txt # 2c513f149e737ec4063fc1d37aee9beabc4b4bbf # # NV authorizing index # # after defining index and NV write to set written, use # ${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 # to get name # 00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c # # append Name to policynvnv.txt # # convert to binary policy # > policymaker -halg sha1 -if policynvnv.txt -of policynvnv.bin -pr -v # bc 9b 4c 4f 7b 00 66 19 5b 1d d9 9c 92 7e ad 57 e7 1c 2a fc # # file zero8.bin has 8 bytes of hex zero echo "" echo "Policy NV, NV index authorizing" echo "" echo "Define a setbits index, authorizing index" ${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -ty b > run.out checkSuccess $? echo "NV Read public, get Name, not written" ${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out checkSuccess $? echo "NV setbits to set written" ${PREFIX}nvsetbits -ha 01000000 -pwdn nnn > run.out checkSuccess $? echo "NV Read public, get Name, written" ${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out checkSuccess $? echo "NV Read, should be zero" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out checkSuccess $? echo "Define an ordinary index, authorized index, policyNV" ${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out checkSuccess $? echo "NV Read public, get Name, not written" ${PREFIX}nvreadpublic -ha 01000001 -nalg sha1 > run.out checkSuccess $? echo "NV write to set written" ${PREFIX}nvwrite -ha 01000001 -pwdn nnn -ic aa > run.out checkSuccess $? echo "Start policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "NV write, policy not satisfied - should fail" ${PREFIX}nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out checkFailure $? echo "Policy get digest, should be 0" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Policy NV to satisfy the policy" ${PREFIX}policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out checkSuccess $? echo "Policy get digest, should be bc 9b 4c 4f ..." ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "NV write, policy satisfied" ${PREFIX}nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out checkSuccess $? echo "Set bit in authorizing NV index" ${PREFIX}nvsetbits -ha 01000000 -pwdn nnn -bit 0 > run.out checkSuccess $? echo "NV Read, should be 1" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 8 > run.out checkSuccess $? echo "Policy NV to satisfy the policy - should fail" ${PREFIX}policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out checkFailure $? echo "Policy get digest, should be 00 00 00 00 ..." ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "NV Undefine authorizing index" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "NV Undefine authorized index" ${PREFIX}nvundefinespace -hi p -ha 01000001 > run.out checkSuccess $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "" echo "Policy NV Written" echo "" echo "Define an ordinary index, authorized index, policyNV" ${PREFIX}nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out checkSuccess $? echo "NV Read public, get Name, not written" ${PREFIX}nvreadpublic -ha 01000000 -nalg sha1 > run.out checkSuccess $? echo "Start policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "NV write, policy not satisfied - should fail" ${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out checkFailure $? echo "Policy NV Written no, does not satisfy policy" ${PREFIX}policynvwritten -hs 03000000 -ws n > run.out checkSuccess $? echo "NV write, policy not satisfied - should fail" ${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out checkFailure $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "Start policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "Policy NV Written yes, satisfy policy" ${PREFIX}policynvwritten -hs 03000000 -ws y > run.out checkSuccess $? echo "NV write, policy satisfied but written clear - should fail" ${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out checkFailure $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "NV write using password, set written" ${PREFIX}nvwrite -ha 01000000 -ic aa -pwdn nnn > run.out checkSuccess $? echo "Start policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "Policy NV Written yes, satisfy policy" ${PREFIX}policynvwritten -hs 03000000 -ws y > run.out checkSuccess $? echo "NV write, policy satisfied" ${PREFIX}nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out checkSuccess $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "Start policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "Policy NV Written no" ${PREFIX}policynvwritten -hs 03000000 -ws n > run.out checkSuccess $? echo "Policy NV Written yes - should fail" ${PREFIX}policynvwritten -hs 03000000 -ws y > run.out checkFailure $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "NV Undefine authorizing index" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? # test using clockrateadjust # policycphashhash.txt is (hex) 00000130 4000000c 000 # hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha1 -v # openssl dgst -sha1 policycphashhash.txt # cpHash is # b5f919bbc01f0ebad02010169a67a8c158ec12f3 # append to policycphash.txt 00000163 + cpHash # policymaker -halg sha1 -if policycphash.txt -of policycphash.bin -pr # 06 e4 6c f9 f3 c7 0f 30 10 18 7c a6 72 69 b0 84 b4 52 11 6f echo "" echo "Policy cpHash" echo "" echo "Set the platform policy to policy cpHash" ${PREFIX}setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha1 > run.out checkSuccess $? echo "Clockrate adjust using wrong password - should fail" ${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out checkFailure $? echo "Start policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "Clockrate adjust, policy not satisfied - should fail" ${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out checkFailure $? echo "Policy cpHash, satisfy policy" ${PREFIX}policycphash -ha 03000000 -cp policies/policycphashhash.bin > run.out checkSuccess $? echo "Policy get digest, should be 06 e4 6c f9" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Clockrate adjust, policy satisfied but bad command params - should fail" ${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 1 -se0 03000000 1 > run.out checkFailure $? echo "Clockrate adjust, policy satisfied" ${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out checkSuccess $? echo "Clear the platform policy" ${PREFIX}setprimarypolicy -hi p > run.out checkSuccess $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? # test using clockrateadjust and platform policy # operand A time is 64 bits at offset 0, operation GT (2) # policycountertimerargs.txt (binary) # args = hash of operandB | offset | operation # 0000 0000 0000 0000 | 0000 | 0002 # hash -hi n -halg sha1 -if policycountertimerargs.txt -v # openssl dgst -sha1 policycountertimerargs.txt # 7a5836fe287e11ac39ee88d3c0794916d50b73c3 # # policycountertimer.txt # policy CC_PolicyCounterTimer || args # 0000016d + args # convert to binary policy # > policymaker -halg sha1 -if policycountertimer.txt -of policycountertimer.bin -pr -v # e6 84 81 27 55 c0 39 d3 68 63 21 c8 93 50 25 dd aa 26 42 9a echo "" echo "Policy Counter Timer" echo "" echo "Set the platform policy to policy " ${PREFIX}setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha1 > run.out checkSuccess $? echo "Clockrate adjust using wrong password - should fail" ${PREFIX}clockrateadjust -hi p -pwdp ppp -adj 0 > run.out checkFailure $? echo "Start policy session" ${PREFIX}startauthsession -se p -halg sha1 > run.out checkSuccess $? echo "Clockrate adjust, policy not satisfied - should fail" ${PREFIX}clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out checkFailure $? echo "Policy counter timer, zero operandB, op EQ satisfy policy - should fail" ${PREFIX}policycountertimer -ha 03000000 -if policies/zero8.bin -op 0 > run.out checkFailure $? echo "Policy counter timer, zero operandB, op GT satisfy policy" ${PREFIX}policycountertimer -ha 03000000 -if policies/zero8.bin -op 2 > run.out checkSuccess $? echo "Policy get digest, should be e6 84 81 27" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Clockrate adjust, policy satisfied" ${PREFIX}clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out checkSuccess $? echo "Clear the platform policy" ${PREFIX}setprimarypolicy -hi p > run.out checkSuccess $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? # policyccsign.txt 0000016c 0000015d (policy command code | sign) # policyccquote.txt 0000016c 00000158 (policy command code | quote) # # > policymaker -if policyccsign.txt -of policyccsign.bin -pr -v # cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811 # # > policymaker -if policyccquote.txt -of policyccquote.bin -pr -v # a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27 # # policyor.txt is CC_PolicyOR || digests # 00000171 | cc69 ... | a039 ... # > policymaker -if policyor.txt -of policyor.bin -pr -v # 6b fe c2 3a be 57 b0 2a ce 39 dd 13 bb 60 fa 39 # 4d ac 7b 38 96 56 57 84 b3 73 fc 61 92 94 29 db echo "" echo "PolicyOR" echo "" echo "Create an unrestricted signing key, policy command code sign or quote" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyor.bin > run.out checkSuccess $? echo "Load the signing key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy get digest" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkFailure $? echo "Quote - should fail" ${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out checkFailure $? echo "Get time - should fail, policy not set" ${PREFIX}gettime -hk 80000001 -qd policies/aaa -se1 03000000 1 > run.out checkFailure $? echo "Policy OR - should fail" ${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out checkFailure $? echo "Policy Command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 0000015d > run.out checkSuccess $? echo "Policy get digest, should be cc 69 18 b2" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Policy OR" ${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out checkSuccess $? echo "Policy get digest, should be 6b fe c2 3a" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Sign with policy OR" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out checkSuccess $? echo "Policy Command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 0000015d > run.out checkSuccess $? echo "Policy OR" ${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out checkSuccess $? echo "Quote - should fail, wrong command code" ${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out checkFailure $? echo "Policy restart, set back to zero" ${PREFIX}policyrestart -ha 03000000 > run.out checkSuccess $? echo "Policy Command code - quote, digest a0 39 ca d5" ${PREFIX}policycommandcode -ha 03000000 -cc 00000158 > run.out checkSuccess $? echo "Policy OR, digest 6b fe c2 3a" ${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out checkSuccess $? echo "Quote with policy OR" ${PREFIX}quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out checkSuccess $? echo "Policy Command code - gettime 7a 3e bd aa" ${PREFIX}policycommandcode -ha 03000000 -cc 0000014c > run.out checkSuccess $? echo "Policy OR, gettime not an AND term - should fail" ${PREFIX}policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out checkFailure $? echo "Flush policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "Flush signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? rm -f tmppol.bin # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 01000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 # ${PREFIX}getcapability -cap 1 -pr 03000000 ./utils/regtests/testchangeauth.bat0000644000175000017500000000770112640606051015667 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testchangeauth.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Object Change Auth" echo "" for %%B in ("" "-bi 80000001 -pwdb sig") do ( for %%S in ("" "-se0 02000000 1") do ( echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC session %%~B" %TPM_EXE_PATH%startauthsession -se h %%~B > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Object change auth, change password to xxx %%~S" %TPM_EXE_PATH%objectchangeauth -ho 80000001 -pwdo sig -pwdn xxx -hp 80000000 -opr tmppriv.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key with the changed auth %%~S" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu signpub.bin -pwdp pps %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with the original key %%~S" %TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with the changed key" %TPM_EXE_PATH%sign -hk 80000002 -halg sha1 -if policies/aaa -os sig.bin -pwdk xxx > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 REM flushcontext -ha 80000001 REM flushcontext -ha 80000002 REM flushcontext -ha 02000000 ./utils/regtests/testprimary.bat0000644000175000017500000001522612640606051015244 0ustar lo1lo1REM ############################################################################# REM # REM TPM2 regression test # REM Written by Ken Goldman # REM IBM Thomas J. Watson Research Center # REM $Id: testprimary.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # REM (c) Copyright IBM Corporation 2015 # REM # REM All rights reserved. # REM # REM Redistribution and use in source and binary forms, with or without # REM modification, are permitted provided that the following conditions are # REM met: # REM # REM Redistributions of source code must retain the above copyright notice, # REM this list of conditions and the following disclaimer. # REM # REM Redistributions in binary form must reproduce the above copyright # REM notice, this list of conditions and the following disclaimer in the # REM documentation and/or other materials provided with the distribution. # REM # REM Neither the names of the IBM Corporation nor the names of its # REM contributors may be used to endorse or promote products derived from # REM this software without specific prior written permission. # REM # REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Primary key - CreatePrimary" echo "" echo "Create a primary storage key" %TPM_EXE_PATH%createprimary -hi p -pwdk pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the public part" %TPM_EXE_PATH%readpublic -ho 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key" %TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key - should fail" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "" echo "Primary key - CreatePrimary with no unique field" echo "" REM no unique echo "Create a primary storage key with no unique field" %TPM_EXE_PATH%createprimary -hi p -pwdk pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key" %TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM empty unique echo "Create a primary storage key with no unique field" touch empty.bin %TPM_EXE_PATH%createprimary -hi p -pwdk pps -iu empty.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the original storage key under the primary key with empty unique field" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Primary key - CreatePrimary with unique field" echo "" REM unique echo "Create a primary storage key with unique field" touch empty.bin %TPM_EXE_PATH%createprimary -hi p -pwdk pps -iu policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the original storage key under the primary key - should fail" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a storage key under the primary key" %TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM same unique echo "Create a primary storage key with same unique field" %TPM_EXE_PATH%createprimary -hi p -pwdk pps -iu policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the previous storage key under the primary key" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 ./utils/regtests/testbind.sh0000755000175000017500000003444113075663254014357 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testbind.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Bind session" echo "" echo "" echo "Bind session to Primary Key" echo "" echo "Bind session bound to primary key at 80000000" ${PREFIX}startauthsession -se h -bi 80000000 -pwdb pps > run.out checkSuccess $? echo "Create storage key using that bind session, same object 80000000" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 1 > run.out checkSuccess $? echo "Create storage key using that bind session, same object 80000000, wrong password does not matter" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out checkSuccess $? echo "Create second primary key with different password 000 and Name" ${PREFIX}createprimary -hi o -pwdk 000 > run.out checkSuccess $? echo "Bind session bound to second primary key at 80000001, correct password" ${PREFIX}startauthsession -se h -bi 80000001 -pwdb 000 > run.out checkSuccess $? echo "Create storage key using that bind session, different object 80000000" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 1 > run.out checkSuccess $? echo "Create storage key using that bind session, different object 80000000, wrong password - should fail" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 1 > run.out checkFailure $? echo "Flush the session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Bind session bound to primary key at 80000000, wrong password" ${PREFIX}startauthsession -se h -bi 80000000 -pwdb xxx > run.out checkSuccess $? echo "Create storage key using that bind session, same object 80000000 - should fail" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out checkFailure $? echo "Flush the failing session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Flush the second primary key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Bind session to Hierarchy" echo "" echo "Change platform hierarchy auth" ${PREFIX}hierarchychangeauth -hi p -pwdn ppp > run.out checkSuccess $? echo "Bind session bound to platform hierarchy" ${PREFIX}startauthsession -se h -bi 4000000c -pwdb ppp > run.out checkSuccess $? echo "Create storage key using that bind session, wrong password - should fail" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp xxx -pwdk 222 -se0 02000000 0 > run.out checkFailure $? echo "Create storage key using that bind session" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out checkSuccess $? echo "Bind session bound to platform hierarchy, wrong password" ${PREFIX}startauthsession -se h -bi 4000000c -pwdb xxx > run.out checkSuccess $? echo "Create storage key using that bind session - should fail" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out checkFailure $? echo "Change platform hierarchy auth back to null" ${PREFIX}hierarchychangeauth -hi p -pwda ppp > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Bind session to NV" echo "" echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out echo "NV Define Space" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 3 > run.out checkSuccess $? echo "NV Read Public, unwritten Name" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "Bind session bound to unwritten NV index at 01000000" ${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out checkSuccess $? echo "NV write HMAC using bind session to set written" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 0 > run.out checkSuccess $? echo "Bind session bound to written NV index at 01000000" ${PREFIX}startauthsession -se h -bi 01000000 -pwdb nnn > run.out checkSuccess $? echo "NV Write HMAC using bind session" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -ic 123 -se0 02000000 1 > run.out checkSuccess $? echo "NV Read HMAC using bind session" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 3 -se0 02000000 1 > run.out checkSuccess $? echo "NV Read HMAC using bind session, wrong password does not matter" ${PREFIX}nvread -ha 01000000 -pwdn xxx -sz 3 -se0 02000000 1 > run.out checkSuccess $? echo "Create storage key using that bind session" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk 222 -se0 02000000 0 > run.out checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi o -ha 01000000 > run.out checkSuccess $? echo "" echo "Encrypt with bind to same object" echo "" for MODE0 in xor aes do echo "Start an HMAC auth session with $MODE0 encryption and bind to primary key at 80000000" ${PREFIX}startauthsession -se h -sym $MODE0 -bi 80000000 -pwdb pps > run.out checkSuccess $? echo "Create storage key using bind session, same object, wrong password" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out checkSuccess $? echo "Create storage key using bind session, same object 80000000" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out checkSuccess $? echo "Load the key, with $MODE0 encryption" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps -se0 02000000 61 > run.out checkSuccess $? echo "Flush the sealed object" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the $MODE0 session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? done echo "" echo "Encrypt with bind to different object" echo "" for MODE0 in xor aes do echo "Start an HMAC auth session with $MODE0 encryption and bind to platform auth" ${PREFIX}startauthsession -se h -sym $MODE0 -bi 4000000c > run.out checkSuccess $? echo "Create storage key using bind session, different object, wrong password, should fail" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp xxx -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out checkFailure $? echo "Create storage key using bind session, different object" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdk 222 -pwdp pps -opr tmppriv.bin -opu tmppub.bin -se0 02000000 61 > run.out checkSuccess $? echo "Load the key, with $MODE0 encryption" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps -se0 02000000 61 > run.out checkSuccess $? echo "Flush the sealed object" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the $MODE0 session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? done echo "" echo "PolicyAuthValue and bind to different object, command encryption" echo "" echo "Create a signing key under the primary key - policy command code - sign, auth" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session, bind to primary key" ${PREFIX}startauthsession -se p -bi 80000000 -pwdb pps > run.out checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Policy authvalue" ${PREFIX}policyauthvalue -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy, command encrypt" ${PREFIX}sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out checkSuccess $? echo "Verify the signature" ${PREFIX}verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "" echo "PolicyAuthValue and bind to same object, command encryption" echo "" echo "Create a signing key under the primary key - policy command code - sign, auth" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p -bi 80000001 -pwdb sig > run.out checkSuccess $? echo "Policy command code - sign" ${PREFIX}policycommandcode -ha 03000000 -cc 15d > run.out checkSuccess $? echo "Policy authvalue" ${PREFIX}policyauthvalue -ha 03000000 > run.out checkSuccess $? echo "Sign a digest - policy, command encrypt" ${PREFIX}sign -hk 80000001 -if policies/aaa -os sig.bin -ipu tmppub.bin -se0 03000000 21 -pwdk sig > run.out checkSuccess $? echo "Verify the signature" ${PREFIX}verifysignature -hk 80000001 -if policies/aaa -is sig.bin > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "" echo "PolicyAuthValue and bind to different object, response encryption" echo "" #intermediate policy digest length 32 # 54 a0 de 17 1d 03 c6 9b 17 b3 61 22 33 a5 e8 b2 # d8 ee e0 87 f9 c6 ea 85 8c 9c 2e 51 05 52 8b 14 # policy # 4b 50 04 f7 3f 2e f8 c0 96 c9 18 d0 bc 18 0e 6b # 49 0c 8a ed 14 bb 8f 86 fc 5a 54 ef 0c d3 90 44 echo "Create a storage key under the primary key - policy command code - create, auth" ${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp pps -pwdk sto -pol policies/policycccreate-auth.bin > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session, bind to primary key" ${PREFIX}startauthsession -se p -bi 80000000 -pwdb pps > run.out checkSuccess $? echo "Policy command code - create" ${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out checkSuccess $? echo "Policy authvalue" ${PREFIX}policyauthvalue -ha 03000000 > run.out checkSuccess $? echo "Create a signing key with response encryption" ${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out checkSuccess $? echo "Load the signing key to verify response encryption" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "" echo "PolicyAuthValue and bind to same object, response encryption" echo "" echo "Create a storage key under the primary key - policy command code - create, auth" ${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpspriv.bin -opu tmpspub.bin -pwdp pps -pwdk sto -pol policies/policycccreate-auth.bin > run.out checkSuccess $? echo "Load the storage key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmpspriv.bin -ipu tmpspub.bin -pwdp pps > run.out checkSuccess $? echo "Start a policy session, bind to storage key" ${PREFIX}startauthsession -se p -bi 80000001 -pwdb sto > run.out checkSuccess $? echo "Policy command code - create" ${PREFIX}policycommandcode -ha 03000000 -cc 153 > run.out checkSuccess $? echo "Policy authvalue" ${PREFIX}policyauthvalue -ha 03000000 > run.out checkSuccess $? echo "Create a signing key with response encryption" ${PREFIX}create -hp 80000001 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp sto -pwdk sig -se0 03000000 41 > run.out checkSuccess $? echo "Load the signing key to verify response encryption" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/initkeys.bat0000644000175000017500000001131213075666323014523 0ustar lo1lo1REM ############################################################################# REM # REM TPM2 regression test # REM Written by Ken Goldman # REM IBM Thomas J. Watson Research Center # REM $Id: initkeys.bat 991 2017-04-19 13:57:39Z kgoldman $ # REM # REM (c) Copyright IBM Corporation 2015 # REM # REM All rights reserved. # REM # REM Redistribution and use in source and binary forms, with or without # REM modification, are permitted provided that the following conditions are # REM met: # REM # REM Redistributions of source code must retain the above copyright notice, # REM this list of conditions and the following disclaimer. # REM # REM Redistributions in binary form must reproduce the above copyright # REM notice, this list of conditions and the following disclaimer in the # REM documentation and/or other materials provided with the distribution. # REM # REM Neither the names of the IBM Corporation nor the names of its # REM contributors may be used to endorse or promote products derived from # REM this software without specific prior written permission. # REM # REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # REM ############################################################################# setlocal enableDelayedExpansion echo | set /p="1234567890123456" > msg.bin touch zero.bin REM try to undefine any NV index left over from a previous test. Do not check for errors. %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 -pwdp ppp > run.out %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out REM same for persistent objects %TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out echo "" echo "Initialize Regression Test Keys" echo "" echo "Create a platform primary storage key" %TPM_EXE_PATH%createprimary -hi p -pwdk pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create an RSA storage key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr storepriv.bin -opu storepub.bin -pwdp pps -pwdk sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create an ECC storage key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -st -kt f -kt p -opr storeeccpriv.bin -opu storeeccpub.bin -pwdp pps -pwdk sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create an unrestricted RSA signing key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr signpriv.bin -opu signpub.bin -opem signpub.pem -pwdp pps -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create an unrestricted ECC signing key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -ecc nistp256 -si -kt f -kt p -opr signeccpriv.bin -opu signeccpub.bin -opem signeccpub.pem -pwdp pps -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a restricted RSA signing key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -sir -kt f -kt p -opr signrpriv.bin -opu signrpub.bin -opem signrpub.pem -pwdp pps -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create an RSA decryption key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -den -kt f -kt p -opr derpriv.bin -opu derpub.bin -pwdp pps -pwdk dec > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a symmetric cipher key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -des -kt f -kt p -opr despriv.bin -opu despub.bin -pwdp pps -pwdk aes > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%H in (sha1 sha256 sha384) do ( echo "Create a %%H keyed hash key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -kh -kt f -kt p -opr khpriv%%H.bin -opu khpub%%H.bin -pwdp pps -pwdk khk -halg %%H IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) exit /B 0 ./utils/regtests/testcredential.sh0000755000175000017500000000773512735265712015562 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testcredential.sh 328 2015-06-09 18:26:00Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # primary key 80000000 # storage key 80000001 # signing key 80000002 # policy session 03000000 # e5 87 c1 1a b5 0f 9d 87 30 f7 21 e3 fe a4 2b 46 # c0 45 5b 24 6f 96 ae e8 5d 18 eb 3b e6 4d 66 6a echo "" echo "Credential" echo "" echo "Use a random number as the credential input" ${PREFIX}getrandom -by 32 -of tmpcredin.bin > run.out checkSuccess $? echo "Load the storage key under the primary key, 80000001" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Create a restricted signing key under the primary key" ${PREFIX}create -hp 80000000 -sir -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp pps -pwdk sig -pol policies/policyccactivate.bin > run.out checkSuccess $? echo "Load the signing key under the primary key, 80000002" ${PREFIX}load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp pps > run.out checkSuccess $? echo "Encrypt the credential using makecredential" ${PREFIX}makecredential -ha 80000001 -icred tmpcredin.bin -in h80000002.bin -ocred tmpcredenc.bin -os tmpsecret.bin > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy command code - activatecredential" ${PREFIX}policycommandcode -ha 03000000 -cc 00000147 > run.out checkSuccess $? echo "Activate credential" ${PREFIX}activatecredential -ha 80000002 -hk 80000001 -icred tmpcredenc.bin -is tmpsecret.bin -pwdk sto -ocred tmpcreddec.bin -se0 03000000 0 > run.out checkSuccess $? echo "Check the decrypted result" diff tmpcredin.bin tmpcreddec.bin checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? rm tmprpub.bin rm tmprpriv.bin rm tmpcredin.bin rm tmpcredenc.bin rm tmpcreddec.bin rm tmpsecret.bin # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testcontext.sh0000755000175000017500000001372413116311434015112 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testcontext.sh 1016 2017-06-08 18:10:36Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Context" echo "" echo "" echo "Basic Context" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps -se0 02000000 1 > run.out checkSuccess $? echo "Sign a digest" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out checkSuccess $? echo "Verify the signature" ${PREFIX}verifysignature -hk 80000001 -halg sha256 -if msg.bin -is sig.bin > run.out checkSuccess $? echo "Save context for the key" ${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out checkSuccess $? echo "Sign to verify that the original key is not flushed" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out checkSuccess $? echo "Flush the original key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Sign with original key - should fail" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out checkFailure $? echo "Load context" ${PREFIX}contextload -if tmp.bin > run.out checkSuccess $? echo "Sign with the loaded context" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out checkSuccess $? echo "Save context for the session" ${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out checkSuccess $? echo "Sign with the saved session context - should fail" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out checkFailure $? echo "Load context for the session" ${PREFIX}contextload -if tmp.bin > run.out checkSuccess $? echo "Sign with the saved session context" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out checkSuccess $? echo "Flush the loaded context" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Context Public Key for Salt" echo "" echo "Load the storage key at 80000001" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Save context for the storage key at 80000001" ${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out checkSuccess $? echo "Load context at 80000002" ${PREFIX}contextload -if tmp.bin > run.out checkSuccess $? echo "Flush the original key at 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Start an HMAC auth session at 02000000 using the storage key 80000002 salt" ${PREFIX}startauthsession -se h -hs 80000002 > run.out checkSuccess $? echo "Load the signing key under the primary key at 80000001" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Sign a digest" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 0 > run.out checkSuccess $? echo "Flush the signing key at 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the salt key at 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "" echo "Context Primary Key" echo "" echo "Save context for the primary key at 80000000" ${PREFIX}contextsave -ha 80000000 -of tmp.bin > run.out checkSuccess $? echo "Load context primary key at 80000001" ${PREFIX}contextload -if tmp.bin > run.out checkSuccess $? echo "Load the signing key at 80000002 under the primary key at 80000001" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Flush the signing key at 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the primary key at 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testhmacsession.sh0000755000175000017500000000673613105360404015746 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testhmacsession.sh 1008 2017-05-12 16:21:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "HMAC Session" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Create a storage key under the primary key - continue true" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk sto -se0 02000000 1 > run.out checkSuccess $? echo "Create a storage key under the primary key - continue false" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk sto -se0 02000000 0 > run.out checkSuccess $? echo "Create a storage key under the primary key - should fail" ${PREFIX}create -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk sto -se0 02000000 0 > run.out checkFailure $? echo "" echo "User with Auth Clear" echo "" echo "Create a signing key under the primary key" ${PREFIX}create -hp 80000000 -si -kt f -kt p -uwa -opr tmppriv.bin -opu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Sign a digest - should fail with HMAC session" ${PREFIX}sign -hk 80000001 -if policies/aaa -se0 02000000 0 > run.out checkFailure $? echo "Flush the session, not flushed on failure" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? ./utils/regtests/testrsa.bat0000644000175000017500000000622113037241646014347 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testrsa.bat 914 2017-01-16 22:05:26Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "RSA decryption key" echo "" echo "Load the decryption key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr derpriv.bin -ipu derpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "RSA encrypt with the encryption key" %TPM_EXE_PATH%rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "RSA decrypt with the decryption key" %TPM_EXE_PATH%rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin -pwdk dec > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the decrypt result" tail --bytes=3 dec.bin > tmp.bin diff policies/aaa tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the decryption key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -f tmpmsg.bin rm -f tmpdig.bin rm -f tmpsig.bin exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 REM REM flushcontext -ha 80000001 ./utils/regtests/testecc.bat0000644000175000017500000001610013075212665014312 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testecc.bat 988 2017-04-17 19:21:25Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "EC CEphemeral" echo "" echo "" echo "ECC Parameters and Ephemeral" echo "" for %%C in (bnp256 nistp256 nistp384) do ( echo "ECC Parameters for curve %%C" %TPM_EXE_PATH%eccparameters -cv %%C > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%A in (-si -sir) do ( echo "Create %%A for curve %%C" %TPM_EXE_PATH%create -hp 80000000 -pwdp pps %%A -ecc %%C > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "EC Ephemeral for curve %%C" %TPM_EXE_PATH%ecephemeral -ecc %%C > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "ECC Commit" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%K in ("-dau" "-dar") do ( for %%S in ("" "-se0 02000000 1") do ( echo "Create a %%~K ECDAA signing key under the primary key" %TPM_EXE_PATH%create -hp 80000000 -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opr tmprpriv.bin -opu tmprpub.bin -pwdp pps -pwdk siga > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key 80000001 under the primary key 80000000" %TPM_EXE_PATH%load -hp 80000000 -ipr tmprpriv.bin -ipu tmprpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001 REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters REM which means no P1, no s2 and no y2. REM and output the result and get the efile.bin REM feed back the point in efile.bin as the new p1 because it is on the curve. REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm. REM example of normal command REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -pwdk siga > run.out echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM We have a point on the curve - in efile.bin. Use E as P1 and feed it back in REM All this does is simulate the commit that the FIDO alliance wants to REM use in its TPM Join operation. echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -pt efile.bin -Ef efile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) for %%K in ("-dau" "-dar") do ( for %%S in ("" "-se0 02000000 1") do ( echo "Create a %%~K ECDAA signing primary key" %TPM_EXE_PATH%createprimary -ecc bnp256 %%~K -nalg sha256 -halg sha256 -kt f -kt p -opu tmprpub.bin -pwdk siga > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000001 REM The trick with commit is first use - empty ECC point and no s2 and y2 parameters REM which means no P1, no s2 and no y2. REM and output the result and get the efile.bin REM feed back the point in efile.bin as the new p1 because it is on the curve. REM There is no test case for s2 and y2. To construct a y2 requires using Cipolla's algorithm." REM example of normal command REM %TPM_EXE_PATH%commit -hk 80000001 -pt p1.bin -s2 s2.bin -y2 y2_a.bin -Kf kfile.bin -Lf lfile.bin -Ef efile.bin -pwdk siga > run.out echo "Create new point E, based on point-multiply of TPM's commit random scalar and Generator point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -Ef efile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM We have a point on the curve - in efile.bin. Use E as P1 and feed it back in REM All this does is simulate the commit that the FIDO alliance wants to REM use in its TPM Join operation. echo "Create new point E, based on point-multiply of TPM's commit random scalar and input point %%~S" %TPM_EXE_PATH%commit -hk 80000001 -pt efile.bin -Ef efile.bin -pwdk siga %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -rf efile.bin rm -rf tmprpub.bin rm -rf tmprpriv.bin REM %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 REM %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 exit /B 0 ./utils/regtests/testevict.bat0000644000175000017500000001055412640606051014672 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testevict.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Evict Control" echo "" echo "Create an unrestricted signing key" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Make the signing key persistent" %TPM_EXE_PATH%evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with the transient key" %TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with the persistent key" %TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the transient key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the persistent key - should fail" %TPM_EXE_PATH%flushcontext -ha 81800000 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with the transient key- should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with the persistent key" %TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the persistent key" %TPM_EXE_PATH%evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest with the persistent key - should fail" %TPM_EXE_PATH%sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest with the transient key - should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( echo TP1 failed exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 81000000 REM getcapability -cap 1 -pr 02000000 REM getcapability -cap 1 -pr 01000000 ./utils/regtests/testpolicy.bat0000644000175000017500000013325313040424267015063 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testpolicy.bat 919 2017-01-20 15:11:51Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# REM # used for the name in policy ticket REM if [ -z $TPM_DATA_DIR ]; then REM TPM_DATA_DIR=. REM fi setlocal enableDelayedExpansion echo "" echo "Policy Command Code" echo "" echo "Create a signing key under the primary key - policy command code - sign" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM sign with correct policy command code echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy and wrong password" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, should fail, session used " %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) REM quote with bad policy or bad command REM echo "Start a policy session" REM ./startauthsession -se p > run.out REM IF !ERRORLEVEL! NEQ 0 ( REM exit /B 1 REM ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Quote - PWAP" %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Quote - policy, should fail" %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # echo "Flush the session" REM # ./flushcontext -ha 03000000 > run.out REM # IF !ERRORLEVEL! NEQ 0 ( REM exit /B 1 REM ) REM # echo "Start a policy session" REM # ./startauthsession -se p > run.out REM # IF !ERRORLEVEL! NEQ 0 ( REM exit /B 1 REM ) echo "Policy command code - quote" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 158 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Quote - policy, should fail" %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) REM # echo "Flush the session" REM # ./flushcontext -ha 03000000 > run.out REM # IF !ERRORLEVEL! NEQ 0 ( REM exit /B 1 REM ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy Command Code and Policy Password / Authvalue" echo "" echo "Create a signing key under the primary key - policy command code - sign, auth" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # policypassword echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy password" %TPM_EXE_PATH%policypassword -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, no password should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest - policy, password" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # policyauthvalue REM # echo "Start a policy session" REM # startauthsession -se p > run.out REM # IF !ERRORLEVEL! NEQ 0 ( REM exit /B 1 REM ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authvalue" %TPM_EXE_PATH%policyauthvalue -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, no password should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Sign a digest - policy, password" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy Password and Policy Authvalue flags" echo "" for %%C in (policypassword policyauthvalue) do ( echo "Create a signing key under the primary key - policy command code - sign, auth" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign-auth.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy %%C" %TPM_EXE_PATH%%%C -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, password" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key under the primary key - policy command code - sign" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccsign.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy and wrong password" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "Policy Signed" echo "" REM # create rsaprivkey.pem REM # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 REM # extract the public key REM # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem REM # sign a test message msg.bin REM # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin REM # REM # create the policy, after loadexternal, get the name from ${TPM_DATA_DIR}/h80000001.bin REM # 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f REM # 00000160 plus the above name as text, add a blank line for empty policyRef REM # to create policies/policysigned.txt REM # REM # > policymaker -if policysigned.txt -of policysigned.bin -pr REM # REM # 0000016000044234c24fc1b9de6693a62453417d2734d7538f6f REM # REM # 9d 81 7a 4e e0 76 eb b5 cf ee c1 82 05 cc 4c 01 REM # b3 a0 5e 59 a9 b9 65 a1 59 af 1e cd 3d bf 54 fb REM # REM # REM # 80000000 primary key REM # 80000001 verification public key REM # 80000002 signing key with policy REM # 03000000 policy session echo "Load external just the public part of PEM at 80000001" %TPM_EXE_PATH%loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a test message with openssl" openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin echo "Verify the signature with 80000001" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key under the primary key - policy signed" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policysigned.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key at 80000002" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, should fail" %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy signed - callback to signer" %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg sha1 -pwdk rrrr > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get policy digest, should be f877 ..." %TPM_EXE_PATH%policygetdigest -ha 03000000 -of tmppol.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy signed" %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session - save nonceTPM" %TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy signed with nonceTPM and expiration, create a ticket" %TPM_EXE_PATH%policysigned -hk 80000001 -ha 03000000 -sk policies/rsaprivkey.pem -halg sha1 -pwdk rrrr -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy signed" %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy ticket" %TPM_EXE_PATH%policyticket -ha 03000000 -to to.bin -na h80000001.bin -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy ticket" %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the verification public key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # getcapability -cap 1 -pr 80000000 REM # getcapability -cap 1 -pr 02000000 REM # getcapability -cap 1 -pr 03000000 REM # exit 0 echo "" echo "Policy Secret" echo "" REM # 4000000c platform REM # 80000000 primary key REM # 80000001 signing key with policy REM # 03000000 policy session REM # 02000001 hmac session echo "Change platform hierarchy auth" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key under the primary key - policy secret using platform auth" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policysecretp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, create a ticket" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy secret" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret using primary key, create a ticket" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -in noncetpm.bin -exp -200 -tk tkt.bin -to to.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy secret" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy ticket" %TPM_EXE_PATH%policyticket -ha 03000000 -to to.bin -hi p -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy ticket" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with HMAC session" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp -se0 02000001 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy secret" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change platform hierarchy auth back to null" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy Secret with NV Auth" echo "" REM Name is REM 00 0b e0 65 10 81 c2 fc da 30 69 93 da 43 d1 de REM 5b 24 be 42 6e 2d 61 90 7b 42 83 54 69 13 6c 97 REM 68 1f REM REM Policy is REM c6 93 f9 b0 ef 1a b7 1e ca ae 00 af 1f 0b f4 88 REM 37 9e ab 16 c1 f8 0d 9f f9 6d 90 41 4e 2f c6 b3 echo "NV Define Space 0100000" %TPM_EXE_PATH%nvdefinespace -hi p -ha 01000000 -pwdn nnn -sz 16 -pwdn nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key under the primary key - policy secret NV auth" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policysecretnv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -on noncetpm.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy, should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn -in noncetpm.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy secret" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space 0100000" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy Authorize" echo "" REM # 80000000 primary REM # 80000001 verification public key, openssl REM # 80000002 signing key REM # 03000000 policy session REM # Name for 80000001 0004 4234 c24f c1b9 de66 93a6 2453 417d 2734 d753 8f6f REM # REM # policyauthorize.txt REM # 0000016a00044234c24fc1b9de6693a62453417d2734d7538f6f REM # REM # (need blank line for policyRef) REM # REM # > policymaker -if policies/policyauthorize.txt -of policies/policyauthorize.bin -pr REM # REM # 46 d4 8c 7e 17 0a 71 ca 9e 1f c7 e1 77 e5 7b 53 REM # 75 df c4 3a 44 c9 65 4b 18 97 ce b1 92 e0 21 50 echo "Create a signing key with policy authorize" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyauthorize.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load external just the public part of PEM authorizing key" %TPM_EXE_PATH%loadexternal -hi p -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get policy digest, should be zero" %TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get policy digest, should be policy to approve, aHash input" %TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Openssl generate aHash" openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin policyapproved.bin echo "Verify the signature to generate ticket" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if policyapproved.bin -is pssig.bin -raw -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy authorize using the ticket" %TPM_EXE_PATH%policyauthorize -ha 03000000 -appr policyapproved.bin -skn h80000001.bin -tk tkt.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get policy digest, should be policy authorize" %TPM_EXE_PATH%policygetdigest -ha 03000000 -of policyapproved.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest" %TPM_EXE_PATH%sign -hk 80000002 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the verification public key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # getcapability -cap 1 -pr 80000000 REM # getcapability -cap 1 -pr 02000000 REM # getcapability -cap 1 -pr 03000000 REM # exit 0 echo "" echo "Set Primary Policy" echo "" echo "Platform policy empty" %TPM_EXE_PATH%setprimarypolicy -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform policy empty, bad password" %TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Set platform hierarchy auth" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform policy empty, bad password" %TPM_EXE_PATH%setprimarypolicy -hi p > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform policy empty" %TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform policy to policy secret platform auth" %TPM_EXE_PATH%setprimarypolicy -hi p -pwda ppp -halg sha256 -pol policies/policysecretp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 -pwde ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change platform hierarchy auth to null with policy secret" %TPM_EXE_PATH%hierarchychangeauth -hi p -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy PCR no select" echo "" REM # create AND term for policy PCR REM # > policymakerpcr -halg sha1 -bm 0 -v -pr -of policies/policypcr.txt REM # 0000017f00000001000403000000da39a3ee5e6b4b0d3255bfef95601890afd80709 REM REM # convert to binary policy REM # > policymaker -halg sha1 -if policies/policypcr.txt -of policies/policypcrbm0.bin -pr -v REM REM # 6d 38 49 38 e1 d5 8b 56 71 92 55 94 3f 06 69 66 REM # b6 fa 2c 23 echo "Create a signing key with policy PCR no select" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -nalg sha1 -pol policies/policypcrbm0.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -halg sha1 -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy PCR, update with the correct digest" %TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be 6d 38 49 38 ... " %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign, should succeed" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy PCR, update with the correct digest" %TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR extend PCR 0, updates pcr counter" %TPM_EXE_PATH%pcrextend -ha 0 -halg sha1 -ic policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign, should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # policypcr0.txt has 20 * 00 REM # create AND term for policy PCR REM # > policymakerpcr -halg sha1 -bm 10000 -if policypcr0.txt -v -pr -of policypcr.txt REM # convert to binary policy REM # > policymaker -halg sha1 -if policypcr.txt -of policypcr.bin -pr -v echo "" echo "Policy PCR" echo "" echo "Create a signing key with policy PCR PCR 16 zero" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -nalg sha1 -pol policies/policypcr.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Reset PCR 16 back to zero" %TPM_EXE_PATH%pcrreset -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read PCR 16, should be 00 00 00 00 ..." %TPM_EXE_PATH%pcrread -ha 16 -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign, policy not satisfied - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy PCR, update with the correct digest" %TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be 85 33 11 83" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign, should succeed" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR extend PCR 16" %TPM_EXE_PATH%pcrextend -ha 16 -halg sha1 -ic policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read PCR 0, should be 1d 47 f6 8a ..." %TPM_EXE_PATH%pcrread -ha 16 -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy PCR, update with the wrong digest" %TPM_EXE_PATH%policypcr -ha 03000000 -halg sha1 -bm 10000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be 66 dd e5 e3" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # 01000000 authorizing ndex REM # 01000001 authorized index REM # 03000000 policy session REM # REM # 4 byte NV index REM # policynv.txt REM # policy CC_PolicyNV || args || Name REM # REM # policynvargs.txt (binary) REM # args = hash of 0000 0000 0000 0000 | 0000 | 0000 (eight bytes of zero | offset | op ==) REM # hash -hi n -halg sha1 -if policynvargs.txt -v REM # openssl dgst -sha1 policynvargs.txt REM # 2c513f149e737ec4063fc1d37aee9beabc4b4bbf REM # REM # NV authorizing index REM # REM # after defining index and NV write to set written, use REM # nvreadpublic -ha 01000000 -nalg sha1 REM # to get name REM # 00042234b8df7cdf8605ee0a2088ac7dfe34c6566c5c REM # REM # append Name to policynvnv.txt REM # REM # convert to binary policy REM # > policymaker -halg sha1 -if policynvnv.txt -of policynvnv.bin -pr -v REM # bc 9b 4c 4f 7b 00 66 19 5b 1d d9 9c 92 7e ad 57 e7 1c 2a fc REM # REM # file zero8.bin has 8 bytes of hex zero echo "" echo "Policy NV, NV index authorizing" echo "" echo "Define a setbits index, authorizing index" %TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -ty b > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read public, get Name, not written" %TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV setbits to set written" %TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read public, get Name, written" %TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read, should be zero" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Define an ordinary index, authorized index, policyNV" %TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000001 -pwdn nnn -sz 2 -ty o -pol policies/policynvnv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read public, get Name, not written" %TPM_EXE_PATH%nvreadpublic -ha 01000001 -nalg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write to set written" %TPM_EXE_PATH%nvwrite -ha 01000001 -pwdn nnn -ic aa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write, policy not satisfied - should fail" %TPM_EXE_PATH%nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy get digest, should be 0" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy NV to satisfy the policy" %TPM_EXE_PATH%policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest, should be bc 9b 4c 4f ..." %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write, policy satisfied" %TPM_EXE_PATH%nvwrite -ha 01000001 -ic aa -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Set bit in authorizing NV index" %TPM_EXE_PATH%nvsetbits -ha 01000000 -pwdn nnn -bit 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read, should be 1" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy NV to satisfy the policy - should fail" %TPM_EXE_PATH%policynv -ha 01000000 -pwda nnn -hs 03000000 -if policies/zero8.bin -op 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy get digest, should be 00 00 00 00 ..." %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine authorizing index" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine authorized index" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy NV Written" echo "" echo "Define an ordinary index, authorized index, policyNV" %TPM_EXE_PATH%nvdefinespace -hi p -nalg sha1 -ha 01000000 -pwdn nnn -sz 2 -ty o -pol policies/policywrittenset.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read public, get Name, not written" %TPM_EXE_PATH%nvreadpublic -ha 01000000 -nalg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write, policy not satisfied - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy NV Written no, does not satisfy policy" %TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write, policy not satisfied - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy NV Written yes, satisfy policy" %TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write, policy satisfied but written clear - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write using password, set written" %TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -pwdn nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy NV Written yes, satisfy policy" %TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write, policy satisfied" %TPM_EXE_PATH%nvwrite -ha 01000000 -ic aa -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy NV Written no" %TPM_EXE_PATH%policynvwritten -hs 03000000 -ws n > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy NV Written yes - should fail" %TPM_EXE_PATH%policynvwritten -hs 03000000 -ws y > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine authorizing index" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # test using clockrateadjust REM # policycphashhash.txt is (hex) 00000130 4000000c 000 REM # hash -if policycphashhash.txt -oh policycphashhash.bin -halg sha1 -v REM # openssl dgst -sha1 policycphashhash.txt REM # cpHash is REM # b5f919bbc01f0ebad02010169a67a8c158ec12f3 REM # append to policycphash.txt 00000163 + cpHash REM # policymaker -halg sha1 -if policycphash.txt -of policycphash.bin -pr REM # 06 e4 6c f9 f3 c7 0f 30 10 18 7c a6 72 69 b0 84 b4 52 11 6f echo "" echo "Policy cpHash" echo "" echo "Set the platform policy to policy cpHash" %TPM_EXE_PATH%setprimarypolicy -hi p -pol policies/policycphash.bin -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clockrate adjust using wrong password - should fail" %TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clockrate adjust, policy not satisfied - should fail" %TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy cpHash, satisfy policy" %TPM_EXE_PATH%policycphash -ha 03000000 -cp policies/policycphashhash.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest, should be 06 e4 6c f9" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clockrate adjust, policy satisfied but bad command params - should fail" %TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 1 -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Clockrate adjust, policy satisfied" %TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear the platform policy" %TPM_EXE_PATH%setprimarypolicy -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # test using clockrateadjust and platform policy REM # operand A time is 64 bits at offset 0, operation GT (2) REM # policycountertimerargs.txt (binary) REM # args = hash of operandB | offset | operation REM # 0000 0000 0000 0000 | 0000 | 0002 REM # hash -hi n -halg sha1 -if policycountertimerargs.txt -v REM # openssl dgst -sha1 policycountertimerargs.txt REM # 7a5836fe287e11ac39ee88d3c0794916d50b73c3 REM # REM # policycountertimer.txt REM # policy CC_PolicyCounterTimer || args REM # 0000016d + args REM # convert to binary policy REM # > policymaker -halg sha1 -if policycountertimer.txt -of policycountertimer.bin -pr -v REM # e6 84 81 27 55 c0 39 d3 68 63 21 c8 93 50 25 dd aa 26 42 9a echo "" echo "Policy Counter Timer" echo "" echo "Set the platform policy to policy " %TPM_EXE_PATH%setprimarypolicy -hi p -pol policies/policycountertimer.bin -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clockrate adjust using wrong password - should fail" %TPM_EXE_PATH%clockrateadjust -hi p -pwdp ppp -adj 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p -halg sha1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clockrate adjust, policy not satisfied - should fail" %TPM_EXE_PATH%clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy counter timer, zero operandB, op EQ satisfy policy - should fail" %TPM_EXE_PATH%policycountertimer -ha 03000000 -if policies/zero8.bin -op 0 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy counter timer, zero operandB, op GT satisfy policy" %TPM_EXE_PATH%policycountertimer -ha 03000000 -if policies/zero8.bin -op 2 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest, should be e6 84 81 27" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clockrate adjust, policy satisfied" %TPM_EXE_PATH%clockrateadjust -hi p -adj 0 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear the platform policy" %TPM_EXE_PATH%setprimarypolicy -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # policyccsign.txt 0000016c 0000015d (policy command code | sign) REM # policyccquote.txt 0000016c 00000158 (policy command code | quote) REM # REM # > policymaker -if policyccsign.txt -of policyccsign.bin -pr -v REM # cc6918b226273b08f5bd406d7f10cf160f0a7d13dfd83b7770ccbcd1aa80d811 REM # REM # > policymaker -if policyccquote.txt -of policyccquote.bin -pr -v REM # a039cad5fe68870688f8233c3e3ee3cf27aac9e2efe3486aeb4e304c0e90cd27 REM # REM # policyor.txt is CC_PolicyOR || digests REM # 00000171 | cc69 ... | a039 ... REM # > policymaker -if policyor.txt -of policyor.bin -pr -v REM # 6b fe c2 3a be 57 b0 2a ce 39 dd 13 bb 60 fa 39 REM # 4d ac 7b 38 96 56 57 84 b3 73 fc 61 92 94 29 db echo "" echo "PolicyOR" echo "" echo "Create an unrestricted signing key, policy command code sign or quote" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyor.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - should fail" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Quote - should fail" %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Get time - should fail, policy not set" %TPM_EXE_PATH%gettime -hk 80000001 -qd policies/aaa -se1 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy OR - should fail" %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest, should be cc 69 18 b2" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy OR" %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest, should be 6b fe c2 3a" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign with policy OR" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000015d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy OR" %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Quote - should fail, wrong command code" %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Command code - quote, digest a0 39 ca d5" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 00000158 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy OR, digest 6b fe c2 3a" %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Quote with policy OR" %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Command code - gettime 7a 3e bd aa" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 0000014c > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy OR, gettime not an AND term - should fail" %TPM_EXE_PATH%policyor -ha 03000000 -if policies/policyccsign.bin -if policies/policyccquote.bin > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm tmppol.bin exit /B 0 REM # getcapability -cap 1 -pr 80000000 REM # getcapability -cap 1 -pr 01000000 REM # getcapability -cap 1 -pr 02000000 REM # getcapability -cap 1 -pr 03000000 ./utils/regtests/testshutdown.sh0000755000175000017500000001742413055364742015316 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testshutdown.sh 948 2017-02-28 21:21:38Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "TPM Resume (state/state) - suspend" echo "" echo "PCR 0 Extend" ${PREFIX}pcrextend -ha 0 -if policies/aaa > run.out checkSuccess $? echo "PCR 0 Read" ${PREFIX}pcrread -ha 0 -of tmp1.bin > run.out checkSuccess $? echo "Start an HMAC session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Start an HMAC session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Save the session context" ${PREFIX}contextsave -ha 02000001 -of tmp.bin > run.out checkSuccess $? echo "Load the signing key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Context save the signing key" ${PREFIX}contextsave -ha 80000001 -of tmpsk.bin > run.out checkSuccess $? echo "Define index with write stclear, read stclear" ${PREFIX}nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 +at rst +at wst > run.out checkSuccess $? echo "NV Read Public, unwritten Name" ${PREFIX}nvreadpublic -ha 01000000 > run.out checkSuccess $? echo "NV write" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out checkSuccess $? echo "Read lock" ${PREFIX}nvreadlock -ha 01000000 -pwdn nnn > run.out checkSuccess $? echo "Write lock" ${PREFIX}nvwritelock -ha 01000000 -pwdn nnn > run.out checkSuccess $? echo "Shutdown state" ${PREFIX}shutdown -s > run.out checkSuccess $? echo "Power cycle" ${PREFIX}powerup > run.out checkSuccess $? echo "Startup state" ${PREFIX}startup -s > run.out checkSuccess $? echo "PCR 0 Read" ${PREFIX}pcrread -ha 0 -of tmp2.bin > run.out checkSuccess $? echo "Verify that PCR 0 is restored" diff tmp1.bin tmp2.bin > run.out checkSuccess $? echo "Context load the signing key" ${PREFIX}contextload -if tmpsk.bin > run.out checkSuccess $? echo "Signing Key Self Certify" ${PREFIX}certify -hk 80000000 -ho 80000000 -pwdk sig -pwdo sig > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000000 > run.out checkSuccess $? echo "Signing Key Self Certify - should fail, signing key missing" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out checkFailure $? echo "Load the signing key - should fail, primary key missing" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkFailure $? echo "Create a platform primary storage key" ${PREFIX}createprimary -hi p -pwdk pps > run.out checkSuccess $? echo "Signing Key Self Certify - should fail, signing key missing" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out checkFailure $? echo "Load the signing key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Signing Key Self Certify - should fail, session missing" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000000 1 > run.out checkFailure $? echo "Load the saved session context" ${PREFIX}contextload -if tmp.bin > run.out checkSuccess $? echo "Signing Key Self Certify" ${PREFIX}certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -se0 02000001 0 > run.out checkSuccess $? echo "NV write - should fail, still locked" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out checkFailure $? echo "NV read - should fail, still locked" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 > run.out checkFailure $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "TPM Restart (state/clear) - hibernate" echo "" echo "Load the signing key" ${PREFIX}load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out checkSuccess $? echo "Context save the signing key" ${PREFIX}contextsave -ha 80000001 -of tmpsk.bin > run.out checkSuccess $? echo "Start a session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Save the session" ${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out checkSuccess $? echo "Shutdown state" ${PREFIX}shutdown -s > run.out checkSuccess $? echo "Power cycle" ${PREFIX}powerup > run.out checkSuccess $? echo "Startup clear" ${PREFIX}startup -c > run.out checkSuccess $? echo "Load the session" ${PREFIX}contextload -if tmp.bin > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "Context load the signing key" ${PREFIX}contextload -if tmpsk.bin > run.out checkSuccess $? echo "PCR 0 Read" ${PREFIX}pcrread -ha 0 -halg sha1 -of tmp2.bin > run.out checkSuccess $? echo "Verify that PCR 0 is reset" diff policies/policypcr0.bin tmp2.bin > run.out checkSuccess $? echo "NV write" ${PREFIX}nvwrite -ha 01000000 -pwdn nnn -if policies/aaa > run.out checkSuccess $? echo "NV read" ${PREFIX}nvread -ha 01000000 -pwdn nnn -sz 16 > run.out checkSuccess $? echo "NV Undefine Space" ${PREFIX}nvundefinespace -hi p -ha 01000000 > run.out checkSuccess $? echo "Recreate a platform primary storage key" ${PREFIX}createprimary -hi p -pwdk pps > run.out checkSuccess $? echo "" echo "TPM Reset (clear/clear) - cold boot" echo "" echo "Start a session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? echo "Save the session" ${PREFIX}contextsave -ha 02000000 -of tmp.bin > run.out checkSuccess $? echo "Shutdown clear" ${PREFIX}shutdown -c > run.out checkSuccess $? echo "Power cycle" ${PREFIX}powerup > run.out checkSuccess $? echo "Startup clear" ${PREFIX}startup -c > run.out checkSuccess $? echo "Load the session - should fail" ${PREFIX}contextload -if tmp.bin > run.out checkFailure $? echo "Recreate a platform primary storage key" ${PREFIX}createprimary -hi p -pwdk pps > run.out checkSuccess $? # cleanup # shutdown removes the session rm h02000000.bin rm tmpsk.bin exit # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 # ${PREFIX}getcapability -cap 1 -pr 01000000 ./utils/regtests/testdup.sh0000755000175000017500000003072613133205212014212 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testdup.sh 1044 2017-07-17 19:05:46Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # 80000001 K1 storage key # 80000002 K2 signing key to be duplicated # 80000002 K2 duplicated # 03000000 policy session # policy # be f5 6b 8c 1c c8 4e 11 ed d7 17 52 8d 2c d9 93 # 56 bd 2b bf 8f 01 52 09 c3 f8 4a ee ab a8 e8 a2 # used for the name in rewrap if [ -z $TPM_DATA_DIR ]; then TPM_DATA_DIR=. fi echo "" echo "Duplication" echo "" for ENC in "" "-salg aes -ik tmprnd.bin" do for HALG in sha1 sha256 sha384 do echo "Create a signing key K2 under the primary key, with policy" ${PREFIX}create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccduplicate.bin > run.out checkSuccess $? echo "Load the storage key K1" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Load the signing key K2" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Sign a digest, $HALG" ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out checkSuccess $? echo "Verify the signature, $HALG" ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is tmpsig.bin > run.out checkSuccess $? echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy command code, duplicate" ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out checkSuccess $? echo "Get policy digest" ${PREFIX}policygetdigest -ha 03000000 > run.out checkSuccess $? echo "Get random AES encryption key" ${PREFIX}getrandom -by 16 -of tmprnd.bin > run.out checkSuccess $? echo "Duplicate K2 under K1, ${ENC}" ${PREFIX}duplicate -ho 80000002 -pwdo sig -hp 80000001 -od tmpdup.bin -oss tmpss.bin ${ENC} -se0 03000000 1 > run.out checkSuccess $? echo "Flush the original K2 to free object slot for import" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Import K2 under K1, ${ENC}" ${PREFIX}import -hp 80000001 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin ${ENC} -opr tmppriv.bin > run.out checkSuccess $? echo "Sign under K2, $HALG - should fail" ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out checkFailure $? echo "Load the duplicated signing key K2" ${PREFIX}load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out checkSuccess $? echo "Sign using duplicated K2, $HALG" ${PREFIX}sign -hk 80000002 -halg $HALG -if policies/aaa -os tmpsig.bin -pwdk sig > run.out checkSuccess $? echo "Verify the signature, $HALG" ${PREFIX}verifysignature -hk 80000002 -halg $HALG -if policies/aaa -is tmpsig.bin > run.out checkSuccess $? echo "Flush the duplicated K2" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the parent K1" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? done done echo "" echo "Duplicate Primary Key" echo "" echo "Create a platform primary signing key K2 80000001" ${PREFIX}createprimary -hi p -si -kt nf -kt np -pol policies/policyccduplicate.bin -opu tmppub.bin > run.out checkSuccess $? echo "Sign a digest" ${PREFIX}sign -hk 80000001 -if policies/aaa > run.out checkSuccess $? echo "Start a policy session 03000000" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy command code, duplicate" ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out checkSuccess $? echo "Duplicate K2 under storage key" ${PREFIX}duplicate -ho 80000001 -hp 80000000 -od tmpdup.bin -oss tmpss.bin -se0 03000000 1 checkSuccess $? echo "Import K2 under storage key" ${PREFIX}import -hp 80000000 -pwdp pps -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin -opr tmppriv.bin > run.out checkSuccess $? echo "Load the duplicated signing key K2 80000002" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Sign a digest" ${PREFIX}sign -hk 80000002 -if policies/aaa > run.out checkSuccess $? echo "Flush the primary key 8000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the duplicated key 80000002 " ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the session 03000000 " ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? echo "" echo "Import PEM RSA" echo "" echo "generate the signing key with openssl" openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048 echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do for HALG in sha1 sha256 sha384 do echo "Import the signing key under the primary key ${HALG}" ${PREFIX}importpem -hp 80000000 -pwdp pps -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg ${HALG} > run.out checkSuccess $? echo "Load the TPM signing key" ${PREFIX}load -hp 80000000 -pwdp pps -ipu tmppub.bin -ipr tmppriv.bin > run.out checkSuccess $? echo "Sign the message ${HALG} ${SESS}" ${PREFIX}sign -hk 80000001 -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg ${HALG} ${SESS} > run.out checkSuccess $? echo "Verify the signature ${HALG}" ${PREFIX}verifysignature -hk 80000001 -if policies/aaa -is tmpsig.bin -halg ${HALG} > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done done echo "" echo "Import PEM EC " echo "" echo "generate the signing key with openssl" openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem for SESS in "" "-se0 02000000 1" do for HALG in sha1 sha256 sha384 do echo "Import the signing key under the primary key ${HALG}" ${PREFIX}importpem -hp 80000000 -pwdp pps -ipem tmpecprivkey.pem -ecc -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg ${HALG} > run.out checkSuccess $? echo "Load the TPM signing key" ${PREFIX}load -hp 80000000 -pwdp pps -ipu tmppub.bin -ipr tmppriv.bin > run.out checkSuccess $? echo "Sign the message ${HALG} ${SESS}" ${PREFIX}sign -hk 80000001 -ecc -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg ${HALG} ${SESS} > run.out checkSuccess $? echo "Verify the signature ${HALG}" ${PREFIX}verifysignature -hk 80000001 -ecc -if policies/aaa -is tmpsig.bin -halg ${HALG} > run.out checkSuccess $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "" echo "Rewrap" echo "" # duplicate object O1 to K1 (the outer wrapper, knows inner wrapper) # rewrap O1 from K1 to K2 (does not know inner wrapper) # import O1 to K2 (knows inner wrapper) # 03000000 policy session for duplicate # at TPM 1, duplicate object to K1 outer wrapper, AES wrapper echo "Create a storage key K2" ${PREFIX}create -hp 80000000 -st -kt f -kt p -opr tmpk2priv.bin -opu tmpk2pub.bin -pwdp pps -pwdk k2 > run.out checkSuccess $? echo "Load the storage key K1 80000001 public key " ${PREFIX}loadexternal -hi p -ipu storepub.bin > run.out checkSuccess $? echo "Create a signing key O1 with policy" ${PREFIX}create -hp 80000000 -si -opr tmpsignpriv.bin -opu tmpsignpub.bin -pwdp pps -pwdk sig -pol policies/policyccduplicate.bin > run.out checkSuccess $? echo "Load the signing key O1 80000002 under the primary key" ${PREFIX}load -hp 80000000 -ipr tmpsignpriv.bin -ipu tmpsignpub.bin -pwdp pps > run.out checkSuccess $? echo "Save the signing key O1 name" cp ${TPM_DATA_DIR}/h80000002.bin tmpo1name.bin echo "Start a policy session" ${PREFIX}startauthsession -se p > run.out checkSuccess $? echo "Policy command code, duplicate" ${PREFIX}policycommandcode -ha 03000000 -cc 14b > run.out checkSuccess $? echo "Get random AES encryption key" ${PREFIX}getrandom -by 16 -of tmprnd.bin > run.out checkSuccess $? echo "Duplicate O1 80000002 under K1 80000001 outer wrapper, using AES inner wrapper" ${PREFIX}duplicate -ho 80000002 -pwdo sig -hp 80000001 -ik tmprnd.bin -od tmpdup.bin -oss tmpss.bin -salg aes -se0 03000000 1 > run.out checkSuccess $? echo "Flush signing key O1 80000002" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush storage key K1 80000001 public key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the policy session" ${PREFIX}flushcontext -ha 03000000 > run.out checkSuccess $? # at TPM 2 echo "Load storage key K1 80000001 public and private key" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Load storage key K2 80000002 public key" ${PREFIX}loadexternal -hi p -ipu tmpk2pub.bin > run.out checkSuccess $? echo "Rewrap O1 from K1 80000001 to K2 80000002 " ${PREFIX}rewrap -ho 80000001 -hn 80000002 -pwdo sto -id tmpdup.bin -in tmpo1name.bin -iss tmpss.bin -od tmpdup.bin -oss tmpss.bin > run.out checkSuccess $? echo "Flush old key K1 80000001" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush new key K2 80000002 public key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? # at TPM 3 echo "Load storage key K2 80000001 public key" ${PREFIX}load -hp 80000000 -ipr tmpk2priv.bin -ipu tmpk2pub.bin -pwdp pps > run.out checkSuccess $? echo "Import rewraped O1 to K2" ${PREFIX}import -hp 80000001 -pwdp k2 -ipu tmpsignpub.bin -id tmpdup.bin -iss tmpss.bin -salg aes -ik tmprnd.bin -opr tmpsignpriv3.bin > run.out checkSuccess $? echo "Load the imported signing key O1 80000002 under K2 80000001" ${PREFIX}load -hp 80000001 -ipr tmpsignpriv3.bin -ipu tmpsignpub.bin -pwdp k2 > run.out checkSuccess $? echo "Sign using duplicated K2" ${PREFIX}sign -hk 80000002 -if policies/aaa -os tmpsig.bin -pwdk sig > run.out checkSuccess $? echo "Verify the signature" ${PREFIX}verifysignature -hk 80000002 -if policies/aaa -is tmpsig.bin > run.out checkSuccess $? echo "Flush storage key K2 80000001" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush signing key O1 80000002" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? rm -f tmpo1name.bin rm -f tmpsignpriv.bin rm -f tmpsignpub.bin rm -f tmprnd.bin rm -f tmpdup.bin rm -f tmpss.bin rm -f tmpsignpriv3.bin rm -f tmpsig.bin rm -f tmpk2priv.bin rm -f tmpk2pub.bin rm -f tmposs.bin rm -f tmpprivkey.pem rm -f tmpecprivkey.pem rm -f tmppub.bin rm -f tmppriv.bin # ${PREFIX}flushcontext -ha 80000001 # ${PREFIX}flushcontext -ha 80000002 # ${PREFIX}flushcontext -ha 03000000 # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 03000000 ./utils/regtests/testpcr.bat0000644000175000017500000001157412640606051014347 0ustar lo1lo1REM ############################################################################# REM # REM TPM2 regression test # REM Written by Ken Goldman # REM IBM Thomas J. Watson Research Center # REM $Id: testpcr.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # REM (c) Copyright IBM Corporation 2015 # REM # REM All rights reserved. # REM # REM Redistribution and use in source and binary forms, with or without # REM modification, are permitted provided that the following conditions are # REM met: # REM # REM Redistributions of source code must retain the above copyright notice, # REM this list of conditions and the following disclaimer. # REM # REM Redistributions in binary form must reproduce the above copyright # REM notice, this list of conditions and the following disclaimer in the # REM documentation and/or other materials provided with the distribution. # REM # REM Neither the names of the IBM Corporation nor the names of its # REM contributors may be used to endorse or promote products derived from # REM this software without specific prior written permission. # REM # REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "PCR Extend" echo "" for %%H in (sha1 sha256 sha384) do ( echo "PCR Reset" %TPM_EXE_PATH%pcrreset -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR Extend %%H" %TPM_EXE_PATH%pcrextend -ha 16 -halg %%H -if policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR Read %%H" %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the read data %%H" diff policies/%%Hextaaa0.bin tmp.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR Reset" %TPM_EXE_PATH%pcrreset -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "PCR Event" echo "" echo "PCR Reset" %TPM_EXE_PATH%pcrreset -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR Read" %TPM_EXE_PATH%pcrread -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR Extend" %TPM_EXE_PATH%pcrevent -ha 16 -if policies/aaa -of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%H in (sha1 sha256 sha384) do ( echo "Verify Digest %%H" diff policies/%%Haaa.bin tmp%%H.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR Read %%H" %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify Digest %%H" diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "Event Sequence Complete" echo "" echo "PCR Reset" %TPM_EXE_PATH%pcrreset -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Event sequence start, alg null" %TPM_EXE_PATH%hashsequencestart -halg null -pwda aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Event Sequence Complete" %TPM_EXE_PATH%eventsequencecomplete -hs 80000001 -pwds aaa -ha 16 -if policies/aaa -of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%H in (sha1 sha256 sha384) do ( echo "Verify Digest %%H" diff policies/%%Haaa.bin tmp%%H.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "PCR Read %%H" %TPM_EXE_PATH%pcrread -ha 16 -halg %%H -of tmp%%H.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify Digest %%H" diff policies/%%Hexthaaa.bin tmp%%H.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "PCR Reset" %TPM_EXE_PATH%pcrreset -ha 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 ./utils/regtests/testdup.bat0000644000175000017500000003125113070757176014362 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testdup.bat 979 2017-04-04 17:57:18Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion REM 80000001 K1 storage key REM 80000002 K2 signing key to be duplicated REM 80000002 K2 duplicated REM 03000000 policy session REM policy REM be f5 6b 8c 1c c8 4e 11 ed d7 17 52 8d 2c d9 93 REM 56 bd 2b bf 8f 01 52 09 c3 f8 4a ee ab a8 e8 a2 REM used for the name in rewrap echo "" echo "Duplication" echo "" for %%E in ("" "-salg aes -ik tmprnd.bin") do ( for %%H in (sha1 sha256 sha384) do ( echo "Create a signing key K2 under the primary key, with policy" %TPM_EXE_PATH%create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyccduplicate.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key K1" %TPM_EXE_PATH%load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key K2" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest, %%H" %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature, %%H" %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code, duplicate" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get policy digest" %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get random AES encryption key" %TPM_EXE_PATH%getrandom -by 16 -of tmprnd.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Duplicate K2 under K1, %%~E" %TPM_EXE_PATH%duplicate -ho 80000002 -pwdo sig -hp 80000001 -od tmpdup.bin -oss tmpss.bin %%~E -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the original K2 to free object slot for import" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Import K2 under K1, %%~E" %TPM_EXE_PATH%import -hp 80000001 -pwdp sto -ipu tmppub.bin -id tmpdup.bin -iss tmpss.bin %%~E -opr tmppriv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign under K2, %%H - should fail" %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Load the duplicated signing key K2" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp sto > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign using duplicated K2, %%H" %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature, %%H" %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the duplicated K2" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the parent K1" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "" echo "Import PEM RSA" echo "" echo "generate the signing key with openssl" openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048 echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( for %%H in (sha1 sha256 sha384) do ( echo "Import the signing key under the primary key %%H" %TPM_EXE_PATH%importpem -hp 80000000 -pwdp pps -ipem tmpprivkey.pem -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the TPM signing key" %TPM_EXE_PATH%load -hp 80000000 -pwdp pps -ipu tmppub.bin -ipr tmppriv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign the message %%H %%~S" %TPM_EXE_PATH%sign -hk 80000001 -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg %%H %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature %%H" %TPM_EXE_PATH%verifysignature -hk 80000001 -if policies/aaa -is tmpsig.bin -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "" echo "Import PEM EC " echo "" echo "generate the signing key with openssl" openssl ecparam -name prime256v1 -genkey -noout | openssl pkey -aes256 -passout pass:rrrr -text > tmpecprivkey.pem for %%S in ("" "-se0 02000000 1") do ( for %%H in (sha1 sha256 sha384) do ( echo "Import the signing key under the primary key %%H" %TPM_EXE_PATH%importpem -hp 80000000 -pwdp pps -ipem tmpecprivkey.pem -ecc -pwdk rrrr -opu tmppub.bin -opr tmppriv.bin -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the TPM signing key" %TPM_EXE_PATH%load -hp 80000000 -pwdp pps -ipu tmppub.bin -ipr tmppriv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign the message %%H %%~S" %TPM_EXE_PATH%sign -hk 80000001 -ecc -pwdk rrrr -if policies/aaa -os tmpsig.bin -halg %%H %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature %%H" %TPM_EXE_PATH%verifysignature -hk 80000001 -ecc -if policies/aaa -is tmpsig.bin -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Rewrap" echo "" REM duplicate object O1 to K1 (the outer wrapper, knows inner wrapper) REM rewrap O1 from K1 to K2 (does not know inner wrapper) REM import O1 to K2 (knows inner wrapper) REM 03000000 policy session for duplicate REM at TPM 1, duplicate object to K1 outer wrapper, AES wrapper echo "Create a storage key K2" %TPM_EXE_PATH%create -hp 80000000 -st -kt f -kt p -opr tmpk2priv.bin -opu tmpk2pub.bin -pwdp pps -pwdk k2 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key K1 80000001 public key " %TPM_EXE_PATH%loadexternal -hi p -ipu storepub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key O1 with policy" %TPM_EXE_PATH%create -hp 80000000 -si -opr tmpsignpriv.bin -opu tmpsignpub.bin -pwdp pps -pwdk sig -pol policies/policyccduplicate.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key O1 80000002 under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmpsignpriv.bin -ipu tmpsignpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Save the signing key O1 name" cp h80000002.bin tmpo1name.bin echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code, duplicate" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 14b > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get random AES encryption key" %TPM_EXE_PATH%getrandom -by 16 -of tmprnd.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Duplicate O1 80000002 under K1 80000001 outer wrapper, using AES inner wrapper" %TPM_EXE_PATH%duplicate -ho 80000002 -pwdo sig -hp 80000001 -ik tmprnd.bin -od tmpdup.bin -oss tmpss.bin -salg aes -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush signing key O1 80000002" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush storage key K1 80000001 public key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the policy session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM at TPM 2 echo "Load storage key K1 80000001 public and private key" %TPM_EXE_PATH%load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load storage key K2 80000002 public key" %TPM_EXE_PATH%loadexternal -hi p -ipu tmpk2pub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Rewrap O1 from K1 80000001 to K2 80000002 " %TPM_EXE_PATH%rewrap -ho 80000001 -hn 80000002 -pwdo sto -id tmpdup.bin -in tmpo1name.bin -iss tmpss.bin -od tmpdup.bin -oss tmpss.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush old key K1 80000001" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush new key K2 80000002 public key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM at TPM 3 echo "Load storage key K2 80000001 public key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmpk2priv.bin -ipu tmpk2pub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Import rewraped O1 to K2" %TPM_EXE_PATH%import -hp 80000001 -pwdp k2 -ipu tmpsignpub.bin -id tmpdup.bin -iss tmpss.bin -salg aes -ik tmprnd.bin -opr tmpsignpriv3.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the imported signing key O1 80000002 under K2 80000001" %TPM_EXE_PATH%load -hp 80000001 -ipr tmpsignpriv3.bin -ipu tmpsignpub.bin -pwdp k2 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign using duplicated K2" %TPM_EXE_PATH%sign -hk 80000002 -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature" %TPM_EXE_PATH%verifysignature -hk 80000002 -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush storage key K2 80000001" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush signing key O1 80000002" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -f tmpo1name.bin rm -f tmpsignpriv.bin rm -f tmpsignpub.bin rm -f tmprnd.bin rm -f tmpdup.bin rm -f tmpss.bin rm -f tmpsignpriv3.bin rm -f sig.bin rm -f tmpk2priv.bin rm -f tmpk2pub.bin rm -f tmposs.bin rm -f tmpprivkey.pem rm -f tmpecprivkey.pem rm -f tmppub.bin rm -f tmppriv.bin rm -f tmpsig.bin exit /B 0 REM flushcontext -ha 80000001 REM flushcontext -ha 80000002 REM flushcontext -ha 03000000 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 03000000 ./utils/regtests/testaes138.sh0000755000175000017500000001037213070757176014446 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testaes.sh 714 2016-08-11 21:46:03Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "AES symmetric key" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? for SESS in "" "-se0 02000000 1" do echo "Load the symmetric cipher key under the primary key ${SESS}" ${PREFIX}load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp pps ${SESS} > run.out checkSuccess $? echo "Encrypt using the symmetric cipher key ${SESS}" ${PREFIX}encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Decrypt using the symmetric cipher key ${SESS}" ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Verify the decrypt result" diff msg.bin dec.bin checkSuccess $? echo "Encrypt using the symmetric cipher key 0 length message ${SESS}" ${PREFIX}encryptdecrypt -2 -hk 80000001 -if zero.bin -of enc.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Decrypt using the symmetric cipher key ${SESS}" ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes ${SESS} > run.out checkSuccess $? echo "Verify the decrypt result" diff zero.bin dec.bin checkSuccess $? echo "Flush the symmetric cipher key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Create a primary symmetric cipher key ${SESS}" ${PREFIX}createprimary -des -pwdk aesp ${SESS} > run.out checkSuccess $? echo "Encrypt using the symmetric cipher primary key ${SESS}" ${PREFIX}encryptdecrypt -2 -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp ${SESS}> run.out checkSuccess $? echo "Decrypt using the symmetric cipher primary key ${SESS}" ${PREFIX}encryptdecrypt -2 -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp ${SESS}> run.out checkSuccess $? echo "Verify the decrypt result" diff msg.bin dec.bin checkSuccess $? echo "Flush the symmetric cipher key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/testsalt.sh0000755000175000017500000002033713133162315014370 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testsalt.sh 1043 2017-07-17 16:24:45Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Salt Session - Load" echo "" for ASY in "-rsa" "-ecc nistp256" do for HALG in sha1 sha256 sha384 do # In general a storage key can be used. A decryption key is # used here because the hash algorithm doesn't have to match # that of the parent. echo "Create a ${ASY} ${HALG} storage key under the primary key " ${PREFIX}create -hp 80000000 -nalg ${HALG} -halg ${HALG} ${ASY} -deo -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 222 > run.out checkSuccess $? echo "Load the RSA storage key under the primary key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Start a RSA salted HMAC auth session" ${PREFIX}startauthsession -se h -hs 80000001 > run.out checkSuccess $? echo "Create a signing key using the salt" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done done echo "" echo "Salt Session - Load External" echo "" echo "Create a key pair in PEM format using openssl" openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048 > run.out echo "Convert key pair to plaintext DER format" openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out for HALG in sha1 sha256 sha384 do echo "Load the openssl key pair in the NULL hierarchy - $HALG" ${PREFIX}loadexternal -halg $HALG -st -ider tmpkeypair.der > run.out checkSuccess $? echo "Start a salted HMAC auth session" ${PREFIX}startauthsession -se h -hs 80000001 > run.out checkSuccess $? echo "Create a signing key using the salt" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done echo "" echo "Salt Session - CreatePrimary storage key" echo "" for HALG in sha1 sha256 sha384 do echo "Create a primary storage key - $HALG" ${PREFIX}createprimary -nalg $HALG -hi p > run.out checkSuccess $? echo "Start a salted HMAC auth session" ${PREFIX}startauthsession -se h -hs 80000001 > run.out checkSuccess $? echo "Create a signing key using the salt" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done echo "" echo "Salt Session - CreatePrimary RSA key" echo "" for HALG in sha1 sha256 sha384 do echo "Create a primary RSA key - $HALG" ${PREFIX}createprimary -nalg $HALG -halg $HALG -hi p -deo > run.out checkSuccess $? echo "Start a salted HMAC auth session" ${PREFIX}startauthsession -se h -hs 80000001 > run.out checkSuccess $? echo "Create a primary HMAC key using the salt" ${PREFIX}createprimary -kh -se0 02000000 0 > run.out checkSuccess $? echo "Flush the HMAC key" ${PREFIX}flushcontext -ha 80000002 > run.out checkSuccess $? echo "Flush the RSA key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done echo "" echo "Salt Session - EvictControl" echo "" echo "Load the storage key" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Make the storage key persistent" ${PREFIX}evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out checkSuccess $? echo "Start a salted HMAC auth session" ${PREFIX}startauthsession -se h -hs 81800000 > run.out checkSuccess $? echo "Create a signing key using the salt" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out checkSuccess $? echo "Flush the storage key from transient memory" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the storage key from persistent memory" ${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out checkSuccess $? echo "" echo "Salt Session - ContextSave and ContextLoad" echo "" echo "Load the storage key at 80000001" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Save context for the key at 80000001" ${PREFIX}contextsave -ha 80000001 -of tmp.bin > run.out checkSuccess $? echo "Flush the storage key at 80000001" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Load context, new storage key at 80000001" ${PREFIX}contextload -if tmp.bin > run.out checkSuccess $? echo "Start a salted HMAC auth session" ${PREFIX}startauthsession -se h -hs 80000001 > run.out checkSuccess $? echo "Create a signing key using the salt" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk 333 -se0 02000000 0 > run.out checkSuccess $? echo "Flush the context loaded key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "Salt Audit Session - PCR Read, Read Public, NV Read Public" echo "" echo "Load the storage key at 80000001" ${PREFIX}load -hp 80000000 -ipr storepriv.bin -ipu storepub.bin -pwdp pps > run.out checkSuccess $? echo "Start a salted HMAC auth session" ${PREFIX}startauthsession -se h -hs 80000001 > run.out checkSuccess $? echo "PCR read with salted audit session" ${PREFIX}pcrread -ha 16 -se0 02000000 81 > run.out checkSuccess $? echo "Read public with salted audit session" ${PREFIX}readpublic -ho 80000001 -se0 02000000 81 > run.out checkSuccess $? echo "NV define space" ${PREFIX}nvdefinespace -ha 01000000 -hi p > run.out checkSuccess $? echo "NV Read public with salted audit session" ${PREFIX}nvreadpublic -ha 01000000 -se0 02000000 81 > run.out checkSuccess $? echo "Flush the storage key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the salt session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? echo "NV undefine space" ${PREFIX}nvundefinespace -ha 01000000 -hi p > run.out checkSuccess $? rm -f tmpkeypair.pem rm -f tmpkeypair.der # ${PREFIX}getcapability -cap 1 -pr 80000000 ./utils/regtests/testpcr.sh0000755000175000017500000001227713121761563014224 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testpcr.sh 1026 2017-06-19 14:45:07Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # extend of aaa + 0 pad to digest length # 1d 47 f6 8a ce d5 15 f7 79 73 71 b5 54 e3 2d 47 # 98 1a a0 a0 # c2 11 97 64 d1 16 13 bf 07 b7 e2 04 c3 5f 93 73 # 2b 4a e3 36 b4 35 4e bc 16 e8 d0 c3 96 3e be bb # 29 29 63 e3 1c 34 c2 72 bd ea 27 15 40 94 af 92 # 50 ad 97 d9 e7 44 6b 83 6d 3a 73 7c 90 ca 47 df # 2c 39 90 21 ce dd 00 85 3e f0 84 97 c5 a4 23 84 echo "" echo "PCR Extend" echo "" for HALG in sha1 sha256 sha384 do echo "PCR Reset" ${PREFIX}pcrreset -ha 16 > run.out checkSuccess $? echo "PCR Extend ${HALG}" ${PREFIX}pcrextend -ha 16 -halg ${HALG} -if policies/aaa > run.out checkSuccess $? echo "PCR Read ${HALG}" ${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp.bin > run.out checkSuccess $? echo "Verify the read data ${HALG}" diff policies/${HALG}extaaa0.bin tmp.bin checkSuccess $? echo "PCR Reset" ${PREFIX}pcrreset -ha 16 > run.out checkSuccess $? done # sha1 of aaa # 7e240de74fb1ed08fa08d38063f6a6a91462a815 # extend of that (using policymaker) # ab 53 c7 ec 3f fe fe 21 9e 9d 89 da f1 8e 16 55 # 3e 23 8e a6 # sha256 of aaa # 9834876dcfb05cb167a5c24953eba58c4ac89b1adf57f28f2f9d09af107ee8f0 # extend of that (using policymaker) # df 81 1e 9d 19 a0 d3 3d e6 7b b1 c7 26 a6 20 5c # d0 a2 eb 0f 61 b7 c9 ee 91 66 eb cf dc 17 db ab # sha384 of aaa # 8e07e5bdd64aa37536c1f257a6b44963cc327b7d7dcb2cb47a22073d33414462bfa184487cf372ce0a19dfc83f8336d8 # extend of that (using policymaker) # 61 bc 70 39 e2 94 87 c2 17 b0 b1 46 10 5d 64 e6 # ad 32 a6 d5 c2 5b 45 01 a7 4b bc a7 7f cc 24 25 # 36 ca 1a 40 f9 36 44 f0 d8 b0 98 ea a6 50 97 4d echo "" echo "PCR Event" echo "" echo "PCR Reset" ${PREFIX}pcrreset -ha 16 > run.out checkSuccess $? echo "PCR Read" ${PREFIX}pcrread -ha 16 > run.out checkSuccess $? echo "PCR Event" ${PREFIX}pcrevent -ha 16 -if policies/aaa -of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin > run.out checkSuccess $? for HALG in sha1 sha256 sha384 do echo "Verify Digest ${HALG}" diff policies/${HALG}aaa.bin tmp${HALG}.bin > run.out checkSuccess $? echo "PCR Read ${HALG}" ${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp${HALG}.bin > run.out checkSuccess $? echo "Verify Digest ${HALG}" diff policies/${HALG}exthaaa.bin tmp${HALG}.bin > run.out checkSuccess $? done echo "" echo "Event Sequence Complete" echo "" echo "PCR Reset" ${PREFIX}pcrreset -ha 16 > run.out checkSuccess $? echo "Event sequence start, alg null" ${PREFIX}hashsequencestart -halg null -pwda aaa > run.out checkSuccess $? echo "Event Sequence Complete" ${PREFIX}eventsequencecomplete -hs 80000001 -pwds aaa -ha 16 -if policies/aaa -of1 tmpsha1.bin -of2 tmpsha256.bin -of3 tmpsha384.bin > run.out checkSuccess $? for HALG in sha1 sha256 sha384 do echo "Verify Digest ${HALG}" diff policies/${HALG}aaa.bin tmp${HALG}.bin > run.out checkSuccess $? echo "PCR Read ${HALG}" ${PREFIX}pcrread -ha 16 -halg ${HALG} -of tmp${HALG}.bin > run.out checkSuccess $? echo "Verify Digest ${HALG}" diff policies/${HALG}exthaaa.bin tmp${HALG}.bin > run.out checkSuccess $? done echo "PCR Reset" ${PREFIX}pcrreset -ha 16 > run.out checkSuccess $? ./utils/regtests/testhierarchy.bat0000644000175000017500000002277112667651703015557 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testhierarchy.bat 507 2016-03-08 22:35:47Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Hierarchy Change Auth" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Generate a random authorization value" %TPM_EXE_PATH%getrandom -by 32 -nz -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "Change platform hierarchy auth %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary storage key - should fail" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a primary storage key" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change platform hierarchy auth back to null %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary storage key" %TPM_EXE_PATH%createprimary -pwdk 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" for %%S in ("" "-se0 02000000 1") do ( echo "Change platform hierarchy auth, new auth from file %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdni tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary storage key - should fail" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a primary storage key, auth from file" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdpi tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change platform hierarchy auth back to null, auth from file %%~S" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdai tmp.bin %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary storage key" %TPM_EXE_PATH%createprimary -pwdk 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Hierarchy Change Auth with bind" echo "" echo "Change platform hierarchy auth" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary storage key - should fail" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a primary storage key" %TPM_EXE_PATH%createprimary -hi p -pwdk 111 -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC auth session, bind to platform hierarchy" %TPM_EXE_PATH%startauthsession -se h -bi 4000000c -pwdb ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change platform hierarchy auth back to null" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary storage key" %TPM_EXE_PATH%createprimary -pwdk 111 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Hierarchy Control" echo "" echo "Enable the owner hierarchy" %TPM_EXE_PATH%hierarchycontrol -hi p -he o > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Change the platform hierarchy password" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwdn ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Enable the owner hierarchy - no platform hierarchy password, should fail" %TPM_EXE_PATH%hierarchycontrol -hi p -he o > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Enable the owner hierarchy using platform hierarchy password" %TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary key in the owner hierarchy - bad password, should fail" %TPM_EXE_PATH%createprimary -hi o -pwdp xxx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a primary key in the owner hierarchy" %TPM_EXE_PATH%createprimary -hi o > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Disable the owner hierarchy using platform hierarchy password" %TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp -state 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary key in the owner hierarchy, disabled, should fail" %TPM_EXE_PATH%createprimary -hi o > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Enable the owner hierarchy using platform hierarchy password" %TPM_EXE_PATH%hierarchycontrol -hi p -he o -pwda ppp -state 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary key in the owner hierarchy" %TPM_EXE_PATH%createprimary -hi o > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Remove the platform hierarchy password" %TPM_EXE_PATH%hierarchychangeauth -hi p -pwda ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key in the owner hierarchy" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Clear" echo "" echo "Set storage hierarchy auth" %TPM_EXE_PATH%hierarchychangeauth -hi o -pwdn ooo > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary key - storage hierarchy" %TPM_EXE_PATH%createprimary -hi o -pwdp ooo > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the public part" %TPM_EXE_PATH%readpublic -ho 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "ClearControl disable" %TPM_EXE_PATH%clearcontrol -hi p -state 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear - should fail" %TPM_EXE_PATH%clear -hi p > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "ClearControl enable" %TPM_EXE_PATH%clearcontrol -hi p -state 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear" %TPM_EXE_PATH%clear -hi p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the public part - should fail" %TPM_EXE_PATH%readpublic -ho 80000001 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a primary key - old owner password should fail" %TPM_EXE_PATH%createprimary -hi o -pwdp ooo > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Create a primary key" %TPM_EXE_PATH%createprimary -hi o > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM cleanup rm -f tmp.bin exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/inittpm.sh0000755000175000017500000000432313070757176014225 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: inittpm.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Initialize TPM" echo "" echo "Power cycle" ${PREFIX}powerup > run.out checkSuccess $? echo "Startup" ${PREFIX}startup -c > run.out checkSuccess $? ./utils/regtests/testnvpin.bat0000644000175000017500000004776513064025552014732 0ustar lo1lo1REM ################################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testnvpin.bat 974 2017-03-20 19:20:10Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2016 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ################################################################################# setlocal enableDelayedExpansion REM # PIN Pass index name is REM REM # 00 0b da 1c bd 54 bb 81 54 6c 1c 76 30 dd d4 09 REM # 50 3a 0d 6d 03 05 16 1b 15 88 d6 6b c8 fa 17 da REM # ad 81 REM REM # Policy Secret using PIN Pass index is REM REM # 56 e4 c7 26 d7 d7 dd 3c bd 4c ae 11 c0 1b 2e 83 REM # 3c 37 33 3c fb c3 b9 c3 5f 05 ab 53 23 0c df 7d REM REM # PIN Fail index name is REM REM # 00 0b 86 11 40 4a e8 0c 0a 84 e5 b8 97 05 98 f0 REM # b5 60 2d 14 21 19 bf 44 9d e5 f9 61 84 bc 4c 01 REM # c4 be REM REM # Policy Secret using PIN Fail index is REM REM # 9d 56 8f da 52 27 30 dc be a8 ad 59 bc a5 0c 1c REM # 16 02 95 03 a0 0b d3 d8 20 a8 b2 d8 5b c5 12 df REM REM REM # 01000000 is PIN pass or PIN fail index REM # 01000001 is ordinary index with PIN pass policy REM # 01000002 is ordinary index with PIN fail policy echo "" echo "NV PIN Index" echo "" echo "NV Define Space, 01000001, ordinary index, with policysecret for pin pass index 01000000" %TPM_EXE_PATH%nvdefinespace -ha 01000001 -hi o -pwdn ppi -ty o -hia p -sz 1 -pol policies/policysecretnvpp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write to set written bit" %TPM_EXE_PATH%nvwrite -ha 01000001 -hia p -ic 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Define Space, 01000002, ordinary index, with policysecret for pin pass fail 01000000" %TPM_EXE_PATH%nvdefinespace -ha 01000002 -hi o -pwdn pfi -ty o -hia p -sz 1 -pol policies/policysecretnvpf.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write to set written bit" %TPM_EXE_PATH%nvwrite -ha 01000002 -hia p -ic 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Pass Index" echo "" echo "Set phEnableNV" %TPM_EXE_PATH%hierarchycontrol -hi p -he n > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Define Space, 01000000, pin pass, read/write stclear, policy secret using platform auth" %TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, not written - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform read does not affect count" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform read does not affect count, should succeed" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, platform auth" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy write, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, platform auth" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy read" %TPM_EXE_PATH%nvread -ha 01000000 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Index read" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Index read, no uses - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform read, no uses" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Pass Index in Policy Secret" echo "" echo "Policy Secret with PWAP session, bad password - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 01000000, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, bad password does not consume pinCount - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, pinCount used - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Get Digest, 50 b9 63 d6 ..." %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read ordinary index using PIN pass policy secret" %TPM_EXE_PATH%nvread -ha 01000001 -sz 1 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 01000000, 1 use, 1 / 2" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 2 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 0 uses, 0 / 0" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, pinCount used - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 1 use. 1 / 1, already used" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, pinCount used - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 0 uses. 2 / 1, already used" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 2 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, pinCount used - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "" echo "NV PIN Pass Index with Write Lock" echo "" echo "Platform write, 01000000, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Write lock, 01000000" %TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, pinCount used - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 01000000, locked - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Reboot" %TPM_EXE_PATH%powerup > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Startup" %TPM_EXE_PATH%startup > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 01000000, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Pass Index with Read Lock" echo "" echo "Platform write, 01000000, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read lock, 01000000" %TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform read, locked - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, read locked" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Pass Index with phEnableNV clear" echo "" echo "Platform write, 01000000, 1 use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear phEnableNV" %TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Set phEnableNV" %TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Cleanup NV PIN Pass" echo "" echo "NV Undefine Space, 01000000 " %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the policy session, 03000000 " %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Fail Index" echo "" echo "NV Define Space, 01000000, pin fail, read/write stclear, policy secret using platform auth" %TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f +at wst +at rst -hia p -pol policies/policysecretp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, not written - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 1 failure, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform read" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform read with bad password - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 -pwdn xxx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, platform auth" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy write, 01000000, 1 failure" %TPM_EXE_PATH%nvwrite -ha 01000000 -id 0 1 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, platform auth" %TPM_EXE_PATH%policysecret -ha 4000000c -hs 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy read, 01000000" %TPM_EXE_PATH%nvread -ha 01000000 -sz 8 -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 01000000, 1 failure" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Index read, 01000000, correct password" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Index read, 01000000, bad password - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nn -sz 8 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Index read, 01000000, correct password - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 01000000, 1 failure" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Index read, 01000000" %TPM_EXE_PATH%nvread -ha 01000000 -pwdn nnn -sz 8 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Fail Index in Policy Secret" echo "" echo "Platform write, 2 failures, 0 / 2" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 2 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, good password" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, good password, resets pinCount" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, bad password uses pinCount - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnnx > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, good password - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Platform write, 1 failure use, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, good password, resets pinCount" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 0 failures, 1 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 1 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, good password, resets pinCount" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "" echo "NV PIN Fail Index with Write Lock" echo "" echo "Platform write, 01000000, 1 fail, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Write lock, 01000000" %TPM_EXE_PATH%nvwritelock -ha 01000000 -hia p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 01000000, locked - should fail" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Reboot" %TPM_EXE_PATH%powerup > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Startup" %TPM_EXE_PATH%startup > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform write, 01000000, unlocked, 1 failure, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Fail Index with Read Lock" echo "" echo "Platform write, 01000000, 1 failure, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read lock 01000000" %TPM_EXE_PATH%nvreadlock -ha 01000000 -hia p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Platform read, locked - should fail" %TPM_EXE_PATH%nvread -ha 01000000 -hia p -sz 8 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, read locked" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN Fail Index with phEnableNV clear" echo "" echo "Platform write, 01000000, 1 failure, 0 / 1" %TPM_EXE_PATH%nvwrite -ha 01000000 -hia p -id 0 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clear phEnableNV" %TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Secret with PWAP session, phEnableNV disabled - should fail" %TPM_EXE_PATH%policysecret -ha 01000000 -hs 03000000 -pwde nnn > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Set phEnableNV" %TPM_EXE_PATH%hierarchycontrol -hi p -he n -state 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Cleanup" echo "" echo "NV Undefine Space 01000000" %TPM_EXE_PATH%nvundefinespace -hi p -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space 01000001" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space 01000002" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Recreate the primary key" %TPM_EXE_PATH%createprimary -hi p -pwdk pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "NV PIN define space" echo "" echo "NV Define Space, 01000000, no write auth - should fail" %TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppw > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Define Space, 01000000, no read auth - should fail" %TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p -at ppr -at ar> run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Define Space, 01000000, PIN Pass, auth write - should fail" %TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty p -hia p +at aw > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Define Space, 01000000, PIN Fail, auth write - should fail" %TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p +at aw > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Define Space, 01000000, PIN Fail, noDA clear - should fail" %TPM_EXE_PATH%nvdefinespace -ha 01000000 -hi p -pwdn nnn -ty f -hia p -at da > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) exit /B 0 REM # %TPM_EXE_PATH%getcapability -cap 1 -pr 80000000 REM # %TPM_EXE_PATH%getcapability -cap 1 -pr 02000000 REM # %TPM_EXE_PATH%getcapability -cap 1 -pr 01000000 ./utils/regtests/testhmac.sh0000755000175000017500000002050713075663254014351 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testhmac.sh 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Keyed hash HMAC key" echo "" echo "Start an HMAC auth session" ${PREFIX}startauthsession -se h > run.out checkSuccess $? # session 02000000 # loaded HMAC key 80000001 # primary HMAC key 80000001 # sequence object 80000002 for HALG in sha1 sha256 sha384 do for SESS in "" "-se0 02000000 1" do echo "Load the ${HALG} keyed hash key under the primary key" ${PREFIX}load -hp 80000000 -ipr khpriv${HALG}.bin -ipu khpub${HALG}.bin -pwdp pps > run.out checkSuccess $? echo "HMAC ${HALG} using the keyed hash key, message from file ${SESS}" ${PREFIX}hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khk -halg ${HALG} ${SESS} > run.out checkSuccess $? echo "HMAC ${HALG} start using the keyed hash key ${SESS}" ${PREFIX}hmacstart -hk 80000001 -pwdk khk -pwda aaa ${SESS} -halg ${HALG} > run.out checkSuccess $? echo "HMAC ${HALG} sequence update ${SESS}" ${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin ${SESS} > run.out checkSuccess $? echo "HMAC ${HALG} sequence complete ${SESS}" ${PREFIX}sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin ${SESS} > run.out checkSuccess $? echo "Verify the HMAC ${HALG} using the two methods" diff sig.bin tmp.bin checkSuccess $? echo "HMAC ${HALG} using the keyed hash key, message from command line ${SESS}" ${PREFIX}hmac -hk 80000001 -ic 1234567890123456 -os sig.bin -pwdk khk -halg ${HALG} ${SESS} > run.out checkSuccess $? echo "Verify the HMAC ${HALG} using the two methods" diff sig.bin tmp.bin checkSuccess $? echo "Flush the ${HALG} HMAC key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Create primary HMAC key - $HALG" ${PREFIX}createprimary -kh -halg ${HALG} -pwdk khp > run.out checkSuccess $? echo "HMAC ${HALG} using the keyed hash primary key ${SESS}" ${PREFIX}hmac -hk 80000001 -if msg.bin -os sig.bin -pwdk khp -halg ${HALG} ${SESS} > run.out checkSuccess $? echo "HMAC ${HALG} start using the keyed hash primary key ${SESS}" ${PREFIX}hmacstart -hk 80000001 -pwdk khp -pwda aaa ${SESS} -halg ${HALG} > run.out checkSuccess $? echo "HMAC ${HALG} sequence update ${SESS}" ${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin ${SESS} > run.out checkSuccess $? echo "HMAC ${HALG} sequence complete ${SESS}" ${PREFIX}sequencecomplete -hs 80000002 -pwds aaa -of tmp.bin ${SESS} > run.out checkSuccess $? echo "Verify the HMAC ${HALG} using the two methods" diff sig.bin tmp.bin checkSuccess $? echo "Flush the ${HALG} primary HMAC key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? done done echo "" echo "Hash" echo "" for HALG in sha1 sha256 sha384 do for SESS in "" "-se0 02000000 1" do echo "Hash ${HALG} in one call, data from file" ${PREFIX}hash -hi p -halg ${HALG} -if policies/aaa -oh tmp.bin > run.out checkSuccess $? echo "Verify the hash ${HALG}" diff tmp.bin policies/${HALG}aaa.bin > run.out checkSuccess $? echo "Hash ${HALG} in one call, data on command line" ${PREFIX}hash -hi p -halg ${HALG} -ic aaa -oh tmp.bin > run.out checkSuccess $? echo "Verify the hash ${HALG}" diff tmp.bin policies/${HALG}aaa.bin > run.out checkSuccess $? echo "Hash ${HALG} sequence start" ${PREFIX}hashsequencestart -halg ${HALG} -pwda aaa > run.out checkSuccess $? echo "Hash ${HALG} sequence update ${SESS}" ${PREFIX}sequenceupdate -hs 80000001 -pwds aaa -if policies/aaa ${SESS} > run.out checkSuccess $? echo "Hash ${HALG} sequence complete ${SESS}" ${PREFIX}sequencecomplete -hi p -hs 80000001 -pwds aaa -of tmp.bin ${SESS} > run.out checkSuccess $? echo "Verify the ${HALG} hash" diff tmp.bin policies/${HALG}aaa.bin > run.out checkSuccess $? done done echo "Flush the auth session" ${PREFIX}flushcontext -ha 02000000 > run.out checkSuccess $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 echo "" echo "Sign with ticket" echo "" echo "Load the signing key under the primary key" ${PREFIX}load -hp 80000000 -ipr signrpriv.bin -ipu signrpub.bin -pwdp pps > run.out checkSuccess $? echo "Hash and create ticket" ${PREFIX}hash -hi p -halg sha256 -if msg.bin -oh sig.bin -tk tkt.bin > run.out checkSuccess $? echo "Sign a digest with a restricted signing key and no ticket - should fail" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out checkFailure $? echo "Sign a digest with a restricted signing key and ticket" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Hash and create null ticket, msg with TPM_GENERATED" ${PREFIX}hash -hi p -halg sha256 -if policies/msgtpmgen.bin -oh sig.bin -tk tkt.bin > run.out checkSuccess $? echo "Sign a digest with a restricted signing key and ticket - should fail" ${PREFIX}sign -hk 80000001 -halg $HALG -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out checkFailure $? echo "Hash sequence start" ${PREFIX}hashsequencestart -halg sha256 -pwda aaa > run.out checkSuccess $? echo "Hash sequence update " ${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if msg.bin > run.out checkSuccess $? echo "Hash sequence complete" ${PREFIX}sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out checkSuccess $? echo "Sign a digest with a restricted signing key and no ticket - should fail" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig > run.out checkFailure $? echo "Sign a digest with a restricted signing key and ticket" ${PREFIX}sign -hk 80000001 -halg sha256 -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Hash sequence start" ${PREFIX}hashsequencestart -halg sha256 -pwda aaa -halg sha256 > run.out checkSuccess $? echo "Hash sequence update, msg with TPM_GENERATED" ${PREFIX}sequenceupdate -hs 80000002 -pwds aaa -if policies/msgtpmgen.bin > run.out checkSuccess $? echo "Hash sequence complete" ${PREFIX}sequencecomplete -hi p -hs 80000002 -pwds aaa -of tmp.bin -tk tkt.bin > run.out checkSuccess $? echo "Sign a digest with a restricted signing key and ticket - should fail" ${PREFIX}sign -hk 80000001 -halg $HALG -if msg.bin -tk tkt.bin -os sig.bin -pwdk sig > run.out checkFailure $? echo "Flush the signing key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? rm -f tmp.bin rm -f tmp1.bin # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 ./utils/regtests/inittpm.bat0000644000175000017500000000456412640606051014350 0ustar lo1lo1REM ############################################################################# REM # REM TPM2 regression test # REM Written by Ken Goldman # REM IBM Thomas J. Watson Research Center # REM $Id: inittpm.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # REM (c) Copyright IBM Corporation 2015 # REM # REM All rights reserved. # REM # REM Redistribution and use in source and binary forms, with or without # REM modification, are permitted provided that the following conditions are # REM met: # REM # REM Redistributions of source code must retain the above copyright notice, # REM this list of conditions and the following disclaimer. # REM # REM Redistributions in binary form must reproduce the above copyright # REM notice, this list of conditions and the following disclaimer in the # REM documentation and/or other materials provided with the distribution. # REM # REM Neither the names of the IBM Corporation nor the names of its # REM contributors may be used to endorse or promote products derived from # REM this software without specific prior written permission. # REM # REM THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # REM ############################################################################# setlocal enableDelayedExpansion echo "Power cycle" %TPM_EXE_PATH%powerup -v > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Startup" %TPM_EXE_PATH%startup -c -v > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 ./utils/regtests/testevict.sh0000755000175000017500000000761113070757176014556 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testevict.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "Evict Control" echo "" echo "Create an unrestricted signing key" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig > run.out checkSuccess $? echo "Load the signing key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Make the signing key persistent" ${PREFIX}evictcontrol -ho 80000001 -hp 81800000 -hi p > run.out checkSuccess $? echo "Sign a digest with the transient key" ${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Sign a digest with the persistent key" ${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Flush the transient key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "Flush the persistent key - should fail" ${PREFIX}flushcontext -ha 81800000 > run.out checkFailure $? echo "Sign a digest with the transient key- should fail" ${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out checkFailure $? echo "Sign a digest with the persistent key" ${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Flush the persistent key" ${PREFIX}evictcontrol -ho 81800000 -hp 81800000 -hi p > run.out checkSuccess $? echo "Sign a digest with the persistent key - should fail" ${PREFIX}sign -hk 81800000 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out checkFailure $? echo "Sign a digest with the transient key - should fail" ${PREFIX}sign -hk 80000001 -halg sha1 -if policies/aaa -os sig.bin -pwdk sig > run.out checkFailure $? # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 81000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 # ${PREFIX}getcapability -cap 1 -pr 01000000 ./utils/regtests/testrsa.sh0000755000175000017500000000733713070757176014236 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testrsa.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "RSA decryption key" echo "" echo "Load the decryption key under the primary key" ${PREFIX}load -hp 80000000 -ipr derpriv.bin -ipu derpub.bin -pwdp pps > run.out checkSuccess $? echo "RSA encrypt with the encryption key" ${PREFIX}rsaencrypt -hk 80000001 -id policies/aaa -oe enc.bin > run.out checkSuccess $? echo "RSA decrypt with the decryption key" ${PREFIX}rsadecrypt -hk 80000001 -ie enc.bin -od dec.bin -pwdk dec > run.out checkSuccess $? echo "Verify the decrypt result" tail -c 3 dec.bin > tmp.bin diff policies/aaa tmp.bin checkSuccess $? echo "Flush the decryption key" ${PREFIX}flushcontext -ha 80000001 > run.out checkSuccess $? echo "" echo "RSA decryption key to sign with OID" echo "" echo "Load the RSA decryption key" ${PREFIX}load -hp 80000000 -ipu derpub.bin -ipr derpriv.bin -pwdp pps > run.out checkSuccess $? HALG=("sha1" "sha256" "sha384") HSIZ=("20" "32" "48") for ((i = 0 ; i < 3 ; i++)) do echo "Decrypt/Sign with a caller specified OID - ${HALG[i]}" ${PREFIX}rsadecrypt -hk 80000001 -pwdk dec -ie policies/${HALG[i]}aaa.bin -od tmpsig.bin -oid ${HALG[i]} > run.out checkSuccess $? echo "Encrypt/Verify - ${HALG[i]}" ${PREFIX}rsaencrypt -hk 80000001 -id tmpsig.bin -oe tmpmsg.bin checkSuccess $? echo "Verify Result - ${HALG[i]} ${HSIZ[i]} bytes" tail -c ${HSIZ[i]} tmpmsg.bin > tmpdig.bin diff tmpdig.bin policies/${HALG[i]}aaa.bin checkSuccess $? done echo "Flush the RSA signing key" ${PREFIX}flushcontext -ha 80000001 checkSuccess $? rm -f tmpmsg.bin rm -f tmpdig.bin rm -f tmpsig.bin # ${PREFIX}getcapability -cap 1 -pr 80000000 # ${PREFIX}getcapability -cap 1 -pr 02000000 # ${PREFIX}flushcontext -ha 80000001 ./utils/regtests/testattest.bat0000644000175000017500000002201612717102157015063 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testattest.bat 593 2016-05-18 15:04:15Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Attestation" echo "" echo "Load the RSA signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the ECC signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Define Space" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -pwdn nnn -sz 16 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Read Public, unwritten Name" %TPM_EXE_PATH%nvreadpublic -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV write" %TPM_EXE_PATH%nvwrite -ha 01000000 -pwdn nnn -if msg.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( for %%H in (sha1 sha256 sha384) do ( for %%A in (rsa ecc) do ( IF "%%A" == "rsa" ( set K=80000001 ) IF "%%A" == "ecc" ( set K=80000002 ) echo "Signing Key Self Certify %%H %%A %%~S" %TPM_EXE_PATH%certify -hk !K! -ho 80000001 -halg %%H -pwdk sig -pwdo sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the %%A signature %%H" %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Quote %%H %%A %%~S" %TPM_EXE_PATH%quote -hp 0 -hk !K! -halg %%H -palg %%H -pwdk sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the %%A signature %%H" %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get Time %%H %%A %%~S" %TPM_EXE_PATH%gettime -hk !K! -halg %%H -pwdk sig %%~S -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the %%A signature %%H" %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Certify %%H %%A %%~S" %TPM_EXE_PATH%nvcertify -ha 01000000 -pwdn nnn -hk !K! -pwdk sig -halg %%H -sz 16 %%~S -os sig.bin -oa tmp.bin -salg %%A > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the %%A signature %%H" %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get command audit digest %%H %%A %%~S" %TPM_EXE_PATH%getcommandauditdigest -hk !K! -halg %%H %%~S -pwdk sig -os sig.bin -oa tmp.bin -qd policies/aaa -salg %%A > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the %%A signature" %TPM_EXE_PATH%verifysignature -hk !K! -halg %%H -if tmp.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) ) echo "Flush the RSA attestation key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the ECC attestation key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Audit" echo "" REM 80000001 signing key REM 02000000 hmac and audit session echo "" echo "Audit with one session" echo "" echo "Load the audit signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%B in ("" "-bi 80000001 -pwdb sig") do ( for %%H in (sha1 sha256 sha384) do ( echo "Start an HMAC auth session %%H %%~B" %TPM_EXE_PATH%startauthsession -se h -halg %%H %%~B > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest %%H" %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signpub.bin -se0 02000000 81 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest %%H" %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -se0 02000000 81 -ipu signpub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get Session Audit Digest %%H" %TPM_EXE_PATH%getsessionauditdigest -hs 02000000 -hk 80000001 -pwdk sig -halg %%H -os sig.bin -oa tmp.bin -qd policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature %%H" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if tmp.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM 80000001 signing key REM 02000000 hmac session REM 02000001 audit session echo "" echo "Audit with HMAC and audit sessions" echo "" echo "Load the audit signing key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( for %%H in (sha1 sha256 sha384) do ( echo "Start an audit session %%H" %TPM_EXE_PATH%startauthsession -se h -halg %%H > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest %%H" %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signpub.bin -se0 02000001 81 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Get Session Audit Digest %%~S" %TPM_EXE_PATH%getsessionauditdigest -hs 02000001 -hk 80000001 -pwdk sig -os sig.bin -oa tmp.bin %%~S -qd policies/aaa > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature" %TPM_EXE_PATH%verifysignature -hk 80000001 -if tmp.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testpolicy138.bat0000644000175000017500000002275713011446307015322 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testpolicy138.sh 793 2016-11-10 21:27:40Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2016 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# REM REM # Policy command code - sign REM REM # cc69 18b2 2627 3b08 f5bd 406d 7f10 cf16 REM # 0f0a 7d13 dfd8 3b77 70cc bcd1 aa80 d811 REM REM # NV index name after written REM REM # 000b REM # 5e8e bdf0 4581 9419 070c 7d57 77bf eb61 REM # ffac 4996 ea4b 6fba de6d a42b 632d 4918 REM REM # Policy Authorize NV with above Name REM REM # 66 1f a1 02 db cd c2 f6 a0 61 7b 33 a0 ee 6d 95 REM # ab f6 2c 76 b4 98 b2 91 10 0d 30 91 19 f4 11 fa REM REM # Policy in NV index 01000000 REM # signing key 80000001 setlocal enableDelayedExpansion echo "" echo "Policy Authorize NV" echo "" echo "Start a policy session 03000000" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key, policyauthnv" %TPM_EXE_PATH%create -hp 80000000 -si -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policyauthorizenv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV Define Space" %TPM_EXE_PATH%nvdefinespace -hi o -ha 01000000 -sz 50 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "NV not written, policyauthorizenv - should fail" %TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Write algorithm ID into NV index 01000000" %TPM_EXE_PATH%nvwrite -ha 01000000 -off 0 -if policies/sha256.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Write policy command code sign into NV index 01000000" %TPM_EXE_PATH%nvwrite -ha 01000000 -off 2 -if policies/policyccsign.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be cc 69 ..." %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Authorize NV against 01000000" %TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be 66 1f ..." %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - policy and wrong password" %TPM_EXE_PATH%sign -hk 80000001 -if msg.bin -os sig.bin -se0 03000000 1 -pwdk xxx > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - sign" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 15d > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Authorize NV against 01000000" %TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Quote - policy, should fail" %TPM_EXE_PATH%quote -hp 0 -hk 80000001 -os sig.bin -se0 03000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - quote" %TPM_EXE_PATH%policycommandcode -ha 03000000 -cc 158 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Authorize NV against 01000000 - should fail" %TPM_EXE_PATH%policyauthorizenv -ha 01000000 -hs 03000000 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "NV Undefine Space" %TPM_EXE_PATH%nvundefinespace -hi o -ha 01000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the policy session 03000000" %TPM_EXE_PATH%flushcontext -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key 80000001 " %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy Template" echo "" REM # create template hash REM REM # run createprimary -si -v, extract template REM REM # policies/policytemplate.txt REM REM # 00 01 00 0b 00 04 04 72 00 00 00 10 00 10 08 00 REM # 00 00 00 00 00 00 REM REM # policymaker -if policies/policytemplate.txt -pr -of policies/policytemplate.bin -nz REM # -nz says do not extend, just hash the hexascii line REM # yields a template hash for policytemplate REM REM # ef 64 da 91 18 fc ac 82 f4 36 1b 28 84 28 53 d8 REM # aa f8 7d fc e1 45 e9 25 cf fe 58 68 aa 2d 22 b6 REM REM # prepend the command code 00000190 to ef 64 ... and construct the actual object policy REM # policymaker -if policies/policytemplatehash.txt -pr -of policies/policytemplatehash.bin REM REM # fb 94 b1 43 e5 2b 07 95 b7 ec 44 37 79 99 d6 47 REM # 70 1c ae 4b 14 24 af 5a b8 7e 46 f2 58 af eb de echo "" echo "Policy Template with TPM2_Create" echo "" echo "Create a primary storage key policy template, 80000001" %TPM_EXE_PATH%createprimary -hi p -pol policies/policytemplatehash.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session 03000000" %TPM_EXE_PATH%startauthsession -se p > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Template" %TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be fb 94 ... " %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create signing key under primary key" %TPM_EXE_PATH%create -si -hp 80000001 -kt f -kt p -se0 03000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy Template with TPM2_CreateLoaded" echo "" echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Template" %TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be fb 94 ... " %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create loaded signing key under primary key" %TPM_EXE_PATH%createloaded -si -hp 80000001 -kt f -kt p -se0 03000000 1 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key 80000001" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the created key 80000002" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Policy Template with TPM2_CreatePrimary" echo "" echo "Set primary policy for platform hierarchy" %TPM_EXE_PATH%setprimarypolicy -hi p -halg sha256 -pol policies/policytemplatehash.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy restart, set back to zero" %TPM_EXE_PATH%policyrestart -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy Template" %TPM_EXE_PATH%policytemplate -ha 03000000 -te policies/policytemplate.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy get digest - should be fb 94 ... " %TPM_EXE_PATH%policygetdigest -ha 03000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create loaded primary signing key policy template, 80000001" %TPM_EXE_PATH%createprimary -si -hi p -se0 03000000 0 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary key 80000001" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -f tmppriv.bin rm -f tmppub.bin ./utils/regtests/testcreateloaded.bat0000644000175000017500000001476313074217475016214 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id$ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "CreateLoaded" echo "" echo "" echo "CreateLoaded Primary Key" echo "" for %%H in ("40000001" "4000000c" "4000000b") do ( echo "CreateLoaded primary key, parent %%~H" %TPM_EXE_PATH%createloaded -hp %%~H -st -kt f -kt p -pwdk ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a storage key under the primary key" %TPM_EXE_PATH%create -hp 80000001 -st -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key - should fail" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "CreateLoaded recreate owner primary key" %TPM_EXE_PATH%createloaded -hp %%~H -st -kt f -kt p -pwdk ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the storage key under the primary key" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the storage key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the primary storage key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "" echo "CreateLoaded Child Key" echo "" echo "CreateLoaded child storage key at 80000001, parent 80000000" %TPM_EXE_PATH%createloaded -hp 80000000 -st -kt f -kt p -pwdp pps -pwdk ppp -opu tmpppub.bin -opr tmpppriv.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key under the child storage key 80000001" %TPM_EXE_PATH%create -hp 80000001 -si -opr tmppriv.bin -opu tmppub.bin -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key at 80000002 under the child storage key 80000001" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the child storage key 80000002" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the child signing key 80000001" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Reload the createloaded child storage key at 80000001, parent 80000000" %TPM_EXE_PATH%load -hp 80000000 -ipr tmpppriv.bin -ipu tmpppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Reload the child signing key at 80000002 under the child storage key 80000001" %TPM_EXE_PATH%load -hp 80000001 -ipr tmppriv.bin -ipu tmppub.bin -pwdp ppp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the child storage key 80000002 " %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the child signing key 80000001 " %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "CreateLoaded Derived Key" echo "" echo "Create a derivation parent under the primary key" %TPM_EXE_PATH%create -hp 80000000 -dp -opr tmpdppriv.bin -opu tmpdppub.bin -pwdp pps -pwdk dp > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the derivation parent to 80000001" %TPM_EXE_PATH%load -hp 80000000 -ipr tmpdppriv.bin -ipu tmpdppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key under the derivation parent key" %TPM_EXE_PATH%createloaded -hp 80000001 -der -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp dp -ecc nistp256 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the derivation parent" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm -f tmpdppriv.bin rm -f tmpdppub.bin ./utils/regtests/testaes.bat0000644000175000017500000001151113011446307014321 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testaes.bat 797 2016-11-11 22:57:11Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "AES symmetric key" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "Load the symmetric cipher key under the primary key %%~S" %TPM_EXE_PATH%load -hp 80000000 -ipr despriv.bin -ipu despub.bin -pwdp pps %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Encrypt using the symmetric cipher key %%~S" %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Decrypt using the symmetric cipher key %%~S" %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the decrypt result" diff msg.bin dec.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Encrypt using the symmetric cipher key 0 length message %%~S" %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if zero.bin -of enc.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Decrypt using the symmetric cipher key %%~S" %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aes %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the decrypt result" diff zero.bin dec.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the symmetric cipher key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a primary symmetric cipher key %%~S" %TPM_EXE_PATH%createprimary -des -pwdk aesp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Encrypt using the symmetric cipher primary key %%~S" %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -if msg.bin -of enc.bin -pwdk aesp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Decrypt using the symmetric cipher primary key %%~S" %TPM_EXE_PATH%encryptdecrypt -hk 80000001 -d -if enc.bin -of dec.bin -pwdk aesp %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the decrypt result" diff msg.bin dec.bin IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the symmetric cipher key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testcontext.bat0000644000175000017500000001134113011446307015236 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testcontext.bat 797 2016-11-11 22:57:11Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Context" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha256 -if msg.bin -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Save context for the key" %TPM_EXE_PATH%contextsave -ha 80000001 -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign to verify that the original key is not flushed" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the original key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign with original key - should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Load context" %TPM_EXE_PATH%contextload -if tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign with the loaded context" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Save context for the session" %TPM_EXE_PATH%contextsave -ha 02000000 -of tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign with the saved session context - should fail" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Load context for the session" %TPM_EXE_PATH%contextload -if tmp.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign with the saved session context" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if msg.bin -os sig.bin -pwdk sig -se0 02000000 1 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the loaded context" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testsign.bat0000644000175000017500000002656513075666323014544 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testsign.bat 991 2017-04-19 13:57:39Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015, 2017 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "RSA Signing key" echo "" REM # loop over unrestricted hash algorithms echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a key pair in PEM format using openssl" openssl genrsa -out tmpkeypair.pem -aes256 -passout pass:rrrr 2048 > run.out echo "Convert key pair to plaintext DER format" openssl rsa -inform pem -outform der -in tmpkeypair.pem -out tmpkeypair.der -passin pass:rrrr > run.out for %%H in (sha1 sha256 sha384) do ( echo "Sign a digest - %%H" %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu signpub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature signature using the TPM - %%H" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem signpub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the public part" %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using readpublic PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Load the openssl key pair in the NULL hierarchy - %%H" %TPM_EXE_PATH%loadexternal -halg %%H -ider tmpkeypair.der > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Use the TPM as a crypto coprocessor to sign - %%H" %TPM_EXE_PATH%sign -hk 80000002 -halg %%H -if policies/aaa -os sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature - %%H" %TPM_EXE_PATH%verifysignature -hk 80000002 -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the openssl signing key" %TPM_EXE_PATH%flushcontext -ha 80000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "ECC Signing key" echo "" echo "Load the ECC signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signeccpriv.bin -ipu signeccpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%H in (sha1 sha256 sha384) do ( echo "Sign a digest - %%H" %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -ecc -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the ECC signature using the TPM - %%H" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -ecc -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem signeccpub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the public part" %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using readpublic PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the ECC signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Primary RSA Signing Key" echo "" REM # primary signing key 80000001 echo "Create primary signing key - RSA" %TPM_EXE_PATH%createprimary -si -opu tmppub.bin -opem tmppub.pem -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%H in (sha1 sha256 sha384) do ( echo "Sign a digest - %%H" %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature - %%H" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the public part" %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using readpublic PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the primary signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Primary ECC Signing Key" echo "" echo "Create primary signing key - ECC" %TPM_EXE_PATH%createprimary -si -opu tmppub.bin -opem tmppub.pem -ecc nistp256 -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%H in (sha1 sha256 sha384) do ( echo "Sign a digest - %%H" %TPM_EXE_PATH%sign -hk 80000001 -halg %%H -ecc -if policies/aaa -os sig.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature - %%H" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Read the public part" %TPM_EXE_PATH%readpublic -ho 80000001 -opem tmppub.pem > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Verify the signature using readpublic PEM - %%H" %TPM_EXE_PATH%verifysignature -ipem tmppub.pem -halg %%H -if policies/aaa -is sig.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the primary signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Restricted Signing Key" echo "" echo "Create primary signing key - restricted" %TPM_EXE_PATH%createprimary -sir -opu tmppub.bin -pwdk sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a digest - SHA256 - should fail TPM_RC_TICKET" %TPM_EXE_PATH%sign -hk 80000001 -halg sha256 -if policies/aaa -os sig.bin -pwdk sig -ipu tmppub.bin > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "External Verification Key" echo "" REM # create rsaprivkey.pem REM # > openssl genrsa -out rsaprivkey.pem -aes256 -passout pass:rrrr 2048 REM # extract the public key REM # > openssl pkey -inform pem -outform pem -in rsaprivkey.pem -passin pass:rrrr -pubout -out rsapubkey.pem REM # sign a test message msg.bin REM # > openssl dgst -sha1 -sign rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin echo "Load external just the public part of PEM RSA" %TPM_EXE_PATH%loadexternal -halg sha1 -nalg sha1 -ipem policies/rsapubkey.pem > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a test message with openssl RSA" openssl dgst -sha1 -sign policies/rsaprivkey.pem -passin pass:rrrr -out pssig.bin msg.bin echo "Verify the RSA signature" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # generate the p256 key REM # > openssl ecparam -name prime256v1 -genkey -noout -out p256privkey.pem REM # extract public key REM # > openssl pkey -inform pem -outform pem -in p256privkey.pem -pubout -out p256pubkey.pem echo "Load external just the public part of PEM ECC" %TPM_EXE_PATH%loadexternal -halg sha1 -nalg sha1 -ipem policies/p256pubkey.pem -ecc > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Sign a test message with openssl ECC" openssl dgst -sha1 -sign policies/p256privkey.pem -out pssig.bin msg.bin echo "Verify the ECC signature" %TPM_EXE_PATH%verifysignature -hk 80000001 -halg sha1 -if msg.bin -is pssig.bin -raw -ecc > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) rm tmpkeypair.pem rm tmpkeypair.der rm signpub.pem rm pssig.bin rm -r tmppub.bin rm -r tmppub.pem exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testda.sh0000755000175000017500000001217513070757176014031 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: testda.sh 979 2017-04-04 17:57:18Z kgoldman $ # # # # (c) Copyright IBM Corporation 2015, 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# echo "" echo "DA Logic" echo "" echo "Create an signing key with DA protection" ${PREFIX}create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -da > run.out checkSuccess $? echo "Load the signing key" ${PREFIX}load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out checkSuccess $? echo "Set DA recovery time to 0, disables DA" ${PREFIX}dictionaryattackparameters -nrt 0 > run.out checkSuccess $? echo "Sign a digest with bad password - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out checkFailure $? echo "Sign a digest with good password, no lockout" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Set DA recovery time to 120 sec, enables DA" ${PREFIX}dictionaryattackparameters -nrt 120 > run.out checkSuccess $? echo "Sign a digest with bad password - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out checkFailure $? echo "Sign a digest with good password, lockout - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out checkFailure $? echo "Reset DA lock" ${PREFIX}dictionaryattacklockreset > run.out checkSuccess $? echo "Sign a digest with good password" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Set DA recovery time to 120 sec, enables DA, max tries 2" ${PREFIX}dictionaryattackparameters -nrt 120 -nmt 2 > run.out checkSuccess $? echo "Sign a digest with bad password - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out checkFailure $? echo "Sign a digest with good password, no lockout yet" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Sign a digest with bad password - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk xxx > run.out checkFailure $? echo "Sign a digest with good password, lockout - should fail" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out checkFailure $? echo "Reset DA lock" ${PREFIX}dictionaryattacklockreset > run.out checkSuccess $? echo "Sign a digest with good password, no lockout" ${PREFIX}sign -hk 80000001 -if msg.bin -os sig.bin -pwdk sig > run.out checkSuccess $? echo "Set DA recovery time to 0, disables DA" ${PREFIX}dictionaryattackparameters -nrt 0 > run.out checkSuccess $? echo "" echo "Lockout Auth" echo "" echo "Change lockout auth" ${PREFIX}hierarchychangeauth -hi l -pwdn lll > run.out checkSuccess $? echo "Reset DA lock with good password" ${PREFIX}dictionaryattacklockreset -pwd lll checkSuccess $? echo "Set DA recovery time to 0 with good password" ${PREFIX}dictionaryattackparameters -nrt 0 -pwd lll checkSuccess $? echo "Clear lockout auth" ${PREFIX}hierarchychangeauth -hi l -pwda lll checkSuccess $? echo "Set DA recovery time to 0" ${PREFIX}dictionaryattackparameters -nrt 0 checkSuccess $? echo "Reset DA lock" ${PREFIX}dictionaryattacklockreset checkSuccess $? echo "Flush signing key" ${PREFIX}flushcontext -ha 80000001 checkSuccess $? # ${PREFIX}getcapability -cap 1 -pr 80000000 ./utils/regtests/testencsession.bat0000644000175000017500000003264513070736653015750 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testencsession.bat 978 2017-04-04 15:37:15Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015, 2017 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion set TWOAUTH0=01 01 01 01 21 21 41 41 61 set TWOAUTH1=01 21 41 61 01 41 01 21 01 set THREEAUTH0=01 01 01 01 01 21 41 set THREEAUTH1=01 01 01 21 41 01 01 set THREEAUTH2=21 41 61 41 21 41 21 echo "" echo "Parameter Encryption" echo "" echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%M in (xor aes) do ( for %%N in (xor aes) do ( for %%P in (xor aes) do ( echo "Start an HMAC auth session with %%M encryption" %TPM_EXE_PATH%startauthsession -se h -sym %%M > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC auth session with %%N encryption" %TPM_EXE_PATH%startauthsession -se h -sym %%N > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an HMAC auth session with %%P encryption" %TPM_EXE_PATH%startauthsession -se h -sym %%P > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM one auth for %%A in (21 41 61) do ( echo "Signing Key Self Certify, one auth %%A" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ -se0 02000000 %%A > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) REM two auth set i=0 for %%a in (!TWOAUTH0!) do set /A i+=1 & set TWOAUTH0[!i!]=%%a set i=0 for %%b in (!TWOAUTH1!) do set /A i+=1 & set TWOAUTH1[!i!]=%%b set L=!i! for /L %%i in (1,1,!L!) do ( echo "Signing Key Self Certify, two auth !TWOAUTH0[%%i]! !TWOAUTH1[%%i]!" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ -se0 02000000 !TWOAUTH0[%%i]! -se1 02000001 !TWOAUTH1[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) REM three auth, first 01 set i=0 for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a set i=0 for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b set i=0 for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c set L=!i! for /L %%i in (1,1,!L!) do ( echo "Signing Key Self Certify, three auth !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) ) ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Create a signing key, policy command code certify" %TPM_EXE_PATH%create -hp 80000000 -si -kt f -kt p -opr tmppriv.bin -opu tmppub.bin -pwdp pps -pwdk sig -pol policies/policycccertify.bin > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Salt encrypt and decrypt HMAC sessions" echo "" echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an encrypt session" %TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) set i=0 for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a set i=0 for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b set i=0 for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c set L=!i! for /L %%i in (1,1,!L!) do ( echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Bind encrypt and decrypt HMAC sessions" echo "" echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr signpriv.bin -ipu signpub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an auth session" %TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an auth session" %TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an encrypt session" %TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) set i=0 for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a set i=0 for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b set i=0 for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c set L=!i! for /L %%i in (1,1,!L!) do ( echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdk sig -pwdo sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ -se0 02000000 !THREEAUTH0[%%i]! -se1 02000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) REM # policycccertify.txt 0000016c00000148 REM # policymaker -if policies/policycccertify.txt -of policies/policycccertify.bin -v -pr REM # 04 8e 9a 3a ce 08 58 3f 79 f3 44 ff 78 5b be a9 REM # f0 7a c7 fa 33 25 b3 d4 9a 21 dd 51 94 c6 58 50 echo "" echo "Salt encrypt and decrypt policy sessions" echo "" echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an auth session" %TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -hs 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an encrypt session" %TPM_EXE_PATH%startauthsession -se h -hs 80000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) set i=0 for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a set i=0 for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b set i=0 for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c set L=!i! for /L %%i in (1,1,!L!) do ( echo "Policy restart" %TPM_EXE_PATH%policyrestart -ha 03000001 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - certify" %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 148 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk sig -qd policies/aaa -os sig.bin -oa tmp.bin ^ -se0 02000000 !THREEAUTH0[%%i]! -se1 03000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions " %TPM_EXE_PATH%flushcontext -ha 03000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions " %TPM_EXE_PATH%flushcontext -ha 02000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "" echo "Bind encrypt and decrypt policy sessions" echo "" echo "Load the signing key under the primary key" %TPM_EXE_PATH%load -hp 80000000 -ipr tmppriv.bin -ipu tmppub.bin -pwdp pps > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an auth session" %TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start a policy session" %TPM_EXE_PATH%startauthsession -se p -bi 80000001 -pwdb sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Start an encrypt session" %TPM_EXE_PATH%startauthsession -se h -bi 80000001 -pwdb sig > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) set i=0 for %%a in (!THREEAUTH0!) do set /A i+=1 & set THREEAUTH0[!i!]=%%a set i=0 for %%b in (!THREEAUTH1!) do set /A i+=1 & set THREEAUTH1[!i!]=%%b set i=0 for %%c in (!THREEAUTH2!) do set /A i+=1 & set THREEAUTH2[!i!]=%%c set L=!i! for /L %%i in (1,1,!L!) do ( echo "Policy restart" %TPM_EXE_PATH%policyrestart -ha 03000001 IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Policy command code - certify" %TPM_EXE_PATH%policycommandcode -ha 03000001 -cc 148 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Signing Key Self Certify, three auth, salted parameter encryption !THREEAUTH0[%%i]! !THREEAUTH1[%%i]! !THREEAUTH2[%%i]!" %TPM_EXE_PATH%certify -hk 80000001 -ho 80000001 -pwdo sig -pwdk xxx -qd policies/aaa -os sig.bin -oa tmp.bin ^ -se0 02000000 !THREEAUTH0[%%i]! -se1 03000001 !THREEAUTH1[%%i]! -se2 02000002 !THREEAUTH2[%%i]! > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) echo "Flush the sessions" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions " %TPM_EXE_PATH%flushcontext -ha 03000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the sessions " %TPM_EXE_PATH%flushcontext -ha 02000002 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Flush the signing key" %TPM_EXE_PATH%flushcontext -ha 80000001 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 REM getcapability -cap 1 -pr 80000000 REM getcapability -cap 1 -pr 02000000 ./utils/regtests/testclocks.bat0000644000175000017500000000620212640606051015031 0ustar lo1lo1REM ############################################################################# REM # # REM # TPM2 regression test # REM # Written by Ken Goldman # REM # IBM Thomas J. Watson Research Center # REM # $Id: testclocks.bat 480 2015-12-29 22:41:45Z kgoldman $ # REM # # REM # (c) Copyright IBM Corporation 2015 # REM # # REM # All rights reserved. # REM # # REM # Redistribution and use in source and binary forms, with or without # REM # modification, are permitted provided that the following conditions are # REM # met: # REM # # REM # Redistributions of source code must retain the above copyright notice, # REM # this list of conditions and the following disclaimer. # REM # # REM # Redistributions in binary form must reproduce the above copyright # REM # notice, this list of conditions and the following disclaimer in the # REM # documentation and/or other materials provided with the distribution. # REM # # REM # Neither the names of the IBM Corporation nor the names of its # REM # contributors may be used to endorse or promote products derived from # REM # this software without specific prior written permission. # REM # # REM # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # REM # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # REM # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # REM # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # REM # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # REM # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # REM # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # REM # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # REM # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # REM # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # REM # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # REM # # REM ############################################################################# setlocal enableDelayedExpansion echo "" echo "Clocks" echo "" echo "Start an HMAC auth session" %TPM_EXE_PATH%startauthsession -se h > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) for %%S in ("" "-se0 02000000 1") do ( echo "Read Clock" %TPM_EXE_PATH%readclock > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) echo "Clock set, time 0 %%~S - should fail" %TPM_EXE_PATH%clockset -time 0 %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) for %%A in (-3 0 3) do ( echo "Clock rate adjust %%A %%~S" %TPM_EXE_PATH%clockrateadjust -adj %%A %%~S > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) ) for %%A in (-4 4) do ( echo "Clock rate adjust %%A %%~S - should fail" %TPM_EXE_PATH%clockrateadjust -adj %%A %%~S > run.out IF !ERRORLEVEL! EQU 0 ( exit /B 1 ) ) ) echo "Flush the auth session" %TPM_EXE_PATH%flushcontext -ha 02000000 > run.out IF !ERRORLEVEL! NEQ 0 ( exit /B 1 ) exit /B 0 ./utils/eventsequencecomplete.c0000644000175000017500000002335513075204375015110 0ustar lo1lo1/********************************************************************************/ /* */ /* EventSequenceComplete */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: eventsequencecomplete.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; EventSequenceComplete_In in; EventSequenceComplete_Out out; TPMI_DH_PCR pcrHandle = TPM_RH_NULL; TPMI_DH_OBJECT sequenceHandle = 0; const char *inFilename = NULL; const char *outFilename1 = NULL; const char *outFilename2 = NULL; const char *outFilename3 = NULL; const char *sequencePassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (sequenceHandle == 0) { printf("Missing sequence handle parameter -hs\n"); printUsage(); } if (rc == 0) { if (inFilename != NULL) { rc = TSS_File_Read2B(&in.buffer.b, MAX_DIGEST_BUFFER, inFilename); } else { in.buffer.b.size = 0; } } if (rc == 0) { in.pcrHandle = pcrHandle; in.sequenceHandle = sequenceHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_EventSequenceComplete, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, sequencePassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { uint32_t c; printf("eventsequencecomplete: success\n"); /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ /* Table 71 - Definition of TPMT_HA Structure digests[] */ /* Table 70 - Definition of TPMU_HA Union digests */ printf("eventsequencecomplete: count %u\n", out.results.count); for (c = 0 ; c < out.results.count ;c++) { switch (out.results.digests[c].hashAlg) { case TPM_ALG_SHA1: if (verbose) printf("Hash algorithm SHA-1\n"); if (verbose) TSS_PrintAll("Digest", (uint8_t *)&out.results.digests[c].digest.sha1, SHA1_DIGEST_SIZE); if (outFilename1 != NULL) { rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha1, SHA1_DIGEST_SIZE, outFilename1); } break; case TPM_ALG_SHA256: if (verbose) printf("Hash algorithm SHA-256\n"); if (verbose) TSS_PrintAll("Digest", (uint8_t *)&out.results.digests[c].digest.sha256, SHA256_DIGEST_SIZE); if (outFilename2 != NULL) { rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha256, SHA256_DIGEST_SIZE, outFilename2); } break; case TPM_ALG_SHA384: if (verbose) printf("Hash algorithm SHA-384\n"); if (verbose) TSS_PrintAll("Digest", (uint8_t *)&out.results.digests[c].digest.sha384, SHA384_DIGEST_SIZE); if (outFilename3 != NULL) { rc = TSS_File_WriteBinaryFile((uint8_t *)&out.results.digests[c].digest.sha384, SHA384_DIGEST_SIZE, outFilename3); } break; default: printf("Hash algorithm %04x unknown\n", out.results.digests[c].hashAlg); break; } } } else { const char *msg; const char *submsg; const char *num; printf("eventsequencecomplete: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("eventsequencecomplete\n"); printf("\n"); printf("Runs TPM2_EventSequenceComplete\n"); printf("\n"); printf("\t[-ha pcr handle (default NULL)]\n"); printf("\t-hs sequence handle\n"); printf("\t[-pwds password for sequence (default empty)]\n"); printf("\t[-if input file to be added (default no data)]\n"); printf("\t[-of1 sha1 output digest file (default do not save)]\n"); printf("\t[-of2 sha256 output digest file (default do not save)]\n"); printf("\t[-of3 sha384 output digest file (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/policyticket.c0000644000175000017500000002305413075204375013204 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyTicket */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policyticket.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyTicket_In in; TPMI_SH_POLICY policySession = 0; const char *timeoutFilename = NULL; const char *cpHashAFilename = NULL; const char *policyRefFilename = NULL; const char *authNameFilename = NULL; char hierarchyChar = 0; TPMI_RH_HIERARCHY primaryHandle = TPM_RH_NULL; const char *ticketFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ in.cpHashA.b.size = 0; in.policyRef.b.size = 0; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (policySession == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (timeoutFilename == NULL) { printf("Missing timeout file name parameter -to\n"); printUsage(); } if (ticketFilename == NULL) { printf("Missing ticket file name parameter -tk\n"); printUsage(); } if ((authNameFilename == NULL) && (hierarchyChar == 0)) { printf("Missing parameter -na or -hi\n"); printUsage(); } if ((authNameFilename != NULL) && (hierarchyChar != 0)) { printf("Cannot specify both -na and -hi\n"); printUsage(); } if (rc == 0) { in.policySession = policySession; } if (rc == 0) { rc = TSS_File_Read2B(&in.timeout.b, sizeof(TPMU_HA), timeoutFilename); } if ((rc == 0) && (cpHashAFilename != NULL)) { rc = TSS_File_Read2B(&in.cpHashA.b, sizeof(TPMU_HA), cpHashAFilename); } if ((rc == 0) && (policyRefFilename != NULL)) { rc = TSS_File_Read2B(&in.policyRef.b, sizeof(TPMU_HA), policyRefFilename); } /* if the authorizing entity was an object */ if ((rc == 0) && (authNameFilename != NULL)) { rc = TSS_File_Read2B(&in.authName.b, sizeof(TPMU_NAME), authNameFilename); } /* if the authorizing object was a hierarchy */ if ((rc == 0) && (hierarchyChar != 0)) { if (hierarchyChar == 'e') { primaryHandle = TPM_RH_ENDORSEMENT; } else if (hierarchyChar == 'o') { primaryHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { primaryHandle = TPM_RH_PLATFORM; } else { printf("Bad parameter %c for -hi\n", hierarchyChar); printUsage(); } rc = TSS_TPM2B_CreateUint32(&in.authName.b, primaryHandle, sizeof(TPMU_NAME)); } if (rc == 0) { rc = TSS_File_ReadStructure(&in.ticket, (UnmarshalFunction_t)TPMT_TK_AUTH_Unmarshal, ticketFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyTicket, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policyticket: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policyticket: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policyticket\n"); printf("\n"); printf("Runs TPM2_PolicyTicket\n"); printf("\n"); printf("\t-ha policy session handle\n"); printf("\t-to timeout file name\n"); printf("\t-cp cpHash file (default none)\n"); printf("\t-pref policyRef file (default none)\n"); printf("\t-na authName file (not hierarchy)\n"); printf("\t-hi hierarchy (e, o, p)(authName is hierarchy)\n"); printf("\t\te endorsement, o owner, p platform\n"); printf("\t-tk ticket file name\n"); exit(1); } ./utils/sequenceupdate.c0000644000175000017500000001650213070736653013520 0ustar lo1lo1/********************************************************************************/ /* */ /* SequenceUpdate */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: sequenceupdate.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; SequenceUpdate_In in; TPMI_DH_OBJECT sequenceHandle = 0; const char *inFilename = NULL; const char *sequencePassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; size_t length = 0; uint8_t *buffer = NULL; /* for the free */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (sequenceHandle == 0) { printf("Missing sequence handle parameter -hs\n"); printUsage(); } if (inFilename == NULL) { printf("Missing input file -if\n"); printUsage(); } if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, inFilename); } if (rc == 0) { if (length > MAX_DIGEST_BUFFER) { printf("Input data too long %u\n", (unsigned int)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { /* Handle of key that will perform update */ in.sequenceHandle = sequenceHandle; /* data for update */ in.buffer.t.size = length; memcpy(in.buffer.t.buffer, buffer, length); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_SequenceUpdate, sessionHandle0, sequencePassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } free(buffer); if (rc == 0) { if (verbose) printf("sequenceupdate: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("sequenceupdate: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("sequenceupdate\n"); printf("\n"); printf("Runs TPM2_SequenceUpdate\n"); printf("\n"); printf("\t-hs sequence handle\n"); printf("\t-pwds password for sequence (default empty)\n"); printf("\t-if input file to be HMACed\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/ntc2lib.h0000644000175000017500000001147313115776262012051 0ustar lo1lo1/********************************************************************************/ /* */ /* TPM2 Novoton Proprietary Command Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ntc2lib.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef NTC2LIB_H #define NTC2LIB_H #include #include #include #include #ifndef TPM_TSS #include "TpmTypes.h" #include "Unmarshal_fp.h" #else #include #include #endif /* default values for System P I2C */ #define PREQUIRED_i2cLoc1_2 0xff #define PREQUIRED_i2cLoc3_4 0xff #define PREQUIRED_AltCfg 0x03 #define PREQUIRED_Direction 0x00 #define PREQUIRED_PullUp 0xff #define PREQUIRED_PushPull 0xff #define PREQUIRED_CFG_A 0xfe #define PREQUIRED_CFG_B 0xff #define PREQUIRED_CFG_C 0xff #define PREQUIRED_CFG_D 0xff #define PREQUIRED_CFG_E 0xff #define PREQUIRED_CFG_F 0xff #define PREQUIRED_CFG_G 0xff #define PREQUIRED_CFG_H 0xff #define PREQUIRED_CFG_I 0xff #define PREQUIRED_CFG_J 0xff #define PREQUIRED_IsValid 0xaa #define PREQUIRED_IsLocked 0x00; /* required values, others not supported */ #define FIXED_Direction 0x00 #define FIXED_PullUp 0xff #define FIXED_PushPull 0xff #define FIXED_CFG_F 0xff #define FIXED_CFG_I 0xff #define FIXED_CFG_J 0xff #define FIXED_IsValid 0xaa typedef struct tdNTC2_CFG_STRUCT { uint8_t i2cLoc1_2; uint8_t i2cLoc3_4; uint8_t AltCfg; uint8_t Direction; uint8_t PullUp; uint8_t PushPull; uint8_t CFG_A; uint8_t CFG_B; uint8_t CFG_C; uint8_t CFG_D; uint8_t CFG_E; uint8_t CFG_F; uint8_t CFG_G; uint8_t CFG_H; uint8_t CFG_I; uint8_t CFG_J; uint8_t IsValid; /* Must be AAh */ uint8_t IsLocked; /* Ignored on NTC2_PreConfig, NTC2_GetConfig returns AAh once configuration is locked. */ } NTC2_CFG_STRUCT; typedef struct { NTC2_CFG_STRUCT preConfig; } NTC2_PreConfig_In; typedef struct { NTC2_CFG_STRUCT preConfig; } NTC2_GetConfig_Out; #define RC_NTC2_PreConfig_preConfig (TPM_RC_P + TPM_RC_1) #ifdef __cplusplus extern "C" { #endif TPM_RC NTC2_PreConfig_In_Unmarshal(NTC2_PreConfig_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC TSS_NTC2_PreConfig_In_Marshal(NTC2_PreConfig_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC NTC2_GetConfig_Out_Unmarshal(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); UINT16 NTC2_GetConfig_Out_Marshal(NTC2_GetConfig_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC NTC2_CFG_STRUCT_Unmarshal(NTC2_CFG_STRUCT *target, BYTE **buffer, INT32 *size); TPM_RC TSS_NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, UINT16 *written, BYTE **buffer, INT32 *size); UINT16 NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, BYTE **buffer, INT32 *size); #ifdef __cplusplus } #endif #endif ./utils/pcrreset.c0000644000175000017500000001040113055132457012317 0ustar lo1lo1/********************************************************************************/ /* */ /* PCR_Reset */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: pcrreset.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PCR_Reset_In in; TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i= IMPLEMENTATION_PCR) { printf("Missing or bad PCR handle parameter -ha\n"); printUsage(); } if (rc == 0) { in.pcrHandle = pcrHandle;; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PCR_Reset, TPM_RS_PW, NULL, 0, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("pcrreset: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("pcrreset: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("pcrreset\n"); printf("\n"); printf("Runs TPM2_PCR_Reset\n"); printf("\n"); printf("\t-ha pcr handle\n"); exit(1); } ./utils/makeman.sh0000751000175000017500000003073513133212577012303 0ustar lo1lo1#!/bin/bash # # $Id: makeman.sh 1041 2017-07-07 14:15:27Z kgoldman $ # # script to make man pages mkdir -p man/man1 help2man -h --version-string="v1045" -n "Runs TPM2_Activatecredential" /usr/bin/tssactivatecredential > man/man1/tssactivatecredential.1 help2man -h --version-string="v1045" -n "Runs TPM2_Certify" /usr/bin/tsscertify > man/man1/tsscertify.1 help2man -h --version-string="v1045" -n "Runs TPM2_CertifyCreation" /usr/bin/tsscertifycreation > man/man1/tsscertifycreation.1 help2man -h --version-string="v1045" -n "Runs TPM2_ChangeEPS" /usr/bin/tsschangeeps > man/man1/tsschangeeps.1 help2man -h --version-string="v1045" -n "Runs TPM2_ChangePPS" /usr/bin/tsschangepps > man/man1/tsschangepps.1 help2man -h --version-string="v1045" -n "Runs TPM2_Clear" /usr/bin/tssclear > man/man1/tssclear.1 help2man -h --version-string="v1045" -n "Runs TPM2_ClearControl" /usr/bin/tssclearcontrol > man/man1/tssclearcontrol.1 help2man -h --version-string="v1045" -n "Runs TPM2_ClockRateAdjust" /usr/bin/tssclockrateadjust > man/man1/tssclockrateadjust.1 help2man -h --version-string="v1045" -n "Runs TPM2_ClockSet" /usr/bin/tssclockset > man/man1/tssclockset.1 help2man -h --version-string="v1045" -n "Runs TPM2_Commit" /usr/bin/tsscommit > man/man1/tsscommit.1 help2man -h --version-string="v1045" -n "Runs TPM2_ContextLoad" /usr/bin/tsscontextload > man/man1/tsscontextload.1 help2man -h --version-string="v1045" -n "Runs TPM2_Contextsave" /usr/bin/tsscontextsave > man/man1/tsscontextsave.1 help2man -h --version-string="v1045" -n "Runs TPM2_Create" /usr/bin/tsscreate > man/man1/tsscreate.1 help2man -h --version-string="v1045" -n "Runs createek demo" /usr/bin/tsscreateek > man/man1/tsscreateek.1 help2man -h --version-string="v1045" -n "Runs TPM2_CreateLoaded" /usr/bin/tsscreateloaded > man/man1/tsscreateloaded.1 help2man -h --version-string="v1045" -n "Runs TPM2_CreatePrimary" /usr/bin/tsscreateprimary > man/man1/tsscreateprimary.1 help2man -h --version-string="v1045" -n "Runs TPM2_DictionaryAttackLockReset" /usr/bin/tssdictionaryattacklockreset > man/man1/tssdictionaryattacklockreset.1 help2man -h --version-string="v1045" -n "Runs TPM2_DictionaryAttackParameters" /usr/bin/tssdictionaryattackparameters > man/man1/tssdictionaryattackparameters.1 help2man -h --version-string="v1045" -n "Runs TPM2_Duplicate" /usr/bin/tssduplicate > man/man1/tssduplicate.1 help2man -h --version-string="v1045" -n "Runs TPM2_ECC_Parameters" /usr/bin/tsseccparameters > man/man1/tsseccparameters.1 help2man -h --version-string="v1045" -n "Runs TPM2_EC_ephemeral" /usr/bin/tssecephemeral > man/man1/tssecephemeral.1 help2man -h --version-string="v1045" -n "Runs TPM2_EncryptDecrypt" /usr/bin/tssencryptdecrypt > man/man1/tssencryptdecrypt.1 help2man -h --version-string="v1045" -n "Runs TPM2_EventExtend" /usr/bin/tsseventextend > man/man1/tsseventextend.1 help2man -h --version-string="v1045" -n "Runs TPM2_EventSequenceComplete" /usr/bin/tsseventsequencecomplete > man/man1/tsseventsequencecomplete.1 help2man -h --version-string="v1045" -n "Runs TPM2_EvictControl" /usr/bin/tssevictcontrol > man/man1/tssevictcontrol.1 help2man -h --version-string="v1045" -n "Runs TPM2_FlushContext" /usr/bin/tssflushcontext > man/man1/tssflushcontext.1 help2man -h --version-string="v1045" -n "Runs TPM2_GetCapability" /usr/bin/tssgetcapability > man/man1/tssgetcapability.1 help2man -h --version-string="v1045" -n "Runs TPM2_GetCommandAuditDigest" /usr/bin/tssgetcommandauditdigest > man/man1/tssgetcommandauditdigest.1 help2man -h --version-string="v1045" -n "Runs TPM2_GetRandom" /usr/bin/tssgetrandom > man/man1/tssgetrandom.1 help2man -h --version-string="v1045" -n "Runs TPM2_GetSessionAuditDigest" /usr/bin/tssgetsessionauditdigest > man/man1/tssgetsessionauditdigest.1 help2man -h --version-string="v1045" -n "Runs TPM2_GetTime" /usr/bin/tssgettime > man/man1/tssgettime.1 help2man -h --version-string="v1045" -n "Runs TPM2_Hash" /usr/bin/tsshash > man/man1/tsshash.1 help2man -h --version-string="v1045" -n "Runs TPM2_HashSequenceStart" /usr/bin/tsshashsequencestart > man/man1/tsshashsequencestart.1 help2man -h --version-string="v1045" -n "Runs TPM2_HierarchyChangeauth" /usr/bin/tsshierarchychangeauth > man/man1/tsshierarchychangeauth.1 help2man -h --version-string="v1045" -n "Runs TPM2_Hierarchycontrol" /usr/bin/tsshierarchycontrol > man/man1/tsshierarchycontrol.1 help2man -h --version-string="v1045" -n "Runs TPM2_Hmac" /usr/bin/tsshmac > man/man1/tsshmac.1 help2man -h --version-string="v1045" -n "Runs TPM2_HmacStart" /usr/bin/tsshmacstart > man/man1/tsshmacstart.1 help2man -h --version-string="v1045" -n "Runs imaextend simulation" /usr/bin/tssimaextend > man/man1/tssimaextend.1 help2man -h --version-string="v1045" -n "Runs TPM2_Import" /usr/bin/tssimport > man/man1/tssimport.1 help2man -h --version-string="v1045" -n "Runs TPM2_Import with PEM input" /usr/bin/tssimportpem > man/man1/tssimportpem.1 help2man -h --version-string="v1045" -n "Runs TPM2_Load" /usr/bin/tssload > man/man1/tssload.1 help2man -h --version-string="v1045" -n "Runs TPM2_LoadExternal" /usr/bin/tssloadexternal > man/man1/tssloadexternal.1 help2man -h --version-string="v1045" -n "Runs TPM2_MakeCredential" /usr/bin/tssmakecredential > man/man1/tssmakecredential.1 help2man -h --version-string="v1045" -n "Runs TPM2_Ntc2GetConfig" /usr/bin/tssntc2getconfig > man/man1/tssntc2getconfig.1 help2man -h --version-string="v1045" -n "Runs TPM2_Ntc2LockConfig" /usr/bin/tssntc2lockconfig > man/man1/tssntc2lockconfig.1 help2man -h --version-string="v1045" -n "Runs TPM2_Ntc2Preconfig" /usr/bin/tssntc2preconfig > man/man1/tssntc2preconfig.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_Certify" /usr/bin/tssnvcertify > man/man1/tssnvcertify.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_ChangeAuth" /usr/bin/tssnvchangeauth > man/man1/tssnvchangeauth.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_DefineSpace" /usr/bin/tssnvdefinespace > man/man1/tssnvdefinespace.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_Extend" /usr/bin/tssnvextend > man/man1/tssnvextend.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_GlobalWriteLock" /usr/bin/tssnvglobalwritelock > man/man1/tssnvglobalwritelock.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_Increment" /usr/bin/tssnvincrement > man/man1/tssnvincrement.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_Read" /usr/bin/tssnvread > man/man1/tssnvread.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_ReadLock" /usr/bin/tssnvreadlock > man/man1/tssnvreadlock.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_ReadPublic" /usr/bin/tssnvreadpublic > man/man1/tssnvreadpublic.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_SetBits" /usr/bin/tssnvsetbits > man/man1/tssnvsetbits.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_UndefineSpace" /usr/bin/tssnvundefinespace > man/man1/tssnvundefinespace.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_UndefineSpaceSpecial" /usr/bin/tssnvundefinespacespecial > man/man1/tssnvundefinespacespecial.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_Write" /usr/bin/tssnvwrite > man/man1/tssnvwrite.1 help2man -h --version-string="v1045" -n "Runs TPM2_NV_Writelock" /usr/bin/tssnvwritelock > man/man1/tssnvwritelock.1 help2man -h --version-string="v1045" -n "Runs TPM2_Objectchangeauth" /usr/bin/tssobjectchangeauth > man/man1/tssobjectchangeauth.1 help2man -h --version-string="v1045" -n "Runs TPM2_PCR_Allocate" /usr/bin/tsspcrallocate > man/man1/tsspcrallocate.1 help2man -h --version-string="v1045" -n "Runs TPM2_PCR_Event" /usr/bin/tsspcrevent > man/man1/tsspcrevent.1 help2man -h --version-string="v1045" -n "Runs TPM2_PCR_Extend" /usr/bin/tsspcrextend > man/man1/tsspcrextend.1 help2man -h --version-string="v1045" -n "Runs TPM2_PCR_Read" /usr/bin/tsspcrread > man/man1/tsspcrread.1 help2man -h --version-string="v1045" -n "Runs TPM2_PCR_Reset" /usr/bin/tsspcrreset > man/man1/tsspcrreset.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyAuthorize" /usr/bin/tsspolicyauthorize > man/man1/tsspolicyauthorize.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyAuthorizeNV" /usr/bin/tsspolicyauthorizenv > man/man1/tsspolicyauthorizenv.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyAuthValue" /usr/bin/tsspolicyauthvalue > man/man1/tsspolicyauthvalue.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyCommandCode" /usr/bin/tsspolicycommandcode > man/man1/tsspolicycommandcode.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyCounterTimer" /usr/bin/tsspolicycountertimer > man/man1/tsspolicycountertimer.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyCpHash" /usr/bin/tsspolicycphash > man/man1/tsspolicycphash.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyGetDigest" /usr/bin/tsspolicygetdigest > man/man1/tsspolicygetdigest.1 help2man -h --version-string="v1045" -n "Runs policymaker utility" /usr/bin/tsspolicymaker > man/man1/tsspolicymaker.1 help2man -h --version-string="v1045" -n "Runs policymakerpcr utility" /usr/bin/tsspolicymakerpcr > man/man1/tsspolicymakerpcr.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyNv" /usr/bin/tsspolicynv > man/man1/tsspolicynv.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyNvWritten" /usr/bin/tsspolicynvwritten > man/man1/tsspolicynvwritten.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyOR" /usr/bin/tsspolicyor > man/man1/tsspolicyor.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyPassword" /usr/bin/tsspolicypassword > man/man1/tsspolicypassword.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyPCR" /usr/bin/tsspolicypcr > man/man1/tsspolicypcr.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyRestart" /usr/bin/tsspolicyrestart > man/man1/tsspolicyrestart.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicySecret" /usr/bin/tsspolicysecret > man/man1/tsspolicysecret.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicySigned" /usr/bin/tsspolicysigned > man/man1/tsspolicysigned.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyTemplate" /usr/bin/tsspolicytemplate > man/man1/tsspolicytemplate.1 help2man -h --version-string="v1045" -n "Runs TPM2_PolicyTicket" /usr/bin/tsspolicyticket > man/man1/tsspolicyticket.1 help2man -h --version-string="v1045" -n "Runs powerup simulation" /usr/bin/tsspowerup > man/man1/tsspowerup.1 help2man -h --version-string="v1045" -n "Runs TPM2_Quote" /usr/bin/tssquote > man/man1/tssquote.1 help2man -h --version-string="v1045" -n "Runs TPM2_ReadClock" /usr/bin/tssreadclock > man/man1/tssreadclock.1 help2man -h --version-string="v1045" -n "Runs TPM2_ReadPublic" /usr/bin/tssreadpublic > man/man1/tssreadpublic.1 help2man -h --version-string="v1045" -n "Runs returncode parser" /usr/bin/tssreturncode > man/man1/tssreturncode.1 help2man -h --version-string="v1045" -n "Runs TPM2_Rewrap" /usr/bin/tssrewrap > man/man1/tssrewrap.1 help2man -h --version-string="v1045" -n "Runs TPM2_RsaDecrypt" /usr/bin/tssrsadecrypt > man/man1/tssrsadecrypt.1 help2man -h --version-string="v1045" -n "Runs TPM2_RsaEncrypt" /usr/bin/tssrsaencrypt > man/man1/tssrsaencrypt.1 help2man -h --version-string="v1045" -n "Runs TPM2_SequenceComplete" /usr/bin/tsssequencecomplete > man/man1/tsssequencecomplete.1 help2man -h --version-string="v1045" -n "Runs TPM2_SequenceUpdate" /usr/bin/tsssequenceupdate > man/man1/tsssequenceupdate.1 help2man -h --version-string="v1045" -n "Runs TPM2_SetPrimarypolicy" /usr/bin/tsssetprimarypolicy > man/man1/tsssetprimarypolicy.1 help2man -h --version-string="v1045" -n "Runs TPM2_Shutdown" /usr/bin/tssshutdown > man/man1/tssshutdown.1 help2man -h --version-string="v1045" -n "Runs TPM2_Sign" /usr/bin/tsssign > man/man1/tsssign.1 help2man -h --version-string="v1045" -n "Runs TPM2_Signapp" /usr/bin/tsssignapp > man/man1/tsssignapp.1 help2man -h --version-string="v1045" -n "Runs TPM2_StartAuthSession" /usr/bin/tssstartauthsession > man/man1/tssstartauthsession.1 help2man -h --version-string="v1045" -n "Runs TPM2_Startup" /usr/bin/tssstartup > man/man1/tssstartup.1 help2man -h --version-string="v1045" -n "Runs TPM2_StirRandom" /usr/bin/tssstirrandom > man/man1/tssstirrandom.1 help2man -h --version-string="v1045" -n "Runs timepacket profiler" /usr/bin/tsstimepacket > man/man1/tsstimepacket.1 help2man -h --version-string="v1045" -n "Runs TPM2_Unseal" /usr/bin/tssunseal > man/man1/tssunseal.1 help2man -h --version-string="v1045" -n "Runs TPM2_VerifySignature" /usr/bin/tssverifysignature > man/man1/tssverifysignature.1 help2man -h --version-string="v1045" -n "Runs writeapp demo" /usr/bin/tsswriteapp > man/man1/tsswriteapp.1 ./utils/tss.c0000644000175000017500000044533113075700253011314 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Primary API */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tss.c 992 2017-04-19 15:22:19Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2016. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include "tssauth.h" #include #include "tssproperties.h" #include #include #include #include #include #include "tssccattributes.h" #ifndef TPM_TSS_NOCRYPTO #include #include #endif /* Files: h01xxxxxx.bin - NV index name h02xxxxxx.bin - hmac session context h03xxxxxx.bin - policy session context h80xxxxxx.bin - transient object name cxxxx...xxxx.bin - context blob name */ /* NOTE Synchronize with TSS_HmacSession_InitContext TSS_HmacSession_Unmarshal TSS_HmacSession_Marshal */ struct TSS_HMAC_CONTEXT { TPMI_SH_AUTH_SESSION sessionHandle; /* the session handle */ TPMI_ALG_HASH authHashAlg; /* hash algorithm to use for the session */ #ifndef TPM_TSS_NOCRYPTO uint32_t sizeInBytes; /* hash algorithm mapped to size */ #endif /* TPM_TSS_NOCRYPTO */ TPMT_SYM_DEF symmetric; /* the algorithm and key size for parameter encryption */ TPMI_DH_ENTITY bind; /* bind handle */ TPM2B_NAME bindName; /* Name corresponding to the the bind handle */ TPM2B_AUTH bindAuthValue; /* password corresponding to the bind handle */ #ifndef TPM_TSS_NOCRYPTO TPM2B_NONCE nonceTPM; /* from TPM in response */ TPM2B_NONCE nonceCaller; /* from caller in command */ TPM2B_DIGEST sessionKey; /* from KDFa at session creation */ #endif /* TPM_TSS_NOCRYPTO */ TPM_SE sessionType; /* HMAC (0), policy (1), or trial policy */ uint8_t isPasswordNeeded; /* flag set by policy password */ uint8_t isAuthValueNeeded; /* flag set by policy authvalue */ /* Items below this line are for the lifetime of one command. They are not saved and loaded. */ TPM2B_KEY hmacKey; /* HMAC key calculated for each command */ #ifndef TPM_TSS_NOCRYPTO TPM2B_KEY sessionValue; /* KDFa secret for parameter encryption */ #endif /* TPM_TSS_NOCRYPTO */ } TSS_HMAC_CONTEXT; /* functions for command pre- and post- processing */ typedef TPM_RC (*TSS_PreProcessFunction_t)(TSS_CONTEXT *tssContext, COMMAND_PARAMETERS *in, EXTRA_PARAMETERS *extra); typedef TPM_RC (*TSS_ChangeAuthFunction_t)(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, COMMAND_PARAMETERS *in); typedef TPM_RC (*TSS_PostProcessFunction_t)(TSS_CONTEXT *tssContext, COMMAND_PARAMETERS *in, RESPONSE_PARAMETERS *out, EXTRA_PARAMETERS *extra); static TPM_RC TSS_PR_StartAuthSession(TSS_CONTEXT *tssContext, StartAuthSession_In *in, StartAuthSession_Extra *extra); static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext, NV_DefineSpace_In *in, void *extra); static TPM_RC TSS_CA_HierarchyChangeAuth(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, HierarchyChangeAuth_In *in); static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, NV_UndefineSpaceSpecial_In *in); static TPM_RC TSS_CA_NV_ChangeAuth(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, NV_ChangeAuth_In *in); static TPM_RC TSS_PO_StartAuthSession(TSS_CONTEXT *tssContext, StartAuthSession_In *in, StartAuthSession_Out *out, StartAuthSession_Extra *extra); static TPM_RC TSS_PO_ContextSave(TSS_CONTEXT *tssContext, ContextSave_In *in, ContextSave_Out *out, void *extra); static TPM_RC TSS_PO_ContextLoad(TSS_CONTEXT *tssContext, ContextLoad_In *in, ContextLoad_Out *out, void *extra); static TPM_RC TSS_PO_FlushContext(TSS_CONTEXT *tssContext, FlushContext_In *in, void *out, void *extra); static TPM_RC TSS_PO_EvictControl(TSS_CONTEXT *tssContext, EvictControl_In *in, void *out, void *extra); static TPM_RC TSS_PO_Load(TSS_CONTEXT *tssContext, Load_In *in, Load_Out *out, void *extra); static TPM_RC TSS_PO_LoadExternal(TSS_CONTEXT *tssContext, LoadExternal_In *in, LoadExternal_Out *out, void *extra); static TPM_RC TSS_PO_ReadPublic(TSS_CONTEXT *tssContext, ReadPublic_In *in, ReadPublic_Out *out, void *extra); static TPM_RC TSS_PO_CreateLoaded(TSS_CONTEXT *tssContext, CreateLoaded_In *in, CreateLoaded_Out *out, void *extra); static TPM_RC TSS_PO_HMAC_Start(TSS_CONTEXT *tssContext, HMAC_Start_In *in, HMAC_Start_Out *out, void *extra); static TPM_RC TSS_PO_HashSequenceStart(TSS_CONTEXT *tssContext, HashSequenceStart_In *in, HashSequenceStart_Out *out, void *extra); static TPM_RC TSS_PO_SequenceComplete(TSS_CONTEXT *tssContext, SequenceComplete_In *in, SequenceComplete_Out *out, void *extra); static TPM_RC TSS_PO_EventSequenceComplete(TSS_CONTEXT *tssContext, EventSequenceComplete_In *in, EventSequenceComplete_Out *out, void *extra); static TPM_RC TSS_PO_PolicyAuthValue(TSS_CONTEXT *tssContext, PolicyAuthValue_In *in, void *out, void *extra); static TPM_RC TSS_PO_PolicyPassword(TSS_CONTEXT *tssContext, PolicyPassword_In *in, void *out, void *extra); static TPM_RC TSS_PO_CreatePrimary(TSS_CONTEXT *tssContext, CreatePrimary_In *in, CreatePrimary_Out *out, void *extra); static TPM_RC TSS_PO_NV_DefineSpace(TSS_CONTEXT *tssContext, NV_DefineSpace_In *in, void *out, void *extra); static TPM_RC TSS_PO_NV_ReadPublic(TSS_CONTEXT *tssContext, NV_ReadPublic_In *in, NV_ReadPublic_Out *out, void *extra); static TPM_RC TSS_PO_NV_UndefineSpace(TSS_CONTEXT *tssContext, NV_UndefineSpace_In *in, void *out, void *extra); static TPM_RC TSS_PO_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, NV_UndefineSpaceSpecial_In *in, void *out, void *extra); static TPM_RC TSS_PO_NV_Write(TSS_CONTEXT *tssContext, NV_Write_In *in, void *out, void *extra); static TPM_RC TSS_PO_NV_WriteLock(TSS_CONTEXT *tssContext, NV_WriteLock_In *in, void *out, void *extra); static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext, NV_ReadLock_In *in, void *out, void *extra); typedef struct TSS_TABLE { TPM_CC commandCode; TSS_PreProcessFunction_t preProcessFunction; TSS_ChangeAuthFunction_t changeAuthFunction; TSS_PostProcessFunction_t postProcessFunction; } TSS_TABLE; static const TSS_TABLE tssTable [] = { {TPM_CC_Startup, NULL, NULL, NULL}, {TPM_CC_Shutdown, NULL, NULL, NULL}, {TPM_CC_SelfTest, NULL, NULL, NULL}, {TPM_CC_IncrementalSelfTest, NULL, NULL, NULL}, {TPM_CC_GetTestResult, NULL, NULL, NULL}, {TPM_CC_StartAuthSession, (TSS_PreProcessFunction_t)TSS_PR_StartAuthSession, NULL, (TSS_PostProcessFunction_t)TSS_PO_StartAuthSession}, {TPM_CC_PolicyRestart, NULL, NULL, NULL}, {TPM_CC_Create, NULL, NULL, NULL}, {TPM_CC_Load, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_Load}, {TPM_CC_LoadExternal, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_LoadExternal}, {TPM_CC_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ReadPublic}, {TPM_CC_ActivateCredential, NULL, NULL, NULL}, {TPM_CC_MakeCredential, NULL, NULL, NULL}, {TPM_CC_Unseal, NULL, NULL, NULL}, {TPM_CC_ObjectChangeAuth, NULL, NULL, NULL}, {TPM_CC_CreateLoaded, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreateLoaded}, {TPM_CC_Duplicate, NULL, NULL, NULL}, {TPM_CC_Rewrap, NULL, NULL, NULL}, {TPM_CC_Import, NULL, NULL, NULL}, {TPM_CC_RSA_Encrypt, NULL, NULL, NULL}, {TPM_CC_RSA_Decrypt, NULL, NULL, NULL}, {TPM_CC_ECDH_KeyGen, NULL, NULL, NULL}, {TPM_CC_ECDH_ZGen, NULL, NULL, NULL}, {TPM_CC_ECC_Parameters, NULL, NULL, NULL}, {TPM_CC_ZGen_2Phase, NULL, NULL, NULL}, {TPM_CC_EncryptDecrypt, NULL, NULL, NULL}, {TPM_CC_EncryptDecrypt2, NULL, NULL, NULL}, {TPM_CC_Hash, NULL, NULL, NULL}, {TPM_CC_HMAC, NULL, NULL, NULL}, {TPM_CC_GetRandom, NULL, NULL, NULL}, {TPM_CC_StirRandom, NULL, NULL, NULL}, {TPM_CC_HMAC_Start, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HMAC_Start}, {TPM_CC_HashSequenceStart, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_HashSequenceStart}, {TPM_CC_SequenceUpdate, NULL, NULL, NULL}, {TPM_CC_SequenceComplete, NULL,NULL, (TSS_PostProcessFunction_t)TSS_PO_SequenceComplete}, {TPM_CC_EventSequenceComplete, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EventSequenceComplete}, {TPM_CC_Certify, NULL, NULL, NULL}, {TPM_CC_CertifyCreation, NULL, NULL, NULL}, {TPM_CC_Quote, NULL, NULL, NULL}, {TPM_CC_GetSessionAuditDigest, NULL, NULL, NULL}, {TPM_CC_GetCommandAuditDigest, NULL, NULL, NULL}, {TPM_CC_GetTime, NULL, NULL, NULL}, {TPM_CC_Commit, NULL, NULL, NULL}, {TPM_CC_EC_Ephemeral, NULL, NULL, NULL}, {TPM_CC_VerifySignature, NULL, NULL, NULL}, {TPM_CC_Sign, NULL, NULL, NULL}, {TPM_CC_SetCommandCodeAuditStatus, NULL, NULL, NULL}, {TPM_CC_PCR_Extend, NULL, NULL, NULL}, {TPM_CC_PCR_Event, NULL, NULL, NULL}, {TPM_CC_PCR_Read, NULL, NULL, NULL}, {TPM_CC_PCR_Allocate, NULL, NULL, NULL}, {TPM_CC_PCR_SetAuthPolicy, NULL, NULL, NULL}, {TPM_CC_PCR_SetAuthValue, NULL, NULL, NULL}, {TPM_CC_PCR_Reset, NULL, NULL, NULL}, {TPM_CC_PolicySigned, NULL, NULL, NULL}, {TPM_CC_PolicySecret, NULL, NULL, NULL}, {TPM_CC_PolicyTicket, NULL, NULL, NULL}, {TPM_CC_PolicyOR, NULL, NULL, NULL}, {TPM_CC_PolicyPCR, NULL, NULL, NULL}, {TPM_CC_PolicyLocality, NULL, NULL, NULL}, {TPM_CC_PolicyNV, NULL, NULL, NULL}, {TPM_CC_PolicyAuthorizeNV, NULL, NULL, NULL}, {TPM_CC_PolicyCounterTimer, NULL, NULL, NULL}, {TPM_CC_PolicyCommandCode, NULL, NULL, NULL}, {TPM_CC_PolicyPhysicalPresence, NULL, NULL, NULL}, {TPM_CC_PolicyCpHash, NULL, NULL, NULL}, {TPM_CC_PolicyNameHash, NULL, NULL, NULL}, {TPM_CC_PolicyDuplicationSelect, NULL, NULL, NULL}, {TPM_CC_PolicyAuthorize, NULL, NULL, NULL}, {TPM_CC_PolicyAuthValue, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyAuthValue}, {TPM_CC_PolicyPassword, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_PolicyPassword}, {TPM_CC_PolicyGetDigest, NULL, NULL, NULL}, {TPM_CC_PolicyNvWritten, NULL, NULL, NULL}, {TPM_CC_PolicyTemplate, NULL, NULL, NULL}, {TPM_CC_CreatePrimary, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_CreatePrimary}, {TPM_CC_HierarchyControl, NULL, NULL, NULL}, {TPM_CC_SetPrimaryPolicy, NULL, NULL, NULL}, {TPM_CC_ChangePPS, NULL, NULL, NULL}, {TPM_CC_ChangeEPS, NULL, NULL, NULL}, {TPM_CC_Clear, NULL, NULL, NULL}, {TPM_CC_ClearControl, NULL, NULL, NULL}, {TPM_CC_HierarchyChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_HierarchyChangeAuth, NULL}, {TPM_CC_DictionaryAttackLockReset, NULL, NULL, NULL}, {TPM_CC_DictionaryAttackParameters, NULL, NULL, NULL}, {TPM_CC_PP_Commands, NULL, NULL, NULL}, {TPM_CC_SetAlgorithmSet, NULL, NULL, NULL}, {TPM_CC_ContextSave, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextSave}, {TPM_CC_ContextLoad, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_ContextLoad}, {TPM_CC_FlushContext, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_FlushContext}, {TPM_CC_EvictControl, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_EvictControl}, {TPM_CC_ReadClock, NULL, NULL, NULL}, {TPM_CC_ClockSet, NULL, NULL, NULL}, {TPM_CC_ClockRateAdjust, NULL, NULL, NULL}, {TPM_CC_GetCapability, NULL, NULL, NULL}, {TPM_CC_TestParms, NULL, NULL, NULL}, {TPM_CC_NV_DefineSpace, (TSS_PreProcessFunction_t)TSS_PR_NV_DefineSpace, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_DefineSpace}, {TPM_CC_NV_UndefineSpace, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpace}, {TPM_CC_NV_UndefineSpaceSpecial, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_UndefineSpaceSpecial, (TSS_PostProcessFunction_t)TSS_PO_NV_UndefineSpaceSpecial}, {TPM_CC_NV_ReadPublic, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadPublic}, {TPM_CC_NV_Write, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, {TPM_CC_NV_Increment, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, {TPM_CC_NV_Extend, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, {TPM_CC_NV_SetBits, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_Write}, {TPM_CC_NV_WriteLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_WriteLock}, {TPM_CC_NV_GlobalWriteLock, NULL, NULL, NULL}, {TPM_CC_NV_Read, NULL, NULL, NULL}, {TPM_CC_NV_ReadLock, NULL, NULL, (TSS_PostProcessFunction_t)TSS_PO_NV_ReadLock}, {TPM_CC_NV_ChangeAuth, NULL, (TSS_ChangeAuthFunction_t)TSS_CA_NV_ChangeAuth, NULL}, {TPM_CC_NV_Certify, NULL, NULL, NULL} }; /* local prototypes */ static TPM_RC TSS_Context_Init(TSS_CONTEXT *tssContext); static TPM_RC TSS_Execute_valist(TSS_CONTEXT *tssContext, COMMAND_PARAMETERS *in, va_list ap); static TPM_RC TSS_PwapSession_Set(TPMS_AUTH_COMMAND *authCommand, const char *password); static TPM_RC TSS_PwapSession_Verify(TPMS_AUTH_RESPONSE *authResponse); static TPM_RC TSS_HmacSession_GetContext(struct TSS_HMAC_CONTEXT **session); static void TSS_HmacSession_InitContext(struct TSS_HMAC_CONTEXT *session); static void TSS_HmacSession_FreeContext(struct TSS_HMAC_CONTEXT *session); #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_HmacSession_SetSessionKey(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, TPM2B_DIGEST *salt, TPMI_DH_ENTITY bind, TPM2B_AUTH *bindAuthValue); static TPM_RC TSS_HmacSession_SetNonceCaller(struct TSS_HMAC_CONTEXT *session, TPMS_AUTH_COMMAND *authC); static TPM_RC TSS_HmacSession_SetHmacKey(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, const char *password); #endif /* TPM_TSS_NOCRYPTO */ static TPM_RC TSS_HmacSession_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session[], TPMS_AUTH_COMMAND *authCommand[], TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[], const char *password[], TPM2B_NAME *name0, TPM2B_NAME *name1, TPM2B_NAME *name2); #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_HmacSession_Verify(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session, TPMS_AUTH_RESPONSE *authResponse); #endif /* TPM_TSS_NOCRYPTO */ static TPM_RC TSS_HmacSession_Continue(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, TPMS_AUTH_RESPONSE *authR); static TPM_RC TSS_HmacSession_SaveSession(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session); static TPM_RC TSS_HmacSession_LoadSession(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, TPMI_SH_AUTH_SESSION sessionHandle); #ifdef TPM_TSS_NOFILE static TPM_RC TSS_HmacSession_SaveData(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle, uint32_t outLength, uint8_t *outBuffer); static TPM_RC TSS_HmacSession_LoadData(TSS_CONTEXT *tssContext, uint32_t *inLength, uint8_t **inData, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC TSS_HmacSession_DeleteData(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle); static TPM_RC TSS_HmacSession_GetSlotForHandle(TSS_CONTEXT *tssContext, size_t *slotIndex, TPMI_SH_AUTH_SESSION sessionHandle); #endif static uint16_t TSS_HmacSession_Marshal(struct TSS_HMAC_CONTEXT *source, uint16_t *written, uint8_t **buffer, int32_t *size); static TPM_RC TSS_HmacSession_Unmarshal(struct TSS_HMAC_CONTEXT *target, uint8_t **buffer, int32_t *size); static TPM_RC TSS_Name_GetAllNames(TSS_CONTEXT *tssContext, TPM2B_NAME **names); static TPM_RC TSS_Name_GetName(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle); static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle, const char *string); static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle, const char *string); static TPM_RC TSS_Name_Copy(TSS_CONTEXT *tssContext, TPM_HANDLE outHandle, const char *outString, TPM_HANDLE inHandle, const char *inString); static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext, TPM2B_PUBLIC *public, TPM_HANDLE handle, const char *string); static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext, TPM2B_PUBLIC *public, TPM_HANDLE handle, const char *string); static TPM_RC TSS_Public_Copy(TSS_CONTEXT *tssContext, TPM_HANDLE outHandle, const char *outString, TPM_HANDLE inHandle, const char *inString); #ifdef TPM_TSS_NOFILE static TPM_RC TSS_ObjectPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, size_t *slotIndex, TPM_HANDLE handle); static TPM_RC TSS_ObjectPublic_DeleteData(TSS_CONTEXT *tssContext, TPM_HANDLE handle); #endif static TPM_RC TSS_DeleteHandle(TSS_CONTEXT *tssContext, TPM_HANDLE handle); static TPM_RC TSS_ObjectPublic_GetName(TPM2B_NAME *name, TPMT_PUBLIC *tpmtPublic); #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext, TPMS_NV_PUBLIC *nvPublic, TPMI_RH_NV_INDEX handle); static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext, TPMS_NV_PUBLIC *nvPublic, TPMI_RH_NV_INDEX handle); #endif static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext, TPMI_RH_NV_INDEX nvIndex); #ifdef TPM_TSS_NOFILE static TPM_RC TSS_NvPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, size_t *slotIndex, TPMI_RH_NV_INDEX nvIndex); #endif static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session[], TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]); #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session); static TPM_RC TSS_Command_DecryptAes(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session); #endif /* TPM_TSS_NOCRYPTO */ static TPM_RC TSS_Response_Encrypt(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session[], TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]); #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_Response_EncryptXor(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session); static TPM_RC TSS_Response_EncryptAes(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session); static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, COMMAND_PARAMETERS *in); #endif /* TPM_TSS_NOCRYPTO */ static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext, TPM_CC commandCode, COMMAND_PARAMETERS *in, EXTRA_PARAMETERS *extra); static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext, COMMAND_PARAMETERS *in, RESPONSE_PARAMETERS *out, EXTRA_PARAMETERS *extra); static TPM_RC TSS_Sessions_GetDecryptSession(unsigned int *isDecrypt, unsigned int *decryptSession, TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]); static TPM_RC TSS_Sessions_GetEncryptSession(unsigned int *isEncrypt, unsigned int *encryptSession, TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]); #ifndef TPM_TSS_NOFILE static TPM_RC TSS_HashToString(char *str, uint8_t *digest); #endif #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_RSA_Salt(TPM2B_DIGEST *salt, TPM2B_ENCRYPTED_SECRET *encryptedSalt, TPMT_PUBLIC *publicArea); #endif extern int tssVerbose; extern int tssVverbose; extern int tssFirstCall; /* TSS_Create() creates and initializes the TSS Context. It does NOT open a connection to the TPM.*/ TPM_RC TSS_Create(TSS_CONTEXT **tssContext) { TPM_RC rc = 0; /* allocate the high level TSS structure */ if (rc == 0) { *tssContext = malloc(sizeof(TSS_CONTEXT)); if (*tssContext == NULL) { if (tssVerbose) printf("TSS_Create: malloc %u failed\n", (unsigned int)sizeof(TSS_CONTEXT)); rc = TSS_RC_OUT_OF_MEMORY; } } /* initialize the high level TSS structure */ if (rc == 0) { rc = TSS_Context_Init(*tssContext); /* the likely cause of a failure is a bad environment variable */ if (rc != 0) { if (tssVerbose) printf("TSS_Create: TSS_Context_Init() failed\n"); free(*tssContext); *tssContext = NULL; } } /* allocate and initialize the lower layer TSS context */ if (rc == 0) { rc = TSS_AuthCreate(&((*tssContext)->tssAuthContext)); } return rc; } /* TSS_Context_Init() on first call is used for any global library initialization. On every call, it initializes the TSS context. */ static TPM_RC TSS_Context_Init(TSS_CONTEXT *tssContext) { TPM_RC rc = 0; #ifndef TPM_TSS_NOCRYPTO size_t tssSessionEncKeySize; size_t tssSessionDecKeySize; #endif /* at the first call to the TSS, initialize global variables */ if (tssFirstCall) { /* tssFirstCall is a library global */ #ifndef TPM_TSS_NOCRYPTO /* crypto module initializations, crypto library specific */ if (rc == 0) { rc = TSS_Crypto_Init(); } #endif /* TSS properties that are global, not per TSS context */ if (rc == 0) { rc = TSS_GlobalProperties_Init(); } tssFirstCall = FALSE; } /* TSS properties that are per context */ if (rc == 0) { rc = TSS_Properties_Init(tssContext); } #ifndef TPM_TSS_NOCRYPTO /* crypto library dependent code to allocate the session state encryption and decryption keys. They are probably always the same size, but it's safer not to assume that. */ if (rc == 0) { rc = TSS_AES_GetEncKeySize(&tssSessionEncKeySize); } if (rc == 0) { rc = TSS_AES_GetDecKeySize(&tssSessionDecKeySize); } if (rc == 0) { rc = TSS_Malloc((uint8_t **)&tssContext->tssSessionEncKey, tssSessionEncKeySize); } if (rc == 0) { rc = TSS_Malloc((uint8_t **)&tssContext->tssSessionDecKey, tssSessionDecKeySize); } /* build the session encryption and decryption keys */ if (rc == 0) { rc = TSS_AES_KeyGenerate(tssContext->tssSessionEncKey, tssContext->tssSessionDecKey); } #endif return rc; } /* TSS_Delete() closes an open TPM connection, then free the TSS context memory. */ TPM_RC TSS_Delete(TSS_CONTEXT *tssContext) { TPM_RC rc = 0; if (tssContext != NULL) { TSS_AuthDelete(tssContext->tssAuthContext); #ifdef TPM_TSS_NOFILE { size_t i; for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { tssContext->sessions[i].sessionHandle = TPM_RH_NULL; /* erase any secrets */ memset(tssContext->sessions[i].sessionData, 0, tssContext->sessions[i].sessionDataLength); free(tssContext->sessions[i].sessionData); tssContext->sessions[i].sessionData = NULL; tssContext->sessions[i].sessionDataLength = 0; } } #endif #ifndef TPM_TSS_NOCRYPTO free(tssContext->tssSessionEncKey); free(tssContext->tssSessionDecKey); #endif rc = TSS_Close(tssContext); free(tssContext); } return rc; } /* TSS_Execute() performs the complete command / response process. It sends the command specified by commandCode and the parameters 'in', returning the response parameters 'out'. ... varargs are TPMI_SH_AUTH_SESSION sessionHandle, const char *password, unsigned int sessionAttributes Terminates with TPM_RH_NULL, NULL, 0 Processes up to MAX_SESSION_NUM sessions. */ TPM_RC TSS_Execute(TSS_CONTEXT *tssContext, RESPONSE_PARAMETERS *out, COMMAND_PARAMETERS *in, EXTRA_PARAMETERS *extra, TPM_CC commandCode, ...) { TPM_RC rc = 0; va_list ap; /* create a TSS context */ if (rc == 0) { TSS_InitAuthContext(tssContext->tssAuthContext); } /* handle any command specific command pre-processing */ if (rc == 0) { rc = TSS_Command_PreProcessor(tssContext, commandCode, in, extra); } /* marshal input parameters */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute: Command %08x marshal\n", commandCode); rc = TSS_Marshal(tssContext->tssAuthContext, in, commandCode); } /* execute the command */ if (rc == 0) { va_start(ap, commandCode); rc = TSS_Execute_valist(tssContext, in, ap); va_end(ap); } /* unmarshal the response parameters */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute: Command %08x unmarshal\n", commandCode); rc = TSS_Unmarshal(tssContext->tssAuthContext, out); } /* handle any command specific response post-processing */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute: Command %08x post processor\n", commandCode); rc = TSS_Response_PostProcessor(tssContext, in, out, extra); } return rc; } /* TSS_Execute_valist() transmits the marshaled command and receives the marshaled response. varargs are TPMI_SH_AUTH_SESSION sessionHandle, const char *password, unsigned int sessionAttributes Terminates with sessionHandle TPM_RH_NULL Processes up to MAX_SESSION_NUM sessions. It handles HMAC generation and command and response parameter encryption. It loads each session context, rolls nonces, and saves or deletes the session context. */ static TPM_RC TSS_Execute_valist(TSS_CONTEXT *tssContext, COMMAND_PARAMETERS *in, va_list ap) { TPM_RC rc = 0; int done; int haveNames = FALSE; /* names are common to all HMAC sessions */ unsigned int i = 0; /* the vararg parameters */ TPMI_SH_AUTH_SESSION sessionHandle[MAX_SESSION_NUM]; const char *password[MAX_SESSION_NUM]; unsigned int sessionAttributes[MAX_SESSION_NUM]; /* structures filled in */ TPMS_AUTH_COMMAND authCommand[MAX_SESSION_NUM]; TPMS_AUTH_RESPONSE authResponse[MAX_SESSION_NUM]; /* pointer to the above structures as used */ TPMS_AUTH_COMMAND *authC[MAX_SESSION_NUM]; TPMS_AUTH_RESPONSE *authR[MAX_SESSION_NUM]; /* TSS sessions */ struct TSS_HMAC_CONTEXT *session[MAX_SESSION_NUM]; TPM2B_NAME authName[MAX_SESSION_NUM]; TPM2B_NAME *names[MAX_SESSION_NUM]; /* Step 1: initialization */ if (tssVverbose) printf("TSS_Execute_valist: Step 1: initialization\n"); for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) ; i++) { authC[i] = NULL; /* array of TPMS_AUTH_COMMAND structures, NULL for TSS_SetCmdAuths */ authR[i] = NULL; /* array of TPMS_AUTH_RESPONSE structures, NULL for TSS_GetRspAuths */ session[i] = NULL; /* for free, used for HMAC and encrypt/decrypt sessions */ names[i] = &authName[i]; /* array of TPM2B_NAME pointers */ authName[i].b.size = 0; /* to ignore unused names in cpHash calculation */ /* the varargs list inputs */ sessionHandle[i] = TPM_RH_NULL; password[i] = NULL; sessionAttributes[i] = 0; } /* Step 2: gather the command authorizations Process PWAP immediately For HMAC, get the session context */ done = FALSE; for (i = 0 ; (rc == 0) && !done && (i < MAX_SESSION_NUM) ; i++) { sessionHandle[i] = va_arg(ap, TPMI_SH_AUTH_SESSION); /* first vararg is the session handle */ password[i]= va_arg(ap, const char *); /* second vararg is the password */ sessionAttributes[i] = va_arg(ap, unsigned int); /* third argument is sessionAttributes */ sessionAttributes[i] &= 0xff; /* is uint8_t */ if (sessionHandle[i] != TPM_RH_NULL) { /* varargs termination value */ if (tssVverbose) printf("TSS_Execute_valist: Step 2: authorization %u\n", i); if (tssVverbose) printf("TSS_Execute_valist: session %u handle %08x\n", i, sessionHandle[i]); /* make used, non-NULL for command and response varargs */ authC[i] = &authCommand[i]; authR[i] = &authResponse[i]; /* if password session, populate authC with password, etc. immediately */ if (sessionHandle[i] == TPM_RS_PW) { rc = TSS_PwapSession_Set(authC[i], password[i]); } /* if HMAC or encrypt/decrypt session */ else { /* if there is at least one HMAC session, get the names corresponding to the handles */ if ((rc == 0) && !haveNames) { rc = TSS_Name_GetAllNames(tssContext, names); haveNames = TRUE; /* get only once, minor optimization */ } /* initialize a TSS HMAC session */ if (rc == 0) { rc = TSS_HmacSession_GetContext(&session[i]); } /* load the session created by startauthsession */ if (rc == 0) { rc = TSS_HmacSession_LoadSession(tssContext, session[i], sessionHandle[i]); } } } else { done = TRUE; } } /* Step 3: Roll nonceCaller, save in the session context for the response */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { if (sessionHandle[i] != TPM_RS_PW) { /* no nonce for password sessions */ if (tssVverbose) printf("TSS_Execute_valist: Step 3: nonceCaller %08x\n", sessionHandle[i]); #ifndef TPM_TSS_NOCRYPTO rc = TSS_HmacSession_SetNonceCaller(session[i], authC[i]); #else authC[i]->nonce.b.size = 16; memset(&authC[i]->nonce.b.buffer, 0, 16); #endif /* TPM_TSS_NOCRYPTO */ } } #ifndef TPM_TSS_NOCRYPTO /* Step 4: Calculate the HMAC key */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { if (sessionHandle[i] != TPM_RS_PW) { /* no HMAC key for password sessions */ if (tssVverbose) printf("TSS_Execute_valist: Step 4: Session %u HMAC key for %08x\n", i, sessionHandle[i]); rc = TSS_HmacSession_SetHmacKey(tssContext, session[i], i, password[i]); } } #endif /* TPM_TSS_NOCRYPTO */ /* Step 5: command parameter encryption */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute_valist: Step 5: command encrypt\n"); rc = TSS_Command_Decrypt(tssContext->tssAuthContext, session, sessionHandle, sessionAttributes); } /* Step 6: for each HMAC session, calculate cpHash, calculate the HMAC, and set it in TPMS_AUTH_COMMAND */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute_valist: Step 6 calculate HMACs\n"); rc = TSS_HmacSession_SetHMAC(tssContext->tssAuthContext, /* TSS auth context */ session, /* TSS session contexts */ authC, /* output: command authorizations */ sessionHandle, /* list of session handles for the command */ sessionAttributes, /* attributes for this command */ password, /* for plaintext password sessions */ names[0], /* Name */ names[1], /* Name */ names[2]); /* Name */ } /* Step 7: set the command authorizations in the TSS command stream */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute_valist: Step 7 set command authorizations\n"); rc = TSS_SetCmdAuths(tssContext->tssAuthContext, authC[0], authC[1], authC[2], NULL); } /* Step 8: process the command. Normally returns the TPM response code. */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute_valist: Step 8: process the command\n"); rc = TSS_AuthExecute(tssContext); } /* Step 9: get the response authorizations from the TSS response stream */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute_valist: Step 9 get response authorizations\n"); rc = TSS_GetRspAuths(tssContext->tssAuthContext, authR[0], authR[1], authR[2], NULL); } /* Step 10: process the response authorizations, validate the HMAC */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { if (tssVverbose) printf("TSS_Execute_valist: Step 10: process response authorization %08x\n", sessionHandle[i]); if (sessionHandle[i] == TPM_RS_PW) { rc = TSS_PwapSession_Verify(authR[i]); } /* HMAC session */ else { #ifndef TPM_TSS_NOCRYPTO /* save nonceTPM in the session context */ if (rc == 0) { rc = TSS_TPM2B_Copy(&session[i]->nonceTPM.b, &authR[i]->nonce.b, sizeof(TPMU_HA)); } #endif /* TPM_TSS_NOCRYPTO */ /* the HMAC key is already part of the TSS session context. For policy sessions with policy password, the response hmac is empty. */ if ((session[i]->sessionType == TPM_SE_HMAC) || ((session[i]->sessionType == TPM_SE_POLICY) && (session[i]->isAuthValueNeeded))) { #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = TSS_Command_ChangeAuthProcessor(tssContext, session[i], i, in); } if (rc == 0) { rc = TSS_HmacSession_Verify(tssContext->tssAuthContext, /* authorization context */ session[i], /* TSS session context */ authR[i]); /* input: response authorization */ } #else in = in; if (tssVerbose) printf("TSS_Execute_valist: " "Error, HMAC verify with no crypto not implemented\n"); rc = TSS_RC_NOT_IMPLEMENTED; #endif /* TPM_TSS_NOCRYPTO */ } } } /* Step 11: process the audit flag */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { if ((sessionHandle[i] != TPM_RS_PW) && (session[i]->bind != TPM_RH_NULL) && (authR[i]->sessionAttributes.val & TPMA_SESSION_AUDIT)) { if (tssVverbose) printf("TSS_Execute_valist: Step 11: process bind audit flag %08x\n", sessionHandle[i]); /* if bind audit session, bind value is lost and further use requires authValue */ session[i]->bind = TPM_RH_NULL; } } /* Step 12: process the response continue flag */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { if (sessionHandle[i] != TPM_RS_PW) { if (tssVverbose) printf("TSS_Execute_valist: Step 12: process continue flag %08x\n", sessionHandle[i]); rc = TSS_HmacSession_Continue(tssContext, session[i], authR[i]); } } /* Step 13: response parameter decryption */ if (rc == 0) { if (tssVverbose) printf("TSS_Execute_valist: Step 13: response decryption\n"); rc = TSS_Response_Encrypt(tssContext->tssAuthContext, session, sessionHandle, sessionAttributes); } /* cleanup */ for (i = 0 ; i < MAX_SESSION_NUM ; i++) { TSS_HmacSession_FreeContext(session[i]); } return rc; } /* PWAP - Password Session */ /* TSS_PwapSession_Set() sets all members of the TPMS_AUTH_COMMAND structure for a PWAP session. */ static TPM_RC TSS_PwapSession_Set(TPMS_AUTH_COMMAND *authCommand, const char *password) { TPM_RC rc = 0; if (rc == 0) { authCommand->sessionHandle = TPM_RS_PW; authCommand->nonce.t.size = 0; authCommand->sessionAttributes.val = 0; } if (password != NULL) { rc = TSS_TPM2B_StringCopy(&authCommand->hmac.b, password, sizeof(TPMU_HA)); } else { authCommand->hmac.t.size = 0; } return rc; } /* TSS_PwapSession_Verify() verifies the PWAP session response. */ static TPM_RC TSS_PwapSession_Verify(TPMS_AUTH_RESPONSE *authResponse) { TPM_RC rc = 0; if (rc == 0) { if (authResponse->nonce.t.size != 0) { if (tssVerbose) printf("TSS_PwapSession_Verify: nonce size %u not zero\n", authResponse->nonce.t.size); rc = TSS_RC_BAD_PWAP_NONCE; } } if (rc == 0) { if (authResponse->sessionAttributes.val != TPMA_SESSION_CONTINUESESSION) { if (tssVerbose) printf("TSS_PwapSession_Verify: continue %02x not set\n", authResponse->sessionAttributes.val); rc = TSS_RC_BAD_PWAP_ATTRIBUTES; } } if (rc == 0) { if (authResponse->hmac.t.size != 0) { if (tssVerbose) printf("TSS_PwapSession_Verify: HMAC size %u not zero\n", authResponse->hmac.t.size); rc = TSS_RC_BAD_PWAP_HMAC; } } return rc; } /* HMAC Session */ static TPM_RC TSS_HmacSession_GetContext(struct TSS_HMAC_CONTEXT **session) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_Malloc((uint8_t **)session, sizeof(TSS_HMAC_CONTEXT)); } if (rc == 0) { TSS_HmacSession_InitContext(*session); } return rc; } static void TSS_HmacSession_InitContext(struct TSS_HMAC_CONTEXT *session) { session->sessionHandle = TPM_RH_NULL; session->authHashAlg = TPM_ALG_NULL; #ifndef TPM_TSS_NOCRYPTO session->sizeInBytes = 0; #endif session->symmetric.algorithm = TPM_ALG_NULL; session->bind = TPM_RH_NULL; session->bindName.b.size = 0; session->bindAuthValue.t.size = 0; #ifndef TPM_TSS_NOCRYPTO memset(session->nonceTPM.t.buffer, 0, sizeof(TPMU_HA)); session->nonceTPM.b.size = 0; memset(session->nonceCaller.t.buffer, 0, sizeof(TPMU_HA)); session->nonceCaller.b.size = 0; memset(session->sessionKey.t.buffer, 0, sizeof(TPMU_HA)); session->sessionKey.b.size = 0; #endif session->sessionType = 0; session->isPasswordNeeded = FALSE; session->isAuthValueNeeded = FALSE; memset(session->hmacKey.t.buffer, 0, sizeof(TPMU_HA) + sizeof(TPMU_HA)); session->hmacKey.b.size = 0; #ifndef TPM_TSS_NOCRYPTO memset(session->sessionValue.t.buffer, 0, sizeof(TPMU_HA) + sizeof(TPMU_HA)); session->sessionValue.b.size = 0; #endif } void TSS_HmacSession_FreeContext(struct TSS_HMAC_CONTEXT *session) { if (session!= NULL) { TSS_HmacSession_InitContext(session); free(session); } return; } /* TSS_HmacSession_SetSessionKey() is called by the StartAuthSession post processor to calculate and store the session key 19.6.8 sessionKey Creation */ #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_HmacSession_SetSessionKey(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, TPM2B_DIGEST *salt, TPMI_DH_ENTITY bind, TPM2B_AUTH *bindAuthValue) { TPM_RC rc = 0; TPM2B_KEY key; /* HMAC key for the KDFa */ if (rc == 0) { /* save the bind handle, non-null indicates a bound session */ session->bind = bind; /* if bind, save the bind Name in the session context. The handle might change, but the name will not */ if ((rc == 0) && (bind != TPM_RH_NULL)) { rc = TSS_Name_GetName(tssContext, &session->bindName, bind); } } if (rc == 0) { if ((bind != TPM_RH_NULL) || (salt->b.size != 0)) { /* session key is bindAuthValue || salt */ /* copy bindAuthValue. This is set during the preprocessor to either the supplied bind password */ if (rc == 0) { rc = TSS_TPM2B_Copy(&key.b, &bindAuthValue->b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); } /* copy salt. This is set during the postprocessor to either the salt from the preprocessor or empty. */ if (rc == 0) { rc = TSS_TPM2B_Append(&key.b, &salt->b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetSessionKey: KDFa HMAC key", key.b.buffer, key.b.size); } /* KDFa for the session key */ if (rc == 0) { rc = TSS_KDFA(session->sessionKey.b.buffer, session->authHashAlg, &key.b, "ATH", &session->nonceTPM.b, &session->nonceCaller.b, session->sizeInBytes * 8); } if (rc == 0) { session->sessionKey.b.size = session->sizeInBytes; if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetSessionKey: Session key", session->sessionKey.b.buffer, session->sessionKey.b.size); } } else { session->sessionKey.b.size = 0; } } return rc; } #endif /* TPM_TSS_NOCRYPTO */ /* TSS_HmacSession_SaveSession() saves a session in two cases: The initial session from startauthsession The updated session a TPM response */ static TPM_RC TSS_HmacSession_SaveSession(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session) { TPM_RC rc = 0; uint8_t *buffer = NULL; /* marshaled TSS_HMAC_CONTEXT */ uint16_t written = 0; #ifndef TPM_TSS_NOFILE char sessionFilename[128]; uint8_t *outBuffer = NULL; uint32_t outLength; #endif if (tssVverbose) printf("TSS_HmacSession_SaveSession: handle %08x\n", session->sessionHandle); if (rc == 0) { rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ &written, session, (MarshalFunction_t)TSS_HmacSession_Marshal); } #ifndef TPM_TSS_NOFILE if (rc == 0) { /* if the flag is set, encrypt the session state before store */ if (tssContext->tssEncryptSessions) { rc = TSS_AES_Encrypt(tssContext->tssSessionEncKey, &outBuffer, /* output, freed @2 */ &outLength, /* output */ buffer, /* input */ written); /* input */ } /* else store the session state in plaintext */ else { outBuffer = buffer; outLength = written; } } /* save the session in a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session handle */ if (rc == 0) { sprintf(sessionFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, session->sessionHandle); } if (rc == 0) { rc = TSS_File_WriteBinaryFile(outBuffer, outLength, sessionFilename); } if (tssContext->tssEncryptSessions) { free(outBuffer); /* @2 */ } #else /* no file support, save to context */ if (rc == 0) { rc = TSS_HmacSession_SaveData(tssContext, session->sessionHandle, written, buffer); } #endif free(buffer); /* @1 */ return rc; } /* TSS_HmacSession_LoadSession() loads an HMAC existing session saved by: startauthsession an update after a TPM response */ static TPM_RC TSS_HmacSession_LoadSession(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, TPMI_SH_AUTH_SESSION sessionHandle) { TPM_RC rc = 0; uint8_t *buffer = NULL; uint8_t *buffer1 = NULL; #ifndef TPM_TSS_NOFILE size_t length = 0; char sessionFilename[128]; #endif unsigned char *inData = NULL; /* output */ uint32_t inLength; /* output */ if (tssVverbose) printf("TSS_HmacSession_LoadSession: handle %08x\n", sessionHandle); #ifndef TPM_TSS_NOFILE /* load the session from a hard coded file name hxxxxxxxx.bin where xxxxxxxx is the session handle */ if (rc == 0) { sprintf(sessionFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, sessionHandle); rc = TSS_File_ReadBinaryFile(&buffer, /* freed @1 */ &length, sessionFilename); } if (rc == 0) { /* if the flag is set, decrypt the session state before unmarshal */ if (tssContext->tssEncryptSessions) { rc = TSS_AES_Decrypt(tssContext->tssSessionDecKey, &inData, /* output, freed @2 */ &inLength, /* output */ buffer, /* input */ length); /* input */ } /* else the session was loaded in plaintext */ else { inData = buffer; inLength = length; } } #else /* no file support, load from context */ if (rc == 0) { rc = TSS_HmacSession_LoadData(tssContext, &inLength, &inData, sessionHandle); } #endif if (rc == 0) { int32_t ilength = inLength; buffer1 = inData; rc = TSS_HmacSession_Unmarshal(session, &buffer1, &ilength); } #ifndef TPM_TSS_NOFILE if (tssContext->tssEncryptSessions) { free(inData); /* @2 */ } #endif free(buffer); /* @1 */ return rc; } #ifdef TPM_TSS_NOFILE static TPM_RC TSS_HmacSession_SaveData(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle, uint32_t outLength, uint8_t *outBuffer) { TPM_RC rc = 0; size_t slotIndex; /* if this handle is already used, overwrite the slot */ if (rc == 0) { rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle); if (rc != 0) { rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); if (rc == 0) { tssContext->sessions[slotIndex].sessionHandle = sessionHandle; } else { if (tssVerbose) printf("TSS_HmacSession_SaveData: Error, no slot available for handle %08x\n", sessionHandle); } } } /* reallocate memory and adjust the size */ if (rc == 0) { rc = TSS_Realloc(&tssContext->sessions[slotIndex].sessionData, outLength); } if (rc == 0) { tssContext->sessions[slotIndex].sessionDataLength = outLength; memcpy(tssContext->sessions[slotIndex].sessionData, outBuffer, outLength); } return rc; } static TPM_RC TSS_HmacSession_LoadData(TSS_CONTEXT *tssContext, uint32_t *inLength, uint8_t **inData, TPMI_SH_AUTH_SESSION sessionHandle) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle); if (rc != 0) { if (tssVerbose) printf("TSS_HmacSession_LoadData: Error, no slot found for handle %08x\n", sessionHandle); } } if (rc == 0) { *inLength = tssContext->sessions[slotIndex].sessionDataLength; *inData = tssContext->sessions[slotIndex].sessionData; } return rc; } static TPM_RC TSS_HmacSession_DeleteData(TSS_CONTEXT *tssContext, TPMI_SH_AUTH_SESSION sessionHandle) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { rc = TSS_HmacSession_GetSlotForHandle(tssContext, &slotIndex, sessionHandle); if (rc != 0) { if (tssVerbose) printf("TSS_HmacSession_DeleteData: Error, no slot found for handle %08x\n", sessionHandle); } } if (rc == 0) { tssContext->sessions[slotIndex].sessionHandle = TPM_RH_NULL; /* erase any secrets */ memset(tssContext->sessions[slotIndex].sessionData, 0, tssContext->sessions[slotIndex].sessionDataLength); free(tssContext->sessions[slotIndex].sessionData); tssContext->sessions[slotIndex].sessionData = NULL; tssContext->sessions[slotIndex].sessionDataLength = 0; } return rc; } /* TSS_HmacSession_GetSlotForHandle() finds the session slot corresponding to the session handle. Returns non-zero if no slot is found. */ static TPM_RC TSS_HmacSession_GetSlotForHandle(TSS_CONTEXT *tssContext, size_t *slotIndex, TPMI_SH_AUTH_SESSION sessionHandle) { size_t i; /* search all slots for handle */ for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { if (tssContext->sessions[i].sessionHandle == sessionHandle) { *slotIndex = i; return 0; } } return TSS_RC_NO_SESSION_SLOT; } #endif static uint16_t TSS_HmacSession_Marshal(struct TSS_HMAC_CONTEXT *source, uint16_t *written, uint8_t **buffer, int32_t *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_AUTH_SESSION_Marshal(&source->sessionHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->authHashAlg, written, buffer, size); } #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = TSS_UINT32_Marshal(&source->sizeInBytes, written, buffer, size); } #endif if (rc == 0) { rc = TSS_TPMT_SYM_DEF_Marshal(&source->symmetric, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_ENTITY_Marshal(&source->bind, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->bindName, written, buffer, size); } #ifdef TPM_WINDOWS /* FIXME Why does a VS release build need a printf here? */ if (tssVverbose) printf(""); #endif if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->bindAuthValue, written, buffer, size); } #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->nonceTPM, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->nonceCaller, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->sessionKey, written, buffer, size); } #endif if (rc == 0) { rc = TSS_TPM_SE_Marshal(&source->sessionType, written, buffer, size); } if (rc == 0) { rc = TSS_UINT8_Marshal(&source->isPasswordNeeded, written, buffer, size); } if (rc == 0) { rc = TSS_UINT8_Marshal(&source->isAuthValueNeeded, written, buffer, size); } return rc; } static TPM_RC TSS_HmacSession_Unmarshal(struct TSS_HMAC_CONTEXT *target, uint8_t **buffer, int32_t *size) { TPM_RC rc = 0; if (rc == 0) { rc = TPMI_SH_AUTH_SESSION_Unmarshal(&target->sessionHandle, buffer, size, NO); } if (rc == 0) { rc = TPMI_ALG_HASH_Unmarshal(&target->authHashAlg, buffer, size, NO); } #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = UINT32_Unmarshal(&target->sizeInBytes, buffer, size); } #endif if (rc == 0) { rc = TPMT_SYM_DEF_Unmarshal(&target->symmetric, buffer, size, YES); } if (rc == 0) { rc = TPMI_DH_ENTITY_Unmarshal(&target->bind, buffer, size, YES); } if (rc == 0) { rc = TPM2B_NAME_Unmarshal(&target->bindName, buffer, size); } if (rc == 0) { rc = TPM2B_AUTH_Unmarshal(&target->bindAuthValue, buffer, size); } #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = TPM2B_NONCE_Unmarshal(&target->nonceTPM, buffer, size); } if (rc == 0) { rc = TPM2B_NONCE_Unmarshal(&target->nonceCaller, buffer, size); } if (rc == 0) { rc = TPM2B_DIGEST_Unmarshal(&target->sessionKey, buffer, size); } #endif if (rc == 0) { rc = TPM_SE_Unmarshal(&target->sessionType, buffer, size); } if (rc == 0) { rc = UINT8_Unmarshal(&target->isPasswordNeeded, buffer, size); } if (rc == 0) { rc = UINT8_Unmarshal(&target->isAuthValueNeeded, buffer, size); } return rc; } /* Name handling */ /* TSS_Name_GetAllNames() files in the names array based on the handles marshaled into the TSS context command stream. */ static TPM_RC TSS_Name_GetAllNames(TSS_CONTEXT *tssContext, TPM2B_NAME **names) { TPM_RC rc = 0; uint32_t i; uint32_t commandHandleCount; /* number of handles in the command stream */ TPM_HANDLE commandHandle; /* get the number of handles in the command stream */ if (rc == 0) { rc = TSS_GetCommandHandleCount(tssContext->tssAuthContext, &commandHandleCount); if (tssVverbose) printf("TSS_Name_GetAllNames: commandHandleCount %u\n", commandHandleCount); } for (i = 0 ; i < commandHandleCount ; i++) { /* get a handle from the command stream */ if (rc == 0) { rc = TSS_GetCommandHandle(tssContext->tssAuthContext, &commandHandle, i); } /* get the Name corresponding to the handle */ if (rc == 0) { if (tssVverbose) printf("TSS_Name_GetAllNames: commandHandle %u %08x\n", i, commandHandle); rc = TSS_Name_GetName(tssContext, names[i], commandHandle); } } return rc; } /* TSS_Name_GetName() gets the Name associated with the handle */ static TPM_RC TSS_Name_GetName(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle) { TPM_RC rc = 0; TPM_HT handleType; if (tssVverbose) printf("TSS_Name_GetName: Handle %08x\n", handle); handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); /* Table 3 - Equations for Computing Entity Names */ switch (handleType) { /* for these, the Name is simply the handle value */ case TPM_HT_PCR: case TPM_HT_HMAC_SESSION: case TPM_HT_POLICY_SESSION: case TPM_HT_PERMANENT: rc = TSS_TPM2B_CreateUint32(&name->b, handle, sizeof(TPMU_NAME)); break; /* for NV, the Names was calculated at NV read public */ case TPM_HT_NV_INDEX: /* for objects, the Name was returned at creation or load */ case TPM_HT_TRANSIENT: case TPM_HT_PERSISTENT: rc = TSS_Name_Load(tssContext, name, handle, NULL); break; default: if (tssVerbose) printf("TSS_Name_GetName: not implemented for handle %08x\n", handle); rc = TSS_RC_NAME_NOT_IMPLEMENTED; break; } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Name_GetName: ", name->t.name, name->t.size); } return rc; } /* TSS_Name_Store() stores the 'name' parameter in a file. If handle is not 0, the handle is used as the file name. If 'string' is not NULL, the string is used as the file name. */ #ifndef TPM_TSS_NOFILE static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; char nameFilename[128]; if (rc == 0) { if (string == NULL) { if (handle != 0) { sprintf(nameFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle); } else { if (tssVerbose) printf("TSS_Name_Store: handle and string are both null"); rc = TSS_RC_NAME_FILENAME; } } else { if (handle == 0) { sprintf(nameFilename, "%s/h%s.bin", tssContext->tssDataDirectory, string); } else { if (tssVerbose) printf("TSS_Name_Store: handle and string are both not null"); rc = TSS_RC_NAME_FILENAME; } } } if (rc == 0) { if (tssVverbose) printf("TSS_Name_Store: File %s\n", nameFilename); rc = TSS_File_WriteBinaryFile(name->b.buffer, name->b.size, nameFilename); } return rc; } #endif /* TSS_Name_Load() loads the 'name' from a file. If handle is not 0, the handle is used as the file name. If 'string' is not NULL, the string is used as the file name. */ #ifndef TPM_TSS_NOFILE static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; char nameFilename[128]; if (rc == 0) { if (string == NULL) { if (handle != 0) { sprintf(nameFilename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle); } else { if (tssVerbose) printf("TSS_Name_Load: handle and string are both null\n"); rc = TSS_RC_NAME_FILENAME; } } else { if (handle == 0) { sprintf(nameFilename, "%s/h%s.bin", tssContext->tssDataDirectory, string); } else { if (tssVerbose) printf("TSS_Name_Load: handle and string are both not null\n"); rc = TSS_RC_NAME_FILENAME; } } } if (rc == 0) { if (tssVverbose) printf("TSS_Name_Load: File %s\n", nameFilename); rc = TSS_File_Read2B(&name->b, sizeof(TPMU_NAME), nameFilename); } return rc; } #endif /* TSS_Name_Store() stores the 'name' parameter the TSS context. */ #ifdef TPM_TSS_NOFILE static TPM_RC TSS_Name_Store(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; TPM_HT handleType; size_t slotIndex; if (tssVverbose) printf("TSS_Name_Store: Handle %08x\n", handle); handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); switch (handleType) { case TPM_HT_NV_INDEX: /* for NV, the Name was returned at creation */ rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, handle); if (rc != 0) { rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); if (rc == 0) { tssContext->nvPublic[slotIndex].nvIndex = handle; } else { if (tssVerbose) printf("TSS_Name_Store: Error, no slot available for handle %08x\n", handle); } } if (rc == 0) { tssContext->nvPublic[slotIndex].name = *name; } break; case TPM_HT_TRANSIENT: case TPM_HT_PERSISTENT: if (rc == 0) { if (string == NULL) { if (handle != 0) { /* if this handle is already used, overwrite the slot */ rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); if (rc != 0) { rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); if (rc == 0) { tssContext->objectPublic[slotIndex].objectHandle = handle; } else { if (tssVerbose) printf("TSS_Name_Store: " "Error, no slot available for handle %08x\n", handle); } } } else { if (tssVerbose) printf("TSS_Name_Store: handle and string are both null"); rc = TSS_RC_NAME_FILENAME; } } else { if (handle == 0) { if (tssVerbose) printf("TSS_Name_Store: string unimplemented"); rc = TSS_RC_NAME_FILENAME; } else { if (tssVerbose) printf("TSS_Name_Store: handle and string are both not null"); rc = TSS_RC_NAME_FILENAME; } } } if (rc == 0) { tssContext->objectPublic[slotIndex].name = *name; } break; default: if (tssVerbose) printf("TSS_Name_Store: handle type %02x unimplemented", handleType); rc = TSS_RC_NAME_FILENAME; } return rc; } #endif /* TSS_Name_Load() loads the 'name' from the TSS context. */ #ifdef TPM_TSS_NOFILE static TPM_RC TSS_Name_Load(TSS_CONTEXT *tssContext, TPM2B_NAME *name, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; TPM_HT handleType; size_t slotIndex; string = string; if (tssVverbose) printf("TSS_Name_Load: Handle %08x\n", handle); handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); switch (handleType) { case TPM_HT_NV_INDEX: rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, handle); if (rc != 0) { if (tssVerbose) printf("TSS_Name_Load: Error, no slot found for handle %08x\n", handle); } if (rc == 0) { *name = tssContext->nvPublic[slotIndex].name; } break; case TPM_HT_TRANSIENT: case TPM_HT_PERSISTENT: rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); if (rc != 0) { if (tssVerbose) printf("TSS_Name_Load: Error, no slot found for handle %08x\n", handle); } if (rc == 0) { *name = tssContext->objectPublic[slotIndex].name; } break; default: if (tssVerbose) printf("TSS_Name_Load: handle type %02x unimplemented", handleType); rc = TSS_RC_NAME_FILENAME; } return rc; } #endif /* TSS_Name_Copy() copies the name from either inHandle or inString to either outHandle or outString */ static TPM_RC TSS_Name_Copy(TSS_CONTEXT *tssContext, TPM_HANDLE outHandle, const char *outString, TPM_HANDLE inHandle, const char *inString) { TPM_RC rc = 0; TPM2B_NAME name; if (rc == 0) { rc = TSS_Name_Load(tssContext, &name, inHandle, inString); } if (rc == 0) { rc = TSS_Name_Store(tssContext, &name, outHandle, outString); } return rc; } /* TSS_Public_Store() stores the 'public' parameter in a file. If handle is not 0, the handle is used as the file name. If 'string' is not NULL, the string is used as the file name. */ #ifndef TPM_TSS_NOFILE static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext, TPM2B_PUBLIC *public, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; char publicFilename[128]; if (rc == 0) { if (string == NULL) { if (handle != 0) { /* store by handle */ sprintf(publicFilename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle); } else { if (tssVerbose) printf("TSS_Public_Store: handle and string are both null"); rc = TSS_RC_NAME_FILENAME; } } else { if (handle == 0) { /* store by string */ sprintf(publicFilename, "%s/hp%s.bin", tssContext->tssDataDirectory, string); } else { if (tssVerbose) printf("TSS_Public_Store: handle and string are both not null"); rc = TSS_RC_NAME_FILENAME; } } } if (rc == 0) { if (tssVverbose) printf("TSS_Public_Store: File %s\n", publicFilename); rc = TSS_File_WriteStructure(public, (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal, publicFilename); } return rc; } #endif /* TSS_Public_Load() loads the 'public' parameter from a file. If handle is not 0, the handle is used as the file name. If 'string' is not NULL, the string is used as the file name. */ #ifndef TPM_TSS_NOFILE static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext, TPM2B_PUBLIC *public, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; char publicFilename[128]; if (rc == 0) { if (string == NULL) { if (handle != 0) { sprintf(publicFilename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle); } else { if (tssVerbose) printf("TSS_Public_Load: handle and string are both null\n"); rc = TSS_RC_NAME_FILENAME; } } else { if (handle == 0) { sprintf(publicFilename, "%s/hp%s.bin", tssContext->tssDataDirectory, string); } else { if (tssVerbose) printf("TSS_Public_Load: handle and string are both not null\n"); rc = TSS_RC_NAME_FILENAME; } } } if (rc == 0) { if (tssVverbose) printf("TSS_Public_Load: File %s\n", publicFilename); rc = TSS_File_ReadStructure(public, (UnmarshalFunction_t)TPM2B_PUBLIC_Unmarshal, publicFilename); } return rc; } #endif /* TPM_TSS_NOFILE */ /* TSS_Public_Copy() copies the TPM2B_PUBLIC from either inHandle or inString to either outHandle or outString */ static TPM_RC TSS_Public_Copy(TSS_CONTEXT *tssContext, TPM_HANDLE outHandle, const char *outString, TPM_HANDLE inHandle, const char *inString) { TPM_RC rc = 0; TPM2B_PUBLIC public; if (rc == 0) { rc = TSS_Public_Load(tssContext, &public, inHandle, inString); } if (rc == 0) { rc = TSS_Public_Store(tssContext, &public, outHandle, outString); } return rc; } /* TSS_Public_Store() stores the 'public' parameter in the TSS context. */ #ifdef TPM_TSS_NOFILE static TPM_RC TSS_Public_Store(TSS_CONTEXT *tssContext, TPM2B_PUBLIC *public, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { if (string == NULL) { if (handle != 0) { /* if this handle is already used, overwrite the slot */ rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); if (rc != 0) { rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); if (rc == 0) { tssContext->objectPublic[slotIndex].objectHandle = handle; } else { if (tssVerbose) printf("TSS_Public_Store: Error, no slot available for handle %08x\n", handle); } } } else { if (tssVerbose) printf("TSS_Public_Store: handle and string are both null"); rc = TSS_RC_NAME_FILENAME; } } else { if (handle == 0) { if (tssVerbose) printf("TSS_Public_Store: string not implemented yet"); rc = TSS_RC_NAME_FILENAME; } else { if (tssVerbose) printf("TSS_Public_Store: handle and string are both not null"); rc = TSS_RC_NAME_FILENAME; } } } if (rc == 0) { tssContext->objectPublic[slotIndex].objectPublic = *public; } return rc; } #endif /* TSS_Public_Load() loaded the object public from the TSS context. */ #ifdef TPM_TSS_NOFILE static TPM_RC TSS_Public_Load(TSS_CONTEXT *tssContext, TPM2B_PUBLIC *public, TPM_HANDLE handle, const char *string) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { if (string == NULL) { if (handle != 0) { rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); if (rc != 0) { if (tssVerbose) printf("TSS_Public_Load: Error, no slot found for handle %08x\n", handle); } } else { if (tssVerbose) printf("TSS_Public_Load: handle and string are both null\n"); rc = TSS_RC_NAME_FILENAME; } } else { if (handle == 0) { if (tssVerbose) printf("TSS_Public_Load: string not implemented yet"); rc = TSS_RC_NAME_FILENAME; } else { if (tssVerbose) printf("TSS_Public_Load: handle and string are both not null\n"); rc = TSS_RC_NAME_FILENAME; } } } if (rc == 0) { *public = tssContext->objectPublic[slotIndex].objectPublic; } return rc; } #endif /* TPM_TSS_NOFILE */ #ifdef TPM_TSS_NOFILE /* TSS_ObjectPublic_GetSlotForHandle() finds the object public slot corresponding to the handle. Returns non-zero if no slot is found. */ static TPM_RC TSS_ObjectPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, size_t *slotIndex, TPM_HANDLE handle) { size_t i; /* search all slots for handle */ for (i = 0 ; i < (sizeof(tssContext->sessions) / sizeof(TSS_SESSIONS)) ; i++) { if (tssContext->objectPublic[i].objectHandle == handle) { *slotIndex = i; return 0; } } return TSS_RC_NO_OBJECTPUBLIC_SLOT; } #endif #ifdef TPM_TSS_NOFILE static TPM_RC TSS_ObjectPublic_DeleteData(TSS_CONTEXT *tssContext, TPM_HANDLE handle) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { rc = TSS_ObjectPublic_GetSlotForHandle(tssContext, &slotIndex, handle); if (rc != 0) { if (tssVerbose) printf("TSS_ObjectPublic_DeleteData: Error, no slot found for handle %08x\n", handle); } } if (rc == 0) { tssContext->objectPublic[slotIndex].objectHandle = TPM_RH_NULL; } return rc; } #endif /* TSS_DeleteHandle() removes retained state stored by the TSS for a handle */ static TPM_RC TSS_DeleteHandle(TSS_CONTEXT *tssContext, TPM_HANDLE handle) { TPM_RC rc = 0; TPM_HT handleType; #ifndef TPM_TSS_NOFILE char filename[128]; #endif handleType = (TPM_HT) ((handle & HR_RANGE_MASK) >> HR_SHIFT); #ifndef TPM_TSS_NOFILE /* delete the Name */ if (rc == 0) { sprintf(filename, "%s/h%08x.bin", tssContext->tssDataDirectory, handle); if (tssVverbose) printf("TSS_DeleteHandle: delete Name file %s\n", filename); rc = TSS_File_DeleteFile(filename); } /* delete the public if it exists */ if (rc == 0) { if ((handleType == TPM_HT_TRANSIENT) || (handleType == TPM_HT_PERSISTENT)) { sprintf(filename, "%s/hp%08x.bin", tssContext->tssDataDirectory, handle); if (tssVverbose) printf("TSS_DeleteHandle: delete public file %s\n", filename); TSS_File_DeleteFile(filename); } } #else /* sessions persist in the context and can be deleted */ if (rc == 0) { switch (handleType) { case TPM_HT_NV_INDEX: rc = -1; /* FIXME not supported yet for no file variant */ break; case TPM_HT_HMAC_SESSION: case TPM_HT_POLICY_SESSION: if (tssVverbose) printf("TSS_DeleteHandle: delete session state %08x\n", handle); rc = TSS_HmacSession_DeleteData(tssContext, handle); break; case TPM_HT_TRANSIENT: case TPM_HT_PERSISTENT: rc = TSS_ObjectPublic_DeleteData(tssContext, handle); break; } } #endif return rc; } /* TSS_ObjectPublic_GetName() calculates the Name from the TPMT_PUBLIC. The Name provides security, because the Name returned from the TPM2_ReadPublic cannot be trusted. */ static TPM_RC TSS_ObjectPublic_GetName(TPM2B_NAME *name, TPMT_PUBLIC *tpmtPublic) { TPM_RC rc = 0; #ifndef TPM_TSS_NOCRYPTO uint16_t written = 0; TPMT_HA digest; uint32_t sizeInBytes; uint8_t buffer[MAX_RESPONSE_SIZE]; /* marshal the TPMT_PUBLIC */ if (rc == 0) { INT32 size = MAX_RESPONSE_SIZE; uint8_t *buffer1 = buffer; rc = TSS_TPMT_PUBLIC_Marshal(tpmtPublic, &written, &buffer1, &size); } /* hash the public area */ if (rc == 0) { sizeInBytes = TSS_GetDigestSize(tpmtPublic->nameAlg); digest.hashAlg = tpmtPublic->nameAlg; /* Name digest algorithm */ /* generate the TPMT_HA */ rc = TSS_Hash_Generate(&digest, written, buffer, 0, NULL); } if (rc == 0) { /* copy the digest */ memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes); /* copy the hash algorithm */ TPMI_ALG_HASH nameAlgNbo = htons(tpmtPublic->nameAlg); memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH)); /* set the size */ name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH); } #else tpmtPublic = tpmtPublic; name->t.size = 0; #endif return rc; } /* TSS_NVPublic_Store() stores the NV public data in a file. */ #ifndef TPM_TSS_NOFILE #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext, TPMS_NV_PUBLIC *nvPublic, TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; char nvpFilename[128]; if (rc == 0) { sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex); rc = TSS_File_WriteStructure(nvPublic, (MarshalFunction_t)TSS_TPMS_NV_PUBLIC_Marshal, nvpFilename); } return rc; } #endif #endif /* TSS_NVPublic_Load() loads the NV public from a file. */ #ifndef TPM_TSS_NOFILE #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext, TPMS_NV_PUBLIC *nvPublic, TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; char nvpFilename[128]; if (rc == 0) { sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex); rc = TSS_File_ReadStructure(nvPublic, (UnmarshalFunction_t)TPMS_NV_PUBLIC_Unmarshal, nvpFilename); } return rc; } #endif #endif #ifndef TPM_TSS_NOFILE static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext, TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; char nvpFilename[128]; if (rc == 0) { sprintf(nvpFilename, "%s/nvp%08x.bin", tssContext->tssDataDirectory, nvIndex); rc = TSS_File_DeleteFile(nvpFilename); return rc; } return rc; } #endif #ifdef TPM_TSS_NOFILE #ifndef TPM_TSS_NOCRYPTO /* TSS_NVPublic_Store() stores the NV public data in a file. */ static TPM_RC TSS_NVPublic_Store(TSS_CONTEXT *tssContext, TPMS_NV_PUBLIC *nvPublic, TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex); if (rc != 0) { rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, TPM_RH_NULL); if (rc == 0) { tssContext->nvPublic[slotIndex].nvIndex = nvIndex; } else { if (tssVerbose) printf("TSS_NVPublic_Store: Error, no slot available for handle %08x\n", nvIndex); } } } if (rc == 0) { tssContext->nvPublic[slotIndex].nvPublic = *nvPublic; } return rc; } #endif #endif #ifdef TPM_TSS_NOFILE #ifndef TPM_TSS_NOCRYPTO /* TSS_NVPublic_Load() loads the NV public from a file. */ static TPM_RC TSS_NVPublic_Load(TSS_CONTEXT *tssContext, TPMS_NV_PUBLIC *nvPublic, TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex); if (rc != 0) { if (tssVerbose) printf("TSS_NVPublic_Load: Error, no slot found for handle %08x\n", nvIndex); } } if (rc == 0) { *nvPublic = tssContext->nvPublic[slotIndex].nvPublic; } return rc; } #endif #endif #ifdef TPM_TSS_NOFILE static TPM_RC TSS_NVPublic_Delete(TSS_CONTEXT *tssContext, TPMI_RH_NV_INDEX nvIndex) { TPM_RC rc = 0; size_t slotIndex; if (rc == 0) { rc = TSS_NvPublic_GetSlotForHandle(tssContext, &slotIndex, nvIndex); if (rc != 0) { if (tssVerbose) printf("TSS_NVPublic_Delete: Error, no slot found for handle %08x\n", nvIndex); } } if (rc == 0) { tssContext->nvPublic[slotIndex].nvIndex = TPM_RH_NULL; } return rc; } #endif #ifdef TPM_TSS_NOFILE /* TSS_NvPublic_GetSlotForHandle() finds the object public slot corresponding to the handle. Returns non-zero if no slot is found. */ static TPM_RC TSS_NvPublic_GetSlotForHandle(TSS_CONTEXT *tssContext, size_t *slotIndex, TPMI_RH_NV_INDEX nvIndex) { size_t i; /* search all slots for handle */ for (i = 0 ; i < (sizeof(tssContext->nvPublic) / sizeof(TSS_NVPUBLIC)) ; i++) { if (tssContext->nvPublic[i].nvIndex == nvIndex) { *slotIndex = i; return 0; } } return TSS_RC_NO_NVPUBLIC_SLOT; } #endif /* TSS_NVPublic_GetName() calculates the Name from the TPMS_NV_PUBLIC. The Name provides security, because the Name returned from the TPM2_NV_ReadPublic cannot be trusted. */ #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_NVPublic_GetName(TPM2B_NAME *name, TPMS_NV_PUBLIC *nvPublic) { TPM_RC rc = 0; uint16_t written = 0; TPMT_HA digest; uint32_t sizeInBytes; uint8_t buffer[MAX_RESPONSE_SIZE]; /* marshal the TPMS_NV_PUBLIC */ if (rc == 0) { INT32 size = MAX_RESPONSE_SIZE; uint8_t *buffer1 = buffer; rc = TSS_TPMS_NV_PUBLIC_Marshal(nvPublic, &written, &buffer1, &size); } /* hash the public area */ if (rc == 0) { sizeInBytes = TSS_GetDigestSize(nvPublic->nameAlg); digest.hashAlg = nvPublic->nameAlg; /* Name digest algorithm */ /* generate the TPMT_HA */ rc = TSS_Hash_Generate(&digest, written, buffer, 0, NULL); } if (rc == 0) { /* copy the digest */ memcpy(name->t.name + sizeof(TPMI_ALG_HASH), (uint8_t *)&digest.digest, sizeInBytes); /* copy the hash algorithm */ TPMI_ALG_HASH nameAlgNbo = htons(nvPublic->nameAlg); memcpy(name->t.name, (uint8_t *)&nameAlgNbo, sizeof(TPMI_ALG_HASH)); /* set the size */ name->t.size = sizeInBytes + sizeof(TPMI_ALG_HASH); } return rc; } #endif #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_HmacSession_SetNonceCaller(struct TSS_HMAC_CONTEXT *session, TPMS_AUTH_COMMAND *authC) { TPM_RC rc = 0; /* generate a new nonceCaller */ if (rc == 0) { session->nonceCaller.b.size = session->sizeInBytes; rc = TSS_RandBytes(session->nonceCaller.t.buffer,session->sizeInBytes); } /* nonceCaller for the command */ if (rc == 0) { rc = TSS_TPM2B_Copy(&authC->nonce.b, &session->nonceCaller.b, sizeof(TPMU_HA)); } return rc; } #endif /* TPM_TSS_NOCRYPTO */ #ifndef TPM_TSS_NOCRYPTO /* TSS_HmacSession_SetHmacKey() calculates the session HMAC key. handleNumber is index into the session area. The first sessions, the authorization sessions, have a corresponding handle in the command handle. */ static TPM_RC TSS_HmacSession_SetHmacKey(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, /* index into the handle area */ const char *password) { TPM_RC rc = 0; TPM_HANDLE commandHandle; /* from handle area, for bound session */ TPM2B_NAME name; TPM2B_AUTH authValue; int bindMatch = FALSE; int done = FALSE; /* done with authorization sessions */ /* authHMAC = HMACsessionAlg ((sessionKey || authValue), (pHash || nonceNewer || nonceOlder { || nonceTPMdecrypt } { || nonceTPMencrypt } || sessionAttributes)) */ /* HMAC key is sessionKey || authValue */ /* copy the session key to HMAC key */ if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHmacKey: sessionKey", session->sessionKey.b.buffer, session->sessionKey.b.size); rc = TSS_TPM2B_Copy(&session->hmacKey.b, &session->sessionKey.b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); } /* copy the session key to sessionValue */ if (rc == 0) { rc = TSS_TPM2B_Copy(&session->sessionValue.b, &session->sessionKey.b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHmacKey: preliminary sessionValue", session->sessionValue.b.buffer, session->sessionValue.b.size); } /* This value is an EmptyAuth if the HMAC is being computed to authorize an action on the object to which the session is bound. */ /* The first sessions are authorization sessions. They can have a bind entity. All others can be encrypt or decrypt sessions, but the authValue is not included in the session key. */ if (rc == 0) { AUTH_ROLE authRole = TSS_GetAuthRole(tssContext->tssAuthContext, handleNumber); if (authRole == AUTH_NONE) { if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: Done, not auth session\n"); done = TRUE; /* not an authorization session, could be audit or encrypt/decrypt */ } } /* If not an authorization session, there is no authValue to append to the HMAC key or encrypt sessionValue, regardless of the binding. Below is for auth sessions. */ if (!done) { /* First, if there was a bind handle, check if the name matches. Else bindMatch remains FALSE. */ if (session->bind != TPM_RH_NULL) { /* get the handle for this session */ if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: Processing bind handle %08x\n", session->bind); if (rc == 0) { rc = TSS_GetCommandHandle(tssContext->tssAuthContext, &commandHandle, handleNumber); } /* get the Name corresponding to the handle */ if (rc == 0) { if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: commandHandle %08x bindHandle %08x\n", commandHandle, session->bind); rc = TSS_Name_GetName(tssContext, &name, commandHandle); } /* compare the authorized object name to the bind object name */ if (rc == 0) { bindMatch = TSS_TPM2B_Compare(&name.b, &session->bindName.b); if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: bind match %u\n", bindMatch); } } /* Second, append password to session key for HMAC key if required */ /* When performing an HMAC for authorization, the HMAC key is normally the concatenation of the entity's authValue to the sessions sessionKey (created at TPM2_StartAuthSession(). However, if the authorization is for the entity to which the session is bound, the authValue is not included in the HMAC key. When a policy requires that an HMAC be computed, it is always concatenated. */ if ((rc == 0) && /* append if HMAC session and not bind match */ (((session->sessionType == TPM_SE_HMAC) && !bindMatch) || /* append if policy and policy authvalue */ ((session->sessionType == TPM_SE_POLICY) && session->isAuthValueNeeded)) && (password != NULL) /* if password is NULL, nothing to append. */ ) { if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: Appending authValue to HMAC key\n"); /* convert the password to an authvalue */ if (rc == 0) { rc = TSS_TPM2B_StringCopy(&authValue.b, password, sizeof(TPMU_HA)); } /* append the authvalue to the session key to create the hmac key */ if (rc == 0) { rc = TSS_TPM2B_Append(&session->hmacKey.b, &authValue.b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); } } /* Third, append password to session key for sessionValue If a session is also being used for authorization, sessionValue (see 21.2 and 21.3) is sessionKey || authValue. The binding of the session is ignored. If the session is not being used for authorization, sessionValue is sessionKey. */ /* NOTE This step occurs even if there is a bind match. That is, the password is effectively appended twice. */ if (rc == 0) { /* if not bind, sessionValue is sessionKey || authValue (same as HMAC key) */ if (!bindMatch) { if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: " "No bind, appending authValue to sessionValue\n"); /* convert the password to an authvalue */ if (rc == 0) { rc = TSS_TPM2B_StringCopy(&authValue.b, password, sizeof(TPMU_HA)); } if (rc == 0) { rc = TSS_TPM2B_Append(&session->sessionValue.b, &authValue.b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); } } /* if bind, sessionValue is sessionKey || bindAuthValue */ else { if (tssVverbose) printf("TSS_HmacSession_SetHmacKey: " "Bind, appending bind authValue to sessionValue\n"); if (rc == 0) { rc = TSS_TPM2B_Append(&session->sessionValue.b, &session->bindAuthValue.b, sizeof(TPMU_HA) + sizeof(TPMT_HA)); } } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHmacKey: bindAuthValue", session->bindAuthValue.b.buffer, session->bindAuthValue.b.size); } } } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHmacKey: hmacKey", session->hmacKey.b.buffer, session->hmacKey.b.size); if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHmacKey: sessionValue", session->sessionValue.b.buffer, session->sessionValue.b.size); } return rc; } #endif /* TPM_TSS_NOCRYPTO */ /* TSS_HmacSession_SetHMAC() is used for a command. It sets all the values in one TPMS_AUTH_COMMAND, ready for marshaling into the command packet. - gets cpBuffer - generates cpHash - generates the HMAC - copies the result into authCommand Unused names must have size 0. The HMAC key is already in the session structure. */ static TPM_RC TSS_HmacSession_SetHMAC(TSS_AUTH_CONTEXT *tssAuthContext, /* authorization context */ struct TSS_HMAC_CONTEXT *session[], TPMS_AUTH_COMMAND *authCommand[], /* output: command authorization */ TPMI_SH_AUTH_SESSION sessionHandle[], /* session handles in command */ unsigned int sessionAttributes[], /* attributes for this command */ const char *password[], TPM2B_NAME *name0, /* up to 3 names */ TPM2B_NAME *name1, /* unused names have length 0 */ TPM2B_NAME *name2) { TPM_RC rc = 0; unsigned int i = 0; TPMT_HA cpHash; #ifndef TPM_TSS_NOCRYPTO TPMT_HA hmac; TPM2B_NONCE nonceTPMDecrypt; TPM2B_NONCE nonceTPMEncrypt; #endif /* TPM_TSS_NOCRYPTO */ cpHash.hashAlg = TPM_ALG_NULL; /* for cpHash calculation optimization */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) ; i++) { uint8_t sessionAttr8; if (tssVverbose) printf("TSS_HmacSession_SetHMAC: Step 6 session %08x\n", sessionHandle[i]); /* password sessions were serviced in step 2. */ if (sessionHandle[i] == TPM_RS_PW) { continue; } if (tssVverbose) printf("TSS_HmacSession_SetHMAC: sessionType %02x\n", session[i]->sessionType); if (tssVverbose) printf("TSS_HmacSession_SetHMAC: isPasswordNeeded %02x\n", session[i]->isPasswordNeeded); if (tssVverbose) printf("TSS_HmacSession_SetHMAC: isAuthValueNeeded %02x\n", session[i]->isAuthValueNeeded); /* sessionHandle */ authCommand[i]->sessionHandle = session[i]->sessionHandle; /* attributes come from command */ sessionAttr8 = (uint8_t)sessionAttributes[i]; authCommand[i]->sessionAttributes.val = sessionAttr8; /* policy session with policy password handled below, no hmac. isPasswordNeeded is never true for an HMAC session, so don't need to test session type here. */ if (!(session[i]->isPasswordNeeded)) { /* HMAC session */ if ((session[i]->sessionType == TPM_SE_HMAC) || /* policy session with TPM2_PolicyAuthValue */ ((session[i]->sessionType == TPM_SE_POLICY) && (session[i]->isAuthValueNeeded)) || /* salted session */ (session[i]->hmacKey.t.size != 0) ) { /* needs HMAC */ #ifndef TPM_TSS_NOCRYPTO if (tssVverbose) printf("TSS_HmacSession_SetHMAC: calculate HMAC\n"); /* calculate cpHash. Performance optimization: If there is more than one session, and the hash algorithm is the same, use the previously calculated version. */ if ((rc == 0) && (cpHash.hashAlg != session[i]->authHashAlg)) { uint32_t cpBufferSize; uint8_t *cpBuffer; TPM_CC commandCode; TPM_CC commandCodeNbo; rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer); if (tssVverbose) TSS_PrintAll("TSS_HmacSession_SetHMAC: cpBuffer", cpBuffer, cpBufferSize); cpHash.hashAlg = session[i]->authHashAlg; /* cpHash = hash(commandCode [ || authName1 */ /* [ || authName2 */ /* [ || authName3 ]]] */ /* [ || parameters]) */ /* A cpHash can contain just a commandCode only if the lone session is */ /* an audit session. */ commandCode = TSS_GetCommandCode(tssAuthContext); commandCodeNbo = htonl(commandCode); rc = TSS_Hash_Generate(&cpHash, /* largest size of a digest */ sizeof(TPM_CC), &commandCodeNbo, name0->b.size, &name0->b.buffer, name1->b.size, &name1->b.buffer, name2->b.size, &name2->b.buffer, cpBufferSize, cpBuffer, 0, NULL); } if (i == 0) { unsigned int isDecrypt = 0; /* count number of sessions with decrypt set */ unsigned int decryptSession = 0; /* which one is decrypt */ unsigned int isEncrypt = 0; /* count number of sessions with decrypt set */ unsigned int encryptSession = 0; /* which one is decrypt */ nonceTPMDecrypt.t.size = 0; nonceTPMEncrypt.t.size = 0; /* if a different session is being used for parameter decryption, then the nonceTPM for that session is included in the HMAC of the first authorization session */ if (rc == 0) { rc = TSS_Sessions_GetDecryptSession(&isDecrypt, &decryptSession, sessionHandle, sessionAttributes); } if ((rc == 0) && isDecrypt && (decryptSession != 0)) { rc = TSS_TPM2B_Copy(&nonceTPMDecrypt.b, &session[decryptSession]->nonceTPM.b, sizeof(TPMU_HA)); } /* if a different session is being used for parameter encryption, then the nonceTPM for that session is included in the HMAC of the first authorization session */ if (rc == 0) { rc = TSS_Sessions_GetEncryptSession(&isEncrypt, &encryptSession, sessionHandle, sessionAttributes); } /* Don't include the same nonce twice */ if ((rc == 0) && isEncrypt && (encryptSession != 0)) { if (!isDecrypt || (encryptSession != decryptSession)) { rc = TSS_TPM2B_Copy(&nonceTPMEncrypt.b, &session[encryptSession]->nonceTPM.b, sizeof(TPMU_HA)); } } } /* for other than the first session, those nonces are not used */ else { nonceTPMDecrypt.t.size = 0; nonceTPMEncrypt.t.size = 0; } /* */ if (rc == 0) { hmac.hashAlg = session[i]->authHashAlg; rc = TSS_HMAC_Generate(&hmac, /* output hmac */ &session[i]->hmacKey, /* input key */ session[i]->sizeInBytes, (uint8_t *)&cpHash.digest, /* new is nonceCaller */ session[i]->nonceCaller.b.size, &session[i]->nonceCaller.b.buffer, /* old is previous nonceTPM */ session[i]->nonceTPM.b.size, &session[i]->nonceTPM.b.buffer, /* nonceTPMDecrypt */ nonceTPMDecrypt.b.size, nonceTPMDecrypt.b.buffer, /* nonceTPMEncrypt */ nonceTPMEncrypt.b.size, nonceTPMEncrypt.b.buffer, /* 1 byte, no endian conversion */ sizeof(uint8_t), &sessionAttr8, 0, NULL); if (tssVverbose) { TSS_PrintAll("TSS_HmacSession_SetHMAC: HMAC key", session[i]->hmacKey.t.buffer, session[i]->hmacKey.t.size); TSS_PrintAll("TSS_HmacSession_SetHMAC: cpHash", (uint8_t *)&cpHash.digest, session[i]->sizeInBytes); TSS_PrintAll("TSS_HmacSession_Set: nonceCaller", session[i]->nonceCaller.b.buffer, session[i]->nonceCaller.b.size); TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPM", session[i]->nonceTPM.b.buffer, session[i]->nonceTPM.b.size); TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPMDecrypt", nonceTPMDecrypt.b.buffer, nonceTPMDecrypt.b.size); TSS_PrintAll("TSS_HmacSession_SetHMAC: nonceTPMEncrypt", nonceTPMEncrypt.b.buffer, nonceTPMEncrypt.b.size); TSS_PrintAll("TSS_HmacSession_SetHMAC: sessionAttributes", &sessionAttr8, sizeof(uint8_t)); TSS_PrintAll("TSS_HmacSession_SetHMAC: HMAC", (uint8_t *)&hmac.digest, session[i]->sizeInBytes); } } /* copy HMAC into authCommand TPM2B_AUTH hmac */ if (rc == 0) { rc = TSS_TPM2B_Create(&authCommand[i]->hmac.b, (uint8_t *)&hmac.digest, session[i]->sizeInBytes, sizeof(TPMU_HA)); } #else tssAuthContext = tssAuthContext; name0 = name0; name1 = name1; name2 = name2; if (tssVerbose) printf("TSS_HmacSession_SetHMAC: Error, with no crypto not implemented\n"); rc = TSS_RC_NOT_IMPLEMENTED; #endif /* TPM_TSS_NOCRYPTO */ } /* not HMAC, not policy requiring password or hmac */ else { authCommand[i]->hmac.b.size = 0; } } /* For a policy session that contains TPM2_PolicyPassword(), the password takes precedence and must be present in hmac. */ else { /* isPasswordNeeded true */ if (tssVverbose) printf("TSS_HmacSession_SetHMAC: use password\n"); /* nonce has already been set */ rc = TSS_TPM2B_StringCopy(&authCommand[i]->hmac.b, password[i], sizeof(TPMU_HA)); } } return rc; } #ifndef TPM_TSS_NOCRYPTO /* TSS_HmacSession_Verify() is used for a response. It uses the values in TPMS_AUTH_RESPONSE to validate the response HMAC */ static TPM_RC TSS_HmacSession_Verify(TSS_AUTH_CONTEXT *tssAuthContext, /* authorization context */ struct TSS_HMAC_CONTEXT *session, /* TSS session context */ TPMS_AUTH_RESPONSE *authResponse) /* input: response authorization */ { TPM_RC rc = 0; uint32_t rpBufferSize; uint8_t *rpBuffer; TPMT_HA rpHash; TPMT_HA actualHmac; /* get the rpBuffer */ if (rc == 0) { rc = TSS_GetRpBuffer(tssAuthContext, &rpBufferSize, &rpBuffer); if (tssVverbose) TSS_PrintAll("TSS_HmacSession_Verify: rpBuffer", rpBuffer, rpBufferSize); } /* calculate rpHash */ if (rc == 0) { TPM_CC commandCode; TPM_CC commandCodeNbo; rpHash.hashAlg = session->authHashAlg; commandCode = TSS_GetCommandCode(tssAuthContext); commandCodeNbo = htonl(commandCode); /* rpHash = HsessionAlg (responseCode || commandCode {|| parameters }) */ rc = TSS_Hash_Generate(&rpHash, /* largest size of a digest */ sizeof(TPM_RC), &rc, /* RC is always 0, no need to endian convert */ sizeof(TPM_CC), &commandCodeNbo, rpBufferSize, rpBuffer, 0, NULL); } /* construct the actual HMAC as TPMT_HA */ if (rc == 0) { actualHmac.hashAlg = session->authHashAlg; if (authResponse->hmac.t.size != session->sizeInBytes) { if (tssVerbose) printf("TSS_HmacSession_Verify: HMAC size %u inconsistent with algorithm %u\n", authResponse->hmac.t.size, session->sizeInBytes); rc = TSS_RC_HMAC_SIZE; } } if (rc == 0) { memcpy((uint8_t *)&actualHmac.digest, &authResponse->hmac.t.buffer, authResponse->hmac.t.size); } /* verify the HMAC */ if (rc == 0) { if (tssVverbose) { TSS_PrintAll("TSS_HmacSession_Verify: HMAC key", session->hmacKey.t.buffer, session->hmacKey.t.size); TSS_PrintAll("TSS_HmacSession_Verify: rpHash", (uint8_t *)&rpHash.digest, session->sizeInBytes); TSS_PrintAll("TSS_HmacSession_Verify: nonceTPM", session->nonceTPM.b.buffer, session->nonceTPM.b.size); TSS_PrintAll("TSS_HmacSession_Verify: nonceCaller", session->nonceCaller.b.buffer, session->nonceCaller.b.size); TSS_PrintAll("TSS_HmacSession_Verify: sessionAttributes", &authResponse->sessionAttributes.val, sizeof(uint8_t)); TSS_PrintAll("TSS_HmacSession_Verify: response HMAC", (uint8_t *)&authResponse->hmac.t.buffer, session->sizeInBytes); } rc = TSS_HMAC_Verify(&actualHmac, /* input response hmac */ &session->hmacKey, /* input HMAC key */ session->sizeInBytes, /* rpHash */ session->sizeInBytes, (uint8_t *)&rpHash.digest, /* new is nonceTPM */ session->nonceTPM.b.size, &session->nonceTPM.b.buffer, /* old is nonceCaller */ session->nonceCaller.b.size, &session->nonceCaller.b.buffer, /* 1 byte, no endian conversion */ sizeof(uint8_t), &authResponse->sessionAttributes.val, 0, NULL); } return rc; } #endif /* TPM_TSS_NOCRYPTO */ /* TSS_HmacSession_Continue() handles the response continueSession flag. It either saves the updated session or deletes the session state. */ static TPM_RC TSS_HmacSession_Continue(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, TPMS_AUTH_RESPONSE *authR) { TPM_RC rc = 0; if (rc == 0) { /* if continue set */ if (authR->sessionAttributes.val & TPMA_SESSION_CONTINUESESSION) { /* clear the policy flags in preparation for the next use */ session->isPasswordNeeded = FALSE; session->isAuthValueNeeded = FALSE; /* save the session */ rc = TSS_HmacSession_SaveSession(tssContext, session); } else { /* continue clear */ /* delete the session state */ rc = TSS_DeleteHandle(tssContext, session->sessionHandle); } } return rc; } /* TSS_Sessions_GetDecryptSession() searches for a command decrypt session. If found, returns isDecrypt TRUE, and the session number in decryptSession. */ static TPM_RC TSS_Sessions_GetDecryptSession(unsigned int *isDecrypt, unsigned int *decryptSession, TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]) { TPM_RC rc = 0; unsigned int i = 0; /* count the number of command decrypt sessions */ *isDecrypt = 0; /* number of sessions with decrypt set */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) && (sessionHandle[i] != TPM_RS_PW) ; i++) { if (sessionAttributes[i] & TPMA_SESSION_DECRYPT) { (*isDecrypt)++; /* count number of decrypt sessions */ *decryptSession = i; /* record which one it was */ } } /* how many decrypt sessions were found */ if (rc == 0) { if (tssVverbose) printf("TSS_Sessions_GetDecryptSession: Found %u decrypt sessions at %u\n", *isDecrypt, *decryptSession); if (*isDecrypt > 1) { if (tssVerbose) printf("TSS_Sessions_GetDecryptSession: Error, found %u decrypt sessions\n", *isDecrypt); rc = TSS_RC_DECRYPT_SESSIONS; } } return rc; } /* TSS_Sessions_GetEncryptSession() searches for a response encrypt session. If found, returns isEncrypt TRUE, and the session number in encryptSession. */ static TPM_RC TSS_Sessions_GetEncryptSession(unsigned int *isEncrypt, unsigned int *encryptSession, TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]) { TPM_RC rc = 0; unsigned int i = 0; /* count the number of command encrypt sessions */ *isEncrypt = 0; /* number of sessions with encrypt set */ for (i = 0 ; (rc == 0) && (i < MAX_SESSION_NUM) && (sessionHandle[i] != TPM_RH_NULL) && (sessionHandle[i] != TPM_RS_PW) ; i++) { if (sessionAttributes[i] & TPMA_SESSION_ENCRYPT) { (*isEncrypt)++; /* count number of encrypt sessions */ *encryptSession = i; /* record which one it was */ } } /* how many encrypt sessions were found */ if (rc == 0) { if (tssVverbose) printf("TSS_Sessions_GetEncryptSession: Found %u encrypt sessions at %u\n", *isEncrypt, *encryptSession); if (*isEncrypt > 1) { if (tssVerbose) printf("TSS_Sessions_GetEncryptSession: Error, found %u encrypt sessions\n", *isEncrypt); rc = TSS_RC_ENCRYPT_SESSIONS; } } return rc; } /* TSS_Command_Decrypt() determines whether any sessions are command decrypt sessions. If so, it encrypts the first command parameter. It does common error checking, then calls algorithm specific functions. */ static TPM_RC TSS_Command_Decrypt(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session[], TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]) { TPM_RC rc = 0; unsigned int isDecrypt = 0; /* count number of sessions with decrypt set */ unsigned int decryptSession = 0; /* which session is decrypt */ /* determine if there is a decrypt session */ if (rc == 0) { rc = TSS_Sessions_GetDecryptSession(&isDecrypt, &decryptSession, sessionHandle, sessionAttributes); } #ifndef TPM_TSS_NOCRYPTO { COMMAND_INDEX tpmCommandIndex; /* index into TPM table */ TPM_CC commandCode; int decryptSize; /* size of TPM2B size, 2 if there is a TPM2B, 0 if not */ uint32_t paramSize; /* size of the parameter to encrypt */ uint8_t *decryptParamBuffer; /* can the command parameter be encrypted */ if ((rc == 0) && isDecrypt) { /* get the commandCode, stored in TSS during marshal */ commandCode = TSS_GetCommandCode(tssAuthContext); /* get the index into the TPM command attributes table */ tpmCommandIndex = CommandCodeToCommandIndex(commandCode); /* can this be a decrypt command (this is size of TPM2B size, not size of parameter) */ decryptSize = getDecryptSize(tpmCommandIndex); if (decryptSize != 2) { /* only handle TPM2B */ printf("TSS_Command_Decrypt: Error, command cannot be encrypted\n"); rc = TSS_RC_NO_DECRYPT_PARAMETER; } } /* get the TPM2B parameter to encrypt */ if ((rc == 0) && isDecrypt) { rc = TSS_GetCommandDecryptParam(tssAuthContext, ¶mSize, &decryptParamBuffer); } /* if the size of the parameter to encrypt is zero, nothing to encrypt */ if ((rc == 0) && isDecrypt) { if (paramSize == 0) { isDecrypt = FALSE; /* none, done with this function */ } } /* error checking complete, do the encryption */ if ((rc == 0) && isDecrypt) { switch (session[decryptSession]->symmetric.algorithm) { case TPM_ALG_XOR: rc = TSS_Command_DecryptXor(tssAuthContext, session[decryptSession]); break; case TPM_ALG_AES: rc = TSS_Command_DecryptAes(tssAuthContext, session[decryptSession]); break; default: if (tssVerbose) printf("TSS_Command_Decrypt: Error, algorithm %04x not implemented\n", session[decryptSession]->symmetric.algorithm); rc = TSS_RC_BAD_DECRYPT_ALGORITHM; break; } } } #else tssAuthContext = tssAuthContext; session = session; if ((rc == 0) && isDecrypt) { if (tssVerbose) printf("TSS_Command_Decrypt: Error, with no crypto not implemented\n"); rc = TSS_RC_NOT_IMPLEMENTED; } #endif return rc; } #ifndef TPM_TSS_NOCRYPTO /* NOTE: if AES also works, do in place encryption */ static TPM_RC TSS_Command_DecryptXor(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session) { TPM_RC rc = 0; unsigned int i; uint32_t paramSize; uint8_t *decryptParamBuffer; uint8_t *mask = NULL; uint8_t *encryptParamBuffer = NULL; /* get the TPM2B parameter to encrypt */ if (rc == 0) { rc = TSS_GetCommandDecryptParam(tssAuthContext, ¶mSize, &decryptParamBuffer); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: decrypt in", decryptParamBuffer, paramSize); } if (rc == 0) { rc = TSS_Malloc(&mask, paramSize); } if (rc == 0) { rc = TSS_Malloc(&encryptParamBuffer, paramSize); } /* generate the XOR pad */ /* 21.2 XOR Parameter Obfuscation XOR(parameter, hashAlg, sessionValue, nonceNewer, nonceOlder) parameter a variable sized buffer containing the parameter to be obfuscated hashAlg the hash algorithm associated with the session sessionValue the session-specific HMAC key nonceNewer for commands, this will be nonceCaller and for responses it will be nonceTPM nonceOlder for commands, this will be nonceTPM and for responses it will be nonceCaller 11.4.6.3 XOR Obfuscation XOR(data, hashAlg, key, contextU, contextV) mask = KDFa (hashAlg, key, "XOR", contextU, contextV, data.size * 8) */ /* KDFa for the XOR mask */ if (rc == 0) { if (tssVverbose) printf("TSS_Command_DecryptXor: hashAlg %04x\n", session->authHashAlg); if (tssVverbose) printf("TSS_Command_DecryptXor: sizeInBits %04x\n", paramSize * 8); if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: sessionKey", session->sessionKey.b.buffer, session->sessionKey.b.size); if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: sessionValue", session->sessionValue.b.buffer, session->sessionValue.b.size); rc = TSS_KDFA(mask, session->authHashAlg, &session->sessionValue.b, "XOR", &session->nonceCaller.b, &session->nonceTPM.b, paramSize * 8); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: mask", mask, paramSize); } /* XOR */ for (i = 0 ; (rc == 0) && (i < paramSize ) ; i++) { encryptParamBuffer[i] = decryptParamBuffer[i] ^ mask[i]; } if (rc == 0) { rc = TSS_SetCommandDecryptParam(tssAuthContext, paramSize, encryptParamBuffer); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptXor: encrypt out", encryptParamBuffer, paramSize); } free(mask); free(encryptParamBuffer); return rc; } #endif /* TPM_TSS_NOCRYPTO */ #ifndef TPM_TSS_NOCRYPTO /* NOTE: if AES also works, do in place encryption */ static TPM_RC TSS_Command_DecryptAes(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session) { TPM_RC rc = 0; uint32_t paramSize; uint8_t *decryptParamBuffer; uint8_t *encryptParamBuffer = NULL; TPM2B_IV iv; uint32_t kdfaBits; uint16_t keySizeinBytes; uint8_t symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; /* AES key + IV */ /* get the TPM2B parameter to encrypt */ if (rc == 0) { rc = TSS_GetCommandDecryptParam(tssAuthContext, ¶mSize, &decryptParamBuffer); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: decrypt in", decryptParamBuffer, paramSize); } if (rc == 0) { rc = TSS_Malloc(&encryptParamBuffer, paramSize); } /* generate the encryption key and IV */ /* 21.3 CFB Mode Parameter Encryption KDFa (hashAlg, sessionValue, "CFB", nonceNewer, nonceOlder, bits) (34) hashAlg the hash algorithm associated with the session sessionValue the session-specific HMAC key "CFB" label to differentiate use of KDFa() (see 4.2) nonceNewer nonceCaller for a command and nonceTPM for a response nonceOlder nonceTPM for a command and nonceCaller for a response bits the number of bits required for the symmetric key plus an IV */ if (rc == 0) { iv.t.size = TSS_Sym_GetBlockSize(session->symmetric.algorithm, session->symmetric.keyBits.aes); /* generate random values for both the AES key and the IV */ kdfaBits = session->symmetric.keyBits.aes + (iv.t.size * 8); if (tssVverbose) printf("TSS_Command_DecryptAes: hashAlg %04x\n", session->authHashAlg); if (tssVverbose) printf("TSS_Command_DecryptAes: AES key bits %u\n", session->symmetric.keyBits.aes); if (tssVverbose) printf("TSS_Command_DecryptAes: kdfaBits %04x\n", kdfaBits); if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: session key", session->sessionKey.b.buffer, session->sessionKey.b.size); rc = TSS_KDFA(&symParmString[0], session->authHashAlg, &session->sessionValue.b, "CFB", &session->nonceCaller.b, &session->nonceTPM.b, kdfaBits); } /* copy the latter part of the kdf output to the IV */ if (rc == 0) { keySizeinBytes = session->symmetric.keyBits.aes / 8; memcpy(iv.t.buffer, &symParmString[keySizeinBytes], iv.t.size); if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: IV", iv.t.buffer, iv.t.size); } /* AES CFB encrypt the command */ if (rc == 0) { TPM_RC crc; crc = TSS_AES_EncryptCFB(encryptParamBuffer, /* output */ 128, /* FIXME session->symmetric.keyBits.aes */ symParmString, /* key */ iv.t.buffer, /* IV */ paramSize, /* length */ (uint8_t *)decryptParamBuffer); /* input */ if (crc != 0) { if (tssVerbose) printf("TSS_Command_DecryptAes: AES encrypt failed\n"); rc = TSS_RC_AES_ENCRYPT_FAILURE; } } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Command_DecryptAes: encrypt out", encryptParamBuffer, paramSize); } if (rc == 0) { rc = TSS_SetCommandDecryptParam(tssAuthContext, paramSize, encryptParamBuffer); } free(encryptParamBuffer); return rc; } #endif /* TPM_TSS_NOCRYPTO */ static TPM_RC TSS_Response_Encrypt(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session[], TPMI_SH_AUTH_SESSION sessionHandle[], unsigned int sessionAttributes[]) { TPM_RC rc = 0; unsigned int isEncrypt = 0; /* count number of sessions with decrypt set */ unsigned int encryptSession = 0; /* which one is decrypt */ /* determine if there is an encrypt session */ if (rc == 0) { rc = TSS_Sessions_GetEncryptSession(&isEncrypt, &encryptSession, sessionHandle, sessionAttributes); } #ifndef TPM_TSS_NOCRYPTO { COMMAND_INDEX tpmCommandIndex; /* index into TPM table */ TPM_CC commandCode; int encryptSize; /* size of TPM2B size, 2 if there is a TPM2B, 0 if not */ uint32_t paramSize; /* size of the parameter to decrypt */ uint8_t *encryptParamBuffer; /* can the response parameter be decrypted */ if ((rc == 0) && isEncrypt) { /* get the commandCode, stored in TSS during marshal */ commandCode = TSS_GetCommandCode(tssAuthContext); /* get the index into the TPM command attributes table */ tpmCommandIndex = CommandCodeToCommandIndex(commandCode); /* can this be a decrypt command */ encryptSize = getEncryptSize(tpmCommandIndex); if (encryptSize == 0) { if (tssVerbose) printf("TSS_Response_Encrypt: Error, response cannot be encrypted\n"); rc = TSS_RC_NO_ENCRYPT_PARAMETER; } } /* get the TPM2B parameter to decrypt */ if ((rc == 0) && isEncrypt) { rc = TSS_GetResponseEncryptParam(tssAuthContext, ¶mSize, &encryptParamBuffer); } /* if the size of the parameter to decrypt is zero, nothing to decrypt */ if ((rc == 0) && isEncrypt) { if (paramSize == 0) { isEncrypt = FALSE; /* none, done with this function */ } } /* error checking complete, do the decryption */ if ((rc == 0) && isEncrypt) { switch (session[encryptSession]->symmetric.algorithm) { case TPM_ALG_XOR: rc = TSS_Response_EncryptXor(tssAuthContext, session[encryptSession]); break; case TPM_ALG_AES: rc = TSS_Response_EncryptAes(tssAuthContext, session[encryptSession]); break; default: if (tssVerbose) printf("TSS_Response_Encrypt: Error, algorithm %04x not implemented\n", session[encryptSession]->symmetric.algorithm); rc = TSS_RC_BAD_ENCRYPT_ALGORITHM; break; } } } #else tssAuthContext = tssAuthContext; session = session; if ((rc == 0) && isEncrypt) { if (tssVerbose) printf("TSS_Response_Encrypt: Error, with no crypto not implemented\n"); rc = TSS_RC_NOT_IMPLEMENTED; } #endif return rc; } #ifndef TPM_TSS_NOCRYPTO /* NOTE: if CFB also works, do in place decryption */ static TPM_RC TSS_Response_EncryptXor(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session) { TPM_RC rc = 0; unsigned int i; uint32_t paramSize; uint8_t *encryptParamBuffer; uint8_t *mask = NULL; uint8_t *decryptParamBuffer = NULL; /* get the TPM2B parameter to decrypt */ if (rc == 0) { rc = TSS_GetResponseEncryptParam(tssAuthContext, ¶mSize, &encryptParamBuffer); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: encrypt in", encryptParamBuffer, paramSize); } if (rc == 0) { rc = TSS_Malloc(&mask, paramSize); } if (rc == 0) { rc = TSS_Malloc(&decryptParamBuffer, paramSize); } /* generate the XOR pad */ /* 21.2 XOR Parameter Obfuscation XOR(parameter, hashAlg, sessionValue, nonceNewer, nonceOlder) parameter a variable sized buffer containing the parameter to be obfuscated hashAlg the hash algorithm associated with the session sessionValue the session-specific HMAC key nonceNewer for commands, this will be nonceCaller and for responses it will be nonceTPM nonceOlder for commands, this will be nonceTPM and for responses it will be nonceCaller 11.4.6.3 XOR Obfuscation XOR(data, hashAlg, key, contextU, contextV) mask = KDFa (hashAlg, key, "XOR", contextU, contextV, data.size * 8) */ /* KDFa for the XOR mask */ if (rc == 0) { if (tssVverbose) printf("TSS_Response_EncryptXor: hashAlg %04x\n", session->authHashAlg); if (tssVverbose) printf("TSS_Response_EncryptXor: sizeInBits %04x\n", paramSize * 8); if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: session key", session->sessionKey.b.buffer, session->sessionKey.b.size); rc = TSS_KDFA(mask, session->authHashAlg, &session->sessionValue.b, "XOR", &session->nonceTPM.b, &session->nonceCaller.b, paramSize * 8); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: mask", mask, paramSize); } /* XOR */ for (i = 0 ; (rc == 0) && (i < paramSize ) ; i++) { decryptParamBuffer[i] = encryptParamBuffer[i] ^ mask[i]; } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptXor: decrypt out", decryptParamBuffer, paramSize); } if (rc == 0) { rc = TSS_SetResponseDecryptParam(tssAuthContext, paramSize, decryptParamBuffer); } free(mask); free(decryptParamBuffer); return rc; } #endif /* TPM_TSS_NOCRYPTO */ #ifndef TPM_TSS_NOCRYPTO /* NOTE: if CFB also works, do in place decryption */ static TPM_RC TSS_Response_EncryptAes(TSS_AUTH_CONTEXT *tssAuthContext, struct TSS_HMAC_CONTEXT *session) { TPM_RC rc = 0; uint32_t paramSize; uint8_t *encryptParamBuffer; uint8_t *decryptParamBuffer = NULL; TPM2B_IV iv; uint32_t kdfaBits; uint16_t keySizeinBytes; uint8_t symParmString[MAX_SYM_KEY_BYTES + MAX_SYM_BLOCK_SIZE]; /* AES key + IV */ /* get the TPM2B parameter to decrypt */ if (rc == 0) { rc = TSS_GetResponseEncryptParam(tssAuthContext, ¶mSize, &encryptParamBuffer); } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: encrypt in", encryptParamBuffer, paramSize); } if (rc == 0) { rc = TSS_Malloc(&decryptParamBuffer, paramSize); } /* generate the encryption key and IV */ /* 21.3 CFB Mode Parameter Encryption KDFa (hashAlg, sessionValue, "CFB", nonceNewer, nonceOlder, bits) (34) */ if (rc == 0) { iv.t.size = TSS_Sym_GetBlockSize(session->symmetric.algorithm, session->symmetric.keyBits.aes); /* generate random values for both the AES key and the IV */ kdfaBits = session->symmetric.keyBits.aes + (iv.t.size * 8); if (tssVverbose) printf("TSS_Response_EncryptAes: hashAlg %04x\n", session->authHashAlg); if (tssVverbose) printf("TSS_Response_EncryptAes: AES key bits %u\n", session->symmetric.keyBits.aes); if (tssVverbose) printf("TSS_Response_EncryptAes: kdfaBits %04x\n", kdfaBits); if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: session key", session->sessionKey.b.buffer, session->sessionKey.b.size); rc = TSS_KDFA(&symParmString[0], session->authHashAlg, &session->sessionValue.b, "CFB", &session->nonceTPM.b, &session->nonceCaller.b, kdfaBits); } /* copy the latter part of the kdf output to the IV */ if (rc == 0) { keySizeinBytes = session->symmetric.keyBits.aes / 8; memcpy(iv.t.buffer, &symParmString[keySizeinBytes], iv.t.size); if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: IV", iv.t.buffer, iv.t.size); } /* AES CFB decrypt the response */ if (rc == 0) { TPM_RC crc; crc = TSS_AES_DecryptCFB(decryptParamBuffer, /* output */ 128, /* FIXME session->symmetric.keyBits.aes */ symParmString, /* key */ iv.t.buffer, /* IV */ paramSize, /* length */ (uint8_t *)encryptParamBuffer); /* input */ if (crc != 0) { if (tssVerbose) printf("TSS_Response_EncryptAes: AES decrypt failed\n"); rc = TSS_RC_AES_DECRYPT_FAILURE; } } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_Response_EncryptAes: decrypt out", decryptParamBuffer, paramSize); } if (rc == 0) { rc = TSS_SetResponseDecryptParam(tssAuthContext, paramSize, decryptParamBuffer); } free(decryptParamBuffer); return rc; } #endif /* TPM_TSS_NOCRYPTO */ /* Command Change Authorization Processor */ #ifndef TPM_TSS_NOCRYPTO static TPM_RC TSS_Command_ChangeAuthProcessor(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, COMMAND_PARAMETERS *in) { TPM_RC rc = 0; size_t index; int found; TSS_ChangeAuthFunction_t changeAuthFunction = NULL; TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext); /* search the table for a change authorization processing function */ if (rc == 0) { found = FALSE; for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { if (tssTable[index].commandCode == commandCode) { found = TRUE; break; /* don't increment index if found */ } } } /* found false means there is no change authorization function. This permits the table to be smaller if desired. */ if ((rc == 0) && found) { changeAuthFunction = tssTable[index].changeAuthFunction; /* there could also be an entry that is currently NULL, nothing to do */ if (changeAuthFunction == NULL) { found = FALSE; } } /* call the processing function */ if ((rc == 0) && found) { rc = changeAuthFunction(tssContext, session, handleNumber, in); } return rc; } #endif /* TPM_TSS_NOCRYPTO */ static TPM_RC TSS_CA_HierarchyChangeAuth(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, HierarchyChangeAuth_In *in) { TPM_RC rc = 0; char *password = NULL; if (tssVverbose) printf("TSS_CA_HierarchyChangeAuth\n"); if (in->newAuth.t.size == 0) { password = NULL; } else { if (rc == 0) { rc = TSS_Malloc((uint8_t **)&password , in->newAuth.t.size + 1); } if (rc == 0) { /* copy the password */ memcpy(password, in->newAuth.t.buffer, in->newAuth.t.size); password[in->newAuth.t.size] = '\0'; /* nul terminate string */ } } #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = TSS_HmacSession_SetHmacKey(tssContext, session, handleNumber, password); } #else tssContext = tssContext; session = session; handleNumber = handleNumber; #endif /* TPM_TSS_NOCRYPTO */ free(password); return rc; } static TPM_RC TSS_CA_NV_ChangeAuth(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, NV_ChangeAuth_In *in) { TPM_RC rc = 0; char *password = NULL; if (tssVverbose) printf("TSS_CA_NV_ChangeAuth\n"); if (in->newAuth.t.size == 0) { password = NULL; } else { if (rc == 0) { rc = TSS_Malloc((uint8_t **)&password , in->newAuth.t.size + 1); } if (rc == 0) { /* copy the password */ memcpy(password, in->newAuth.t.buffer, in->newAuth.t.size); password[in->newAuth.t.size] = '\0'; /* nul terminate string */ } } #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = TSS_HmacSession_SetHmacKey(tssContext, session, handleNumber, password); } #else tssContext = tssContext; session = session; handleNumber = handleNumber; #endif /* TPM_TSS_NOCRYPTO */ free(password); return rc; } static TPM_RC TSS_CA_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, struct TSS_HMAC_CONTEXT *session, size_t handleNumber, NV_UndefineSpaceSpecial_In *in) { TPM_RC rc = 0; in = in; if (tssVverbose) printf("TSS_CA_NV_UndefineSpaceSpecial\n"); #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { /* the nvIndex authorization, the zeroth authorization, has special handling */ if (handleNumber == 0) { /* the Empty Buffer is used as the authValue when generating the response HMAC */ rc = TSS_HmacSession_SetHmacKey(tssContext, session, handleNumber, NULL); /* password */ } } #else tssContext = tssContext; session = session; handleNumber = handleNumber; #endif /* TPM_TSS_NOCRYPTO */ return rc; } /* Command Pre-Processor */ static TPM_RC TSS_Command_PreProcessor(TSS_CONTEXT *tssContext, TPM_CC commandCode, COMMAND_PARAMETERS *in, EXTRA_PARAMETERS *extra) { TPM_RC rc = 0; size_t index; int found; TSS_PreProcessFunction_t preProcessFunction = NULL; /* search the table for a pre-processing function */ if (rc == 0) { found = FALSE; for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { if (tssTable[index].commandCode == commandCode) { found = TRUE; break; /* don't increment index if found */ } } } /* found false means there is no pre-processing function. This permits the table to be smaller if desired. */ if ((rc == 0) && found) { preProcessFunction = tssTable[index].preProcessFunction; /* there could also be an entry that is currently NULL, nothing to do */ if (preProcessFunction == NULL) { found = FALSE; } } /* call the pre processing function */ if ((rc == 0) && found) { rc = preProcessFunction(tssContext, in, extra); } return rc; } /* Command specific pre processing functions */ /* TSS_PR_StartAuthSession handles StartAuthSession pre processing. If the salt key in->tpmKey is not NULL and an RSA key, the preprocessor supplies the encrypted salt. It passes the unencrypted salt to the post processor for session key processing. An input salt (encrypted or unencrypted) is ignored. Returns an error if the key is not an RSA key. */ static TPM_RC TSS_PR_StartAuthSession(TSS_CONTEXT *tssContext, StartAuthSession_In *in, StartAuthSession_Extra *extra) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_PR_StartAuthSession\n"); #ifndef TPM_TSS_NOCRYPTO /* generate nonceCaller */ if (rc == 0) { /* the size is determined by the session hash algorithm */ in->nonceCaller.t.size = TSS_GetDigestSize(in->authHash); if (in->nonceCaller.t.size == 0) { if (tssVerbose) printf("TSS_PR_StartAuthSession: hash algorithm %04x not implemented\n", in->authHash); rc = TSS_RC_BAD_HASH_ALGORITHM; } } if (rc == 0) { rc = TSS_RandBytes((unsigned char *)&in->nonceCaller.t.buffer, in->nonceCaller.t.size); } #else in->nonceCaller.t.size = 16; memset(&in->nonceCaller.t.buffer, 0, 16); #endif /* TPM_TSS_NOCRYPTO */ /* initialize to handle unsalted session */ in->encryptedSalt.t.size = 0; if (extra != NULL) { /* extra NULL is handled at the port processor */ extra->salt.t.size = 0; } /* if the caller requests a salted session */ if (in->tpmKey != TPM_RH_NULL) { #ifndef TPM_TSS_NOCRYPTO TPM2B_PUBLIC bPublic; if (rc == 0) { if (extra == NULL) { if (tssVerbose) printf("TSS_PR_StartAuthSession: salt session requires extra parameter\n"); rc = TSS_RC_NULL_PARAMETER; } } /* get the tpmKey public key */ if (rc == 0) { rc = TSS_Public_Load(tssContext, &bPublic, in->tpmKey, NULL); } /* generate the salt and encrypted salt based on the asymmetric key type */ if (bPublic.publicArea.type == TPM_ALG_ECC) { rc = TSS_ECC_Salt(&extra->salt, &in->encryptedSalt, &bPublic.publicArea); } else if (bPublic.publicArea.type == TPM_ALG_RSA) { rc = TSS_RSA_Salt(&extra->salt, &in->encryptedSalt, &bPublic.publicArea); } else { if (tssVerbose) printf("TSS_PR_StartAuthSession: public key type %04x not supported\n", bPublic.publicArea.type); rc = TSS_RC_BAD_SALT_KEY; } #else tssContext = tssContext; rc = TSS_RC_NOT_IMPLEMENTED; #endif /* TPM_TSS_NOCRYPTO */ } return rc; } #ifndef TPM_TSS_NOCRYPTO /* TSS_RSA_Salt() returns both the plaintext and excrypted salt, based on the salt key bPublic. */ static TPM_RC TSS_RSA_Salt(TPM2B_DIGEST *salt, TPM2B_ENCRYPTED_SECRET *encryptedSalt, TPMT_PUBLIC *publicArea) { TPM_RC rc = 0; if (rc == 0) { { /* error conditions when true */ int b1 = publicArea->type != TPM_ALG_RSA; int b2 = publicArea->objectAttributes.val & TPMA_OBJECT_SIGN; int b3 = !(publicArea->objectAttributes.val & TPMA_OBJECT_DECRYPT); int b4 = publicArea->parameters.rsaDetail.keyBits != 2048; int b5 = publicArea->parameters.rsaDetail.exponent != 0; /* TSS support checks */ if (b1 || b2 || b3 || b4 || b5) { if (tssVerbose) printf("TSS_RSA_Salt: public key attributes not supported\n"); rc = TSS_RC_BAD_SALT_KEY; } } } if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: public key", publicArea->unique.rsa.t.buffer, publicArea->unique.rsa.t.size); } /* generate a salt */ if (rc == 0) { /* The size of the secret value is limited to the size of the digest produced by the nameAlg of the object that is associated with the public key used for OAEP encryption. */ salt->t.size = TSS_GetDigestSize(publicArea->nameAlg); if (tssVverbose) printf("TSS_RSA_Salt: " "Hash algorithm %04x Salt size %u\n", publicArea->nameAlg, salt->t.size); /* place the salt in extra so that it can be retrieved by post processor */ rc = TSS_RandBytes((uint8_t *)&salt->t.buffer, salt->t.size); } /* In TPM2_StartAuthSession(), when tpmKey is an RSA key, the secret value (salt) is encrypted using OAEP as described in B.4. The string "SECRET" (see 4.5) is used as the L value and the nameAlg of the encrypting key is used for the hash algorithm. The data value in OAEP-encrypted blob (salt) is used to compute sessionKey. */ if (rc == 0) { if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: salt", (uint8_t *)&salt->t.buffer, salt->t.size); } /* encrypt the salt */ if (rc == 0) { /* public exponent */ unsigned char earr[3] = {0x01, 0x00, 0x01}; /* encrypt the salt with the tpmKey public key */ rc = TSS_RSAPublicEncrypt((uint8_t *)&encryptedSalt->t.secret, /* encrypted data */ MAX_RSA_KEY_BYTES, /* size of encrypted data buffer */ (uint8_t *)&salt->t.buffer, /* decrypted data */ salt->t.size, publicArea->unique.rsa.t.buffer, /* public modulus */ publicArea->unique.rsa.t.size, earr, /* public exponent */ sizeof(earr), (unsigned char *)"SECRET", /* encoding parameter */ sizeof("SECRET"), publicArea->nameAlg); } if (rc == 0) { encryptedSalt->t.size = publicArea->unique.rsa.t.size; if (tssVverbose) TSS_PrintAll("TSS_RSA_Salt: RSA encrypted salt", encryptedSalt->t.secret, encryptedSalt->t.size); } return rc; } #endif static TPM_RC TSS_PR_NV_DefineSpace(TSS_CONTEXT *tssContext, NV_DefineSpace_In *in, void *extra) { TPM_RC rc = 0; tssContext = tssContext; extra = extra; if (tssVverbose) printf("TSS_PR_NV_DefineSpace\n"); /* Test that TPMA_NVA_POLICY_DELETE is only set when a policy is also set. Otherwise, the index cannot ever be deleted, even with Platform Authorization. If the application really wants to do this, set the policy to one that cannot be satisfied, e.g., all 0xff's. */ if (rc == 0) { if (in->publicInfo.nvPublic.attributes.val & TPMA_NVA_POLICY_DELETE) { if (in->publicInfo.nvPublic.authPolicy.b.size == 0) { if (tssVverbose) printf("TSS_PR_NV_DefineSpace POLICY_DELETE requires a policy\n"); rc = TSS_RC_IN_PARAMETER; } } } return rc; } /* Response Post Processor */ /* TSS_Response_PostProcessor() handles any response specific post processing */ static TPM_RC TSS_Response_PostProcessor(TSS_CONTEXT *tssContext, COMMAND_PARAMETERS *in, RESPONSE_PARAMETERS *out, EXTRA_PARAMETERS *extra) { TPM_RC rc = 0; size_t index; int found; TSS_PostProcessFunction_t postProcessFunction = NULL; /* search the table for a post processing function */ if (rc == 0) { TPM_CC commandCode = TSS_GetCommandCode(tssContext->tssAuthContext); found = FALSE; for (index = 0 ; (index < (sizeof(tssTable) / sizeof(TSS_TABLE))) && !found ; index++) { if (tssTable[index].commandCode == commandCode) { found = TRUE; break; /* don't increment index if found */ } } } /* found false means there is no post processing function. This permits the table to be smaller if desired. */ if ((rc == 0) && found) { postProcessFunction = tssTable[index].postProcessFunction; /* there could also be an entry that it currently NULL, nothing to do */ if (postProcessFunction == NULL) { found = FALSE; } } /* call the function */ if ((rc == 0) && found) { rc = postProcessFunction(tssContext, in, out, extra); } return rc; } /* Command specific post processing functions */ /* TSS_PO_StartAuthSession handles StartAuthSession post processing. It: creates a TSS HMAC session saves the session handle, hash algorithm, and symmetric algorithm, nonceCaller and nonceTPM It calculates the session key and saves it Finally, it marshals the session and stores it */ static TPM_RC TSS_PO_StartAuthSession(TSS_CONTEXT *tssContext, StartAuthSession_In *in, StartAuthSession_Out *out, StartAuthSession_Extra *extra) { TPM_RC rc = 0; struct TSS_HMAC_CONTEXT *session = NULL; TPM2B_DIGEST salt; if (tssVverbose) printf("TSS_PO_StartAuthSession\n"); /* allocate a TSS_HMAC_CONTEXT session context */ if (rc == 0) { rc = TSS_HmacSession_GetContext(&session); } if (rc == 0) { session->sessionHandle = out->sessionHandle; session->authHashAlg = in->authHash; #ifndef TPM_TSS_NOCRYPTO session->sizeInBytes = TSS_GetDigestSize(session->authHashAlg); #endif session->symmetric = in->symmetric; session->sessionType = in->sessionType; } /* if not a bind session or if no bind password was supplied */ if (rc == 0) { if ((extra == NULL) || (in->bind == TPM_RH_NULL) || (extra->bindPassword == NULL)) { session->bindAuthValue.b.size = 0; } else { rc = TSS_TPM2B_StringCopy(&session->bindAuthValue.b, extra->bindPassword, sizeof(TPMU_HA)); } } if (rc == 0) { /* if the caller did not supply extra, the salt must be empty */ if (extra == NULL) { salt.b.size = 0; } /* if the caller supplied extra, the preprocessor sets salt to empty (unsalted) or the plaintext salt value */ else { rc = TSS_TPM2B_Copy(&salt.b, &extra->salt.b, sizeof(TPMT_HA)); } } #ifndef TPM_TSS_NOCRYPTO if (rc == 0) { rc = TSS_TPM2B_Copy(&session->nonceTPM.b, &out->nonceTPM.b, sizeof(TPMT_HA)); } if (rc == 0) { rc = TSS_TPM2B_Copy(&session->nonceCaller.b, &in->nonceCaller.b, sizeof(TPMT_HA)); } if (rc == 0) { rc = TSS_HmacSession_SetSessionKey(tssContext, session, &salt, in->bind, &session->bindAuthValue); } #endif /* TPM_TSS_NOCRYPTO */ if (rc == 0) { rc = TSS_HmacSession_SaveSession(tssContext, session); } TSS_HmacSession_FreeContext(session); return rc; } /* TSS_PO_ContextSave() saves the name of an object in a filename that is a hash of the contextBlob. This permits the name to be found during ContextLoad. */ static TPM_RC TSS_PO_ContextSave(TSS_CONTEXT *tssContext, ContextSave_In *in, ContextSave_Out *out, void *extra) { TPM_RC rc = 0; #ifndef TPM_TSS_NOFILE TPMT_HA cpHash; /* largest size of a digest */ char string[65]; /* sha256 hash * 2 + 1 */ TPM_HT handleType; int done = FALSE; #endif in = in; extra = extra; #ifndef TPM_TSS_NOFILE if (tssVverbose) printf("TSS_PO_ContextSave: handle %08x\n", in->saveHandle); /* only for objects and sequence objects, not sessions */ if (rc == 0) { handleType = (TPM_HT) ((in->saveHandle & HR_RANGE_MASK) >> HR_SHIFT); if (handleType != TPM_HT_TRANSIENT) { done = TRUE; } } if ((rc == 0) && !done) { cpHash.hashAlg = TPM_ALG_SHA256; /* arbitrary choice */ rc = TSS_Hash_Generate(&cpHash, out->context.contextBlob.b.size, out->context.contextBlob.b.buffer, 0, NULL); } /* convert a hash of the context blob to a string */ if ((rc == 0) && !done) { rc = TSS_HashToString(string, cpHash.digest.sha256); } if ((rc == 0) && !done) { rc = TSS_Name_Copy(tssContext, 0, string, /* to context */ in->saveHandle, NULL); /* from handle */ } /* get the public key of the object being context saved */ /* save the public key under the context */ if ((rc == 0) && !done) { rc = TSS_Public_Copy(tssContext, 0, string, in->saveHandle, NULL); } #else tssContext = tssContext; out = out; #endif return rc; } static TPM_RC TSS_PO_ContextLoad(TSS_CONTEXT *tssContext, ContextLoad_In *in, ContextLoad_Out *out, void *extra) { TPM_RC rc = 0; #ifndef TPM_TSS_NOFILE TPMT_HA cpHash; /* largest size of a digest */ char string[65]; /* sha256 hash * 2 + 1 */ TPM_HT handleType; int done = FALSE; #endif out = out; extra = extra; #ifndef TPM_TSS_NOFILE if (tssVverbose) printf("TSS_PO_ContextLoad: handle %08x\n", out->loadedHandle); /* only for objects and sequence objects, not sessions */ if (rc == 0) { handleType = (TPM_HT) ((out->loadedHandle & HR_RANGE_MASK) >> HR_SHIFT); if (handleType != TPM_HT_TRANSIENT) { done = TRUE; } } if ((rc == 0) && !done) { cpHash.hashAlg = TPM_ALG_SHA256; /* arbitrary choice */ rc = TSS_Hash_Generate(&cpHash, in->context.contextBlob.b.size, in->context.contextBlob.b.buffer, 0, NULL); } /* convert a hash of the context blob to a string */ if ((rc == 0) && !done) { rc = TSS_HashToString(string, cpHash.digest.sha256); } /* get the Name of the object being context loaded */ /* write the name with the loaded context's handle */ if ((rc == 0) && !done) { rc = TSS_Name_Copy(tssContext, out->loadedHandle, NULL, /* to handle */ 0, string); /* from context */ } /* get the public key of the object being context loaded */ /* write the public key with the loaded context's handle */ if ((rc == 0) && !done) { rc = TSS_Public_Copy(tssContext, out->loadedHandle, NULL, 0, string); } #else tssContext = tssContext; in = in; #endif return rc; } /* TSS_HashToString() converts a SHA-256 binary hash (really any 32-byte value) to a string string must be 65 bytes: 32*2 + 1 NOTE: Hard coded to SHA256 */ #ifndef TPM_TSS_NOFILE static TPM_RC TSS_HashToString(char *str, uint8_t *digest) { size_t i; for (i = 0 ; i < SHA256_DIGEST_SIZE ; i++) { sprintf(str +(i*2), "%02x", digest[i]); } if (tssVverbose) printf("TSS_HashToString: %s\n", str); return 0; } #endif /* TSS_PO_FlushContext() removes persistent state associated with the handle */ static TPM_RC TSS_PO_FlushContext(TSS_CONTEXT *tssContext, FlushContext_In *in, void *out, void *extra) { TPM_RC rc = 0; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_FlushContext: flushHandle %08x\n", in->flushHandle); if (rc == 0) { rc = TSS_DeleteHandle(tssContext, in->flushHandle); } return rc; } /* TSS_PO_EvictControl() removes persistent state associated with the handle */ static TPM_RC TSS_PO_EvictControl(TSS_CONTEXT *tssContext, EvictControl_In *in, void *out, void *extra) { TPM_RC rc = 0; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_EvictControl: object %08x persistent %08x\n", in->objectHandle, in->persistentHandle); /* if it successfully made a persistent copy */ if (in->objectHandle != in->persistentHandle) { /* TPM2B_PUBLIC bPublic; */ if (rc == 0) { rc = TSS_Name_Copy(tssContext, in->persistentHandle, NULL, /* to persistent handle */ in->objectHandle, NULL); /* from transient handle */ } /* get the transient object public key */ /* copy it to the persistent object public key */ if (rc == 0) { rc = TSS_Public_Copy(tssContext, in->persistentHandle, NULL, in->objectHandle, NULL); } } /* if it successfully evicted the persistent object */ else { if (rc == 0) { rc = TSS_DeleteHandle(tssContext, in->persistentHandle); } } return rc; } /* TSS_PO_Load() saves the Name returned for the loaded object. It saves the TPM2B_PUBLIC */ static TPM_RC TSS_PO_Load(TSS_CONTEXT *tssContext, Load_In *in, Load_Out *out, void *extra) { TPM_RC rc = 0; in = in; extra = extra; if (tssVverbose) printf("TSS_PO_Load: handle %08x\n", out->objectHandle); /* use handle as file name */ if (rc == 0) { rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); } if (rc == 0) { rc = TSS_Public_Store(tssContext, &in->inPublic, out->objectHandle, NULL); } return rc; } /* TSS_PO_LoadExternal() saves the Name returned for the loaded object */ static TPM_RC TSS_PO_LoadExternal(TSS_CONTEXT *tssContext, LoadExternal_In *in, LoadExternal_Out *out, void *extra) { TPM_RC rc = 0; in = in; extra = extra; if (tssVverbose) printf("TSS_PO_LoadExternal: handle %08x\n", out->objectHandle); /* use handle as file name */ if (rc == 0) { rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); } if (rc == 0) { rc = TSS_Public_Store(tssContext, &in->inPublic, out->objectHandle, NULL); } return rc; } /* TSS_PO_ReadPublic() saves the Name returned for the loaded object */ static TPM_RC TSS_PO_ReadPublic(TSS_CONTEXT *tssContext, ReadPublic_In *in, ReadPublic_Out *out, void *extra) { TPM_RC rc = 0; in = in; extra = extra; if (tssVverbose) printf("TSS_PO_ReadPublic: handle %08x\n", in->objectHandle); /* validate the Name against the public area */ /* Name = nameAlg || HnameAlg (handle->publicArea) where nameAlg algorithm used to compute Name HnameAlg hash using the nameAlg parameter in the object associated with handle publicArea contents of the TPMT_PUBLIC associated with handle */ { TPM2B_NAME name; if (rc == 0) { rc = TSS_ObjectPublic_GetName(&name, &out->outPublic.publicArea); } if (rc == 0) { if (name.t.size != out->name.t.size) { if (tssVerbose) printf("TSS_PO_ReadPublic: TPMT_PUBLIC does not match TPM2B_NAME\n"); rc = TSS_RC_MALFORMED_PUBLIC; } else { int irc; irc = memcmp(name.t.name, out->name.t.name, out->name.t.size); if (irc != 0) { if (tssVerbose) printf("TSS_PO_ReadPublic: TPMT_PUBLIC does not match TPM2B_NAME\n"); rc = TSS_RC_MALFORMED_PUBLIC; } } } } /* use handle as file name */ if (rc == 0) { rc = TSS_Name_Store(tssContext, &out->name, in->objectHandle, NULL); } if (rc == 0) { rc = TSS_Public_Store(tssContext, &out->outPublic, in->objectHandle, NULL); } return rc; } /* TSS_PO_Load() saves the Name returned for the loaded object. It saves the TPM2B_PUBLIC */ static TPM_RC TSS_PO_CreateLoaded(TSS_CONTEXT *tssContext, CreateLoaded_In *in, CreateLoaded_Out *out, void *extra) { TPM_RC rc = 0; in = in; extra = extra; if (tssVverbose) printf("TSS_PO_CreateLoaded: handle %08x\n", out->objectHandle); /* use handle as file name */ if (rc == 0) { rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); } if (rc == 0) { rc = TSS_Public_Store(tssContext, &out->outPublic, out->objectHandle, NULL); } return rc; } /* TSS_PO_HashSequenceStart() saves the Name returned for the started sequence object */ static TPM_RC TSS_PO_HashSequenceStart(TSS_CONTEXT *tssContext, HashSequenceStart_In *in, HashSequenceStart_Out *out, void *extra) { TPM_RC rc = 0; TPM2B_NAME name; in = in; extra = extra; if (tssVverbose) printf("TSS_PO_HashSequenceStart\n"); /* Part 1 Table 3 The Name of a sequence object is an Empty Buffer */ if (rc == 0) { name.b.size = 0; /* use handle as file name */ rc = TSS_Name_Store(tssContext, &name, out->sequenceHandle, NULL); } return rc; } /* TSS_PO_HMAC_Start() saves the Name returned for the started sequence object */ static TPM_RC TSS_PO_HMAC_Start(TSS_CONTEXT *tssContext, HMAC_Start_In *in, HMAC_Start_Out *out, void *extra) { TPM_RC rc = 0; TPM2B_NAME name; in = in; extra = extra; if (tssVverbose) printf("TSS_PO_HMAC_Start\n"); /* Part 1 Table 3 The Name of a sequence object is an Empty Buffer */ if (rc == 0) { name.b.size = 0; /* use handle as file name */ rc = TSS_Name_Store(tssContext, &name, out->sequenceHandle, NULL); } return rc; } static TPM_RC TSS_PO_SequenceComplete(TSS_CONTEXT *tssContext, SequenceComplete_In *in, SequenceComplete_Out *out, void *extra) { TPM_RC rc = 0; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_SequenceComplete: sequenceHandle %08x\n", in->sequenceHandle); if (rc == 0) { rc = TSS_DeleteHandle(tssContext, in->sequenceHandle); } return rc; } static TPM_RC TSS_PO_EventSequenceComplete(TSS_CONTEXT *tssContext, EventSequenceComplete_In *in, EventSequenceComplete_Out *out, void *extra) { TPM_RC rc = 0; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_EventSequenceComplete: sequenceHandle %08x\n", in->sequenceHandle); if (rc == 0) { rc = TSS_DeleteHandle(tssContext, in->sequenceHandle); } return rc; } static TPM_RC TSS_PO_PolicyAuthValue(TSS_CONTEXT *tssContext, PolicyAuthValue_In *in, void *out, void *extra) { TPM_RC rc = 0; struct TSS_HMAC_CONTEXT session; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_PolicyAuthValue\n"); if (rc == 0) { rc = TSS_HmacSession_LoadSession(tssContext, &session, in->policySession); } if (rc == 0) { session.isPasswordNeeded = FALSE; session.isAuthValueNeeded = TRUE; rc = TSS_HmacSession_SaveSession(tssContext, &session); } return rc; } static TPM_RC TSS_PO_PolicyPassword(TSS_CONTEXT *tssContext, PolicyPassword_In *in, void *out, void *extra) { TPM_RC rc = 0; struct TSS_HMAC_CONTEXT session; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_PolicyPassword\n"); if (rc == 0) { rc = TSS_HmacSession_LoadSession(tssContext, &session, in->policySession); } if (rc == 0) { session.isPasswordNeeded = TRUE; session.isAuthValueNeeded = FALSE; rc = TSS_HmacSession_SaveSession(tssContext, &session); } return rc; } static TPM_RC TSS_PO_CreatePrimary(TSS_CONTEXT *tssContext, CreatePrimary_In *in, CreatePrimary_Out *out, void *extra) { TPM_RC rc = 0; in = in; extra = extra; if (tssVverbose) printf("TSS_PO_CreatePrimary: handle %08x\n", out->objectHandle); /* use handle as file name */ if (rc == 0) { rc = TSS_Name_Store(tssContext, &out->name, out->objectHandle, NULL); } if (rc == 0) { rc = TSS_Public_Store(tssContext, &out->outPublic, out->objectHandle, NULL); } return rc; } static TPM_RC TSS_PO_NV_DefineSpace(TSS_CONTEXT *tssContext, NV_DefineSpace_In *in, void *out, void *extra) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_PO_NV_DefineSpace\n"); #ifndef TPM_TSS_NOCRYPTO { TPM2B_NAME name; /* calculate the Name from the input public area */ /* Name = nameAlg || HnameAlg (handle->nvPublicArea) where nameAlg algorithm used to compute Name HnameAlg hash using the nameAlg parameter in the NV Index location associated with handle nvPublicArea contents of the TPMS_NV_PUBLIC associated with handle */ /* calculate the Name from the input TPMS_NV_PUBLIC */ if (rc == 0) { rc = TSS_NVPublic_GetName(&name, &in->publicInfo.nvPublic); } /* use handle as file name */ if (rc == 0) { rc = TSS_Name_Store(tssContext, &name, in->publicInfo.nvPublic.nvIndex, NULL); } if (rc == 0) { rc = TSS_NVPublic_Store(tssContext, &in->publicInfo.nvPublic, in->publicInfo.nvPublic.nvIndex); } } #else tssContext = tssContext; in = in; #endif out = out; extra = extra; return rc; } static TPM_RC TSS_PO_NV_ReadPublic(TSS_CONTEXT *tssContext, NV_ReadPublic_In *in, NV_ReadPublic_Out *out, void *extra) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_PO_NV_ReadPublic\n"); /* validate the Name against the public area */ /* Name = nameAlg || HnameAlg (handle->nvPublicArea) where nameAlg algorithm used to compute Name HnameAlg hash using the nameAlg parameter in the NV Index location associated with handle nvPublicArea contents of the TPMS_NV_PUBLIC associated with handle */ #ifndef TPM_TSS_NOCRYPTO { TPM2B_NAME name; /* calculate the Name from the TPMS_NV_PUBLIC */ if (rc == 0) { rc = TSS_NVPublic_GetName(&name, &out->nvPublic.nvPublic); } if (rc == 0) { if (name.t.size != out->nvName.t.size) { if (tssVerbose) printf("TSS_PO_NV_ReadPublic: TPMT_NV_PUBLIC does not match TPM2B_NAME\n"); rc = TSS_RC_MALFORMED_NV_PUBLIC; } else { int irc; irc = memcmp(name.t.name, out->nvName.t.name, out->nvName.t.size); if (irc != 0) { if (tssVerbose) printf("TSS_PO_NV_ReadPublic: TPMT_NV_PUBLIC does not match TPM2B_NAME\n"); rc = TSS_RC_MALFORMED_NV_PUBLIC; } } } /* use handle as file name */ if (rc == 0) { rc = TSS_Name_Store(tssContext, &out->nvName, in->nvIndex, NULL); } if (rc == 0) { rc = TSS_NVPublic_Store(tssContext, &out->nvPublic.nvPublic, in->nvIndex); } } #else tssContext = tssContext; in = in; out = out; #endif extra = extra; return rc; } static TPM_RC TSS_PO_NV_UndefineSpace(TSS_CONTEXT *tssContext, NV_UndefineSpace_In *in, void *out, void *extra) { TPM_RC rc = 0; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_NV_UndefineSpace\n"); #ifndef TPM_TSS_NOCRYPTO /* Don't check return code. */ TSS_DeleteHandle(tssContext, in->nvIndex); TSS_NVPublic_Delete(tssContext, in->nvIndex); #else tssContext = tssContext; in = in; #endif return rc; } static TPM_RC TSS_PO_NV_UndefineSpaceSpecial(TSS_CONTEXT *tssContext, NV_UndefineSpaceSpecial_In *in, void *out, void *extra) { TPM_RC rc = 0; out = out; extra = extra; if (tssVverbose) printf("TSS_PO_NV_UndefineSpaceSpecial\n"); /* Don't check return code. The name will only exist if NV_ReadPublic has been issued */ TSS_DeleteHandle(tssContext, in->nvIndex); TSS_NVPublic_Delete(tssContext, in->nvIndex); return rc; } /* TSS_PO_NV_Write() handles the Name and NVPublic update for the 4 NV write commands: write, increment, extend, and setbits */ static TPM_RC TSS_PO_NV_Write(TSS_CONTEXT *tssContext, NV_Write_In *in, void *out, void *extra) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_PO_NV_Write, Increment, Extend, SetBits:\n"); #ifndef TPM_TSS_NOCRYPTO { TPMS_NV_PUBLIC nvPublic; TPM2B_NAME name; /* new name */ if (rc == 0) { rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex); } /* if the previous store had written clear */ if (!(nvPublic.attributes.val & TPMA_NVA_WRITTEN)) { if (rc == 0) { /* set the written bit */ nvPublic.attributes.val |= TPMA_NVA_WRITTEN; /* save the TPMS_NV_PUBLIC */ rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex); } /* calculate the name */ if (rc == 0) { rc = TSS_NVPublic_GetName(&name, &nvPublic); } /* save the name */ if (rc == 0) { /* use handle as file name */ rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL); } /* if there is a failure. delete the name and NVPublic */ if (rc != 0) { TSS_DeleteHandle(tssContext, in->nvIndex); TSS_NVPublic_Delete(tssContext, in->nvIndex); } } } #else tssContext = tssContext; in = in; #endif out = out; extra = extra; return rc; } /* TSS_PO_NV_WriteLock() handles the Name and NVPublic update for the write lock command */ static TPM_RC TSS_PO_NV_WriteLock(TSS_CONTEXT *tssContext, NV_WriteLock_In *in, void *out, void *extra) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_PO_NV_WriteLock:\n"); #ifndef TPM_TSS_NOCRYPTO { TPMS_NV_PUBLIC nvPublic; TPM2B_NAME name; /* new name */ if (rc == 0) { rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex); } /* if the previous store had write lock clear */ if (!(nvPublic.attributes.val & TPMA_NVA_WRITELOCKED)) { if (rc == 0) { /* set the write lock bit */ nvPublic.attributes.val |= TPMA_NVA_WRITELOCKED; /* save the TPMS_NV_PUBLIC */ rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex); } /* calculate the name */ if (rc == 0) { rc = TSS_NVPublic_GetName(&name, &nvPublic); } /* save the name */ if (rc == 0) { /* use handle as file name */ rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL); } /* if there is a failure. delete the name and NVPublic */ if (rc != 0) { TSS_DeleteHandle(tssContext, in->nvIndex); TSS_NVPublic_Delete(tssContext, in->nvIndex); } } } #else tssContext = tssContext; in = in; #endif out = out; extra = extra; return rc; } /* TSS_PO_NV_WriteLock() handles the Name and NVPublic update for the read lock command */ static TPM_RC TSS_PO_NV_ReadLock(TSS_CONTEXT *tssContext, NV_ReadLock_In *in, void *out, void *extra) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_PO_NV_ReadLock:"); #ifndef TPM_TSS_NOCRYPTO { TPMS_NV_PUBLIC nvPublic; TPM2B_NAME name; /* new name */ if (rc == 0) { rc = TSS_NVPublic_Load(tssContext, &nvPublic, in->nvIndex); } /* if the previous store had read lock clear */ if (!(nvPublic.attributes.val & TPMA_NVA_READLOCKED)) { if (rc == 0) { /* set the read lock bit */ nvPublic.attributes.val |= TPMA_NVA_READLOCKED; /* save the TPMS_NV_PUBLIC */ rc = TSS_NVPublic_Store(tssContext, &nvPublic, in->nvIndex); } /* calculate the name */ if (rc == 0) { rc = TSS_NVPublic_GetName(&name, &nvPublic); } /* save the name */ if (rc == 0) { /* use handle as file name */ rc = TSS_Name_Store(tssContext, &name, in->nvIndex, NULL); } /* if there is a failure. delete the name and NVPublic */ if (rc != 0) { TSS_DeleteHandle(tssContext, in->nvIndex); TSS_NVPublic_Delete(tssContext, in->nvIndex); } } } #else tssContext = tssContext; in = in; #endif out = out; extra = extra; return rc; } ./utils/policycphash.c0000644000175000017500000001127113055132457013164 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyCpHash */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policycphash.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyCpHash_In in; TPMI_SH_POLICY policySession = 0; const char *cpHashAFilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ChangePPS_In in; const char *authPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { in.authHandle = TPM_RH_PLATFORM; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ChangePPS, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("changepps: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("changepps: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("changepps\n"); printf("\n"); printf("Runs TPM2_ChangePPS\n"); printf("\n"); printf("\t-pwda authorization password (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/nvglobalwritelock.c0000644000175000017500000001515113070736653014234 0ustar lo1lo1/********************************************************************************/ /* */ /* NV GlobalWriteLock */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvglobalwritelock.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_GlobalWriteLock_In in; char hierarchyAuthChar = 0; const char *password = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Authorization handle */ if (rc == 0) { if (hierarchyAuthChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyAuthChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else { printf("\n"); printUsage(); } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_GlobalWriteLock, sessionHandle0, password, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvglobalwritelock: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvglobalwritelock: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvglobalwritelock\n"); printf("\n"); printf("Runs TPM2_NV_GlobalWriteLock\n"); printf("\n"); printf("\t[-hia hierarchy authorization (o, p)(default index authorization)]\n"); printf("\t-pwd authorization password (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/tssmarshal.c0000644000175000017500000047363513071006020012657 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Marshal and Unmarshal */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssmarshal.c 980 2017-04-04 21:11:44Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include /* The marshaling functions are slightly different from the TPM side. The TPM assumes that all structures are trusted, and so has no error checking. The TSS side makes no such assumption. The prototype pattern is: Return: An extra return code, TSS_RC_INSUFFICIENT_BUFFER, indicates that the supplied buffer size is too small. The TPM functions assert. 'source' is the structure to be marshaled, the same as the TPM functions. 'written' is the __additional__ number of bytes written, the value that the TPM returns. 'buffer' is the buffer written, the same as the TPM functions. ' size' is the remaining size of the buffer, the same as the TPM functions. If 'buffer' is NULL, 'written' is updated but no marshaling is performed. This is used in a two pass pattern, where the first pass returns the size of the buffer to be malloc'ed. If 'size' is NULL, the source is unmarshaled without a size check. The caller must ensure that the buffer is sufficient, often due to a malloc after the first pass. */ /* Command parameter marshaling */ TPM_RC TSS_Startup_In_Marshal(const Startup_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_SU_Marshal(&source->startupType, written, buffer, size); } return rc; } TPM_RC TSS_Shutdown_In_Marshal(const Shutdown_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_SU_Marshal(&source->shutdownType, written, buffer, size); } return rc; } TPM_RC TSS_SelfTest_In_Marshal(const SelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->fullTest, written, buffer, size); } return rc; } TPM_RC TSS_IncrementalSelfTest_In_Marshal(const IncrementalSelfTest_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPML_ALG_Marshal(&source->toTest, written, buffer, size); } return rc; } TPM_RC TSS_StartAuthSession_In_Marshal(const StartAuthSession_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->tpmKey, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_ENTITY_Marshal(&source->bind, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->nonceCaller, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshal(&source->encryptedSalt, written, buffer, size); } if (rc == 0) { rc = TSS_TPM_SE_Marshal(&source->sessionType, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SYM_DEF_Marshal(&source->symmetric, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->authHash, written, buffer, size); } return rc; } TPM_RC TSS_PolicyRestart_In_Marshal(const PolicyRestart_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->sessionHandle, written, buffer, size); } return rc; } TPM_RC TSS_Create_In_Marshal(const Create_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->parentHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_SENSITIVE_CREATE_Marshal(&source->inSensitive, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_Marshal(&source->inPublic, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->outsideInfo, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->creationPCR, written, buffer, size); } return rc; } TPM_RC TSS_Load_In_Marshal(const Load_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->parentHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PRIVATE_Marshal(&source->inPrivate, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_Marshal(&source->inPublic, written, buffer, size); } return rc; } TPM_RC TSS_LoadExternal_In_Marshal(const LoadExternal_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { /* optional parameter, use size as flag */ if (source->inPrivate.b.size == 0) { /* not present */ UINT16 zero = 0; rc = TSS_UINT16_Marshal(&zero, written, buffer, size); } else { rc = TSS_TPM2B_SENSITIVE_Marshal(&source->inPrivate, written, buffer, size); } } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_Marshal(&source->inPublic, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } return rc; } TPM_RC TSS_ReadPublic_In_Marshal(const ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->objectHandle, written, buffer, size); } return rc; } TPM_RC TSS_ActivateCredential_In_Marshal(const ActivateCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->activateHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ID_OBJECT_Marshal(&source->credentialBlob, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshal(&source->secret, written, buffer, size); } return rc; } TPM_RC TSS_MakeCredential_In_Marshal(const MakeCredential_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->handle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->credential, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->objectName, written, buffer, size); } return rc; } TPM_RC TSS_Unseal_In_Marshal(const Unseal_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->itemHandle, written, buffer, size); } return rc; } TPM_RC TSS_ObjectChangeAuth_In_Marshal(const ObjectChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->objectHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->parentHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->newAuth, written, buffer, size); } return rc; } TPM_RC TSS_CreateLoaded_In_Marshal(const CreateLoaded_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->parentHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_SENSITIVE_CREATE_Marshal(&source->inSensitive, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_TEMPLATE_Marshal(&source->inPublic, written, buffer, size); } return rc; } TPM_RC TSS_Duplicate_In_Marshal(const Duplicate_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->objectHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->newParentHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->encryptionKeyIn, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SYM_DEF_OBJECT_Marshal(&source->symmetricAlg, written, buffer, size); } return rc; } TPM_RC TSS_Rewrap_In_Marshal(const Rewrap_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->oldParent, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->newParent, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PRIVATE_Marshal(&source->inDuplicate, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->name, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshal(&source->inSymSeed, written, buffer, size); } return rc; } TPM_RC TSS_Import_In_Marshal(const Import_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->parentHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->encryptionKey, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_Marshal(&source->objectPublic, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PRIVATE_Marshal(&source->duplicate, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ENCRYPTED_SECRET_Marshal(&source->inSymSeed, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SYM_DEF_OBJECT_Marshal(&source->symmetricAlg, written, buffer, size); } return rc; } TPM_RC TSS_RSA_Encrypt_In_Marshal(const RSA_Encrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&source->message, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_RSA_DECRYPT_Marshal(&source->inScheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->label, written, buffer, size); } return rc; } TPM_RC TSS_RSA_Decrypt_In_Marshal(const RSA_Decrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&source->cipherText, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_RSA_DECRYPT_Marshal(&source->inScheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->label, written, buffer, size); } return rc; } TPM_RC TSS_ECDH_KeyGen_In_Marshal(const ECDH_KeyGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } return rc; } TPM_RC TSS_ECDH_ZGen_In_Marshal(const ECDH_ZGen_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_POINT_Marshal(&source->inPoint, written, buffer, size); } return rc; } TPM_RC TSS_ECC_Parameters_In_Marshal(const ECC_Parameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ECC_CURVE_Marshal(&source->curveID, written, buffer, size); } return rc; } TPM_RC TSS_ZGen_2Phase_In_Marshal(const ZGen_2Phase_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyA, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_POINT_Marshal(&source->inQsB, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_POINT_Marshal(&source->inQeB, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ECC_KEY_EXCHANGE_Marshal(&source->inScheme, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->counter, written, buffer, size); } return rc; } TPM_RC TSS_EncryptDecrypt_In_Marshal(const EncryptDecrypt_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->decrypt, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_SYM_MODE_Marshal(&source->mode, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_IV_Marshal(&source->ivIn, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_BUFFER_Marshal(&source->inData, written, buffer, size); } return rc; } TPM_RC TSS_EncryptDecrypt2_In_Marshal(const EncryptDecrypt2_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_BUFFER_Marshal(&source->inData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->decrypt, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_SYM_MODE_Marshal(&source->mode, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_IV_Marshal(&source->ivIn, written, buffer, size); } return rc; } TPM_RC TSS_Hash_In_Marshal(const Hash_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_MAX_BUFFER_Marshal(&source->data, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } return rc; } TPM_RC TSS_HMAC_In_Marshal(const HMAC_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->handle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_BUFFER_Marshal(&source->buffer, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } return rc; } TPM_RC TSS_GetRandom_In_Marshal(const GetRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(&source->bytesRequested, written, buffer, size); } return rc; } TPM_RC TSS_StirRandom_In_Marshal(const StirRandom_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_SENSITIVE_DATA_Marshal(&source->inData, written, buffer, size); } return rc; } TPM_RC TSS_HMAC_Start_In_Marshal(const HMAC_Start_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->handle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } return rc; } TPM_RC TSS_HashSequenceStart_In_Marshal(const HashSequenceStart_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } return rc; } TPM_RC TSS_SequenceUpdate_In_Marshal(const SequenceUpdate_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->sequenceHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_BUFFER_Marshal(&source->buffer, written, buffer, size); } return rc; } TPM_RC TSS_SequenceComplete_In_Marshal(const SequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->sequenceHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_BUFFER_Marshal(&source->buffer, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } return rc; } TPM_RC TSS_EventSequenceComplete_In_Marshal(const EventSequenceComplete_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_PCR_Marshal(&source->pcrHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->sequenceHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_BUFFER_Marshal(&source->buffer, written, buffer, size); } return rc; } TPM_RC TSS_Certify_In_Marshal(const Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->objectHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->qualifyingData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } return rc; } TPM_RC TSS_CertifyCreation_In_Marshal(const CertifyCreation_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->objectHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->qualifyingData, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->creationHash, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_TK_CREATION_Marshal(&source->creationTicket, written, buffer, size); } return rc; } TPM_RC TSS_Quote_In_Marshal(const Quote_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->qualifyingData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->PCRselect, written, buffer, size); } return rc; } TPM_RC TSS_GetSessionAuditDigest_In_Marshal(const GetSessionAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_ENDORSEMENT_Marshal(&source->privacyAdminHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_SH_HMAC_Marshal(&source->sessionHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->qualifyingData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } return rc; } TPM_RC TSS_GetCommandAuditDigest_In_Marshal(const GetCommandAuditDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_ENDORSEMENT_Marshal(&source->privacyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->qualifyingData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } return rc; } TPM_RC TSS_GetTime_In_Marshal(const GetTime_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_ENDORSEMENT_Marshal(&source->privacyAdminHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->qualifyingData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } return rc; } TPM_RC TSS_Commit_In_Marshal(const Commit_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_POINT_Marshal(&source->P1, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_SENSITIVE_DATA_Marshal(&source->s2, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->y2, written, buffer, size); } return rc; } TPM_RC TSS_EC_Ephemeral_In_Marshal(const EC_Ephemeral_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ECC_CURVE_Marshal(&source->curveID, written, buffer, size); } return rc; } TPM_RC TSS_VerifySignature_In_Marshal(const VerifySignature_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->digest, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIGNATURE_Marshal(&source->signature, written, buffer, size); } return rc; } TPM_RC TSS_Sign_In_Marshal(const Sign_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->keyHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->digest, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_TK_HASHCHECK_Marshal(&source->validation, written, buffer, size); } return rc; } TPM_RC TSS_SetCommandCodeAuditStatus_In_Marshal(const SetCommandCodeAuditStatus_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PROVISION_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->auditAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_CC_Marshal(&source->setList, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_CC_Marshal(&source->clearList, written, buffer, size); } return rc; } TPM_RC TSS_PCR_Extend_In_Marshal(const PCR_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_PCR_Marshal(&source->pcrHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_DIGEST_VALUES_Marshal(&source->digests, written, buffer, size); } return rc; } TPM_RC TSS_PCR_Event_In_Marshal(const PCR_Event_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_PCR_Marshal(&source->pcrHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_EVENT_Marshal(&source->eventData, written, buffer, size); } return rc; } TPM_RC TSS_PCR_Read_In_Marshal(const PCR_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->pcrSelectionIn, written, buffer, size); } return rc; } TPM_RC TSS_PCR_Allocate_In_Marshal(const PCR_Allocate_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PLATFORM_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->pcrAllocation, written, buffer, size); } return rc; } TPM_RC TSS_PCR_SetAuthPolicy_In_Marshal(const PCR_SetAuthPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PLATFORM_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->authPolicy, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_PCR_Marshal(&source->pcrNum, written, buffer, size); } return rc; } TPM_RC TSS_PCR_SetAuthValue_In_Marshal(const PCR_SetAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_PCR_Marshal(&source->pcrHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->auth, written, buffer, size); } return rc; } TPM_RC TSS_PCR_Reset_In_Marshal(const PCR_Reset_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_PCR_Marshal(&source->pcrHandle, written, buffer, size); } return rc; } TPM_RC TSS_PolicySigned_In_Marshal(const PolicySigned_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->authObject, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->nonceTPM, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->cpHashA, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->policyRef, written, buffer, size); } if (rc == 0) { rc = TSS_INT32_Marshal(&source->expiration, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIGNATURE_Marshal(&source->auth, written, buffer, size); } return rc; } TPM_RC TSS_PolicySecret_In_Marshal(const PolicySecret_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_ENTITY_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->nonceTPM, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->cpHashA, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->policyRef, written, buffer, size); } if (rc == 0) { rc = TSS_INT32_Marshal(&source->expiration, written, buffer, size); } return rc; } TPM_RC TSS_PolicyTicket_In_Marshal(const PolicyTicket_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_TIMEOUT_Marshal(&source->timeout, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->cpHashA, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->policyRef, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->authName, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_TK_AUTH_Marshal(&source->ticket, written, buffer, size); } return rc; } TPM_RC TSS_PolicyOR_In_Marshal(const PolicyOR_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_DIGEST_Marshal(&source->pHashList, written, buffer, size); } return rc; } TPM_RC TSS_PolicyPCR_In_Marshal(const PolicyPCR_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->pcrDigest, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->pcrs, written, buffer, size); } return rc; } TPM_RC TSS_PolicyLocality_In_Marshal(const PolicyLocality_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPMA_LOCALITY_Marshal(&source->locality, written, buffer, size); } return rc; } TPM_RC TSS_PolicyNV_In_Marshal(const PolicyNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_OPERAND_Marshal(&source->operandB, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->offset, written, buffer, size); } if (rc == 0) { rc = TSS_TPM_EO_Marshal(&source->operation, written, buffer, size); } return rc; } TPM_RC TSS_PolicyCounterTimer_In_Marshal(const PolicyCounterTimer_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_OPERAND_Marshal(&source->operandB, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->offset, written, buffer, size); } if (rc == 0) { rc = TSS_TPM_EO_Marshal(&source->operation, written, buffer, size); } return rc; } TPM_RC TSS_PolicyCommandCode_In_Marshal(const PolicyCommandCode_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM_CC_Marshal(&source->code, written, buffer, size); } return rc; } TPM_RC TSS_PolicyPhysicalPresence_In_Marshal(const PolicyPhysicalPresence_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } return rc; } TPM_RC TSS_PolicyCpHash_In_Marshal(const PolicyCpHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->cpHashA, written, buffer, size); } return rc; } TPM_RC TSS_PolicyNameHash_In_Marshal(const PolicyNameHash_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->nameHash, written, buffer, size); } return rc; } TPM_RC TSS_PolicyDuplicationSelect_In_Marshal(const PolicyDuplicationSelect_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->objectName, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->newParentName, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->includeObject, written, buffer, size); } return rc; } TPM_RC TSS_PolicyAuthorize_In_Marshal(const PolicyAuthorize_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->approvedPolicy, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->policyRef, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->keySign, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_TK_VERIFIED_Marshal(&source->checkTicket, written, buffer, size); } return rc; } TPM_RC TSS_PolicyAuthValue_In_Marshal(const PolicyAuthValue_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } return rc; } TPM_RC TSS_PolicyPassword_In_Marshal(const PolicyPassword_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } return rc; } TPM_RC TSS_PolicyGetDigest_In_Marshal(const PolicyGetDigest_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } return rc; } TPM_RC TSS_PolicyNvWritten_In_Marshal(const PolicyNvWritten_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->writtenSet, written, buffer, size); } return rc; } TPM_RC TSS_PolicyTemplate_In_Marshal(const PolicyTemplate_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->templateHash, written, buffer, size); } return rc; } TPM_RC TSS_PolicyAuthorizeNV_In_Marshal(const PolicyAuthorizeNV_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_SH_POLICY_Marshal(&source->policySession, written, buffer, size); } return rc; } TPM_RC TSS_CreatePrimary_In_Marshal(const CreatePrimary_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->primaryHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_SENSITIVE_CREATE_Marshal(&source->inSensitive, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_Marshal(&source->inPublic, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->outsideInfo, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->creationPCR, written, buffer, size); } return rc; } TPM_RC TSS_HierarchyControl_In_Marshal(const HierarchyControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_ENABLES_Marshal(&source->enable, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->state, written, buffer, size); } return rc; } TPM_RC TSS_SetPrimaryPolicy_In_Marshal(const SetPrimaryPolicy_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->authPolicy, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } return rc; } TPM_RC TSS_ChangePPS_In_Marshal(const ChangePPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PLATFORM_Marshal(&source->authHandle, written, buffer, size); } return rc; } TPM_RC TSS_ChangeEPS_In_Marshal(const ChangeEPS_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PLATFORM_Marshal(&source->authHandle, written, buffer, size); } return rc; } TPM_RC TSS_Clear_In_Marshal(const Clear_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_CLEAR_Marshal(&source->authHandle, written, buffer, size); } return rc; } TPM_RC TSS_ClearControl_In_Marshal(const ClearControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_CLEAR_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->disable, written, buffer, size); } return rc; } TPM_RC TSS_HierarchyChangeAuth_In_Marshal(const HierarchyChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->newAuth, written, buffer, size); } return rc; } TPM_RC TSS_DictionaryAttackLockReset_In_Marshal(const DictionaryAttackLockReset_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_LOCKOUT_Marshal(&source->lockHandle, written, buffer, size); } return rc; } TPM_RC TSS_DictionaryAttackParameters_In_Marshal(const DictionaryAttackParameters_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_LOCKOUT_Marshal(&source->lockHandle, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->newMaxTries, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->newRecoveryTime, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->lockoutRecovery, written, buffer, size); } return rc; } TPM_RC TSS_PP_Commands_In_Marshal(const PP_Commands_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PLATFORM_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_CC_Marshal(&source->setList, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_CC_Marshal(&source->clearList, written, buffer, size); } return rc; } TPM_RC TSS_SetAlgorithmSet_In_Marshal(const SetAlgorithmSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PLATFORM_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->algorithmSet, written, buffer, size); } return rc; } TPM_RC TSS_ContextSave_In_Marshal(const ContextSave_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_CONTEXT_Marshal(&source->saveHandle, written, buffer, size); } return rc; } TPM_RC TSS_ContextLoad_In_Marshal(const ContextLoad_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_CONTEXT_Marshal(&source->context, written, buffer, size); } return rc; } TPM_RC TSS_FlushContext_In_Marshal(const FlushContext_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_CONTEXT_Marshal(&source->flushHandle, written, buffer, size); } return rc; } TPM_RC TSS_EvictControl_In_Marshal(const EvictControl_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PROVISION_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->objectHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_PERSISTENT_Marshal(&source->persistentHandle, written, buffer, size); } return rc; } TPM_RC TSS_ClockSet_In_Marshal(const ClockSet_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PROVISION_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_UINT64_Marshal(&source->newTime, written, buffer, size); } return rc; } TPM_RC TSS_ClockRateAdjust_In_Marshal(const ClockRateAdjust_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PROVISION_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPM_CLOCK_ADJUST_Marshal(&source->rateAdjust, written, buffer, size); } return rc; } TPM_RC TSS_GetCapability_In_Marshal(const GetCapability_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_CAP_Marshal(&source->capability, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->property, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->propertyCount, written, buffer, size); } return rc; } TPM_RC TSS_TestParms_In_Marshal(const TestParms_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMT_PUBLIC_PARMS_Marshal(&source->parameters, written, buffer, size); } return rc; } TPM_RC TSS_NV_DefineSpace_In_Marshal(const NV_DefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PROVISION_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->auth, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NV_PUBLIC_Marshal(&source->publicInfo, written, buffer, size); } return rc; } TPM_RC TSS_NV_UndefineSpace_In_Marshal(const NV_UndefineSpace_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PROVISION_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } return rc; } TPM_RC TSS_NV_UndefineSpaceSpecial_In_Marshal(const NV_UndefineSpaceSpecial_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_PLATFORM_Marshal(&source->platform, written, buffer, size); } return rc; } TPM_RC TSS_NV_ReadPublic_In_Marshal(const NV_ReadPublic_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } return rc; } TPM_RC TSS_NV_Write_In_Marshal(const NV_Write_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_NV_BUFFER_Marshal(&source->data, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->offset, written, buffer, size); } return rc; } TPM_RC TSS_NV_Increment_In_Marshal(const NV_Increment_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } return rc; } TPM_RC TSS_NV_Extend_In_Marshal(const NV_Extend_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_NV_BUFFER_Marshal(&source->data, written, buffer, size); } return rc; } TPM_RC TSS_NV_SetBits_In_Marshal(const NV_SetBits_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_UINT64_Marshal(&source->bits, written, buffer, size); } return rc; } TPM_RC TSS_NV_WriteLock_In_Marshal(const NV_WriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } return rc; } TPM_RC TSS_NV_GlobalWriteLock_In_Marshal(const NV_GlobalWriteLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_PROVISION_Marshal(&source->authHandle, written, buffer, size); } return rc; } TPM_RC TSS_NV_Read_In_Marshal(const NV_Read_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->size, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->offset, written, buffer, size); } return rc; } TPM_RC TSS_NV_ReadLock_In_Marshal(const NV_ReadLock_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } return rc; } TPM_RC TSS_NV_ChangeAuth_In_Marshal(const NV_ChangeAuth_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->newAuth, written, buffer, size); } return rc; } TPM_RC TSS_NV_Certify_In_Marshal(const NV_Certify_In *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_DH_OBJECT_Marshal(&source->signHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_AUTH_Marshal(&source->authHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->qualifyingData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_SIG_SCHEME_Marshal(&source->inScheme, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->size, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->offset, written, buffer, size); } return rc; } /* Response parameter unmarshaling */ TPM_RC TSS_IncrementalSelfTest_Out_Unmarshal(IncrementalSelfTest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPML_ALG_Unmarshal(&target->toDoList, buffer, size); } return rc; } TPM_RC TSS_GetTestResult_Out_Unmarshal(GetTestResult_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->outData, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM_RC_Unmarshal(&target->testResult, buffer, size); } return rc; } TPM_RC TSS_StartAuthSession_Out_Unmarshal(StartAuthSession_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPMI_SH_AUTH_SESSION_Unmarshal(&target->sessionHandle, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->nonceTPM, buffer, size); } return rc; } TPM_RC TSS_Create_Out_Unmarshal(Create_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->outPrivate, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->outPublic, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_CREATION_DATA_Unmarshal(&target->creationData, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->creationHash, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_CREATION_Unmarshal(&target->creationTicket, buffer, size); } return rc; } TPM_RC TSS_Load_Out_Unmarshal(Load_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(&target->objectHandle, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->name, buffer, size); } return rc; } TPM_RC TSS_LoadExternal_Out_Unmarshal(LoadExternal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(&target->objectHandle, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->name, buffer, size); } return rc; } TPM_RC TSS_ReadPublic_Out_Unmarshal(ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->outPublic, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->name, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->qualifiedName, buffer, size); } return rc; } TPM_RC TSS_ActivateCredential_Out_Unmarshal(ActivateCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->certInfo, buffer, size); } return rc; } TPM_RC TSS_MakeCredential_Out_Unmarshal(MakeCredential_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ID_OBJECT_Unmarshal(&target->credentialBlob, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ENCRYPTED_SECRET_Unmarshal(&target->secret, buffer, size); } return rc; } TPM_RC TSS_Unseal_Out_Unmarshal(Unseal_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_DATA_Unmarshal(&target->outData, buffer, size); } return rc; } TPM_RC TSS_ObjectChangeAuth_Out_Unmarshal(ObjectChangeAuth_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->outPrivate, buffer, size); } return rc; } TPM_RC TSS_CreateLoaded_Out_Unmarshal(CreateLoaded_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(&target->objectHandle, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->outPrivate, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->outPublic, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->name, buffer, size); } return rc; } TPM_RC TSS_Duplicate_Out_Unmarshal(Duplicate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->encryptionKeyOut, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->duplicate, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ENCRYPTED_SECRET_Unmarshal(&target->outSymSeed, buffer, size); } return rc; } TPM_RC TSS_Rewrap_Out_Unmarshal(Rewrap_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->outDuplicate, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ENCRYPTED_SECRET_Unmarshal(&target->outSymSeed, buffer, size); } return rc; } TPM_RC TSS_Import_Out_Unmarshal(Import_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->outPrivate, buffer, size); } return rc; } TPM_RC TSS_RSA_Encrypt_Out_Unmarshal(RSA_Encrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&target->outData, buffer, size); } return rc; } TPM_RC TSS_RSA_Decrypt_Out_Unmarshal(RSA_Decrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&target->message, buffer, size); } return rc; } TPM_RC TSS_ECDH_KeyGen_Out_Unmarshal(ECDH_KeyGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->zPoint, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->pubPoint, buffer, size); } return rc; } TPM_RC TSS_ECDH_ZGen_Out_Unmarshal(ECDH_ZGen_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->outPoint, buffer, size); } return rc; } TPM_RC TSS_ECC_Parameters_Out_Unmarshal(ECC_Parameters_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPMS_ALGORITHM_DETAIL_ECC_Unmarshal(&target->parameters, buffer, size); } return rc; } TPM_RC TSS_ZGen_2Phase_Out_Unmarshal(ZGen_2Phase_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->outZ1, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->outZ2, buffer, size); } return rc; } TPM_RC TSS_EncryptDecrypt_Out_Unmarshal(EncryptDecrypt_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->outData, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_IV_Unmarshal(&target->ivOut, buffer, size); } return rc; } TPM_RC TSS_EncryptDecrypt2_Out_Unmarshal(EncryptDecrypt2_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { return TSS_EncryptDecrypt_Out_Unmarshal((EncryptDecrypt_Out *)target, tag, buffer, size); } TPM_RC TSS_Hash_Out_Unmarshal(Hash_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->outHash, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_HASHCHECK_Unmarshal(&target->validation, buffer, size); } return rc; } TPM_RC TSS_HMAC_Out_Unmarshal(HMAC_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->outHMAC, buffer, size); } return rc; } TPM_RC TSS_GetRandom_Out_Unmarshal(GetRandom_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->randomBytes, buffer, size); } return rc; } TPM_RC TSS_HMAC_Start_Out_Unmarshal(HMAC_Start_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPMI_DH_OBJECT_Unmarshal(&target->sequenceHandle, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } return rc; } TPM_RC TSS_HashSequenceStart_Out_Unmarshal(HashSequenceStart_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPMI_DH_OBJECT_Unmarshal(&target->sequenceHandle, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } return rc; } TPM_RC TSS_SequenceComplete_Out_Unmarshal(SequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->result, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_HASHCHECK_Unmarshal(&target->validation, buffer, size); } return rc; } TPM_RC TSS_EventSequenceComplete_Out_Unmarshal(EventSequenceComplete_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPML_DIGEST_VALUES_Unmarshal(&target->results, buffer, size); } return rc; } TPM_RC TSS_Certify_Out_Unmarshal(Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ATTEST_Unmarshal(&target->certifyInfo, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } TPM_RC TSS_CertifyCreation_Out_Unmarshal(CertifyCreation_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ATTEST_Unmarshal(&target->certifyInfo, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } TPM_RC TSS_Quote_Out_Unmarshal(Quote_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ATTEST_Unmarshal(&target->quoted, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } TPM_RC TSS_GetSessionAuditDigest_Out_Unmarshal(GetSessionAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ATTEST_Unmarshal(&target->auditInfo, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } TPM_RC TSS_GetCommandAuditDigest_Out_Unmarshal(GetCommandAuditDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ATTEST_Unmarshal(&target->auditInfo, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } TPM_RC TSS_GetTime_Out_Unmarshal(GetTime_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ATTEST_Unmarshal(&target->timeInfo, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } TPM_RC TSS_Commit_Out_Unmarshal(Commit_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->K, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->L, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->E, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->counter, buffer, size); } return rc; } TPM_RC TSS_EC_Ephemeral_Out_Unmarshal(EC_Ephemeral_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->Q, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->counter, buffer, size); } return rc; } TPM_RC TSS_VerifySignature_Out_Unmarshal(VerifySignature_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_VERIFIED_Unmarshal(&target->validation, buffer, size); } return rc; } TPM_RC TSS_Sign_Out_Unmarshal(Sign_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } TPM_RC TSS_PCR_Event_Out_Unmarshal(PCR_Event_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPML_DIGEST_VALUES_Unmarshal(&target->digests, buffer, size); } return rc; } TPM_RC TSS_PCR_Read_Out_Unmarshal(PCR_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->pcrUpdateCounter, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->pcrSelectionOut, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPML_DIGEST_Unmarshal(&target->pcrValues, buffer, size, 0); } return rc; } TPM_RC TSS_PCR_Allocate_Out_Unmarshal(PCR_Allocate_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->allocationSuccess, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->maxPCR, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->sizeNeeded, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->sizeAvailable, buffer, size); } return rc; } TPM_RC TSS_PolicySigned_Out_Unmarshal(PolicySigned_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_TIMEOUT_Unmarshal(&target->timeout, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_AUTH_Unmarshal(&target->policyTicket, buffer, size); } return rc; } TPM_RC TSS_PolicySecret_Out_Unmarshal(PolicySecret_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_TIMEOUT_Unmarshal(&target->timeout, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_AUTH_Unmarshal(&target->policyTicket, buffer, size); } return rc; } TPM_RC TSS_PolicyGetDigest_Out_Unmarshal(PolicyGetDigest_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->policyDigest, buffer, size); } return rc; } TPM_RC TSS_CreatePrimary_Out_Unmarshal(CreatePrimary_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPM_HANDLE_Unmarshal(&target->objectHandle, buffer, size); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->outPublic, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_CREATION_DATA_Unmarshal(&target->creationData, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->creationHash, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_CREATION_Unmarshal(&target->creationTicket, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->name, buffer, size); } return rc; } TPM_RC TSS_ContextSave_Out_Unmarshal(ContextSave_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPMS_CONTEXT_Unmarshal(&target->context, buffer, size); } return rc; } TPM_RC TSS_ContextLoad_Out_Unmarshal(ContextLoad_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { rc = TPMI_DH_CONTEXT_Unmarshal(&target->loadedHandle, buffer, size, NO); } if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } return rc; } TPM_RC TSS_ReadClock_Out_Unmarshal(ReadClock_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPMS_TIME_INFO_Unmarshal(&target->currentTime, buffer, size); } return rc; } TPM_RC TSS_GetCapability_Out_Unmarshal(GetCapability_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->moreData, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMS_CAPABILITY_DATA_Unmarshal(&target->capabilityData, buffer, size); } return rc; } TPM_RC TSS_NV_ReadPublic_Out_Unmarshal(NV_ReadPublic_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NV_PUBLIC_Unmarshal(&target->nvPublic, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->nvName, buffer, size); } return rc; } TPM_RC TSS_NV_Read_Out_Unmarshal(NV_Read_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_NV_BUFFER_Unmarshal(&target->data, buffer, size); } return rc; } TPM_RC TSS_NV_Certify_Out_Unmarshal(NV_Certify_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; UINT32 parameterSize = 0; if (rc == TPM_RC_SUCCESS) { if (tag == TPM_ST_SESSIONS) { rc = UINT32_Unmarshal(¶meterSize, buffer, size); } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ATTEST_Unmarshal(&target->certifyInfo, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); } return rc; } /* Structure marshaling */ TPM_RC TSS_UINT8_Marshal(const UINT8 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (buffer != NULL) { /* if buffer is NULL, don't marshal, just return written */ /* if size is NULL, ignore it, else check sufficient */ if ((size == NULL) || ((UINT32)*size >= sizeof(UINT8))) { /* marshal, move the buffer */ (*buffer)[0] = *source; *buffer += sizeof(UINT8); /* is size was supplied, update it */ if (size != NULL) { *size -= sizeof(UINT8); } } else { rc = TSS_RC_INSUFFICIENT_BUFFER; } } *written += sizeof(UINT8); return rc; } TPM_RC TSS_INT8_Marshal(const INT8 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; rc = TSS_UINT8_Marshal((const UINT8 *)source, written, buffer, size); return rc; } TPM_RC TSS_UINT16_Marshal(const UINT16 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (buffer != NULL) { if ((size == NULL) || ((UINT32)*size >= sizeof(UINT16))) { (*buffer)[0] = (BYTE)((*source >> 8) & 0xff); (*buffer)[1] = (BYTE)((*source >> 0) & 0xff); *buffer += sizeof(UINT16); if (size != NULL) { *size -= sizeof(UINT16); } } else { rc = TSS_RC_INSUFFICIENT_BUFFER; } } *written += sizeof(UINT16); return rc; } TPM_RC TSS_UINT32_Marshal(const UINT32 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (buffer != NULL) { if ((size == NULL) || ((UINT32)*size >= sizeof(UINT32))) { (*buffer)[0] = (BYTE)((*source >> 24) & 0xff); (*buffer)[1] = (BYTE)((*source >> 16) & 0xff); (*buffer)[2] = (BYTE)((*source >> 8) & 0xff); (*buffer)[3] = (BYTE)((*source >> 0) & 0xff); *buffer += sizeof(UINT32); if (size != NULL) { *size -= sizeof(UINT32); } } else { rc = TSS_RC_INSUFFICIENT_BUFFER; } } *written += sizeof(UINT32); return rc; } TPM_RC TSS_INT32_Marshal(const INT32 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; rc = TSS_UINT32_Marshal((const UINT32 *)source, written, buffer, size); return rc; } TPM_RC TSS_UINT64_Marshal(const UINT64 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (buffer != NULL) { if ((size == NULL) || ((UINT32)*size >= sizeof(UINT64))) { (*buffer)[0] = (BYTE)((*source >> 56) & 0xff); (*buffer)[1] = (BYTE)((*source >> 48) & 0xff); (*buffer)[2] = (BYTE)((*source >> 40) & 0xff); (*buffer)[3] = (BYTE)((*source >> 32) & 0xff); (*buffer)[4] = (BYTE)((*source >> 24) & 0xff); (*buffer)[5] = (BYTE)((*source >> 16) & 0xff); (*buffer)[6] = (BYTE)((*source >> 8) & 0xff); (*buffer)[7] = (BYTE)((*source >> 0) & 0xff); *buffer += sizeof(UINT64); if (size != NULL) { *size -= sizeof(UINT64); } } else { rc = TSS_RC_INSUFFICIENT_BUFFER; } } *written += sizeof(UINT64); return rc; } TPM_RC TSS_Array_Marshal(const BYTE *source, UINT16 sourceSize, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (buffer != NULL) { if ((size == NULL) || (*size >= sourceSize)) { memcpy(*buffer, source, sourceSize); *buffer += sourceSize; if (size != NULL) { *size -= sourceSize; } } else { rc = TSS_RC_INSUFFICIENT_BUFFER; } } *written += sourceSize; return rc; } TPM_RC TSS_TPM2B_Marshal(const TPM2B *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(&(source->size), written, buffer, size); } if (rc == 0) { rc = TSS_Array_Marshal(source->buffer, source->size, written, buffer, size); } return rc; } /* Table 5 - Definition of Types for Documentation Clarity */ TPM_RC TSS_TPM_KEY_BITS_Marshal(const TPM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(source, written, buffer, size); } return rc; } /* Table 7 - Definition of (UINT32) TPM_GENERATED Constants */ TPM_RC TSS_TPM_GENERATED_Marshal(const TPM_GENERATED *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(source, written, buffer, size); } return rc; } /* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ TPM_RC TSS_TPM_ALG_ID_Marshal(const TPM_ALG_ID *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(source, written, buffer, size); } return rc; } /* Table 10 - Definition of (UINT16) {ECC} TPM_ECC_CURVE Constants */ #ifdef TPM_ALG_ECC TPM_RC TSS_TPM_ECC_CURVE_Marshal(const TPM_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(source, written, buffer, size); } return rc; } #endif /* Table 17 - Definition of (UINT32) TPM_RC Constants (Actions) */ TPM_RC TSS_TPM_RC_Marshal(const TPM_RC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(source, written, buffer, size); } return rc; } /* Table 18 - Definition of (INT8) TPM_CLOCK_ADJUST Constants */ TPM_RC TSS_TPM_CLOCK_ADJUST_Marshal(const TPM_CLOCK_ADJUST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_INT8_Marshal(source, written, buffer, size); } return rc; } /* Table 19 - Definition of (UINT16) TPM_EO Constants */ TPM_RC TSS_TPM_EO_Marshal(const TPM_EO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(source, written, buffer, size); } return rc; } /* Table 20 - Definition of (UINT16) TPM_ST Constants */ TPM_RC TSS_TPM_ST_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(source, written, buffer, size); } return rc; } /* Table 21 - Definition of (UINT16) TPM_SU Constants */ TPM_RC TSS_TPM_SU_Marshal(const TPM_ST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT16_Marshal(source, written, buffer, size); } return rc; } /* Table 22 - Definition of (UINT8) TPM_SE Constants */ TPM_RC TSS_TPM_SE_Marshal(const TPM_SE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT8_Marshal(source, written, buffer, size); } return rc; } /* Table 23 - Definition of (UINT32) TPM_CAP Constants */ TPM_RC TSS_TPM_CAP_Marshal(const TPM_CAP *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(source, written, buffer, size); } return rc; } /* Table 24 - Definition of (UINT32) TPM_PT Constants */ TPM_RC TSS_TPM_PT_Marshal(const TPM_PT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(source, written, buffer, size); } return rc; } /* Table 25 - Definition of (UINT32) TPM_PT_PCR Constants */ TPM_RC TSS_TPM_PT_PCR_Marshal(const TPM_PT_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(source, written, buffer, size); } return rc; } /* Table 27 - Definition of Types for Handles */ TPM_RC TSS_TPM_HANDLE_Marshal(const TPM_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(source, written, buffer, size); } return rc; } /* Table 31 - Definition of (UINT32) TPMA_ALGORITHM Bits */ TPM_RC TSS_TPMA_ALGORITHM_Marshal(const TPMA_ALGORITHM *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->val, written, buffer, size); } return rc; } /* Table 32 - Definition of (UINT32) TPMA_OBJECT Bits */ TPM_RC TSS_TPMA_OBJECT_Marshal(const TPMA_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->val, written, buffer, size); } return rc; } /* Table 33 - Definition of (UINT8) TPMA_SESSION Bits */ TPM_RC TSS_TPMA_SESSION_Marshal(const TPMA_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT8_Marshal(&source->val, written, buffer, size); } return rc; } /* Table 34 - Definition of (UINT8) TPMA_LOCALITY Bits */ TPM_RC TSS_TPMA_LOCALITY_Marshal(const TPMA_LOCALITY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT8_Marshal(&source->val, written, buffer, size); } return rc; } /* Table 38 - Definition of (TPM_CC) TPMA_CC Bits */ TPM_RC TSS_TPM_CC_Marshal(const TPM_CC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(source, written, buffer, size); } return rc; } /* Table 38 - Definition of (TPM_CC) TPMA_CC Bits */ TPM_RC TSS_TPMA_CC_Marshal(const TPMA_CC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->val, written, buffer, size); } return rc; } /* Table 39 - Definition of (BYTE) TPMI_YES_NO Type */ TPM_RC TSS_TPMI_YES_NO_Marshal(const TPMI_YES_NO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT8_Marshal(source, written, buffer, size); } return rc; } /* Table 40 - Definition of (TPM_HANDLE) TPMI_DH_OBJECT Type */ TPM_RC TSS_TPMI_DH_OBJECT_Marshal(const TPMI_DH_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 41 - Definition of (TPM_HANDLE) TPMI_DH_PERSISTENT Type */ TPM_RC TSS_TPMI_DH_PERSISTENT_Marshal(const TPMI_DH_PERSISTENT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 42 - Definition of (TPM_HANDLE) TPMI_DH_ENTITY Type */ TPM_RC TSS_TPMI_DH_ENTITY_Marshal(const TPMI_DH_ENTITY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 43 - Definition of (TPM_HANDLE) TPMI_DH_PCR Type */ TPM_RC TSS_TPMI_DH_PCR_Marshal(const TPMI_DH_PCR *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 44 - Definition of (TPM_HANDLE) TPMI_SH_AUTH_SESSION Type */ TPM_RC TSS_TPMI_SH_AUTH_SESSION_Marshal(const TPMI_SH_AUTH_SESSION *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 45 - Definition of (TPM_HANDLE) TPMI_SH_HMAC Type */ TPM_RC TSS_TPMI_SH_HMAC_Marshal(const TPMI_SH_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 46 - Definition of (TPM_HANDLE) TPMI_SH_POLICY Type */ TPM_RC TSS_TPMI_SH_POLICY_Marshal(const TPMI_SH_POLICY*source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 47 - Definition of (TPM_HANDLE) TPMI_DH_CONTEXT Type */ TPM_RC TSS_TPMI_DH_CONTEXT_Marshal(const TPMI_DH_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 48 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY Type */ TPM_RC TSS_TPMI_RH_HIERARCHY_Marshal(const TPMI_RH_HIERARCHY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 49 - Definition of (TPM_HANDLE) TPMI_RH_ENABLES Type */ TPM_RC TSS_TPMI_RH_ENABLES_Marshal(const TPMI_RH_ENABLES *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 50 - Definition of (TPM_HANDLE) TPMI_RH_HIERARCHY_AUTH Type */ TPM_RC TSS_TPMI_RH_HIERARCHY_AUTH_Marshal(const TPMI_RH_HIERARCHY_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 51 - Definition of (TPM_HANDLE) TPMI_RH_PLATFORM Type */ TPM_RC TSS_TPMI_RH_PLATFORM_Marshal(const TPMI_RH_PLATFORM *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 53 - Definition of (TPM_HANDLE) TPMI_RH_ENDORSEMENT Type */ TPM_RC TSS_TPMI_RH_ENDORSEMENT_Marshal(const TPMI_RH_ENDORSEMENT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 54 - Definition of (TPM_HANDLE) TPMI_RH_PROVISION Type */ TPM_RC TSS_TPMI_RH_PROVISION_Marshal(const TPMI_RH_PROVISION *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 55 - Definition of (TPM_HANDLE) TPMI_RH_CLEAR Type */ TPM_RC TSS_TPMI_RH_CLEAR_Marshal(const TPMI_RH_CLEAR *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 56 - Definition of (TPM_HANDLE) TPMI_RH_NV_AUTH Type */ TPM_RC TSS_TPMI_RH_NV_AUTH_Marshal(const TPMI_RH_NV_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 57 - Definition of (TPM_HANDLE) TPMI_RH_LOCKOUT Type */ TPM_RC TSS_TPMI_RH_LOCKOUT_Marshal(const TPMI_RH_LOCKOUT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 58 - Definition of (TPM_HANDLE) TPMI_RH_NV_INDEX Type */ TPM_RC TSS_TPMI_RH_NV_INDEX_Marshal(const TPMI_RH_NV_INDEX *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(source, written, buffer, size); } return rc; } /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type */ TPM_RC TSS_TPMI_ALG_HASH_Marshal(const TPMI_ALG_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 61 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM Type */ TPM_RC TSS_TPMI_ALG_SYM_Marshal(const TPMI_ALG_SYM *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 62 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_OBJECT Type */ TPM_RC TSS_TPMI_ALG_SYM_OBJECT_Marshal(const TPMI_ALG_SYM_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 63 - Definition of (TPM_ALG_ID) TPMI_ALG_SYM_MODE Type */ TPM_RC TSS_TPMI_ALG_SYM_MODE_Marshal(const TPMI_ALG_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 64 - Definition of (TPM_ALG_ID) TPMI_ALG_KDF Type */ TPM_RC TSS_TPMI_ALG_KDF_Marshal(const TPMI_ALG_KDF *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 65 - Definition of (TPM_ALG_ID) TPMI_ALG_SIG_SCHEME Type */ TPM_RC TSS_TPMI_ALG_SIG_SCHEME_Marshal(const TPMI_ALG_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 66 - Definition of (TPM_ALG_ID) TPMI_ECC_KEY_EXCHANGE Type */ TPM_RC TSS_TPMI_ECC_KEY_EXCHANGE_Marshal(const TPMI_ECC_KEY_EXCHANGE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 67 - Definition of (TPM_ST) TPMI_ST_COMMAND_TAG Type */ TPM_RC TSS_TPMI_ST_COMMAND_TAG_Marshal(const TPMI_ST_COMMAND_TAG *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ST_Marshal(source, written, buffer, size); } return rc; } /* Table 70 - Definition of TPMU_HA Union */ TPM_RC TSS_TPMU_HA_Marshal(const TPMU_HA *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_SHA1 case TPM_ALG_SHA1: if (rc == 0) { rc = TSS_Array_Marshal(&source->sha1[0], SHA1_DIGEST_SIZE, written, buffer, size); } break; #endif #ifdef TPM_ALG_SHA256 case TPM_ALG_SHA256: if (rc == 0) { rc = TSS_Array_Marshal(&source->sha256[0], SHA256_DIGEST_SIZE, written, buffer, size); } break; #endif #ifdef TPM_ALG_SHA384 case TPM_ALG_SHA384: if (rc == 0) { rc = TSS_Array_Marshal(&source->sha384[0], SHA384_DIGEST_SIZE, written, buffer, size); } break; #endif #ifdef TPM_ALG_SHA512 case TPM_ALG_SHA512: if (rc == 0) { rc = TSS_Array_Marshal(&source->sha512[0], SHA512_DIGEST_SIZE, written, buffer, size); } break; #endif #ifdef TPM_ALG_SM3_256 case TPM_ALG_SM3_256: if (rc == 0) { rc = TSS_Array_Marshal(&source->sm3_256[0], SM3_256_DIGEST_SIZE, written, buffer, size); } break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 71 - Definition of TPMT_HA Structure */ TPM_RC TSS_TPMT_HA_Marshal(const TPMT_HA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_HA_Marshal(&source->digest, written, buffer, size, source->hashAlg); } return rc; } /* Table 72 - Definition of TPM2B_DIGEST Structure */ TPM_RC TSS_TPM2B_DIGEST_Marshal(const TPM2B_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 73 - Definition of TPM2B_DATA Structure */ TPM_RC TSS_TPM2B_DATA_Marshal(const TPM2B_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 74 - Definition of Types for TPM2B_NONCE */ TPM_RC TSS_TPM2B_NONCE_Marshal(const TPM2B_NONCE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(source, written, buffer, size); } return rc; } /* Table 75 - Definition of Types for TPM2B_AUTH */ TPM_RC TSS_TPM2B_AUTH_Marshal(const TPM2B_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(source, written, buffer, size); } return rc; } /* Table 76 - Definition of Types for TPM2B_OPERAND */ TPM_RC TSS_TPM2B_OPERAND_Marshal(const TPM2B_OPERAND *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(source, written, buffer, size); } return rc; } /* Table 77 - Definition of TPM2B_EVENT Structure */ TPM_RC TSS_TPM2B_EVENT_Marshal(const TPM2B_EVENT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 78 - Definition of TPM2B_MAX_BUFFER Structure */ TPM_RC TSS_TPM2B_MAX_BUFFER_Marshal(const TPM2B_MAX_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 79 - Definition of TPM2B_MAX_NV_BUFFER Structure */ TPM_RC TSS_TPM2B_MAX_NV_BUFFER_Marshal(const TPM2B_MAX_NV_BUFFER *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 80 - Definition of TPM2B_TIMEOUT Structure */ TPM_RC TSS_TPM2B_TIMEOUT_Marshal(const TPM2B_TIMEOUT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(source, written, buffer, size); } return rc; } /* Table 81 - Definition of TPM2B_IV Structure */ TPM_RC TSS_TPM2B_IV_Marshal(const TPM2B_IV *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 83 - Definition of TPM2B_NAME Structure */ TPM_RC TSS_TPM2B_NAME_Marshal(const TPM2B_NAME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ TPM_RC TSS_TPMS_PCR_SELECTION_Marshal(const TPMS_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hash, written, buffer, size); } if (rc == 0) { rc = TSS_UINT8_Marshal(&source->sizeofSelect, written, buffer, size); } if (rc == 0) { rc = TSS_Array_Marshal(&source->pcrSelect[0], PCR_SELECT_MAX, written, buffer, size); } return rc; } /* Table 88 - Definition of TPMT_TK_CREATION Structure */ TPM_RC TSS_TPMT_TK_CREATION_Marshal(const TPMT_TK_CREATION *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ST_Marshal(&source->tag, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->digest, written, buffer, size); } return rc; } /* Table 89 - Definition of TPMT_TK_VERIFIED Structure */ TPM_RC TSS_TPMT_TK_VERIFIED_Marshal(const TPMT_TK_VERIFIED *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ST_Marshal(&source->tag, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->digest, written, buffer, size); } return rc; } /* Table 90 - Definition of TPMT_TK_AUTH Structure */ TPM_RC TSS_TPMT_TK_AUTH_Marshal(const TPMT_TK_AUTH *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ST_Marshal(&source->tag, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->digest, written, buffer, size); } return rc; } /* Table 91 - Definition of TPMT_TK_HASHCHECK Structure */ TPM_RC TSS_TPMT_TK_HASHCHECK_Marshal(const TPMT_TK_HASHCHECK *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ST_Marshal(&source->tag, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->digest, written, buffer, size); } return rc; } /* Table 92 - Definition of TPMS_ALG_PROPERTY Structure */ TPM_RC TSS_TPMS_ALG_PROPERTY_Marshal(const TPMS_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(&source->alg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMA_ALGORITHM_Marshal(&source->algProperties, written, buffer, size); } return rc; } /* Table 93 - Definition of TPMS_TAGGED_PROPERTY Structure */ TPM_RC TSS_TPMS_TAGGED_PROPERTY_Marshal(const TPMS_TAGGED_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_PT_Marshal(&source->property, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->value, written, buffer, size); } return rc; } /* Table 94 - Definition of TPMS_TAGGED_PCR_SELECT Structure */ TPM_RC TSS_TPMS_TAGGED_PCR_SELECT_Marshal(const TPMS_TAGGED_PCR_SELECT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_PT_PCR_Marshal(&source->tag, written, buffer, size); } if (rc == 0) { rc = TSS_UINT8_Marshal(&source->sizeofSelect, written, buffer, size); } if (rc == 0) { rc = TSS_Array_Marshal(&source->pcrSelect[0], PCR_SELECT_MAX, written, buffer, size); } return rc; } /* Table 95 - Definition of TPML_CC Structure */ TPM_RC TSS_TPML_CC_Marshal(const TPML_CC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPM_CC_Marshal(&source->commandCodes[i], written, buffer, size); } } return rc; } /* Table 96 - Definition of TPML_CCA Structure */ TPM_RC TSS_TPML_CCA_Marshal(const TPML_CCA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPMA_CC_Marshal(&source->commandAttributes[i], written, buffer, size); } } return rc; } /* Table 97 - Definition of TPML_ALG Structure */ TPM_RC TSS_TPML_ALG_Marshal(const TPML_ALG *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(&source->algorithms[i], written, buffer, size); } } return rc; } /* Table 98 - Definition of TPML_HANDLE Structure */ TPM_RC TSS_TPML_HANDLE_Marshal(const TPML_HANDLE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPM_HANDLE_Marshal(&source->handle[i], written, buffer, size); } } return rc; } /* Table 99 - Definition of TPML_DIGEST Structure */ TPM_RC TSS_TPML_DIGEST_Marshal(const TPML_DIGEST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->digests[i], written, buffer, size); } } return rc; } /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ TPM_RC TSS_TPML_DIGEST_VALUES_Marshal(const TPML_DIGEST_VALUES *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPMT_HA_Marshal(&source->digests[i], written, buffer, size); } } return rc; } /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ TPM_RC TSS_TPML_PCR_SELECTION_Marshal(const TPML_PCR_SELECTION *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPMS_PCR_SELECTION_Marshal(&source->pcrSelections[i], written, buffer, size); } } return rc; } /* Table 103 - Definition of TPML_ALG_PROPERTY Structure */ TPM_RC TSS_TPML_ALG_PROPERTY_Marshal(const TPML_ALG_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPMS_ALG_PROPERTY_Marshal(&source->algProperties[i], written, buffer, size); } } return rc; } /* Table 104 - Definition of TPML_TAGGED_TPM_PROPERTY Structure */ TPM_RC TSS_TPML_TAGGED_TPM_PROPERTY_Marshal(const TPML_TAGGED_TPM_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPMS_TAGGED_PROPERTY_Marshal(&source->tpmProperty[i], written, buffer, size); } } return rc; } /* Table 105 - Definition of TPML_TAGGED_PCR_PROPERTY Structure */ TPM_RC TSS_TPML_TAGGED_PCR_PROPERTY_Marshal(const TPML_TAGGED_PCR_PROPERTY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPMS_TAGGED_PCR_SELECT_Marshal(&source->pcrProperty[i], written, buffer, size); } } return rc; } /* Table 106 - Definition of {ECC} TPML_ECC_CURVE Structure */ TPM_RC TSS_TPML_ECC_CURVE_Marshal(const TPML_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT32 i; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->count, written, buffer, size); } for (i = 0 ; i < source->count ; i++) { if (rc == 0) { rc = TSS_TPM_ECC_CURVE_Marshal(&source->eccCurves[i], written, buffer, size); } } return rc; } /* Table 107 - Definition of TPMU_CAPABILITIES Union */ TPM_RC TSS_TPMU_CAPABILITIES_Marshal(const TPMU_CAPABILITIES *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { case TPM_CAP_ALGS: if (rc == 0) { rc = TSS_TPML_ALG_PROPERTY_Marshal(&source->algorithms, written, buffer, size); } break; case TPM_CAP_HANDLES: if (rc == 0) { rc = TSS_TPML_HANDLE_Marshal(&source->handles, written, buffer, size); } break; case TPM_CAP_COMMANDS: if (rc == 0) { rc = TSS_TPML_CCA_Marshal(&source->command, written, buffer, size); } break; case TPM_CAP_PP_COMMANDS: if (rc == 0) { rc = TSS_TPML_CC_Marshal(&source->ppCommands, written, buffer, size); } break; case TPM_CAP_AUDIT_COMMANDS: if (rc == 0) { rc = TSS_TPML_CC_Marshal(&source->auditCommands, written, buffer, size); } break; case TPM_CAP_PCRS: if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->assignedPCR, written, buffer, size); } break; case TPM_CAP_TPM_PROPERTIES: if (rc == 0) { rc = TSS_TPML_TAGGED_TPM_PROPERTY_Marshal(&source->tpmProperties, written, buffer, size); } break; case TPM_CAP_PCR_PROPERTIES: if (rc == 0) { rc = TSS_TPML_TAGGED_PCR_PROPERTY_Marshal(&source->pcrProperties, written, buffer, size); } break; case TPM_CAP_ECC_CURVES: if (rc == 0) { rc = TSS_TPML_ECC_CURVE_Marshal(&source->eccCurves, written, buffer, size); } break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 108 - Definition of TPMS_CAPABILITY_DATA Structure */ TPM_RC TSS_TPMS_CAPABILITY_DATA_Marshal(const TPMS_CAPABILITY_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_CAP_Marshal(&source->capability, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_CAPABILITIES_Marshal(&source->data, written, buffer, size, source->capability); } return rc; } /* Table 109 - Definition of TPMS_CLOCK_INFO Structure */ TPM_RC TSS_TPMS_CLOCK_INFO_Marshal(const TPMS_CLOCK_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT64_Marshal(&source->clock, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->resetCount, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->restartCount, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->safe, written, buffer, size); } return rc; } /* Table 110 - Definition of TPMS_TIME_INFO Structure */ TPM_RC TSS_TPMS_TIME_INFO_Marshal(const TPMS_TIME_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT64_Marshal(&source->time, written, buffer, size); } if (rc == 0) { rc = TSS_TPMS_CLOCK_INFO_Marshal(&source->clockInfo, written, buffer, size); } return rc; } /* Table 111 - Definition of TPMS_TIME_ATTEST_INFO Structure */ TPM_RC TSS_TPMS_TIME_ATTEST_INFO_Marshal(const TPMS_TIME_ATTEST_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_TIME_INFO_Marshal(&source->time, written, buffer, size); } if (rc == 0) { rc = TSS_UINT64_Marshal(&source->firmwareVersion, written, buffer, size); } return rc; } /* Table 112 - Definition of TPMS_CERTIFY_INFO Structure */ TPM_RC TSS_TPMS_CERTIFY_INFO_Marshal(const TPMS_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->name, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->qualifiedName, written, buffer, size); } return rc; } /* Table 113 - Definition of TPMS_QUOTE_INFO Structure */ TPM_RC TSS_TPMS_QUOTE_INFO_Marshal(const TPMS_QUOTE_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->pcrSelect, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->pcrDigest, written, buffer, size); } return rc; } /* Table 114 - Definition of TPMS_COMMAND_AUDIT_INFO Structure */ TPM_RC TSS_TPMS_COMMAND_AUDIT_INFO_Marshal(const TPMS_COMMAND_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT64_Marshal(&source->auditCounter, written, buffer, size); } if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(&source->digestAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->auditDigest, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->commandDigest, written, buffer, size); } return rc; } /* Table 115 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ TPM_RC TSS_TPMS_SESSION_AUDIT_INFO_Marshal(const TPMS_SESSION_AUDIT_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_YES_NO_Marshal(&source->exclusiveSession, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->sessionDigest, written, buffer, size); } return rc; } /* Table 116 - Definition of TPMS_CREATION_INFO Structure */ TPM_RC TSS_TPMS_CREATION_INFO_Marshal(const TPMS_CREATION_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->objectName, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->creationHash, written, buffer, size); } return rc; } /* Table 117 - Definition of TPMS_NV_CERTIFY_INFO Structure */ TPM_RC TSS_TPMS_NV_CERTIFY_INFO_Marshal(const TPMS_NV_CERTIFY_INFO *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->indexName, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->offset, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_MAX_NV_BUFFER_Marshal(&source->nvContents, written, buffer, size); } return rc; } /* Table 118 - Definition of (TPM_ST) TPMI_ST_ATTEST Type */ TPM_RC TSS_TPMI_ST_ATTEST_Marshal(const TPMI_ST_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ST_Marshal(source, written, buffer, size); } return rc; } /* Table 119 - Definition of TPMU_ATTEST Union */ TPM_RC TSS_TPMU_ATTEST_Marshal(const TPMU_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { case TPM_ST_ATTEST_CERTIFY: if (rc == 0) { rc = TSS_TPMS_CERTIFY_INFO_Marshal(&source->certify, written, buffer, size); } break; case TPM_ST_ATTEST_CREATION: if (rc == 0) { rc = TSS_TPMS_CREATION_INFO_Marshal(&source->creation, written, buffer, size); } break; case TPM_ST_ATTEST_QUOTE: if (rc == 0) { rc = TSS_TPMS_QUOTE_INFO_Marshal(&source->quote, written, buffer, size); } break; case TPM_ST_ATTEST_COMMAND_AUDIT: if (rc == 0) { rc = TSS_TPMS_COMMAND_AUDIT_INFO_Marshal(&source->commandAudit, written, buffer, size); } break; case TPM_ST_ATTEST_SESSION_AUDIT: if (rc == 0) { rc = TSS_TPMS_SESSION_AUDIT_INFO_Marshal(&source->sessionAudit, written, buffer, size); } break; case TPM_ST_ATTEST_TIME: if (rc == 0) { rc = TSS_TPMS_TIME_ATTEST_INFO_Marshal(&source->time, written, buffer, size); } break; case TPM_ST_ATTEST_NV: if (rc == 0) { rc = TSS_TPMS_NV_CERTIFY_INFO_Marshal(&source->nv, written, buffer, size); } break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 120 - Definition of TPMS_ATTEST Structure */ TPM_RC TSS_TPMS_ATTEST_Marshal(const TPMS_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_GENERATED_Marshal(&source->magic, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ST_ATTEST_Marshal(&source->type, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->qualifiedSigner, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->extraData, written, buffer, size); } if (rc == 0) { rc = TSS_TPMS_CLOCK_INFO_Marshal(&source->clockInfo, written, buffer, size); } if (rc == 0) { rc = TSS_UINT64_Marshal(&source->firmwareVersion, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_ATTEST_Marshal(&source->attested, written, buffer, size,source->type); } return rc; } /* Table 121 - Definition of TPM2B_ATTEST Structure */ TPM_RC TSS_TPM2B_ATTEST_Marshal(const TPM2B_ATTEST *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 122 - Definition of TPMS_AUTH_COMMAND Structure */ TPM_RC TSS_TPMS_AUTH_COMMAND_Marshal(const TPMS_AUTH_COMMAND *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_SH_AUTH_SESSION_Marshal(&source->sessionHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NONCE_Marshal(&source->nonce, written, buffer, size); } if (rc == 0) { rc = TSS_TPMA_SESSION_Marshal(&source->sessionAttributes, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->hmac, written, buffer, size); } return rc; } /* Table 124 - Definition of {AES} (TPM_KEY_BITS) TPMI_!ALG.S_KEY_BITS Type */ TPM_RC TSS_TPMI_AES_KEY_BITS_Marshal(const TPMI_AES_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_KEY_BITS_Marshal(source, written, buffer, size); } return rc; } /* Table 125 - Definition of TPMU_SYM_KEY_BITS Union */ TPM_RC TSS_TPMU_SYM_KEY_BITS_Marshal(const TPMU_SYM_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch(selector) { #ifdef TPM_ALG_AES case TPM_ALG_AES: if (rc == 0) { rc = TSS_TPMI_AES_KEY_BITS_Marshal(&source->aes, written, buffer, size); } break; #endif #ifdef TPM_ALG_SM4 case TPM_ALG_SM4: if (rc == 0) { rc = TSS_TPMI_SM4_KEY_BITS_Marshal(&source->sm4, written, buffer, size); } break; #endif #ifdef TPM_ALG_CAMELLIA case TPM_ALG_CAMELLIA: if (rc == 0) { rc = TSS_TPMI_CAMELLIA_KEY_BITS_Marshal(&source->camellia, written, buffer, size); } break; #endif #ifdef TPM_ALG_XOR case TPM_ALG_XOR: if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->xorr, written, buffer, size); } break; #endif case TPM_ALG_NULL: break; default: return rc; } return rc; } /* Table 126 - Definition of TPMU_SYM_MODE Union */ TPM_RC TSS_TPMU_SYM_MODE_Marshal(const TPMU_SYM_MODE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_AES case TPM_ALG_AES: if (rc == 0) { rc = TSS_TPMI_ALG_SYM_MODE_Marshal(&source->aes, written, buffer, size); } break; #endif #ifdef TPM_ALG_SM4 case TPM_ALG_SM4: if (rc == 0) { rc = TSS_TPMI_ALG_SYM_MODE_Marshal(&source->sm4, written, buffer, size); } break; #endif #ifdef TPM_ALG_CAMELLIA case TPM_ALG_CAMELLIA: if (rc == 0) { rc = TSS_TPMI_ALG_SYM_MODE_Marshal(&source->camellia, written, buffer, size); } break; #endif #ifdef TPM_ALG_XOR case TPM_ALG_XOR: #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 128 - Definition of TPMT_SYM_DEF Structure */ TPM_RC TSS_TPMT_SYM_DEF_Marshal(const TPMT_SYM_DEF *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_SYM_Marshal(&source->algorithm, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_SYM_KEY_BITS_Marshal(&source->keyBits, written, buffer, size, source->algorithm); } if (rc == 0) { rc = TSS_TPMU_SYM_MODE_Marshal(&source->mode, written, buffer, size, source->algorithm); } return rc; } /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ TPM_RC TSS_TPMT_SYM_DEF_OBJECT_Marshal(const TPMT_SYM_DEF_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_SYM_OBJECT_Marshal(&source->algorithm, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_SYM_KEY_BITS_Marshal(&source->keyBits, written, buffer, size, source->algorithm); } if (rc == 0) { rc = TSS_TPMU_SYM_MODE_Marshal(&source->mode, written, buffer, size, source->algorithm); } return rc; } /* Table 130 - Definition of TPM2B_SYM_KEY Structure */ TPM_RC TSS_TPM2B_SYM_KEY_Marshal(const TPM2B_SYM_KEY *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 134 - Definition of TPM2B_LABEL Structure */ TPM_RC TSS_TPM2B_LABEL_Marshal(const TPM2B_LABEL *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 131 - Definition of TPMS_SYMCIPHER_PARMS Structure */ TPM_RC TSS_TPMS_SYMCIPHER_PARMS_Marshal(const TPMS_SYMCIPHER_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMT_SYM_DEF_OBJECT_Marshal(&source->sym, written, buffer, size); } return rc; } /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure */ TPM_RC TSS_TPM2B_SENSITIVE_DATA_Marshal(const TPM2B_SENSITIVE_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure */ TPM_RC TSS_TPMS_SENSITIVE_CREATE_Marshal(const TPMS_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->userAuth, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_SENSITIVE_DATA_Marshal(&source->data, written, buffer, size); } return rc; } /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE Structure */ TPM_RC TSS_TPM2B_SENSITIVE_CREATE_Marshal(const TPM2B_SENSITIVE_CREATE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT16 sizeWritten = 0; /* of structure */ BYTE *sizePtr; if (buffer != NULL) { sizePtr = *buffer; *buffer += sizeof(UINT16); } if (rc == 0) { rc = TSS_TPMS_SENSITIVE_CREATE_Marshal(&source->sensitive, &sizeWritten, buffer, size); } if (rc == 0) { *written += sizeWritten; if (buffer != NULL) { rc = TSS_UINT16_Marshal(&sizeWritten, written, &sizePtr, size); /* backfill 2B size */ } else { *written += sizeof(UINT16); } } return rc; } /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ TPM_RC TSS_TPMS_SCHEME_HASH_Marshal(const TPMS_SCHEME_HASH *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } return rc; } /* Table 136 - Definition of {ECC} TPMS_SCHEME_ECDAA Structure */ TPM_RC TSS_TPMS_SCHEME_ECDAA_Marshal(const TPMS_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->count, written, buffer, size); } return rc; } /* Table 137 - Definition of (TPM_ALG_ID) TPMI_ALG_KEYEDHASH_SCHEME Type */ TPM_RC TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshal(const TPMI_ALG_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 138 - Definition of Types for HMAC_SIG_SCHEME */ TPM_RC TSS_TPMS_SCHEME_HMAC_Marshal(const TPMS_SCHEME_HMAC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } /* Table 139 - Definition of TPMS_SCHEME_XOR Structure */ TPM_RC TSS_TPMS_SCHEME_XOR_Marshal(const TPMS_SCHEME_XOR *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hashAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_KDF_Marshal(&source->kdf, written, buffer, size); } return rc; } /* Table 140 - Definition of TPMU_SCHEME_KEYEDHASH Union */ TPM_RC TSS_TPMU_SCHEME_KEYEDHASH_Marshal(const TPMU_SCHEME_KEYEDHASH *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: if (rc == 0) { rc = TSS_TPMS_SCHEME_HMAC_Marshal(&source->hmac, written, buffer, size); } break; #endif #ifdef TPM_ALG_XOR case TPM_ALG_XOR: if (rc == 0) { rc = TSS_TPMS_SCHEME_XOR_Marshal(&source->xorr, written, buffer, size); } break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 141 - Definition of TPMT_KEYEDHASH_SCHEME Structure */ TPM_RC TSS_TPMT_KEYEDHASH_SCHEME_Marshal(const TPMT_KEYEDHASH_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_KEYEDHASH_SCHEME_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_SCHEME_KEYEDHASH_Marshal(&source->details, written, buffer, size, source->scheme); } return rc; } /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ TPM_RC TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(const TPMS_SIG_SCHEME_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(const TPMS_SIG_SCHEME_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ TPM_RC TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(const TPMS_SIG_SCHEME_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SIG_SCHEME_SM2_Marshal(const TPMS_SIG_SCHEME_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(const TPMS_SIG_SCHEME_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } /* Table 143 - Definition of {ECC} Types for ECC Signature Schemes */ TPM_RC TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(const TPMS_SIG_SCHEME_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_ECDAA_Marshal(source, written, buffer, size); } return rc; } /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ TPM_RC TSS_TPMU_SIG_SCHEME_Marshal(const TPMU_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(&source->rsassa, written, buffer, size); } break; #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(&source->rsapss, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(&source->ecdsa, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(&source->ecdaa, written, buffer, size); } break; #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_SM2_Marshal(&source->sm2, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(&source->ecSchnorr, written, buffer, size); } break; #endif #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: if (rc == 0) { rc = TSS_TPMS_SCHEME_HMAC_Marshal(&source->hmac, written, buffer, size); } break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ TPM_RC TSS_TPMT_SIG_SCHEME_Marshal(const TPMT_SIG_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_SIG_SCHEME_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_SIG_SCHEME_Marshal(&source->details, written, buffer, size,source->scheme); } return rc; } /* Table 146 - Definition of Types for {RSA} Encryption Schemes */ TPM_RC TSS_TPMS_ENC_SCHEME_OAEP_Marshal(const TPMS_ENC_SCHEME_OAEP *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } /* Table 146 - Definition of Types for {RSA} Encryption Schemes */ TPM_RC TSS_TPMS_ENC_SCHEME_RSAES_Marshal(const TPMS_ENC_SCHEME_RSAES *source, UINT16 *written, BYTE **buffer, INT32 *size) { source = source; written = written; buffer = buffer; size = size; return 0; } /* Table 147 - Definition of Types for {ECC} ECC Key Exchange */ TPM_RC TSS_TPMS_KEY_SCHEME_ECDH_Marshal(const TPMS_KEY_SCHEME_ECDH *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_KEY_SCHEME_ECMQV_Marshal(const TPMS_KEY_SCHEME_ECMQV *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } /* Table 148 - Definition of Types for KDF Schemes, hash-based key- or mask-generation functions */ TPM_RC TSS_TPMS_SCHEME_MGF1_Marshal(const TPMS_SCHEME_MGF1 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshal(const TPMS_SCHEME_KDF1_SP800_56A *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SCHEME_KDF2_Marshal(const TPMS_SCHEME_KDF2 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SCHEME_KDF1_SP800_108_Marshal(const TPMS_SCHEME_KDF1_SP800_108 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SCHEME_HASH_Marshal(source, written, buffer, size); } return rc; } /* Table 149 - Definition of TPMU_KDF_SCHEME Union */ TPM_RC TSS_TPMU_KDF_SCHEME_Marshal(const TPMU_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_MGF1 case TPM_ALG_MGF1: if (rc == 0) { rc = TSS_TPMS_SCHEME_MGF1_Marshal(&source->mgf1, written, buffer, size); } break; #endif #ifdef TPM_ALG_KDF1_SP800_56A case TPM_ALG_KDF1_SP800_56A: if (rc == 0) { rc = TSS_TPMS_SCHEME_KDF1_SP800_56A_Marshal(&source->kdf1_SP800_56a, written, buffer, size); } break; #endif #ifdef TPM_ALG_KDF2 case TPM_ALG_KDF2: if (rc == 0) { rc = TSS_TPMS_SCHEME_KDF2_Marshal(&source->kdf2, written, buffer, size); } break; #endif #ifdef TPM_ALG_KDF1_SP800_108 case TPM_ALG_KDF1_SP800_108: if (rc == 0) { rc = TSS_TPMS_SCHEME_KDF1_SP800_108_Marshal(&source->kdf1_sp800_108, written, buffer, size); } break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 150 - Definition of TPMT_KDF_SCHEME Structure */ TPM_RC TSS_TPMT_KDF_SCHEME_Marshal(const TPMT_KDF_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_KDF_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_KDF_SCHEME_Marshal(&source->details, written, buffer, size, source->scheme); } return rc; } /* Table 152 - Definition of TPMU_ASYM_SCHEME Union */ TPM_RC TSS_TPMU_ASYM_SCHEME_Marshal(const TPMU_ASYM_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_ECDH case TPM_ALG_ECDH: if (rc == 0) { rc = TSS_TPMS_KEY_SCHEME_ECDH_Marshal(&source->ecdh, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECMQV case TPM_ALG_ECMQV: if (rc == 0) { rc = TSS_TPMS_KEY_SCHEME_ECMQV_Marshal(&source->ecmqvh, written, buffer, size); } break; #endif #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_RSASSA_Marshal(&source->rsassa, written, buffer, size); } break; #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_RSAPSS_Marshal(&source->rsapss, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_ECDSA_Marshal(&source->ecdsa, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_ECDAA_Marshal(&source->ecdaa, written, buffer, size); } break; #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_SM2_Marshal(&source->sm2, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: if (rc == 0) { rc = TSS_TPMS_SIG_SCHEME_ECSCHNORR_Marshal(&source->ecSchnorr, written, buffer, size); } break; #endif #ifdef TPM_ALG_RSAES case TPM_ALG_RSAES: if (rc == 0) { rc = TSS_TPMS_ENC_SCHEME_RSAES_Marshal(&source->rsaes, written, buffer, size); } break; #endif #ifdef TPM_ALG_OAEP case TPM_ALG_OAEP: if (rc == 0) { rc = TSS_TPMS_ENC_SCHEME_OAEP_Marshal(&source->oaep, written, buffer, size); } break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 154 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_SCHEME Type */ TPM_RC TSS_TPMI_ALG_RSA_SCHEME_Marshal(const TPMI_ALG_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ TPM_RC TSS_TPMT_RSA_SCHEME_Marshal(const TPMT_RSA_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_RSA_SCHEME_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_ASYM_SCHEME_Marshal(&source->details, written, buffer, size, source->scheme); } return rc; } /* Table 156 - Definition of (TPM_ALG_ID) {RSA} TPMI_ALG_RSA_DECRYPT Type */ TPM_RC TSS_TPMI_ALG_RSA_DECRYPT_Marshal(const TPMI_ALG_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ TPM_RC TSS_TPMT_RSA_DECRYPT_Marshal(const TPMT_RSA_DECRYPT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_RSA_DECRYPT_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_ASYM_SCHEME_Marshal(&source->details, written, buffer, size, source->scheme); } return rc; } /* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ TPM_RC TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(const TPM2B_PUBLIC_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ TPM_RC TSS_TPMI_RSA_KEY_BITS_Marshal(const TPMI_RSA_KEY_BITS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_KEY_BITS_Marshal(source, written, buffer, size); } return rc; } /* Table 160 - Definition of {RSA} TPM2B_PRIVATE_KEY_RSA Structure */ TPM_RC TSS_TPM2B_PRIVATE_KEY_RSA_Marshal(const TPM2B_PRIVATE_KEY_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 161 - Definition of {ECC} TPM2B_ECC_PARAMETER Structure */ TPM_RC TSS_TPM2B_ECC_PARAMETER_Marshal(const TPM2B_ECC_PARAMETER *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 162 - Definition of {ECC} TPMS_ECC_POINT Structure */ TPM_RC TSS_TPMS_ECC_POINT_Marshal(const TPMS_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->x, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->y, written, buffer, size); } return rc; } /* Table 163 - Definition of {ECC} TPM2B_ECC_POINT Structure */ TPM_RC TSS_TPM2B_ECC_POINT_Marshal(const TPM2B_ECC_POINT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT16 sizeWritten = 0; /* of structure */ BYTE *sizePtr; if (buffer != NULL) { sizePtr = *buffer; *buffer += sizeof(UINT16); } if (rc == 0) { rc = TSS_TPMS_ECC_POINT_Marshal(&source->point, &sizeWritten, buffer, size); } if (rc == 0) { *written += sizeWritten; if (buffer != NULL) { rc = TSS_UINT16_Marshal(&sizeWritten, written, &sizePtr, size); } else { *written += sizeof(UINT16); } } return rc; } /* Table 164 - Definition of (TPM_ALG_ID) {ECC} TPMI_ALG_ECC_SCHEME Type */ TPM_RC TSS_TPMI_ALG_ECC_SCHEME_Marshal(const TPMI_ALG_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ TPM_RC TSS_TPMI_ECC_CURVE_Marshal(const TPMI_ECC_CURVE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ECC_CURVE_Marshal(source, written, buffer, size); } return rc; } /* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ TPM_RC TSS_TPMT_ECC_SCHEME_Marshal(const TPMT_ECC_SCHEME *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_ECC_SCHEME_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_ASYM_SCHEME_Marshal(&source->details, written, buffer, size, source->scheme); } return rc; } /* Table 167 - Definition of {ECC} TPMS_ALGORITHM_DETAIL_ECC Structure */ TPM_RC TSS_TPMS_ALGORITHM_DETAIL_ECC_Marshal(const TPMS_ALGORITHM_DETAIL_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ECC_CURVE_Marshal(&source->curveID, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->keySize, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_KDF_SCHEME_Marshal(&source->kdf, written, buffer, size);; } if (rc == 0) { rc = TSS_TPMT_ECC_SCHEME_Marshal(&source->sign, written, buffer, size);; } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->p, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->a, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->b, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->gX, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->gY, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->n, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->h, written, buffer, size); } return rc; } /* Table 168 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ TPM_RC TSS_TPMS_SIGNATURE_RSA_Marshal(const TPMS_SIGNATURE_RSA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hash, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&source->sig, written, buffer, size); } return rc; } /* Table 169 - Definition of Types for {RSA} Signature */ TPM_RC TSS_TPMS_SIGNATURE_RSASSA_Marshal(const TPMS_SIGNATURE_RSASSA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SIGNATURE_RSA_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SIGNATURE_RSAPSS_Marshal(const TPMS_SIGNATURE_RSAPSS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SIGNATURE_RSA_Marshal(source, written, buffer, size); } return rc; } /* Table 170 - Definition of {ECC} TPMS_SIGNATURE_ECC Structure */ TPM_RC TSS_TPMS_SIGNATURE_ECC_Marshal(const TPMS_SIGNATURE_ECC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->hash, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->signatureR, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->signatureS, written, buffer, size); } return rc; } /* Table 171 - Definition of Types for {ECC} TPMS_SIGNATURE_ECC */ TPM_RC TSS_TPMS_SIGNATURE_ECDSA_Marshal(const TPMS_SIGNATURE_ECDSA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECC_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SIGNATURE_ECDAA_Marshal(const TPMS_SIGNATURE_ECDAA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECC_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SIGNATURE_SM2_Marshal(const TPMS_SIGNATURE_SM2 *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECC_Marshal(source, written, buffer, size); } return rc; } TPM_RC TSS_TPMS_SIGNATURE_ECSCHNORR_Marshal(const TPMS_SIGNATURE_ECSCHNORR *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECC_Marshal(source, written, buffer, size); } return rc; } /* Table 172 - Definition of TPMU_SIGNATURE Union */ TPM_RC TSS_TPMU_SIGNATURE_Marshal(const TPMU_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_RSASSA case TPM_ALG_RSASSA: if (rc == 0) { rc = TSS_TPMS_SIGNATURE_RSASSA_Marshal(&source->rsassa, written, buffer, size); } break; #endif #ifdef TPM_ALG_RSAPSS case TPM_ALG_RSAPSS: if (rc == 0) { rc = TSS_TPMS_SIGNATURE_RSAPSS_Marshal(&source->rsapss, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECDSA case TPM_ALG_ECDSA: if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECDSA_Marshal(&source->ecdsa, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECDAA case TPM_ALG_ECDAA: if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECDSA_Marshal(&source->ecdaa, written, buffer, size); } break; #endif #ifdef TPM_ALG_SM2 case TPM_ALG_SM2: if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECDSA_Marshal(&source->sm2, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECSCHNORR case TPM_ALG_ECSCHNORR: if (rc == 0) { rc = TSS_TPMS_SIGNATURE_ECDSA_Marshal(&source->ecschnorr, written, buffer, size); } break; #endif #ifdef TPM_ALG_HMAC case TPM_ALG_HMAC: if (rc == 0) { rc = TSS_TPMT_HA_Marshal(&source->hmac, written, buffer, size); } break; #endif case TPM_ALG_NULL: break; default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 173 - Definition of TPMT_SIGNATURE Structure */ TPM_RC TSS_TPMT_SIGNATURE_Marshal(const TPMT_SIGNATURE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_SIG_SCHEME_Marshal(&source->sigAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_SIGNATURE_Marshal(&source->signature, written, buffer, size, source->sigAlg); } return rc; } /* Table 175 - Definition of TPM2B_ENCRYPTED_SECRET Structure */ TPM_RC TSS_TPM2B_ENCRYPTED_SECRET_Marshal(const TPM2B_ENCRYPTED_SECRET *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ TPM_RC TSS_TPMI_ALG_PUBLIC_Marshal(const TPMI_ALG_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(source, written, buffer, size); } return rc; } /* Table 177 - Definition of TPMU_PUBLIC_ID Union */ TPM_RC TSS_TPMU_PUBLIC_ID_Marshal(const TPMU_PUBLIC_ID *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->keyedHash, written, buffer, size); } break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->sym, written, buffer, size); } break; #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: if (rc == 0) { rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&source->rsa, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: if (rc == 0) { rc = TSS_TPMS_ECC_POINT_Marshal(&source->ecc, written, buffer, size); } break; #endif default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 178 - Definition of TPMS_KEYEDHASH_PARMS Structure */ TPM_RC TSS_TPMS_KEYEDHASH_PARMS_Marshal(const TPMS_KEYEDHASH_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMT_KEYEDHASH_SCHEME_Marshal(&source->scheme, written, buffer, size); } return rc; } /* Table 180 - Definition of {RSA} TPMS_RSA_PARMS Structure */ TPM_RC TSS_TPMS_RSA_PARMS_Marshal(const TPMS_RSA_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMT_SYM_DEF_OBJECT_Marshal(&source->symmetric, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_RSA_SCHEME_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RSA_KEY_BITS_Marshal(&source->keyBits, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->exponent, written, buffer, size); } return rc; } /* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure */ TPM_RC TSS_TPMS_ECC_PARMS_Marshal(const TPMS_ECC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMT_SYM_DEF_OBJECT_Marshal(&source->symmetric, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_ECC_SCHEME_Marshal(&source->scheme, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ECC_CURVE_Marshal(&source->curveID, written, buffer, size); } if (rc == 0) { rc = TSS_TPMT_KDF_SCHEME_Marshal(&source->kdf, written, buffer, size); } return rc; } /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ TPM_RC TSS_TPMU_PUBLIC_PARMS_Marshal(const TPMU_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: if (rc == 0) { rc = TSS_TPMS_KEYEDHASH_PARMS_Marshal(&source->keyedHashDetail, written, buffer, size); } break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: if (rc == 0) { rc = TSS_TPMS_SYMCIPHER_PARMS_Marshal(&source->symDetail, written, buffer, size); } break; #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: if (rc == 0) { rc = TSS_TPMS_RSA_PARMS_Marshal(&source->rsaDetail, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: if (rc == 0) { rc = TSS_TPMS_ECC_PARMS_Marshal(&source->eccDetail, written, buffer, size); } break; #endif default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 183 - Definition of TPMT_PUBLIC_PARMS Structure */ TPM_RC TSS_TPMT_PUBLIC_PARMS_Marshal(const TPMT_PUBLIC_PARMS *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_PUBLIC_Marshal(&source->type, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_PUBLIC_PARMS_Marshal(&source->parameters, written, buffer, size, source->type); } return rc; } /* Table 184 - Definition of TPMT_PUBLIC Structure */ TPM_RC TSS_TPMT_PUBLIC_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_PUBLIC_Marshal(&source->type, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->nameAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMA_OBJECT_Marshal(&source->objectAttributes, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->authPolicy, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_PUBLIC_PARMS_Marshal(&source->parameters, written, buffer, size, source->type); } if (rc == 0) { rc = TSS_TPMU_PUBLIC_ID_Marshal(&source->unique, written, buffer, size, source->type); } return rc; } /* Table 184 - Definition of TPMT_PUBLIC Structure - special marshaling for derived object template */ TPM_RC TSS_TPMT_PUBLIC_D_Marshal(const TPMT_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMT_PUBLIC_Marshal(source, written, buffer, size); } /* if derived from a derivation parent, marshal an additional TPMS_DERIVE TPM2B_LABEL context */ if (rc == 0) { rc = TSS_TPM2B_LABEL_Marshal(&source->unique.derive.context, written, buffer, size); } return rc; } /* Table 185 - Definition of TPM2B_PUBLIC Structure */ TPM_RC TSS_TPM2B_PUBLIC_Marshal(const TPM2B_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT16 sizeWritten = 0; /* of structure */ BYTE *sizePtr; if (buffer != NULL) { sizePtr = *buffer; *buffer += sizeof(UINT16); } if (rc == 0) { rc = TSS_TPMT_PUBLIC_Marshal(&source->publicArea, &sizeWritten, buffer, size); } if (rc == 0) { *written += sizeWritten; if (buffer != NULL) { rc = TSS_UINT16_Marshal(&sizeWritten, written, &sizePtr, size); } else { *written += sizeof(UINT16); } } return rc; } TPM_RC TSS_TPM2B_TEMPLATE_Marshal(const TPM2B_TEMPLATE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 187 - Definition of TPMU_SENSITIVE_COMPOSITE Union */ TPM_RC TSS_TPMU_SENSITIVE_COMPOSITE_Marshal(const TPMU_SENSITIVE_COMPOSITE *source, UINT16 *written, BYTE **buffer, INT32 *size, UINT32 selector) { TPM_RC rc = 0; switch (selector) { #ifdef TPM_ALG_RSA case TPM_ALG_RSA: if (rc == 0) { rc = TSS_TPM2B_PRIVATE_KEY_RSA_Marshal(&source->rsa, written, buffer, size); } break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: if (rc == 0) { rc = TSS_TPM2B_ECC_PARAMETER_Marshal(&source->ecc, written, buffer, size); } break; #endif #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: if (rc == 0) { rc = TSS_TPM2B_SENSITIVE_DATA_Marshal(&source->bits, written, buffer, size); } break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: if (rc == 0) { rc = TSS_TPM2B_SYM_KEY_Marshal(&source->sym, written, buffer, size); } break; #endif default: rc = TPM_RC_SELECTOR; } return rc; } /* Table 188 - Definition of TPMT_SENSITIVE Structure */ TPM_RC TSS_TPMT_SENSITIVE_Marshal(const TPMT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_ALG_PUBLIC_Marshal(&source->sensitiveType, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_AUTH_Marshal(&source->authValue, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->seedValue, written, buffer, size); } if (rc == 0) { rc = TSS_TPMU_SENSITIVE_COMPOSITE_Marshal(&source->sensitive, written, buffer, size, source->sensitiveType); } return rc; } /* Table 189 - Definition of TPM2B_SENSITIVE Structure */ TPM_RC TSS_TPM2B_SENSITIVE_Marshal(const TPM2B_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT16 sizeWritten = 0; /* of structure */ BYTE *sizePtr; if (buffer != NULL) { sizePtr = *buffer; *buffer += sizeof(UINT16); } if (rc == 0) { rc = TSS_TPMT_SENSITIVE_Marshal(&source->t.sensitiveArea, &sizeWritten, buffer, size); } if (rc == 0) { *written += sizeWritten; if (buffer != NULL) { rc = TSS_UINT16_Marshal(&sizeWritten, written, &sizePtr, size); } else { *written += sizeof(UINT16); } } return rc; } /* Table 191 - Definition of TPM2B_PRIVATE Structure */ TPM_RC TSS_TPM2B_PRIVATE_Marshal(const TPM2B_PRIVATE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 193 - Definition of TPM2B_ID_OBJECT Structure */ TPM_RC TSS_TPM2B_ID_OBJECT_Marshal(const TPM2B_ID_OBJECT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 196 - Definition of (UINT32) TPMA_NV Bits */ TPM_RC TSS_TPMA_NV_Marshal(const TPMA_NV *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->val, written, buffer, size); } return rc; } /* Table 197 - Definition of TPMS_NV_PUBLIC Structure */ TPM_RC TSS_TPMS_NV_PUBLIC_Marshal(const TPMS_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPMI_RH_NV_INDEX_Marshal(&source->nvIndex, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_ALG_HASH_Marshal(&source->nameAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPMA_NV_Marshal(&source->attributes, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->authPolicy, written, buffer, size); } if (rc == 0) { rc = TSS_UINT16_Marshal(&source->dataSize, written, buffer, size); } return rc; } /* Table 198 - Definition of TPM2B_NV_PUBLIC Structure */ TPM_RC TSS_TPM2B_NV_PUBLIC_Marshal(const TPM2B_NV_PUBLIC *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT16 sizeWritten = 0; /* of structure */ BYTE *sizePtr; if (buffer != NULL) { sizePtr = *buffer; *buffer += sizeof(UINT16); } if (rc == 0) { rc = TSS_TPMS_NV_PUBLIC_Marshal(&source->nvPublic, &sizeWritten, buffer, size); } if (rc == 0) { *written += sizeWritten; if (buffer != NULL) { rc = TSS_UINT16_Marshal(&sizeWritten, written, &sizePtr, size); } else { *written += sizeof(UINT16); } } return rc; } /* Table 199 - Definition of TPM2B_CONTEXT_SENSITIVE Structure */ TPM_RC TSS_TPM2B_CONTEXT_SENSITIVE_Marshal(const TPM2B_CONTEXT_SENSITIVE *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 201 - Definition of TPM2B_CONTEXT_DATA Structure */ TPM_RC TSS_TPM2B_CONTEXT_DATA_Marshal(const TPM2B_CONTEXT_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPM2B_Marshal(&source->b, written, buffer, size); } return rc; } /* Table 202 - Definition of TPMS_CONTEXT Structure */ TPM_RC TSS_TPMS_CONTEXT_Marshal(const TPMS_CONTEXT *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT64_Marshal(&source->sequence, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_DH_CONTEXT_Marshal(&source->savedHandle, written, buffer, size); } if (rc == 0) { rc = TSS_TPMI_RH_HIERARCHY_Marshal(&source->hierarchy, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_CONTEXT_DATA_Marshal(&source->contextBlob, written, buffer, size); } return rc; } /* Table 204 - Definition of TPMS_CREATION_DATA Structure */ TPM_RC TSS_TPMS_CREATION_DATA_Marshal(const TPMS_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_TPML_PCR_SELECTION_Marshal(&source->pcrSelect, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DIGEST_Marshal(&source->pcrDigest, written, buffer, size); } if (rc == 0) { rc = TSS_TPMA_LOCALITY_Marshal(&source->locality, written, buffer, size); } if (rc == 0) { rc = TSS_TPM_ALG_ID_Marshal(&source->parentNameAlg, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->parentName, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_NAME_Marshal(&source->parentQualifiedName, written, buffer, size); } if (rc == 0) { rc = TSS_TPM2B_DATA_Marshal(&source->outsideInfo, written, buffer, size); } return rc; } /* Table 205 - Definition of TPM2B_CREATION_DATA Structure */ TPM_RC TSS_TPM2B_CREATION_DATA_Marshal(const TPM2B_CREATION_DATA *source, UINT16 *written, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; UINT16 sizeWritten = 0; /* of structure */ BYTE *sizePtr; if (buffer != NULL) { sizePtr = *buffer; *buffer += sizeof(UINT16); } if (rc == 0) { rc = TSS_TPMS_CREATION_DATA_Marshal(&source->creationData, &sizeWritten, buffer, size); } if (rc == 0) { *written += sizeWritten; if (buffer != NULL) { rc = TSS_UINT16_Marshal(&sizeWritten, written, &sizePtr, size); } else { *written += sizeof(UINT16); } } return rc; } ./utils/dictionaryattacklockreset.c0000644000175000017500000001427113073673132015752 0ustar lo1lo1/********************************************************************************/ /* */ /* DictionaryAttackLockReset */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: dictionaryattacklockreset.c 982 2017-04-13 13:00:10Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; DictionaryAttackLockReset_In in; const char *password = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (rc == 0) { in.lockHandle = TPM_RH_LOCKOUT; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_DictionaryAttackLockReset, sessionHandle0, password, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("dictionaryattacklockreset: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("dictionaryattacklockreset: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("dictionaryattacklockreset\n"); printf("\n"); printf("Runs TPM2_DictionaryAttackLockReset\n"); printf("\n"); printf("\t[-pwd lockout auth password (default empty)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/certify.c0000644000175000017500000002624413075204375012152 0ustar lo1lo1/********************************************************************************/ /* */ /* Certify */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: certify.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); static void printSignature(Certify_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Certify_In in; Certify_Out out; TPMI_DH_OBJECT objectHandle = 0; TPMI_DH_OBJECT signHandle = 0; TPMI_ALG_HASH halg = TPM_ALG_SHA256; const char *keyPassword = NULL; const char *objectPassword = NULL; const char *signatureFilename = NULL; const char *attestInfoFilename = NULL; const char *qualifyingDataFilename = NULL; int useRsa = 1; TPMS_ATTEST tpmsAttest; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (objectHandle == 0) { printf("Missing object handle parameter -ho\n"); printUsage(); } if (signHandle == 0) { printf("Missing sign handle parameter -hk\n"); printUsage(); } if (rc == 0) { /* Handle of key that will perform certifying */ in.objectHandle = objectHandle; in.signHandle = signHandle; if (useRsa) { /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ in.inScheme.scheme = TPM_ALG_RSASSA; /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ in.inScheme.details.rsassa.hashAlg = halg; } else { /* ecc */ in.inScheme.scheme = TPM_ALG_ECDSA; in.inScheme.details.ecdsa.hashAlg = halg; } } /* data supplied by the caller */ if (rc == 0) { if (qualifyingDataFilename != NULL) { rc = TSS_File_Read2B(&in.qualifyingData.b, sizeof(TPMT_HA), qualifyingDataFilename); } else { in.qualifyingData.t.size = 0; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Certify, sessionHandle0, objectPassword, sessionAttributes0, sessionHandle1, keyPassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { uint8_t *tmpBuffer = out.certifyInfo.t.attestationData; int32_t tmpSize = out.certifyInfo.t.size; rc = TPMS_ATTEST_Unmarshal(&tpmsAttest, &tmpBuffer, &tmpSize); if (verbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); } /* For an attestation command using the ECDAA scheme, both the qualifiedSigner and extraData fields in the attestation block (a TPMS_ATTEST) are set to be the Empty Buffer */ if ((rc == 0) && (in.inScheme.scheme != ALG_ECDAA_VALUE)) { int match; match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); if (!match) { printf("certify: failed, extraData != qualifyingData\n"); rc = EXIT_FAILURE; } } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } if ((rc == 0) && (attestInfoFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData, out.certifyInfo.t.size, attestInfoFilename); } if (rc == 0) { if (verbose) printSignature(&out); if (verbose) printf("certify: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("certify: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printSignature(Certify_Out *out) { TSS_PrintAll("Signature", out->signature.signature.rsassa.sig.t.buffer, out->signature.signature.rsassa.sig.t.size); } static void printUsage(void) { printf("\n"); printf("certify\n"); printf("\n"); printf("Runs TPM2_Certify\n"); printf("\n"); printf("\t-ho object handle\n"); printf("\t[-pwdo password for object (default empty)]\n"); printf("\t-hk certifying key handle\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-salg signature algorithm (rsa, ecc) (default rsa)]\n"); printf("\t[-qd qualifying data file name]\n"); printf("\t[-os signature file name (default do not save)]\n"); printf("\t[-oa attestation output file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/makefile.nofile0000644000175000017500000001261513125534557013315 0ustar lo1lo1################################################################################# # # # Linux TPM2 Utilities Makefile for TSS without files # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile.nofile 1034 2017-06-30 20:49:51Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # makefile to build a TSS library that does not require file read/write. # # See the documentation for limitations. # C compiler CC += /usr/bin/gcc # compile - common flags for TSS library and applications CCFLAGS += \ -DTPM_POSIX \ -DTPM_TSS_NOFILE # -DTPM_NOSOCKET # compile - for TSS library CCLFLAGS += -I. -DTPM_TSS # compile - for applications CCAFLAGS += -I. # link - common flags flags TSS library and applications LNFLAGS += -DTPM_POSIX \ -L. # link - for TSS library # This is an alternative to using the bfd linker on Ubuntu LNLFLAGS += -lcrypto # link - for applications, TSS path, TSS and OpenSSl libraries LNAFLAGS += -Wl,-rpath,. LNALIBS += -ltssmin -lcrypto # shared library LIBTSS=libtssmin.so # ALL = $(LIBTSS) TSS_HEADERS = tss2/tssfile.h # default TSS library TSS_OBJS = tsscryptoh.o \ tsscrypto.o # common to all builds include makefile-common # default build target all: writeapp signapp # TSS shared library source tss.o: $(TSS_HEADERS) tss.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tss.c tssproperties.o: $(TSS_HEADERS) tssproperties.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssproperties.c tssauth.o: $(TSS_HEADERS) tssauth.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssauth.c tssmarshal.o: $(TSS_HEADERS) tssmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssmarshal.c tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscryptoh.c tsscrypto.o: $(TSS_HEADERS) tsscrypto.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscrypto.c tssutils.o: $(TSS_HEADERS) tssutils.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssutils.c tsssocket.o: $(TSS_HEADERS) tsssocket.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsssocket.c tssdev.o: $(TSS_HEADERS) tssdev.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssdev.c tsstransmit.o: $(TSS_HEADERS) tsstransmit.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsstransmit.c tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssresponsecode.c tssccattributes.o: $(TSS_HEADERS) tssccattributes.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssccattributes.c fail.o: $(TSS_HEADERS) fail.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC fail.c tssprint.o: $(TSS_HEADERS) tssprint.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssprint.c Unmarshal.o: $(TSS_HEADERS) Unmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Unmarshal.c Commands.o: $(TSS_HEADERS) Commands.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Commands.c CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC CommandAttributeData.c ntc2lib.o: $(TSS_HEADERS) ntc2lib.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC ntc2lib.c tssntc.o: $(TSS_HEADERS) tssntc.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssntc.c # TSS shared library build $(LIBTSS): $(TSS_OBJS) $(CC) $(LNFLAGS) $(LNLFLAGS) -shared -o $(LIBTSS) $(TSS_OBJS) .PHONY: clean .PRECIOUS: %.o clean: rm -f $(TSS_OBJS) \ ekutils.o cryptoutils.o \ $(ALL) # applications signapp: tss2/tss.h signapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o ekutils.o cryptoutils.o $(LNALIBS) -o signapp writeapp: tss2/tss.h writeapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o cryptoutils.o ekutils.o $(LNALIBS) -o writeapp # for applications, not for TSS library %.o: %.c tss2/tss.h $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ ./utils/makefile.sample0000644000175000017500000003106113075663254013317 0ustar lo1lo1################################################################################# # # # Linux TPM2 Makefile Sample for Fedora Installed rpms # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile.sample 990 2017-04-19 13:31:24Z kgoldman $ # # # # (c) Copyright IBM Corporation 2014 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # This is a sample application makefile using the /usr/include and /usr/lib64 # directory paths from the Fedora rpm install. CC = /usr/bin/gcc CCFLAGS = -DTPM_POSIX \ -Wall -W -Wmissing-declarations -Wmissing-prototypes -Wnested-externs \ -ggdb -O0 -c \ -DTPM_BITFIELD_LE \ -I/usr/include/tss2 # for shared library LNFLAGS = -DTPM_POSIX \ -ggdb \ -DTPM_BITFIELD_LE \ -ltss -lcrypto # default build target ALL = activatecredential \ eventextend \ imaextend \ certify \ certifycreation \ changeeps \ changepps \ clear \ clearcontrol \ clockrateadjust \ clockset \ contextload \ contextsave \ create \ createloaded \ createprimary \ dictionaryattacklockreset \ dictionaryattackparameters \ duplicate \ eccparameters \ ecephemeral \ encryptdecrypt \ evictcontrol \ eventsequencecomplete \ flushcontext \ getcommandauditdigest \ getcapability \ getrandom \ getsessionauditdigest \ gettime \ hash \ hashsequencestart \ hierarchycontrol \ hierarchychangeauth \ hmac \ hmacstart \ import \ load \ loadexternal \ makecredential \ nvcertify \ nvchangeauth \ nvdefinespace \ nvextend \ nvglobalwritelock \ nvincrement \ nvread \ nvreadlock \ nvreadpublic \ nvsetbits \ nvundefinespace \ nvundefinespacespecial \ nvwrite \ nvwritelock \ objectchangeauth \ pcrallocate \ pcrevent \ pcrextend \ pcrread \ pcrreset \ policyauthorize \ policyauthvalue \ policycommandcode \ policycphash \ policycountertimer \ policygetdigest \ policymaker \ policymakerpcr \ policynv \ policyauthorizenv \ policynvwritten \ policypassword \ policypcr \ policyor \ policyrestart \ policysigned \ policysecret \ policytemplate \ policyticket \ powerup \ quote \ readclock \ readpublic \ returncode \ rewrap \ rsadecrypt \ rsaencrypt \ sequencecomplete \ sequenceupdate \ setprimarypolicy \ shutdown \ sign \ startauthsession \ startup \ stirrandom \ unseal \ verifysignature \ \ signapp \ writeapp \ createek all: $(ALL) .PHONY: clean .PRECIOUS: %.o clean: rm -f *.o \ $(ALL) # applications activatecredential: activatecredential.o $(CC) $(LNFLAGS) activatecredential.o -o activatecredential eventextend: eventextend.o eventlib.o $(CC) $(LNFLAGS) eventextend.o eventlib.o -o eventextend imaextend: imaextend.o imalib.o $(CC) $(LNFLAGS) imaextend.o imalib.o -o imaextend certify: certify.o $(CC) $(LNFLAGS) certify.o -o certify certifycreation: certifycreation.o $(CC) $(LNFLAGS) certifycreation.o -o certifycreation changeeps: changeeps.o $(CC) $(LNFLAGS) changeeps.o -o changeeps changepps: changepps.o $(CC) $(LNFLAGS) changepps.o -o changepps clear: clear.o $(CC) $(LNFLAGS) clear.o -o clear clearcontrol: clearcontrol.o $(CC) $(LNFLAGS) clearcontrol.o -o clearcontrol clockrateadjust: clockrateadjust.o $(CC) $(LNFLAGS) clockrateadjust.o -o clockrateadjust clockset: clockset.o $(CC) $(LNFLAGS) clockset.o -o clockset commit: commit.o $(CC) $(LNFLAGS) commit.o -o commit contextload: contextload.o $(CC) $(LNFLAGS) contextload.o -o contextload contextsave: contextsave.o $(CC) $(LNFLAGS) contextsave.o -o contextsave create: create.o cryptoutils.o $(CC) $(LNFLAGS) create.o cryptoutils.o -o create createloaded: createloaded.o cryptoutils.o $(CC) $(LNFLAGS) createloaded.o cryptoutils.o -o createloaded createprimary: createprimary.o cryptoutils.o $(CC) $(LNFLAGS) createprimary.o cryptoutils.o -o createprimary dictionaryattacklockreset: dictionaryattacklockreset.o $(CC) $(LNFLAGS) dictionaryattacklockreset.o -o dictionaryattacklockreset dictionaryattackparameters: dictionaryattackparameters.o $(CC) $(LNFLAGS) dictionaryattackparameters.o -o dictionaryattackparameters duplicate: duplicate.o $(CC) $(LNFLAGS) duplicate.o -o duplicate eccparameters: eccparameters.o $(CC) $(LNFLAGS) eccparameters.o -o eccparameters ecephemeral: ecephemeral.o $(CC) $(LNFLAGS) ecephemeral.o -o ecephemeral encryptdecrypt: encryptdecrypt.o $(CC) $(LNFLAGS) encryptdecrypt.o -o encryptdecrypt eventsequencecomplete: eventsequencecomplete.o $(CC) $(LNFLAGS) eventsequencecomplete.o -o eventsequencecomplete evictcontrol: evictcontrol.o $(CC) $(LNFLAGS) evictcontrol.o -o evictcontrol flushcontext: flushcontext.o $(CC) $(LNFLAGS) flushcontext.o -o flushcontext getcommandauditdigest: getcommandauditdigest.o $(CC) $(LNFLAGS) getcommandauditdigest.o -o getcommandauditdigest getcapability: getcapability.o $(CC) $(LNFLAGS) getcapability.o -o getcapability getrandom: getrandom.o $(CC) $(LNFLAGS) getrandom.o -o getrandom getsessionauditdigest: getsessionauditdigest.o $(CC) $(LNFLAGS) getsessionauditdigest.o -o getsessionauditdigest gettime: gettime.o $(CC) $(LNFLAGS) gettime.o -o gettime hashsequencestart: hashsequencestart.o $(CC) $(LNFLAGS) hashsequencestart.o -o hashsequencestart hash: hash.o $(CC) $(LNFLAGS) hash.o -o hash hierarchycontrol: hierarchycontrol.o $(CC) $(LNFLAGS) hierarchycontrol.o -o hierarchycontrol hierarchychangeauth: hierarchychangeauth.o $(CC) $(LNFLAGS) hierarchychangeauth.o -o hierarchychangeauth hmac: hmac.o $(CC) $(LNFLAGS) hmac.o -o hmac hmacstart: hmacstart.o $(CC) $(LNFLAGS) hmacstart.o -o hmacstart import: import.o $(CC) $(LNFLAGS) import.o -o import load: load.o $(CC) $(LNFLAGS) load.o -o load loadexternal: loadexternal.o $(CC) $(LNFLAGS) loadexternal.o -o loadexternal makecredential: makecredential.o $(CC) $(LNFLAGS) makecredential.o -o makecredential nvcertify: nvcertify.o $(CC) $(LNFLAGS) nvcertify.o -o nvcertify nvchangeauth: nvchangeauth.o $(CC) $(LNFLAGS) nvchangeauth.o -o nvchangeauth nvdefinespace: nvdefinespace.o $(CC) $(LNFLAGS) nvdefinespace.o -o nvdefinespace nvextend: nvextend.o $(CC) $(LNFLAGS) nvextend.o -o nvextend nvglobalwritelock: nvglobalwritelock.o $(CC) $(LNFLAGS) nvglobalwritelock.o -o nvglobalwritelock nvincrement: nvincrement.o $(CC) $(LNFLAGS) nvincrement.o -o nvincrement nvread: nvread.o ekutils.o $(CC) $(LNFLAGS) nvread.o ekutils.o -o nvread nvreadlock: nvreadlock.o $(CC) $(LNFLAGS) nvreadlock.o -o nvreadlock nvreadpublic: nvreadpublic.o $(CC) $(LNFLAGS) nvreadpublic.o -o nvreadpublic nvsetbits: nvsetbits.o $(CC) $(LNFLAGS) nvsetbits.o -o nvsetbits nvundefinespace: nvundefinespace.o $(CC) $(LNFLAGS) nvundefinespace.o -o nvundefinespace nvundefinespacespecial: nvundefinespacespecial.o $(CC) $(LNFLAGS) nvundefinespacespecial.o -o nvundefinespacespecial nvwrite: nvwrite.o ekutils.o $(CC) $(LNFLAGS) nvwrite.o ekutils.o -o nvwrite nvwritelock: nvwritelock.o $(CC) $(LNFLAGS) nvwritelock.o -o nvwritelock objectchangeauth: objectchangeauth.o $(CC) $(LNFLAGS) objectchangeauth.o -o objectchangeauth pcrallocate: pcrallocate.o $(CC) $(LNFLAGS) pcrallocate.o -o pcrallocate pcrevent: pcrevent.o $(CC) $(LNFLAGS) pcrevent.o -o pcrevent pcrextend: pcrextend.o $(CC) $(LNFLAGS) pcrextend.o -o pcrextend pcrread: pcrread.o $(CC) $(LNFLAGS) pcrread.o -o pcrread pcrreset: pcrreset.o $(CC) $(LNFLAGS) pcrreset.o -o pcrreset policyauthorize: policyauthorize.o $(CC) $(LNFLAGS) policyauthorize.o -o policyauthorize policyauthvalue: policyauthvalue.o $(CC) $(LNFLAGS) policyauthvalue.o -o policyauthvalue policycommandcode: policycommandcode.o $(CC) $(LNFLAGS) policycommandcode.o -o policycommandcode policycphash: policycphash.o $(CC) $(LNFLAGS) policycphash.o -o policycphash policycountertimer : policycountertimer.o $(CC) $(LNFLAGS) policycountertimer.o -o policycountertimer policygetdigest: policygetdigest.o $(CC) $(LNFLAGS) policygetdigest.o -o policygetdigest policymaker: policymaker.o $(CC) $(LNFLAGS) policymaker.o -o policymaker policymakerpcr: policymakerpcr.o $(CC) $(LNFLAGS) policymakerpcr.o -o policymakerpcr policynv: policynv.o $(CC) $(LNFLAGS) policynv.o -o policynv policyauthorizenv: policyauthorizenv.o $(CC) $(LNFLAGS) policyauthorizenv.o -o policyauthorizenv policynvwritten: policynvwritten.o $(CC) $(LNFLAGS) policynvwritten.o -o policynvwritten policyor: policyor.o $(CC) $(LNFLAGS) policyor.o -o policyor policypassword: policypassword.o $(CC) $(LNFLAGS) policypassword.o -o policypassword policypcr: policypcr.o $(CC) $(LNFLAGS) policypcr.o -o policypcr policyrestart: policyrestart.o $(CC) $(LNFLAGS) policyrestart.o -o policyrestart policysigned: policysigned.o $(CC) $(LNFLAGS) policysigned.o -o policysigned policysecret: policysecret.o $(CC) $(LNFLAGS) policysecret.o -o policysecret policytemplate: policytemplate.o $(CC) $(LNFLAGS) policytemplate.o -o policytemplate policyticket: policyticket.o $(CC) $(LNFLAGS) policyticket.o -o policyticket quote: quote.o $(CC) $(LNFLAGS) quote.o -o quote powerup: powerup.o $(CC) $(LNFLAGS) powerup.o -o powerup readclock: readclock.o $(CC) $(LNFLAGS) readclock.o -o readclock readpublic: readpublic.o cryptoutils.o $(CC) $(LNFLAGS) readpublic.o cryptoutils.o -o readpublic returncode: returncode.o $(CC) $(LNFLAGS) returncode.o -o returncode rewrap: rewrap.o $(CC) $(LNFLAGS) rewrap.o -o rewrap rsadecrypt: rsadecrypt.o $(CC) $(LNFLAGS) rsadecrypt.o -o rsadecrypt rsaencrypt: rsaencrypt.o $(CC) $(LNFLAGS) rsaencrypt.o -o rsaencrypt sequenceupdate: sequenceupdate.o $(CC) $(LNFLAGS) sequenceupdate.o -o sequenceupdate sequencecomplete: sequencecomplete.o $(CC) $(LNFLAGS) sequencecomplete.o -o sequencecomplete setprimarypolicy: setprimarypolicy.o $(CC) $(LNFLAGS) setprimarypolicy.o -o setprimarypolicy shutdown: shutdown.o $(CC) $(LNFLAGS) shutdown.o -o shutdown sign: sign.o $(CC) $(LNFLAGS) sign.o -o sign startauthsession: startauthsession.o $(CC) $(LNFLAGS) startauthsession.o -o startauthsession startup: startup.o $(CC) $(LNFLAGS) startup.o -o startup stirrandom: stirrandom.o $(CC) $(LNFLAGS) stirrandom.o -o stirrandom unseal: unseal.o $(CC) $(LNFLAGS) unseal.o -o unseal verifysignature: verifysignature.o cryptoutils.o $(CC) $(LNFLAGS) verifysignature.o cryptoutils.o -o verifysignature signapp: signapp.o $(CC) $(LNFLAGS) signapp.o -o signapp writeapp: writeapp.o $(CC) $(LNFLAGS) writeapp.o -o writeapp createek: createek.o ekutils.o $(CC) $(LNFLAGS) createek.o ekutils.o -o createek # object files %.o: %.c $(CC) $(CCFLAGS) $< -o $@ ./utils/policysigned.c0000644000175000017500000003137713105653333013175 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicySigned */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policysigned.c 1009 2017-05-13 18:56:27Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #include #include #include #include #include #include static void printUsage(void); static TPM_RC signAHash(TPM2B_PUBLIC_KEY_RSA *signature, TPMT_HA *aHash, const char *signingKeyFilename, const char *signingKeyPassword); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicySigned_In in; PolicySigned_Out out; TPMI_DH_OBJECT authObject = 0; TPMI_SH_POLICY policySession = 0; const char *nonceTPMFilename = NULL; const char *cpHashAFilename = NULL; const char *policyRefFilename = NULL; const char *ticketFilename = NULL; const char *timeoutFilename = NULL; INT32 expiration = 0; const char *signingKeyFilename = NULL; const char *signingKeyPassword = NULL; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMT_HA aHash; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); OpenSSL_add_all_algorithms(); ERR_load_crypto_strings(); /* command line argument defaults */ in.nonceTPM.b.size = 0; /* three of the components to aHash are optional */ in.cpHashA.b.size = 0; in.policyRef.b.size = 0; for (i=1 ; (ihashAlg); #if 0 if (verbose) { TSS_PrintAll("signAHash: aHash", (uint8_t *)(&aHash->digest), sizeInBytes); } #endif } /* map the hash algorithm to the openssl NID */ if (rc == 0) { switch (aHash->hashAlg) { case TPM_ALG_SHA256: nid = NID_sha256; break; case TPM_ALG_SHA1: nid = NID_sha1; break; default: printf("signAHash: Error, hash algorithm %04hx unsupported\n", aHash->hashAlg); rc = -1; } } /* read the PEM format private key into the OpenSSL structure */ if (rc == 0) { keyFile = fopen(signingKeyFilename, "r"); if (keyFile == NULL) { printf("signAHash: Error opening %s\n", signingKeyFilename); rc = -1; } } if (rc == 0) { rsaKey = PEM_read_RSAPrivateKey(keyFile, NULL, NULL, (void *)signingKeyPassword); if (rsaKey == NULL) { printf("signAHash: Error in OpenSSL PEM_read_RSAPrivateKey()\n"); ERR_print_errors_fp(stdout); rc = -1; } } /* validate that the length of the resulting signature will fit in the TPMT_SIGNATURE->TPMU_SIGNATURE->TPMS_SIGNATURE_RSASSA-> TPMS_SIGNATURE_RSA->TPM2B_PUBLIC_KEY_RSA structure */ if (rc == 0) { unsigned int keySize = RSA_size(rsaKey); if (keySize > sizeof(signature->t.buffer)) { printf("signAHash: Error, private key length %u > signature buffer %u\n", keySize, (unsigned int) sizeof(signature->t.buffer)); rc = -1; } } if (rc == 0) { irc = RSA_sign(nid, (uint8_t *)(&aHash->digest), sizeInBytes, signature->t.buffer, &length, rsaKey); if (irc != 1) { printf("signAHash: Error in OpenSSL RSA_sign()\n"); ERR_print_errors_fp(stdout); rc = -1; } } if (rc == 0) { signature->t.size = length; /* length of RSA key checked above */ #if 0 if (verbose) TSS_PrintAll("signAHash: signature", signature->t.buffer, signature->t.size); #endif } if (keyFile != NULL) { fclose(keyFile); } if (rsaKey != NULL) { RSA_free(rsaKey); } return rc; } static void printUsage(void) { printf("\n"); printf("policysigned\n"); printf("\n"); printf("Runs TPM2_PolicySigned\n"); printf("\n"); printf("\t-hk signature verification key handle\n"); printf("\t-ha policy session handle\n"); printf("\t-in nonceTPM file (default none)\n"); printf("\t-cp cpHash file (default none)\n"); printf("\t-pref policyRef file (default none)\n"); printf("\t-exp expiration in decimal (default none)\n"); printf("\t-halg (sha1, sha256) (default sha256)\n"); printf("\t-sk RSA signing key file name (PEM format)\n"); printf("\t\tThis utility uses this signing key.\n"); printf("\t\tA real application might use a smart card or other HSM.\n"); printf("\t-pwdk signing key password (default null)\n"); printf("\t[-tk ticket file name]\n"); printf("\t[-to timeout file name]\n"); exit(1); } ./utils/cryptoutils.c0000644000175000017500000011674513116556216013114 0ustar lo1lo1/********************************************************************************/ /* */ /* OpenSSL Crypto Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: cryptoutils.c 1018 2017-06-09 17:36:14Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* These functions are worthwhile sample code that probably (judgment call) do not belong in the TSS library. They show how to convert public or private EC or RSA among PEM format <-> EVP format <-> EC_KEY or RSA format <-> binary arrays <-> TPM format TPM2B_PRIVATE, TPM2B_SENSITIVE, TPM2B_PUBLIC usable for loadexternal or import. There are functions to convert public keys from TPM <-> RSA <-> PEM, and to verify a TPM signature using a PEM format public key. */ #include #include #include #include #include #include #include #include #include #ifndef TPM_TSS_NOFILE #include #endif #include #include #include #include #include "objecttemplates.h" #include "cryptoutils.h" extern int verbose; #ifndef TPM_TSS_NOFILE /* convertPemToEvpPrivKey() converts a PEM key file to an openssl EVP_PKEY key pair */ TPM_RC convertPemToEvpPrivKey(EVP_PKEY **evpPkey, /* freed by caller */ const char *pemKeyFilename, const char *password) { TPM_RC rc = 0; FILE *pemKeyFile = NULL; if (rc == 0) { rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); /* closed @2 */ } if (rc == 0) { *evpPkey = PEM_read_PrivateKey(pemKeyFile, NULL, NULL, (void *)password); if (*evpPkey == NULL) { printf("convertPemToEvpPrivKey: Error reading key file %s\n", pemKeyFilename); rc = EXIT_FAILURE; } } if (pemKeyFile != NULL) { fclose(pemKeyFile); /* @2 */ } return rc; } #endif #ifndef TPM_TSS_NOFILE /* convertPemToEvpPubKey() converts a PEM public key file to an openssl EVP_PKEY public key */ TPM_RC convertPemToEvpPubKey(EVP_PKEY **evpPkey, /* freed by caller */ const char *pemKeyFilename) { TPM_RC rc = 0; FILE *pemKeyFile = NULL; if (rc == 0) { rc = TSS_File_Open(&pemKeyFile, pemKeyFilename, "rb"); /* closed @2 */ } if (rc == 0) { *evpPkey = PEM_read_PUBKEY(pemKeyFile, NULL, NULL, NULL); if (*evpPkey == NULL) { printf("convertPemToEvpPubKey: Error reading key file %s\n", pemKeyFilename); rc = EXIT_FAILURE; } } if (pemKeyFile != NULL) { fclose(pemKeyFile); /* @2 */ } return rc; } #endif /* convertEvpPkeyToEckey retrieves the EC_KEY key token from the EVP_PKEY */ TPM_RC convertEvpPkeyToEckey(EC_KEY **ecKey, /* freed by caller */ EVP_PKEY *evpPkey) { TPM_RC rc = 0; if (rc == 0) { *ecKey = EVP_PKEY_get1_EC_KEY(evpPkey); if (*ecKey == NULL) { printf("convertEvpPkeyToEckey: Error extracting EC key from EVP_PKEY\n"); rc = EXIT_FAILURE; } } return rc; } /* convertEvpPkeyToRsakey() retrieves the RSA key token from the EVP_PKEY */ TPM_RC convertEvpPkeyToRsakey(RSA **rsaKey, /* freed by caller */ EVP_PKEY *evpPkey) { TPM_RC rc = 0; if (rc == 0) { *rsaKey = EVP_PKEY_get1_RSA(evpPkey); if (*rsaKey == NULL) { printf("convertEvpPkeyToRsakey: EVP_PKEY_get1_RSA failed\n"); rc = EXIT_FAILURE; } } return rc; } /* convertEcKeyToPrivateKeyBin() converts an OpenSSL EC_KEY to a binary array */ TPM_RC convertEcKeyToPrivateKeyBin(int *privateKeyBytes, uint8_t **privateKeyBin, /* freed by caller */ const EC_KEY *ecKey) { TPM_RC rc = 0; const BIGNUM *privateKeyBn; /* get the ECC private key as a BIGNUM */ if (rc == 0) { privateKeyBn = EC_KEY_get0_private_key(ecKey); } /* allocate a buffer for the private key array */ if (rc == 0) { *privateKeyBytes = BN_num_bytes(privateKeyBn); rc = TSS_Malloc(privateKeyBin, *privateKeyBytes); } /* convert the private key bignum to binary */ if (rc == 0) { BN_bn2bin(privateKeyBn, *privateKeyBin); if (verbose) TSS_PrintAll("convertEcKeyToPrivateKeyBin:", *privateKeyBin, *privateKeyBytes); } return rc; } /* convertRsaKeyToPrivateKeyBin() converts an OpenSSL RSA key token private prime p to a binary array */ TPM_RC convertRsaKeyToPrivateKeyBin(int *privateKeyBytes, uint8_t **privateKeyBin, /* freed by caller */ const RSA *rsaKey) { TPM_RC rc = 0; const BIGNUM *p; const BIGNUM *q; /* get the private primes */ if (rc == 0) { rc = getRsaKeyParts(NULL, NULL, NULL, &p, &q, rsaKey); } /* allocate a buffer for the private key array */ if (rc == 0) { *privateKeyBytes = BN_num_bytes(p); rc = TSS_Malloc(privateKeyBin, *privateKeyBytes); } /* convert the private key bignum to binary */ if (rc == 0) { BN_bn2bin(p, *privateKeyBin); } return rc; } /* convertEcKeyToPublicKeyBin() converts an OpenSSL EC_KEY public key token to a binary array */ TPM_RC convertEcKeyToPublicKeyBin(int *modulusBytes, uint8_t **modulusBin, /* freed by caller */ const EC_KEY *ecKey) { TPM_RC rc = 0; const EC_POINT *ecPoint; const EC_GROUP *ecGroup; if (rc == 0) { ecPoint = EC_KEY_get0_public_key(ecKey); if (ecPoint == NULL) { printf("convertEcKeyToPublicKeyBin: Error extracting EC point from EC public key\n"); rc = EXIT_FAILURE; } } if (rc == 0) { ecGroup = EC_KEY_get0_group(ecKey); if (ecGroup == NULL) { printf("convertEcKeyToPublicKeyBin: Error extracting EC group from EC public key\n"); rc = EXIT_FAILURE; } } /* get the public modulus */ if (rc == 0) { *modulusBytes = EC_POINT_point2oct(ecGroup, ecPoint, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); } if (rc == 0) { rc = TSS_Malloc(modulusBin, *modulusBytes); } if (rc == 0) { EC_POINT_point2oct(ecGroup, ecPoint, POINT_CONVERSION_UNCOMPRESSED, *modulusBin, *modulusBytes, NULL); if (verbose) TSS_PrintAll("convertEcKeyToPublicKeyBin:", *modulusBin, *modulusBytes); } return rc; } /* convertRsaKeyToPublicKeyBin() converts from an openssl RSA key token to a public modulus */ TPM_RC convertRsaKeyToPublicKeyBin(int *modulusBytes, uint8_t **modulusBin, /* freed by caller */ const RSA *rsaKey) { TPM_RC rc = 0; const BIGNUM *n; const BIGNUM *e; const BIGNUM *d; /* get the public modulus from the RSA key token */ if (rc == 0) { rc = getRsaKeyParts(&n, &e, &d, NULL, NULL, rsaKey); } if (rc == 0) { *modulusBytes = BN_num_bytes(n); } if (rc == 0) { rc = TSS_Malloc(modulusBin, *modulusBytes); } if (rc == 0) { BN_bn2bin(n, *modulusBin); } return rc; } TPM_RC convertEcPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, int privateKeyBytes, uint8_t *privateKeyBin, const char *password) { TPM_RC rc = 0; TPMT_SENSITIVE tSensitive; TPM2B_SENSITIVE bSensitive; /* In some cases, the sensitive data is not encrypted and the integrity value is not present. When an integrity value is not needed, it is not present and it is not represented by an Empty Buffer. In this case, the TPM2B_PRIVATE will just be a marshaled TPM2B_SENSITIVE, which is a marshaled TPMT_SENSITIVE */ /* construct TPMT_SENSITIVE */ if (rc == 0) { /* This shall be the same as the type parameter of the associated public area. */ tSensitive.sensitiveType = TPM_ALG_ECC; tSensitive.seedValue.b.size = 0; /* key password converted to TPM2B */ rc = TSS_TPM2B_StringCopy(&tSensitive.authValue.b, password, sizeof(TPMU_HA)); } if (rc == 0) { if (privateKeyBytes > 32) { /* hard code NISTP256 */ printf("convertEcPrivateKeyBinToPrivate: Error, private key size %u not 32\n", privateKeyBytes); rc = EXIT_FAILURE; } } if (rc == 0) { tSensitive.sensitive.ecc.t.size = privateKeyBytes; memcpy(tSensitive.sensitive.ecc.t.buffer, privateKeyBin, privateKeyBytes); } /* FIXME common code for EC and RSA */ /* marshal the TPMT_SENSITIVE into a TPM2B_SENSITIVE */ if (rc == 0) { int32_t size = sizeof(bSensitive.t.sensitiveArea); /* max size */ uint8_t *buffer = bSensitive.b.buffer; /* pointer that can move */ bSensitive.t.size = 0; /* required before marshaling */ rc = TSS_TPMT_SENSITIVE_Marshal(&tSensitive, &bSensitive.b.size, /* marshaled size */ &buffer, /* marshal here */ &size); /* max size */ } /* marshal the TPM2B_SENSITIVE (as a TPM2B_PRIVATE, see above) into a TPM2B_PRIVATE */ if (rc == 0) { int32_t size = sizeof(objectPrivate->t.buffer); /* max size */ uint8_t *buffer = objectPrivate->t.buffer; /* pointer that can move */ objectPrivate->t.size = 0; /* required before marshaling */ rc = TSS_TPM2B_PRIVATE_Marshal((TPM2B_PRIVATE *)&bSensitive, &objectPrivate->t.size, /* marshaled size */ &buffer, /* marshal here */ &size); /* max size */ } return rc; } /* convertRsaPrivateKeyBinToPrivate() converts an RSA prime 'privateKeyBin' to either a TPM2B_PRIVATE or a TPM2B_SENSITIVE */ TPM_RC convertRsaPrivateKeyBinToPrivate(TPM2B_PRIVATE *objectPrivate, TPM2B_SENSITIVE *objectSensitive, int privateKeyBytes, uint8_t *privateKeyBin, const char *password) { TPM_RC rc = 0; TPMT_SENSITIVE tSensitive; TPM2B_SENSITIVE bSensitive; if (rc == 0) { if (((objectPrivate == NULL) && (objectSensitive == NULL)) || ((objectPrivate != NULL) && (objectSensitive != NULL))) { printf("convertRsaPrivateKeyBinToPrivate: Only one result supported\n"); rc = EXIT_FAILURE; } } /* In some cases, the sensitive data is not encrypted and the integrity value is not present. When an integrity value is not needed, it is not present and it is not represented by an Empty Buffer. In this case, the TPM2B_PRIVATE will just be a marshaled TPM2B_SENSITIVE, which is a marshaled TPMT_SENSITIVE */ /* construct TPMT_SENSITIVE */ if (rc == 0) { /* This shall be the same as the type parameter of the associated public area. */ tSensitive.sensitiveType = TPM_ALG_RSA; tSensitive.seedValue.b.size = 0; /* key password converted to TPM2B */ rc = TSS_TPM2B_StringCopy(&tSensitive.authValue.b, password, sizeof(TPMU_HA)); } if (rc == 0) { if ((size_t)privateKeyBytes > sizeof(tSensitive.sensitive.rsa.t.buffer)) { printf("convertRsaPrivateKeyBinToPrivate: " "Error, private key modulus %d greater than %lu\n", privateKeyBytes, (unsigned long)sizeof(tSensitive.sensitive.rsa.t.buffer)); rc = EXIT_FAILURE; } } if (rc == 0) { tSensitive.sensitive.rsa.t.size = privateKeyBytes; memcpy(tSensitive.sensitive.rsa.t.buffer, privateKeyBin, privateKeyBytes); } /* FIXME common code for EC and RSA */ /* marshal the TPMT_SENSITIVE into a TPM2B_SENSITIVE */ if (rc == 0) { if (objectPrivate != NULL) { int32_t size = sizeof(bSensitive.t.sensitiveArea); /* max size */ uint8_t *buffer = bSensitive.b.buffer; /* pointer that can move */ bSensitive.t.size = 0; /* required before marshaling */ rc = TSS_TPMT_SENSITIVE_Marshal(&tSensitive, &bSensitive.b.size, /* marshaled size */ &buffer, /* marshal here */ &size); /* max size */ } else { /* return TPM2B_SENSITIVE */ objectSensitive->t.sensitiveArea = tSensitive; } } /* marshal the TPM2B_SENSITIVE (as a TPM2B_PRIVATE, see above) into a TPM2B_PRIVATE */ if (rc == 0) { if (objectPrivate != NULL) { int32_t size = sizeof(objectPrivate->t.buffer); /* max size */ uint8_t *buffer = objectPrivate->t.buffer; /* pointer that can move */ objectPrivate->t.size = 0; /* required before marshaling */ rc = TSS_TPM2B_PRIVATE_Marshal((TPM2B_PRIVATE *)&bSensitive, &objectPrivate->t.size, /* marshaled size */ &buffer, /* marshal here */ &size); /* max size */ } } return rc; } TPM_RC convertEcPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, int modulusBytes, uint8_t *modulusBin) { TPM_RC rc = 0; if (rc == 0) { if (modulusBytes != 65) { /* 1 for compression + 32 + 32 */ printf("convertEcPublicKeyBinToPublic: public modulus expected 65 bytes, actual %u\n", modulusBytes); rc = EXIT_FAILURE; } } if (rc == 0) { /* Table 184 - Definition of TPMT_PUBLIC Structure */ objectPublic->publicArea.type = TPM_ALG_ECC; objectPublic->publicArea.nameAlg = nalg; objectPublic->publicArea.objectAttributes.val = TPMA_OBJECT_NODA; objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; if (keyType == TYPE_SI) { objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN; } else { objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT; } objectPublic->publicArea.authPolicy.t.size = 0; /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ objectPublic->publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; if (keyType == TYPE_SI) { objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; } else { objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; } /* or always use ECDSA (sample code) */ objectPublic->publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; /* Table 152 - Definition of TPMU_ASYM_SCHEME Union */ objectPublic->publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = halg; objectPublic->publicArea.parameters.eccDetail.curveID = TPM_ECC_NIST_P256; objectPublic->publicArea.parameters.eccDetail.kdf.scheme = TPM_ALG_NULL; objectPublic->publicArea.parameters.eccDetail.kdf.details.mgf1.hashAlg = halg; objectPublic->publicArea.unique.ecc.x.t.size = 32; memcpy(objectPublic->publicArea.unique.ecc.x.t.buffer, modulusBin +1, 32); objectPublic->publicArea.unique.ecc.y.t.size = 32; memcpy(objectPublic->publicArea.unique.ecc.y.t.buffer, modulusBin +33, 32); } return rc; } /* convertRsaPublicKeyBinToPublic() converts a public modulus to a TPM2B_PUBLIC structure. */ TPM_RC convertRsaPublicKeyBinToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, int modulusBytes, uint8_t *modulusBin) { TPM_RC rc = 0; if (rc == 0) { if ((size_t)modulusBytes > sizeof(objectPublic->publicArea.unique.rsa.t.buffer)) { printf("convertRsaPublicKeyBinToPublic: Error, " "public key modulus %d greater than %lu\n", modulusBytes, (unsigned long)sizeof(objectPublic->publicArea.unique.rsa.t.buffer)); rc = EXIT_FAILURE; } } if (rc == 0) { /* Table 184 - Definition of TPMT_PUBLIC Structure */ objectPublic->publicArea.type = TPM_ALG_RSA; objectPublic->publicArea.nameAlg = nalg; objectPublic->publicArea.objectAttributes.val = TPMA_OBJECT_NODA; objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_USERWITHAUTH; if (keyType == TYPE_SI) { objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_SIGN; } else { objectPublic->publicArea.objectAttributes.val |= TPMA_OBJECT_DECRYPT; } objectPublic->publicArea.authPolicy.t.size = 0; /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ objectPublic->publicArea.parameters.rsaDetail.symmetric.algorithm = TPM_ALG_NULL; if (keyType == TYPE_SI) { objectPublic->publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_RSASSA; } else { objectPublic->publicArea.parameters.rsaDetail.scheme.scheme = TPM_ALG_NULL; } objectPublic->publicArea.parameters.rsaDetail.scheme.details.rsassa.hashAlg = halg; objectPublic->publicArea.parameters.rsaDetail.keyBits = modulusBytes * 8; objectPublic->publicArea.parameters.rsaDetail.exponent = 0; objectPublic->publicArea.unique.rsa.t.size = modulusBytes; memcpy(objectPublic->publicArea.unique.rsa.t.buffer, modulusBin, modulusBytes); } return rc; } /* convertEcKeyToPrivate() converts an EC_KEY to a TPM2B_PRIVATE */ TPM_RC convertEcKeyToPrivate(TPM2B_PRIVATE *objectPrivate, EC_KEY *ecKey, const char *password) { TPM_RC rc = 0; int privateKeyBytes; uint8_t *privateKeyBin = NULL; if (rc == 0) { rc = convertEcKeyToPrivateKeyBin(&privateKeyBytes, &privateKeyBin, /* freed @1 */ ecKey); } if (rc == 0) { rc = convertEcPrivateKeyBinToPrivate(objectPrivate, privateKeyBytes, privateKeyBin, password); } free(privateKeyBin); /* @1 */ return rc; } /* convertRsaKeyToPrivate() converts an openssl RSA key token to either a TPM2B_PRIVATE or TPM2B_SENSITIVE */ TPM_RC convertRsaKeyToPrivate(TPM2B_PRIVATE *objectPrivate, TPM2B_SENSITIVE *objectSensitive, RSA *rsaKey, const char *password) { TPM_RC rc = 0; int privateKeyBytes; uint8_t *privateKeyBin = NULL; /* convert an openssl RSA key token private prime p to a binary array */ if (rc == 0) { rc = convertRsaKeyToPrivateKeyBin(&privateKeyBytes, &privateKeyBin, /* freed @1 */ rsaKey); } /* convert an RSA prime 'privateKeyBin' to either a TPM2B_PRIVATE or a TPM2B_SENSITIVE */ if (rc == 0) { rc = convertRsaPrivateKeyBinToPrivate(objectPrivate, objectSensitive, privateKeyBytes, privateKeyBin, password); } free(privateKeyBin); /* @1 */ return rc; } TPM_RC convertEcKeyToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, EC_KEY *ecKey) { TPM_RC rc = 0; int modulusBytes; uint8_t *modulusBin = NULL; if (rc == 0) { rc = convertEcKeyToPublicKeyBin(&modulusBytes, &modulusBin, /* freed @1 */ ecKey); } if (rc == 0) { rc = convertEcPublicKeyBinToPublic(objectPublic, keyType, nalg, halg, modulusBytes, modulusBin); } free(modulusBin); /* @1 */ return rc; } /* convertRsaKeyToPublic() converts from an openssl RSA key token to a TPM2B_PUBLIC */ TPM_RC convertRsaKeyToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, RSA *rsaKey) { TPM_RC rc = 0; int modulusBytes; uint8_t *modulusBin = NULL; /* openssl RSA key token to a public modulus */ if (rc == 0) { rc = convertRsaKeyToPublicKeyBin(&modulusBytes, &modulusBin, /* freed @1 */ rsaKey); } /* public modulus to TPM2B_PUBLIC */ if (rc == 0) { rc = convertRsaPublicKeyBinToPublic(objectPublic, keyType, nalg, halg, modulusBytes, modulusBin); } free(modulusBin); /* @1 */ return rc; } #ifndef TPM_TSS_NOFILE /* convertEcPemToKeyPair() converts a PEM file to a TPM2B_PUBLIC and TPM2B_PRIVATE */ TPM_RC convertEcPemToKeyPair(TPM2B_PUBLIC *objectPublic, TPM2B_PRIVATE *objectPrivate, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename, const char *password) { TPM_RC rc = 0; EVP_PKEY *evpPkey = NULL; EC_KEY *ecKey = NULL; /* convert a PEM file to an openssl EVP_PKEY */ if (rc == 0) { rc = convertPemToEvpPrivKey(&evpPkey, /* freed @1 */ pemKeyFilename, password); } if (rc == 0) { rc = convertEvpPkeyToEckey(&ecKey, /* freed @2 */ evpPkey); } if (rc == 0) { rc = convertEcKeyToPrivate(objectPrivate, ecKey, password); } if (rc == 0) { rc = convertEcKeyToPublic(objectPublic, keyType, nalg, halg, ecKey); } EC_KEY_free(ecKey); /* @2 */ if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } #endif #ifndef TPM_TSS_NOFILE /* convertRsaPemToPublic() converts an ECC P256 signing public key in PEM format to a TPM2B_PUBLIC */ TPM_RC convertEcPemToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename) { TPM_RC rc = 0; EVP_PKEY *evpPkey = NULL; EC_KEY *ecKey = NULL; if (rc == 0) { rc = convertPemToEvpPubKey(&evpPkey, /* freed @1 */ pemKeyFilename); } if (rc == 0) { rc = convertEvpPkeyToEckey(&ecKey, /* freed @2 */ evpPkey); } if (rc == 0) { rc = convertEcKeyToPublic(objectPublic, keyType, nalg, halg, ecKey); } if (ecKey != NULL) { EC_KEY_free(ecKey); /* @2 */ } if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } #endif #ifndef TPM_TSS_NOFILE /* convertRsaPemToKeyPair() converts an RSA PEM file to a TPM2B_PUBLIC and TPM2B_PRIVATE */ TPM_RC convertRsaPemToKeyPair(TPM2B_PUBLIC *objectPublic, TPM2B_PRIVATE *objectPrivate, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename, const char *password) { TPM_RC rc = 0; EVP_PKEY *evpPkey = NULL; RSA *rsaKey = NULL; if (rc == 0) { rc = convertPemToEvpPrivKey(&evpPkey, /* freed @1 */ pemKeyFilename, password); } if (rc == 0) { rc = convertEvpPkeyToRsakey(&rsaKey, /* freed @2 */ evpPkey); } if (rc == 0) { rc = convertRsaKeyToPrivate(objectPrivate, /* TPM2B_PRIVATE */ NULL, /* TPM2B_SENSITIVE */ rsaKey, password); } if (rc == 0) { rc = convertRsaKeyToPublic(objectPublic, keyType, nalg, halg, rsaKey); } if (rsaKey != NULL) { RSA_free(rsaKey); /* @2 */ } if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } #endif #ifndef TPM_TSS_NOFILE /* convertRsaDerToKeyPair() converts an RSA keypair stored in plaintext to a TPM2B_PUBLIC and TPM2B_SENSITIVE. Useful for LoadExternal. */ TPM_RC convertRsaDerToKeyPair(TPM2B_PUBLIC *objectPublic, TPM2B_SENSITIVE *objectSensitive, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *derKeyFilename) { TPM_RC rc = 0; RSA *rsaKey = NULL; unsigned char *derBuffer = NULL; size_t derSize; /* read the DER file */ if (rc == 0) { rc = TSS_File_ReadBinaryFile(&derBuffer, /* freed @1 */ &derSize, derKeyFilename); } if (rc == 0) { const unsigned char *tmpPtr = derBuffer; /* because pointer moves */ d2i_RSAPrivateKey(&rsaKey, &tmpPtr, derSize); /* freed @2 */ } if (rc == 0) { rc = convertRsaKeyToPrivate(NULL, /* TPM2B_PRIVATE */ objectSensitive, /* TPM2B_SENSITIVE */ rsaKey, NULL); /* Empty Auth */ } if (rc == 0) { rc = convertRsaKeyToPublic(objectPublic, keyType, nalg, halg, rsaKey); } free(derBuffer); /* @1 */ if (rsaKey != NULL) { RSA_free(rsaKey); /* @2 */ } return rc; } #endif #ifndef TPM_TSS_NOFILE /* convertRsaPemToPublic() converts an RSA public key in PEM format to a TPM2B_PUBLIC */ TPM_RC convertRsaPemToPublic(TPM2B_PUBLIC *objectPublic, int keyType, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *pemKeyFilename) { TPM_RC rc = 0; EVP_PKEY *evpPkey = NULL; RSA *rsaKey = NULL; if (rc == 0) { rc = convertPemToEvpPubKey(&evpPkey, /* freed @1 */ pemKeyFilename); } if (rc == 0) { rc = convertEvpPkeyToRsakey(&rsaKey, /* freed @2 */ evpPkey); } if (rc == 0) { rc = convertRsaKeyToPublic(objectPublic, keyType, nalg, halg, rsaKey); } if (rsaKey != NULL) { RSA_free(rsaKey); /* @2 */ } if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } #endif /* getRsaKeyParts() gets the RSA key parts from an OpenSSL RSA key token. If n is not NULL, returns n, e, and d. If p is not NULL, returns p and q. */ TPM_RC getRsaKeyParts(const BIGNUM **n, const BIGNUM **e, const BIGNUM **d, const BIGNUM **p, const BIGNUM **q, const RSA *rsaKey) { TPM_RC rc = 0; #if OPENSSL_VERSION_NUMBER < 0x10100000 if (n != NULL) { *n = rsaKey->n; *e = rsaKey->e; *d = rsaKey->d; } if (p != NULL) { *p = rsaKey->p; *q = rsaKey->q; } #else if (n != NULL) { RSA_get0_key(rsaKey, n, e, d); } if (p != NULL) { RSA_get0_factors(rsaKey, p, q); } #endif return rc; } /* returns the type (EVP_PKEY_RSA or EVP_PKEY_EC) of the EVP_PKEY. */ int getRsaPubkeyAlgorithm(EVP_PKEY *pkey) { int pkeyType; /* RSA or EC */ #if OPENSSL_VERSION_NUMBER < 0x10100000 pkeyType = pkey->type; #else pkeyType = EVP_PKEY_base_id(pkey); #endif return pkeyType; } /* convertPublicToPEM() saves a PEM format public key from a TPM2B_PUBLIC */ TPM_RC convertPublicToPEM(const TPM2B_PUBLIC *public, const char *pemFilename) { TPM_RC rc = 0; EVP_PKEY *evpPubkey = NULL; /* OpenSSL public key, EVP format */ /* convert TPM2B_PUBLIC to EVP_PKEY */ if (rc == 0) { switch (public->publicArea.type) { case TPM_ALG_RSA: rc = convertRsaPublicToEvpPubKey(&evpPubkey, /* freed @1 */ &public->publicArea.unique.rsa); break; case TPM_ALG_ECC: rc = convertEcPublicToEvpPubKey(&evpPubkey, /* freed @1 */ &public->publicArea.unique.ecc); break; default: rc = TSS_RC_NOT_IMPLEMENTED; break; } } /* write the openssl structure in PEM format */ if (rc == 0) { rc = convertEvpPubkeyToPem(evpPubkey, pemFilename); } if (evpPubkey != NULL) { EVP_PKEY_free(evpPubkey); /* @1 */ } return rc; } /* convertRsaPublicToEvpPubKey() converts an RSA TPM2B_PUBLIC to a EVP_PKEY. */ TPM_RC convertRsaPublicToEvpPubKey(EVP_PKEY **evpPubkey, /* freed by caller */ const TPM2B_PUBLIC_KEY_RSA *tpm2bRsa) { TPM_RC rc = 0; int irc; RSA *rsaPubKey = NULL; if (rc == 0) { *evpPubkey = EVP_PKEY_new(); if (*evpPubkey == NULL) { printf("convertRsaPublicToEvpPubKey: EVP_PKEY failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } /* TPM to RSA token */ if (rc == 0) { /* public exponent */ unsigned char earr[3] = {0x01, 0x00, 0x01}; rc = TSS_RSAGeneratePublicToken (&rsaPubKey, /* freed as part of EVP_PKEY */ tpm2bRsa->t.buffer, /* public modulus */ tpm2bRsa->t.size, earr, /* public exponent */ sizeof(earr)); } /* RSA token to EVP */ if (rc == 0) { irc = EVP_PKEY_assign_RSA(*evpPubkey, rsaPubKey); if (irc == 0) { RSA_free(rsaPubKey); /* because not assigned tp EVP_PKEY */ printf("convertRsaPublicToEvpPubKey: EVP_PKEY_assign_RSA failed\n"); rc = TSS_RC_RSA_KEY_CONVERT; } } return rc; } /* convertEcPublicToEvpPubKey() converts an EC TPMS_ECC_POINT to an EVP_PKEY. */ TPM_RC convertEcPublicToEvpPubKey(EVP_PKEY **evpPubkey, /* freed by caller */ const TPMS_ECC_POINT *tpmsEccPoint) { TPM_RC rc = 0; int irc; EC_GROUP *ecGroup; EC_KEY *ecKey = NULL; BIGNUM *x = NULL; /* freed @2 */ BIGNUM *y = NULL; /* freed @3 */ if (rc == 0) { ecKey = EC_KEY_new(); /* freed @1 */ if (ecKey == NULL) { printf("convertEcPublicToEvpPubKey: Error creating EC_KEY\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { ecGroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); if (ecGroup == NULL) { printf("convertEcPublicToEvpPubKey: Error in EC_GROUP_new_by_curve_name\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { /* returns void */ EC_GROUP_set_asn1_flag(ecGroup, OPENSSL_EC_NAMED_CURVE); } /* assign curve to EC_KEY */ if (rc == 0) { irc = EC_KEY_set_group(ecKey, ecGroup); if (irc != 1) { printf("convertEcPublicToEvpPubKey: Error in EC_KEY_set_group\n"); rc = TSS_RC_EC_KEY_CONVERT; } } if (rc == 0) { rc = convertBin2Bn(&x, /* freed @2 */ tpmsEccPoint->x.t.buffer, tpmsEccPoint->x.t.size); } if (rc == 0) { rc = convertBin2Bn(&y, /* freed @3 */ tpmsEccPoint->y.t.buffer, tpmsEccPoint->y.t.size); } if (rc == 0) { irc = EC_KEY_set_public_key_affine_coordinates(ecKey, x, y); if (irc != 1) { printf("convertEcPublicToEvpPubKey: " "Error converting public key from X Y to EC_KEY format\n"); rc = TSS_RC_EC_KEY_CONVERT; } } if (rc == 0) { *evpPubkey = EVP_PKEY_new(); /* freed by caller */ if (*evpPubkey == NULL) { printf("convertEcPublicToEvpPubKey: EVP_PKEY failed\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { irc = EVP_PKEY_set1_EC_KEY(*evpPubkey, ecKey); if (irc != 1) { printf("convertEcPublicToEvpPubKey: " "Error converting public key from EC to EVP format\n"); rc = TSS_RC_EC_KEY_CONVERT; } } if (ecKey != NULL) { EC_KEY_free(ecKey); /* @1 */ } if (x != NULL) { BN_free(x); /* @2 */ } if (y != NULL) { BN_free(y); /* @3 */ } return rc; } TPM_RC convertEvpPubkeyToPem(EVP_PKEY *evpPubkey, const char *pemFilename) { TPM_RC rc = 0; int irc; FILE *pemFile = NULL; if (rc == 0) { pemFile = fopen(pemFilename, "wb"); if (pemFile == NULL) { printf("convertEvpPubkeyToPem: Unable to open PEM file %s for write\n", pemFilename); rc = TSS_RC_FILE_OPEN; } } if (rc == 0) { irc = PEM_write_PUBKEY(pemFile, evpPubkey); if (irc == 0) { printf("convertEvpPubkeyToPem: Unable to write PEM file %s\n", pemFilename); rc = TSS_RC_FILE_WRITE; } } if (pemFile != NULL) { fclose(pemFile); /* @2 */ } return rc; } #ifndef TPM_TSS_NOFILE /* verifySignatureFromPem() verifies the signature 'tSignature' against the digest 'message' using the public key in the PEM format file 'pemFilename'. */ TPM_RC verifySignatureFromPem(unsigned char *message, unsigned int messageSize, TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, const char *pemFilename) { TPM_RC rc = 0; EVP_PKEY *evpPkey = NULL; /* OpenSSL public key, EVP format */ /* read the public key from PEM format */ if (rc == 0) { rc = convertPemToEvpPubKey(&evpPkey, /* freed @1*/ pemFilename); } /* RSA or EC */ if (rc == 0) { switch(tSignature->sigAlg) { case TPM_ALG_RSASSA: rc = verifyRSASignatureFromEvpPubKey(message, messageSize, tSignature, halg, evpPkey); break; case TPM_ALG_ECDSA: rc = verifyEcSignatureFromEvpPubKey(message, messageSize, tSignature, evpPkey); break; default: printf("verifySignatureFromPem: Unknown hash algorithm %04x\n", halg); rc = TSS_RC_BAD_SIGNATURE_ALGORITHM; } } if (evpPkey != NULL) { EVP_PKEY_free(evpPkey); /* @1 */ } return rc; } #endif /* verifyRSASignatureFromPem() verifies the signature 'tSignature' against the digest 'message' using the RSA public key in the PEM format file 'pemFilename'. */ TPM_RC verifyRSASignatureFromEvpPubKey(unsigned char *message, unsigned int messageSize, TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, EVP_PKEY *evpPkey) { TPM_RC rc = 0; int irc; int nid; RSA *rsaPubKey = NULL; /* OpenSSL public key, RSA format */ /* map from hash algorithm to openssl nid */ if (rc == 0) { switch (halg) { case TPM_ALG_SHA1: nid = NID_sha1; break; case TPM_ALG_SHA256: nid = NID_sha256; break; case TPM_ALG_SHA384: nid = NID_sha384; break; default: printf("verifyRSASignatureFromPem: Unknown hash algorithm %04x\n", halg); rc = TSS_RC_BAD_HASH_ALGORITHM; } } /* construct the RSA key token */ if (rc == 0) { rsaPubKey = EVP_PKEY_get1_RSA(evpPkey); if (rsaPubKey == NULL) { printf("verifyRSASignatureFromPem: EVP_PKEY_get1_RSA failed\n"); rc = TSS_RC_RSA_KEY_CONVERT; } } /* verify the signature */ if (rc == 0) { irc = RSA_verify(nid, message, messageSize, tSignature->signature.rsassa.sig.t.buffer, tSignature->signature.rsassa.sig.t.size, rsaPubKey); if (irc != 1) { printf("verifyRSASignatureFromPem: Bad signature\n"); rc = TSS_RC_RSA_SIGNATURE; } } if (rsaPubKey != NULL) { RSA_free(rsaPubKey); /* @3 */ } return rc; } /* verifyEcSignatureFromEvpPubKey() verifies the signature 'tSignature' against the digest 'message' using the EC public key in the PEM format file 'pemFilename'. */ TPM_RC verifyEcSignatureFromEvpPubKey(unsigned char *message, unsigned int messageSize, TPMT_SIGNATURE *tSignature, EVP_PKEY *evpPkey) { TPM_RC rc = 0; int irc; EC_KEY *ecKey = NULL; BIGNUM *r = NULL; BIGNUM *s = NULL; ECDSA_SIG *ecdsaSig = NULL; /* construct the EC key token */ if (rc == 0) { ecKey = EVP_PKEY_get1_EC_KEY(evpPkey); /* freed @1 */ if (ecKey == NULL) { printf("verifyEcSignatureFromEvpPubKey: EVP_PKEY_get1_EC_KEY failed\n"); rc = TSS_RC_EC_KEY_CONVERT; } } /* construct the ECDSA_SIG signature token */ if (rc == 0) { rc = convertBin2Bn(&r, /* freed @2 */ tSignature->signature.ecdsa.signatureR.t.buffer, tSignature->signature.ecdsa.signatureR.t.size); } if (rc == 0) { rc = convertBin2Bn(&s, /* freed @2 */ tSignature->signature.ecdsa.signatureS.t.buffer, tSignature->signature.ecdsa.signatureS.t.size); } if (rc == 0) { ecdsaSig = ECDSA_SIG_new(); /* freed @2 */ if (ecdsaSig == NULL) { printf("verifyEcSignatureFromEvpPubKey: Error creating ECDSA_SIG_new\n"); rc = TSS_RC_OUT_OF_MEMORY; } } if (rc == 0) { #if OPENSSL_VERSION_NUMBER < 0x10100000 ecdsaSig->r = r; ecdsaSig->s = s; #else int irc = ECDSA_SIG_set0(ecdsaSig, r, s); if (irc != 1) { printf("verifyEcSignatureFromEvpPubKey: Error in ECDSA_SIG_set0()\n"); rc = TSS_RC_EC_KEY_CONVERT; } #endif } /* verify the signature */ if (rc == 0) { irc = ECDSA_do_verify(message, messageSize, ecdsaSig, ecKey); if (irc != 1) { /* quote signature did not verify */ printf("verifyEcSignatureFromEvpPubKey: Bad signature\n"); rc = TSS_RC_RSA_SIGNATURE; } } if (ecKey != NULL) { EC_KEY_free(ecKey); /* @1 */ } /* if the ECDSA_SIG was allocated correctly, r and s are implicitly freed */ if (ecdsaSig != NULL) { ECDSA_SIG_free(ecdsaSig); /* @2 */ } /* if not, explicitly free */ else { if (r != NULL) BN_free(r); /* @2 */ if (s != NULL) BN_free(s); /* @2 */ } return rc; } /* convertRsaBinToTSignature() converts an RSA binary signature to a TPMT_SIGNATURE */ TPM_RC convertRsaBinToTSignature(TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, uint8_t *signatureBin, size_t signatureBinLen) { TPM_RC rc = 0; tSignature->sigAlg = TPM_ALG_RSASSA; tSignature->signature.rsassa.hash = halg; tSignature->signature.rsassa.sig.t.size = signatureBinLen; memcpy(&tSignature->signature.rsassa.sig.t.buffer, signatureBin, signatureBinLen); return rc; } /* convertEcBinToTSignature() converts an EC binary signature to a TPMT_SIGNATURE */ TPM_RC convertEcBinToTSignature(TPMT_SIGNATURE *tSignature, TPMI_ALG_HASH halg, const uint8_t *signatureBin, size_t signatureBinLen) { TPM_RC rc = 0; ECDSA_SIG* ecSig = NULL; int rBytes; int sBytes; const BIGNUM *pr; const BIGNUM *ps; if (rc == 0) { tSignature->sigAlg = TPM_ALG_ECDSA; tSignature->signature.ecdsa.hash = halg; } /* convert DER to ECDSA_SIG */ if (rc == 0) { ecSig = d2i_ECDSA_SIG(NULL, &signatureBin, signatureBinLen); /* freed @1 */ if (ecSig == NULL) { printf("convertEcBinToTSignature: could not convert signature to ECDSA_SIG\n"); rc = TPM_RC_VALUE; } } /* check that the signature size agrees with the currently hard coded P256 curve */ if (rc == 0) { #if OPENSSL_VERSION_NUMBER < 0x10100000 pr = ecSig->r; ps = ecSig->s; #else ECDSA_SIG_get0(ecSig, &pr, &ps); #endif rBytes = BN_num_bytes(pr); sBytes = BN_num_bytes(ps); if ((rBytes > 32) || (sBytes > 32)) { printf("convertEcBinToTSignature: signature rBytes %u or sBytes %u greater than 32\n", rBytes, sBytes); rc = TPM_RC_VALUE; } } /* extract the raw signature bytes from the openssl structure BIGNUMs */ if (rc == 0) { tSignature->signature.ecdsa.signatureR.t.size = rBytes; tSignature->signature.ecdsa.signatureS.t.size = sBytes; BN_bn2bin(pr, (unsigned char *)&tSignature->signature.ecdsa.signatureR.t.buffer); BN_bn2bin(ps, (unsigned char *)&tSignature->signature.ecdsa.signatureS.t.buffer); if (verbose) { TSS_PrintAll("convertEcBinToTSignature: signature R", tSignature->signature.ecdsa.signatureR.t.buffer, tSignature->signature.ecdsa.signatureR.t.size); TSS_PrintAll("convertEcBinToTSignature: signature S", tSignature->signature.ecdsa.signatureS.t.buffer, tSignature->signature.ecdsa.signatureS.t.size); } } if (ecSig != NULL) { ECDSA_SIG_free(ecSig); /* @1 */ } return rc; } /* convertBin2Bn() wraps the openSSL function in an error handler Converts a char array to bignum */ TPM_RC convertBin2Bn(BIGNUM **bn, /* freed by caller */ const unsigned char *bin, unsigned int bytes) { TPM_RC rc = 0; /* BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); BN_bin2bn() converts the positive integer in big-endian form of length len at s into a BIGNUM and places it in ret. If ret is NULL, a new BIGNUM is created. BN_bin2bn() returns the BIGNUM, NULL on error. */ if (rc == 0) { *bn = BN_bin2bn(bin, bytes, *bn); if (*bn == NULL) { printf("convertBin2Bn: Error in BN_bin2bn\n"); rc = TSS_RC_BIGNUM; } } return rc; } ./utils/policytemplate.c0000644000175000017500000001132213075204375013527 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyTemplate */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policytemplate.c 778 2016-10-19 15:21:05Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyTemplate_In in; TPMI_SH_POLICY policySession = 0; const char *templateFilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #include #include #include "imalib.h" static uint32_t IMA_Uint32_Convert(const uint8_t *stream, int littleEndian); static uint32_t IMA_Strn2cpy(char *dest, const uint8_t *src, size_t destLength, size_t srcLength); extern int verbose; extern int vverbose; /* IMA_Event_Init() initializes the ImaEvent structure so that IMA_Event_Free() is safe. */ void IMA_Event_Init(ImaEvent *imaEvent) { if (imaEvent != NULL) { imaEvent->template_data = NULL; } return; } /* IMA_Event_Free() frees any memory allocated for the ImaEvent structure. */ void IMA_Event_Free(ImaEvent *imaEvent) { if (imaEvent != NULL) { free(imaEvent->template_data); imaEvent->template_data = NULL; } return; } /* IMA_Event_Trace() traces the ImaEvent structure. If traceTemplate is FALSE, template data is not traced. This handles the case where template data is not unmarshaled. */ void IMA_Event_Trace(ImaEvent *imaEvent, int traceTemplate) { printf("IMA_Event_Trace: PCR index %u\n", imaEvent->pcrIndex); TSS_PrintAll("IMA_Event_Trace: hash", imaEvent->digest, sizeof(((ImaEvent *)NULL)->digest)); printf("IMA_Event_Trace: name length %u\n", imaEvent->name_len); printf("IMA_Event_Trace: name %s\n", imaEvent->name); printf("IMA_Event_Trace: name integer %u\n", imaEvent->nameInt); printf("IMA_Event_Trace: template data length %u\n", imaEvent->template_data_len); /* in some use cases, the template_data field is not populated. In those cases, do not trace it. */ if (traceTemplate) { TSS_PrintAll("IMA_Event_Trace: template data", imaEvent->template_data, imaEvent->template_data_len); } return; } /* IMA_TemplateData_Trace() traces the ImaTemplateData structure. nameInt maps to the template name. */ void IMA_TemplateData_Trace(ImaTemplateData *imaTemplateData, unsigned int nameInt) { printf("IMA_TemplateData_Trace: hashLength %u\n", imaTemplateData->hashLength); printf("IMA_TemplateData_Trace: hashAlg %s\n", imaTemplateData->hashAlg); TSS_PrintAll("IMA_Template_Trace: file data hash", imaTemplateData->fileDataHash, imaTemplateData->fileDataHashLength); printf("IMA_TemplateData_Trace: fileNameLength %u\n", imaTemplateData->fileNameLength); printf("IMA_TemplateData_Trace: fileName %s\n", imaTemplateData->fileName); if (nameInt == IMA_SIG) { printf("IMA_TemplateData_Trace: sigLength %u\n", imaTemplateData->sigLength); if (imaTemplateData->sigLength != 0) { TSS_PrintAll("IMA_TemplateData_Trace: sigHeader", imaTemplateData->sigHeader, imaTemplateData->sigHeaderLength); printf("IMA_TemplateData_Trace: signatureSize %u\n", imaTemplateData->signatureSize); TSS_PrintAll("IMA_TemplateData_Trace: signature", imaTemplateData->signature, imaTemplateData->signatureSize); } } return; } /* IMA_Event_ReadFile() reads one IMA event from a file. It currently supports two SHA-1 formats: ima-ng and ima-sig. This is typically used at the client, reading from the pseudofile. */ uint32_t IMA_Event_ReadFile(ImaEvent *imaEvent, /* freed by caller */ int *endOfFile, FILE *inFile, int littleEndian) { int rc = 0; size_t readSize; *endOfFile = FALSE; imaEvent->template_data = NULL; /* for free */ /* read the IMA pcr index */ if (rc == 0) { readSize = fread(&(imaEvent->pcrIndex), sizeof(((ImaEvent *)NULL)->pcrIndex), 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE; } else { printf("ERROR: IMA_Event_ReadFile: could not read pcrIndex, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } if (rc == 0) { imaEvent->pcrIndex = IMA_Uint32_Convert((uint8_t *)&imaEvent->pcrIndex, littleEndian); } /* sanity check the PCR index */ if (rc == 0) { if (imaEvent->pcrIndex != IMA_PCR) { printf("ERROR: IMA_Event_ReadFile: PCR index %u not PCR %u\n", imaEvent->pcrIndex, IMA_PCR); rc = ERR_STRUCTURE; } } /* read the IMA digest, this is hard coded to SHA-1 */ if (rc == 0) { readSize = fread(&(imaEvent->digest), sizeof(((ImaEvent *)NULL)->digest), 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE; } else { printf("ERROR: IMA_Event_ReadFile: could not read digest, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } /* read the IMA name length */ if (rc == 0) { readSize = fread(&(imaEvent->name_len), sizeof(((ImaEvent *)NULL)->name_len), 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE; } else { printf("ERROR: IMA_Event_ReadFile: could not read name_len, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } if (rc == 0) { imaEvent->name_len = IMA_Uint32_Convert((uint8_t *)&imaEvent->name_len, littleEndian); } /* bounds check the name length, leave a byte for the nul terminator */ if (rc == 0) { if (imaEvent->name_len > (sizeof(((ImaEvent *)NULL)->name)) -1) { printf("ERROR: IMA_Event_ReadFile: template name length too big: %u\n", imaEvent->name_len); rc = ERR_STRUCTURE; } } /* read the template name */ if (rc == 0) { /* nul terminate first */ memset(imaEvent->name, 0, sizeof(((ImaEvent *)NULL)->name)); readSize = fread(&(imaEvent->name), imaEvent->name_len, 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE; } else { printf("ERROR: IMA_Event_ReadFile: could not read template name, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } /* record the template name as an int */ if (rc == 0) { if (strcmp(imaEvent->name, "ima-ng") == 0) { imaEvent->nameInt = IMA_NG; } else if (strcmp(imaEvent->name, "ima-sig") == 0) { imaEvent->nameInt = IMA_SIG; } /* the template data parser currently supports only these two formats. */ else { imaEvent->nameInt = IMA_UNSUPPORTED; } } /* read the template data length */ if (rc == 0) { readSize = fread(&(imaEvent->template_data_len), sizeof(((ImaEvent *)NULL)->template_data_len ), 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE; } else { printf("ERROR: IMA_Event_ReadFile: could not read template_data_len, " " returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } if (rc == 0) { imaEvent->template_data_len = IMA_Uint32_Convert((uint8_t *)&imaEvent->template_data_len, littleEndian); } /* bounds check the template data length */ if (rc == 0) { if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) { printf("ERROR: IMA_Event_ReadFile: template data length too big: %u\n", imaEvent->template_data_len); rc = ERR_STRUCTURE; } } if (rc == 0) { imaEvent->template_data = malloc(imaEvent->template_data_len); if (imaEvent->template_data == NULL) { printf("ERROR: IMA_Event_ReadFile: " "could not allocate template data, size %u\n", imaEvent->template_data_len); rc = ERR_STRUCTURE; } } if (rc == 0) { readSize = fread(imaEvent->template_data, imaEvent->template_data_len, 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE; } else { printf("ERROR: IMA_Event_ReadFile: could not read template_data, " " returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } return rc; } /* IMA_Event_ReadBuffer() reads one IMA event from a buffer. It currently supports two SHA-1 formats: ima-ng and ima-sig. This is typically used at the server, reading from a client connection. If getTemplate is TRUE, the template data is copied to a malloced imaEvent->template_data. If FALSE, template data is skipped. FALSE is used for the first pass, where the template data is not needed until the hash is validated. */ uint32_t IMA_Event_ReadBuffer(ImaEvent *imaEvent, /* freed by caller */ size_t *length, uint8_t **buffer, int *endOfBuffer, int littleEndian, int getTemplate) { int rc = 0; imaEvent->template_data = NULL; /* for free */ if (*length == 0) { *endOfBuffer = 1; } else { /* read the IMA pcr index */ if (rc == 0) { /* bounds check the length */ if (*length < sizeof(uint32_t)) { printf("ERROR: IMA_Event_ReadBuffer: buffer too small for PCR index\n"); rc = ERR_STRUCTURE; } else { imaEvent->pcrIndex = IMA_Uint32_Convert(*buffer, littleEndian); *buffer += sizeof(uint32_t); *length -= sizeof(uint32_t); } } /* sanity check the PCR index */ if (rc == 0) { if (imaEvent->pcrIndex != IMA_PCR) { printf("ERROR: IMA_Event_ReadBuffer: PCR index %u not PCR %u\n", IMA_PCR, imaEvent->pcrIndex); rc = ERR_STRUCTURE; } } /* read the IMA digest, this is hard coded to SHA-1 */ if (rc == 0) { /* bounds check the length */ if (*length < sizeof(((ImaEvent *)NULL)->digest)) { printf("ERROR: IMA_Event_ReadBuffer: buffer too small for IMA digest\n"); rc = ERR_STRUCTURE; } else { memcpy(&(imaEvent->digest), *buffer, sizeof(((ImaEvent *)NULL)->digest)); *buffer += sizeof(((ImaEvent *)NULL)->digest); *length -= sizeof(((ImaEvent *)NULL)->digest); } } /* read the IMA name length */ if (rc == 0) { /* bounds check the length */ if (*length < sizeof(uint32_t)) { printf("ERROR: IMA_Event_ReadBuffer: " "buffer too small for IMA template name length\n"); rc = ERR_STRUCTURE; } else { imaEvent->name_len = IMA_Uint32_Convert(*buffer, littleEndian); *buffer += sizeof(uint32_t); *length -= sizeof(uint32_t); } } /* read the template name */ if (rc == 0) { /* bounds check the name length */ if (imaEvent->name_len > TCG_EVENT_NAME_LEN_MAX) { printf("ERROR: IMA_Event_ReadBuffer: Error, template name length too big: %u\n", imaEvent->name_len); rc = ERR_STRUCTURE; } else if (*length < imaEvent->name_len) { printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template name\n"); rc = ERR_STRUCTURE; } else { /* nul terminate first */ memset(imaEvent->name, 0, sizeof(((ImaEvent *)NULL)->name)); memcpy(&(imaEvent->name), *buffer, imaEvent->name_len); *buffer += imaEvent->name_len; *length -= imaEvent->name_len; } } /* record the template name as an int */ if (rc == 0) { if (strcmp(imaEvent->name, "ima-ng") == 0) { imaEvent->nameInt = IMA_NG; } else if (strcmp(imaEvent->name, "ima-sig") == 0) { imaEvent->nameInt = IMA_SIG; } /* the template data parser currently supports only these two formats. */ else { imaEvent->nameInt = IMA_UNSUPPORTED; } } /* read the template data length */ if (rc == 0) { /* bounds check the length */ if (*length < sizeof(uint32_t)) { printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template data length\n"); rc = ERR_STRUCTURE; } else { imaEvent->template_data_len = IMA_Uint32_Convert(*buffer, littleEndian); *buffer += sizeof(uint32_t); *length -= sizeof(uint32_t); } } /* allocate for the template data */ if (rc == 0) { if (getTemplate) { /* bounds check the template data length */ if (imaEvent->template_data_len > TCG_TEMPLATE_DATA_LEN_MAX) { printf("ERROR: IMA_Event_ReadBuffer: template data length too big: %u\n", imaEvent->template_data_len ); rc = ERR_STRUCTURE; } else if (*length < imaEvent->template_data_len) { printf("ERROR: IMA_Event_ReadBuffer: buffer too small for template data\n"); rc = ERR_STRUCTURE; } else { if (rc == 0) { imaEvent->template_data = malloc(imaEvent->template_data_len); if (imaEvent->template_data == NULL) { printf("ERROR: IMA_Event_ReadBuffer: " "could not allocate template data, size %u\n", imaEvent->template_data_len); rc = ERR_STRUCTURE; } } if (rc == 0) { memcpy(imaEvent->template_data, *buffer, imaEvent->template_data_len); } } } /* move the buffer even if getTemplate is false */ if (rc == 0) { *buffer += imaEvent->template_data_len; *length -= imaEvent->template_data_len; } } } return rc; } /* IMA_TemplateData_ReadBuffer() unmarshals the template data fields from the template data byte array. It currently supports two SHA-1 formats: ima-ng and ima-sig. */ uint32_t IMA_TemplateData_ReadBuffer(ImaTemplateData *imaTemplateData, ImaEvent *imaEvent, int littleEndian) { int rc = 0; size_t length = imaEvent->template_data_len; uint8_t *buffer = imaEvent->template_data; /* check for supported template name */ if (rc == 0) { if (imaEvent->nameInt == IMA_UNSUPPORTED) { printf("ERROR: IMA_TemplateData_ReadBuffer: template name %s unsupported\n", imaEvent->name); rc = ERR_STRUCTURE; } } /* read the hash length, algorithm + hash */ if (rc == 0) { /* bounds check the length */ if (length < sizeof(uint32_t)) { printf("ERROR: IMA_TemplateData_ReadBuffer: buffer too small for hash length\n"); rc = ERR_STRUCTURE; } else { imaTemplateData->hashLength = IMA_Uint32_Convert(buffer, littleEndian); buffer += sizeof(uint32_t); length -= sizeof(uint32_t); } } /* read the hash algorithm, nul terminated string */ size_t hashAlgSize; if (rc == 0) { /* NUL terminate first */ memset(imaTemplateData->hashAlg, 0, sizeof(((ImaTemplateData *)NULL)->hashAlg)); rc = IMA_Strn2cpy(imaTemplateData->hashAlg, buffer, sizeof(((ImaTemplateData *)NULL)->hashAlg), /* destLength */ imaTemplateData->hashLength); /* srcLength */ if (rc != 0) { printf("ERROR: IMA_TemplateData_ReadBuffer: buffer too small for hash algorithm\n" "\tor hash algorithm exceeds maximum size\n"); rc = ERR_STRUCTURE; } else { hashAlgSize = strlen(imaTemplateData->hashAlg) + 1; buffer += hashAlgSize; length -= hashAlgSize; } } /* fileDataHashLength */ if (rc == 0) { if (strcmp(imaTemplateData->hashAlg, "sha1:") == 0) { imaTemplateData->fileDataHashLength = SHA1_DIGEST_SIZE; imaTemplateData->hashNid = NID_sha1; } else if (strcmp(imaTemplateData->hashAlg, "sha256:") == 0) { imaTemplateData->fileDataHashLength = SHA256_DIGEST_SIZE; imaTemplateData->hashNid = NID_sha256; } else { printf("ERROR: IMA_TemplateData_ReadBuffer: Unknown file data hash algorithm: %s\n", imaTemplateData->hashAlg); rc = 1; } } /* consistency check hashLength vs contents */ if (rc == 0) { if ((hashAlgSize + imaTemplateData->fileDataHashLength) != imaTemplateData->hashLength) { printf("ERROR: IMA_TemplateData_ReadBuffer: " "hashLength %u inconsistent with hashAlgSize %lu and fileDataHashLength %u\n", imaTemplateData->hashLength, (unsigned long)hashAlgSize, imaTemplateData->fileDataHashLength); rc = ERR_STRUCTURE; } } /* fileDataHash */ if (rc == 0) { /* bounds check the length */ if (length < imaTemplateData->fileDataHashLength) { printf("ERROR: IMA_TemplateData_ReadBuffer: buffer too small for file data hash\n"); rc = ERR_STRUCTURE; } else if (imaTemplateData->fileDataHashLength > sizeof(((ImaTemplateData *)NULL)->fileDataHash)) { printf("ERROR: IMA_TemplateData_ReadBuffer: " "file data hash length exceeds maximum size\n"); rc = ERR_STRUCTURE; } else { memcpy(&(imaTemplateData->fileDataHash), buffer, imaTemplateData->fileDataHashLength); buffer += imaTemplateData->fileDataHashLength; length -= imaTemplateData->fileDataHashLength; } } /* fileNameLength (length includes the nul terminator)*/ if (rc == 0) { /* bounds check the length */ if (length < sizeof(uint32_t)) { printf("ERROR: IMA_TemplateData_ReadBuffer: buffer too small for file name length\n"); rc = ERR_STRUCTURE; } else { imaTemplateData->fileNameLength = IMA_Uint32_Convert(buffer, littleEndian); buffer += sizeof(uint32_t); length -= sizeof(uint32_t); } } /* fileName */ if (rc == 0) { /* bounds check the length */ if (length < imaTemplateData->fileNameLength) { printf("ERROR: IMA_TemplateData_ReadBuffer: buffer too small for file name\n"); rc = ERR_STRUCTURE; } else if (imaTemplateData->fileNameLength > (MAXPATHLEN+1)) { printf("ERROR: IMA_TemplateData_ReadBuffer: file name length exceeds maximum size\n"); rc = ERR_STRUCTURE; } else { memcpy(&(imaTemplateData->fileName), buffer, imaTemplateData->fileNameLength); buffer += imaTemplateData->fileNameLength; length -= imaTemplateData->fileNameLength; } } /* sanity check nul terminator */ if (rc == 0) { if (imaTemplateData->fileName[imaTemplateData->fileNameLength - 1] != '\0') { printf("ERROR: IMA_TemplateData_ReadBuffer: file name not nul terminated\n"); rc = ERR_STRUCTURE; } } if (imaEvent->nameInt == IMA_SIG) { /* sigLength */ if (rc == 0) { /* bounds check the length */ if (length < sizeof(uint32_t)) { printf("ERROR: IMA_TemplateData_ReadBuffer: " "buffer too small for signature length\n"); rc = ERR_STRUCTURE; } else { imaTemplateData->sigLength = IMA_Uint32_Convert(buffer, littleEndian); buffer += sizeof(uint32_t); length -= sizeof(uint32_t); } /* sigHeader - only parsed if its length is not zero */ if (imaTemplateData->sigLength != 0) { if (rc == 0) { imaTemplateData->sigHeaderLength = sizeof((ImaTemplateData *)NULL)->sigHeader; /* bounds check the length */ if (length < imaTemplateData->sigHeaderLength) { printf("ERROR: IMA_TemplateData_ReadBuffer: " "buffer too small for signature header\n"); rc = ERR_STRUCTURE; } else { memcpy(&(imaTemplateData->sigHeader), buffer, imaTemplateData->sigHeaderLength); buffer += imaTemplateData->sigHeaderLength; length -= imaTemplateData->sigHeaderLength; } } /* get signature length from last two bytes */ if (rc == 0) { /* magic number for offset: type(1) version(1) hash alg (1) pubkey id (4) */ imaTemplateData->signatureSize = ntohs(*(uint16_t *)(imaTemplateData->sigHeader + 7)); } /* consistency check signature header contents */ if (rc == 0) { int goodHashAlgo = (((imaTemplateData->sigHeader[2] == HASH_ALGO_SHA1) && (imaTemplateData->hashNid = NID_sha1)) || ((imaTemplateData->sigHeader[2] == HASH_ALGO_SHA256) && (imaTemplateData->hashNid = NID_sha256))); int goodSigSize = ((imaTemplateData->signatureSize == 128) || (imaTemplateData->signatureSize == 256)); /* xattr type */ if ( (imaTemplateData->sigHeader[0] != EVM_IMA_XATTR_DIGSIG) || /* [0] type */ (imaTemplateData->sigHeader[1] != 2) || /* [1] version */ !goodHashAlgo || /* [2] hash algorithm */ /* [3]-[6] are the public key fingerprint. Any value is legal. */ !goodSigSize /* [7][8] sig size */ ) { printf("ERROR: IMA_TemplateData_ReadBuffer: invalid sigHeader\n"); rc = ERR_STRUCTURE; } } /* signature */ if (rc == 0) { /* bounds check the length */ if (length < imaTemplateData->signatureSize) { printf("ERROR: IMA_TemplateData_ReadBuffer: " "buffer too small for signature \n"); rc = ERR_STRUCTURE; } /* sanity check the signatureSize against the sigLength */ else if (imaTemplateData->sigLength != (sizeof((ImaTemplateData *)NULL)->sigHeader + imaTemplateData->signatureSize)) { printf("ERROR: IMA_TemplateData_ReadBuffer: " "sigLength inconsistent with signatureSize\n"); rc = ERR_STRUCTURE; } else { memcpy(&(imaTemplateData->signature), buffer, imaTemplateData->signatureSize); buffer += imaTemplateData->signatureSize; length -= imaTemplateData->signatureSize; } } } } } /* length should now be zero */ if (rc == 0) { if (length != 0) { printf("ERROR: IMA_TemplateData_ReadBuffer: " "buffer too large (bytes remaining after unmarshaling)\n"); rc = ERR_STRUCTURE; } } return rc; } /* IMA_Event_Write() writes an event line to a binary file outFile. The write is always big endian, network byte order. */ uint32_t IMA_Event_Write(ImaEvent *imaEvent, FILE *outFile) { int rc = 0; size_t writeSize; uint32_t nbo32; /* network byte order */ if (rc == 0) { /* do the endian conversion */ nbo32 = htonl(imaEvent->pcrIndex); /* write the IMA pcr index */ writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile); if (writeSize != 1) { printf("ERROR: IMA_Event_Write: could not write pcrIndex, returned %lu\n", (unsigned long)writeSize); rc = ERR_STRUCTURE; } } /* write the IMA digest, name length */ if (rc == 0) { writeSize = fwrite(&(imaEvent->digest), sizeof(((ImaEvent *)NULL)->digest), 1, outFile); if (writeSize != 1) { printf("ERROR: IMA_Event_Write: could not write digest, returned %lu\n", (unsigned long)writeSize); rc = ERR_STRUCTURE; } } /* write the IMA name length */ if (rc == 0) { /* do the endian conversion */ nbo32 = htonl(imaEvent->name_len); /* write the IMA name length */ writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile); if (writeSize != 1) { printf("ERROR: IMA_Event_Write: could not write name length, returned %lu\n", (unsigned long)writeSize); rc = ERR_STRUCTURE; } } /* write the name */ if (rc == 0) { writeSize = fwrite(&(imaEvent->name), imaEvent->name_len, 1, outFile); if (writeSize != 1) { printf("ERROR: IMA_Event_Write: could not write name, returned %lu\n", (unsigned long)writeSize); rc = ERR_STRUCTURE; } } /* write the template data length */ if (rc == 0) { /* do the endian conversion */ nbo32 = htonl(imaEvent->template_data_len); /* write the IMA template data length */ writeSize = fwrite(&nbo32, sizeof(uint32_t), 1, outFile); if (writeSize != 1) { printf("ERROR: IMA_Event_Write: could not template data length , returned %lu\n", (unsigned long)writeSize); rc = ERR_STRUCTURE; } } /* write the template data */ if (rc == 0) { writeSize = fwrite(&(imaEvent->template_data), imaEvent->template_data_len, 1, outFile); if (writeSize != 1) { printf("ERROR: IMA_Event_Write: could not write template data, returned %lu\n", (unsigned long)writeSize); rc = ERR_STRUCTURE; } } return rc; } /* IMA_Extend() extends the event into the imaPcr. An IMA quirk is that, if the event is all zero, all ones is extended. halg indicates whether to calculate the digest for the SHA-1 or SHA-256 PCR bank. The IMA event log itself is always SHA-1. This function assumes that the same hash algorithm / PCR bank is used for all calls. */ uint32_t IMA_Extend(TPMT_HA *imapcr, ImaEvent *imaEvent, TPMI_ALG_HASH hashAlg) { uint32_t rc = 0; uint16_t digestSize; uint16_t zeroPad; int notAllZero; unsigned char zeroDigest[SHA256_DIGEST_SIZE]; unsigned char oneDigest[SHA256_DIGEST_SIZE]; /* FIXME sanity check TPM_IMA_PCR imaEvent->pcrIndex */ /* extend based on the previous IMA PCR value */ if (rc == 0) { memset(zeroDigest, 0, SHA256_DIGEST_SIZE); memset(oneDigest, 0xff, SHA256_DIGEST_SIZE); if (hashAlg == TPM_ALG_SHA1) { digestSize = SHA1_DIGEST_SIZE; zeroPad = 0; } else if (hashAlg == TPM_ALG_SHA256) { digestSize = SHA256_DIGEST_SIZE; /* pad the SHA-1 event with zeros for the SHA-256 bank */ zeroPad = SHA256_DIGEST_SIZE - SHA1_DIGEST_SIZE; } else { printf("ERROR: IMA_Extend: Unsupported hash algorithm: %04x\n", hashAlg); rc = 1; } } if (rc == 0) { notAllZero = memcmp(imaEvent->digest, zeroDigest, digestSize); imapcr->hashAlg = hashAlg; if (notAllZero) { #if 0 TSS_PrintAll("IMA_Extend: Start PCR", (uint8_t *)&imapcr->digest, digestSize); TSS_PrintAll("IMA_Extend: Extend", (uint8_t *)&imaEvent->digest, SHA1_DIGEST_SIZE); TSS_PrintAll("IMA_Extend: Pad", zeroDigest, zeroPad); #endif rc = TSS_Hash_Generate(imapcr, digestSize, (uint8_t *)&imapcr->digest, SHA1_DIGEST_SIZE, &imaEvent->digest, /* SHA-1 PCR extend gets zero padded */ zeroPad, zeroDigest, 0, NULL); } /* IMA has a quirk where, when it places all all zero digest into the measurement log, it extends all ones into IMA PCR */ else { rc = TSS_Hash_Generate(imapcr, digestSize, (uint8_t *)&imapcr->digest, digestSize, oneDigest, /* SHA-1 gets zero padded */ zeroPad, zeroDigest, 0, NULL); } } if (rc != 0) { printf("ERROR: IMA_Extend: could not extend imapcr, rc %08x\n", rc); } return rc; } /* IMA_VerifyImaDigest() verifies the IMA digest against the hash of the template data. This handles the SHA-1 IMA event log. */ uint32_t IMA_VerifyImaDigest(uint32_t *badEvent, /* TRUE if hash does not match */ ImaEvent *imaEvent, /* the current IMA event being processed */ int eventNum) /* the current IMA event number being processed */ { uint32_t rc = 0; int irc; /* calculate the hash of the template data */ TPMT_HA calculatedImaDigest; if (rc == 0) { calculatedImaDigest.hashAlg = TPM_ALG_SHA1; rc = TSS_Hash_Generate(&calculatedImaDigest, imaEvent->template_data_len, imaEvent->template_data, 0, NULL); } /* compare the calculated hash to the event digest received from the client */ if (rc == 0) { if (vverbose) TSS_PrintAll("IMA_VerifyImaDigest: Received IMA digest", imaEvent->digest, SHA1_DIGEST_SIZE); if (vverbose) TSS_PrintAll("IMA_VerifyImaDigest: Calculated IMA digest", (uint8_t *)&calculatedImaDigest.digest, SHA1_DIGEST_SIZE); irc = memcmp(imaEvent->digest, &calculatedImaDigest.digest, SHA1_DIGEST_SIZE); if (irc == 0) { if (vverbose) printf("IMA_VerifyImaDigest: IMA digest verified, event %u\n", eventNum); *badEvent = FALSE; } else { printf("ERROR: IMA_VerifyImaDigest: IMA digest did not verify, event %u\n", eventNum); *badEvent = TRUE; } } return rc; } /* IMA_Uint32_Convert() converts a uint8_t (from an input stream) to host byte order */ static uint32_t IMA_Uint32_Convert(const uint8_t *stream, int littleEndian) { uint32_t out = 0; /* little endian input */ if (littleEndian) { out = (stream[0] << 0) | (stream[1] << 8) | (stream[2] << 16) | (stream[3] << 24); } /* big endian input */ else { out = (stream[0] << 24) | (stream[1] << 16) | (stream[2] << 8) | (stream[3] << 0); } return out; } /* IMA_Strn2cpy() copies src to dest, including a NUL terminator It checks that src is nul terminated within srcLength bytes. It checks that src fits into dest within destLength bytes Returns error if either the src is not nul terminated or will not fit in dest. */ static uint32_t IMA_Strn2cpy(char *dest, const uint8_t *src, size_t destLength, size_t srcLength) { uint32_t rc = 0; int done = 0; while ((destLength > 0) && (srcLength > 0)) { *dest = *src; if (*dest == '\0') { done = 1; break; } else { dest++; src++; destLength--; srcLength--; } } if (!done) { rc = 1; } return rc; } /* ImaEvent_Marshal() marshals an ImaEvent structure */ TPM_RC ImaEvent_Marshal(ImaEvent *source, uint16_t *written, uint8_t **buffer, int32_t *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->pcrIndex, written, buffer, size); } if (rc == 0) { rc = TSS_Array_Marshal(source->digest, SHA1_DIGEST_SIZE, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->name_len, written, buffer, size); } if (rc == 0) { rc = TSS_Array_Marshal((uint8_t *)source->name, source->name_len, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->template_data_len, written, buffer, size); } if (rc == 0) { rc = TSS_Array_Marshal(source->template_data, source->template_data_len, written, buffer, size); } return rc; } #if 0 /* IMA_Event_ToString() converts the ImaEvent structure to a hexascii string, big endian. */ uint32_t IMA_Event_ToString(char **eventString, /* freed by caller */ ImaEvent *imaEvent) { int rc = 0; size_t length; /* calculate size of string, from ImaEvent structure */ if (rc == 0) { length = ((sizeof(uint32_t) + SHA1_DIGEST_SIZE + sizeof(uint32_t) + TCG_EVENT_NAME_LEN_MAX + 1 + sizeof(uint32_t) + imaEvent->template_data_len) * 2) + 1; } if (rc == 0) { *eventString = malloc(length); if (*eventString == NULL) { printf("ERROR: IMA_Event_ToString: error allocating %lu bytes\n", length); rc = 1; } } if (rc == 0) { memset(*eventString, '\0', length); char *p = *eventString; sprintf(p, "%08lx", (long unsigned int)imaEvent->pcrIndex); p += sizeof(uint32_t)* 2; Array_Print(p, NULL, imaEvent->digest, SHA1_DIGEST_SIZE); p += SHA1_DIGEST_SIZE * 2; sprintf(p, "%08lx", (long unsigned int)imaEvent->name_len); p += sizeof(uint32_t) * 2; Array_Print(p, NULL, FALSE, (uint8_t *)imaEvent->name, imaEvent->name_len); p += imaEvent->name_len * 2; sprintf(p, "%08lx", (long unsigned int)imaEvent->template_data_len); p += sizeof(uint32_t) * 2; Array_Print(p, NULL, FALSE, imaEvent->template_data, imaEvent->template_data_len); p += imaEvent->template_data_len * 2; /* printf("IMA_Event_ToString: result\n:%s:\n", *eventString); */ } return rc; } #endif ./utils/ntc2getconfig.c0000644000175000017500000002250613055132457013235 0ustar lo1lo1/********************************************************************************/ /* */ /* Nuvoton GetConfig */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ntc2getconfig.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include "ntc2lib.h" static void printUsage(void); static void printHexResponse(NTC2_CFG_STRUCT *preConfig); static TPM_RC verifyConfig(NTC2_CFG_STRUCT *preConfig, int verifyLocked); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NTC2_GetConfig_Out out; int verify = FALSE; int verifyLocked = FALSE; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (ii2cLoc1_2 != PREQUIRED_i2cLoc1_2) { printf("verifyConfig: i2cLoc1_2 %02x not equal to default %02x\n", preConfig->i2cLoc1_2, PREQUIRED_i2cLoc1_2); rc = TPM_RC_VALUE; } if (preConfig->i2cLoc3_4 != PREQUIRED_i2cLoc3_4) { printf("verifyConfig: i2cLoc3_4 %02x not equal to default %02x\n", preConfig->i2cLoc3_4, PREQUIRED_i2cLoc3_4); rc = TPM_RC_VALUE; } if (preConfig->AltCfg != PREQUIRED_AltCfg) { printf("verifyConfig: AltCfg %02x not equal to default %02x\n", preConfig->AltCfg, PREQUIRED_AltCfg); rc = TPM_RC_VALUE; } if (preConfig->Direction != PREQUIRED_Direction) { printf("verifyConfig: Direction %02x not equal to default %02x\n", preConfig->Direction, PREQUIRED_Direction); rc = TPM_RC_VALUE; } if (preConfig->PullUp != PREQUIRED_PullUp) { printf("verifyConfig: PullUp %02x not equal to default %02x\n", preConfig->PullUp, PREQUIRED_PullUp); rc = TPM_RC_VALUE; } if (preConfig->PushPull != PREQUIRED_PushPull) { printf("verifyConfig: PushPull %02x not equal to default %02x\n", preConfig->PushPull, PREQUIRED_PushPull); rc = TPM_RC_VALUE; } if (preConfig->CFG_A != PREQUIRED_CFG_A) { printf("verifyConfig: CFG_A %02x not equal to default %02x\n", preConfig->CFG_A, PREQUIRED_CFG_A); rc = TPM_RC_VALUE; } if (preConfig->CFG_B != PREQUIRED_CFG_B) { printf("verifyConfig: CFG_B %02x not equal to default %02x\n", preConfig->CFG_B, PREQUIRED_CFG_B); rc = TPM_RC_VALUE; } if (preConfig->CFG_C != PREQUIRED_CFG_C) { printf("verifyConfig: CFG_C %02x not equal to default %02x\n", preConfig->CFG_C, PREQUIRED_CFG_C); rc = TPM_RC_VALUE; } if (preConfig->CFG_D != PREQUIRED_CFG_D) { printf("verifyConfig: CFG_D %02x not equal to default %02x\n", preConfig->CFG_D, PREQUIRED_CFG_D); rc = TPM_RC_VALUE; } if (preConfig->CFG_E != PREQUIRED_CFG_E) { printf("verifyConfig: CFG_E %02x not equal to default %02x\n", preConfig->CFG_E, PREQUIRED_CFG_E); rc = TPM_RC_VALUE; } if (preConfig->CFG_F != PREQUIRED_CFG_F) { printf("verifyConfig: CFG_F %02x not equal to default %02x\n", preConfig->CFG_F, PREQUIRED_CFG_F); rc = TPM_RC_VALUE; } if (preConfig->CFG_G != PREQUIRED_CFG_G) { printf("verifyConfig: CFG_G %02x not equal to default %02x\n", preConfig->CFG_G, PREQUIRED_CFG_G); rc = TPM_RC_VALUE; } if (preConfig->CFG_H != PREQUIRED_CFG_H) { printf("verifyConfig: CFG_H %02x not equal to default %02x\n", preConfig->CFG_H, PREQUIRED_CFG_H); rc = TPM_RC_VALUE; } if (preConfig->CFG_I != PREQUIRED_CFG_I) { printf("verifyConfig: CFG_I %02x not equal to default %02x\n", preConfig->CFG_I, PREQUIRED_CFG_I); rc = TPM_RC_VALUE; } if (preConfig->CFG_J != PREQUIRED_CFG_J) { printf("verifyConfig: CFG_J %02x not equal to default %02x\n", preConfig->CFG_J, PREQUIRED_CFG_J); rc = TPM_RC_VALUE; } if (preConfig->IsValid != PREQUIRED_IsValid) { printf("verifyConfig: IsValid %02x not equal to default %02x\n", preConfig->IsValid, PREQUIRED_IsValid); rc = TPM_RC_VALUE; } if (verifyLocked) { if (preConfig->IsLocked != 0xaa) { printf("verifyConfig: IsLocked is %02x not %02x\n", preConfig->IsLocked, 0xaa); rc = TPM_RC_VALUE; } } else { if (preConfig->IsLocked != 0xff) { printf("verifyConfig: IsLocked %02x not %02x\n", preConfig->IsLocked, 0xff); rc = TPM_RC_VALUE; } } return rc; } /* printHexResponse() prints the read preConfig in a concise hex format */ static void printHexResponse(NTC2_CFG_STRUCT *preConfig) { printf("i2cLoc1_2:\t%02x\n", preConfig->i2cLoc1_2); printf("i2cLoc3_4:\t%02x\n", preConfig->i2cLoc3_4); printf("AltCfg:\t\t%02x\n", preConfig->AltCfg); printf("Direction:\t%02x\n", preConfig->Direction); printf("PullUp:\t\t%02x\n", preConfig->PullUp); printf("PushPull:\t%02x\n", preConfig->PushPull); printf("CFG_A:\t\t%02x\n", preConfig->CFG_A); printf("CFG_B:\t\t%02x\n", preConfig->CFG_B); printf("CFG_C:\t\t%02x\n", preConfig->CFG_C); printf("CFG_D:\t\t%02x\n", preConfig->CFG_D); printf("CFG_E:\t\t%02x\n", preConfig->CFG_E); printf("CFG_F:\t\t%02x\n", preConfig->CFG_F); printf("CFG_G:\t\t%02x\n", preConfig->CFG_G); printf("CFG_H:\t\t%02x\n", preConfig->CFG_H); printf("CFG_I:\t\t%02x\n", preConfig->CFG_I); printf("CFG_J:\t\t%02x\n", preConfig->CFG_J); printf("IsValid:\t%02x\n", preConfig->IsValid); printf("IsLocked:\t%02x\n", preConfig->IsLocked); return; } static void printUsage(void) { printf("\n"); printf("ntc2getconfig\n"); printf("\n"); printf("Runs NTC2_GetConfig\n"); printf("\n"); printf("[-verify Verify results against System P default (default no verify)]\n"); printf("[-verifylocked Verify that the preconfig is locked (default verify not locked)]\n"); printf("\n"); exit(1); } ./utils/certifycreation.c0000644000175000017500000003057113075204375013675 0ustar lo1lo1/********************************************************************************/ /* */ /* CertifyCreation */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: certifycreation.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); static void printSignature(CertifyCreation_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; CertifyCreation_In in; CertifyCreation_Out out; TPMI_DH_OBJECT objectHandle = 0; TPMI_DH_OBJECT signHandle = 0; TPMI_ALG_HASH halg = TPM_ALG_SHA256; const char *keyPassword = NULL; const char *signatureFilename = NULL; const char *attestInfoFilename = NULL; const char *qualifyingDataFilename = NULL; const char *ticketFilename = NULL; const char *creationHashFilename = NULL; int useRsa = 1; TPMS_ATTEST tpmsAttest; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (objectHandle == 0) { printf("Missing object handle parameter -ho\n"); printUsage(); } if (signHandle == 0) { printf("Missing sign handle parameter -hk\n"); printUsage(); } if (ticketFilename == NULL) { printf("Missing ticket parameter -tk\n"); printUsage(); } if (rc == 0) { /* Handle of key that will perform certifying */ in.objectHandle = objectHandle; in.signHandle = signHandle; if (useRsa) { /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ in.inScheme.scheme = TPM_ALG_RSASSA; /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ in.inScheme.details.rsassa.hashAlg = halg; } else { /* ecc */ in.inScheme.scheme = TPM_ALG_ECDSA; in.inScheme.details.ecdsa.hashAlg = halg; } } /* qualifyingData supplied by the caller */ if (rc == 0) { if (qualifyingDataFilename != NULL) { rc = TSS_File_Read2B(&in.qualifyingData.b, sizeof(TPMT_HA), qualifyingDataFilename); } else { in.qualifyingData.t.size = 0; } } /* creationTicket */ if (rc == 0) { rc = TSS_File_ReadStructure(&in.creationTicket, (UnmarshalFunction_t)TPMT_TK_CREATION_Unmarshal, ticketFilename); } /* creationHash */ unsigned char *buffer = NULL; size_t length; if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer , /* freed @1 */ &length, creationHashFilename); } if (rc == 0) { if (length > sizeof(TPMU_HA)) { printf("Size of creationHash %lu greater than hash size %lu\n", (unsigned long)length, (unsigned long)sizeof(TPMU_HA)); rc = 1; } } if (rc == 0) { in.creationHash.t.size = length; memcpy(in.creationHash.t.buffer, buffer, length); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_CertifyCreation, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { uint8_t *tmpBuffer = out.certifyInfo.t.attestationData; int32_t tmpSize = out.certifyInfo.t.size; rc = TPMS_ATTEST_Unmarshal(&tpmsAttest, &tmpBuffer, &tmpSize); } if (rc == 0) { int match; match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); if (!match) { printf("certifycreation: failed, extraData != qualifyingData\n"); rc = EXIT_FAILURE; } } if (rc == 0) { int match; match = TSS_TPM2B_Compare(&in.creationHash.b, &tpmsAttest.attested.creation.creationHash.b); if (!match) { printf("certifycreation: failed, in creationHash != out creationHash\n"); rc = EXIT_FAILURE; } } if (rc == 0) { if (verbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } if ((rc == 0) && (attestInfoFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.certifyInfo.t.attestationData, out.certifyInfo.t.size, attestInfoFilename); } if (rc == 0) { if (verbose) printSignature(&out); if (verbose) printf("certifycreation: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("certifycreation: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } free(buffer); /* @1 */ return rc; } static void printSignature(CertifyCreation_Out *out) { TSS_PrintAll("Signature", out->signature.signature.rsassa.sig.t.buffer, out->signature.signature.rsassa.sig.t.size); } static void printUsage(void) { printf("\n"); printf("certify\n"); printf("\n"); printf("Runs TPM2_CertifyCreation\n"); printf("\n"); printf("\t-ho object handle\n"); printf("\t-hk certifying key handle\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-salg signature algorithm (rsa, ecc) (default rsa)]\n"); printf("\t[-qd qualifying data file name]\n"); printf("\t-tk input ticket file name\n"); printf("\t-ch input creation hash file name\n"); printf("\t[-os signature file name] (default do not save)\n"); printf("\t[-oa attestation output file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/makefile.min0000644000175000017500000001301413125534557012616 0ustar lo1lo1################################################################################# # # # Linux TPM2 Utilities Makefile for minimal TSS # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile.min 1034 2017-06-30 20:49:51Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # makefile to build a TSS library that does not require file read/write or crypto # within the library # # See the documentation for limitations. # C compiler CC = /usr/bin/gcc # compile - common flags for TSS library and applications CCFLAGS += \ -DTPM_POSIX \ -DTPM_TSS_NOFILE \ -DTPM_TSS_NOCRYPTO # -DTPM_NOSOCKET # compile - for TSS library CCLFLAGS += -I. -DTPM_TSS # compile - for applications CCAFLAGS += -I. # link - common flags flags TSS library and applications LNFLAGS += -DTPM_POSIX \ -L. # link - for TSS library # This is an alternative to using the bfd linker on Ubuntu #LNLFLAGS = -lcrypto # link - for applications, TSS path, TSS and OpenSSl libraries LNAFLAGS += -Wl,-rpath,. LNALIBS += -ltssmin -lcrypto # shared library LIBTSS=libtssmin.so # ALL = $(LIBTSS) #TSS_HEADERS = tss2/tssfile.h # default TSS library TSS_OBJS = # common to all builds include makefile-common # default build target all: writeapp signapp # TSS shared library source tss.o: $(TSS_HEADERS) tss.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tss.c tssproperties.o: $(TSS_HEADERS) tssproperties.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssproperties.c tssauth.o: $(TSS_HEADERS) tssauth.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssauth.c tssmarshal.o: $(TSS_HEADERS) tssmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssmarshal.c tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscryptoh.c tsscrypto.o: $(TSS_HEADERS) tsscrypto.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsscrypto.c tssutils.o: $(TSS_HEADERS) tssutils.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssutils.c tsssocket.o: $(TSS_HEADERS) tsssocket.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsssocket.c tssdev.o: $(TSS_HEADERS) tssdev.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssdev.c tsstransmit.o: $(TSS_HEADERS) tsstransmit.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tsstransmit.c tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssresponsecode.c tssccattributes.o: $(TSS_HEADERS) tssccattributes.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssccattributes.c fail.o: $(TSS_HEADERS) fail.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC fail.c tssprint.o: $(TSS_HEADERS) tssprint.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssprint.c Unmarshal.o: $(TSS_HEADERS) Unmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Unmarshal.c Commands.o: $(TSS_HEADERS) Commands.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC Commands.c CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC CommandAttributeData.c ntc2lib.o: $(TSS_HEADERS) ntc2lib.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC ntc2lib.c tssntc.o: $(TSS_HEADERS) tssntc.c $(CC) $(CCFLAGS) $(CCLFLAGS) -fPIC tssntc.c # TSS shared library build $(LIBTSS): $(TSS_OBJS) $(CC) $(LNFLAGS) $(LNLFLAGS) -shared -o $(LIBTSS) $(TSS_OBJS) .PHONY: clean .PRECIOUS: %.o clean: rm -f $(TSS_OBJS) \ ekutils.o cryptoutils.o \ $(ALL) # applications signapp: tss2/tss.h signapp.o ekutils.o cryptoutils.o tsscryptoh.o tsscrypto.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o \ ekutils.o cryptoutils.o tsscryptoh.o tsscrypto.o $(LNALIBS) -o signapp writeapp: tss2/tss.h writeapp.o ekutils.o cryptoutils.o tsscryptoh.o tsscrypto.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o \ cryptoutils.o ekutils.o tsscryptoh.o tsscrypto.o $(LNALIBS) -o writeapp # for applications, not for TSS library %.o: %.c tss2/tss.h $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ ./utils/tssauth.h0000644000175000017500000001003512757135641012201 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Authorization */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssauth.h 730 2016-08-23 21:09:53Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This is not a public header. It should not be used by applications. */ #ifndef TSS_AUTH_H #define TSS_AUTH_H #include #include "Commands_fp.h" #include typedef struct TSS_AUTH_CONTEXT TSS_AUTH_CONTEXT; TPM_RC TSS_AuthCreate(TSS_AUTH_CONTEXT **tssAuthContext); void TSS_InitAuthContext(TSS_AUTH_CONTEXT *tssAuthContext); TPM_RC TSS_AuthDelete(TSS_AUTH_CONTEXT *tssAuthContext); TPM_RC TSS_Marshal(TSS_AUTH_CONTEXT *tssAuthContext, COMMAND_PARAMETERS *in, TPM_CC commandCode); TPM_RC TSS_Unmarshal(TSS_AUTH_CONTEXT *tssAuthContext, RESPONSE_PARAMETERS *out); TPM_RC TSS_SetCmdAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...); TPM_RC TSS_GetRspAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...); TPM_CC TSS_GetCommandCode(TSS_AUTH_CONTEXT *tssAuthContext); TPM_RC TSS_GetCpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *cpBufferSize, uint8_t **cpBuffer); TPM_RC TSS_GetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *decryptParamSize, uint8_t **decryptParamBuffer); TPM_RC TSS_SetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t encryptParamSize, uint8_t *encryptParamBuffer); TPM_RC TSS_GetCommandHandleCount(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *commandHandleCount); AUTH_ROLE TSS_GetAuthRole(TSS_AUTH_CONTEXT *tssAuthContext, UINT32 handleIndex); TPM_RC TSS_GetCommandHandle(TSS_AUTH_CONTEXT *tssAuthContext, TPM_HANDLE *commandHandle, uint32_t index); TPM_RC TSS_GetRpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *rpBufferSize, uint8_t **rpBuffer); TPM_RC TSS_GetResponseEncryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *encryptParamSize, uint8_t **encryptParamBuffer); TPM_RC TSS_SetResponseDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t decryptParamSize, uint8_t *decryptParamBuffer); TPM_RC TSS_AuthExecute(TSS_CONTEXT *tssContext); #endif ./utils/policyauthorize.c0000644000175000017500000001570013075204375013732 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyAuthorize */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policyauthorize.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyAuthorize_In in; TPMI_SH_POLICY policySession = 0; const char *approvedPolicyFilename = NULL; const char *policyRefFilename = NULL; const char *signingKeyNameFilename = NULL; const char *ticketFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; TPMI_SH_POLICY policySession = 0; TPM_CC commandCode = 0; PolicyCommandCode_In in; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #ifndef COMMANDATTRIBUTES_H #define COMMANDATTRIBUTES_H /* kgold stub until next version of the spec */ /* FIXME guess - kgold */ #define IS_IMPLEMENTED 0x0001 #define HANDLE_1_USER 0x0002 #define HANDLE_1_ADMIN 0x0004 #define HANDLE_1_DUP 0x0008 #define HANDLE_2_USER 0x0010 #define PP_COMMAND 0x0020 #define PP_REQUIRED 0x0040 #define ALLOW_TRIAL 0x0080 #define NO_SESSIONS 0x0100 #define DECRYPT_2 0x0200 #define DECRYPT_4 0x0400 #define ENCRYPT_2 0x0800 #define ENCRYPT_4 0x1000 #define R_HANDLE 0x2000 typedef UINT32 COMMAND_ATTRIBUTES; #ifndef TPM_TSS extern const TPM_CC ccAttr []; #else typedef union { struct { uint32_t commandCode; uint8_t reserved1; uint8_t nv; uint8_t extensive; uint8_t flushed; uint8_t cHandles; uint8_t rHandle; uint8_t V; uint8_t reserved2; }; /* must be a union so the below 'bitfield' structure intiializer works */ uint8_t dummy; } TPMA_CC_TSS; extern const TPMA_CC_TSS s_ccAttr []; #endif extern const COMMAND_ATTRIBUTES s_commandAttributes []; #endif ./utils/policygetdigest.c0000644000175000017500000001152713075204375013702 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyGetDigest */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policygetdigest.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyGetDigest_In in; PolicyGetDigest_Out out; TPMI_SH_POLICY policySession = 0; const char *digestFilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; EC_Ephemeral_In in; EC_Ephemeral_Out out; TPMI_ECC_CURVE curveID = TPM_ECC_NONE; const char *QFilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_ReadLock_In in; char hierarchyAuthChar = 0; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } /* Authorization handle */ if (rc == 0) { if (hierarchyAuthChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyAuthChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else if (hierarchyAuthChar == 0) { in.authHandle = nvIndex; } else { printf("\n"); printUsage(); } } if (rc == 0) { in.nvIndex = nvIndex; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_ReadLock, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvreadlock: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvreadlock: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvreadlock\n"); printf("\n"); printf("Runs TPM2_NV_ReadLock\n"); printf("\n"); printf("\t[-hia hierarchy authorization (o, p)(default index authorization)]\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdn password for NV index (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/stirrandom.c0000644000175000017500000001124613055132457012662 0ustar lo1lo1/********************************************************************************/ /* */ /* StirRandom */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: stirrandom.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; StirRandom_In in; const char *inputFilename = NULL; uint8_t *buffer = NULL; /* for the free */ size_t length = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i MAX_SYM_DATA) { printf("Input data too long %u\n", (uint32_t)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { in.inData.t.size = length; memcpy(in.inData.t.buffer, buffer, length); } free(buffer); buffer = NULL; /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_StirRandom, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("stirrandom: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("stirrandom: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("stirrandom\n"); printf("\n"); printf("Runs TPM2_StirRandom\n"); printf("\n"); printf("\t-if input file name\n"); exit(1); } ./utils/shutdown.c0000644000175000017500000001004313075204375012346 0ustar lo1lo1/********************************************************************************/ /* */ /* Shutdown */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: shutdown.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include static void printUsage(void); TPM_RC shutdownCommand(TPM_SU shutdownType); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Shutdown_In in; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); in.shutdownType = TPM_SU_CLEAR; /* default */ /* command line argument defaults */ for (i=1 ; (i openssl x509 -inform der -outform pem -in certificate.der -out certificate.pem This is a one time operation. */ #include #include #include #include #include #include #include #include #include #include #include "ekutils.h" /* local function prototypes */ static void printUsage(void); /* possible utility commands */ #define EKTemplateType 1 #define EKNonceType 2 #define EKCertType 3 #define CreateprimaryType 4 #define AlgRSA 1 #define AlgEC 2 int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ unsigned int ui; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; int inputType = 0; const char *listFilename = NULL; unsigned int inputCount = 0; unsigned int algType = 0; TPMI_RH_NV_INDEX ekCertIndex; TPMI_RH_NV_INDEX ekNonceIndex; TPMI_RH_NV_INDEX ekTemplateIndex; TPMT_PUBLIC tpmtPublic; char *rootFilename[MAX_ROOTS]; unsigned int rootFileCount = 0; unsigned char *nonce = NULL; /* freed @1 */ uint16_t nonceSize; X509 *ekCertificate = NULL; uint8_t *modulusBin = NULL; int modulusBytes; unsigned int noFlush = 0; /* default flush after validation */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* for free */ for (i = 0 ; i < MAX_ROOTS ; i++) { rootFilename[i] = NULL; } /* command line argument defaults */ for (i=1 ; (i 1) { printf("Only one of -te, -no, -ce can be specified\n"); printUsage(); } if ((inputCount == 0) && (listFilename == NULL)) { printf("Nothing to do\n"); printUsage(); } if (algType == 0) { printf("-alg must be specified\n"); printUsage(); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } if (rc == 0) { TPM_HANDLE keyHandle; /* primary key handle */ switch (inputType) { case EKTemplateType: rc = processEKTemplate(tssContext, &tpmtPublic, ekTemplateIndex, TRUE); break; case EKNonceType: rc = processEKNonce(tssContext, &nonce, &nonceSize, ekNonceIndex, TRUE); break; case EKCertType: rc = processEKCertificate(tssContext, &ekCertificate, /* freed @2 */ &modulusBin, &modulusBytes, /* freed @3 */ ekCertIndex, TRUE); break; case CreateprimaryType: rc = processPrimary(tssContext, &keyHandle, ekCertIndex, ekNonceIndex, ekTemplateIndex, noFlush, TRUE); break; } } if (listFilename != NULL) { if (rc == 0) { rc = getRootCertificateFilenames(rootFilename, /* freed @4 */ &rootFileCount, listFilename, verbose); } if (rc == 0) { rc = processRoot(tssContext, ekCertIndex, (const char **)rootFilename, rootFileCount, TRUE); } } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } free(nonce); /* @1 */ if (ekCertificate != NULL) { X509_free(ekCertificate); /* @2 */ } free(modulusBin); /* @3 */ for (ui = 0 ; ui < rootFileCount ; ui++) { free(rootFilename[ui]); /* @4 */ } return rc; } static void printUsage(void) { printf("\n"); printf("createek\n"); printf("\n"); printf("Parses and prints the various EK NV indexes specified by the IWG\n"); printf("Creates a primary key based on the EK NV indexes\n"); printf("\n"); printf("-te print EK Template \n"); printf("-no print EK nonce \n"); printf("-ce print EK certificate \n"); printf("-cp CreatePrimary using the EK template and EK nonce\n"); printf("\t[-noflush Do not flush the primary key after validation\n"); printf("[-root filename validate EK certificates against the root)]\n"); printf("\tfilename contains a list of PEM certificate filenames, one per line\n"); printf("\tthe list may contain up to %u certificates\n", MAX_ROOTS); printf("-alg (rsa or ec) \n"); exit(1); } ./utils/tssdev.c0000644000175000017500000001607613120267401012005 0ustar lo1lo1/********************************************************************************/ /* */ /* Linux Device Transmit and Receive Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssdev.c 1023 2017-06-14 17:14:41Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifdef TPM_POSIX #include #include #include #include #include #include #include #include #include #include #include #include #include #include "tssproperties.h" #include "tssdev.h" /* local prototypes */ static uint32_t TSS_Dev_Open(TSS_CONTEXT *tssContext); static uint32_t TSS_Dev_SendCommand(int dev_fd, const uint8_t *buffer, uint16_t length, const char *message); static uint32_t TSS_Dev_ReceiveCommand(int dev_fd, uint8_t *buffer, uint32_t *length); /* global configuration */ extern int tssVverbose; extern int tssVerbose; /* TSS_Dev_Transmit() transmits the command and receives the response. Can return device transmit and receive packet errors, but normally returns the TPM response code. */ TPM_RC TSS_Dev_Transmit(TSS_CONTEXT *tssContext, uint8_t *responseBuffer, uint32_t *read, const uint8_t *commandBuffer, uint32_t written, const char *message) { TPM_RC rc = 0; /* open on first transmit */ if (tssContext->tssFirstTransmit) { if (rc == 0) { rc = TSS_Dev_Open(tssContext); } if (rc == 0) { tssContext->tssFirstTransmit = FALSE; } } /* send the command to the device. Error if the device send fails. */ if (rc == 0) { rc = TSS_Dev_SendCommand(tssContext->dev_fd, commandBuffer, written, message); } /* receive the response from the dev_fd. Returns dev_fd errors, malformed response errors. Else returns the TPM response code. */ if (rc == 0) { rc = TSS_Dev_ReceiveCommand(tssContext->dev_fd, responseBuffer, read); } return rc; } /* TSS_Dev_Open() opens the TPM device (through the device driver) */ static uint32_t TSS_Dev_Open(TSS_CONTEXT *tssContext) { uint32_t rc = 0; if (rc == 0) { if (tssVverbose) printf("TSS_Dev_Open: Opening %s\n", tssContext->tssDevice); tssContext->dev_fd = open(tssContext->tssDevice, O_RDWR); if (tssContext->dev_fd <= 0) { if (tssVerbose) printf("TSS_Dev_Open: Error opening %s\n", tssContext->tssDevice); rc = TSS_RC_NO_CONNECTION; } } if (rc == 0) { fcntl(tssContext->dev_fd, O_RDONLY | O_NONBLOCK); } return rc; } /* TSS_Dev_SendCommand() sends the TPM command buffer to the device. Returns an error if the device write fails. */ static uint32_t TSS_Dev_SendCommand(int dev_fd, const uint8_t *buffer, uint16_t length, const char *message) { uint32_t rc = 0; int irc; if (message != NULL) { if (tssVverbose) printf("TSS_Dev_SendCommand: %s\n", message); } if ((rc == 0) && tssVverbose) { TSS_PrintAll("TSS_Dev_SendCommand", buffer, length); } if (rc == 0) { irc = write(dev_fd, buffer, length); if (irc < 0) { if (tssVerbose) printf("TSS_Dev_SendCommand: write error %d %s\n", errno, strerror(errno)); rc = TSS_RC_BAD_CONNECTION; } } return rc; } /* TSS_Dev_ReceiveCommand() reads a response buffer from the device. Returns TPM packet error code. Validates that the packet length and the packet responseSize match */ static uint32_t TSS_Dev_ReceiveCommand(int dev_fd, uint8_t *buffer, uint32_t *length) { uint32_t rc = 0; int irc; uint32_t responseSize = 0; uint32_t responseCode = 0; if (tssVverbose) printf("TSS_Dev_ReceiveCommand:\n"); /* read the TPM device */ if (rc == 0) { irc = read(dev_fd, buffer, MAX_RESPONSE_SIZE); if (irc <= 0) { rc = TSS_RC_BAD_CONNECTION; if (irc < 0) { if (tssVerbose) printf("TSS_Dev_ReceiveCommand: read error %d %s\n", errno, strerror(errno)); } } } if ((rc == 0) && tssVverbose) { TSS_PrintAll("TSS_Dev_ReceiveCommand", buffer, irc); } /* verify that there is at least a tag, responseSize, and responseCode */ if (rc == 0) { if ((unsigned int)irc < (sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(uint32_t))) { if (tssVerbose) printf("TSS_Dev_ReceiveCommand: read bytes %u < header\n", irc); rc = TSS_RC_MALFORMED_RESPONSE; } } /* get responseSize from the packet */ if (rc == 0) { responseSize = ntohl(*(uint32_t *)(buffer + sizeof(TPM_ST))); /* sanity check against the length actually received, the return code */ if ((uint32_t)irc != responseSize) { if (tssVerbose) printf("TSS_Dev_ReceiveCommand: read bytes %u != responseSize %u\n", (uint32_t)irc, responseSize); rc = TSS_RC_BAD_CONNECTION; } } /* read the TPM return code from the packet */ if (rc == 0) { responseCode = ntohl(*(uint32_t *)(buffer + sizeof(TPM_ST)+ sizeof(uint32_t))); } if (rc == 0) { rc = responseCode; } *length = responseSize; if (tssVverbose) printf("TSS_Dev_ReceiveCommand: rc %08x\n", rc); return rc; } TPM_RC TSS_Dev_Close(TSS_CONTEXT *tssContext) { if (tssVverbose) printf("TSS_Dev_Close: Closing %s\n", tssContext->tssDevice); close(tssContext->dev_fd); return 0; } #endif /* TPM_POSIX */ ./utils/hash.c0000644000175000017500000001777313075204375011437 0ustar lo1lo1/********************************************************************************/ /* */ /* Hash */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: hash.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); static void printHash(Hash_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Hash_In in; Hash_Out out; char hierarchyChar = 'n'; TPMI_RH_HIERARCHY hierarchy = TPM_RH_NULL; TPMI_ALG_HASH halg = TPM_ALG_SHA256; const char *inFilename = NULL; const char *inString = NULL; const char *hashFilename = NULL; const char *ticketFilename = NULL; size_t length = 0; uint8_t *buffer = NULL; /* for the free */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i MAX_DIGEST_BUFFER) { printf("Input data too long %lu\n", (unsigned long)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { /* data to be hashed */ in.data.t.size = length; memcpy(in.data.t.buffer, buffer, length); } } if (inString != NULL) { if (rc == 0) { length = strlen(inString); if (length > MAX_DIGEST_BUFFER) { printf("Input data too long %lu\n", (unsigned long)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { /* data to be hashed */ in.data.t.size = length; memcpy(in.data.t.buffer, inString, length); } } if (rc == 0) { in.hashAlg = halg; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Hash, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (hashFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.outHash.t.buffer, out.outHash.t.size, hashFilename); } if ((rc == 0) && (ticketFilename != NULL)) { rc = TSS_File_WriteStructure(&out.validation, (MarshalFunction_t)TSS_TPMT_TK_HASHCHECK_Marshal, ticketFilename); } free(buffer); if (rc == 0) { if (verbose) printHash(&out); if (verbose) printf("hash: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("hash: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printHash(Hash_Out *out) { TSS_PrintAll("Hash", out->outHash.t.buffer, out->outHash.t.size); } static void printUsage(void) { printf("\n"); printf("hash\n"); printf("\n"); printf("Runs TPM2_Hash\n"); printf("\n"); printf("\t-hi hierarchy (e, o, p, n) (default null)\n"); printf("\t\te endorsement, o owner, p platform, n null\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t-if input file to be hashed\n"); printf("\t-ic data string to be hashed\n"); printf("\t[-oh hash file name (default do not save)]\n"); printf("\t[-tk ticket file name (default do not save)]\n"); exit(1); } ./utils/policyauthorizenv.c0000644000175000017500000001715113075204375014300 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyAuthorizeNV */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policyauthorizenv.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyAuthorizeNV_In in; char hierarchyChar = 0; const char *authPassword = NULL; /* default no password */ TPMI_RH_NV_INDEX nvIndex = 0; TPMI_SH_POLICY policySession = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (nvIndex == 0) { printf("Missing NV index handle parameter -ha\n"); printUsage(); } if (policySession == 0) { printf("Missing policy session handle parameter -hs\n"); printUsage(); } if (rc == 0) { if (hierarchyChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else if (hierarchyChar == 0) { in.authHandle = nvIndex; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { in.nvIndex = nvIndex; in.policySession = policySession; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyAuthorizeNV, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policyauthorizenv: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policyauthorizenv: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policyauthorizenv\n"); printf("\n"); printf("Runs TPM2_PolicyAuthorizeNV\n"); printf("\n"); printf("\t[-hi hierarchy authHandle (o, p)]\n"); printf("\t\tdefault NV index\n"); printf("\t-ha NV index handle\n"); printf("\t[-pwda password for authorization (default empty)]\n"); printf("\t-hs policy session handle\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/Commands.c0000644000175000017500000016610413013164340012233 0ustar lo1lo1/********************************************************************************/ /* */ /* */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Commands.c 815 2016-11-16 23:16:48Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #include "Commands_fp.h" #include #include COMMAND_PARAMETERS in; RESPONSE_PARAMETERS out; /* In_Unmarshal - shared by TPM and TSS */ TPM_RC Startup_In_Unmarshal(Startup_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPM_SU_Unmarshal(&target->startupType, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Startup_startupType; } } return rc; } TPM_RC Shutdown_In_Unmarshal(Shutdown_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPM_SU_Unmarshal(&target->shutdownType, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Shutdown_shutdownType; } } return rc; } TPM_RC SelfTest_In_Unmarshal(SelfTest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->fullTest, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_SelfTest_fullTest; } } return rc; } TPM_RC IncrementalSelfTest_In_Unmarshal(IncrementalSelfTest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPML_ALG_Unmarshal(&target->toTest, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_IncrementalSelfTest_toTest; } } return rc; } TPM_RC StartAuthSession_In_Unmarshal(StartAuthSession_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->tpmKey = handles[0]; target->bind = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->nonceCaller, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_StartAuthSession_nonceCaller; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ENCRYPTED_SECRET_Unmarshal(&target->encryptedSalt, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_StartAuthSession_encryptedSalt; } } if (rc == TPM_RC_SUCCESS) { rc = TPM_SE_Unmarshal(&target->sessionType, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_StartAuthSession_sessionType; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SYM_DEF_Unmarshal(&target->symmetric, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_StartAuthSession_symmetric; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->authHash, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_StartAuthSession_authHash; } } return rc; } TPM_RC PolicyRestart_In_Unmarshal(PolicyRestart_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->sessionHandle = handles[0]; } return rc; } TPM_RC Create_In_Unmarshal(Create_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->parentHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_CREATE_Unmarshal(&target->inSensitive, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Create_inSensitive; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->inPublic, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_Create_inPublic; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->outsideInfo, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Create_outsideInfo; } } if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->creationPCR, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Create_creationPCR; } } return rc; } TPM_RC Load_In_Unmarshal(Load_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->parentHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->inPrivate, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Load_inPrivate; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->inPublic, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_Load_inPublic; } } return rc; } TPM_RC LoadExternal_In_Unmarshal(LoadExternal_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_Unmarshal(&target->inPrivate, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_LoadExternal_inPrivate; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->inPublic, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_LoadExternal_inPublic; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_LoadExternal_hierarchy; } } return rc; } TPM_RC ReadPublic_In_Unmarshal(ReadPublic_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->objectHandle = handles[0]; } return rc; } TPM_RC ActivateCredential_In_Unmarshal(ActivateCredential_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->activateHandle = handles[0]; target->keyHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ID_OBJECT_Unmarshal(&target->credentialBlob, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ActivateCredential_credentialBlob; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ENCRYPTED_SECRET_Unmarshal(&target->secret, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ActivateCredential_secret; } } return rc; } TPM_RC MakeCredential_In_Unmarshal(MakeCredential_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->handle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->credential, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_MakeCredential_credential; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->objectName, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_MakeCredential_objectName; } } return rc; } TPM_RC Unseal_In_Unmarshal(Unseal_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->itemHandle = handles[0]; } return rc; } TPM_RC ObjectChangeAuth_In_Unmarshal(ObjectChangeAuth_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->objectHandle = handles[0]; target->parentHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->newAuth, buffer, size); } return rc; } TPM_RC CreateLoaded_In_Unmarshal(CreateLoaded_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->parentHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_CREATE_Unmarshal(&target->inSensitive, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Create_inSensitive; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_TEMPLATE_Unmarshal(&target->inPublic, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_CreateLoaded_inPublic; } } return rc; } TPM_RC Duplicate_In_Unmarshal(Duplicate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->objectHandle = handles[0]; target->newParentHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->encryptionKeyIn, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Duplicate_encryptionKeyIn; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SYM_DEF_OBJECT_Unmarshal(&target->symmetricAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_Duplicate_symmetricAlg; } } return rc; } TPM_RC Rewrap_In_Unmarshal(Rewrap_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->oldParent = handles[0]; target->newParent = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->inDuplicate, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Rewrap_inDuplicate; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->name, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Rewrap_name; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ENCRYPTED_SECRET_Unmarshal(&target->inSymSeed, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Rewrap_inSymSeed; } } return rc; } TPM_RC Import_In_Unmarshal(Import_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->parentHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->encryptionKey, buffer, size); } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->objectPublic, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_Import_objectPublic; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PRIVATE_Unmarshal(&target->duplicate, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Import_duplicate; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ENCRYPTED_SECRET_Unmarshal(&target->inSymSeed, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Import_inSymSeed; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SYM_DEF_OBJECT_Unmarshal(&target->symmetricAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_Import_symmetricAlg; } } return rc; } TPM_RC RSA_Encrypt_In_Unmarshal(RSA_Encrypt_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&target->message, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_RSA_Encrypt_message; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_RSA_DECRYPT_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_RSA_Encrypt_inScheme; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->label, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_RSA_Encrypt_label; } } return rc; } TPM_RC RSA_Decrypt_In_Unmarshal(RSA_Decrypt_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_KEY_RSA_Unmarshal(&target->cipherText, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_RSA_Decrypt_cipherText; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_RSA_DECRYPT_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_RSA_Decrypt_inScheme; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->label, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_RSA_Decrypt_label; } } return rc; } TPM_RC ECDH_KeyGen_In_Unmarshal(ECDH_KeyGen_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } return rc; } TPM_RC ECDH_ZGen_In_Unmarshal(ECDH_ZGen_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->inPoint, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ECDH_ZGen_inPoint; } } return rc; } TPM_RC ECC_Parameters_In_Unmarshal(ECC_Parameters_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ECC_CURVE_Unmarshal(&target->curveID, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ECC_Parameters_curveID; } } return rc; } TPM_RC ZGen_2Phase_In_Unmarshal(ZGen_2Phase_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyA = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->inQsB, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ZGen_2Phase_inQsB; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->inQeB, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ZGen_2Phase_inQeB; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ECC_KEY_EXCHANGE_Unmarshal(&target->inScheme, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_ZGen_2Phase_inScheme; } } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->counter, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ZGen_2Phase_counter; } } return rc; } TPM_RC EncryptDecrypt_In_Unmarshal(EncryptDecrypt_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->decrypt, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt_decrypt; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_SYM_MODE_Unmarshal(&target->mode, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt_mode; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_IV_Unmarshal(&target->ivIn, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt_ivIn; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->inData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt_inData; } } return rc; } TPM_RC EncryptDecrypt2_In_Unmarshal(EncryptDecrypt2_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->inData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt2_inData; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->decrypt, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt2_decrypt; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_SYM_MODE_Unmarshal(&target->mode, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt2_mode; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_IV_Unmarshal(&target->ivIn, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EncryptDecrypt2_ivIn; } } return rc; } TPM_RC Hash_In_Unmarshal(Hash_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->data, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Hash_data; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_Hash_hashAlg; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_Hash_hierarchy; } } return rc; } TPM_RC HMAC_In_Unmarshal(HMAC_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->handle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->buffer, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_HMAC_buffer; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_HMAC_hashAlg; } } return rc; } TPM_RC GetRandom_In_Unmarshal(GetRandom_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->bytesRequested, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_GetRandom_bytesRequested; } } return rc; } TPM_RC StirRandom_In_Unmarshal(StirRandom_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_DATA_Unmarshal(&target->inData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_StirRandom_inData; } } return rc; } TPM_RC HMAC_Start_In_Unmarshal(HMAC_Start_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->handle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->auth, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_HMAC_Start_auth; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_HMAC_Start_hashAlg; } } return rc; } TPM_RC HashSequenceStart_In_Unmarshal(HashSequenceStart_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->auth, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_HashSequenceStart_auth; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_HashSequenceStart_hashAlg; } } return rc; } TPM_RC SequenceUpdate_In_Unmarshal(SequenceUpdate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->sequenceHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->buffer, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_SequenceUpdate_buffer; } } return rc; } TPM_RC SequenceComplete_In_Unmarshal(SequenceComplete_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->sequenceHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->buffer, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_SequenceComplete_buffer; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_HIERARCHY_Unmarshal(&target->hierarchy, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_SequenceComplete_hierarchy; } } return rc; } TPM_RC EventSequenceComplete_In_Unmarshal(EventSequenceComplete_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->pcrHandle = handles[0]; target->sequenceHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_BUFFER_Unmarshal(&target->buffer, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EventSequenceComplete_buffer; } } return rc; } TPM_RC Certify_In_Unmarshal(Certify_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->objectHandle = handles[0]; target->signHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->qualifyingData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Certify_qualifyingData; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_Certify_inScheme; } } return rc; } TPM_RC CertifyCreation_In_Unmarshal(CertifyCreation_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->signHandle = handles[0]; target->objectHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->qualifyingData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_CertifyCreation_creationHash; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->creationHash, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_CertifyCreation_creationHash; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_CertifyCreation_inScheme; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_CREATION_Unmarshal(&target->creationTicket, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_CertifyCreation_creationTicket; } } return rc; } TPM_RC Quote_In_Unmarshal(Quote_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->signHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->qualifyingData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Quote_qualifyingData; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_Quote_inScheme; } } if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->PCRselect, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Quote_PCRselect; } } return rc; } TPM_RC GetSessionAuditDigest_In_Unmarshal(GetSessionAuditDigest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->privacyAdminHandle = handles[0]; target->signHandle = handles[1]; target->sessionHandle = handles[2]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->qualifyingData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_GetSessionAuditDigest_qualifyingData; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_GetSessionAuditDigest_inScheme; } } return rc; } TPM_RC GetCommandAuditDigest_In_Unmarshal(GetCommandAuditDigest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->privacyHandle = handles[0]; target->signHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->qualifyingData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_GetCommandAuditDigest_qualifyingData; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_GetCommandAuditDigest_inScheme; } } return rc; } TPM_RC GetTime_In_Unmarshal(GetTime_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->privacyAdminHandle = handles[0]; target->signHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->qualifyingData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_GetTime_qualifyingData; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_GetTime_inScheme; } } return rc; } TPM_RC Commit_In_Unmarshal(Commit_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->signHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_POINT_Unmarshal(&target->P1, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Commit_P1; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_DATA_Unmarshal(&target->s2, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Commit_s2; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_ECC_PARAMETER_Unmarshal(&target->y2, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Commit_y2; } } return rc; } TPM_RC EC_Ephemeral_In_Unmarshal(EC_Ephemeral_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPMI_ECC_CURVE_Unmarshal(&target->curveID, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EC_Ephemeral_curveID; } } return rc; } TPM_RC VerifySignature_In_Unmarshal(VerifySignature_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->digest, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_VerifySignature_digest; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->signature, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_VerifySignature_signature; } } return rc; } TPM_RC Sign_In_Unmarshal(Sign_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->keyHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->digest, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Sign_digest; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_Sign_inScheme; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_HASHCHECK_Unmarshal(&target->validation, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_Sign_validation; } } return rc; } TPM_RC SetCommandCodeAuditStatus_In_Unmarshal(SetCommandCodeAuditStatus_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->auth = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->auditAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_SetCommandCodeAuditStatus_auditAlg; } } if (rc == TPM_RC_SUCCESS) { rc = TPML_CC_Unmarshal(&target->setList, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_SetCommandCodeAuditStatus_setList; } } if (rc == TPM_RC_SUCCESS) { rc = TPML_CC_Unmarshal(&target->clearList, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_SetCommandCodeAuditStatus_clearList; } } return rc; } TPM_RC PCR_Extend_In_Unmarshal(PCR_Extend_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->pcrHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPML_DIGEST_VALUES_Unmarshal(&target->digests, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_Extend_digests; } } return rc; } TPM_RC PCR_Event_In_Unmarshal(PCR_Event_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->pcrHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_EVENT_Unmarshal(&target->eventData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_Event_eventData; } } return rc; } TPM_RC PCR_Read_In_Unmarshal(PCR_Read_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->pcrSelectionIn, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_Read_pcrSelectionIn; } } return rc; } TPM_RC PCR_Allocate_In_Unmarshal(PCR_Allocate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->pcrAllocation, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_Allocate_pcrAllocation; } } return rc; } TPM_RC PCR_SetAuthPolicy_In_Unmarshal(PCR_SetAuthPolicy_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->authPolicy, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_SetAuthPolicy_authPolicy; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_SetAuthPolicy_hashAlg; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_DH_PCR_Unmarshal(&target->pcrNum, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_SetAuthPolicy_pcrNum; } } return rc; } TPM_RC PCR_SetAuthValue_In_Unmarshal(PCR_SetAuthValue_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->pcrHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->auth, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PCR_SetAuthValue_auth; } } return rc; } TPM_RC PCR_Reset_In_Unmarshal(PCR_Reset_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->pcrHandle = handles[0]; } return rc; } TPM_RC PolicySigned_In_Unmarshal(PolicySigned_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authObject = handles[0]; target->policySession = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->nonceTPM, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySigned_nonceTPM; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->cpHashA, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySigned_cpHashA; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->policyRef, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySigned_policyRef; } } if (rc == TPM_RC_SUCCESS) { rc = INT32_Unmarshal(&target->expiration, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySigned_expiration; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIGNATURE_Unmarshal(&target->auth, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySigned_auth; } } return rc; } TPM_RC PolicySecret_In_Unmarshal(PolicySecret_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->policySession = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->nonceTPM, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySecret_nonceTPM; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->cpHashA, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySecret_cpHashA; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->policyRef, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySecret_policyRef; } } if (rc == TPM_RC_SUCCESS) { rc = INT32_Unmarshal(&target->expiration, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicySecret_expiration; } } return rc; } TPM_RC PolicyTicket_In_Unmarshal(PolicyTicket_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_TIMEOUT_Unmarshal(&target->timeout, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyTicket_timeout; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->cpHashA, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyTicket_cpHashA; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->policyRef, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyTicket_policyRef; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->authName, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyTicket_authName; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_AUTH_Unmarshal(&target->ticket, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyTicket_ticket; } } return rc; } TPM_RC PolicyOR_In_Unmarshal(PolicyOR_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { /* Policy OR requires at least two OR terms */ rc = TPML_DIGEST_Unmarshal(&target->pHashList, buffer, size, 2); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyOR_pHashList; } } return rc; } TPM_RC PolicyPCR_In_Unmarshal(PolicyPCR_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->pcrDigest, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyPCR_pcrDigest; } } if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->pcrs, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyPCR_pcrs; } } return rc; } TPM_RC PolicyLocality_In_Unmarshal(PolicyLocality_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPMA_LOCALITY_Unmarshal(&target->locality, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyLocality_locality; } } return rc; } TPM_RC PolicyNV_In_Unmarshal(PolicyNV_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; target->policySession = handles[2]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_OPERAND_Unmarshal(&target->operandB, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyNV_operandB; } } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->offset, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyNV_offset; } } if (rc == TPM_RC_SUCCESS) { rc = TPM_EO_Unmarshal(&target->operation, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyNV_operation; } } return rc; } TPM_RC PolicyAuthorizeNV_In_Unmarshal(PolicyAuthorizeNV_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; target->policySession = handles[2]; } return rc; } TPM_RC PolicyCounterTimer_In_Unmarshal(PolicyCounterTimer_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_OPERAND_Unmarshal(&target->operandB, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyCounterTimer_operandB; } } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->offset, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyCounterTimer_offset; } } if (rc == TPM_RC_SUCCESS) { rc = TPM_EO_Unmarshal(&target->operation, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyCounterTimer_operation; } } return rc; } TPM_RC PolicyCommandCode_In_Unmarshal(PolicyCommandCode_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM_CC_Unmarshal(&target->code, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyCommandCode_code; } } return rc; } TPM_RC PolicyPhysicalPresence_In_Unmarshal(PolicyPhysicalPresence_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } return rc; } TPM_RC PolicyCpHash_In_Unmarshal(PolicyCpHash_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->cpHashA, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyCpHash_cpHashA; } } return rc; } TPM_RC PolicyNameHash_In_Unmarshal(PolicyNameHash_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->nameHash, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyNameHash_nameHash; } } return rc; } TPM_RC PolicyDuplicationSelect_In_Unmarshal(PolicyDuplicationSelect_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->objectName, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyDuplicationSelect_objectName; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->newParentName, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyDuplicationSelect_newParentName; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->includeObject, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyDuplicationSelect_includeObject; } } return rc; } TPM_RC PolicyAuthorize_In_Unmarshal(PolicyAuthorize_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->approvedPolicy, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyAuthorize_approvedPolicy; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NONCE_Unmarshal(&target->policyRef, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyAuthorize_policyRef; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NAME_Unmarshal(&target->keySign, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyAuthorize_keySign; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_TK_VERIFIED_Unmarshal(&target->checkTicket, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyAuthorize_checkTicket; } } return rc; } TPM_RC PolicyAuthValue_In_Unmarshal(PolicyAuthValue_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } return rc; } TPM_RC PolicyPassword_In_Unmarshal(PolicyPassword_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } return rc; } TPM_RC PolicyGetDigest_In_Unmarshal(PolicyGetDigest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } return rc; } TPM_RC PolicyNvWritten_In_Unmarshal(PolicyNvWritten_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->writtenSet, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyNvWritten_writtenSet; } } return rc; } TPM_RC PolicyTemplate_In_Unmarshal(PolicyTemplate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->policySession = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->templateHash, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PolicyTemplate_templateHash; } } return rc; } TPM_RC CreatePrimary_In_Unmarshal(CreatePrimary_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->primaryHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_SENSITIVE_CREATE_Unmarshal(&target->inSensitive, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_CreatePrimary_inSensitive; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_PUBLIC_Unmarshal(&target->inPublic, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_CreatePrimary_inPublic; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->outsideInfo, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_CreatePrimary_outsideInfo; } } if (rc == TPM_RC_SUCCESS) { rc = TPML_PCR_SELECTION_Unmarshal(&target->creationPCR, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_CreatePrimary_creationPCR; } } return rc; } TPM_RC HierarchyControl_In_Unmarshal(HierarchyControl_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPMI_RH_ENABLES_Unmarshal(&target->enable, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_HierarchyControl_enable; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->state, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_HierarchyControl_state; } } return rc; } TPM_RC SetPrimaryPolicy_In_Unmarshal(SetPrimaryPolicy_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DIGEST_Unmarshal(&target->authPolicy, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_SetPrimaryPolicy_authPolicy; } } if (rc == TPM_RC_SUCCESS) { rc = TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_SetPrimaryPolicy_hashAlg; } } return rc; } TPM_RC ChangePPS_In_Unmarshal(ChangePPS_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } return rc; } TPM_RC ChangeEPS_In_Unmarshal(ChangeEPS_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } return rc; } TPM_RC Clear_In_Unmarshal(Clear_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } return rc; } TPM_RC ClearControl_In_Unmarshal(ClearControl_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->auth = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPMI_YES_NO_Unmarshal(&target->disable, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ClearControl_disable; } } return rc; } TPM_RC HierarchyChangeAuth_In_Unmarshal(HierarchyChangeAuth_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->newAuth, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_HierarchyChangeAuth_newAuth; } } return rc; } TPM_RC DictionaryAttackLockReset_In_Unmarshal(DictionaryAttackLockReset_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->lockHandle = handles[0]; } return rc; } TPM_RC DictionaryAttackParameters_In_Unmarshal(DictionaryAttackParameters_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->lockHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->newMaxTries, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_DictionaryAttackParameters_newMaxTries; } } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->newRecoveryTime, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_DictionaryAttackParameters_newRecoveryTime; } } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->lockoutRecovery, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_DictionaryAttackParameters_lockoutRecovery; } } return rc; } TPM_RC PP_Commands_In_Unmarshal(PP_Commands_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->auth = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPML_CC_Unmarshal(&target->setList, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PP_Commands_setList; } } if (rc == TPM_RC_SUCCESS) { rc = TPML_CC_Unmarshal(&target->clearList, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_PP_Commands_clearList; } } return rc; } TPM_RC SetAlgorithmSet_In_Unmarshal(SetAlgorithmSet_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->algorithmSet, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_SetAlgorithmSet_algorithmSet; } } return rc; } TPM_RC ContextSave_In_Unmarshal(ContextSave_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->saveHandle = handles[0]; } return rc; } TPM_RC ContextLoad_In_Unmarshal(ContextLoad_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPMS_CONTEXT_Unmarshal(&target->context, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ContextLoad_context; } } return rc; } TPM_RC FlushContext_In_Unmarshal(FlushContext_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPMI_DH_CONTEXT_Unmarshal(&target->flushHandle, buffer, size, NO); if (rc != TPM_RC_SUCCESS) { rc += RC_FlushContext_flushHandle; } } return rc; } TPM_RC EvictControl_In_Unmarshal(EvictControl_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->auth = handles[0]; target->objectHandle = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPMI_DH_PERSISTENT_Unmarshal(&target->persistentHandle, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_EvictControl_persistentHandle; } } return rc; } TPM_RC ClockSet_In_Unmarshal(ClockSet_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->auth = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->newTime, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ClockSet_newTime; } } return rc; } TPM_RC ClockRateAdjust_In_Unmarshal(ClockRateAdjust_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->auth = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM_CLOCK_ADJUST_Unmarshal(&target->rateAdjust, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_ClockRateAdjust_rateAdjust; } } return rc; } TPM_RC GetCapability_In_Unmarshal(GetCapability_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPM_CAP_Unmarshal(&target->capability, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_GetCapability_capability; } } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->property, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_GetCapability_property; } } if (rc == TPM_RC_SUCCESS) { rc = UINT32_Unmarshal(&target->propertyCount, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_GetCapability_propertyCount; } } return rc; } TPM_RC TestParms_In_Unmarshal(TestParms_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = TPMT_PUBLIC_PARMS_Unmarshal(&target->parameters, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_TestParms_parameters; } } return rc; } TPM_RC NV_DefineSpace_In_Unmarshal(NV_DefineSpace_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->auth, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_DefineSpace_auth; } } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_NV_PUBLIC_Unmarshal(&target->publicInfo, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_DefineSpace_publicInfo; } } return rc; } TPM_RC NV_UndefineSpace_In_Unmarshal(NV_UndefineSpace_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } return rc; } TPM_RC NV_UndefineSpaceSpecial_In_Unmarshal(NV_UndefineSpaceSpecial_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->nvIndex = handles[0]; target->platform = handles[1]; } return rc; } TPM_RC NV_ReadPublic_In_Unmarshal(NV_ReadPublic_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->nvIndex = handles[0]; } return rc; } TPM_RC NV_Write_In_Unmarshal(NV_Write_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_NV_BUFFER_Unmarshal(&target->data, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Write_data; } } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->offset, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Write_offset; } } return rc; } TPM_RC NV_Increment_In_Unmarshal(NV_Increment_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } return rc; } TPM_RC NV_Extend_In_Unmarshal(NV_Extend_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_MAX_NV_BUFFER_Unmarshal(&target->data, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Extend_data; } } return rc; } TPM_RC NV_SetBits_In_Unmarshal(NV_SetBits_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = UINT64_Unmarshal(&target->bits, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_SetBits_bits; } } return rc; } TPM_RC NV_WriteLock_In_Unmarshal(NV_WriteLock_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } return rc; } TPM_RC NV_GlobalWriteLock_In_Unmarshal(NV_GlobalWriteLock_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; } return rc; } TPM_RC NV_Read_In_Unmarshal(NV_Read_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Read_size; } } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->offset, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Read_offset; } } return rc; } TPM_RC NV_ReadLock_In_Unmarshal(NV_ReadLock_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; buffer = buffer; size = size; if (rc == TPM_RC_SUCCESS) { target->authHandle = handles[0]; target->nvIndex = handles[1]; } return rc; } TPM_RC NV_ChangeAuth_In_Unmarshal(NV_ChangeAuth_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->nvIndex = handles[0]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_AUTH_Unmarshal(&target->newAuth, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_ChangeAuth_newAuth; } } return rc; } TPM_RC NV_Certify_In_Unmarshal(NV_Certify_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; if (rc == TPM_RC_SUCCESS) { target->signHandle = handles[0]; target->authHandle = handles[1]; target->nvIndex = handles[2]; } if (rc == TPM_RC_SUCCESS) { rc = TPM2B_DATA_Unmarshal(&target->qualifyingData, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Certify_qualifyingData; } } if (rc == TPM_RC_SUCCESS) { rc = TPMT_SIG_SCHEME_Unmarshal(&target->inScheme, buffer, size, YES); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Certify_inScheme; } } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->size, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Certify_size; } } if (rc == TPM_RC_SUCCESS) { rc = UINT16_Unmarshal(&target->offset, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NV_Certify_offset; } } return rc; } ./utils/hierarchychangeauth.c0000644000175000017500000002400413121761563014502 0ustar lo1lo1/********************************************************************************/ /* */ /* HierarchyChangeAuth */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: hierarchychangeauth.c 1026 2017-06-19 14:45:07Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; HierarchyChangeAuth_In in; char hierarchyChar = 0; const char *newPassword = NULL; const char *newPasswordFilename = NULL; const char *authPassword = NULL; const char *authPasswordFilename = NULL; /* authPasswordPtr is used as the command auth value. It is either the supplied authPassword string, the password read from the authPasswordFilename file, or NULL */ const char *authPasswordPtr = NULL; uint8_t *authPasswordBuffer = NULL; /* for the free */ size_t authPasswordLength = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (hierarchyChar == 'l') { in.authHandle = TPM_RH_LOCKOUT; } else if (hierarchyChar == 'e') { in.authHandle = TPM_RH_ENDORSEMENT; } else if (hierarchyChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { if ((newPassword != NULL) && (newPasswordFilename != NULL)) { printf("Cannot specify both -pwdn and -pwdni\n"); printUsage(); } } if (rc == 0) { if ((authPassword != NULL) && (authPasswordFilename != NULL)) { printf("Cannot specify both -pwda and -pwdai\n"); printUsage(); } } if (rc == 0) { /* new auth from string */ if (newPassword != NULL) { /* convert password string to TPM2B */ rc = TSS_TPM2B_StringCopy(&in.newAuth.b, newPassword, sizeof(TPMU_HA)); } /* new auth from file */ else if (newPasswordFilename != NULL) { uint8_t *buffer = NULL; /* for the free */ size_t length = 0; /* read new auth value from the file */ if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, newPasswordFilename); } /* convert password file string to TPM2B */ if (rc == 0) { rc = TSS_TPM2B_StringCopy(&in.newAuth.b, (const char *)buffer, sizeof(TPMU_HA)); } free(buffer); buffer = NULL; } /* no new auth specified */ else { in.newAuth.t.size = 0; } } if (rc == 0) { /* command auth from string */ if (authPassword != NULL) { authPasswordPtr = authPassword; } /* command auth from file */ else if (authPasswordFilename != NULL) { if (rc == 0) { /* must be freed by caller */ rc = TSS_File_ReadBinaryFile(&authPasswordBuffer, &authPasswordLength, authPasswordFilename); } if (rc == 0) { if (authPasswordLength > sizeof(TPMU_HA)) { printf("Password too long %u\n", (unsigned int)authPasswordLength); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { authPasswordPtr = (const char *)authPasswordBuffer; } } /* no command auth specified */ else { authPasswordPtr = NULL; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_HierarchyChangeAuth, sessionHandle0, authPasswordPtr, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("hierarchychangeauth: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("hierarchychangeauth: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } free(authPasswordBuffer); authPasswordBuffer = NULL; return rc; } static void printUsage(void) { printf("\n"); printf("hierarchychangeauth\n"); printf("\n"); printf("Runs TPM2_HierarchyChangeAuth\n"); printf("\n"); printf("\t-hi hierarchy (l, e, o, p)\n"); printf("\t\tl lockout, e endorsement, o owner, p platform\n"); printf("\t-pwdn new authorization password (default empty)\n"); printf("\t-pwdni new authorization password file name (default empty)\n"); printf("\t-pwda authorization password (default empty)\n"); printf("\t-pwdai authorization password file name (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/evictcontrol.c0000644000175000017500000001675013075204375013221 0ustar lo1lo1/********************************************************************************/ /* */ /* EvictControl */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: evictcontrol.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; TPMI_DH_OBJECT objectHandle = 0; TPMI_DH_PERSISTENT persistentHandle = 0; EvictControl_In in; char authHandleChar = 0; const char *authPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (objectHandle == 0) { printf("Missing handle parameter -ho\n"); printUsage(); } if (persistentHandle == 0) { printf("Missing handle parameter -hp\n"); printUsage(); } if (rc == 0) { if (authHandleChar == 'o') { in.auth = TPM_RH_OWNER; } else if (authHandleChar == 'p') { in.auth = TPM_RH_PLATFORM; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { in.objectHandle = objectHandle; in.persistentHandle = persistentHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_EvictControl, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("evictcontrol: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("evictcontrol: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("evictcontrol\n"); printf("\n"); printf("Runs TPM2_EvictControl\n"); printf("\n"); printf("\t-hi authhandle hierarchy (o, p)\n"); printf("\t\to owner, p platform \n"); printf("\t-ho object handle\n"); printf("\t-hp persistent handle\n"); printf("\t-pwda authorization password (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/ntc2lib.c0000644000175000017500000000571413070736653012045 0ustar lo1lo1/********************************************************************************/ /* */ /* TPM2 Nuvoton Proprietary Command Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ntc2lib.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include "ntc2lib.h" /* Marshal and Unmarshal Functions */ TPM_RC NTC2_CFG_STRUCT_Unmarshal(NTC2_CFG_STRUCT *target, BYTE **buffer, INT32 *size) { TPM_RC rc = TPM_RC_SUCCESS; /* assumes that the NTC2_CFG_STRUCT structure are all uint8_t so that there are no endian issues */ if (rc == TPM_RC_SUCCESS) { rc = Array_Unmarshal((BYTE *)target, sizeof(NTC2_CFG_STRUCT), buffer, size); } return rc; } TPM_RC NTC2_PreConfig_In_Unmarshal(NTC2_PreConfig_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]) { TPM_RC rc = TPM_RC_SUCCESS; handles = handles; if (rc == TPM_RC_SUCCESS) { rc = NTC2_CFG_STRUCT_Unmarshal(&target->preConfig, buffer, size); if (rc != TPM_RC_SUCCESS) { rc += RC_NTC2_PreConfig_preConfig; } } return rc; } ./utils/reg.sh0000755000175000017500000002725713116560740011457 0ustar lo1lo1#!/bin/bash # ################################################################################# # # # TPM2 regression test # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: reg.sh 1019 2017-06-09 17:58:56Z kgoldman $ # # # # (c) Copyright IBM Corporation 2014 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # handles are # 80000000 platform hierarchy primary storage key # password pps # storage key under primary # password sto # storepriv.bin # signing key under primary # password sig # signpriv.bin # RSA encryption key under primary # password dec # decpriv.bin # at test entry and exit, there is a platform primary key at 80000000 and # storage and signing keys under them, ready to load. # The exception is the last test case, which rolls the seeds. # This is a namespace prefix # For the basic tarball, PREFIX is set to ./ (the current directory) PREFIX=./ # The rpm release prefixes all the utility names with tss, so PREFIX is set to tss # PREFIX=tss printUsage () { echo "" echo "" echo "-h help" echo "-a all tests" echo "-1 random number generator" echo "-2 PCR" echo "-3 primary keys" echo "-4 createloaded - rev 138" echo "-5 HMAC session - no bind or salt" echo "-6 HMAC session - bind" echo "-7 HMAC session - salt" echo "-8 Hierarchy" echo "-9 Storage" echo "-10 Object Change Auth" echo "-11 Encrypt and decrypt sessions" echo "-12 Sign" echo "-13 NV" echo "-14 NV PIN Index - rev 138" echo "-15 Evict control" echo "-16 RSA encrypt decrypt" echo "-17 AES encrypt decrypt" echo "-18 AES encrypt decrypt - rev 138" echo "-19 HMAC and Hash" echo "-20 Attestation" echo "-21 Policy" echo "-22 Policy - rev 138" echo "-23 Context" echo "-24 Clocks and Timers" echo "-25 DA logic" echo "-26 Unseal" echo "-27 Duplication" echo "-28 ECC" echo "-29 Credential" echo "-35 Shutdown (only run for simulator)" echo "-40 Tests under development (not part of all)" echo "" echo "-50 Change seed" } checkSuccess() { if [ $1 -ne 0 ]; then echo " ERROR:" cat run.out exit 255 else echo " INFO:" fi } # FIXME should not increment past 254 checkWarning() { if [ $1 -ne 0 ]; then echo " WARN: $2" ((WARN++)) else echo " INFO:" fi } checkFailure() { if [ $1 -eq 0 ]; then echo " ERROR:" cat run.out exit 255 else echo " INFO:" fi } cleanup() { # stdout rm -f run.out # general purpose keys rm -f storepriv.bin rm -f storepub.bin rm -f storeeccpub.bin rm -f storeeccpriv.bin rm -f signpriv.bin rm -f signpub.bin rm -f signpub.pem rm -f signeccpriv.bin rm -f signeccpub.bin rm -f signeccpub.pem rm -f signrpriv.bin rm -f signrpub.bin rm -f signrpub.pem rm -f derpriv.bin rm -f derpub.bin rm -f despriv.bin rm -f despub.bin rm -f khprivsha1.bin rm -f khpubsha1.bin rm -f khprivsha256.bin rm -f khpubsha256.bin rm -f khpubsha384.bin rm -f khprivsha384.bin rm -f pritk.bin rm -f stotk.bin rm -f prich.bin rm -f stoch.bin # misc rm -f dec.bin rm -f enc.bin rm -f msg.bin rm -f noncetpm.bin rm -f policyapproved.bin rm -f pssig.bin rm -f sig.bin rm -f tkt.bin rm -f tmp.bin rm -f tmp1.bin rm -f tmp2.bin rm -f tmpsha1.bin rm -f tmpsha256.bin rm -f tmpsha384.bin rm -f tmppriv.bin rm -f tmppub.bin rm -f tmpspriv.bin rm -f tmpspub.bin rm -f to.bin rm -f zero.bin } export -f checkSuccess export -f checkWarning export -f checkFailure export WARN export PREFIX # example for running scripts with encrypted sessions, see TPM_SESSION_ENCKEY=getrandom below export TPM_SESSION_ENCKEY main () { RC=0 I=0 ((WARN=0)) if [ "$1" == "-h" ]; then printUsage exit 0 else # the MS simulator needs power up and startup if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ]; then if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then ./regtests/inittpm.sh fi fi RC=$? if [ $RC -ne 0 ]; then exit 255 fi # example for running scripts with encrypted sessions, see TPM_ENCRYPT_SESSIONS above # getrandom must wait until after inittpm.sh (powerup and startup) TPM_SESSION_ENCKEY=`${PREFIX}getrandom -by 16 -ns` ./regtests/initkeys.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((WARN=$RC)) fi if [ "$1" == "-a" ] || [ "$1" == "-1" ]; then ./regtests/testrng.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-2" ]; then ./regtests/testpcr.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-3" ]; then ./regtests/testprimary.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-4" ]; then ./regtests/testcreateloaded.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-5" ]; then ./regtests/testhmacsession.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-6" ]; then ./regtests/testbind.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-7" ]; then ./regtests/testsalt.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-8" ]; then ./regtests/testhierarchy.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-9" ]; then ./regtests/teststorage.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-10" ]; then ./regtests/testchangeauth.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-11" ]; then ./regtests/testencsession.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-12" ]; then ./regtests/testsign.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-13" ]; then ./regtests/testnv.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-14" ]; then ./regtests/testnvpin.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-15" ]; then ./regtests/testevict.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-16" ]; then ./regtests/testrsa.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-17" ]; then ./regtests/testaes.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-18" ]; then ./regtests/testaes138.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-19" ]; then ./regtests/testhmac.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-20" ]; then ./regtests/testattest.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) ((WARN=$RC)) fi if [ "$1" == "-a" ] || [ "$1" == "-21" ]; then ./regtests/testpolicy.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-22" ]; then ./regtests/testpolicy138.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-23" ]; then ./regtests/testcontext.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-24" ]; then ./regtests/testclocks.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-25" ]; then ./regtests/testda.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-26" ]; then ./regtests/testunseal.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-27" ]; then ./regtests/testdup.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-28" ]; then ./regtests/testecc.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-29" ]; then ./regtests/testcredential.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-a" ] || [ "$1" == "-35" ]; then # the MS simulator supports power cycling if [ -z ${TPM_INTERFACE_TYPE} ] || [ ${TPM_INTERFACE_TYPE} == "socsim" ]; then if [ -z ${TPM_SERVER_TYPE} ] || [ ${TPM_SERVER_TYPE} == "mssim" ]; then ./regtests/testshutdown.sh fi fi RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ "$1" == "-40" ]; then ./regtests/testdevel.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) ((WARN=$RC)) fi # this must be the last test if [ "$1" == "-a" ] || [ "$1" == "-50" ]; then ./regtests/testchangeseed.sh RC=$? if [ $RC -ne 0 ]; then exit 255 fi ((I++)) fi if [ $RC -ne 0 ]; then echo "" echo "Failed" echo "" exit 255 else # -0 is a debug mode that initializes and does not clean up if [ "$1" != "-0" ]; then ${PREFIX}flushcontext -ha 80000000 cleanup fi echo "" echo "Success - ${I} Tests ${WARN} Warnings" echo "" fi } main "$@" ./utils/nvwritelock.c0000644000175000017500000001611313055132457013045 0ustar lo1lo1/********************************************************************************/ /* */ /* NV WriteLock */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvwritelock.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_WriteLock_In in; char hierarchyAuthChar = 0; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } /* Authorization handle */ if (rc == 0) { if (hierarchyAuthChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyAuthChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else if (hierarchyAuthChar == 0) { in.authHandle = nvIndex; } else { printf("\n"); printUsage(); } } if (rc == 0) { in.nvIndex = nvIndex; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_WriteLock, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvwritelock: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvwritelock: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvwritelock\n"); printf("\n"); printf("Runs TPM2_NV_WriteLock\n"); printf("\n"); printf("\t[-hia hierarchy authorization (o, p)(default index authorization)]\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdn password for NV index (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/changeeps.c0000644000175000017500000001423413073673132012435 0ustar lo1lo1/********************************************************************************/ /* */ /* ChangeEPS */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: changeeps.c 982 2017-04-13 13:00:10Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ChangeEPS_In in; const char *authPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { in.authHandle = TPM_RH_PLATFORM; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ChangeEPS, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("changeeps: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("changeeps: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("changeeps\n"); printf("\n"); printf("Runs TPM2_ChangeEPS\n"); printf("\n"); printf("\t-pwda authorization password (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/applink.c0000644000175000017500000000551412536371542012142 0ustar lo1lo1#define APPLINK_STDIN 1 #define APPLINK_STDOUT 2 #define APPLINK_STDERR 3 #define APPLINK_FPRINTF 4 #define APPLINK_FGETS 5 #define APPLINK_FREAD 6 #define APPLINK_FWRITE 7 #define APPLINK_FSETMOD 8 #define APPLINK_FEOF 9 #define APPLINK_FCLOSE 10 /* should not be used */ #define APPLINK_FOPEN 11 /* solely for completeness */ #define APPLINK_FSEEK 12 #define APPLINK_FTELL 13 #define APPLINK_FFLUSH 14 #define APPLINK_FERROR 15 #define APPLINK_CLEARERR 16 #define APPLINK_FILENO 17 /* to be used with below */ #define APPLINK_OPEN 18 /* formally can't be used, as flags can vary */ #define APPLINK_READ 19 #define APPLINK_WRITE 20 #define APPLINK_LSEEK 21 #define APPLINK_CLOSE 22 #define APPLINK_MAX 22 /* always same as last macro */ #ifndef APPMACROS_ONLY #include #include #include static void *app_stdin(void) { return stdin; } static void *app_stdout(void) { return stdout; } static void *app_stderr(void) { return stderr; } static int app_feof(FILE *fp) { return feof(fp); } static int app_ferror(FILE *fp) { return ferror(fp); } static void app_clearerr(FILE *fp) { clearerr(fp); } static int app_fileno(FILE *fp) { return _fileno(fp); } static int app_fsetmod(FILE *fp,char mod) { return _setmode (_fileno(fp),mod=='b'?_O_BINARY:_O_TEXT); } #ifdef __cplusplus extern "C" { #endif __declspec(dllexport) void ** #if defined(__BORLANDC__) __stdcall /* __stdcall appears to be the only way to get the name * decoration right with Borland C. Otherwise it works * purely incidentally, as we pass no parameters. */ #else __cdecl #endif OPENSSL_Applink(void) { static int once=1; static void *OPENSSL_ApplinkTable[APPLINK_MAX+1]={(void *)APPLINK_MAX}; if (once) { OPENSSL_ApplinkTable[APPLINK_STDIN] = app_stdin; OPENSSL_ApplinkTable[APPLINK_STDOUT] = app_stdout; OPENSSL_ApplinkTable[APPLINK_STDERR] = app_stderr; OPENSSL_ApplinkTable[APPLINK_FPRINTF] = fprintf; OPENSSL_ApplinkTable[APPLINK_FGETS] = fgets; OPENSSL_ApplinkTable[APPLINK_FREAD] = fread; OPENSSL_ApplinkTable[APPLINK_FWRITE] = fwrite; OPENSSL_ApplinkTable[APPLINK_FSETMOD] = app_fsetmod; OPENSSL_ApplinkTable[APPLINK_FEOF] = app_feof; OPENSSL_ApplinkTable[APPLINK_FCLOSE] = fclose; OPENSSL_ApplinkTable[APPLINK_FOPEN] = fopen; OPENSSL_ApplinkTable[APPLINK_FSEEK] = fseek; OPENSSL_ApplinkTable[APPLINK_FTELL] = ftell; OPENSSL_ApplinkTable[APPLINK_FFLUSH] = fflush; OPENSSL_ApplinkTable[APPLINK_FERROR] = app_ferror; OPENSSL_ApplinkTable[APPLINK_CLEARERR] = app_clearerr; OPENSSL_ApplinkTable[APPLINK_FILENO] = app_fileno; OPENSSL_ApplinkTable[APPLINK_OPEN] = _open; OPENSSL_ApplinkTable[APPLINK_READ] = _read; OPENSSL_ApplinkTable[APPLINK_WRITE] = _write; OPENSSL_ApplinkTable[APPLINK_LSEEK] = _lseek; OPENSSL_ApplinkTable[APPLINK_CLOSE] = _close; once = 0; } return OPENSSL_ApplinkTable; } #ifdef __cplusplus } #endif #endif ./utils/ntc2lockconfig.c0000644000175000017500000001002013055132457013372 0ustar lo1lo1/********************************************************************************/ /* */ /* Nuvoton Lock Preconfig */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: ntc2lockconfig.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include "ntc2lib.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; int lock = FALSE; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Unseal_In in; Unseal_Out out; TPMI_DH_OBJECT itemHandle = 0; const char *outDataFilename = NULL; const char *password = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (itemHandle == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (rc == 0) { in.itemHandle = itemHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Unseal, sessionHandle0, password, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (outDataFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.outData.t.buffer, out.outData.t.size, outDataFilename); } if (rc == 0) { if (verbose) TSS_PrintAll("outData", out.outData.t.buffer, out.outData.t.size); if (verbose) printf("unseal: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("unseal: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("unseal\n"); printf("\n"); printf("Runs TPM2_Unseal\n"); printf("\n"); printf("\t-ha sealed data item handle\n"); printf("\t[-pwd password sealed data item (default empty)]\n"); printf("\t[-of output data (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/commit.c0000644000175000017500000002542713075204375011777 0ustar lo1lo1/********************************************************************************/ /* */ /* Commit */ /* Written by Bill Martin */ /* Green Hills Integrity Software Services */ /* $Id: commit.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include #include "objecttemplates.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Commit_In in; Commit_Out out; TPMI_DH_OBJECT signHandle = 0; TPMA_OBJECT objectAttributes; const char *s2Filename = NULL; const char *y2Filename = NULL; const char *dataFilename = NULL; const char *Kfilename = NULL; const char *Lfilename = NULL; const char *Efilename = NULL; const char *keyPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ objectAttributes.val = 0; objectAttributes.val |= TPMA_OBJECT_NODA; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (signHandle == 0) { printf("Missing handle parameter -hk\n"); printUsage(); } if (rc == 0) { /* Handle of key that will perform signing */ in.signHandle = signHandle; } /* set P1 */ if (rc == 0) { if (dataFilename != NULL) { rc = TSS_File_ReadStructure(&in.P1, (UnmarshalFunction_t)TPM2B_ECC_POINT_Unmarshal, dataFilename); } else { in.P1.point.x.t.size = 0; in.P1.point.y.t.size = 0; } } /* set S2 */ if (rc == 0) { if (s2Filename != NULL) { rc = TSS_File_Read2B(&in.s2.b, MAX_SYM_DATA, s2Filename); } else { in.s2.t.size = 0; } } /* set y2 */ if (rc == 0) { if (y2Filename != NULL) { rc = TSS_File_Read2B(&in.y2.b, MAX_SYM_DATA, y2Filename); } else { in.y2.t.size = 0; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Commit, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (Kfilename != NULL)) { rc = TSS_File_WriteStructure(&out.K, (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal, Kfilename); } if ((rc == 0) && (Lfilename != NULL)) { rc = TSS_File_WriteStructure(&out.L, (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal, Lfilename); } if ((rc == 0) && (Efilename != NULL)) { rc = TSS_File_WriteStructure(&out.E, (MarshalFunction_t)TSS_TPM2B_ECC_POINT_Marshal, Efilename); } if (rc == 0) { /* printf ("counter is %d\n", out.counter); */ if (verbose) printf("commit: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("commit: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("commit\n"); printf("\n"); printf("Runs TPM2_Commit\n"); printf("\n"); printf("\t-hk key handle\n"); printf("\t[-pt point file name]\n"); printf("\t[-s2 s2 file name]\n"); printf("\t[-y2 y2 file name]\n"); printf("\t[-Kf data file]\n"); printf("\t[-Lf data file]\n"); printf("\t[-Ef data file]\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/Commands_fp.h0000644000175000017500000006037113013163530012724 0ustar lo1lo1/********************************************************************************/ /* */ /* Command and Response Marshal and Unmarshal */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: Commands_fp.h 814 2016-11-16 23:10:16Z kgoldman $ */ /* */ /* Licenses and Notices */ /* */ /* 1. Copyright Licenses: */ /* */ /* - Trusted Computing Group (TCG) grants to the user of the source code in */ /* this specification (the "Source Code") a worldwide, irrevocable, */ /* nonexclusive, royalty free, copyright license to reproduce, create */ /* derivative works, distribute, display and perform the Source Code and */ /* derivative works thereof, and to grant others the rights granted herein. */ /* */ /* - The TCG grants to the user of the other parts of the specification */ /* (other than the Source Code) the rights to reproduce, distribute, */ /* display, and perform the specification solely for the purpose of */ /* developing products based on such documents. */ /* */ /* 2. Source Code Distribution Conditions: */ /* */ /* - Redistributions of Source Code must retain the above copyright licenses, */ /* this list of conditions and the following disclaimers. */ /* */ /* - Redistributions in binary form must reproduce the above copyright */ /* licenses, this list of conditions and the following disclaimers in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* 3. Disclaimers: */ /* */ /* - THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF */ /* LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH */ /* RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) */ /* THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. */ /* Contact TCG Administration (admin@trustedcomputinggroup.org) for */ /* information on specification licensing rights available through TCG */ /* membership agreements. */ /* */ /* - THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED */ /* WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR */ /* FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR */ /* NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY */ /* OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. */ /* */ /* - Without limitation, TCG and its members and licensors disclaim all */ /* liability, including liability for infringement of any proprietary */ /* rights, relating to use of information in this specification and to the */ /* implementation of this specification, and TCG disclaims all liability for */ /* cost of procurement of substitute goods or services, lost profits, loss */ /* of use, loss of data or any incidental, consequential, direct, indirect, */ /* or special damages, whether under contract, tort, warranty or otherwise, */ /* arising in any way out of use or reliance upon this specification or any */ /* information herein. */ /* */ /* (c) Copyright IBM Corp. and others, 2012-2015 */ /* */ /********************************************************************************/ /* rev 119 */ #ifndef COMMANDS_FP_H #define COMMANDS_FP_H #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include TPM_RC Startup_In_Unmarshal(Startup_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC Shutdown_In_Unmarshal(Shutdown_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC SelfTest_In_Unmarshal(SelfTest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC IncrementalSelfTest_In_Unmarshal(IncrementalSelfTest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 IncrementalSelfTest_Out_Marshal(IncrementalSelfTest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); UINT16 GetTestResult_Out_Marshal(GetTestResult_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC StartAuthSession_In_Unmarshal(StartAuthSession_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 StartAuthSession_Out_Marshal(StartAuthSession_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC PolicyRestart_In_Unmarshal(PolicyRestart_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC Create_In_Unmarshal(Create_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Create_Out_Marshal(Create_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Load_In_Unmarshal(Load_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Load_Out_Marshal(Load_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC LoadExternal_In_Unmarshal(LoadExternal_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 LoadExternal_Out_Marshal(LoadExternal_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ReadPublic_In_Unmarshal(ReadPublic_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ReadPublic_Out_Marshal(ReadPublic_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ActivateCredential_In_Unmarshal(ActivateCredential_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ActivateCredential_Out_Marshal(ActivateCredential_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC MakeCredential_In_Unmarshal(MakeCredential_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 MakeCredential_Out_Marshal(MakeCredential_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Unseal_In_Unmarshal(Unseal_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Unseal_Out_Marshal(Unseal_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ObjectChangeAuth_In_Unmarshal(ObjectChangeAuth_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ObjectChangeAuth_Out_Marshal(ObjectChangeAuth_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC CreateLoaded_In_Unmarshal(CreateLoaded_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC Duplicate_In_Unmarshal(Duplicate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Duplicate_Out_Marshal(Duplicate_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Rewrap_In_Unmarshal(Rewrap_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Rewrap_Out_Marshal(Rewrap_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Import_In_Unmarshal(Import_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Import_Out_Marshal(Import_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC RSA_Encrypt_In_Unmarshal(RSA_Encrypt_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 RSA_Encrypt_Out_Marshal(RSA_Encrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC RSA_Decrypt_In_Unmarshal(RSA_Decrypt_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 RSA_Decrypt_Out_Marshal(RSA_Decrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ECDH_KeyGen_In_Unmarshal(ECDH_KeyGen_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ECDH_KeyGen_Out_Marshal(ECDH_KeyGen_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ECDH_ZGen_In_Unmarshal(ECDH_ZGen_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ECDH_ZGen_Out_Marshal(ECDH_ZGen_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ECC_Parameters_In_Unmarshal(ECC_Parameters_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ECC_Parameters_Out_Marshal(ECC_Parameters_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ZGen_2Phase_In_Unmarshal(ZGen_2Phase_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ZGen_2Phase_Out_Marshal(ZGen_2Phase_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC EncryptDecrypt_In_Unmarshal(EncryptDecrypt_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 EncryptDecrypt_Out_Marshal(EncryptDecrypt_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC EncryptDecrypt2_In_Unmarshal(EncryptDecrypt2_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC Hash_In_Unmarshal(Hash_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Hash_Out_Marshal(Hash_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC HMAC_In_Unmarshal(HMAC_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 HMAC_Out_Marshal(HMAC_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC GetRandom_In_Unmarshal(GetRandom_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 GetRandom_Out_Marshal(GetRandom_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC StirRandom_In_Unmarshal(StirRandom_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC HMAC_Start_In_Unmarshal(HMAC_Start_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 HMAC_Start_Out_Marshal(HMAC_Start_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC HashSequenceStart_In_Unmarshal(HashSequenceStart_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 HashSequenceStart_Out_Marshal(HashSequenceStart_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC SequenceUpdate_In_Unmarshal(SequenceUpdate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC SequenceComplete_In_Unmarshal(SequenceComplete_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 SequenceComplete_Out_Marshal(SequenceComplete_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC EventSequenceComplete_In_Unmarshal(EventSequenceComplete_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 EventSequenceComplete_Out_Marshal(EventSequenceComplete_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Certify_In_Unmarshal(Certify_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Certify_Out_Marshal(Certify_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC CertifyCreation_In_Unmarshal(CertifyCreation_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 CertifyCreation_Out_Marshal(CertifyCreation_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Quote_In_Unmarshal(Quote_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Quote_Out_Marshal(Quote_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC GetSessionAuditDigest_In_Unmarshal(GetSessionAuditDigest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 GetSessionAuditDigest_Out_Marshal(GetSessionAuditDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC GetCommandAuditDigest_In_Unmarshal(GetCommandAuditDigest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 GetCommandAuditDigest_Out_Marshal(GetCommandAuditDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC GetTime_In_Unmarshal(GetTime_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 GetTime_Out_Marshal(GetTime_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Commit_In_Unmarshal(Commit_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Commit_Out_Marshal(Commit_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC EC_Ephemeral_In_Unmarshal(EC_Ephemeral_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 EC_Ephemeral_Out_Marshal(EC_Ephemeral_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC VerifySignature_In_Unmarshal(VerifySignature_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 VerifySignature_Out_Marshal(VerifySignature_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC Sign_In_Unmarshal(Sign_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 Sign_Out_Marshal(Sign_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC SetCommandCodeAuditStatus_In_Unmarshal(SetCommandCodeAuditStatus_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PCR_Extend_In_Unmarshal(PCR_Extend_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PCR_Event_In_Unmarshal(PCR_Event_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 PCR_Event_Out_Marshal(PCR_Event_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC PCR_Read_In_Unmarshal(PCR_Read_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 PCR_Read_Out_Marshal(PCR_Read_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC PCR_Allocate_In_Unmarshal(PCR_Allocate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 PCR_Allocate_Out_Marshal(PCR_Allocate_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC PCR_SetAuthPolicy_In_Unmarshal(PCR_SetAuthPolicy_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PCR_SetAuthValue_In_Unmarshal(PCR_SetAuthValue_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PCR_Reset_In_Unmarshal(PCR_Reset_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicySigned_In_Unmarshal(PolicySigned_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 PolicySigned_Out_Marshal(PolicySigned_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC PolicySecret_In_Unmarshal(PolicySecret_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 PolicySecret_Out_Marshal(PolicySecret_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC PolicyTicket_In_Unmarshal(PolicyTicket_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyOR_In_Unmarshal(PolicyOR_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyPCR_In_Unmarshal(PolicyPCR_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyLocality_In_Unmarshal(PolicyLocality_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyNV_In_Unmarshal(PolicyNV_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyAuthorizeNV_In_Unmarshal(PolicyAuthorizeNV_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyCounterTimer_In_Unmarshal(PolicyCounterTimer_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyCommandCode_In_Unmarshal(PolicyCommandCode_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyPhysicalPresence_In_Unmarshal(PolicyPhysicalPresence_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyCpHash_In_Unmarshal(PolicyCpHash_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyNameHash_In_Unmarshal(PolicyNameHash_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyDuplicationSelect_In_Unmarshal(PolicyDuplicationSelect_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyAuthorize_In_Unmarshal(PolicyAuthorize_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyAuthValue_In_Unmarshal(PolicyAuthValue_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyPassword_In_Unmarshal(PolicyPassword_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyGetDigest_In_Unmarshal(PolicyGetDigest_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 PolicyGetDigest_Out_Marshal(PolicyGetDigest_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC PolicyNvWritten_In_Unmarshal(PolicyNvWritten_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PolicyTemplate_In_Unmarshal(PolicyTemplate_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC CreatePrimary_In_Unmarshal(CreatePrimary_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 CreatePrimary_Out_Marshal(CreatePrimary_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC HierarchyControl_In_Unmarshal(HierarchyControl_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC SetPrimaryPolicy_In_Unmarshal(SetPrimaryPolicy_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC ChangePPS_In_Unmarshal(ChangePPS_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC ChangeEPS_In_Unmarshal(ChangeEPS_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC Clear_In_Unmarshal(Clear_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC ClearControl_In_Unmarshal(ClearControl_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC HierarchyChangeAuth_In_Unmarshal(HierarchyChangeAuth_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC DictionaryAttackLockReset_In_Unmarshal(DictionaryAttackLockReset_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC DictionaryAttackParameters_In_Unmarshal(DictionaryAttackParameters_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC PP_Commands_In_Unmarshal(PP_Commands_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC SetAlgorithmSet_In_Unmarshal(SetAlgorithmSet_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC ContextSave_In_Unmarshal(ContextSave_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ContextSave_Out_Marshal(ContextSave_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ContextLoad_In_Unmarshal(ContextLoad_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ContextLoad_Out_Marshal(ContextLoad_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC FlushContext_In_Unmarshal(FlushContext_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC EvictControl_In_Unmarshal(EvictControl_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 ReadClock_Out_Marshal(ReadClock_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC ClockSet_In_Unmarshal(ClockSet_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC ClockRateAdjust_In_Unmarshal(ClockRateAdjust_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC GetCapability_In_Unmarshal(GetCapability_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 GetCapability_Out_Marshal(GetCapability_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC TestParms_In_Unmarshal(TestParms_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_DefineSpace_In_Unmarshal(NV_DefineSpace_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_UndefineSpace_In_Unmarshal(NV_UndefineSpace_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_UndefineSpaceSpecial_In_Unmarshal(NV_UndefineSpaceSpecial_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_ReadPublic_In_Unmarshal(NV_ReadPublic_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 NV_ReadPublic_Out_Marshal(NV_ReadPublic_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC NV_Write_In_Unmarshal(NV_Write_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_Increment_In_Unmarshal(NV_Increment_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_Extend_In_Unmarshal(NV_Extend_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_SetBits_In_Unmarshal(NV_SetBits_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_WriteLock_In_Unmarshal(NV_WriteLock_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_GlobalWriteLock_In_Unmarshal(NV_GlobalWriteLock_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_Read_In_Unmarshal(NV_Read_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 NV_Read_Out_Marshal(NV_Read_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC NV_ReadLock_In_Unmarshal(NV_ReadLock_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_ChangeAuth_In_Unmarshal(NV_ChangeAuth_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC NV_Certify_In_Unmarshal(NV_Certify_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); UINT16 NV_Certify_Out_Marshal(NV_Certify_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); #endif ./utils/policynv.c0000644000175000017500000002334513075204375012347 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyNV */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policynv.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyNV_In in; char hierarchyChar = 0; const char *authPassword = NULL; /* default no password */ TPMI_RH_NV_INDEX nvIndex = 0; TPMI_SH_POLICY policySession = 0; const char *operandBData = NULL; const char *operandBFilename = NULL; uint16_t offset = 0; /* default 0 */ TPM_EO operation = 0; /* default A = B */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (nvIndex == 0) { printf("Missing NV index handle parameter -ha\n"); printUsage(); } if (policySession == 0) { printf("Missing policy session handle parameter -hs\n"); printUsage(); } if ((operandBData == NULL) && (operandBFilename == NULL)) { printf("operandB data string or data file must be specified\n"); printUsage(); } if ((operandBData != NULL) && (operandBFilename != NULL)) { printf("operandB data string and data file cannot both be specified\n"); printUsage(); } if (rc == 0) { if (hierarchyChar == 'o') { in.authHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else if (hierarchyChar == 0) { in.authHandle = nvIndex; } else { printf("Missing or illegal -hi\n"); printUsage(); } } if (rc == 0) { in.nvIndex = nvIndex; in.policySession = policySession; in.offset = offset; in.operation = operation; } if (operandBData != NULL) { rc = TSS_TPM2B_StringCopy(&in.operandB.b, operandBData, sizeof(TPMU_HA)); } if (operandBFilename != NULL) { rc = TSS_File_Read2B(&in.operandB.b, sizeof(TPMU_HA), operandBFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyNV, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policynv: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policynv: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policynv\n"); printf("\n"); printf("Runs TPM2_PolicyNV\n"); printf("\n"); printf("\t[-hi hierarchy authHandle (o, p)]\n"); printf("\t\tdefault NV index\n"); printf("\t-ha NV index handle (operand A)\n"); printf("\t[-pwda password for authorization (default empty)]\n"); printf("\t-hs policy session handle\n"); printf("\t-ic data string (operandB)\n"); printf("\t-if data file (operandB) \n"); printf("\t[-off offset (default 0)]\n"); printf("\t-op operation (default A = B)\n"); printf("\t\t0 A = B \n"); printf("\t\t1 A != B \n"); printf("\t\t2 A > B signed \n"); printf("\t\t3 A > B unsigned \n"); printf("\t\t4 A < B signed \n"); printf("\t\t5 A < B unsigned \n"); printf("\t\t6 A >= B signed \n"); printf("\t\t7 A >= B unsigned \n"); printf("\t\t8 A <= B signed \n"); printf("\t\t9 A <= B unsigned \n"); printf("\t\tA All bits SET in B are SET in A. ((A&B)=B) \n"); printf("\t\tB All bits SET in B are CLEAR in A. ((A&B)=0) \n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/powerup.c0000644000175000017500000001015513055132457012177 0ustar lo1lo1/********************************************************************************/ /* */ /* Simulator Power up */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: powerup.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include /* FIXME should really be in tpmtcpprotocol.h */ #ifdef TPM_WINDOWS #include /* for simulator startup */ #endif #include #include #include /* for simulator power up */ static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include #include #include static void printRsaDecrypt(RSA_Decrypt_Out *out); static TPM_RC padData(uint8_t **buffer, size_t *padLength, TPMI_ALG_HASH halg, TPMI_RSA_KEY_BITS keyBits); static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; RSA_Decrypt_In in; RSA_Decrypt_Out out; TPMI_DH_OBJECT keyHandle = 0; const char *encryptFilename = NULL; const char *decryptFilename = NULL; const char *keyPassword = NULL; TPMI_ALG_HASH halg = TPM_ALG_NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; uint16_t written; size_t length; /* input data */ uint8_t *buffer = NULL; /* for the free */ uint8_t *buffer1 = NULL; /* for marshaling */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (keyHandle == 0) { printf("Missing handle parameter -hk\n"); printUsage(); } if (encryptFilename == NULL) { printf("Missing encrypted message -ie\n"); printUsage(); } if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, encryptFilename); } /* if an OID was requested, treat the encryptFilename as a hash to be signed */ if ((rc == 0) && (halg != TPM_ALG_NULL)) { rc = padData(&buffer, /* realloced to fit */ &length, /* resized for OID and pad */ halg, 2048); /* hard coded RSA-2048 */ /* FIXME use readpublic and get bit size or maybe byte size */ } if (rc == 0) { /* Handle of key that will perform rsa decrypt */ in.keyHandle = keyHandle; /* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ { in.cipherText.t.size = length; memcpy(in.cipherText.t.buffer, buffer, length); } /* padding scheme */ { /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ in.inScheme.scheme = TPM_ALG_NULL; } /* label */ { /* Table 73 - Definition of TPM2B_DATA Structure */ in.label.t.size = 0; } } free (buffer); buffer = NULL; /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_RSA_Decrypt, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (decryptFilename != NULL)) { written = 0; rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&out.message, &written, NULL, NULL); } if ((rc == 0) && (decryptFilename != NULL)) { buffer = realloc(buffer, written); buffer1 = buffer; written = 0; rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&out.message, &written, &buffer1, NULL); } if ((rc == 0) && (decryptFilename != NULL)) { rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t), written - sizeof(uint16_t), decryptFilename); } free(buffer); if (rc == 0) { if (verbose) printRsaDecrypt(&out); if (verbose) printf("rsadecrypt: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("rsadecrypt: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static TPM_RC padData(uint8_t **buffer, size_t *padLength, TPMI_ALG_HASH halg, TPMI_RSA_KEY_BITS keyBits) { TPM_RC rc = 0; uint16_t digestSize; const uint8_t *oid; uint16_t oidSize; const uint8_t sha1Oid[] = {SHA1_DER}; const uint8_t sha256Oid[] = {SHA256_DER}; const uint8_t sha384Oid[] = {SHA384_DER}; /* check that the original buffer length matches the hash algorithm */ if (rc == 0) { digestSize = TSS_GetDigestSize(halg); if (digestSize == 0) { printf("padData: Unsupported hash algorithm %04x\n", halg); rc = TPM_RC_HASH; } } if (rc == 0) { if (digestSize != *padLength) { unsigned long pl = *padLength; printf("paddata: hash algorithm length %u not equal data length %lu\n", digestSize, pl); rc = TPM_RC_VALUE; } } /* realloc the buffer to the key size in bytes */ if (rc == 0) { *padLength = keyBits / 8; rc = TSS_Realloc(buffer, *padLength); } /* determine the OID */ if (rc == 0) { switch (halg) { case TPM_ALG_SHA1: oid = sha1Oid; oidSize = SHA1_DER_SIZE; break; case TPM_ALG_SHA256: oid = sha256Oid; oidSize = SHA256_DER_SIZE; break; case TPM_ALG_SHA384: oid = sha384Oid; oidSize = SHA384_DER_SIZE; break; default: printf("padData: Unsupported hash algorithm %04x\n", halg); rc = TPM_RC_HASH; } } if (rc == 0) { /* move the hash to the end */ memmove(*buffer + *padLength - digestSize, *buffer, digestSize); /* prepend the OID */ memcpy(*buffer + *padLength - digestSize - oidSize, oid, oidSize); /* prepend the PKCS1 pad */ (*buffer)[0] = 0x00; (*buffer)[1] = 0x01; memset(&(*buffer)[2], 0xff, *padLength - 3 - oidSize - digestSize); (*buffer)[*padLength - oidSize - digestSize - 1] = 0x00; if (verbose) TSS_PrintAll("padData: padded data", *buffer, *padLength); } return rc; } static void printRsaDecrypt(RSA_Decrypt_Out *out) { TSS_PrintAll("outData", out->message.t.buffer, out->message.t.size); } static void printUsage(void) { printf("\n"); printf("rsadecrypt\n"); printf("\n"); printf("Runs TPM2_RSA_Decrypt\n"); printf("\n"); printf("\t-hk key handle\n"); printf("\t-pwdk password for key (default empty)\n"); printf("\t-ie encrypt file name\n"); printf("\t-od decrypt file name (default do not save)\n"); printf("\t[-oid (sha1, sha256, sha384) optionally add OID and PKCS1 padding\n"); printf("\t\tto the encrypt data (demo of signing with arbitrary OID)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/getsessionauditdigest.c0000644000175000017500000002620113075204375015110 0ustar lo1lo1/********************************************************************************/ /* */ /* GetSessionAuditDigest */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: getsessionauditdigest.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); static void printSignature(GetSessionAuditDigest_Out *out); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; GetSessionAuditDigest_In in; GetSessionAuditDigest_Out out; const char *privacyAdminPassword = NULL; TPMI_DH_OBJECT signHandle = 0; const char *signPassword = NULL; TPMI_SH_HMAC sessionHandle = 0; TPMI_ALG_HASH halg = TPM_ALG_SHA256; const char *signatureFilename = NULL; const char *attestInfoFilename = NULL; const char *qualifyingDataFilename = NULL; TPMS_ATTEST tpmsAttest; const char *sessionDigestFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RS_PW; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (sessionHandle == 0) { printf("Missing session handle parameter -hs\n"); printUsage(); } if (signHandle == 0) { printf("Missing sign handle parameter -hk\n"); printUsage(); } if (rc == 0) { /* Handle of key that authorizes the audit */ in.privacyAdminHandle = TPM_RH_ENDORSEMENT; in.signHandle = signHandle; in.sessionHandle = sessionHandle; /* Table 145 - Definition of TPMT_SIG_SCHEME Structure */ in.inScheme.scheme = TPM_ALG_RSASSA; /* Table 144 - Definition of TPMU_SIG_SCHEME Union */ /* Table 142 - Definition of {RSA} Types for RSA Signature Schemes */ /* Table 135 - Definition of TPMS_SCHEME_HASH Structure */ in.inScheme.details.rsassa.hashAlg = halg; } /* data supplied by the caller */ if (rc == 0) { if (qualifyingDataFilename != NULL) { rc = TSS_File_Read2B(&in.qualifyingData.b, sizeof(TPMT_HA), qualifyingDataFilename); } else { in.qualifyingData.t.size = 0; } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_GetSessionAuditDigest, sessionHandle0, privacyAdminPassword, sessionAttributes0, sessionHandle1, signPassword, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { uint8_t *tmpBuffer = out.auditInfo.t.attestationData; int32_t tmpSize = out.auditInfo.t.size; rc = TPMS_ATTEST_Unmarshal(&tpmsAttest, &tmpBuffer, &tmpSize); if (verbose) TSS_TPMS_ATTEST_Print(&tpmsAttest, 0); } if (rc == 0) { int match; match = TSS_TPM2B_Compare(&in.qualifyingData.b, &tpmsAttest.extraData.b); if (!match) { printf("getsessionauditdigest: failed, extraData != qualifyingData\n"); rc = EXIT_FAILURE; } } if ((rc == 0) && (signatureFilename != NULL)) { rc = TSS_File_WriteStructure(&out.signature, (MarshalFunction_t)TSS_TPMT_SIGNATURE_Marshal, signatureFilename); } if ((rc == 0) && (attestInfoFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.auditInfo.t.attestationData, out.auditInfo.t.size, attestInfoFilename); } if ((rc == 0) && (sessionDigestFilename != NULL)) { rc = TSS_File_WriteBinaryFile(tpmsAttest.attested.sessionAudit.sessionDigest.t.buffer, tpmsAttest.attested.sessionAudit.sessionDigest.t.size, sessionDigestFilename); } if (rc == 0) { if (verbose) printSignature(&out); if (verbose) printf("getsessionauditdigest: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("getsessionauditdigest: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printSignature(GetSessionAuditDigest_Out *out) { TSS_PrintAll("Signature", out->signature.signature.rsassa.sig.t.buffer, out->signature.signature.rsassa.sig.t.size); } static void printUsage(void) { printf("\n"); printf("getsessionauditdigest\n"); printf("\n"); printf("Runs TPM2_GetSessionAuditDigest\n"); printf("\n"); printf("\t[-pwde endorsement hierarchy password (default empty)]\n"); printf("\t-hk signing key handle\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t-hs audit session handle\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-qd qualifying data file name]\n"); printf("\t[-os signature file name (default do not save)]\n"); printf("\t[-oa attestation output file name (default do not save)]\n"); printf("\t[-od session digest file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/nvsetbits.c0000644000175000017500000001564313055132457012526 0ustar lo1lo1/********************************************************************************/ /* */ /* NV SetBits */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvsetbits.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_SetBits_In in; TPMI_RH_NV_INDEX nvIndex = 0; const char *nvPassword = NULL; /* default no password */ TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); in.bits = 0; /* default no bits */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (rc == 0) { in.authHandle = nvIndex; in.nvIndex = nvIndex; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_SetBits, sessionHandle0, nvPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvsetbits: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvsetbits: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvsetbits\n"); printf("\n"); printf("Runs TPM2_NV_SetBits\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdn password for NV index (default empty)\n"); printf("\t-bit bit to set, can be specified multiple times\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/clear.c0000644000175000017500000001516013075204375011566 0ustar lo1lo1/********************************************************************************/ /* */ /* Clear */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: clear.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Clear_In in; char authHandleChar = 0; const char *authPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (authHandleChar == 'l') { in.authHandle = TPM_RH_LOCKOUT; } else if (authHandleChar == 'p') { in.authHandle = TPM_RH_PLATFORM; } else { printf("Missing or illegal -hi\n"); printUsage(); } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Clear, sessionHandle0, authPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("clear: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("clear: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("clear\n"); printf("\n"); printf("Runs TPM2_Clear\n"); printf("\n"); printf("\t-hi authhandle hierarchy (l, p)\n"); printf("\t\tl lockout, p platform\n"); printf("\t-pwda authorization password (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/eventextend.c0000644000175000017500000001617713070736653013046 0ustar lo1lo1/********************************************************************************/ /* */ /* Extend an EVENT measurement file into PCRs */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: eventextend.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* eventextend is test/demo code. It parses a TPM2 event log file and extends the measurements into TPM PCRs. This simulates the actions that would be performed by BIOS / firmware in a hardware platform. */ #include #include #include #include #include #include "eventlib.h" /* local prototypes */ static void printUsage(void); int verbose = FALSE; int main(int argc, char * argv[]) { TPM_RC rc = 0; int i = 0; TSS_CONTEXT *tssContext = NULL; const char *infilename = NULL; FILE *infile = NULL; TCG_PCR_EVENT2 event2; /* TPM 2.0 event log entry */ TCG_PCR_EVENT event; /* TPM 1.2 event log entry */ TCG_EfiSpecIDEvent specIdEvent; unsigned int lineNum; int endOfFile = FALSE; PCR_Extend_In in; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; i [-v]\n"); printf("\n"); printf("Extends a measurement file (binary) into TPM PCRs\n"); printf("\n"); printf(" Where the arguments are...\n"); printf(" -if is the file containing the data to be extended\n"); printf("\n"); exit(-1); } ./utils/certificates/0000751000175000017500000000000013133212566012766 5ustar lo1lo1./utils/certificates/cacert.pem0000644000175000017500000000234112723342525014741 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDbDCCAlKgAwIBAgIJALbpb8xivmmsMA0GCSqGSIb3DQEBBQUAMEsxCzAJBgNV BAYTAlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoM A0lCTTEOMAwGA1UEAwwFRUsgQ0EwHhcNMTYwNTIzMTkwNjExWhcNMjYwMjIwMTkw NjExWjBLMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 b3duMQwwCgYDVQQKDANJQk0xDjAMBgNVBAMMBUVLIENBMIIBIzANBgkqhkiG9w0B AQEFAAOCARAAMIIBCwKCAQICsUzdWU1yjZNL5QeJU/emaKBbOuHvZqdCvApjGM+T 31XO1s52BkxRtOjULxd+xiK0xogdxDwwsnh/o/YR9zmj7aDVFz068WCEBvjKkClf KOk+1VpdAFzni+NNYMNESNul3ZWwEzpfBmghI7zJQrUBh1rn27PC9OtfTFhONzRT XPq5K2vScvU3Wz0papT4+hEmsd8YyhMYJr00cjV2bDzphZ7wg9YNNpUMJZ4yipYy 4XLG+HVPb9DyERFQNpDooA/ZhCZVT8auDbdSvYyrO9q+Uxz30UeqXK3YnDCyk00k JCBWmf3TobjWMKwZO3gUIRMrBuJ7UsEtkkh8+jLaJ7Qcl68CAwEAAaNQME4wHQYD VR0OBBYEFMSPNuKcE6FeRlRc+DKJeakTyaDpMB8GA1UdIwQYMBaAFMSPNuKcE6Fe RlRc+DKJeakTyaDpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEDAAFr xBCzqiAkYNofYGNidpGrkiP2T3xj/hUx57HjVVoWNlVDBGsxbnoB+WlBqzApJLZC /XZs/zuvS4bnMiSUEw2v8v3/sAqkzMJN7VOg0US1etNjPSrlBmSeun/6HX0C+5M2 wQ836P6Y49PePvJO6zGdxJ9SlZ8jKNgtQgQKyUSViSEj0N09CndQJMnOPYIYhc+T /9/HPaNMymHu7Hep0/NgASoLnm8LzP+nzmR286L4DeZ47hKBHMbnTeNNlodEjh92 AyI4yaGKjujRjPokTHWUWjFt6t1VXn1cc6Sdpj2YVeFCjkjB9NmDV+Msv9h4UAqy K0wEax/1fsWqDeoom5I1NA== -----END CERTIFICATE----- ./utils/certificates/NationZEkMfrCA002.crt0000644000175000017500000000222413122273450016436 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDMzCCArmgAwIBAgICEAEwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3 MDUxNDAwMDAwMFoXDTM3MDUxNDAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB IDAwMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABLq7H/y6uXdkXZWYlGAHJGjaPsS6 cnLxp+oMnOQhr/wuTviTiCWA7gFaPOeEg5JSC944VG54M+JS0jKnlM38CMPWBKQQ nNEaWWMkJbhI/DychOqZ9bHVN0DmsrBWeSzFdKOCASEwggEdMEsGCCsGAQUFBwEB BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFAPRzeQ46j2zTZQxgcHNUX1ogGLv MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2gA MGUCMFWbhtvZOP+xqrxC2N5ArgiBBfheFTWM5rectLY50LQJpOMaiVSFs72PUrhz IFX6ewIxAPL7H/hDyflrnB1kUrcbMaRxjuV8xP6h6bT6hrz5x4Y+nORKkxbz2KLU G3zS/IDHOQ== -----END CERTIFICATE----- ./utils/certificates/NationZEkRootCA.crt0000644000175000017500000000151713122273450016417 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICRDCCAcqgAwIBAgIBATAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJDTjEhMB8G A1UECgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256 IFRQTSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwHhcNMTcw NTEyMDAwMDAwWhcNNDcwNTEzMDAwMDAwWjBrMQswCQYDVQQGEwJDTjEhMB8GA1UE CgwYTmF0aW9ueiBUZWNobm9sb2dpZXMgSW5jMRswGQYDVQQLDBJOYXRpb256IFRQ TSBEZXZpY2UxHDAaBgNVBAMME05hdGlvbnogVFBNIFJvb3QgQ0EwdjAQBgcqhkjO PQIBBgUrgQQAIgNiAATvuDTN8TNvp3A9fSjWpDARLmvz7ItQrDq/mmuzvzInwQfs YKUUJza4MXB3yS0PH1jjv1YMvaIBIalAgc+kahScQUy6W2fy6hd36pazmc/vQfG3 Gdhw56gGwRHx4rn4TuqjQjBAMB0GA1UdDgQWBBQ6vP8I314BDCtkB4vHzpUG9Aj9 5DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNo ADBlAjApzqSmd4cCMKC7slJ4NE/7zweXZx89JzSEnEWGcq78jbbXCw6yM+R4nCNX phflI9QCMQCeFOAvyR+DQvThfGFINABej+1zeDVIjuZHat3FHVyV0UQVClPgMlZu TntipXwGOVY= -----END CERTIFICATE----- ./utils/certificates/IntelEKIntermediate.pem0000644000175000017500000000251713115775542017340 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDvjCCA2SgAwIBAgIUbOv9CbWie5MIiWFjQaGYw+NfG50wCgYIKoZIzj0EAwIw gYcxCzAJBgNVBAYMAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xh cmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMSEwHwYDVQQLDBhUUE0gRUsg cm9vdCBjZXJ0IHNpZ25pbmcxFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wHhcNMTUw MzI0MDAwMDAwWhcNNDkxMjMxMjM1OTU5WjCBlTELMAkGA1UEBgwCVVMxCzAJBgNV BAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29y cG9yYXRpb24xLzAtBgNVBAsMJlRQTSBFSyBpbnRlcm1lZGlhdGUgZm9yIFNQVEhf RVBJRF9QUk9EMRYwFAYDVQQDDA13d3cuaW50ZWwuY29tMFkwEwYHKoZIzj0CAQYI KoZIzj0DAQcDQgAEryzECW6qpKxLE8m3YQwVO+oiea9EkzNEVxDAA/IOaq+u1MMY W1POaBQFO17J57eFLmTfC3pCtaBnB9mWsjFhzqOCAZwwggGYMB8GA1UdIwQYMBaA FOhSBcJP2NLVpSFHFrbODHtbuncPMB0GA1UdDgQWBBRec8iao+kCsnK58HQffYcw 4+xySjASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBBjATBgNVHSUB Af8ECTAHBgVngQUIATBwBgNVHSABAf8EZjBkMGIGCiqGSIb4TQEFAgEwVDBSBggr BgEFBQcCARZGaHR0cDovL3VwZ3JhZGVzLmludGVsLmNvbS9jb250ZW50L0NSTC9l a2NlcnQvRUtjZXJ0UG9saWN5U3RhdGVtZW50LnBkZjBcBggrBgEFBQcBAQRQME4w TAYIKwYBBQUHMAKGQGh0dHA6Ly91cGdyYWRlcy5pbnRlbC5jb20vY29udGVudC9D UkwvZWtjZXJ0L0VLUm9vdFB1YmxpY0tleS5jZXIwTQYDVR0fBEYwRDBCoECgPoY8 aHR0cDovL3VwZ3JhZGVzLmludGVsLmNvbS9jb250ZW50L0NSTC9la2NlcnQvRUtf UGxhdGZvcm0uY3JsMAoGCCqGSM49BAMCA0gAMEUCIEwoRGZXyGrOi5c5XQ0sogO0 7nKarDdxCHJjJmfB2j98AiEAzEpP1ysDBAD6k97Y0XVrqn4srCNv6132mRKeSw16 wMk= -----END CERTIFICATE----- ./utils/certificates/stmtpmekint03.pem0000644000175000017500000000254313031000504016203 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDzDCCArSgAwIBAgIEAAAAAzANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g VFBNIEVLIFJvb3QgQ0EwHhcNMTIwNjEzMDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMzCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKUVK0+9LHDAyaDdkZ9I3c3itcDJmIz/OwTs 2ET2zAA1bE4BtSRj3rUXnzas8MBtRXQyfDdXIpL80PJywtRep/IujY0YqmI1TCee A76SIPDDgi0W3h6hwTC1mvxW4I8i8ZAqB/iB6+o3A7rapZTsvfj9FwkhG6Fnafc+ dvNI4nVdu6L5TBhp73HnJvVvjs6YfzRcYi6LXCpUZtQQk8DcKYLmID2W9Tm1QjR6 COh/xuJIo0bWGlBfUq3X92ilID1wuGi27JLveoOk5tHh0lkBhwV1XYEhdUifroPE qylX9pqZk5SseiQ6XBzYX5K4ZIqODSMWX92G+tBpkL/Rb7MpM3kCAwEAAaOBrjCB qzAdBgNVHQ4EFgQUAFamENU9GzttvRQJSy3Ofh91btAwHwYDVR0jBBgwFoAUb+bF bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B Af8EBAMCAAQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA r+6/YK4mwW6rb7k4XG0M5rn/GrBmzwo0GCwfa71xYY8llCyH9YxL8Ca4W41v/TuW bFjkMcXSBWb8qu4C7ZDiZKqzQfFDhBB+JmBTvMQHMU8V9qzNv068v76g+aBOorQT OgqK+0lENNcTYmOsoH0tFNg2FlQ7LglwZ1A660fE6uDAMtrH5Ndm80itkfXyDO4j foXHbApABt/bbcdaIlmCOLVMk5lLEMWLm33yjAytprZf0ieZ6k64OLTM9elTjVUO BqWT3ZleTP6sJWZRLQL6OLDau787y8m9av+brgo+1NQuRAl/0JbZMv99H2OuH2Fu JblyNv8zJhoOs5XK9RRtJw== -----END CERTIFICATE----- ./utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem0000644000175000017500000000375112723342525021347 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn 25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl 8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2 7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1 bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu 81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2 DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM 6sJa8iBpdRjZrBp5sJBI -----END CERTIFICATE----- ./utils/certificates/stmtpmekint05.pem0000644000175000017500000000254313031000504016205 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDzDCCArSgAwIBAgIEAAAABjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g VFBNIEVLIFJvb3QgQ0EwHhcNMTUxMDE0MDAwMDAwWhcNMzUxMjMxMDAwMDAwWjBV MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALVW5ScoSiCyneCNrPfMobJiouF4syrDrCax nTycQfJS4CsZwcaFEaZqKvuqwfNEk/L7dX4mc2e7wRQphYjtrXblzCAUcgSaMtae Pjqb6tHOSEDScU3++NHGcJZfnb5UJErab6eNrc7DPTuqfx1C2OX212SRs+mBb0mr v6GU1EsPiJGl+joegKA8sJk0BwL4g4LlxNKCRU5EL2/hoxKbhLi//BG9drWZejOY aRBlWloF50vhwqnRsReSEWwO2HN7G0RPdVPbu6u2Ay+Qb3+/jAxHDIm5KKa7+tQd /Ck9Jicmldm+cT5b6lgy0eLWBVzvVjuqSuYoVLuc2mDEAmAWga0CAwEAAaOBrjCB qzAdBgNVHQ4EFgQUGtuZSrWL5XoMybkA54UeGkPAhmAwHwYDVR0jBBgwFoAUb+bF bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B Af8EBAMCAAQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA s1Ho4XNUCXRydwoAuUv1IYbFwYtTuHttqh2PQP3CnTP+9EMvCqdI0ZmcEd/InoRD j/deWJkTREC/temOehytSaP2uZD05p4fdL4l4wGAjjpZ5b96kTyUQ93LBdX3rNlb rBVg5Vm1dIyHMcLC4aNfl+QlVpPGKuI6j2BK0UZc3OT68YgM6CIovwiuq5jAJKZ6 oP0r8rKR1e+SP3rZMHYn8IQ170/Cl4vXIae+LsKQwwaAHvM3Lol098/8fJSS8YFB MrdeC/jIPk9Eel0K0HQtvhnfxf2CRorovWtaJvPGbzfQvOfmu8qtqgozWmdAwchF unKGKUKWuLJF0H2huxOv/g== -----END CERTIFICATE----- ./utils/certificates/stmtpmekint01.pem0000644000175000017500000000254313031000504016201 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDzDCCArSgAwIBAgIEAAAAATANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g VFBNIEVLIFJvb3QgQ0EwHhcNMDkwNzI4MDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAJQYnWO8iw955vWqakWNr3YyazQnNzqV97+l Qa+wUKMVY+lsyhAyOyXO31j4+clvsj6+JhNEwQtcnpkSc+TX60eZvLhgZPUgRVuK B9w4GUVyg/db593QUmP8K41Is8E+l32CQdcVh9go0toqf/oS/za1TDFHEHLlB4dC joKkfr3/hkGA9XJaoUopO2ELt4Otop12aw1BknoiTh1+YbzrZtAlIwK2TX99GW3S IjaCi+fLoXyK2Fmx8vKnr9JfNL888xK9BQfhZzKmbKm/eLD1e1CFRs1B3z2gd3ax pW5j1OIkSBMOIUeip5+7xvYo2gor5mxatB+rzSvrWup9AwIcymMCAwEAAaOBrjCB qzAdBgNVHQ4EFgQU88kVdKbnc/8TvwxrrXp7Zc8ceCAwHwYDVR0jBBgwFoAUb+bF bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B Af8EBAMCAAQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA uZqViou3aZDGvaAn29gghOkj04SkEWViZR3dU3DGrA+5ZX+zr6kZduus3Hf0bVHT I318PZGTml1wm6faDRomE8bI5xADWhPiCQ1Gf7cFPiqaPkq7mgdC6SGlQtRAfoP8 ISUJlih0UtsqBWGql4lpk5G6YmvAezguWmMR0/O5Cx5w8YKfXkwAhegGmMGIoJFO oSzJrS7jK2GnGCuRG65OQVC5HiQY2fFF0JePLWG/D56djNxMbPNGTHF3+yBWg0DU 0xJKYKGFdjFcw0Wi0m2j49Pv3JD1f78c2Z3I/65pkklZGu4awnKQcHeGIbdYF0hQ LtDSBV4DR9q5GVxSR9JPgQ== -----END CERTIFICATE----- ./utils/certificates/stmtpmekint02.pem0000644000175000017500000000254313031000504016202 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDzDCCArSgAwIBAgIEAAAABTANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g VFBNIEVLIFJvb3QgQ0EwHhcNMTEwMTIxMDAwMDAwWhcNMjkxMjMxMDAwMDAwWjBV MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwMjCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAJO3ihn/uHgV3HrlPZpv8+1+xg9ccLf3pVXJ oT5n8PHHixN6ZRBmf/Ng85/ODZzxnotC64WD8GHMLyQ0Cna3MJF+MGJZ5R5JkuJR B4CtgTPwcTVZIsCuup0aDWnPzYqHwvfaiD2FD0aaxCnTKIjWU9OztTD2I61xW2LK EY4Vde+W3C7WZgS5TpqkbhJzy2NJj6oSMDKklfI3X8jVf7bngMcCR3X3NcIo349I Dt1r1GfwB+oWrhogZVnMFJKAoSYP8aQrLDVl7SQOAgTXz2IDD6bo1jga/8Kb72dD h8D2qrkqWh7Hwdas3jqqbb9uiq6O2dJJY86FjffjXPo3jGlFjTsCAwEAAaOBrjCB qzAdBgNVHQ4EFgQUVx+Aa0fM55v6NZR87Yi40QBa4J4wHwYDVR0jBBgwFoAUb+bF bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B Af8EBAMCAAQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA Z0ndTDcOJ+N2Bd3jN1PrK7XVYFA1F8k32nMghdw0EKZpKiXq2cZxN3ddpZ1p59Ob 7HdoAab6u+iRAgECltO8IAD8ErSCgALHdBJAFE8U1VNiRoyu/HRtQI4sIBxNvDNk 5wJFjGHIBaOoIQwcKJ7jsSEp7Q2nRgJMLzC3ASCtYfnUd3nVXb9BLKw+Vow9NHUj Rkch3aiOw1UinsV5Wan7ACR4tiz1Wei7WZJaVvichlh1h9IPbsp9q+9JI6eLK2op Ftb19uKLOcqFqGPzGT8I11EM9+dwxBAkdP5RGV7SxDsmypp/jSGm8z/1GVjxHMmR xrLFG6E70rpI/l63rlv52Q== -----END CERTIFICATE----- ./utils/certificates/rootcerts.txt0000644000175000017500000000412713122273450015560 0ustar lo1lo1/gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonECCChain010.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/InfineonRSAChain010.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NuvotonTPMRootCA0100.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NuvotonTPMRootCA1110.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NuvotonTPMRootCA2110.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/cacert.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/cacertecc.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/gstpmroot.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmeccint01.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmeccroot01.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint01.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint02.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint03.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint04.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekint05.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/stmtpmekroot.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/tpmeccroot.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IntelEKIntermediate.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/IntelEKRootCA.pem /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkMfrCA001.crt /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkMfrCA002.crt /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkMfrCA003.crt /gsa/yktgsa-h1/02/kgold/tpm2/utils/certificates/NationZEkRootCA.crt ./utils/certificates/InfineonOPTIGARSAManufacturingCA010.pem0000644000175000017500000000376512723342525021703 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIEJl+qTzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODIyWhcNMzUwODI3MTIyODIyWjCBgzEL MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAwEtScKQB4zjh2Ci7OOxmnIhSVCncEZYYc9daievb XPn8fsWp39O9RG+27tGWQgTrxtNnm12dOEVUWCG2azr3o1DREr/ESOHQ8/3kXhY2 86DmGZS4M02rya7uv+DWcKuZi9KR3NmbFHfqp2zp9S9xjUaugDVQYqsFJ2EYC89J 7obFHcfw0KYiUili1NDGzcYnnTSKhKPTsVloTezq6HgqeZArkOX/O1NIZX9RRpAb DnJ8GgVLqZ4gCkbFTbA9FY1S5fQsTTU3nv7HB7LkAsY+BPNbOjY4nq8nLc3LP4x1 wj7iisx9Icn/fIgFldYFDHy09hlOQntWM94hLXIT0nc/1QIDAQABo4IBODCCATQw VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E FgQU2KP1VghaaMiqXV/gebzG6cbTd2QwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB /wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAo2BsBPPBEiXO /fp4Lj00Dz+nb4g0SZLC0zIp0xvzM/ibGZufYb854+kq9RY1SeFz7It+DVOgdoCh GdFc6CXHqZdZoFpFkQY7I31OPkzy65uQnIzsRLce+Ct4Lts5+I0XHDpxtGOCLaWo Ms1bTleWljsxgmw3CWY9V14tIF5dEEmnUgjgbDo7Ai5nLahgfqNU4XfXK9zSRX+R V0IiYDVFDQqfzJ4GroB4ttYthzr1x1e+vJd4Bh9ErF3v9L8cCthKytOwu65npYBG UGH+aWRoaX/3pROjXEZFhFHfNETFc+gVXesIfYeJJQPygudADNYfVtAsDF4qx3JT UUlgmzC3z7YivGGBD1Uoj2b7x1DCCy0x0v8ibXbgd7nT0g6a0lZGt4i4gvbUUbEm 463Vr8Bb1XgA5bsbevUdR8SmuIY0PiS7qioQs4cRGagOSVG0MlKtDD9E/jZ5PUZI RpTduKG/lLwH0HHeNgKmDt/pTQWa4/sUgp/KHqg1E82J7sCu4vB/Bk1pTybe4GV/ YDSc1NGABsWRzZnrIHrIVsXYM5rQzV9+/+BxRmhEqUVUGNzsFYW/RRieNWyojYG6 v54K9BtAELt1tWXBDE/2Np/RFZQNeEFh2pkLxRNOXytuVoXwII7QNr4TDef2PmE+ thsvOkC60E8ZEsKZ8GU3Q32lT5CExWI= -----END CERTIFICATE----- ./utils/certificates/gstpmroot.pem0000644000175000017500000000255713031000504015524 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIID1zCCAr+gAwIBAgILBAAAAAABIBkJGa4wDQYJKoZIhvcNAQELBQAwgYcxOzA5 BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwMzE4MTAw MDAwWhcNNDkwMzE4MTAwMDAwWjCBhzE7MDkGA1UECxMyR2xvYmFsU2lnbiBUcnVz dGVkIENvbXB1dGluZyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxEzARBgNVBAoTCkds b2JhbFNpZ24xMzAxBgNVBAMTKkdsb2JhbFNpZ24gVHJ1c3RlZCBQbGF0Zm9ybSBN b2R1bGUgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPi3 Gi0wHyTT7dq24caFAp31gXFDvALRGJrMiP+TunIYPacYD8eBVSNEiVoCUcVfYxzl /DPTxmRyGXgQM8CVh9THrxDTW7N2PSAoZ7fvlmjTiBL/IQ7m1F+9wGI/FuaMTphz w6lBda7HFlIYKTbM/vz24axCHLzJ8Xir2L889D9MMIerBRqouVsDGauH+TIOdw4o IGKhorqfsDro57JHwViMWlbB1Ogad7PBX5X/e9GDNdZTdo4c0bZnKO+dEtzEgKCh JmQ53Mxa9y4xPMGRRnjLsyxuM99vkkYXy7rnxctSo7GtGIJJVabNuXZ0peaY9ku0 CUgKAsQndLkTHz8bIh0CAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB /wQFMAMBAf8wHQYDVR0OBBYEFB4jY/CFtfYlTu0awFC+ZXzH1BV6MA0GCSqGSIb3 DQEBCwUAA4IBAQCVb7lI4d49u7EtCX03/rUCCiaZ64NMxxqRmcSVdUx6yRrbl8NN FNr6ym2kTvwe1+JkTCiDxKzJsOR/jcPczAFiYpFbZQYLA6RK0bzbL9RGcaw5LLhY o/flqsu3N2/HNesWbekoxLosP6NLGEOnpj1B+R3y7HCQq/08U5l3Ete6TRKTAavc 0mty+uCFtLXf+tirl7xSaIGD0LwcYNdzLEB9g4je6FQSWL0QOXb+zR755QYupZAw G1PnOgYWfqWowKcQQexFPrKGlzh0ncITV/nBEi++fnnZ7TFiwaKwe+WussrROV1S DDF29dmoMcbSFDL+DgSMabVT6Qr6Ze1rbmSh -----END CERTIFICATE----- ./utils/certificates/.cvsignore0000644000175000017500000000003112734525231014766 0ustar lo1lo1*.dump *.der *.cer *.crt ./utils/certificates/tpmeccroot.pem0000644000175000017500000000174513031000504015643 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICszCCAjqgAwIBAgIORdycjBUV21nQRkudeekwCgYIKoZIzj0EAwMwgYsxOzA5 BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE0MTEy NjAwMDAwMFoXDTM4MDExOTAzMTQwN1owgYsxOzA5BgNVBAsTMkdsb2JhbFNpZ24g VHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRMwEQYDVQQK EwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxTaWduIFRydXN0ZWQgUGxhdGZv cm0gTW9kdWxlIEVDQyBSb290IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENTps 86FDUD+bep3kd1U5pnita316zBktOVNWxZQ+Ymua0oaR66ItzHrl19zYSGbW6ar0 1V91kktxWDJ6UFl3MyH3yXKsCHS2O5vxMlfmdRp8tpebMorHtIWf9u1+ctNFo2Mw YTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUYT78 EZkKf7CpW5CgJl4pYUe3MAMwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3 MAMwCgYIKoZIzj0EAwMDZwAwZAIwd02iAb5aN/pQGWdTJ7/lgMhFCuOLGtQ+ocdV /xmoxdIWLtggAuq9fFDfsu/vzeJ7AjAGhdk03AjHpLl0dAp7aCI8D8qupwyYTBaL rSJCZDMHhvNhETbbLu8uEPKt/U6/mGM= -----END CERTIFICATE----- ./utils/certificates/Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem0000644000175000017500000000155712723342525021316 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2 GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+ +O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA== -----END CERTIFICATE----- ./utils/certificates/NationZEkMfrCA003.crt0000644000175000017500000000222413122273450016437 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDMzCCArmgAwIBAgICEAIwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3 MDUxNTAwMDAwMFoXDTM3MDUxNTAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB IDAwMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABCtznQzLxTR4YGov53b3NXkjNBcb iWeC7XsukpYkm61dxCw+bsP+jm1soaN9/WDcodzN8hlBFVYWwL79K+S5w9Xojnik rrnadWfCJ/LwmY1esyjQEmSbCXiukCZGfB8Nq6OCASEwggEdMEsGCCsGAQUFBwEB BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFOuy9OMS5lKcTtDNtoIoWArlID1F MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2gA MGUCMBFkhoH7ATgC8Z9QAsWJ6YZzI9wsXMcLjytBY1Ae9gWkFQEnfrx43gd+/pRl 2Mpy5AIxANhHc4NyRsFsZ828jOUthQIH0A8rckSDwNkoGWGVAuny/S9Gww6k5EM4 EwQq9W0Syw== -----END CERTIFICATE----- ./utils/certificates/InfineonECCChain010.pem0000644000175000017500000000403312723342525016744 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDRzCCAs2gAwIBAgIES+VajjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjEzWhcNMzUwODI3MTIzMjEzWjCBgzELMAkG A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMFkwEwYHKoZIzj0CAQYIKoZI zj0DAQcDQgAEmNM2OAm+Z8nWW8uHW1r2td77f6n1J6nQt8tT4PG6nx/PInVVpo5z CB0wlYJhZT/bwWM5fgaYBe/KsruY7tUea6OCATgwggE0MFcGCCsGAQUFBwEBBEsw STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFB/N+47OQIZ12WPl 5RCNVcmE3Xl6MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwQm072iAm/wOXnhC0Zn632aUqJZESMNfy /iA9jmpWqfiDq3mpIni+nYz8FJ0E5qM2AjEAtFT6U066B4jGvuK2uMDcP8IHxSle pjHLOVkOV0MoZ6CkK4enQu8p0qn1PqNOqSGT -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIICWzCCAeKgAwIBAgIBBDAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEhMB8G A1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJR0Eo VE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUNDIFJv b3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYDVQQG EwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQL DBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShU TSkgRUNDIFJvb3QgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQm1HxLVgvAu1q2 GM+ymTz12zdTEu0JBVG9CdsVEJv/pE7pSWOlsG3YwU792YAvjSy7zL+WtDK40KGe Om8bSWt46QJ00MQUkYxz6YqXbb14BBr06hWD6u6IMBupNkPd9pKjQjBAMB0GA1Ud DgQWBBS0GIXISkrFEnryQDnexPWLHn5K0TAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0T AQH/BAUwAwEB/zAKBggqhkjOPQQDAwNnADBkAjA6QZcV8DjjbPuKjKDZQmTRywZk MAn8wE6kuW3EouVvBt+/2O+szxMe4vxj8R6TDCYCMG7c9ov86ll/jDlJb/q0L4G+ +O3Bdel9P5+cOgzIGANkOPEzBQM3VfJegfnriT/kaA== -----END CERTIFICATE----- ./utils/certificates/stmtpmekint04.pem0000644000175000017500000000254313031000504016204 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDzDCCArSgAwIBAgIEAAAABDANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQGEwJD SDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0g VFBNIEVLIFJvb3QgQ0EwHhcNMTUwMjA2MDAwMDAwWhcNMzkxMjMxMDAwMDAwWjBV MQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMSYw JAYDVQQDEx1TVE0gVFBNIEVLIEludGVybWVkaWF0ZSBDQSAwNDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAMJbZogFS+eKFqDq6zbqCSmU7UbjG/NFVuiC l9xQQeiZ+Xz0cuDDZhOVK2htH3XzjYVuWm2go8dFkWOEADs75LYrU2sTt9WlyZBf uocI0GohEY+KhMaLpZZJGMqr+wIgLKNXgcc7vB7uS+yvmjjjOM17Rxise1yVlN6H IQYMpL55HWzAMs5JS0an6IEdHbc8/2mCZdBtZZTxLq4eER4e4Nt7YqkRHc/nZ1aY utP3aiGIzyPjYFshKlooyvjVv3rutJORSBm4aNKEQUhLWBTnr/eaAj8ey4Bas/Gk 2xKI8kBVxlLm2DruJ1rRFAhfNRH+U6SGC4Av3zx0cYbzc80DjMMCAwEAAaOBrjCB qzAdBgNVHQ4EFgQUzyPllSbkRsP+TxPraG9iTXBTBfIwHwYDVR0jBBgwFoAUb+bF bAe3bIsKgZKDXMtBHvaO0ScwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYB BQUHAgEWIWh0dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8B Af8EBAMCAAQwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkqhkiG9w0BAQsFAAOCAQEA KWBhzRAcQl62E0qXFyA54cm3Tr6zOmlWix4UEbv8QnDAWlidZ6qYtEBLX+MZnytk gyhvFBP/O7C/0ROVDXfK2mqGJyjQ9aZv4xElWsgl9STUJOjm8uzacZ5/FDnximbV lcCaSN8rCETjheU029p1v+KsnlcBcDTQ41skbFWOAhLJTxvDJuSoZcoQTm0ZdfN8 64LiVIZWPQvNFrSmHWVlTqNjavW/GiHtd5crabfpBBC/w4WY/ca697RYEeveqLpZ O8wUmuUzIqmHQl0bUv/7+onvJXfsxggkdnqTN/wvuWeF4pvTD5TQ7GTff+2hk1ms luICIN9ie+MYrXGjrIwVKA== -----END CERTIFICATE----- ./utils/certificates/InfineonOPTIGAECCManufacturingCA010.pem0000644000175000017500000000225412723342525021640 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDRzCCAs2gAwIBAgIES+VajjAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjEzWhcNMzUwODI3MTIzMjEzWjCBgzELMAkG A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMFkwEwYHKoZIzj0CAQYIKoZI zj0DAQcDQgAEmNM2OAm+Z8nWW8uHW1r2td77f6n1J6nQt8tT4PG6nx/PInVVpo5z CB0wlYJhZT/bwWM5fgaYBe/KsruY7tUea6OCATgwggE0MFcGCCsGAQUFBwEBBEsw STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFB/N+47OQIZ12WPl 5RCNVcmE3Xl6MA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF Z4EFCAEwCgYIKoZIzj0EAwMDaAAwZQIwQm072iAm/wOXnhC0Zn632aUqJZESMNfy /iA9jmpWqfiDq3mpIni+nYz8FJ0E5qM2AjEAtFT6U066B4jGvuK2uMDcP8IHxSle pjHLOVkOV0MoZ6CkK4enQu8p0qn1PqNOqSGT -----END CERTIFICATE----- ./utils/certificates/stmtpmekroot.pem0000644000175000017500000000267013031000504016232 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIEDDCCAvSgAwIBAgILBAAAAAABIsFs834wDQYJKoZIhvcNAQELBQAwgYcxOzA5 BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTMwMQYDVQQDEypHbG9iYWxT aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIFJvb3QgQ0EwHhcNMDkwNzI4MTIw MDAwWhcNMzkxMjMxMjM1OTU5WjBKMQswCQYDVQQGEwJDSDEeMBwGA1UEChMVU1RN aWNyb2VsZWN0cm9uaWNzIE5WMRswGQYDVQQDExJTVE0gVFBNIEVLIFJvb3QgQ0Ew ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxBLG5wcB9J0MsiJMreoWQ l21bBN12SSGZPJ3HoPjzcrzAz6SPy+TrFmZ6eUVspsFL/23wdPprqTUtDHi+C2pw k/3dF3/Rb2t/yHgiPlbCshYpi5f/rJ7nzbQ1ca2LzX3saBe53VfNQQV0zd5uM0DT SrmAKU1RIAj2WlZFWXoN4NWTyRtqT5suPHa2y8FlCWMZKlS0FiY4pfM20b5YQ+EL 4zqb9zN53u/TdYZegrfSlc30Nl9G13Mgi+8rtPFKwsxx05EBbhVroH7aKVI1djsf E1MVrUzw62PHik3xlzznXML8OjY//xKeiCWcsApuGCaIAf7TsTRi2l8DNB3rCr1X AgMBAAGjgbQwgbEwDgYDVR0PAQH/BAQDAgIEMBIGA1UdEwEB/wQIMAYBAf8CAQEw HQYDVR0OBBYEFG/mxWwHt2yLCoGSg1zLQR72jtEnMEsGA1UdIAREMEIwQAYJKwYB BAGgMgFaMDMwMQYIKwYBBQUHAgEWJWh0dHA6Ly93d3cuZ2xvYmFsc2lnbi5uZXQv cmVwb3NpdG9yeS8wHwYDVR0jBBgwFoAUHiNj8IW19iVO7RrAUL5lfMfUFXowDQYJ KoZIhvcNAQELBQADggEBAFrKpwFmRh7BGdpPZWc1Y6wIbdTAF6T+q1KwDJcyAjgJ qThFp3xTAt3tvyVrCRf7T/YARYE24DNa0iFaXsIXeQASDYHJjAZ6LQTslYBeRYLb C9v8ZE2ocKSCiC8ALYlJWk39Wob0H1Lk6l2zcUo3oKczGiAcRrlmwV496wvGyted 2RBcLZro7yhOOGr9KMabV14fNl0lG+31J1nWI2hgTqh53GXg1QH2YpggD3b7UbVm c6GZaX37N3z15XfQafuAfHt10kYCNdePzC9tOwirHIsO8lrxoNlzOSxX8SqQGbBI +kWoe5+SY3gdOGGDQKIdw3W1poMN8bQ5x7XFcgVMwVU= -----END CERTIFICATE----- ./utils/certificates/Infineon-OPTIGA(TM)_ECC_Manufacturing_CA_011.crt-C-v01_00-EN.pem0000644000175000017500000000226012723342525025243 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDSDCCAs2gAwIBAgIEAxHqozAKBggqhkjOPQQDAzB3MQswCQYDVQQGEwJERTEh MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgRUND IFJvb3QgQ0EwHhcNMTUwODI3MTIzMjM5WhcNMzUwODI3MTIzMjM5WjCBgzELMAkG A1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEaMBgG A1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9QVElH QShUTSkgRUNDIE1hbnVmYWN0dXJpbmcgQ0EgMDExMFkwEwYHKoZIzj0CAQYIKoZI zj0DAQcDQgAEEFSwmnoHF+cFvvzNGm8WrWz7Dja7KFVsiSYeZzE9Svn9AduLqbfC hhlUF/JntiuWgn5LK6Z3ITHPEg9DgCa/3KOCATgwggE0MFcGCCsGAQUFBwEBBEsw STBHBggrBgEFBQcwAoY7aHR0cDovL3BraS5pbmZpbmVvbi5jb20vT3B0aWdhRWNj Um9vdENBL09wdGlnYUVjY1Jvb3RDQS5jcnQwHQYDVR0OBBYEFJF3PLhoJOHBlUnt isEz3ManNpuFMA4GA1UdDwEB/wQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMEwG A1UdHwRFMEMwQaA/oD2GO2h0dHA6Ly9wa2kuaW5maW5lb24uY29tL09wdGlnYUVj Y1Jvb3RDQS9PcHRpZ2FFY2NSb290Q0EuY3JsMBUGA1UdIAQOMAwwCgYIKoIUAEQB FAEwHwYDVR0jBBgwFoAUtBiFyEpKxRJ68kA53sT1ix5+StEwEAYDVR0lBAkwBwYF Z4EFCAEwCgYIKoZIzj0EAwMDaQAwZgIxAPjxzTlhPxleoQE9IGaEXWP5w4OjC+Zw 2aaSk+f46h8O4FZK3Csf1XzIoa0tLG4O3wIxALssqv1PeM0rotzWRTjTF4cJ9GfX TvSHONnkZyiiOxMJGgjPmW6fRZshWROK7eU7uw== -----END CERTIFICATE----- ./utils/certificates/NuvotonTPMRootCA0100.pem0000644000175000017500000000137512723342525017110 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICCDCCAa2gAwIBAgIJAKSOwvBmtTZjMAoGCCqGSM49BAMCMFUxUzAfBgNVBAMT GE51dm90b24gVFBNIFJvb3QgQ0EgMDEwMDAlBgNVBAoTHk51dm90b24gVGVjaG5v bG9neSBDb3Jwb3JhdGlvbjAJBgNVBAYTAlRXMB4XDTE1MDQyMDA3NDIwM1oXDTM1 MDQxNjA3NDIwM1owVTFTMB8GA1UEAxMYTnV2b3RvbiBUUE0gUm9vdCBDQSAwMTAw MCUGA1UEChMeTnV2b3RvbiBUZWNobm9sb2d5IENvcnBvcmF0aW9uMAkGA1UEBhMC VFcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRh5Aw2OaeLSXA3llLU6KcpZ+7 kX9dOTXrQ5fRlhdO//IbMA4DotivYL2y9rgWOIPB8hwlA50RDxlzJPKlD6o5o2Yw ZDAOBgNVHQ8BAf8EBAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU SC1WgM6Cj0gKjk9fZUgdajmRtGIwHwYDVR0jBBgwFoAUSC1WgM6Cj0gKjk9fZUgd ajmRtGIwCgYIKoZIzj0EAwIDSQAwRgIhAPqfjnMuNRbMdpLN7GjxtAhPqLLuh/CD TgU12LegjOpOAiEApW30TPJ2uhasTeMvdbtxKCc45sGrM+YYE4UxxiYZxqY= -----END CERTIFICATE----- ./utils/certificates/Infineon-OPTIGA(TM)_RSA_Manufacturing_CA_011.crt-C-v01_00-EN.pem0000644000175000017500000000376512723342525025311 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIEXYw6ZDANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODU3WhcNMzUwODI3MTIyODU3WjCBgzEL MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDExMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAue1NnPP7ZWDRj1of4h/vyabVX9ZLHiwuBIZkheDk NF4jsn+uR8xud3RXZrNd6lga6kmJPBwwa60HNc4bJ1XuFVy6Ch2V6yYNqzrIHgTB zfc5GqfjVXir47tRws2Em01lv+hLPcx0wdJLw1WVadwjPjKDVauNMTaWcZbQryXn ZQkDTlNJqMEwCdYrnSxpNtgvmM/OqvdgQyGTV+N1A1uHGTqMyaRVzuq9BGyLfLrd bCgum4OUTlwmhVkRXCoo4loa6Mx3qlP4WsPLe0pnGnBNXzUO2Y+F2Ye2S45R58ox keP2fznHY0z/7FDAJSYZSmfnjGwuNGANhoqzkjmAvfDOXwIDAQABo4IBODCCATQw VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E FgQUXCkgdCF5vHBNsdjFTDTKlEBWF8owDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB /wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAYeUbnJWPImxO yGYdc9kPj9xGd59U0Y4bypm3z2YW4tPLr2c5MP8Tte0Cpq3AD+V9MlWQW3VRhcv8 ATEcKyWoOEBSPzNcSMDekjwAnS4mAOEdlJ5rG+bbixH5116QYUCkJvdVYIb3sZTy 02hj2Z3zofmz/9CSCuKqeQdoF4l/3olR8k46Pd/Z9DUZSCxW26WYzviYORzAusoi H9qGgO7NLkFeYBlKFrkplOWlNTpM1psfAYhIuhhnIGarcp+59owc99n/f3VS6mQn 789KMaVPJYqOC2/t1R5P/hgwoDxbjoRmy74f+nUmMdp7lF55GsN/APQ71LgqDg8V LuVVuaFSW5kb8DWDjG/z5fNR46/TBI2VFAAabuYmfC2y9n4CYRNdSHH8FnDOGdxl ll6VJi3x84ywPxNf3m9ok8j+lmoiGm82YUlZbAnjFIoNtNvFIh5NoPzf6/LHEKYD zOaK3TimuJESzPuxjTumUj06rceOokczl2oVvGzvHqWYAWU8gJQa1aY3LkQ0fK5q +Vc/+uenilJEXEQZX2Y5Px8dLDcr9rPiMuxY76sEcg+PFvJLg9QIhKkgzt74v8Ih aeDhrhAwKgDKcWAohYA/WQluxQommKp0N0s/Oi6yICpV73l41ea7kKzrjMu40IUS befqsgmXOcuz+HHnTsINAd1EK+kMoFI= -----END CERTIFICATE----- ./utils/certificates/IntelEKRootCA.pem0000644000175000017500000000162413115775542016053 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICdzCCAh6gAwIBAgIUB+dPf7a3IyJGO923z34oQLRP7pwwCgYIKoZIzj0EAwIw gYcxCzAJBgNVBAYMAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xh cmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMSEwHwYDVQQLDBhUUE0gRUsg cm9vdCBjZXJ0IHNpZ25pbmcxFjAUBgNVBAMMDXd3dy5pbnRlbC5jb20wHhcNMTQw MTE1MDAwMDAwWhcNNDkxMjMxMjM1OTU5WjCBhzELMAkGA1UEBgwCVVMxCzAJBgNV BAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEaMBgGA1UECgwRSW50ZWwgQ29y cG9yYXRpb24xITAfBgNVBAsMGFRQTSBFSyByb290IGNlcnQgc2lnbmluZzEWMBQG A1UEAwwNd3d3LmludGVsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJR9 gVEsjUrMb+E/dl19ywJsKZDnghmwVyG16dAfQ0Pftp1bjhtPEGEguvbLGRRopKWH VscAOlTFnvCHq+6/9/SjZjBkMB8GA1UdIwQYMBaAFOhSBcJP2NLVpSFHFrbODHtb uncPMB0GA1UdDgQWBBToUgXCT9jS1aUhRxa2zgx7W7p3DzASBgNVHRMBAf8ECDAG AQH/AgEBMA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAgNHADBEAiAldFScWQ6L PQgW/YT+2GILcATEA2TgzASaCrG+AzL6FgIgLH8ABRzm028hRYR/JZVGkHiomzYX VILmTjHwSL7uZBU= -----END CERTIFICATE----- ./utils/certificates/stmtpmeccint01.pem0000644000175000017500000000157313031000504016336 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICZTCCAeugAwIBAgIEAAAAATAKBggqhkjOPQQDAzBOMQswCQYDVQQGEwJDSDEe MBwGA1UEChMVU1RNaWNyb2VsZWN0cm9uaWNzIE5WMR8wHQYDVQQDExZTVE0gVFBN IEVDQyBSb290IENBIDAxMB4XDTE1MTAxNDE1MzQ0MFoXDTM1MTIzMTIzNTk1OVow VjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoTFVNUTWljcm9lbGVjdHJvbmljcyBOVjEn MCUGA1UEAxMeU1RNIFRQTSBFQ0MgSW50ZXJtZWRpYXRlIENBIDAxMFkwEwYHKoZI zj0CAQYIKoZIzj0DAQcDQgAEvUVh5iXWQ0kYwUoy7bqWMVkRG5abfGOsV2SLLRNx i7nmfa3q1sxh9KVRCDjhvElQb8B+DIG1L9m65NR+9AAjRqOBrjCBqzAdBgNVHQ4E FgQUfrg2zvvfimNx/3Mz+brXFGFslsswHwYDVR0jBBgwFoAUIJJWPAtDqAVyUwMp BxwH4OvsAwQwRQYDVR0gAQH/BDswOTA3BgRVHSAAMC8wLQYIKwYBBQUHAgEWIWh0 dHA6Ly93d3cuc3QuY29tL1RQTS9yZXBvc2l0b3J5LzAOBgNVHQ8BAf8EBAMCAgQw EgYDVR0TAQH/BAgwBgEB/wIBADAKBggqhkjOPQQDAwNoADBlAjA2LD/j7k4hiakn EDe3nxGtg7ZDQyNQykZS2lsQBMjVYF5RdNzxpcbgFc1t+msbRcQCMQCrzn8syMWY 7HMkbKK5yIzngy3m1H4t76JVezH+y7Wnmo88gJypHHWlsuoRXIvdeAQ= -----END CERTIFICATE----- ./utils/certificates/stmtpmeccroot01.pem0000644000175000017500000000200113031000504016512 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICyDCCAk+gAwIBAgIORyzLp/OdsAvb9r+66LowCgYIKoZIzj0EAwMwgYsxOzA5 BgNVBAsTMkdsb2JhbFNpZ24gVHJ1c3RlZCBDb21wdXRpbmcgQ2VydGlmaWNhdGUg QXV0aG9yaXR5MRMwEQYDVQQKEwpHbG9iYWxTaWduMTcwNQYDVQQDEy5HbG9iYWxT aWduIFRydXN0ZWQgUGxhdGZvcm0gTW9kdWxlIEVDQyBSb290IENBMB4XDTE1MTAy ODAwMDAwMFoXDTM4MDExOTAzMTQwN1owTjELMAkGA1UEBhMCQ0gxHjAcBgNVBAoT FVNUTWljcm9lbGVjdHJvbmljcyBOVjEfMB0GA1UEAxMWU1RNIFRQTSBFQ0MgUm9v dCBDQSAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABG7/OLXMiprQQHwNnkpT6aqG zOGLcbbAgUtyjlXOZtuv0GB0ttJ6fwMwgFtt8RKlko8Bwn89/BoZOUcI4ne8ddRS oqE6StnU3I13qqjalToq3Rnz61Omn6NErK1pxUe3j6OBtTCBsjAOBgNVHQ8BAf8E BAMCAgQwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNVHQ4EFgQUIJJWPAtDqAVyUwMp BxwH4OvsAwQwHwYDVR0jBBgwFoAUYT78EZkKf7CpW5CgJl4pYUe3MAMwTAYDVR0g BEUwQzBBBgkrBgEEAaAyAVowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xv YmFsc2lnbi5jb20vcmVwb3NpdG9yeS8wCgYIKoZIzj0EAwMDZwAwZAIwWnuUAzwy vHUhHehymKTZ2QcPUwHX0LdcVTac4ohyEL3zcuv/dM0BN62kFxHgBOhWAjAIxt9i 50yAxy0Z/MeV2NTXqKpLwdhWNuzOSFZnzRKsh9MxY3zj8nebDNlHTDGSMR0= -----END CERTIFICATE----- ./utils/certificates/InfineonRSAChain010.pem0000644000175000017500000000773612723342525017014 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIFszCCA5ugAwIBAgIEJl+qTzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJE RTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJP UFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkg UlNBIFJvb3QgQ0EwHhcNMTUwODI3MTIyODIyWhcNMzUwODI3MTIyODIyWjCBgzEL MAkGA1UEBhMCREUxITAfBgNVBAoMGEluZmluZW9uIFRlY2hub2xvZ2llcyBBRzEa MBgGA1UECwwRT1BUSUdBKFRNKSBUUE0yLjAxNTAzBgNVBAMMLEluZmluZW9uIE9Q VElHQShUTSkgUlNBIE1hbnVmYWN0dXJpbmcgQ0EgMDEwMIIBIjANBgkqhkiG9w0B AQEFAAOCAQ8AMIIBCgKCAQEAwEtScKQB4zjh2Ci7OOxmnIhSVCncEZYYc9daievb XPn8fsWp39O9RG+27tGWQgTrxtNnm12dOEVUWCG2azr3o1DREr/ESOHQ8/3kXhY2 86DmGZS4M02rya7uv+DWcKuZi9KR3NmbFHfqp2zp9S9xjUaugDVQYqsFJ2EYC89J 7obFHcfw0KYiUili1NDGzcYnnTSKhKPTsVloTezq6HgqeZArkOX/O1NIZX9RRpAb DnJ8GgVLqZ4gCkbFTbA9FY1S5fQsTTU3nv7HB7LkAsY+BPNbOjY4nq8nLc3LP4x1 wj7iisx9Icn/fIgFldYFDHy09hlOQntWM94hLXIT0nc/1QIDAQABo4IBODCCATQw VwYIKwYBBQUHAQEESzBJMEcGCCsGAQUFBzAChjtodHRwOi8vcGtpLmluZmluZW9u LmNvbS9PcHRpZ2FSc2FSb290Q0EvT3B0aWdhUnNhUm9vdENBLmNydDAdBgNVHQ4E FgQU2KP1VghaaMiqXV/gebzG6cbTd2QwDgYDVR0PAQH/BAQDAgAGMBIGA1UdEwEB /wQIMAYBAf8CAQAwTAYDVR0fBEUwQzBBoD+gPYY7aHR0cDovL3BraS5pbmZpbmVv bi5jb20vT3B0aWdhUnNhUm9vdENBL09wdGlnYVJzYVJvb3RDQS5jcmwwFQYDVR0g BA4wDDAKBggqghQARAEUATAfBgNVHSMEGDAWgBTcu1ar8Rj8ppp1ERBlhBKe1UGS uTAQBgNVHSUECTAHBgVngQUIATANBgkqhkiG9w0BAQsFAAOCAgEAo2BsBPPBEiXO /fp4Lj00Dz+nb4g0SZLC0zIp0xvzM/ibGZufYb854+kq9RY1SeFz7It+DVOgdoCh GdFc6CXHqZdZoFpFkQY7I31OPkzy65uQnIzsRLce+Ct4Lts5+I0XHDpxtGOCLaWo Ms1bTleWljsxgmw3CWY9V14tIF5dEEmnUgjgbDo7Ai5nLahgfqNU4XfXK9zSRX+R V0IiYDVFDQqfzJ4GroB4ttYthzr1x1e+vJd4Bh9ErF3v9L8cCthKytOwu65npYBG UGH+aWRoaX/3pROjXEZFhFHfNETFc+gVXesIfYeJJQPygudADNYfVtAsDF4qx3JT UUlgmzC3z7YivGGBD1Uoj2b7x1DCCy0x0v8ibXbgd7nT0g6a0lZGt4i4gvbUUbEm 463Vr8Bb1XgA5bsbevUdR8SmuIY0PiS7qioQs4cRGagOSVG0MlKtDD9E/jZ5PUZI RpTduKG/lLwH0HHeNgKmDt/pTQWa4/sUgp/KHqg1E82J7sCu4vB/Bk1pTybe4GV/ YDSc1NGABsWRzZnrIHrIVsXYM5rQzV9+/+BxRmhEqUVUGNzsFYW/RRieNWyojYG6 v54K9BtAELt1tWXBDE/2Np/RFZQNeEFh2pkLxRNOXytuVoXwII7QNr4TDef2PmE+ thsvOkC60E8ZEsKZ8GU3Q32lT5CExWI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFqzCCA5OgAwIBAgIBAzANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJERTEh MB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYDVQQLDBJPUFRJ R0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElHQShUTSkgUlNB IFJvb3QgQ0EwHhcNMTMwNzI2MDAwMDAwWhcNNDMwNzI1MjM1OTU5WjB3MQswCQYD VQQGEwJERTEhMB8GA1UECgwYSW5maW5lb24gVGVjaG5vbG9naWVzIEFHMRswGQYD VQQLDBJPUFRJR0EoVE0pIERldmljZXMxKDAmBgNVBAMMH0luZmluZW9uIE9QVElH QShUTSkgUlNBIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC AQC7E+gc0B5T7awzux66zMMZMTtCkPqGv6a3NVx73ICg2DSwnipFwBiUl9soEodn 25SVVN7pqmvKA2gMTR5QexuYS9PPerfRZrBY00xyFx84V+mIRPg4YqUMLtZBcAwr R3GO6cffHp20SBH5ITpuqKciwb0v5ueLdtZHYRPq1+jgy58IFY/vACyF/ccWZxUS JRNSe4ruwBgI7NMWicxiiWQmz1fE3e0mUGQ1tu4M6MpZPxTZxWzN0mMz9noj1oIT ZUnq/drN54LHzX45l+2b14f5FkvtcXxJ7OCkI7lmWIt8s5fE4HhixEgsR2RX5hzl 8XiHiS7uD3pQhBYSBN5IBbVWREex1IUat5eAOb9AXjnZ7ivxJKiY/BkOmrNgN8k2 7vOS4P81ix1GnXsjyHJ6mOtWRC9UHfvJcvM3U9tuU+3dRfib03NGxSPnKteL4SP1 bdHfiGjV3LIxzFHOfdjM2cvFJ6jXg5hwXCFSdsQm5e2BfT3dWDBSfR4h3Prpkl6d cAyb3nNtMK3HR5yl6QBuJybw8afHT3KRbwvOHOCR0ZVJTszclEPcM3NQdwFlhqLS ghIflaKSPv9yHTKeg2AB5q9JSG2nwSTrjDKRab225+zJ0yylH5NwxIBLaVHDyAEu 81af+wnm99oqgvJuDKSQGyLf6sCeuy81wQYO46yNa+xJwQIDAQABo0IwQDAdBgNV HQ4EFgQU3LtWq/EY/KaadREQZYQSntVBkrkwDgYDVR0PAQH/BAQDAgAGMA8GA1Ud EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGHTBUx3ETIXYJsaAgb2pyyN UltVL2bKzGMVSsnTCrXUU8hKrDQh3jNIMrS0d6dU/fGaGJvehxmmJfjaN/IFWA4M BdZEnpAe2fJEP8vbLa/QHVfsAVuotLD6QWAqeaC2txpxkerveoV2JAwj1jrprT4y rkS8SxZuKS05rYdlG30GjOKTq81amQtGf2NlNiM0lBB/SKTt0Uv5TK0jIWbz2WoZ gGut7mF0md1rHRauWRcoHQdxWSQTCTtgoQzeBj4IS6N3QxQBKV9LL9UWm+CMIT7Y np8bSJ8oW4UdpSuYWe1ZwSjZyzDiSzpuc4gTS6aHfMmEfoVwC8HN03/HD6B1Lwo2 DvEaqAxkya9IYWrDqkMrEErJO6cqx/vfIcfY/8JYmUJGTmvVlaODJTwYwov/2rjr la5gR+xrTM7dq8bZimSQTO8h6cdL6u+3c8mGriCQkNZIZEac/Gdn+KwydaOZIcnf Rdp3SalxsSp6cWwJGE4wpYKB2ClM2QF3yNQoTGNwMlpsxnU72ihDi/RxyaRTz9OR pubNq8Wuq7jQUs5U00ryrMCZog1cxLzyfZwwCYh6O2CmbvMoydHNy5CU3ygxaLWv JpgZVHN103npVMR3mLNa3QE+5MFlBlP3Mmystu8iVAKJas39VO5y5jad4dRLkwtM 6sJa8iBpdRjZrBp5sJBI -----END CERTIFICATE----- ./utils/certificates/NationZEkMfrCA001.crt0000644000175000017500000000222413122273450016435 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIDNDCCArmgAwIBAgICEAAwCgYIKoZIzj0EAwMwazELMAkGA1UEBhMCQ04xITAf BgNVBAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9u eiBUUE0gRGV2aWNlMRwwGgYDVQQDDBNOYXRpb256IFRQTSBSb290IENBMB4XDTE3 MDUxMzAwMDAwMFoXDTM3MDUxMzAwMDAwMFoweDELMAkGA1UEBhMCQ04xITAfBgNV BAoMGE5hdGlvbnogVGVjaG5vbG9naWVzIEluYzEbMBkGA1UECwwSTmF0aW9ueiBU UE0gRGV2aWNlMSkwJwYDVQQDDCBOYXRpb256IFRQTSBNYW51ZmFjdHVyaW5nIENB IDAwMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABA8ri4sMjK5RoF9LOA8eZs9ZHKJ1 dXT/w28Vtwe6yBA4Op5w0n0o3+9NPPKJfsw1YDoeKZ9kwvpxTVM7kBtpKOw6NRRq bUAkzAfYqIwpHPPhN25JSOXhl3bn36dSCfUCfqOCASEwggEdMEsGCCsGAQUFBwEB BD8wPTA7BggrBgEFBQcwAoYvaHR0cDovL3BraS5uYXRpb256LmNvbS5jbi9Fa1Jv b3RDQS9Fa1Jvb3RDQS5jcnQwHQYDVR0OBBYEFAIsvu1ddwYPKDPp1TdrqLwwjNm6 MEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9wa2kubmF0aW9uei5jb20uY24vRWtS b290Q0EvRWtSb290Q0EuY3JsMBYGA1UdIAQPMA0wCwYJKoEcho0hAQUBMB8GA1Ud IwQYMBaAFDq8/wjfXgEMK2QHi8fOlQb0CP3kMBAGA1UdJQQJMAcGBWeBBQgBMA4G A1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMAoGCCqGSM49BAMDA2kA MGYCMQC3Z7rH2wyIAhKM/2TopTbWUzrTTlwyjHw1ShOcovNEMgevVM/+AV1SAGSL +n3LengCMQCYnzH/Wk4o4+0lOrnUDLNT4L7N6d3IIFGs0XARk1S/RCBoyGSlHUP3 7JhNd0voDIc= -----END CERTIFICATE----- ./utils/certificates/cacertecc.pem0000644000175000017500000000131513037220332015402 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIIB4zCCAYmgAwIBAgIJALX8+MVL3dXPMAoGCCqGSM49BAMCME4xCzAJBgNVBAYT AlVTMQswCQYDVQQIDAJOWTERMA8GA1UEBwwIWW9ya3Rvd24xDDAKBgNVBAoMA0lC TTERMA8GA1UEAwwIRUsgRUMgQ0EwHhcNMTcwMTEzMjAzOTE2WhcNMjcwMTExMjAz OTE2WjBOMQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxETAPBgNVBAcMCFlvcmt0 b3duMQwwCgYDVQQKDANJQk0xETAPBgNVBAMMCEVLIEVDIENBMFkwEwYHKoZIzj0C AQYIKoZIzj0DAQcDQgAEahnfxuCQ+NsMcDIe8GZxIiFSX65CXICk6zc3NLRPbPvq ToRdIanaP14TT6eu76FkNDzbtsY6PSMgVNTeAAnfGqNQME4wHQYDVR0OBBYEFAFk p5Lu8Z+laxVYak8/WHhLsG+lMB8GA1UdIwQYMBaAFAFkp5Lu8Z+laxVYak8/WHhL sG+lMAwGA1UdEwQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgQ9GClH24Y9NPpKdh 3HTwudrjYPYyjK8o5HQ9c8Xc9ecCIQD0NgIj1iUvkEzgNoXS7UP1RD0MpKdzywqM 5RyP15ckRA== -----END CERTIFICATE----- ./utils/certificates/NuvotonTPMRootCA2110.pem0000644000175000017500000000140612723342525017106 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICBjCCAaygAwIBAgIIP5MvnZk8FrswCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY TnV2b3RvbiBUUE0gUm9vdCBDQSAyMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUxMDE5MDQzMjAwWhcNMzUx MDE1MDQzMjAwWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDIxMTAw JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPv9uK2BNm8/nmIyNsc2/aKHV0WR ptzge3jKAIgUMosQIokl4LE3iopXWD3Hruxjf9vkLMDJrTeK3hWh2ySS4ySjZjBk MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSf u3mqD1JieL7RUJKacXHpajW+9zAfBgNVHSMEGDAWgBSfu3mqD1JieL7RUJKacXHp ajW+9zAKBggqhkjOPQQDAgNIADBFAiEA/jiywhOKpiMOUnTfDmXsXfDFokhKVNTX B6Xtqm7J8L4CICjT3/Y+rrSnf8zrBXqWeHDh8Wi41+w2ppq6Ev9orZFI -----END CERTIFICATE----- ./utils/certificates/NuvotonTPMRootCA1110.pem0000644000175000017500000000140612723342525017105 0ustar lo1lo1-----BEGIN CERTIFICATE----- MIICBjCCAaygAwIBAgIIEDiqn2SaqGMwCgYIKoZIzj0EAwIwVTFTMB8GA1UEAxMY TnV2b3RvbiBUUE0gUm9vdCBDQSAxMTEwMCUGA1UEChMeTnV2b3RvbiBUZWNobm9s b2d5IENvcnBvcmF0aW9uMAkGA1UEBhMCVFcwHhcNMTUwNTExMDg0MzMzWhcNMzUw NTA3MDg0MzMzWjBVMVMwHwYDVQQDExhOdXZvdG9uIFRQTSBSb290IENBIDExMTAw JQYDVQQKEx5OdXZvdG9uIFRlY2hub2xvZ3kgQ29ycG9yYXRpb24wCQYDVQQGEwJU VzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDVkEOpuyhuviaDH6xQj3faaV2Z4 FvXSdwUkTiB1JjPDgv1PU0SFYtEE1W9VmI1GcOn5FAUi2/QM36DPhmPTd+qjZjBk MA4GA1UdDwEB/wQEAwICBDASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQV kdS26vmNAQSGS2kDpI3QAmB30zAfBgNVHSMEGDAWgBQVkdS26vmNAQSGS2kDpI3Q AmB30zAKBggqhkjOPQQDAgNIADBFAiEAlfxysfHDcxYDed5dmRbvHPKHLEEq9Y9P wAxoKqH7Q5kCIGfsxiLr2j9nJ9jELwXz0/VWN9PhUNdM3qmsx2JEne6p -----END CERTIFICATE----- ./utils/clockrateadjust.c0000644000175000017500000001620313055132457013660 0ustar lo1lo1/********************************************************************************/ /* */ /* ClockRateAdjust */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: clockrateadjust.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ClockRateAdjust_In in; char hierarchyChar = 'p'; TPMI_RH_HIERARCHY authHandle = TPM_RH_PLATFORM; const char *parentPassword = NULL; TPM_CLOCK_ADJUST rateAdjust = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (rc == 0) { in.rateAdjust = rateAdjust; } /* Table 50 - TPMI_RH_HIERARCHY authHandle */ if (rc == 0) { if (hierarchyChar == 'o') { authHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { authHandle = TPM_RH_PLATFORM; } else { printf("Bad parameter %c for -hi\n", hierarchyChar); printUsage(); } in.auth = authHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ClockRateAdjust, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("clockrateadjust: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("clockrateadjust: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("clockrateadjust\n"); printf("\n"); printf("Runs TPM2_ClockRateAdjust\n"); printf("\n"); printf("\t[-hi hierarchy auth (p, o) (default p)]\n"); printf("\t[-pwdp hierarchy password (default empty)]\n"); printf("\t[-adj rate adjust (default 0)]\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/pcrextend.c0000644000175000017500000002024113075204375012470 0ustar lo1lo1/********************************************************************************/ /* */ /* PCR_Extend */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: pcrextend.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ uint32_t algs; /* hash algorithm iterator */ TSS_CONTEXT *tssContext = NULL; PCR_Extend_In in; TPMI_DH_PCR pcrHandle = IMPLEMENTATION_PCR; const char *dataString = NULL; const char *datafilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* Table 100 - Definition of TPML_DIGEST_VALUES Structure */ in.digests.count = 0xffffffff; /* flag for default hash algorithm */ /* command line argument defaults */ for (i=1 ; (i HASH_COUNT) { printf("Too many -halg specifiers, %u permitted\n", HASH_COUNT); printUsage(); } i++; if (i < argc) { /* Table 100 - Definition of TPML_DIGEST_VALUES Structure digests */ /* Table 71 - Definition of TPMT_HA Structure */ /* Table 59 - Definition of (TPM_ALG_ID) TPMI_ALG_HASH Type hashAlg */ if (strcmp(argv[i],"sha1") == 0) { in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA1; } else if (strcmp(argv[i],"sha256") == 0) { in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA256; } else if (strcmp(argv[i],"sha384") == 0) { in.digests.digests[in.digests.count-1].hashAlg = TPM_ALG_SHA384; } else { printf("Bad parameter for -halg\n"); printUsage(); } } else { printf("-halg option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-ic") == 0) { i++; if (i < argc) { dataString = argv[i]; } else { printf("-ic option needs a value\n"); printUsage(); } } else if (strcmp(argv[i], "-if") == 0) { i++; if (i < argc) { datafilename = argv[i]; } else { printf("-if option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (pcrHandle >= IMPLEMENTATION_PCR) { printf("Missing or bad PCR handle parameter -ha\n"); printUsage(); } if ((dataString == NULL) && (datafilename == NULL)) { printf("Data string or data file must be specified\n"); printUsage(); } if ((dataString != NULL) && (datafilename != NULL)) { printf("Data string and data file cannot both be specified\n"); printUsage(); } if ((dataString != NULL) && (strlen(dataString) > sizeof(TPMU_HA))) { printf("Data length greater than maximum hash size %lu bytes\n", (unsigned long)sizeof(TPMU_HA)); printUsage(); } /* handle default hash algorithm */ if (in.digests.count == 0xffffffff) { /* if none specified */ in.digests.count = 1; in.digests.digests[0].hashAlg = TPM_ALG_SHA256; } if (rc == 0) { in.pcrHandle = pcrHandle; /* Table 70 - Definition of TPMU_HA Union */ /* append zero padding to maximum hash algorithm length */ for (algs = 0 ; algs < in.digests.count ; algs++) { memset((uint8_t *)&in.digests.digests[algs].digest, 0, sizeof(TPMU_HA)); } } if (rc == 0) { if (dataString != NULL) { if (verbose) printf("Extending %u bytes from stream into %u banks\n", (unsigned int)strlen(dataString), in.digests.count); for (algs = 0 ; algs < in.digests.count ; algs++) { memcpy((uint8_t *)&in.digests.digests[algs].digest, dataString, strlen(dataString)); } } } if (datafilename != NULL) { unsigned char *fileData = NULL; size_t length; if (rc == 0) { rc = TSS_File_ReadBinaryFile(&fileData, &length, datafilename); } if (rc == 0) { if (length > sizeof(TPMU_HA)) { printf("Data length greater than maximum hash size %lu bytes\n", (unsigned long)sizeof(TPMU_HA)); rc = EXIT_FAILURE; } } if (rc == 0) { if (verbose) printf("Extending %u bytes from file into %u banks\n", (unsigned int)length, in.digests.count); for (algs = 0 ; algs < in.digests.count ; algs++) { memcpy((uint8_t *)&in.digests.digests[algs].digest, fileData, length); } } free(fileData); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PCR_Extend, TPM_RS_PW, NULL, 0, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("pcrextend: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("pcrextend: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("pcrextend\n"); printf("\n"); printf("Runs TPM2_PCR_Extend\n"); printf("\n"); printf("\t-ha pcr handle\n"); printf("\t[-halg (sha1, sha256, sha384) (default sha256)]\n"); printf("\t\t-halg may be specified more than once\n"); printf("\n"); printf("\t-ic data string, 0 pad appended to halg length\n"); printf("\t-if data file, 0 pad appended to halg length\n"); exit(1); } ./utils/flushcontext.c0000644000175000017500000001025713055132457013227 0ustar lo1lo1/********************************************************************************/ /* */ /* Flush Context */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: flushcontext.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; uint32_t handle = 0; FlushContext_In in; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyNvWritten_In in; TPMI_SH_POLICY policySession = 0; char writtenSetChar = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (policySession == 0) { printf("Missing policy session handle parameter -hs\n"); printUsage(); } if (rc == 0) { if (writtenSetChar == 'y') { in.writtenSet = YES; } else if (writtenSetChar == 'n') { in.writtenSet = NO; } else { printf("Missing or illegal -ws\n"); printUsage(); } } if (rc == 0) { in.policySession = policySession; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyNvWritten, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policynvwritten: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policynvwritten: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policynvwritten\n"); printf("\n"); printf("Runs TPM2_PolicyNvWritten\n"); printf("\n"); printf("\t-hs policy session handle\n"); printf("\t-ws written set (y, n)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/makefile.fedora0000644000175000017500000005170513125534557013304 0ustar lo1lo1################################################################################ # # # Linux TPM2 Utilities Makefile - for Fedora source RPM ONLY! # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile.fedora 1034 2017-06-30 20:49:51Z kgoldman $ # # # # (c) Copyright IBM Corporation 2014, 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # The Fedora source RPM spec file uses 'makefile.fedora' to # accommodate Fedora-specific build requirements. If you want to # build packages exactly as they are built by rpmbuild, use # 'makefile.fedora.' If you are building directly from the source # tree, use 'makefile.' # 1) This builds a versioned shared library (libtss.so.n.n) as opposed # to the unversioned one (libtss.so) in 'makefile'. The versioned # shared lib will be available on Fedora for dynamic linking. # 2) A field called 'soname' (named: libtss.so.n) is placed/built inside # the libtss.so.n.n for dynamic linking. (Done via gcc flag: # -Wl,-soname,libtss.so.n ). soname was made symbolic link to the # versioned shared lib (libtss.so.n.n) # 3) the libtss.so was made the symbolic link to the libtss.so.n, so # that an API can just dynamically link to the library with -ltss # Now, we build executables by linking to the unversioned shared # library, which is linked to libtss.so.0 that links to libtss.so.0.1. # At run-time, the dynamic linker will check for the soname # (libtss.so.0) field instead of the filename (libtss.so.0.1). It can # point to a version of the library which is different from the version # against which linking was performed. It'll link against the correct # object. # C compiler CC = /usr/bin/gcc # compile - common flags for TSS library and applications CCFLAGS += -DTPM_POSIX # example of pointing to a locally built openssl 1.1 # CCFLAGS += -I/home/kgold/openssl-1.1.0c/include # compile - for TSS library # include the hardening flag PIC needed for compiling for dynamic # linking CCLFLAGS += -I. -DTPM_TSS \ -fPIC # to compile out printf's. Regression test will fail because it tries # to print a structure -DTPM_NO_PRINT # example of changing the default interface type # -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" # compile - for applications # include the hardening flag PIE needed for compiling for # static linking CCAFLAGS += -I. \ -fPIE # link - common flags flags TSS library and applications LNFLAGS += -DTPM_POSIX \ -L. # This seems to be required on some Ubuntu distros due to an issue with the gold linker # -fuse-ld=bfd # example of pointing to a locally built openssl 1.1 # LNFLAGS += -L/home/kgold/openssl-1.1.0c # This also requires setting the environment variable LD_LIBRARY_PATH. E.g., # setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl-1.1.0c # link - for TSS library # hardening flags for linking shared objects LNLFLAGS += -shared -Wl,-z,now # This is an alternative to using the bfd linker on Ubuntu # LNLLIBS += -lcrypto # link - for applications, TSS path, TSS and OpenSSl libraries # hardening flags for linking executables LNAFLAGS += -pie -Wl,-z,now LNALIBS += -ltss -lcrypto # shared library # versioned shared library LIBTSSVERSIONED=libtss.so.0.1 # soname field of the shared library # which will be made symbolic link to the versioned shared library # this is used to provide version backward-compatibility information LIBTSSSONAME=libtss.so.0 # symbolic link to the versioned shared library # this allows linking to the shared library with '-ltss' LIBTSS=libtss.so # executable extension EXE = # ALL= TSS_HEADERS= # default TSS library TSS_OBJS = tssfile.o \ tsscryptoh.o \ tsscrypto.o # common to all builds include makefile-common # default build target all: $(ALL) # TSS shared library source tss.o: $(TSS_HEADERS) tss.c $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c tssproperties.o: $(TSS_HEADERS) tssproperties.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c tssauth.o: $(TSS_HEADERS) tssauth.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c tssmarshal.o: $(TSS_HEADERS) tssmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c tsscrypto.o: $(TSS_HEADERS) tsscrypto.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c tssutils.o: $(TSS_HEADERS) tssutils.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c tssfile.o: $(TSS_HEADERS) tssfile.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c tsssocket.o: $(TSS_HEADERS) tsssocket.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c tssdev.o: $(TSS_HEADERS) tssdev.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c tsstransmit.o: $(TSS_HEADERS) tsstransmit.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c tssccattributes.o: $(TSS_HEADERS) tssccattributes.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c fail.o: $(TSS_HEADERS) fail.c $(CC) $(CCFLAGS) $(CCLFLAGS) fail.c tssprint.o: $(TSS_HEADERS) tssprint.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c Unmarshal.o: $(TSS_HEADERS) Unmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c Commands.o: $(TSS_HEADERS) Commands.c $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c ntc2lib.o: $(TSS_HEADERS) ntc2lib.c $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c tssntc.o: $(TSS_HEADERS) tssntc.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c # TSS shared library build $(LIBTSS): $(TSS_OBJS) $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS) rm -f $(LIBTSSSONAME) ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) rm -f $(LIBTSS) ln -sf $(LIBTSSSONAME) $(LIBTSS) .PHONY: clean .PRECIOUS: %.o clean: rm -f *.o *~ \ h*.bin \ rm -f $(LIBTSSSONAME) \ rm -f $(LIBTSSVERSIONED) \ $(ALL) # applications activatecredential: tss2/tss.h activatecredential.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential eventextend: eventextend.o eventlib.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o eventlib.o $(LNALIBS) -o eventextend imaextend: imaextend.o imalib.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o imalib.o $(LNALIBS) -o imaextend certify: tss2/tss.h certify.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify certifycreation: tss2/tss.h certifycreation.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation changeeps: tss2/tss.h changeeps.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps changepps: tss2/tss.h changepps.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps clear: tss2/tss.h clear.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear clearcontrol: tss2/tss.h clearcontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol clockrateadjust: tss2/tss.h clockrateadjust.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust clockset: tss2/tss.h clockset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset commit: tss2/tss.h commit.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit contextload: tss2/tss.h contextload.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload contextsave: tss2/tss.h contextsave.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave create: tss2/tss.h create.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o cryptoutils.o $(LNALIBS) -o create createloaded: tss2/tss.h createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createloaded createprimary: tss2/tss.h createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createprimary dictionaryattacklockreset: tss2/tss.h dictionaryattacklockreset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset dictionaryattackparameters: tss2/tss.h dictionaryattackparameters.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters duplicate: tss2/tss.h duplicate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate eccparameters: tss2/tss.h eccparameters.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters ecephemeral: tss2/tss.h ecephemeral.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral encryptdecrypt: tss2/tss.h encryptdecrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt eventsequencecomplete: tss2/tss.h eventsequencecomplete.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete evictcontrol: tss2/tss.h evictcontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol flushcontext: tss2/tss.h flushcontext.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext getcommandauditdigest: tss2/tss.h getcommandauditdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest getcapability: tss2/tss.h getcapability.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability getrandom: tss2/tss.h getrandom.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom getsessionauditdigest: tss2/tss.h getsessionauditdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest gettime: tss2/tss.h gettime.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime hashsequencestart: tss2/tss.h hashsequencestart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart hash: tss2/tss.h hash.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash hierarchycontrol: tss2/tss.h hierarchycontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol hierarchychangeauth: tss2/tss.h hierarchychangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth hmac: tss2/tss.h hmac.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac hmacstart: tss2/tss.h hmacstart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart import: tss2/tss.h import.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import importpem: tss2/tss.h importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LNALIBS) -o importpem load: tss2/tss.h load.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load loadexternal: tss2/tss.h loadexternal.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o cryptoutils.o ekutils.o $(LNALIBS) -o loadexternal makecredential: tss2/tss.h makecredential.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential nvcertify: tss2/tss.h nvcertify.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify nvchangeauth: tss2/tss.h nvchangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth nvdefinespace: tss2/tss.h nvdefinespace.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace nvextend: tss2/tss.h nvextend.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend nvglobalwritelock: tss2/tss.h nvglobalwritelock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock nvincrement: tss2/tss.h nvincrement.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement nvread: tss2/tss.h nvread.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o cryptoutils.o ekutils.o $(LNALIBS) -o nvread nvreadlock: tss2/tss.h nvreadlock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock nvreadpublic: tss2/tss.h nvreadpublic.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic nvsetbits: tss2/tss.h nvsetbits.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits nvundefinespace: tss2/tss.h nvundefinespace.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace nvundefinespacespecial: tss2/tss.h nvundefinespacespecial.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial nvwrite: tss2/tss.h nvwrite.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o cryptoutils.o ekutils.o $(LNALIBS) -o nvwrite nvwritelock: tss2/tss.h nvwritelock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock objectchangeauth: tss2/tss.h objectchangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth pcrallocate: tss2/tss.h pcrallocate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate pcrevent: tss2/tss.h pcrevent.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent pcrextend: tss2/tss.h pcrextend.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend pcrread: tss2/tss.h pcrread.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread pcrreset: tss2/tss.h pcrreset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset policyauthorize: tss2/tss.h policyauthorize.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize policyauthvalue: tss2/tss.h policyauthvalue.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue policycommandcode: tss2/tss.h policycommandcode.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode policycphash: tss2/tss.h policycphash.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash policycountertimer : tss2/tss.h policycountertimer.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer policygetdigest: tss2/tss.h policygetdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest policymaker: tss2/tss.h policymaker.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker policymakerpcr: tss2/tss.h policymakerpcr.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr policyauthorizenv: tss2/tss.h policyauthorizenv.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv policynv: tss2/tss.h policynv.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv policynvwritten: tss2/tss.h policynvwritten.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten policyor: tss2/tss.h policyor.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor policypassword: tss2/tss.h policypassword.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword policypcr: tss2/tss.h policypcr.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr policyrestart: tss2/tss.h policyrestart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart policysigned: tss2/tss.h policysigned.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned policysecret: tss2/tss.h policysecret.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret policytemplate: tss2/tss.h policytemplate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate policyticket: tss2/tss.h policyticket.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket quote: tss2/tss.h quote.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote powerup: tss2/tss.h powerup.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup readclock: tss2/tss.h readclock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock readpublic: tss2/tss.h readpublic.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o cryptoutils.o $(LNALIBS) -o readpublic returncode: tss2/tss.h returncode.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode rewrap: tss2/tss.h rewrap.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap rsadecrypt: tss2/tss.h rsadecrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt rsaencrypt: tss2/tss.h rsaencrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt sequenceupdate: tss2/tss.h sequenceupdate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate sequencecomplete: tss2/tss.h sequencecomplete.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete setprimarypolicy: tss2/tss.h setprimarypolicy.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy shutdown: tss2/tss.h shutdown.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown sign: tss2/tss.h sign.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sign.o $(LNALIBS) -o sign startauthsession: tss2/tss.h startauthsession.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession startup: tss2/tss.h startup.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup stirrandom: tss2/tss.h stirrandom.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom unseal: tss2/tss.h unseal.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal verifysignature: tss2/tss.h verifysignature.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o cryptoutils.o $(LNALIBS) -o verifysignature signapp: tss2/tss.h signapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o ekutils.o cryptoutils.o $(LNALIBS) -o signapp writeapp: tss2/tss.h writeapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o ekutils.o cryptoutils.o $(LNALIBS) -o writeapp timepacket: tss2/tss.h timepacket.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket createek: createek.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createek.o cryptoutils.o ekutils.o $(LNALIBS) -o createek ntc2getconfig: ntc2getconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig ntc2preconfig: ntc2preconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig ntc2lockconfig: ntc2lockconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig # for applications, not for TSS library %.o: %.c tss2/tss.h $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ ./utils/tssntc.h0000644000175000017500000000622513115776262012031 0ustar lo1lo1/********************************************************************************/ /* */ /* Nuvoton Command Common Routines */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssntc.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017 */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef TSSNTC2_H #define TSSNTC2_H #include #include #include #include #ifndef TPM_TSS #define TPM_TSS #endif #include #include "ntc2lib.h" #ifdef __cplusplus extern "C" { #endif TPM_RC NTC2_PreConfig_In_Unmarshal(NTC2_PreConfig_In *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); TPM_RC TSS_NTC2_PreConfig_In_Marshal(NTC2_PreConfig_In *source, UINT16 *written, BYTE **buffer, INT32 *size); TPM_RC TSS_NTC2_GetConfig_Out_Unmarshal(NTC2_GetConfig_Out *target, TPM_ST tag, BYTE **buffer, INT32 *size); UINT16 NTC2_GetConfig_Out_Marshal(NTC2_GetConfig_Out *source, TPMI_ST_COMMAND_TAG tag, BYTE **buffer, INT32 *size); TPM_RC NTC2_CFG_STRUCT_Unmarshal(NTC2_CFG_STRUCT *target, BYTE **buffer, INT32 *size); TPM_RC TSS_NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, UINT16 *written, BYTE **buffer, INT32 *size); UINT16 NTC2_CFG_STRUCT_Marshal(NTC2_CFG_STRUCT *source, BYTE **buffer, INT32 *size); #ifdef __cplusplus } #endif #endif ./utils/imaextend.c0000644000175000017500000002143713070736653012466 0ustar lo1lo1/********************************************************************************/ /* */ /* Extend an IMA measurement list into PCR 10 */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: imaextend.c 978 2017-04-04 15:37:15Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2014, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* imaextend is test/demo code. It parses a TPM2 event log file and extends the measurements into TPM PCRs. This simulates the actions that would be performed by BIOS / firmware in a hardware platform. */ #include #include #include #include #include #include #include "imalib.h" /* local prototypes */ static TPM_RC pcrread(TSS_CONTEXT *tssContext, TPMI_DH_PCR pcrHandle); static void printUsage(void); int verbose = FALSE; int vverbose = FALSE; int main(int argc, char * argv[]) { TPM_RC rc = 0; int i = 0; TSS_CONTEXT *tssContext = NULL; PCR_Extend_In in; const char *infilename = NULL; FILE *infile = NULL; int littleEndian = FALSE; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; i #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; StartAuthSession_In in; StartAuthSession_Out out; StartAuthSession_Extra extra; TPMI_DH_OBJECT tpmKey = TPM_RH_NULL; /* salt key */ TPMI_DH_ENTITY bindHandle = TPM_RH_NULL; /* default */ const char *bindPassword = NULL; char seChar = 0; /* session type */ TPMI_ALG_HASH halg = TPM_ALG_SHA256; /* default */ TPMI_ALG_SYM algorithm = TPM_ALG_XOR; /* default symmetric algorithm */ const char *nonceTPMFilename = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include #include #include "eventlib.h" static uint16_t Uint16_Convert(uint16_t in); static uint32_t Uint32_Convert(uint32_t in); static TPM_RC UINT16LE_Unmarshal(uint16_t *target, BYTE **buffer, int32_t *size); static TPM_RC UINT32LE_Unmarshal(uint32_t *target, BYTE **buffer, int32_t *size); static void TSS_EVENT_EventType_Trace(uint32_t eventType); static TPM_RC TSS_SpecIdEventAlgorithmSize_Unmarshal(TCG_EfiSpecIdEventAlgorithmSize *algSize, uint8_t **buffer, int32_t *size); static void TSS_SpecIdEventAlgorithmSize_Trace(TCG_EfiSpecIdEventAlgorithmSize *algSize); /* TSS_EVENT_Line_Read() reads a TPM 1.2 SHA-1 event line from a binary file inFile. */ int TSS_EVENT_Line_Read(TCG_PCR_EVENT *event, int *endOfFile, FILE *inFile) { int rc = 0; size_t readSize; *endOfFile = FALSE; /* read the PCR index */ if (rc == 0) { readSize = fread(&(event->pcrIndex), sizeof(((TCG_PCR_EVENT *)NULL)->pcrIndex), 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE;; } else { printf("TSS_EVENT_Line_Read: Error, could not read pcrIndex, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } /* do the endian conversion from stream to uint32_t */ if (!*endOfFile && (rc == 0)) { event->pcrIndex = Uint32_Convert(event->pcrIndex); } /* read the event type */ if (!*endOfFile && (rc == 0)) { readSize = fread(&(event->eventType), sizeof(((TCG_PCR_EVENT *)NULL)->eventType), 1, inFile); if (readSize != 1) { printf("TSS_EVENT_Line_Read: Error, could not read eventType, returned %lu\n", (unsigned long) readSize); rc = ERR_STRUCTURE; } } /* do the endian conversion from stream to uint32_t */ if (!*endOfFile && (rc == 0)) { event->eventType = Uint32_Convert(event->eventType); } /* read the digest */ if (!*endOfFile && (rc == 0)) { readSize = fread(&(event->digest), sizeof(((TCG_PCR_EVENT *)NULL)->digest), 1, inFile); if (readSize != 1) { printf("TSS_EVENT_Line_Read: Error, could not read digest, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } /* read the event data size */ if (!*endOfFile && (rc == 0)) { readSize = fread(&(event->eventDataSize), sizeof(((TCG_PCR_EVENT *)NULL)->eventDataSize), 1, inFile); if (readSize != 1) { printf("TSS_EVENT_Line_Read: Error, could not read event data size, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } /* do the endian conversion from stream to uint32_t */ if (!*endOfFile && (rc == 0)) { event->eventDataSize = Uint32_Convert(event->eventDataSize); } /* bounds check the event data length */ if (!*endOfFile && (rc == 0)) { if (event->eventDataSize > sizeof(((TCG_PCR_EVENT *)NULL)->event)) { printf("TSS_EVENT_Line_Read: Error, event data length too big: %u\n", event->eventDataSize); rc = ERR_STRUCTURE; } } /* read the event */ if (!*endOfFile && (rc == 0)) { memset(event->event , 0, sizeof(((TCG_PCR_EVENT *)NULL)->event)); readSize = fread(&(event->event), event->eventDataSize, 1, inFile); if (readSize != 1) { printf("TSS_EVENT_Line_Read: Error, could not read event, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } return rc; } void TSS_EVENT_Line_Trace(TCG_PCR_EVENT *event) { printf("TSS_EVENT_Line_Trace: PCR index %u\n", event->pcrIndex); TSS_EVENT_EventType_Trace(event->eventType); TSS_PrintAll("TSS_EVENT_Line_Trace: PCR", event->digest, sizeof(((TCG_PCR_EVENT *)NULL)->digest)); TSS_PrintAll("TSS_EVENT_Line_Trace: event", event->event, event->eventDataSize); return; } /* TSS_SpecIdEvent_Unmarshal() unmarshals the TCG_EfiSpecIDEvent structure. The size and buffer are not moved, since this is the only structure in the event. */ TPM_RC TSS_SpecIdEvent_Unmarshal(TCG_EfiSpecIDEvent *specIdEvent, uint32_t eventSize, uint8_t *event) { TPM_RC rc = 0; int32_t size = eventSize; /* copy, because size and buffer are not moved */ uint8_t *buffer = event; uint32_t i; if (rc == 0) { rc = Array_Unmarshal(specIdEvent->signature, sizeof(specIdEvent->signature), &buffer, &size); } if (rc == 0) { rc = UINT32LE_Unmarshal(&(specIdEvent->platformClass), &buffer, &size); } if (rc == 0) { rc = UINT8_Unmarshal(&(specIdEvent->specVersionMinor), &buffer, &size); } if (rc == 0) { rc = UINT8_Unmarshal(&(specIdEvent->specVersionMajor), &buffer, &size); } if (rc == 0) { rc = UINT8_Unmarshal(&(specIdEvent->specErrata), &buffer, &size); } if (rc == 0) { rc = UINT8_Unmarshal(&(specIdEvent->uintnSize), &buffer, &size); } if (rc == 0) { rc = UINT32LE_Unmarshal(&(specIdEvent->numberOfAlgorithms), &buffer, &size); } for (i = 0 ; (rc == 0) && (i < specIdEvent->numberOfAlgorithms) ; i++) { rc = TSS_SpecIdEventAlgorithmSize_Unmarshal(&(specIdEvent->digestSizes[i]), &buffer, &size); } if (rc == 0) { rc = UINT8_Unmarshal(&(specIdEvent->vendorInfoSize), &buffer, &size); } if (rc == 0) { rc = Array_Unmarshal(specIdEvent->vendorInfo, specIdEvent->vendorInfoSize, &buffer, &size); } return rc; } /* TSS_SpecIdEventAlgorithmSize_Unmarshal() unmarshals the TCG_EfiSpecIdEventAlgorithmSize structure */ static TPM_RC TSS_SpecIdEventAlgorithmSize_Unmarshal(TCG_EfiSpecIdEventAlgorithmSize *algSize, uint8_t **buffer, int32_t *size) { TPM_RC rc = 0; if (rc == 0) { rc = UINT16LE_Unmarshal(&(algSize->algorithmId), buffer, size); } if (rc == 0) { rc = UINT16LE_Unmarshal(&(algSize->digestSize), buffer, size); } if (rc == 0) { uint16_t mappedDigestSize = TSS_GetDigestSize(algSize->algorithmId); if (mappedDigestSize != 0) { if (mappedDigestSize != algSize->digestSize) { printf("TSS_SpecIdEventAlgorithmSize_Unmarshal: " "Error, inconsistent digest size, algorithm %04x size %u\n", algSize->algorithmId, algSize->digestSize); rc = ERR_STRUCTURE; } } } return rc; } void TSS_SpecIdEvent_Trace(TCG_EfiSpecIDEvent *specIdEvent) { uint32_t i; /* normal case */ if (specIdEvent->signature[15] == '\0') { printf("TSS_SpecIdEvent_Trace: signature: %s\n", specIdEvent->signature); } /* error case */ else { TSS_PrintAll("TSS_SpecIdEvent_Trace: signature", specIdEvent->signature, sizeof(specIdEvent->signature)); } printf("TSS_SpecIdEvent_Trace: platformClass %08x\n", specIdEvent->platformClass); printf("TSS_SpecIdEvent_Trace: specVersionMinor %02x\n", specIdEvent->specVersionMinor); printf("TSS_SpecIdEvent_Trace: specVersionMajor %02x\n", specIdEvent->specVersionMajor); printf("TSS_SpecIdEvent_Trace: specErrata %02x\n", specIdEvent->specErrata); printf("TSS_SpecIdEvent_Trace: uintnSize %02x\n", specIdEvent->uintnSize); printf("TSS_SpecIdEvent_Trace: numberOfAlgorithms %u\n", specIdEvent->numberOfAlgorithms); for (i = 0 ; (i < specIdEvent->numberOfAlgorithms) ; i++) { TSS_SpecIdEventAlgorithmSize_Trace(&(specIdEvent->digestSizes[i])); } /* try for a printable string */ if (specIdEvent->vendorInfo[specIdEvent->vendorInfoSize-1] == '\0') { printf("TSS_SpecIdEvent_Trace: vendorInfo: %s\n", specIdEvent->vendorInfo); } /* if not, trace the bytes */ else { TSS_PrintAll("TSS_SpecIdEvent_Trace: vendorInfo", specIdEvent->vendorInfo, specIdEvent->vendorInfoSize); } return; } static void TSS_SpecIdEventAlgorithmSize_Trace(TCG_EfiSpecIdEventAlgorithmSize *algSize) { printf("TSS_SpecIdEventAlgorithmSize_Trace: algorithmId %04x\n", algSize->algorithmId); printf("TSS_SpecIdEventAlgorithmSize_Trace: digestSize %u\n", algSize->digestSize); return; } /* TSS_EVENT2_Line_Read() reads a TPM2 event line from a binary file inFile. */ int TSS_EVENT2_Line_Read(TCG_PCR_EVENT2 *event, int *endOfFile, FILE *inFile) { int rc = 0; size_t readSize; *endOfFile = FALSE; /* read the PCR index */ if (rc == 0) { readSize = fread(&(event->pcrIndex), sizeof(((TCG_PCR_EVENT2 *)NULL)->pcrIndex), 1, inFile); if (readSize != 1) { if (feof(inFile)) { *endOfFile = TRUE; } else { printf("TSS_EVENT2_Line_Read: Error, could not read pcrIndex, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } /* do the endian conversion from stream to uint32_t */ if (!*endOfFile && (rc == 0)) { event->pcrIndex = Uint32_Convert(event->pcrIndex); } /* read the event type */ if (!*endOfFile && (rc == 0)) { readSize = fread(&(event->eventType), sizeof(((TCG_PCR_EVENT2 *)NULL)->eventType), 1, inFile); if (readSize != 1) { printf("TSS_EVENT2_Line_Read: Error, could not read eventType, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } /* do the endian conversion from stream to uint32_t */ if (!*endOfFile && (rc == 0)) { event->eventType = Uint32_Convert(event->eventType); } /* read the TPML_DIGEST_VALUES count */ uint32_t maxCount; if (!*endOfFile && (rc == 0)) { maxCount = sizeof((TPML_DIGEST_VALUES *)NULL)->digests / sizeof(TPMT_HA); readSize = fread(&(event->digests.count), sizeof(((TPML_DIGEST_VALUES *)NULL)->count), 1, inFile); if (readSize != 1) { printf("TSS_EVENT2_Line_Read: Error, could not read digest count, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } /* do the endian conversion from stream to uint32_t */ if (!*endOfFile && (rc == 0)) { event->digests.count = Uint32_Convert(event->digests.count); } /* range check the digest count */ if (!*endOfFile && (rc == 0)) { if (event->digests.count > maxCount) { printf("TSS_EVENT2_Line_Read: Error, digest count %u is greater than structure %u\n", event->digests.count, maxCount); rc = ERR_STRUCTURE; } else if (event->digests.count == 0) { printf("TSS_EVENT2_Line_Read: Error, digest count is zero\n"); rc = ERR_STRUCTURE; } } uint32_t count; /* read all the TPMT_HA, loop through all the digest algorithms */ for (count = 0 ; !*endOfFile && (count < event->digests.count) ; count++) { /* read the digest algorithm */ if (rc == 0) { readSize = fread(&(event->digests.digests[count].hashAlg), sizeof((TPMT_HA *)NULL)->hashAlg, 1, inFile); if (readSize != 1) { printf("TSS_EVENT2_Line_Read: " "Error, could not read digest algorithm, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } /* do the endian conversion of the hash algorithm from stream to uint16_t */ if (rc == 0) { event->digests.digests[count].hashAlg = Uint16_Convert(event->digests.digests[count].hashAlg); } /* map from the digest algorithm to the digest length */ uint16_t digestSize; if (rc == 0) { digestSize = TSS_GetDigestSize(event->digests.digests[count].hashAlg); if (digestSize == 0) { printf("TSS_EVENT2_Line_Read: Error, unknown digest algorithm %04x*\n", event->digests.digests[count].hashAlg); rc = ERR_STRUCTURE; } } /* read the digest */ if (rc == 0) { readSize = fread((uint8_t *)&(event->digests.digests[count].digest), digestSize, 1, inFile); if (readSize != 1) { printf("TSS_EVENT2_Line_Read: Error, could not read digest, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } } /* read the event size */ if (!*endOfFile && (rc == 0)) { readSize = fread(&(event->eventSize), sizeof(((TCG_PCR_EVENT2 *)NULL)->eventSize), 1, inFile); if (readSize != 1) { printf("TSS_EVENT2_Line_Read: Error, could not read event size, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } /* do the endian conversion from stream to uint32_t */ if (!*endOfFile && (rc == 0)) { event->eventSize = Uint32_Convert(event->eventSize); } /* bounds check the event size */ if (!*endOfFile && (rc == 0)) { if (event->eventSize > sizeof(((TCG_PCR_EVENT2 *)NULL)->event)) { printf("TSS_EVENT2_Line_Read: Error, event size too big: %u\n", event->eventSize); rc = ERR_STRUCTURE; } } /* read the event */ if (!*endOfFile && (rc == 0)) { memset(event->event , 0, sizeof(((TCG_PCR_EVENT2 *)NULL)->event)); readSize = fread(&(event->event), event->eventSize, 1, inFile); if (readSize != 1) { printf("TSS_EVENT2_Line_Read: Error, could not read event, returned %lu\n", (unsigned long)readSize); rc = ERR_STRUCTURE; } } return rc; } /* TSS_EVENT2_Line_Marshal() marshals a TCG_PCR_EVENT2 structure */ TPM_RC TSS_EVENT2_Line_Marshal(TCG_PCR_EVENT2 *source, uint16_t *written, uint8_t **buffer, int32_t *size) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_UINT32_Marshal(&source->pcrIndex, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->eventType, written, buffer, size); } if (rc == 0) { rc = TSS_TPML_DIGEST_VALUES_Marshal(&source->digests, written, buffer, size); } if (rc == 0) { rc = TSS_UINT32_Marshal(&source->eventSize, written, buffer, size); } if (rc == 0) { rc = TSS_Array_Marshal((uint8_t *)source->event, source->eventSize, written, buffer, size); } return rc; } /* TSS_EVENT2_Line_Unmarshal() unmarshals a TCG_PCR_EVENT2 structure */ TPM_RC TSS_EVENT2_Line_Unmarshal(TCG_PCR_EVENT2 *target, BYTE **buffer, INT32 *size) { TPM_RC rc = 0; if (rc == 0) { rc = UINT32_Unmarshal(&target->pcrIndex, buffer, size); } if (rc == 0) { rc = UINT32_Unmarshal(&target->eventType, buffer, size); } if (rc == 0) { rc = TPML_DIGEST_VALUES_Unmarshal(&target->digests, buffer, size); } if (rc == 0) { rc = UINT32_Unmarshal(&target->eventSize, buffer, size); } if (rc == 0) { rc = Array_Unmarshal((uint8_t *)target->event, target->eventSize, buffer, size); } return rc; } /* TSS_EVENT2_PCR_Extend() extends a PCR digest with the digest from the TCG_PCR_EVENT2 event log entry. FIXME - currently handles only PCR 0-7 and SHA-256. */ TPM_RC TSS_EVENT2_PCR_Extend(TPMT_HA pcrs[8], TCG_PCR_EVENT2 *event2) { TPM_RC rc = 0; uint32_t i; /* iterator though hash algorithms */ int foundSha256 = FALSE; /* validate PCR number */ if (rc == 0) { if (event2->pcrIndex > 7) { printf("ERROR: TSS_EVENT2_PCR_Extend: PCR number %u out of range\n", event2->pcrIndex); rc = 1; } } /* validate event count */ if (rc == 0) { uint32_t maxCount = sizeof(((TPML_DIGEST_VALUES *)NULL)->digests) / sizeof(TPMT_HA); if (event2->digests.count > maxCount) { printf("ERROR: TSS_EVENT2_PCR_Extend: PCR count %u out of range, max %u\n", event2->digests.count, maxCount); rc = 1; } } /* search for the SHA-256 digest entry */ for (i = 0; (rc == 0) && (i < event2->digests.count) && !foundSha256 ; i++) { if (event2->digests.digests[i].hashAlg == TPM_ALG_SHA256) { rc = TSS_Hash_Generate(&pcrs[event2->pcrIndex], SHA256_DIGEST_SIZE, (uint8_t *)&pcrs[event2->pcrIndex].digest, SHA256_DIGEST_SIZE, &event2->digests.digests[i].digest, 0, NULL); foundSha256 = TRUE; } } if ((rc == 0) && !foundSha256) { printf("ERROR: TSS_EVENT2_PCR_Extend: no SHA-256 entry in event record, PCR %u\n", event2->pcrIndex); rc = 1; } return rc; } /* Uint16_Convert() converts a little endian uint16_t (from an input stream) to host byte order */ static uint16_t Uint16_Convert(uint16_t in) { uint16_t out = 0; unsigned char *inb = (unsigned char *)∈ /* little endian input */ out = (inb[0] << 0) | (inb[1] << 8); return out; } /* Uint32_Convert() converts a little endian uint32_t (from an input stream) to host byte order */ static uint32_t Uint32_Convert(uint32_t in) { uint32_t out = 0; unsigned char *inb = (unsigned char *)∈ /* little endian input */ out = (inb[0] << 0) | (inb[1] << 8) | (inb[2] << 16) | (inb[3] << 24); return out; } /* UINT16LE_Unmarshal() unmarshals a little endian 4-byte array from buffer into a HBO uint16_t */ static TPM_RC UINT16LE_Unmarshal(uint16_t *target, BYTE **buffer, int32_t *size) { if ((uint16_t)*size < sizeof(uint16_t)) { return TPM_RC_INSUFFICIENT; } *target = ((uint16_t)((*buffer)[0]) << 0) | ((uint16_t)((*buffer)[1]) << 8); *buffer += sizeof(uint16_t); *size -= sizeof(uint16_t); return TPM_RC_SUCCESS; } /* uint32LE_Unmarshal() unmarshals a little endian 4-byte array from buffer into a HBO uint32_t */ static TPM_RC UINT32LE_Unmarshal(uint32_t *target, BYTE **buffer, int32_t *size) { if ((uint32_t)*size < sizeof(uint32_t)) { return TPM_RC_INSUFFICIENT; } *target = ((uint32_t)((*buffer)[0]) << 0) | ((uint32_t)((*buffer)[1]) << 8) | ((uint32_t)((*buffer)[2]) << 16) | ((uint32_t)((*buffer)[3]) << 24); *buffer += sizeof(uint32_t); *size -= sizeof(uint32_t); return TPM_RC_SUCCESS; } void TSS_EVENT2_Line_Trace(TCG_PCR_EVENT2 *event) { printf("TSS_EVENT2_Line_Trace: PCR index %u\n", event->pcrIndex); TSS_EVENT_EventType_Trace(event->eventType); printf("TSS_EVENT2_Line_Trace: digest count %u\n", event->digests.count); uint32_t count; for (count = 0 ; count < event->digests.count ; count++) { printf("TSS_EVENT2_Line_Trace: digest %u algorithm %04x\n", count, event->digests.digests[count].hashAlg); uint16_t digestSize = TSS_GetDigestSize(event->digests.digests[count].hashAlg); TSS_PrintAll("TSS_EVENT2_Line_Trace: PCR", (uint8_t *)&event->digests.digests[count].digest, digestSize); } TSS_PrintAll("TSS_EVENT2_Line_Trace: event", event->event, event->eventSize); return; } /* tables to map eventType to text */ typedef struct { uint32_t eventType; const char *text; } EVENT_TYPE_TABLE; const EVENT_TYPE_TABLE eventTypeTable [] = { {EV_PREBOOT_CERT, "EV_PREBOOT_CERT"}, {EV_POST_CODE, "EV_POST_CODE"}, {EV_UNUSED, "EV_UNUSED"}, {EV_NO_ACTION, "EV_NO_ACTION"}, {EV_SEPARATOR, "EV_SEPARATOR"}, {EV_ACTION, "EV_ACTION"}, {EV_EVENT_TAG, "EV_EVENT_TAG"}, {EV_S_CRTM_CONTENTS, "EV_S_CRTM_CONTENTS"}, {EV_S_CRTM_VERSION, "EV_S_CRTM_VERSION"}, {EV_CPU_MICROCODE, "EV_CPU_MICROCODE"}, {EV_PLATFORM_CONFIG_FLAGS, "EV_PLATFORM_CONFIG_FLAGS"}, {EV_TABLE_OF_DEVICES, "EV_TABLE_OF_DEVICES"}, {EV_COMPACT_HASH, "EV_COMPACT_HASH"}, {EV_IPL, "EV_IPL"}, {EV_IPL_PARTITION_DATA, "EV_IPL_PARTITION_DATA"}, {EV_NONHOST_CODE, "EV_NONHOST_CODE"}, {EV_NONHOST_CONFIG, "EV_NONHOST_CONFIG"}, {EV_NONHOST_INFO, "EV_NONHOST_INFO"}, {EV_OMIT_BOOT_DEVICE_EVENTS, "EV_OMIT_BOOT_DEVICE_EVENTS"}, {EV_EFI_EVENT_BASE, "EV_EFI_EVENT_BASE"}, {EV_EFI_VARIABLE_DRIVER_CONFIG, "EV_EFI_VARIABLE_DRIVER_CONFIG"}, {EV_EFI_VARIABLE_BOOT, "EV_EFI_VARIABLE_BOOT"}, {EV_EFI_BOOT_SERVICES_APPLICATION, "EV_EFI_BOOT_SERVICES_APPLICATION"}, {EV_EFI_BOOT_SERVICES_DRIVER, "EV_EFI_BOOT_SERVICES_DRIVER"}, {EV_EFI_RUNTIME_SERVICES_DRIVER, "EV_EFI_RUNTIME_SERVICES_DRIVER"}, {EV_EFI_GPT_EVENT, "EV_EFI_GPT_EVENT"}, {EV_EFI_ACTION, "EV_EFI_ACTION"}, {EV_EFI_PLATFORM_FIRMWARE_BLOB, "EV_EFI_PLATFORM_FIRMWARE_BLOB"}, {EV_EFI_HANDOFF_TABLES, "EV_EFI_HANDOFF_TABLES"}, {EV_EFI_HCRTM_EVENT, "EV_EFI_HCRTM_EVENT"}, {EV_EFI_VARIABLE_AUTHORITY, "EV_EFI_VARIABLE_AUTHORITY"} }; static void TSS_EVENT_EventType_Trace(uint32_t eventType) { size_t i; for (i = 0 ; i < sizeof(eventTypeTable) / sizeof(EVENT_TYPE_TABLE) ; i++) { if (eventTypeTable[i].eventType == eventType) { printf("TSS_EVENT_EventType_Trace: %08x %s\n", eventTypeTable[i].eventType, eventTypeTable[i].text); return; } } printf("TSS_EVENT_EventType_Trace: %08x Unknown\n", eventType); return; } const char *TSS_EVENT_EventTypeToString(uint32_t eventType) { const char *crc = NULL; size_t i; for (i = 0 ; i < sizeof(eventTypeTable) / sizeof(EVENT_TYPE_TABLE) ; i++) { if (eventTypeTable[i].eventType == eventType) { crc = eventTypeTable[i].text; } } if (crc == NULL) { crc = "Unknown event type"; } return crc; } ./utils/tssauth.c0000644000175000017500000013503013040237116012161 0ustar lo1lo1/********************************************************************************/ /* */ /* TSS Authorization */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssauth.c 916 2017-01-19 22:31:42Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* This layer handles command and response packet authorization parameters. */ #include #include #include #include #include #ifdef TPM_POSIX #include #endif #ifdef TPM_WINDOWS #include #endif #include #include #include #include #include #include #include "tssproperties.h" #include #ifdef TPM_NUVOTON #include "ntc2lib.h" #include "tssntc.h" #endif #include "tssauth.h" extern int tssVerbose; extern int tssVverbose; /* Generic functions to marshal and unmarshal Part 3 ordinal command and response parameters */ typedef TPM_RC (*MarshalInFunction_t)(COMMAND_PARAMETERS *source, UINT16 *written, BYTE **buffer, INT32 *size); typedef TPM_RC (*UnmarshalOutFunction_t)(RESPONSE_PARAMETERS *target, TPM_ST tag, BYTE **buffer, INT32 *size); typedef TPM_RC (*UnmarshalInFunction_t)(COMMAND_PARAMETERS *target, BYTE **buffer, INT32 *size, TPM_HANDLE handles[]); typedef struct MARSHAL_TABLE { TPM_CC commandCode; const char *commandText; MarshalInFunction_t marshalInFunction; /* marshal input command */ UnmarshalOutFunction_t unmarshalOutFunction; /* unmarshal output response */ UnmarshalInFunction_t unmarshalInFunction; /* unmarshal input command for parameter checking */ } MARSHAL_TABLE; static const MARSHAL_TABLE marshalTable [] = { {TPM_CC_Startup, "TPM2_Startup", (MarshalInFunction_t)TSS_Startup_In_Marshal, NULL, (UnmarshalInFunction_t)Startup_In_Unmarshal}, {TPM_CC_Shutdown, "TPM2_Shutdown", (MarshalInFunction_t)TSS_Shutdown_In_Marshal, NULL, (UnmarshalInFunction_t)Shutdown_In_Unmarshal}, {TPM_CC_SelfTest, "TPM2_SelfTest", (MarshalInFunction_t)TSS_SelfTest_In_Marshal, NULL, (UnmarshalInFunction_t)SelfTest_In_Unmarshal}, {TPM_CC_IncrementalSelfTest, "TPM2_IncrementalSelfTest", (MarshalInFunction_t)TSS_IncrementalSelfTest_In_Marshal, (UnmarshalOutFunction_t)TSS_IncrementalSelfTest_Out_Unmarshal, (UnmarshalInFunction_t)IncrementalSelfTest_In_Unmarshal}, {TPM_CC_GetTestResult, "TPM2_GetTestResult", NULL, (UnmarshalOutFunction_t)TSS_GetTestResult_Out_Unmarshal, NULL}, {TPM_CC_StartAuthSession, "TPM2_StartAuthSession", (MarshalInFunction_t)TSS_StartAuthSession_In_Marshal, (UnmarshalOutFunction_t)TSS_StartAuthSession_Out_Unmarshal, (UnmarshalInFunction_t)StartAuthSession_In_Unmarshal}, {TPM_CC_PolicyRestart, "TPM2_PolicyRestart", (MarshalInFunction_t)TSS_PolicyRestart_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyRestart_In_Unmarshal}, {TPM_CC_Create, "TPM2_Create", (MarshalInFunction_t)TSS_Create_In_Marshal, (UnmarshalOutFunction_t)TSS_Create_Out_Unmarshal, (UnmarshalInFunction_t)Create_In_Unmarshal}, {TPM_CC_Load, "TPM2_Load", (MarshalInFunction_t)TSS_Load_In_Marshal, (UnmarshalOutFunction_t)TSS_Load_Out_Unmarshal, (UnmarshalInFunction_t)Load_In_Unmarshal}, {TPM_CC_LoadExternal, "TPM2_LoadExternal", (MarshalInFunction_t)TSS_LoadExternal_In_Marshal, (UnmarshalOutFunction_t)TSS_LoadExternal_Out_Unmarshal, (UnmarshalInFunction_t)LoadExternal_In_Unmarshal}, {TPM_CC_ReadPublic, "TPM2_ReadPublic", (MarshalInFunction_t)TSS_ReadPublic_In_Marshal, (UnmarshalOutFunction_t)TSS_ReadPublic_Out_Unmarshal, (UnmarshalInFunction_t)ReadPublic_In_Unmarshal}, {TPM_CC_ActivateCredential, "TPM2_ActivateCredential", (MarshalInFunction_t)TSS_ActivateCredential_In_Marshal, (UnmarshalOutFunction_t)TSS_ActivateCredential_Out_Unmarshal, (UnmarshalInFunction_t)ActivateCredential_In_Unmarshal}, {TPM_CC_MakeCredential, "TPM2_MakeCredential", (MarshalInFunction_t)TSS_MakeCredential_In_Marshal, (UnmarshalOutFunction_t)TSS_MakeCredential_Out_Unmarshal, (UnmarshalInFunction_t)MakeCredential_In_Unmarshal}, {TPM_CC_Unseal, "TPM2_Unseal", (MarshalInFunction_t)TSS_Unseal_In_Marshal, (UnmarshalOutFunction_t)TSS_Unseal_Out_Unmarshal, (UnmarshalInFunction_t)Unseal_In_Unmarshal}, {TPM_CC_ObjectChangeAuth, "TPM2_ObjectChangeAuth", (MarshalInFunction_t)TSS_ObjectChangeAuth_In_Marshal, (UnmarshalOutFunction_t)TSS_ObjectChangeAuth_Out_Unmarshal, (UnmarshalInFunction_t)ObjectChangeAuth_In_Unmarshal}, {TPM_CC_CreateLoaded, "TPM2_CreateLoaded", (MarshalInFunction_t)TSS_CreateLoaded_In_Marshal, (UnmarshalOutFunction_t)TSS_CreateLoaded_Out_Unmarshal, (UnmarshalInFunction_t)CreateLoaded_In_Unmarshal}, {TPM_CC_Duplicate, "TPM2_Duplicate", (MarshalInFunction_t)TSS_Duplicate_In_Marshal, (UnmarshalOutFunction_t)TSS_Duplicate_Out_Unmarshal, (UnmarshalInFunction_t)Duplicate_In_Unmarshal}, {TPM_CC_Rewrap, "TPM2_Rewrap", (MarshalInFunction_t)TSS_Rewrap_In_Marshal, (UnmarshalOutFunction_t)TSS_Rewrap_Out_Unmarshal, (UnmarshalInFunction_t)Rewrap_In_Unmarshal}, {TPM_CC_Import, "TPM2_Import", (MarshalInFunction_t)TSS_Import_In_Marshal, (UnmarshalOutFunction_t)TSS_Import_Out_Unmarshal, (UnmarshalInFunction_t)Import_In_Unmarshal}, {TPM_CC_RSA_Encrypt, "TPM2_RSA_Encrypt", (MarshalInFunction_t)TSS_RSA_Encrypt_In_Marshal, (UnmarshalOutFunction_t)TSS_RSA_Encrypt_Out_Unmarshal, (UnmarshalInFunction_t)RSA_Encrypt_In_Unmarshal}, {TPM_CC_RSA_Decrypt, "TPM2_RSA_Decrypt", (MarshalInFunction_t)TSS_RSA_Decrypt_In_Marshal, (UnmarshalOutFunction_t)TSS_RSA_Decrypt_Out_Unmarshal, (UnmarshalInFunction_t)RSA_Decrypt_In_Unmarshal}, {TPM_CC_ECDH_KeyGen, "TPM2_ECDH_KeyGen", (MarshalInFunction_t)TSS_ECDH_KeyGen_In_Marshal, (UnmarshalOutFunction_t)TSS_ECDH_KeyGen_Out_Unmarshal, (UnmarshalInFunction_t)ECDH_KeyGen_In_Unmarshal}, {TPM_CC_ECDH_ZGen, "TPM2_ECDH_ZGen", (MarshalInFunction_t)TSS_ECDH_ZGen_In_Marshal, (UnmarshalOutFunction_t)TSS_ECDH_ZGen_Out_Unmarshal, (UnmarshalInFunction_t)ECDH_ZGen_In_Unmarshal}, {TPM_CC_ECC_Parameters, "TPM2_ECC_Parameters", (MarshalInFunction_t)TSS_ECC_Parameters_In_Marshal, (UnmarshalOutFunction_t)TSS_ECC_Parameters_Out_Unmarshal, (UnmarshalInFunction_t)ECC_Parameters_In_Unmarshal}, {TPM_CC_ZGen_2Phase, "TPM2_ZGen_2Phase", (MarshalInFunction_t)TSS_ZGen_2Phase_In_Marshal, (UnmarshalOutFunction_t)TSS_ZGen_2Phase_Out_Unmarshal, (UnmarshalInFunction_t)ZGen_2Phase_In_Unmarshal}, {TPM_CC_EncryptDecrypt, "TPM2_EncryptDecrypt", (MarshalInFunction_t)TSS_EncryptDecrypt_In_Marshal, (UnmarshalOutFunction_t)TSS_EncryptDecrypt_Out_Unmarshal, (UnmarshalInFunction_t)EncryptDecrypt_In_Unmarshal}, {TPM_CC_EncryptDecrypt2, "TPM2_EncryptDecrypt2", (MarshalInFunction_t)TSS_EncryptDecrypt2_In_Marshal, (UnmarshalOutFunction_t)TSS_EncryptDecrypt2_Out_Unmarshal, (UnmarshalInFunction_t)EncryptDecrypt2_In_Unmarshal}, {TPM_CC_Hash, "TPM2_Hash", (MarshalInFunction_t)TSS_Hash_In_Marshal, (UnmarshalOutFunction_t)TSS_Hash_Out_Unmarshal, (UnmarshalInFunction_t)Hash_In_Unmarshal}, {TPM_CC_HMAC, "TPM2_HMAC", (MarshalInFunction_t)TSS_HMAC_In_Marshal, (UnmarshalOutFunction_t)TSS_HMAC_Out_Unmarshal, (UnmarshalInFunction_t)HMAC_In_Unmarshal}, {TPM_CC_GetRandom, "TPM2_GetRandom", (MarshalInFunction_t)TSS_GetRandom_In_Marshal, (UnmarshalOutFunction_t)TSS_GetRandom_Out_Unmarshal, (UnmarshalInFunction_t)GetRandom_In_Unmarshal}, {TPM_CC_StirRandom, "TPM2_StirRandom", (MarshalInFunction_t)TSS_StirRandom_In_Marshal, NULL, (UnmarshalInFunction_t)StirRandom_In_Unmarshal}, {TPM_CC_HMAC_Start, "TPM2_HMAC_Start", (MarshalInFunction_t)TSS_HMAC_Start_In_Marshal, (UnmarshalOutFunction_t)TSS_HMAC_Start_Out_Unmarshal, (UnmarshalInFunction_t)HMAC_Start_In_Unmarshal}, {TPM_CC_HashSequenceStart, "TPM2_HashSequenceStart", (MarshalInFunction_t)TSS_HashSequenceStart_In_Marshal, (UnmarshalOutFunction_t)TSS_HashSequenceStart_Out_Unmarshal, (UnmarshalInFunction_t)HashSequenceStart_In_Unmarshal}, {TPM_CC_SequenceUpdate, "TPM2_SequenceUpdate", (MarshalInFunction_t)TSS_SequenceUpdate_In_Marshal, NULL, (UnmarshalInFunction_t)SequenceUpdate_In_Unmarshal}, {TPM_CC_SequenceComplete, "TPM2_SequenceComplete", (MarshalInFunction_t)TSS_SequenceComplete_In_Marshal, (UnmarshalOutFunction_t)TSS_SequenceComplete_Out_Unmarshal, (UnmarshalInFunction_t)SequenceComplete_In_Unmarshal}, {TPM_CC_EventSequenceComplete, "TPM2_EventSequenceComplete", (MarshalInFunction_t)TSS_EventSequenceComplete_In_Marshal, (UnmarshalOutFunction_t)TSS_EventSequenceComplete_Out_Unmarshal, (UnmarshalInFunction_t)EventSequenceComplete_In_Unmarshal}, {TPM_CC_Certify, "TPM2_Certify", (MarshalInFunction_t)TSS_Certify_In_Marshal, (UnmarshalOutFunction_t)TSS_Certify_Out_Unmarshal, (UnmarshalInFunction_t)Certify_In_Unmarshal}, {TPM_CC_CertifyCreation, "TPM2_CertifyCreation", (MarshalInFunction_t)TSS_CertifyCreation_In_Marshal, (UnmarshalOutFunction_t)TSS_CertifyCreation_Out_Unmarshal, (UnmarshalInFunction_t)CertifyCreation_In_Unmarshal}, {TPM_CC_Quote, "TPM2_Quote", (MarshalInFunction_t)TSS_Quote_In_Marshal, (UnmarshalOutFunction_t)TSS_Quote_Out_Unmarshal, (UnmarshalInFunction_t)Quote_In_Unmarshal}, {TPM_CC_GetSessionAuditDigest, "TPM2_GetSessionAuditDigest", (MarshalInFunction_t)TSS_GetSessionAuditDigest_In_Marshal, (UnmarshalOutFunction_t)TSS_GetSessionAuditDigest_Out_Unmarshal, (UnmarshalInFunction_t)GetSessionAuditDigest_In_Unmarshal}, {TPM_CC_GetCommandAuditDigest, "TPM2_GetCommandAuditDigest", (MarshalInFunction_t)TSS_GetCommandAuditDigest_In_Marshal, (UnmarshalOutFunction_t)TSS_GetCommandAuditDigest_Out_Unmarshal, (UnmarshalInFunction_t)GetCommandAuditDigest_In_Unmarshal}, {TPM_CC_GetTime, "TPM2_GetTime", (MarshalInFunction_t)TSS_GetTime_In_Marshal, (UnmarshalOutFunction_t)TSS_GetTime_Out_Unmarshal, (UnmarshalInFunction_t)GetTime_In_Unmarshal}, {TPM_CC_Commit, "TPM2_Commit", (MarshalInFunction_t)TSS_Commit_In_Marshal, (UnmarshalOutFunction_t)TSS_Commit_Out_Unmarshal, (UnmarshalInFunction_t)Commit_In_Unmarshal}, {TPM_CC_EC_Ephemeral, "TPM2_EC_Ephemeral", (MarshalInFunction_t)TSS_EC_Ephemeral_In_Marshal, (UnmarshalOutFunction_t)TSS_EC_Ephemeral_Out_Unmarshal, (UnmarshalInFunction_t)EC_Ephemeral_In_Unmarshal}, {TPM_CC_VerifySignature, "TPM2_VerifySignature", (MarshalInFunction_t)TSS_VerifySignature_In_Marshal, (UnmarshalOutFunction_t)TSS_VerifySignature_Out_Unmarshal, (UnmarshalInFunction_t)VerifySignature_In_Unmarshal}, {TPM_CC_Sign, "TPM2_Sign", (MarshalInFunction_t)TSS_Sign_In_Marshal, (UnmarshalOutFunction_t)TSS_Sign_Out_Unmarshal, (UnmarshalInFunction_t)Sign_In_Unmarshal}, {TPM_CC_SetCommandCodeAuditStatus, "TPM2_SetCommandCodeAuditStatus", (MarshalInFunction_t)TSS_SetCommandCodeAuditStatus_In_Marshal, NULL, (UnmarshalInFunction_t)SetCommandCodeAuditStatus_In_Unmarshal}, {TPM_CC_PCR_Extend, "TPM2_PCR_Extend", (MarshalInFunction_t)TSS_PCR_Extend_In_Marshal, NULL, (UnmarshalInFunction_t)PCR_Extend_In_Unmarshal}, {TPM_CC_PCR_Event, "TPM2_PCR_Event", (MarshalInFunction_t)TSS_PCR_Event_In_Marshal, (UnmarshalOutFunction_t)TSS_PCR_Event_Out_Unmarshal, (UnmarshalInFunction_t)PCR_Event_In_Unmarshal}, {TPM_CC_PCR_Read, "TPM2_PCR_Read", (MarshalInFunction_t)TSS_PCR_Read_In_Marshal, (UnmarshalOutFunction_t)TSS_PCR_Read_Out_Unmarshal, (UnmarshalInFunction_t)PCR_Read_In_Unmarshal}, {TPM_CC_PCR_Allocate, "TPM2_PCR_Allocate", (MarshalInFunction_t)TSS_PCR_Allocate_In_Marshal, (UnmarshalOutFunction_t)TSS_PCR_Allocate_Out_Unmarshal, (UnmarshalInFunction_t)PCR_Allocate_In_Unmarshal}, {TPM_CC_PCR_SetAuthPolicy, "TPM2_PCR_SetAuthPolicy", (MarshalInFunction_t)TSS_PCR_SetAuthPolicy_In_Marshal, NULL, (UnmarshalInFunction_t)PCR_SetAuthPolicy_In_Unmarshal}, {TPM_CC_PCR_SetAuthValue, "TPM2_PCR_SetAuthValue", (MarshalInFunction_t)TSS_PCR_SetAuthValue_In_Marshal, NULL, (UnmarshalInFunction_t)PCR_SetAuthValue_In_Unmarshal}, {TPM_CC_PCR_Reset, "TPM2_PCR_Reset", (MarshalInFunction_t)TSS_PCR_Reset_In_Marshal, NULL, (UnmarshalInFunction_t)PCR_Reset_In_Unmarshal}, {TPM_CC_PolicySigned, "TPM2_PolicySigned", (MarshalInFunction_t)TSS_PolicySigned_In_Marshal, (UnmarshalOutFunction_t)TSS_PolicySigned_Out_Unmarshal, (UnmarshalInFunction_t)PolicySigned_In_Unmarshal}, {TPM_CC_PolicySecret, "TPM2_PolicySecret", (MarshalInFunction_t)TSS_PolicySecret_In_Marshal, (UnmarshalOutFunction_t)TSS_PolicySecret_Out_Unmarshal, (UnmarshalInFunction_t)PolicySecret_In_Unmarshal}, {TPM_CC_PolicyTicket, "TPM2_PolicyTicket", (MarshalInFunction_t)TSS_PolicyTicket_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyTicket_In_Unmarshal}, {TPM_CC_PolicyOR, "TPM2_PolicyOR", (MarshalInFunction_t)TSS_PolicyOR_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyOR_In_Unmarshal}, {TPM_CC_PolicyPCR, "TPM2_PolicyPCR", (MarshalInFunction_t)TSS_PolicyPCR_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyPCR_In_Unmarshal}, {TPM_CC_PolicyLocality, "TPM2_PolicyLocality", (MarshalInFunction_t)TSS_PolicyLocality_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyLocality_In_Unmarshal}, {TPM_CC_PolicyNV, "TPM2_PolicyNV", (MarshalInFunction_t)TSS_PolicyNV_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyNV_In_Unmarshal}, {TPM_CC_PolicyAuthorizeNV, "TPM2_PolicyAuthorizeNV", (MarshalInFunction_t)TSS_PolicyAuthorizeNV_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyAuthorizeNV_In_Unmarshal}, {TPM_CC_PolicyCounterTimer, "TPM2_PolicyCounterTimer", (MarshalInFunction_t)TSS_PolicyCounterTimer_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyCounterTimer_In_Unmarshal}, {TPM_CC_PolicyCommandCode, "TPM2_PolicyCommandCode", (MarshalInFunction_t)TSS_PolicyCommandCode_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyCommandCode_In_Unmarshal}, {TPM_CC_PolicyPhysicalPresence, "TPM2_PolicyPhysicalPresence", (MarshalInFunction_t)TSS_PolicyPhysicalPresence_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyPhysicalPresence_In_Unmarshal}, {TPM_CC_PolicyCpHash, "TPM2_PolicyCpHash", (MarshalInFunction_t)TSS_PolicyCpHash_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyCpHash_In_Unmarshal}, {TPM_CC_PolicyNameHash, "TPM2_PolicyNameHash", (MarshalInFunction_t)TSS_PolicyNameHash_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyNameHash_In_Unmarshal}, {TPM_CC_PolicyDuplicationSelect, "TPM2_PolicyDuplicationSelect", (MarshalInFunction_t)TSS_PolicyDuplicationSelect_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyDuplicationSelect_In_Unmarshal}, {TPM_CC_PolicyAuthorize, "TPM2_PolicyAuthorize", (MarshalInFunction_t)TSS_PolicyAuthorize_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyAuthorize_In_Unmarshal}, {TPM_CC_PolicyAuthValue, "TPM2_PolicyAuthValue", (MarshalInFunction_t)TSS_PolicyAuthValue_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyAuthValue_In_Unmarshal}, {TPM_CC_PolicyPassword, "TPM2_PolicyPassword", (MarshalInFunction_t)TSS_PolicyPassword_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyPassword_In_Unmarshal}, {TPM_CC_PolicyGetDigest, "TPM2_PolicyGetDigest", (MarshalInFunction_t)TSS_PolicyGetDigest_In_Marshal, (UnmarshalOutFunction_t)TSS_PolicyGetDigest_Out_Unmarshal, (UnmarshalInFunction_t)PolicyGetDigest_In_Unmarshal}, {TPM_CC_PolicyNvWritten, "TPM2_PolicyNvWritten", (MarshalInFunction_t)TSS_PolicyNvWritten_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyNvWritten_In_Unmarshal}, {TPM_CC_PolicyTemplate, "TPM2_PolicyTemplate", (MarshalInFunction_t)TSS_PolicyTemplate_In_Marshal, NULL, (UnmarshalInFunction_t)PolicyTemplate_In_Unmarshal}, {TPM_CC_CreatePrimary, "TPM2_CreatePrimary", (MarshalInFunction_t)TSS_CreatePrimary_In_Marshal, (UnmarshalOutFunction_t)TSS_CreatePrimary_Out_Unmarshal, (UnmarshalInFunction_t)CreatePrimary_In_Unmarshal}, {TPM_CC_HierarchyControl, "TPM2_HierarchyControl", (MarshalInFunction_t)TSS_HierarchyControl_In_Marshal, NULL, (UnmarshalInFunction_t)HierarchyControl_In_Unmarshal}, {TPM_CC_SetPrimaryPolicy, "TPM2_SetPrimaryPolicy", (MarshalInFunction_t)TSS_SetPrimaryPolicy_In_Marshal, NULL, (UnmarshalInFunction_t)SetPrimaryPolicy_In_Unmarshal}, {TPM_CC_ChangePPS, "TPM2_ChangePPS", (MarshalInFunction_t)TSS_ChangePPS_In_Marshal, NULL, (UnmarshalInFunction_t)ChangePPS_In_Unmarshal}, {TPM_CC_ChangeEPS, "TPM2_ChangeEPS", (MarshalInFunction_t)TSS_ChangeEPS_In_Marshal, NULL, (UnmarshalInFunction_t)ChangeEPS_In_Unmarshal}, {TPM_CC_Clear, "TPM2_Clear", (MarshalInFunction_t)TSS_Clear_In_Marshal, NULL, (UnmarshalInFunction_t)Clear_In_Unmarshal}, {TPM_CC_ClearControl, "TPM2_ClearControl", (MarshalInFunction_t)TSS_ClearControl_In_Marshal, NULL, (UnmarshalInFunction_t)ClearControl_In_Unmarshal}, {TPM_CC_HierarchyChangeAuth, "TPM2_HierarchyChangeAuth", (MarshalInFunction_t)TSS_HierarchyChangeAuth_In_Marshal, NULL, (UnmarshalInFunction_t)HierarchyChangeAuth_In_Unmarshal}, {TPM_CC_DictionaryAttackLockReset, "TPM2_DictionaryAttackLockReset", (MarshalInFunction_t)TSS_DictionaryAttackLockReset_In_Marshal, NULL, (UnmarshalInFunction_t)DictionaryAttackLockReset_In_Unmarshal}, {TPM_CC_DictionaryAttackParameters, "TPM2_DictionaryAttackParameters", (MarshalInFunction_t)TSS_DictionaryAttackParameters_In_Marshal, NULL, (UnmarshalInFunction_t)DictionaryAttackParameters_In_Unmarshal}, {TPM_CC_PP_Commands, "TPM2_PP_Commands", (MarshalInFunction_t)TSS_PP_Commands_In_Marshal, NULL, (UnmarshalInFunction_t)PP_Commands_In_Unmarshal}, {TPM_CC_SetAlgorithmSet, "TPM2_SetAlgorithmSet", (MarshalInFunction_t)TSS_SetAlgorithmSet_In_Marshal, NULL, (UnmarshalInFunction_t)SetAlgorithmSet_In_Unmarshal}, {TPM_CC_ContextSave, "TPM2_ContextSave", (MarshalInFunction_t)TSS_ContextSave_In_Marshal, (UnmarshalOutFunction_t)TSS_ContextSave_Out_Unmarshal, (UnmarshalInFunction_t)ContextSave_In_Unmarshal}, {TPM_CC_ContextLoad, "TPM2_ContextLoad", (MarshalInFunction_t)TSS_ContextLoad_In_Marshal, (UnmarshalOutFunction_t)TSS_ContextLoad_Out_Unmarshal, (UnmarshalInFunction_t)ContextLoad_In_Unmarshal}, {TPM_CC_FlushContext, "TPM2_FlushContext", (MarshalInFunction_t)TSS_FlushContext_In_Marshal, NULL, (UnmarshalInFunction_t)FlushContext_In_Unmarshal}, {TPM_CC_EvictControl, "TPM2_EvictControl", (MarshalInFunction_t)TSS_EvictControl_In_Marshal, NULL, (UnmarshalInFunction_t)EvictControl_In_Unmarshal}, {TPM_CC_ReadClock, "TPM2_ReadClock", NULL, (UnmarshalOutFunction_t)TSS_ReadClock_Out_Unmarshal, NULL}, {TPM_CC_ClockSet, "TPM2_ClockSet", (MarshalInFunction_t)TSS_ClockSet_In_Marshal, NULL, (UnmarshalInFunction_t)ClockSet_In_Unmarshal}, {TPM_CC_ClockRateAdjust, "TPM2_ClockRateAdjust", (MarshalInFunction_t)TSS_ClockRateAdjust_In_Marshal, NULL, (UnmarshalInFunction_t)ClockRateAdjust_In_Unmarshal}, {TPM_CC_GetCapability, "TPM2_GetCapability", (MarshalInFunction_t)TSS_GetCapability_In_Marshal, (UnmarshalOutFunction_t)TSS_GetCapability_Out_Unmarshal, (UnmarshalInFunction_t)GetCapability_In_Unmarshal}, {TPM_CC_TestParms, "TPM2_TestParms", (MarshalInFunction_t)TSS_TestParms_In_Marshal, NULL, (UnmarshalInFunction_t)TestParms_In_Unmarshal}, {TPM_CC_NV_DefineSpace, "TPM2_NV_DefineSpace", (MarshalInFunction_t)TSS_NV_DefineSpace_In_Marshal, NULL, (UnmarshalInFunction_t)NV_DefineSpace_In_Unmarshal}, {TPM_CC_NV_UndefineSpace, "TPM2_NV_UndefineSpace", (MarshalInFunction_t)TSS_NV_UndefineSpace_In_Marshal, NULL, (UnmarshalInFunction_t)NV_UndefineSpace_In_Unmarshal}, {TPM_CC_NV_UndefineSpaceSpecial, "TPM2_NV_UndefineSpaceSpecial", (MarshalInFunction_t)TSS_NV_UndefineSpaceSpecial_In_Marshal, NULL, (UnmarshalInFunction_t)NV_UndefineSpaceSpecial_In_Unmarshal}, {TPM_CC_NV_ReadPublic, "TPM2_NV_ReadPublic", (MarshalInFunction_t)TSS_NV_ReadPublic_In_Marshal, (UnmarshalOutFunction_t)TSS_NV_ReadPublic_Out_Unmarshal, (UnmarshalInFunction_t)NV_ReadPublic_In_Unmarshal}, {TPM_CC_NV_Write, "TPM2_NV_Write", (MarshalInFunction_t)TSS_NV_Write_In_Marshal, NULL, (UnmarshalInFunction_t)NV_Write_In_Unmarshal}, {TPM_CC_NV_Increment, "TPM2_NV_Increment", (MarshalInFunction_t)TSS_NV_Increment_In_Marshal, NULL, (UnmarshalInFunction_t)NV_Increment_In_Unmarshal}, {TPM_CC_NV_Extend, "TPM2_NV_Extend", (MarshalInFunction_t)TSS_NV_Extend_In_Marshal, NULL, (UnmarshalInFunction_t)NV_Extend_In_Unmarshal}, {TPM_CC_NV_SetBits, "TPM2_NV_SetBits", (MarshalInFunction_t)TSS_NV_SetBits_In_Marshal, NULL, (UnmarshalInFunction_t)NV_SetBits_In_Unmarshal}, {TPM_CC_NV_WriteLock, "TPM2_NV_WriteLock", (MarshalInFunction_t)TSS_NV_WriteLock_In_Marshal, NULL, (UnmarshalInFunction_t)NV_WriteLock_In_Unmarshal}, {TPM_CC_NV_GlobalWriteLock, "TPM2_NV_GlobalWriteLock", (MarshalInFunction_t)TSS_NV_GlobalWriteLock_In_Marshal, NULL, (UnmarshalInFunction_t)NV_GlobalWriteLock_In_Unmarshal}, {TPM_CC_NV_Read, "TPM2_NV_Read", (MarshalInFunction_t)TSS_NV_Read_In_Marshal, (UnmarshalOutFunction_t)TSS_NV_Read_Out_Unmarshal, (UnmarshalInFunction_t)NV_Read_In_Unmarshal}, {TPM_CC_NV_ReadLock, "TPM2_NV_ReadLock", (MarshalInFunction_t)TSS_NV_ReadLock_In_Marshal, NULL, (UnmarshalInFunction_t)NV_ReadLock_In_Unmarshal}, {TPM_CC_NV_ChangeAuth, "TPM2_NV_ChangeAuth", (MarshalInFunction_t)TSS_NV_ChangeAuth_In_Marshal, NULL, (UnmarshalInFunction_t)NV_ChangeAuth_In_Unmarshal}, {TPM_CC_NV_Certify, "TPM2_NV_Certify", (MarshalInFunction_t)TSS_NV_Certify_In_Marshal, (UnmarshalOutFunction_t)TSS_NV_Certify_Out_Unmarshal, (UnmarshalInFunction_t)NV_Certify_In_Unmarshal} #ifdef TPM_NUVOTON , {NTC2_CC_PreConfig,"NTC2_CC_PreConfig", (MarshalInFunction_t)TSS_NTC2_PreConfig_In_Marshal, NULL, (UnmarshalInFunction_t)NTC2_PreConfig_In_Unmarshal}, {NTC2_CC_LockPreConfig,"NTC2_CC_LockPreConfig", NULL, NULL, NULL}, {NTC2_CC_GetConfig,"NTC2_CC_GetConfig", NULL, (UnmarshalOutFunction_t)TSS_NTC2_GetConfig_Out_Unmarshal, NULL} #endif }; /* The context for the entire command processor. Update TSS_InitAuthContext() when changing this structure */ struct TSS_AUTH_CONTEXT { uint8_t commandBuffer [MAX_COMMAND_SIZE]; uint8_t responseBuffer [MAX_RESPONSE_SIZE]; const char *commandText; COMMAND_INDEX tpmCommandIndex; /* index into attributes table */ TPM_CC commandCode; TPM_RC responseCode; uint32_t commandHandleCount; uint32_t responseHandleCount; uint16_t authCount; /* authorizations in command */ uint16_t commandSize; uint32_t cpBufferSize; uint8_t *cpBuffer; uint32_t responseSize; MarshalInFunction_t marshalInFunction; UnmarshalOutFunction_t unmarshalOutFunction; UnmarshalInFunction_t unmarshalInFunction; } ; static TPM_RC TSS_MarshalTable_Process(TSS_AUTH_CONTEXT *tssAuthContext, TPM_CC commandCode) { TPM_RC rc = 0; size_t index; int found = FALSE; /* get the command index in the dispatch table */ for (index = 0 ; index < (sizeof(marshalTable) / sizeof(MARSHAL_TABLE)) ; (index)++) { if (marshalTable[index].commandCode == commandCode) { found = TRUE; break; } } if (found) { tssAuthContext->commandCode = commandCode; tssAuthContext->commandText = marshalTable[index].commandText; tssAuthContext->marshalInFunction = marshalTable[index].marshalInFunction; tssAuthContext->unmarshalOutFunction = marshalTable[index].unmarshalOutFunction; tssAuthContext->unmarshalInFunction = marshalTable[index].unmarshalInFunction; } else { if (tssVerbose) printf("TSS_MarshalTable_Process: commandCode %08x not found\n", commandCode); rc = TSS_RC_COMMAND_UNIMPLEMENTED; } return rc; } TPM_RC TSS_AuthCreate(TSS_AUTH_CONTEXT **tssAuthContext) { TPM_RC rc = 0; if (rc == 0) { rc = TSS_Malloc((uint8_t **)tssAuthContext, sizeof(TSS_AUTH_CONTEXT)); } if (rc == 0) { TSS_InitAuthContext(*tssAuthContext); } return rc; } void TSS_InitAuthContext(TSS_AUTH_CONTEXT *tssAuthContext) { memset(tssAuthContext->commandBuffer, 0, MAX_COMMAND_SIZE); memset(tssAuthContext->responseBuffer, 0, MAX_RESPONSE_SIZE); tssAuthContext->commandText = NULL; tssAuthContext->commandCode = 0; tssAuthContext->responseCode = 0; tssAuthContext->commandHandleCount = 0; tssAuthContext->responseHandleCount = 0; tssAuthContext->authCount = 0; tssAuthContext->commandSize = 0; tssAuthContext->cpBufferSize = 0; tssAuthContext->cpBuffer = NULL; tssAuthContext->responseSize = 0; tssAuthContext->marshalInFunction = NULL; tssAuthContext->unmarshalOutFunction = NULL; tssAuthContext->unmarshalInFunction = NULL; } TPM_RC TSS_AuthDelete(TSS_AUTH_CONTEXT *tssAuthContext) { if (tssAuthContext != NULL) { TSS_InitAuthContext(tssAuthContext); free(tssAuthContext); } return 0; } /* TSS_Marshal() marshals the in parameters into the TSS context. It also sets other member of the context in preparation for the rest of the sequence. */ TPM_RC TSS_Marshal(TSS_AUTH_CONTEXT *tssAuthContext, COMMAND_PARAMETERS *in, TPM_CC commandCode) { TPM_RC rc = 0; TPMI_ST_COMMAND_TAG tag = TPM_ST_NO_SESSIONS; /* default until sessions are added */ uint8_t *buffer; /* for marshaling */ uint8_t *bufferu; /* for test unmarshaling */ INT32 size; TSS_InitAuthContext(tssAuthContext); /* index from command code to table and save items for this command */ if (rc == 0) { rc = TSS_MarshalTable_Process(tssAuthContext, commandCode); } /* get the number of command and response handles from the TPM table */ if (rc == 0) { tssAuthContext->tpmCommandIndex = CommandCodeToCommandIndex(commandCode); if (tssAuthContext->tpmCommandIndex == UNIMPLEMENTED_COMMAND_INDEX) { if (tssVerbose) printf("TSS_Marshal: commandCode %08x not found\n", commandCode); rc = TSS_RC_COMMAND_UNIMPLEMENTED; } } if (rc == 0) { #if 0 tssAuthContext->commandHandleCount = s_ccAttr[tssAuthContext->tpmCommandIndex].cHandles; tssAuthContext->responseHandleCount = s_ccAttr[tssAuthContext->tpmCommandIndex].rHandle; #endif tssAuthContext->commandHandleCount = getCommandHandleCount(tssAuthContext->tpmCommandIndex); tssAuthContext->responseHandleCount = getresponseHandleCount(tssAuthContext->tpmCommandIndex); } if (rc == 0) { /* make a copy of the command buffer and size since the marshal functions move them */ buffer = tssAuthContext->commandBuffer; size = MAX_COMMAND_SIZE; /* marshal header, preliminary tag and command size */ rc = TSS_TPMI_ST_COMMAND_TAG_Marshal(&tag, &tssAuthContext->commandSize, &buffer, &size); } if (rc == 0) { uint32_t commandSize = tssAuthContext->commandSize; rc = TSS_UINT32_Marshal(&commandSize, &tssAuthContext->commandSize, &buffer, &size); } if (rc == 0) { rc = TSS_TPM_CC_Marshal(&commandCode, &tssAuthContext->commandSize, &buffer, &size); } if (rc == 0) { /* save pointer to marshaled data for test unmarshal */ bufferu = buffer + tssAuthContext->commandHandleCount * sizeof(TPM_HANDLE); /* if there is a marshal function */ if (tssAuthContext->marshalInFunction != NULL) { /* if there is a structure to marshal */ if (in != NULL) { rc = tssAuthContext->marshalInFunction(in, &tssAuthContext->commandSize, &buffer, &size); } /* caller error, no structure supplied to marshal */ else { if (tssVerbose) printf("TSS_Marshal: Command %08x requires command parameter structure\n", commandCode); rc = TSS_RC_IN_PARAMETER; } } /* if there is no marshal function */ else { /* caller error, supplied structure but there is no marshal function */ if (in != NULL) { if (tssVerbose) printf("TSS_Marshal: Command %08x does not take command parameter structure\n", commandCode); rc = TSS_RC_IN_PARAMETER; } /* no marshal function and no command parameter structure is OK */ } } /* unmarshal to validate the input parameters */ if ((rc == 0) && (tssAuthContext->unmarshalInFunction != NULL)) { COMMAND_PARAMETERS target; TPM_HANDLE handles[MAX_HANDLE_NUM]; size = MAX_COMMAND_SIZE; rc = tssAuthContext->unmarshalInFunction(&target, &bufferu, &size, handles); if ((rc != 0) && tssVerbose) { printf("TSS_Marshal: Invalid command parameter\n"); } } /* back fill the correct commandSize */ if (rc == 0) { uint16_t written; /* dummy */ uint32_t commandSize = tssAuthContext->commandSize; buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG); TSS_UINT32_Marshal(&commandSize, &written, &buffer, NULL); } /* record the interim cpBuffer and cpBufferSize before adding authorizations */ if (rc == 0) { uint32_t notCpBufferSize; /* cpBuffer does not include the header and handles */ notCpBufferSize = sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) + (sizeof(TPM_HANDLE) * tssAuthContext->commandHandleCount); tssAuthContext->cpBuffer = tssAuthContext->commandBuffer + notCpBufferSize; tssAuthContext->cpBufferSize = tssAuthContext->commandSize - notCpBufferSize; } return rc; } /* TSS_Unmarshal() unmarshals the response parameter. It returns an error if either there is no unmarshal function and out is not NULL or if there is an unmarshal function and out is not NULL. If there is no unmarshal function and out is NULL, the function is a noop. */ TPM_RC TSS_Unmarshal(TSS_AUTH_CONTEXT *tssAuthContext, RESPONSE_PARAMETERS *out) { TPM_RC rc = 0; TPM_ST tag; uint8_t *buffer; INT32 size; /* if there is an unmarshal function */ if (tssAuthContext->unmarshalOutFunction != NULL) { /* if there is a structure to unmarshal */ if (out != NULL) { if (rc == 0) { /* get the response tag, determines whether there is a response parameterSize to unmarshal */ buffer = tssAuthContext->responseBuffer; size = tssAuthContext->responseSize; rc = TPM_ST_Unmarshal(&tag, &buffer, &size); } if (rc == 0) { /* move the buffer and size past the header */ buffer = tssAuthContext->responseBuffer + sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(TPM_RC); size = tssAuthContext->responseSize - (sizeof(TPM_ST) + sizeof(uint32_t) + sizeof(TPM_RC)); rc = tssAuthContext->unmarshalOutFunction(out, tag, &buffer, &size); } } /* caller error, no structure supplied to unmarshal */ else { if (tssVerbose) printf("TSS_Unmarshal: Command %08x requires response parameter structure\n", tssAuthContext->commandCode); rc = TSS_RC_OUT_PARAMETER; } } /* if there is no unmarshal function */ else { /* caller error, structure supplied but no unmarshal function */ if (out != NULL) { if (tssVerbose) printf("TSS_Unmarshal: Command %08x does not take response parameter structure\n", tssAuthContext->commandCode); rc = TSS_RC_OUT_PARAMETER; } /* no unmarshal function and no response parameter structure is OK */ } return rc; } /* TSS_SetCmdAuths() adds a list of TPMS_AUTH_COMMAND structures to the command buffer. The arguments are a NULL terminated list of TPMS_AUTH_COMMAND * structures. */ TPM_RC TSS_SetCmdAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...) { TPM_RC rc = 0; va_list ap; uint16_t authorizationSize; /* does not include 4 bytes of size */ TPMS_AUTH_COMMAND *authCommand = NULL; int done; uint32_t cpBufferSize; uint8_t *cpBuffer; uint8_t *buffer; /* calculate size of authorization area */ done = FALSE; authorizationSize = 0; va_start(ap, tssAuthContext); while ((rc == 0) && !done){ authCommand = va_arg(ap, TPMS_AUTH_COMMAND *); if (authCommand != NULL) { rc = TSS_TPMS_AUTH_COMMAND_Marshal(authCommand, &authorizationSize, NULL, NULL); } else { done = TRUE; } } va_end(ap); /* command called with authorizations */ if (authorizationSize != 0) { /* back fill the tag TPM_ST_SESSIONS */ if (rc == 0) { uint16_t written = 0; /* dummy */ TPMI_ST_COMMAND_TAG tag = TPM_ST_SESSIONS; buffer = tssAuthContext->commandBuffer; TSS_TPMI_ST_COMMAND_TAG_Marshal(&tag, &written, &buffer, NULL); } /* get cpBuffer, command parameters */ if (rc == 0) { rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer); } /* new authorization area range check, will cpBuffer move overflow */ if (cpBuffer + cpBufferSize + sizeof (uint32_t) + /* authorizationSize */ authorizationSize /* authorization area */ > tssAuthContext->commandBuffer + MAX_COMMAND_SIZE) { if (tssVerbose) printf("TSS_SetCmdAuths: Command authorizations overflow command buffer\n"); rc = TSS_RC_INSUFFICIENT_BUFFER; } /* move the cpBuffer to make space for the authorization area and its size */ if (rc == 0) { memmove(cpBuffer + sizeof (uint32_t) + authorizationSize, /* to here */ cpBuffer, /* from here */ cpBufferSize); } /* marshal the authorizationSize area, where cpBuffer was before move */ if (rc == 0) { uint32_t authorizationSize32 = authorizationSize; uint16_t written; /* dummy */ TSS_UINT32_Marshal(&authorizationSize32, &written, &cpBuffer, NULL); } /* marshal the command authorization areas */ done = FALSE; authorizationSize = 0; va_start(ap, tssAuthContext); while ((rc == 0) && !done){ authCommand = va_arg(ap, TPMS_AUTH_COMMAND *); if (authCommand != NULL) { rc = TSS_TPMS_AUTH_COMMAND_Marshal(authCommand, &authorizationSize, &cpBuffer, NULL); tssAuthContext->authCount++; /* count the number of authorizations for the response */ } else { done = TRUE; } } va_end(ap); if (rc == 0) { uint16_t written; /* dummy */ uint32_t commandSize; /* mark cpBuffer new location, size doesn't change */ tssAuthContext->cpBuffer += sizeof (uint32_t) + authorizationSize; /* record command stream used size */ tssAuthContext->commandSize += sizeof (uint32_t) + authorizationSize; /* back fill the correct commandSize */ buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG); commandSize = tssAuthContext->commandSize; TSS_UINT32_Marshal(&commandSize, &written, &buffer, NULL); } } return rc; } /* TSS_GetRspAuths() unmarshals a response buffer into a NULL terminated list of TPMS_AUTH_RESPONSE structures. This should not be called if the TPM returned a non-success response code. Returns an error if the number of response auths requested is not equal to the number of command auths, including zero. If the response tag is not TPM_ST_SESSIONS, the function is a noop (except for error checking). */ TPM_RC TSS_GetRspAuths(TSS_AUTH_CONTEXT *tssAuthContext, ...) { TPM_RC rc = 0; va_list ap; TPMS_AUTH_RESPONSE *authResponse = NULL; INT32 size; uint8_t *buffer; TPM_ST tag; int done; uint16_t authCount = 0; /* authorizations in response */ uint32_t parameterSize; /* unmarshal the response tag */ if (rc == 0) { size = tssAuthContext->responseSize; buffer = tssAuthContext->responseBuffer; rc = TPM_ST_Unmarshal(&tag, &buffer, &size); } /* check that the tag indicates that there are sessions */ if (tag == TPM_ST_SESSIONS) { /* offset the buffer past the header and handles, and get the response parameterSize */ if (rc == 0) { uint32_t offsetSize = sizeof(TPM_ST) + + sizeof (uint32_t) + sizeof(TPM_RC) + (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount); buffer = tssAuthContext->responseBuffer + offsetSize; size = tssAuthContext->responseSize - offsetSize; rc = UINT32_Unmarshal(¶meterSize, &buffer, &size); } if (rc == 0) { /* index past the response parameters to the authorization area */ buffer += parameterSize; size -= parameterSize; } /* unmarshal the response authorization area */ done = FALSE; va_start(ap, tssAuthContext); while ((rc == 0) && !done){ authResponse = va_arg(ap, TPMS_AUTH_RESPONSE *); if (authResponse != NULL) { rc = TPMS_AUTH_RESPONSE_Unmarshal(authResponse, &buffer, &size); authCount++; } else { done = TRUE; } } va_end(ap); /* check for extra bytes at the end of the response */ if (rc == 0) { if (size != 0) { if (tssVerbose) printf("TSS_GetRspAuths: Extra bytes at the end of response authorizations\n"); rc = TSS_RC_MALFORMED_RESPONSE; } } } /* check that the same number was requested as were sent in the command. Check for zero if not TPM_ST_SESSIONS */ if (rc == 0) { if (tssAuthContext->authCount != authCount) { if (tssVerbose) printf("TSS_GetRspAuths: " "Response authorizations requested does not equal number in command\n"); rc = TSS_RC_MALFORMED_RESPONSE; } } return rc; } TPM_CC TSS_GetCommandCode(TSS_AUTH_CONTEXT *tssAuthContext) { TPM_CC commandCode = tssAuthContext->commandCode; return commandCode; } TPM_RC TSS_GetCpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *cpBufferSize, uint8_t **cpBuffer) { *cpBufferSize = tssAuthContext->cpBufferSize; *cpBuffer = tssAuthContext->cpBuffer; return 0; } /* TSS_GetCommandDecryptParam() returns the size and pointer to the first marshaled TPM2B */ TPM_RC TSS_GetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *decryptParamSize, uint8_t **decryptParamBuffer) { TPM_RC rc = 0; /* the first parameter is the TPM2B */ uint32_t cpBufferSize; uint8_t *cpBuffer; if (rc == 0) { rc = TSS_GetCpBuffer(tssAuthContext, &cpBufferSize, &cpBuffer); } /* FIXME range checks */ /* extract contents of the first TPM2B */ if (rc == 0) { *decryptParamSize = ntohs(*(uint16_t *)cpBuffer); *decryptParamBuffer = cpBuffer + sizeof(uint16_t); } return rc; } TPM_RC TSS_SetCommandDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t encryptParamSize, uint8_t *encryptParamBuffer) { TPM_RC rc = 0; /* the first parameter is the TPM2B */ uint32_t decryptParamSize; uint8_t *decryptParamBuffer; if (rc == 0) { rc = TSS_GetCommandDecryptParam(tssAuthContext, &decryptParamSize, &decryptParamBuffer); } /* the encrypt data overwrites the already marshaled data */ if (rc == 0) { if (decryptParamSize != encryptParamSize) { if (tssVerbose) printf("TSS_SetCommandDecryptParam: Different encrypt and decrypt size\n"); rc = TSS_RC_BAD_ENCRYPT_SIZE; } } /* skip the 2B size, copy the data */ if (rc == 0) { memcpy(decryptParamBuffer, encryptParamBuffer, encryptParamSize); } return rc; } /* TSS_GetCommandHandleCount() returns the number of handles in the command area */ TPM_RC TSS_GetCommandHandleCount(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *commandHandleCount) { *commandHandleCount = tssAuthContext->commandHandleCount; return 0; } /* TSS_GetAuthRole() returns AUTH_NONE if the handle in the handle area cannot be an authorization handle. */ AUTH_ROLE TSS_GetAuthRole(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t handleIndex) { AUTH_ROLE authRole; authRole = getCommandAuthRole(tssAuthContext->tpmCommandIndex, handleIndex); return authRole; } /* TSS_GetCommandHandle() gets the command handle at the index. Index is a zero based count, not a byte count. Returns 0 if the index exceeds the number of handles. */ TPM_RC TSS_GetCommandHandle(TSS_AUTH_CONTEXT *tssAuthContext, TPM_HANDLE *commandHandle, uint32_t index) { TPM_RC rc = 0; uint8_t *buffer; INT32 size; if (rc == 0) { if (index >= tssAuthContext->commandHandleCount) { if (tssVerbose) printf("TSS_GetCommandHandle: index %u too large for command\n", index); rc = TSS_RC_BAD_HANDLE_NUMBER; } } if (rc == 0) { /* index into the command handle */ buffer = tssAuthContext->commandBuffer + sizeof(TPMI_ST_COMMAND_TAG) + sizeof (uint32_t) + sizeof(TPM_CC) + (sizeof(TPM_HANDLE) * index); size = sizeof(TPM_HANDLE); rc = TPM_HANDLE_Unmarshal(commandHandle, &buffer, &size); } return rc; } /* TSS_GetRpBuffer() returns a pointer to the response parameter area. FIXME missing range checks all over FIXME move to execute so it only has to be done once. */ TPM_RC TSS_GetRpBuffer(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *rpBufferSize, uint8_t **rpBuffer) { TPM_RC rc = 0; TPM_ST tag; /* response tag */ uint32_t offsetSize; /* to beginning of parameter area */ INT32 size; /* tmp for unmarshal */ uint8_t *buffer; /* tmp for unmarshal */ uint32_t parameterSize; /* response parameter (if sessions) */ /* unmarshal the response tag */ if (rc == 0) { size = tssAuthContext->responseSize; buffer = tssAuthContext->responseBuffer; rc = TPM_ST_Unmarshal(&tag, &buffer, &size); } if (rc == 0) { /* offset to parameterSize or parameters */ offsetSize = sizeof(TPM_ST) + + sizeof (uint32_t) + sizeof(TPM_RC) + (sizeof(TPM_HANDLE) * tssAuthContext->responseHandleCount); /* no sessions -> no parameterSize */ if (tag == TPM_ST_NO_SESSIONS) { *rpBufferSize = tssAuthContext->responseSize - offsetSize; *rpBuffer = tssAuthContext->responseBuffer + offsetSize; } /* sessions -> parameterSize */ else { if (rc == 0) { size = tssAuthContext->responseSize - offsetSize; buffer = tssAuthContext->responseBuffer + offsetSize; rc = UINT32_Unmarshal(¶meterSize, &buffer, &size); } /* FIXME need consistency check */ if (rc == 0) { offsetSize += sizeof(uint32_t); *rpBufferSize = parameterSize; *rpBuffer = tssAuthContext->responseBuffer + offsetSize; } } } return rc; } /* TSS_GetResponseEncryptParam() returns the first TPM2B in the response area. The caller should ensure that the first response parameter is a TPM2B. */ TPM_RC TSS_GetResponseEncryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t *encryptParamSize, uint8_t **encryptParamBuffer) { TPM_RC rc = 0; /* the first parameter is the TPM2B */ uint32_t rpBufferSize; uint8_t *rpBuffer; if (rc == 0) { rc = TSS_GetRpBuffer(tssAuthContext, &rpBufferSize, &rpBuffer); } /* FIXME range checks */ /* extract contents of the first TPM2B */ if (rc == 0) { *encryptParamSize = ntohs(*(uint16_t *)rpBuffer); *encryptParamBuffer = rpBuffer + sizeof(uint16_t); } return rc; } /* TSS_GetResponseEncryptParam() copies the decryptParamBuffer into the first TPM2B in the response area. The caller should ensure that the first response parameter is a TPM2B. */ TPM_RC TSS_SetResponseDecryptParam(TSS_AUTH_CONTEXT *tssAuthContext, uint32_t decryptParamSize, uint8_t *decryptParamBuffer) { TPM_RC rc = 0; /* the first parameter is the TPM2B */ uint32_t encryptParamSize; uint8_t *encryptParamBuffer; if (rc == 0) { rc = TSS_GetResponseEncryptParam(tssAuthContext, &encryptParamSize, &encryptParamBuffer); } /* the decrypt data overwrites the already marshaled data */ if (rc == 0) { if (decryptParamSize != encryptParamSize) { if (tssVerbose) printf("TSS_SetCommandDecryptParam: Different encrypt and decrypt size\n"); rc = TSS_RC_BAD_ENCRYPT_SIZE; } } /* skip the 2B size, copy the data */ if (rc == 0) { memcpy(encryptParamBuffer, decryptParamBuffer, decryptParamSize); } return rc; } TPM_RC TSS_AuthExecute(TSS_CONTEXT *tssContext) { TPM_RC rc = 0; if (tssVverbose) printf("TSS_AuthExecute: Executing %s\n", tssContext->tssAuthContext->commandText); /* transmit the command and receive the response. Normally returns the TPM response code. */ if (rc == 0) { rc = TSS_Transmit(tssContext, tssContext->tssAuthContext->responseBuffer, &tssContext->tssAuthContext->responseSize, tssContext->tssAuthContext->commandBuffer, tssContext->tssAuthContext->commandSize, tssContext->tssAuthContext->commandText); } return rc; } ./utils/objectchangeauth.c0000644000175000017500000001775713075204375014014 0ustar lo1lo1/********************************************************************************/ /* */ /* ObjectChangeAuth */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: objectchangeauth.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; ObjectChangeAuth_In in; ObjectChangeAuth_Out out; TPMI_DH_OBJECT parentHandle = TPM_RH_NULL; TPMI_DH_OBJECT objectHandle = TPM_RH_NULL; const char *objectPassword = NULL; const char *newPassword = NULL; const char *privateKeyFilename = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (parentHandle == TPM_RH_NULL) { printf("Missing or bad parent handle parameter -hp\n"); printUsage(); } if (objectHandle == TPM_RH_NULL) { printf("Missing or bad object handle parameter -ho\n"); printUsage(); } if (rc == 0) { in.objectHandle = objectHandle; in.parentHandle = parentHandle; } /* convert password string to TPM2B */ if (rc == 0) { if (newPassword == NULL) { in.newAuth.t.size = 0; } else { rc = TSS_TPM2B_StringCopy(&in.newAuth.b, newPassword, sizeof(TPMU_HA)); } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_ObjectChangeAuth, sessionHandle0, objectPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* save the private key */ if ((rc == 0) && (privateKeyFilename != NULL)) { rc = TSS_File_WriteStructure(&out.outPrivate, (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal, privateKeyFilename); } if (rc == 0) { if (verbose) printf("objectchangeauth: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("objectchangeauth: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("objectchangeauth\n"); printf("\n"); printf("Runs TPM2_ObjectChangeAuth\n"); printf("\n"); printf("\t-hp parent handle\n"); printf("\t-ho object handle\n"); printf("\t-pwdo password for object (default empty)\n"); printf("\t-pwdn new password for object (default empty)\n"); printf("\t[-opr private key file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/objecttemplates.h0000644000175000017500000000746013115776262013702 0ustar lo1lo1/********************************************************************************/ /* */ /* Object Templates */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: objecttemplates.h 1015 2017-06-07 13:16:34Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #ifndef OBJECTTEMPLATES_H #define OBJECTTEMPLATES_H /* object type */ #define TYPE_BL 1 #define TYPE_ST 2 #define TYPE_DEN 3 #define TYPE_DEO 4 #define TYPE_SI 5 #define TYPE_SIR 6 #define TYPE_GP 7 #define TYPE_DES 8 #define TYPE_KH 9 #define TYPE_DP 10 #define TYPE_DAA 11 #define TYPE_DAAR 12 #ifdef __cplusplus extern "C" { #endif TPM_RC asymPublicTemplate(TPMT_PUBLIC *publicArea, TPMA_OBJECT addObjectAttributes, TPMA_OBJECT deleteObjectAttributes, int type, TPMI_ALG_PUBLIC algPublic, TPMI_ECC_CURVE curveID, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *policyFilename); TPM_RC symmetricCipherTemplate(TPMT_PUBLIC *publicArea, TPMA_OBJECT addObjectAttributes, TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, int rev116, const char *policyFilename); TPM_RC keyedHashPublicTemplate(TPMT_PUBLIC *publicArea, TPMA_OBJECT addObjectAttributes, TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *policyFilename); TPM_RC derivationParentPublicTemplate(TPMT_PUBLIC *publicArea, TPMA_OBJECT addObjectAttributes, TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, TPMI_ALG_HASH halg, const char *policyFilename); TPM_RC blPublicTemplate(TPMT_PUBLIC *publicArea, TPMA_OBJECT addObjectAttributes, TPMA_OBJECT deleteObjectAttributes, TPMI_ALG_HASH nalg, const char *policyFilename); void printUsageTemplate(void); TPM_RC getPolicy(TPMT_PUBLIC *publicArea, const char *policyFilename); #ifdef __cplusplus } #endif #endif ./utils/rsaencrypt.c0000644000175000017500000001511513075204375012672 0ustar lo1lo1/********************************************************************************/ /* */ /* RSA_Encrypt */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: rsaencrypt.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printRsaEncrypt(RSA_Encrypt_Out *out); static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; RSA_Encrypt_In in; RSA_Encrypt_Out out; TPMI_DH_OBJECT keyHandle = 0; const char *decryptFilename = NULL; const char *encryptFilename = NULL; uint16_t written = 0; size_t length = 0; uint8_t *buffer = NULL; /* for the free */ uint8_t *buffer1 = NULL; /* for marshaling */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i MAX_RSA_KEY_BYTES) { printf("Input data too long %u\n", (unsigned int)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { /* Handle of key that will perform rsaencrypting */ in.keyHandle = keyHandle; /* Table 158 - Definition of {RSA} TPM2B_PUBLIC_KEY_RSA Structure */ { in.message.t.size = length; memcpy(in.message.t.buffer, buffer, length); } /* padding scheme */ { /* Table 157 - Definition of {RSA} TPMT_RSA_DECRYPT Structure */ in.inScheme.scheme = TPM_ALG_NULL; } /* label */ { /* Table 73 - Definition of TPM2B_DATA Structure */ in.label.t.size = 0; } } free (buffer); buffer = NULL; /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_RSA_Encrypt, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (encryptFilename != NULL)) { written = 0; rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&out.outData, &written, NULL, NULL); } if ((rc == 0) && (encryptFilename != NULL)) { buffer = realloc(buffer, written); buffer1 = buffer; written = 0; rc = TSS_TPM2B_PUBLIC_KEY_RSA_Marshal(&out.outData, &written, &buffer1, NULL); } if ((rc == 0) && (encryptFilename != NULL)) { rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t), written - sizeof(uint16_t), encryptFilename); } free(buffer); if (rc == 0) { if (verbose) printRsaEncrypt(&out); if (verbose) printf("rsaencrypt: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("rsaencrypt: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printRsaEncrypt(RSA_Encrypt_Out *out) { TSS_PrintAll("outData", out->outData.t.buffer, out->outData.t.size); } static void printUsage(void) { printf("\n"); printf("rsaencrypt\n"); printf("\n"); printf("Runs TPM2_RSA_Encrypt\n"); printf("\n"); printf("\t-hk key handle\n"); printf("\t-id decrypt file name\n"); printf("\t[-oe encrypt file name (default do not save)]\n"); exit(1); } ./utils/createloaded.c0000644000175000017500000003733113077741042013117 0ustar lo1lo1/********************************************************************************/ /* */ /* Create Loaded */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id$ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include "objecttemplates.h" #include "cryptoutils.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; CreateLoaded_In in; CreateLoaded_Out out; TPMT_PUBLIC publicArea; TPMI_DH_OBJECT parentHandle = 0; TPMA_OBJECT addObjectAttributes; TPMA_OBJECT deleteObjectAttributes; int derived = FALSE; int keyType = 0; uint32_t keyTypeSpecified = 0; int rev116 = FALSE; TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; TPMI_ECC_CURVE curveID = TPM_ECC_NONE; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_ALG_HASH nalg = TPM_ALG_SHA256; const char *policyFilename = NULL; const char *publicKeyFilename = NULL; const char *privateKeyFilename = NULL; const char *pemFilename = NULL; const char *dataFilename = NULL; const char *keyPassword = NULL; const char *parentPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ addObjectAttributes.val = 0; addObjectAttributes.val |= TPMA_OBJECT_NODA; deleteObjectAttributes.val = 0; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (parentHandle == 0) { printf("Missing handle parameter -hp\n"); printUsage(); } if (keyTypeSpecified != 1) { printf("Missing key attributes\n"); printUsage(); } switch (keyType) { case TYPE_BL: if (dataFilename == NULL) { printf("-bl needs -if (sealed data object needs data to seal)\n"); printUsage(); } break; case TYPE_ST: case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_GP: if (dataFilename != NULL) { printf("asymmetric key cannot have -if (sensitive data)\n"); printUsage(); } case TYPE_DES: case TYPE_KH: case TYPE_DP: /* inSensitive optional for symmetric keys */ break; } if (rc == 0) { in.parentHandle = parentHandle; } /* Table 134 - Definition of TPM2B_SENSITIVE_CREATE inSensitive */ if (rc == 0) { /* Table 133 - Definition of TPMS_SENSITIVE_CREATE Structure sensitive */ /* Table 75 - Definition of Types for TPM2B_AUTH userAuth */ if (keyPassword == NULL) { in.inSensitive.sensitive.userAuth.t.size = 0; } else { rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b, keyPassword, sizeof(TPMU_HA)); } } if (rc == 0) { /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */ if (dataFilename != NULL) { rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b, MAX_SYM_DATA, dataFilename); } else { in.inSensitive.sensitive.data.t.size = 0; } } /* TPM2B_PUBLIC */ if (rc == 0) { switch (keyType) { case TYPE_BL: rc = blPublicTemplate(&publicArea, addObjectAttributes, deleteObjectAttributes, nalg, policyFilename); break; case TYPE_ST: case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_GP: rc = asymPublicTemplate(&publicArea, addObjectAttributes, deleteObjectAttributes, keyType, algPublic, curveID, nalg, halg, policyFilename); break; case TYPE_DES: rc = symmetricCipherTemplate(&publicArea, addObjectAttributes, deleteObjectAttributes, nalg, rev116, policyFilename); break; case TYPE_KH: rc = keyedHashPublicTemplate(&publicArea, addObjectAttributes, deleteObjectAttributes, nalg, halg, policyFilename); break; case TYPE_DP: rc = derivationParentPublicTemplate(&publicArea, addObjectAttributes, deleteObjectAttributes, nalg, halg, policyFilename); } } /* marshal the TPMT_PUBLIC into the TPM2B_TEMPLATE */ if (rc == 0) { uint16_t written = 0; int32_t size = sizeof(in.inPublic.t.buffer); uint8_t *buffer = in.inPublic.t.buffer; if (!derived) { rc = TSS_TPMT_PUBLIC_Marshal(&publicArea, &written, &buffer, &size); } else { /* derived key has extra context parameter */ publicArea.unique.derive.context.t.size = 0; /* sensitiveDataOrigin has to be CLEAR in a derived object */ publicArea.objectAttributes.val &= ~TPMA_OBJECT_SENSITIVEDATAORIGIN; rc = TSS_TPMT_PUBLIC_D_Marshal(&publicArea, &written, &buffer, &size); } in.inPublic.t.size = written; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_CreateLoaded, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* save the private key */ if ((rc == 0) && (privateKeyFilename != NULL)) { rc = TSS_File_WriteStructure(&out.outPrivate, (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal, privateKeyFilename); } /* save the public key */ if ((rc == 0) && (publicKeyFilename != NULL)) { rc = TSS_File_WriteStructure(&out.outPublic, (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal, publicKeyFilename); } /* save the optional PEM public key */ if ((rc == 0) && (pemFilename != NULL)) { rc = convertPublicToPEM(&out.outPublic, pemFilename); } if (rc == 0) { printf("Handle %08x\n", out.objectHandle); if (verbose) printf("createloaded: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("createloaded: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("createloaded\n"); printf("\n"); printf("Runs TPM2_CreateLoaded\n"); printf("\n"); printf("\t-hp parent handle (can be hierarchy)\n"); printf("\t\t40000001 Owner\n"); printf("\t\t4000000c Platform\n"); printf("\t\t4000000b Endorsement\n"); printf("\n"); printUsageTemplate(); printf("\n"); printf("\t[-der object's parent is a derivation parent]\n"); printf("\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-pwdp password for parent key (default empty)]\n"); printf("\n"); printf("\t[-opu public key file name (default do not save)]\n"); printf("\t[-opr private key file name (default do not save)]\n"); printf("\t[-opem public key PEM format file name (default do not save)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/makefile.debian0000644000175000017500000004767613133210700013256 0ustar lo1lo1################################################################################ # # # Linux TPM2 Utilities Makefile - for Debian source RPM ONLY! # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile.debian 1045 2017-07-17 19:36:32Z kgoldman $ # # # # (c) Copyright IBM Corporation 2017 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # The Debian source RPM spec file uses 'makefile.debian' to # accommodate Fedora-specific build requirements. If you are building # directly from the source tree, use 'makefile.' # C compiler CC = /usr/bin/gcc # compile - common flags for TSS library and applications CCFLAGS += -DTPM_POSIX # example of pointing to a locally built openssl 1.1 # CCFLAGS += -I/home/kgold/openssl-1.1.0c/include # compile - for TSS library # include the hardening flag PIC needed for compiling for dynamic # linking CCLFLAGS += -I. -DTPM_TSS \ -fPIC # to compile out printf's. Regression test will fail because it tries # to print a structure -DTPM_NO_PRINT # example of changing the default interface type # -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" # compile - for applications # include the hardening flag PIE needed for compiling for # static linking CCAFLAGS += -I. \ -fPIE # link - common flags flags TSS library and applications LNFLAGS += -DTPM_POSIX \ -L. # This seems to be required on some Ubuntu distros due to an issue with the gold linker # -fuse-ld=bfd # example of pointing to a locally built openssl 1.1 # LNFLAGS += -L/home/kgold/openssl-1.1.0c # This also requires setting the environment variable LD_LIBRARY_PATH. E.g., # setenv LD_LIBRARY_PATH ${LD_LIBRARY_PATH}:/home/kgold/openssl-1.1.0c # link - for TSS library # hardening flags for linking shared objects LNLFLAGS += -shared -Wl,-z,now # This is an alternative to using the bfd linker on Ubuntu LNLLIBS += -lcrypto # link - for applications, TSS path, TSS and OpenSSl libraries # hardening flags for linking executables LNAFLAGS += -pie -Wl,-z,now LNALIBS += -ltss -lcrypto # shared library # versioned shared library LIBTSSVERSIONED=libtss.so.0.1 # soname field of the shared library # which will be made symbolic link to the versioned shared library # this is used to provide version backward-compatibility information LIBTSSSONAME=libtss.so.0 # symbolic link to the versioned shared library # this allows linking to the shared library with '-ltss' os := $(shell uname -o) ifeq ($(os),Cygwin) LIBTSS=libtss.dll else LIBTSS=libtss.so endif # executable extension EXE = # TSS_HEADERS= # default TSS library TSS_OBJS = tssfile.o \ tsscryptoh.o \ tsscrypto.o # common to all builds include makefile-common # default build target all: $(ALL) # TSS shared library source tss.o: $(TSS_HEADERS) tss.c $(CC) $(CCFLAGS) $(CCLFLAGS) tss.c tssproperties.o: $(TSS_HEADERS) tssproperties.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssproperties.c tssauth.o: $(TSS_HEADERS) tssauth.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssauth.c tssmarshal.o: $(TSS_HEADERS) tssmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssmarshal.c tsscryptoh.o: $(TSS_HEADERS) tsscryptoh.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscryptoh.c tsscrypto.o: $(TSS_HEADERS) tsscrypto.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsscrypto.c tssutils.o: $(TSS_HEADERS) tssutils.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssutils.c tssfile.o: $(TSS_HEADERS) tssfile.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssfile.c tsssocket.o: $(TSS_HEADERS) tsssocket.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsssocket.c tssdev.o: $(TSS_HEADERS) tssdev.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssdev.c tsstransmit.o: $(TSS_HEADERS) tsstransmit.c $(CC) $(CCFLAGS) $(CCLFLAGS) tsstransmit.c tssresponsecode.o: $(TSS_HEADERS) tssresponsecode.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssresponsecode.c tssccattributes.o: $(TSS_HEADERS) tssccattributes.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssccattributes.c fail.o: $(TSS_HEADERS) fail.c $(CC) $(CCFLAGS) $(CCLFLAGS) fail.c tssprint.o: $(TSS_HEADERS) tssprint.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssprint.c Unmarshal.o: $(TSS_HEADERS) Unmarshal.c $(CC) $(CCFLAGS) $(CCLFLAGS) Unmarshal.c Commands.o: $(TSS_HEADERS) Commands.c $(CC) $(CCFLAGS) $(CCLFLAGS) Commands.c CommandAttributeData.o: $(TSS_HEADERS) CommandAttributeData.c $(CC) $(CCFLAGS) $(CCLFLAGS) CommandAttributeData.c ntc2lib.o: $(TSS_HEADERS) ntc2lib.c $(CC) $(CCFLAGS) $(CCLFLAGS) ntc2lib.c tssntc.o: $(TSS_HEADERS) tssntc.c $(CC) $(CCFLAGS) $(CCLFLAGS) tssntc.c # TSS shared library build $(LIBTSS): $(TSS_OBJS) $(CC) $(LNFLAGS) $(LNLFLAGS) -Wl,-soname,$(LIBTSSSONAME) -o $(LIBTSSVERSIONED) $(TSS_OBJS) $(LNLLIBS) rm -f $(LIBTSSSONAME) ln -sf $(LIBTSSVERSIONED) $(LIBTSSSONAME) rm -f $(LIBTSS) ln -sf $(LIBTSSSONAME) $(LIBTSS) .PHONY: clean .PRECIOUS: %.o clean: rm -f *.o *~ \ h*.bin \ rm -f $(LIBTSSSONAME) \ rm -f $(LIBTSSVERSIONED) \ $(ALL) # applications activatecredential: tss2/tss.h activatecredential.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) activatecredential.o $(LNALIBS) -o activatecredential eventextend: eventextend.o eventlib.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eventextend.o eventlib.o $(LNALIBS) -o eventextend imaextend: imaextend.o imalib.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) imaextend.o imalib.o $(LNALIBS) -o imaextend certify: tss2/tss.h certify.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) certify.o $(LNALIBS) -o certify certifycreation: tss2/tss.h certifycreation.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) certifycreation.o $(LNALIBS) -o certifycreation changeeps: tss2/tss.h changeeps.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) changeeps.o $(LNALIBS) -o changeeps changepps: tss2/tss.h changepps.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) changepps.o $(LNALIBS) -o changepps clear: tss2/tss.h clear.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clear.o $(LNALIBS) -o clear clearcontrol: tss2/tss.h clearcontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clearcontrol.o $(LNALIBS) -o clearcontrol clockrateadjust: tss2/tss.h clockrateadjust.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clockrateadjust.o $(LNALIBS) -o clockrateadjust clockset: tss2/tss.h clockset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) clockset.o $(LNALIBS) -o clockset commit: tss2/tss.h commit.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) commit.o $(LNALIBS) -o commit contextload: tss2/tss.h contextload.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) contextload.o $(LNALIBS) -o contextload contextsave: tss2/tss.h contextsave.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) contextsave.o $(LNALIBS) -o contextsave create: tss2/tss.h create.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) create.o objecttemplates.o cryptoutils.o $(LNALIBS) -o create createloaded: tss2/tss.h createloaded.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createloaded.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createloaded createprimary: tss2/tss.h createprimary.o objecttemplates.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createprimary.o objecttemplates.o cryptoutils.o $(LNALIBS) -o createprimary dictionaryattacklockreset: tss2/tss.h dictionaryattacklockreset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattacklockreset.o $(LNALIBS) -o dictionaryattacklockreset dictionaryattackparameters: tss2/tss.h dictionaryattackparameters.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) dictionaryattackparameters.o $(LNALIBS) -o dictionaryattackparameters duplicate: tss2/tss.h duplicate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) duplicate.o $(LNALIBS) -o duplicate eccparameters: tss2/tss.h eccparameters.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eccparameters.o $(LNALIBS) -o eccparameters ecephemeral: tss2/tss.h ecephemeral.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ecephemeral.o $(LNALIBS) -o ecephemeral encryptdecrypt: tss2/tss.h encryptdecrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) encryptdecrypt.o $(LNALIBS) -o encryptdecrypt eventsequencecomplete: tss2/tss.h eventsequencecomplete.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) eventsequencecomplete.o $(LNALIBS) -o eventsequencecomplete evictcontrol: tss2/tss.h evictcontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) evictcontrol.o $(LNALIBS) -o evictcontrol flushcontext: tss2/tss.h flushcontext.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) flushcontext.o $(LNALIBS) -o flushcontext getcommandauditdigest: tss2/tss.h getcommandauditdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getcommandauditdigest.o $(LNALIBS) -o getcommandauditdigest getcapability: tss2/tss.h getcapability.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getcapability.o $(LNALIBS) -o getcapability getrandom: tss2/tss.h getrandom.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getrandom.o $(LNALIBS) -o getrandom getsessionauditdigest: tss2/tss.h getsessionauditdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) getsessionauditdigest.o $(LNALIBS) -o getsessionauditdigest gettime: tss2/tss.h gettime.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) gettime.o $(LNALIBS) -o gettime hashsequencestart: tss2/tss.h hashsequencestart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hashsequencestart.o $(LNALIBS) -o hashsequencestart hash: tss2/tss.h hash.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hash.o $(LNALIBS) -o hash hierarchycontrol: tss2/tss.h hierarchycontrol.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchycontrol.o $(LNALIBS) -o hierarchycontrol hierarchychangeauth: tss2/tss.h hierarchychangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hierarchychangeauth.o $(LNALIBS) -o hierarchychangeauth hmac: tss2/tss.h hmac.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hmac.o $(LNALIBS) -o hmac hmacstart: tss2/tss.h hmacstart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) hmacstart.o $(LNALIBS) -o hmacstart import: tss2/tss.h import.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) import.o $(LNALIBS) -o import importpem: tss2/tss.h importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) importpem.o objecttemplates.o ekutils.o cryptoutils.o $(LNALIBS) -o importpem load: tss2/tss.h load.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) load.o $(LNALIBS) -o load loadexternal: tss2/tss.h loadexternal.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) loadexternal.o cryptoutils.o ekutils.o $(LNALIBS) -o loadexternal makecredential: tss2/tss.h makecredential.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) makecredential.o $(LNALIBS) -o makecredential nvcertify: tss2/tss.h nvcertify.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvcertify.o $(LNALIBS) -o nvcertify nvchangeauth: tss2/tss.h nvchangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvchangeauth.o $(LNALIBS) -o nvchangeauth nvdefinespace: tss2/tss.h nvdefinespace.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvdefinespace.o $(LNALIBS) -o nvdefinespace nvextend: tss2/tss.h nvextend.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvextend.o $(LNALIBS) -o nvextend nvglobalwritelock: tss2/tss.h nvglobalwritelock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvglobalwritelock.o $(LNALIBS) -o nvglobalwritelock nvincrement: tss2/tss.h nvincrement.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvincrement.o $(LNALIBS) -o nvincrement nvread: tss2/tss.h nvread.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvread.o cryptoutils.o ekutils.o $(LNALIBS) -o nvread nvreadlock: tss2/tss.h nvreadlock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadlock.o $(LNALIBS) -o nvreadlock nvreadpublic: tss2/tss.h nvreadpublic.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvreadpublic.o $(LNALIBS) -o nvreadpublic nvsetbits: tss2/tss.h nvsetbits.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvsetbits.o $(LNALIBS) -o nvsetbits nvundefinespace: tss2/tss.h nvundefinespace.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespace.o $(LNALIBS) -o nvundefinespace nvundefinespacespecial: tss2/tss.h nvundefinespacespecial.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvundefinespacespecial.o $(LNALIBS) -o nvundefinespacespecial nvwrite: tss2/tss.h nvwrite.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvwrite.o cryptoutils.o ekutils.o $(LNALIBS) -o nvwrite nvwritelock: tss2/tss.h nvwritelock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) nvwritelock.o $(LNALIBS) -o nvwritelock objectchangeauth: tss2/tss.h objectchangeauth.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) objectchangeauth.o $(LNALIBS) -o objectchangeauth pcrallocate: tss2/tss.h pcrallocate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrallocate.o $(LNALIBS) -o pcrallocate pcrevent: tss2/tss.h pcrevent.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrevent.o $(LNALIBS) -o pcrevent pcrextend: tss2/tss.h pcrextend.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrextend.o $(LNALIBS) -o pcrextend pcrread: tss2/tss.h pcrread.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrread.o $(LNALIBS) -o pcrread pcrreset: tss2/tss.h pcrreset.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) pcrreset.o $(LNALIBS) -o pcrreset policyauthorize: tss2/tss.h policyauthorize.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorize.o $(LNALIBS) -o policyauthorize policyauthvalue: tss2/tss.h policyauthvalue.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthvalue.o $(LNALIBS) -o policyauthvalue policycommandcode: tss2/tss.h policycommandcode.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycommandcode.o $(LNALIBS) -o policycommandcode policycphash: tss2/tss.h policycphash.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycphash.o $(LNALIBS) -o policycphash policycountertimer : tss2/tss.h policycountertimer.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policycountertimer.o $(LNALIBS) -o policycountertimer policygetdigest: tss2/tss.h policygetdigest.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policygetdigest.o $(LNALIBS) -o policygetdigest policymaker: tss2/tss.h policymaker.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policymaker.o $(LNALIBS) -o policymaker policymakerpcr: tss2/tss.h policymakerpcr.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policymakerpcr.o $(LNALIBS) -o policymakerpcr policyauthorizenv: tss2/tss.h policyauthorizenv.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyauthorizenv.o $(LNALIBS) -o policyauthorizenv policynv: tss2/tss.h policynv.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policynv.o $(LNALIBS) -o policynv policynvwritten: tss2/tss.h policynvwritten.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policynvwritten.o $(LNALIBS) -o policynvwritten policyor: tss2/tss.h policyor.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyor.o $(LNALIBS) -o policyor policypassword: tss2/tss.h policypassword.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policypassword.o $(LNALIBS) -o policypassword policypcr: tss2/tss.h policypcr.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policypcr.o $(LNALIBS) -o policypcr policyrestart: tss2/tss.h policyrestart.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyrestart.o $(LNALIBS) -o policyrestart policysigned: tss2/tss.h policysigned.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policysigned.o $(LNALIBS) -o policysigned policysecret: tss2/tss.h policysecret.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policysecret.o $(LNALIBS) -o policysecret policytemplate: tss2/tss.h policytemplate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policytemplate.o $(LNALIBS) -o policytemplate policyticket: tss2/tss.h policyticket.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) policyticket.o $(LNALIBS) -o policyticket quote: tss2/tss.h quote.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) quote.o $(LNALIBS) -o quote powerup: tss2/tss.h powerup.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) powerup.o $(LNALIBS) -o powerup readclock: tss2/tss.h readclock.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) readclock.o $(LNALIBS) -o readclock readpublic: tss2/tss.h readpublic.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) readpublic.o cryptoutils.o $(LNALIBS) -o readpublic returncode: tss2/tss.h returncode.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) returncode.o $(LNALIBS) -o returncode rewrap: tss2/tss.h rewrap.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rewrap.o $(LNALIBS) -o rewrap rsadecrypt: tss2/tss.h rsadecrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rsadecrypt.o $(LNALIBS) -o rsadecrypt rsaencrypt: tss2/tss.h rsaencrypt.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) rsaencrypt.o $(LNALIBS) -o rsaencrypt sequenceupdate: tss2/tss.h sequenceupdate.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sequenceupdate.o $(LNALIBS) -o sequenceupdate sequencecomplete: tss2/tss.h sequencecomplete.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sequencecomplete.o $(LNALIBS) -o sequencecomplete setprimarypolicy: tss2/tss.h setprimarypolicy.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) setprimarypolicy.o $(LNALIBS) -o setprimarypolicy shutdown: tss2/tss.h shutdown.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) shutdown.o $(LNALIBS) -o shutdown sign: tss2/tss.h sign.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) sign.o $(LNALIBS) -o sign startauthsession: tss2/tss.h startauthsession.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) startauthsession.o $(LNALIBS) -o startauthsession startup: tss2/tss.h startup.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) startup.o $(LNALIBS) -o startup stirrandom: tss2/tss.h stirrandom.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) stirrandom.o $(LNALIBS) -o stirrandom unseal: tss2/tss.h unseal.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) unseal.o $(LNALIBS) -o unseal verifysignature: tss2/tss.h verifysignature.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) verifysignature.o cryptoutils.o $(LNALIBS) -o verifysignature signapp: tss2/tss.h signapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) signapp.o ekutils.o cryptoutils.o $(LNALIBS) -o signapp writeapp: tss2/tss.h writeapp.o ekutils.o cryptoutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) writeapp.o ekutils.o cryptoutils.o $(LNALIBS) -o writeapp timepacket: tss2/tss.h timepacket.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) timepacket.o $(LNALIBS) -o timepacket createek: createek.o cryptoutils.o ekutils.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) createek.o cryptoutils.o ekutils.o $(LNALIBS) -o createek ntc2getconfig: ntc2getconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2getconfig.o $(LNALIBS) -o ntc2getconfig ntc2preconfig: ntc2preconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2preconfig.o $(LNALIBS) -o ntc2preconfig ntc2lockconfig: ntc2lockconfig.o $(LIBTSS) $(CC) $(LNFLAGS) $(LNAFLAGS) ntc2lockconfig.o $(LNALIBS) -o ntc2lockconfig # for applications, not for TSS library %.o: %.c tss2/tss.h $(CC) $(CCFLAGS) $(CCAFLAGS) $< -o $@ ./utils/tssprint.c0000644000175000017500000006673113063767535012411 0ustar lo1lo1/********************************************************************************/ /* */ /* Structure Print and Scan Utilities */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: tssprint.c 970 2017-03-20 15:03:57Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include #include #include #include extern int tssVerbose; #ifdef TPM_NO_PRINT /* false to compile out printf */ int tssSwallowRc = 0; /* function prototype to match the printf prototype */ int TSS_SwallowPrintf(const char *format, ...) { format = format; return 0; } #endif /* TSS_Array_Scan() converts a string to a binary array */ uint32_t TSS_Array_Scan(unsigned char **data, /* output binary, freed by caller */ size_t *len, const char *string) /* input string */ { uint32_t rc = 0; size_t strLength; if (rc == 0) { strLength = strlen(string); if ((strLength %2) != 0) { if (tssVerbose) printf("TSS_Array_Scan: Error, string length %lu is not even\n", (unsigned long)strLength); rc = TSS_RC_BAD_PROPERTY_VALUE; } } if (rc == 0) { *len = strLength / 2; /* safe because already tested for even number of bytes */ rc = TSS_Malloc(data, (*len) + 8); } if (rc == 0) { unsigned int i; for (i = 0 ; i < *len ; i++) { unsigned int tmpint; int irc = sscanf(string + (2*i), "%2x", &tmpint); *((*data)+i) = tmpint; if (irc != 1) { if (tssVerbose) printf("TSS_Array_Scan: invalid hexascii\n"); rc = TSS_RC_BAD_PROPERTY_VALUE; } } } return rc; } /* TSS_PrintAll() prints 'string', the length, and then the entire byte array */ void TSS_PrintAll(const char *string, const unsigned char* buff, uint32_t length) { TSS_PrintAlli(string, 1, buff, length); } /* TSS_PrintAlli() prints 'string', the length, and then the entire byte array Each line indented 'indent' spaces. */ void TSS_PrintAlli(const char *string, unsigned int indent, const unsigned char* buff, uint32_t length) { uint32_t i; if (buff != NULL) { printf("%*s" "%s length %u\n" "%*s", indent, "", string, length, indent, ""); for (i = 0 ; i < length ; i++) { if (i && !( i % 16 )) { printf("\n" "%*s", indent, ""); } printf("%.2x ",buff[i]); } printf("\n"); } else { printf("%*s" "%s null\n", indent, "", string); } return; } /* Table 9 - Definition of (UINT16) TPM_ALG_ID Constants */ void TSS_TPM_ALG_ID_Print(TPM_ALG_ID source, unsigned int indent) { switch (source) { case ALG_RSA_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_RSA\n", indent, ""); break; case ALG_TDES_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_TDES\n", indent, ""); break; case ALG_SHA1_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SHA1\n", indent, ""); break; case ALG_HMAC_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_HMAC\n", indent, ""); break; case ALG_AES_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_AES\n", indent, ""); break; case ALG_MGF1_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_MGF1\n", indent, ""); break; case ALG_KEYEDHASH_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_KEYEDHASH\n", indent, ""); break; case ALG_XOR_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_XOR\n", indent, ""); break; case ALG_SHA256_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SHA256\n", indent, ""); break; case ALG_SHA384_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SHA384\n", indent, ""); break; case ALG_SHA512_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SHA512\n", indent, ""); break; case ALG_NULL_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_NULL\n", indent, ""); break; case ALG_SM3_256_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SM3_256\n", indent, ""); break; case ALG_SM4_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SM4\n", indent, ""); break; case ALG_RSASSA_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_RSASSA\n", indent, ""); break; case ALG_RSAES_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_RSAES\n", indent, ""); break; case ALG_RSAPSS_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_RSAPSS\n", indent, ""); break; case ALG_OAEP_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_OAEP\n", indent, ""); break; case ALG_ECDSA_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_ECDSA\n", indent, ""); break; case ALG_ECDH_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_ECDH\n", indent, ""); break; case ALG_ECDAA_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_ECDAA\n", indent, ""); break; case ALG_SM2_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SM2\n", indent, ""); break; case ALG_ECSCHNORR_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_ECSCHNORR\n", indent, ""); break; case ALG_ECMQV_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_ECMQV\n", indent, ""); break; case ALG_KDF1_SP800_56A_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_KDF1_SP800_56A\n", indent, ""); break; case ALG_KDF2_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_KDF2\n", indent, ""); break; case ALG_KDF1_SP800_108_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_KDF1_SP800_108\n", indent, ""); break; case ALG_ECC_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_ECC\n", indent, ""); break; case ALG_SYMCIPHER_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_SYMCIPHER\n", indent, ""); break; case ALG_CAMELLIA_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_CAMELLIA\n", indent, ""); break; case ALG_CTR_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_CTR\n", indent, ""); break; case ALG_OFB_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_OFB\n", indent, ""); break; case ALG_CBC_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_CBC\n", indent, ""); break; case ALG_CFB_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_CFB\n", indent, ""); break; case ALG_ECB_VALUE: printf("%*s" "TPM_ALG_ID TPM_ALG_ECB\n", indent, ""); break; default: printf("%*s" "TPM_ALG_ID algorithm %04hx unknown\n", indent, "", source); } return; } /* Table 30 - Definition of (UINT32) TPMA_ALGORITHM Bits */ void TSS_TPM_TPMA_ALGORITHM_Print(TPMA_ALGORITHM source, unsigned int indent) { if (source.val &TPMA_ALGORITHM_ASYMMETRIC) printf("%*s" "TPMA_ALGORITHM: asymmetric\n", indent, ""); if (source.val &TPMA_ALGORITHM_SYMMETRIC) printf("%*s" "TPMA_ALGORITHM: symmetric\n", indent, ""); if (source.val &TPMA_ALGORITHM_HASH) printf("%*s" "TPMA_ALGORITHM: hash\n", indent, ""); if (source.val &TPMA_ALGORITHM_OBJECT) printf("%*s" "TPMA_ALGORITHM: object\n", indent, ""); if (source.val &TPMA_ALGORITHM_SIGNING) printf("%*s" "TPMA_ALGORITHM: signing\n", indent, ""); if (source.val &TPMA_ALGORITHM_ENCRYPTING) printf("%*s" "TPMA_ALGORITHM: encrypting\n", indent, ""); if (source.val &TPMA_ALGORITHM_METHOD) printf("%*s" "TPMA_ALGORITHM: method\n", indent, ""); return; } /* Table 32 - Definition of (UINT32) TPMA_OBJECT Bits */ void TSS_TPMA_OBJECT_Print(TPMA_OBJECT source, unsigned int indent) { if (source.val & TPMA_OBJECT_FIXEDTPM) printf("%*s" "TPMA_OBJECT: fixedTpm\n", indent, ""); if (source.val & TPMA_OBJECT_STCLEAR) printf("%*s" "TPMA_OBJECT: stClear\n", indent, ""); if (source.val & TPMA_OBJECT_FIXEDPARENT) printf("%*s" "TPMA_OBJECT: fixedParent\n", indent, ""); if (source.val & TPMA_OBJECT_SENSITIVEDATAORIGIN) printf("%*s" "TPMA_OBJECT: sensitiveDataOrigin\n", indent, ""); if (source.val & TPMA_OBJECT_USERWITHAUTH) printf("%*s" "TPMA_OBJECT: userWithAuth\n", indent, ""); if (source.val & TPMA_OBJECT_ADMINWITHPOLICY) printf("%*s" "TPMA_OBJECT: adminWithPolicy\n", indent, ""); if (source.val & TPMA_OBJECT_NODA) printf("%*s" "TPMA_OBJECT: noDA\n", indent, ""); if (source.val & TPMA_OBJECT_ENCRYPTEDDUPLICATION) printf("%*s" "TPMA_OBJECT: encryptedDuplication\n", indent, ""); if (source.val & TPMA_OBJECT_RESTRICTED) printf("%*s" "TPMA_OBJECT: restricted\n", indent, ""); if (source.val & TPMA_OBJECT_DECRYPT) printf("%*s" "TPMA_OBJECT: decrypt\n", indent, ""); if (source.val & TPMA_OBJECT_SIGN) printf("%*s" "TPMA_OBJECT: sign\n", indent, ""); return; } /* Table 85 - Definition of TPMS_PCR_SELECTION Structure */ void TSS_TPMS_PCR_SELECTION_Print(TPMS_PCR_SELECTION *source, unsigned int indent) { TSS_TPM_ALG_ID_Print(source->hash, indent+2); TSS_PrintAlli("TPMS_PCR_SELECTION", indent+2, source->pcrSelect, source->sizeofSelect); return; } /* Table 102 - Definition of TPML_PCR_SELECTION Structure */ void TSS_TPML_PCR_SELECTION_Print(TPML_PCR_SELECTION *source, unsigned int indent) { uint32_t i; printf("%*s" "TPML_PCR_SELECTION count %u\n", indent, "", source->count); for (i = 0 ; (i < source->count) ; i++) { TSS_TPMS_PCR_SELECTION_Print(&source->pcrSelections[i], indent); } return; } /* Table 109 - Definition of TPMS_CLOCK_INFO Structure */ void TSS_TPMS_CLOCK_INFO_Print(TPMS_CLOCK_INFO *source, unsigned int indent) { printf("%*s" "TPMS_CLOCK_INFO clock %"PRIu64"\n", indent, "", source->clock); printf("%*s" "TPMS_CLOCK_INFO resetCount %u\n", indent, "", source->resetCount); printf("%*s" "TPMS_CLOCK_INFO restartCount %u\n", indent, "", source->restartCount); printf("%*s" "TPMS_CLOCK_INFO safe %x\n", indent, "", source->safe); return; } /* Table 110 - Definition of TPMS_TIME_INFO Structure */ void TSS_TPMS_TIME_INFO_Print(TPMS_TIME_INFO *source, unsigned int indent) { printf("%*s" "TPMS_TIME_INFO time %"PRIu64"\n", indent, "", source->time); TSS_TPMS_CLOCK_INFO_Print(&source->clockInfo, indent+2); return; } /* Table 111 - Definition of TPMS_TIME_ATTEST_INFO Structure */ void TSS_TPMS_TIME_ATTEST_INFO_Print(TPMS_TIME_ATTEST_INFO *source, unsigned int indent) { TSS_TPMS_TIME_INFO_Print(&source->time, indent+2); printf("%*s" "TPMS_TIME_ATTEST_INFO firmwareVersion %"PRIu64"\n", indent, "", source->firmwareVersion); return; } /* Table 112 - Definition of TPMS_CERTIFY_INFO Structure */ void TSS_TPMS_CERTIFY_INFO_Print(TPMS_CERTIFY_INFO *source, unsigned int indent) { TSS_PrintAlli("TPMS_CERTIFY_INFO name", indent, source->name.b.buffer, source->name.b.size); TSS_PrintAlli("TPMS_CERTIFY_INFO qualifiedName", indent, source->qualifiedName.b.buffer, source->qualifiedName.b.size); return; } /* Table 113 - Definition of TPMS_QUOTE_INFO Structure */ void TSS_TPMS_QUOTE_INFO_Print(TPMS_QUOTE_INFO *source, unsigned int indent) { TSS_TPML_PCR_SELECTION_Print(&source->pcrSelect, indent+2); TSS_PrintAlli("TPMS_QUOTE_INFO pcrDigest", indent+2, source->pcrDigest.b.buffer, source->pcrDigest.b.size); return; } /* Table 2:118 - Definition of TPMS_SESSION_AUDIT_INFO Structure */ void TSS_TPMS_SESSION_AUDIT_INFO_Print(TPMS_SESSION_AUDIT_INFO *source, unsigned int indent) { printf("%*s" "TPMS_SESSION_AUDIT_INFO exclusiveSession %d\n", indent, "", source->exclusiveSession); TSS_PrintAlli("TPMS_SESSION_AUDIT_INFO sessionDigest", indent, source->sessionDigest.b.buffer, source->sessionDigest.b.size); return; } /* Table 2:119 - Definition of TPMS_CREATION_INFO Structure */ void TSS_TPMS_CREATION_INFO_Print(TPMS_CREATION_INFO *source, unsigned int indent) { TSS_PrintAlli("TPMS_CREATION_INFO objectName", indent, source->objectName.b.buffer, source->objectName.b.size); TSS_PrintAlli("TPMS_CREATION_INFO creationHash", indent, source->creationHash.b.buffer, source->creationHash.b.size); return; } /* Table 2:120 - Definition of TPMS_NV_CERTIFY_INFO Structure */ void TSS_TPMS_NV_CERTIFY_INFO_Print(TPMS_NV_CERTIFY_INFO *source, unsigned int indent) { TSS_PrintAlli("TPMS_NV_CERTIFY_INFO indexName", indent, source->indexName.b.buffer, source->indexName.b.size); printf("%*s" "TPMS_NV_CERTIFY_INFO offset %d\n", indent, "", source->offset); TSS_PrintAlli("TPMS_NV_CERTIFY_INFO nvContents", indent, source->nvContents.b.buffer, source->nvContents.b.size); return; } /* Table 121 - Definition of (TPM_ST) TPMI_ST_ATTEST Type */ void TSS_TPMI_ST_ATTEST_Print(TPMI_ST_ATTEST selector, unsigned int indent) { switch (selector) { case TPM_ST_ATTEST_CERTIFY: printf("%*s" "TPMI_ST_ATTEST TPM_ST_ATTEST_CERTIFY\n", indent, ""); break; case TPM_ST_ATTEST_CREATION: printf("%*s" "TPMI_ST_ATTEST TPM_ST_ATTEST_CREATION\n", indent, ""); break; case TPM_ST_ATTEST_QUOTE: printf("%*s" "TPMI_ST_ATTEST TPM_ST_ATTEST_QUOTE\n", indent, ""); break; case TPM_ST_ATTEST_COMMAND_AUDIT: printf("%*s" "TPMI_ST_ATTEST TPM_ST_ATTEST_COMMAND_AUDIT\n", indent, ""); break; case TPM_ST_ATTEST_SESSION_AUDIT: printf("%*s" "TPMI_ST_ATTEST TPM_ST_ATTEST_SESSION_AUDIT\n", indent, ""); break; case TPM_ST_ATTEST_TIME: printf("%*s" "TPMI_ST_ATTEST TPM_ST_ATTEST_TIME\n", indent, ""); break; case TPM_ST_ATTEST_NV: printf("%*s" "TPMI_ST_ATTEST TPM_ST_ATTEST_NV\n", indent, ""); break; default: printf("%*s" "TPMI_ST_ATTEST_Print: selection %04hx not implemented\n", indent, "", selector); } return; } /* Table 122 - Definition of TPMU_ATTEST Union */ void TSS_TPMU_ATTEST_Print(TPMU_ATTEST *source, TPMI_ST_ATTEST selector, unsigned int indent) { switch (selector) { case TPM_ST_ATTEST_CERTIFY: TSS_TPMS_CERTIFY_INFO_Print(&source->certify, indent+2); break; case TPM_ST_ATTEST_CREATION: TSS_TPMS_CREATION_INFO_Print(&source->creation, indent+2); break; case TPM_ST_ATTEST_QUOTE: TSS_TPMS_QUOTE_INFO_Print(&source->quote, indent+2); break; #if 0 case TPM_ST_ATTEST_COMMAND_AUDIT: TSS_TPMS_COMMAND_AUDIT_INFO_Print(&source->commandAudit, indent+2); break; #endif case TPM_ST_ATTEST_SESSION_AUDIT: TSS_TPMS_SESSION_AUDIT_INFO_Print(&source->sessionAudit, indent+2); break; case TPM_ST_ATTEST_TIME: TSS_TPMS_TIME_ATTEST_INFO_Print(&source->time, indent+2); break; case TPM_ST_ATTEST_NV: TSS_TPMS_NV_CERTIFY_INFO_Print(&source->nv, indent+2); break; default: printf("%*s" "TPMU_ATTEST selection %04hx not implemented\n", indent, "", selector); } return; } /* Table 123 - Definition of TPMS_ATTEST Structure */ void TSS_TPMS_ATTEST_Print(TPMS_ATTEST *source, unsigned int indent) { printf("%*s" "TPMS_ATTEST magic %08x\n", indent+2, "", source->magic); TSS_TPMI_ST_ATTEST_Print(source->type, indent+2); TSS_PrintAlli("TPMS_ATTEST extraData", indent+2, source->extraData.b.buffer, source->extraData.b.size); TSS_TPMS_CLOCK_INFO_Print(&source->clockInfo, indent+2); TSS_TPMU_ATTEST_Print(&source->attested, source->type, indent+2); return; } /* Table 124 - Definition of TPM2B_ATTEST Structure */ void TSS_TPM2B_ATTEST_Print(TPM2B_ATTEST *source, unsigned int indent) { TPM_RC rc = 0; TPMS_ATTEST attests; INT32 size; uint8_t *buffer = NULL; /* unmarshal the TPMS_ATTEST from the TPM2B_ATTEST */ if (rc == 0) { buffer = source->t.attestationData; size = source->t.size; rc = TPMS_ATTEST_Unmarshal(&attests, &buffer, &size); } if (rc == 0) { TSS_TPMS_ATTEST_Print(&attests, indent+2); } else { printf("%*s" "TPMS_ATTEST_Unmarshal failed\n", indent, ""); } return; } /* Table 129 - Definition of TPMT_SYM_DEF_OBJECT Structure */ void TSS_TPMT_SYM_DEF_OBJECT_Print(TPMT_SYM_DEF_OBJECT *source, unsigned int indent) { TSS_TPM_ALG_ID_Print(source->algorithm, indent+2); printf("%*s" "TPMU_SYM_KEY_BITS: %u\n", indent, "", source->keyBits.sym); TSS_TPM_ALG_ID_Print(source->mode.sym, indent+2); return; } /* Table 150 - Definition of TPMT_KDF_SCHEME Structure */ void TSS_TPMT_KDF_SCHEME_Print(TPMT_KDF_SCHEME *source, unsigned int indent) { TSS_TPM_ALG_ID_Print(source->scheme, indent+2); if (source->scheme != TPM_ALG_NULL) { TSS_TPM_ALG_ID_Print(source->details.mgf1.hashAlg, indent+2); } return; } /* Table 155 - Definition of {RSA} TPMT_RSA_SCHEME Structure */ void TSS_TPMT_RSA_SCHEME_Print(TPMT_RSA_SCHEME *source, unsigned int indent) { TSS_TPM_ALG_ID_Print(source->scheme, indent+2); if (source->scheme != TPM_ALG_NULL) { TSS_TPM_ALG_ID_Print(source->details.anySig.hashAlg, indent+2); } return; } /* Table 159 - Definition of {RSA} (TPM_KEY_BITS) TPMI_RSA_KEY_BITS Type */ void TSS_TPMI_RSA_KEY_BITS_Print(TPMI_RSA_KEY_BITS source, unsigned int indent) { printf("%*s" "TPM_KEY_BITS: %u\n", indent, "", source); return; } /* Table 165 - Definition of {ECC} (TPM_ECC_CURVE) TPMI_ECC_CURVE Type */ void TSS_TPMI_ECC_CURVE_Print(TPMI_ECC_CURVE source, unsigned int indent) { switch (source) { #ifdef TPM_ECC_BN_P256 case TPM_ECC_BN_P256: printf("%*s" "TPMI_ECC_CURVE TPM_ECC_BN_P256\n", indent, ""); break; #endif #ifdef TPM_ECC_NIST_P256 case TPM_ECC_NIST_P256: printf("%*s" "TPMI_ECC_CURVE TPM_ECC_NIST_P256\n", indent, ""); break; #endif #ifdef TPM_ECC_NIST_P384 case TPM_ECC_NIST_P384: printf("%*s" "TPMI_ECC_CURVE TPM_ECC_NIST_P384\n", indent, ""); break; #endif default: printf("%*s" "TPMI_ECC_CURVE %04hx unknown\n", indent, "", source); } return; } /* Table 166 - Definition of (TPMT_SIG_SCHEME) {ECC} TPMT_ECC_SCHEME Structure */ void TSS_TPMT_ECC_SCHEME_Print(TPMT_ECC_SCHEME *source, unsigned int indent) { TSS_TPM_ALG_ID_Print(source->scheme, indent+2); if (source->scheme != TPM_ALG_NULL) { TSS_TPM_ALG_ID_Print(source->details.anySig.hashAlg, indent+2); } return; } /* Table 168 - Definition of {RSA} TPMS_SIGNATURE_RSA Structure */ void TSS_TPMS_SIGNATURE_RSA_Print(TPMS_SIGNATURE_RSA *source, unsigned int indent) { TSS_TPM_ALG_ID_Print(source->hash, indent+2); TSS_PrintAlli("TPMS_SIGNATURE_RSA", indent+2, source->sig.t.buffer, source->sig.t.size); return; } /* Table 169 - Definition of Types for {RSA} Signature */ void TSS_TPMS_SIGNATURE_RSASSA_Print(TPMS_SIGNATURE_RSASSA *source, unsigned int indent) { TSS_TPMS_SIGNATURE_RSA_Print(source, indent+2); return; } /* Table 172 - Definition of TPMU_SIGNATURE Union */ void TSS_TPMU_SIGNATURE_Print(TPMU_SIGNATURE *source, TPMI_ALG_SIG_SCHEME selector, unsigned int indent) { switch (selector) { case TPM_ALG_RSASSA: TSS_TPMS_SIGNATURE_RSASSA_Print(&source->rsassa, indent+2); break; #if 0 case TPM_ALG_RSAPSS: TSS_TPMS_SIGNATURE_RSAPSS_Print(&source->rsapss, indent+2); break; case TPM_ALG_ECDSA: TSS_TPMS_SIGNATURE_ECDSA_Print(&source->ecdsa, indent+2); break; case TPM_ALG_ECDAA: TSS_TPMS_SIGNATURE_ECDSA_Print(&source->ecdaa, indent+2); break; case TPM_ALG_SM2: TSS_TPMS_SIGNATURE_ECDSA_Print(&source->sm2, indent+2); break; case TPM_ALG_ECSCHNORR: TSS_TPMS_SIGNATURE_ECDSA_Print(&source->ecschnorr, indent+2); break; case TPM_ALG_HMAC: TSS_TPMT_HA_Print(&source->hmac, indent+2); break; #endif default: printf("%*s" "TPMU_SIGNATURE selection not implemented\n", indent, ""); } } /* Table 173 - Definition of TPMT_SIGNATURE Structure */ void TSS_TPMT_SIGNATURE_Print(TPMT_SIGNATURE *source, unsigned int indent) { TSS_TPM_ALG_ID_Print(source->sigAlg, indent+2); TSS_TPMU_SIGNATURE_Print(&source->signature, source->sigAlg, indent+2); return; } /* Table 176 - Definition of (TPM_ALG_ID) TPMI_ALG_PUBLIC Type */ void TSS_TPMI_ALG_PUBLIC_Print(TPMI_ALG_PUBLIC source, unsigned int indent) { switch (source) { #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: printf("%*s" "TPMI_ALG_PUBLIC: TPM_ALG_KEYEDHASH\n", indent, ""); break; #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: printf("%*s" "TPMI_ALG_PUBLIC: TPM_ALG_RSA\n", indent, ""); break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: printf("%*s" "TPMI_ALG_PUBLIC: TPM_ALG_ECC\n", indent, ""); break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: printf("%*s" "TPMI_ALG_PUBLIC: TPM_ALG_SYMCIPHER\n", indent, ""); break; #endif default: printf("%*s" "TPMI_ALG_PUBLIC: %04hx not implemented\n", indent, "", source); } return; } /* Table 177 - Definition of TPMU_PUBLIC_ID Union */ void TSS_TPMU_PUBLIC_ID_Print(TPMU_PUBLIC_ID *source, TPMI_ALG_PUBLIC selector, unsigned int indent) { switch (selector) { #ifdef TPM_ALG_KEYEDHASH case TPM_ALG_KEYEDHASH: TSS_PrintAlli("TPM_ALG_KEYEDHASH", indent, source->keyedHash.b.buffer, source->keyedHash.b.size); break; #endif #ifdef TPM_ALG_SYMCIPHER case TPM_ALG_SYMCIPHER: TSS_PrintAlli("TPM_ALG_SYMCIPHER", indent, source->sym.b.buffer, source->sym.b.size); break; #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: TSS_PrintAlli("TPM_ALG_RSA", indent, source->rsa.b.buffer, source->rsa.b.size); break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: TSS_PrintAlli("TPM_ALG_ECC x", indent, source->ecc.x.b.buffer, source->ecc.x.b.size); TSS_PrintAlli("TPM_ALG_ECC y", indent, source->ecc.y.b.buffer, source->ecc.y.b.size); break; #endif default: printf("%*s" "TPMU_PUBLIC_ID_Print: selection %04hx not implemented\n", indent, "", selector); } return; } /* Table 180 - Definition of {RSA} TPMS_RSA_PARMS Structure */ void TSS_TPMS_RSA_PARMS_Print(TPMS_RSA_PARMS *source, unsigned int indent) { TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent+2); TSS_TPMT_RSA_SCHEME_Print(&source->scheme, indent+2); TSS_TPMI_RSA_KEY_BITS_Print(source->keyBits, indent+2); printf("%*s" "TPMS_RSA_PARMS exponent %08x\n", indent, "", source->exponent); return; } /* Table 181 - Definition of {ECC} TPMS_ECC_PARMS Structure */ void TSS_TPMS_ECC_PARMS_Print(TPMS_ECC_PARMS *source, unsigned int indent) { TSS_TPMT_SYM_DEF_OBJECT_Print(&source->symmetric, indent+2); TSS_TPMT_ECC_SCHEME_Print(&source->scheme, indent+2); TSS_TPMI_ECC_CURVE_Print(source->curveID, indent+2); TSS_TPMT_KDF_SCHEME_Print(&source->kdf, indent+2); return; } /* Table 182 - Definition of TPMU_PUBLIC_PARMS Union */ void TSS_TPMU_PUBLIC_PARMS_Print(TPMU_PUBLIC_PARMS *source, uint32_t selector, unsigned int indent) { switch (selector) { #if 0 case TPM_ALG_KEYEDHASH: TSS_TPMS_KEYEDHASH_PARMS_Print(&source->keyedHashDetail, indent+2); break; #endif #if 0 case TPM_ALG_SYMCIPHER: TSS_TPMS_SYMCIPHER_PARMS_Print(&source->symDetail, indent+2); break; #endif #ifdef TPM_ALG_RSA case TPM_ALG_RSA: TSS_TPMS_RSA_PARMS_Print(&source->rsaDetail, indent+2); break; #endif #ifdef TPM_ALG_ECC case TPM_ALG_ECC: TSS_TPMS_ECC_PARMS_Print(&source->eccDetail, indent+2); break; #endif default: printf("%*s" "TPMU_PUBLIC_PARMS : selector %08x not implemented\n", indent, "", selector); } return; } /* Table 184 - Definition of TPMT_PUBLIC Structure */ void TSS_TPMT_PUBLIC_Print(TPMT_PUBLIC *source, unsigned int indent) { TSS_TPMI_ALG_PUBLIC_Print(source->type, indent+2); TSS_TPM_ALG_ID_Print(source->nameAlg, indent+2); TSS_TPMA_OBJECT_Print(source->objectAttributes, indent+2); TSS_PrintAlli("authPolicy: ", indent+2, source->authPolicy.b.buffer, source->authPolicy.b.size); TSS_TPMU_PUBLIC_PARMS_Print(&source->parameters, source->type, indent+2); TSS_TPMU_PUBLIC_ID_Print(&source->unique, source->type, indent+2); return; } /* Table 205 - Definition of (UINT32) TPMA_NV Bits */ void TSS_TPMA_NV_Print(TPMA_NV source, unsigned int indent) { uint32_t nvType; if (source.val & TPMA_NVA_PPWRITE) printf("%*s" "TPMA_NV_PPWRITE\n", indent, ""); if (source.val & TPMA_NVA_OWNERWRITE) printf("%*s" "TPMA_NV_OWNERWRITE\n", indent, ""); if (source.val & TPMA_NVA_AUTHWRITE) printf("%*s" "TPMA_NV_AUTHWRITE\n", indent, ""); if (source.val & TPMA_NVA_POLICYWRITE) printf("%*s" "TPMA_NV_POLICYWRITE\n", indent, ""); nvType = (source.val & TPMA_NVA_TPM_NT_MASK) >> 4; switch (nvType) { case TPM_NT_ORDINARY: printf("%*s" "TPM_NT_ORDINARY\n", indent, ""); break; case TPM_NT_COUNTER: printf("%*s" "TPM_NT_COUNTER\n", indent, ""); break; break; case TPM_NT_BITS: printf("%*s" "TPM_NT_COUNTER\n", indent, ""); break; break; case TPM_NT_EXTEND: printf("%*s" "TPM_NT_EXTEND\n", indent, ""); break; break; case TPM_NT_PIN_FAIL: printf("%*s" "TPM_NT_PIN_FAIL\n", indent, ""); break; break; case TPM_NT_PIN_PASS: printf("%*s" "TPM_NT_PIN_PASS\n", indent, ""); break; break; default: printf("%*s %02x" "type unknown\n", indent, "", nvType); } if (source.val & TPMA_NVA_POLICY_DELETE) printf("%*s" "TPMA_NV_POLICY_DELETE\n", indent, ""); if (source.val & TPMA_NVA_WRITELOCKED) printf("%*s" "TPMA_NV_WRITELOCKED\n", indent, ""); if (source.val & TPMA_NVA_WRITEALL) printf("%*s" "TPMA_NV_WRITEALL\n", indent, ""); if (source.val & TPMA_NVA_WRITEDEFINE) printf("%*s" "TPMA_NV_WRITEDEFINE\n", indent, ""); if (source.val & TPMA_NVA_WRITE_STCLEAR) printf("%*s" "TPMA_NV_WRITE_STCLEAR\n", indent, ""); if (source.val & TPMA_NVA_GLOBALLOCK) printf("%*s" "TPMA_NV_GLOBALLOCK\n", indent, ""); if (source.val & TPMA_NVA_PPREAD) printf("%*s" "TPMA_NV_PPREAD\n", indent, ""); if (source.val & TPMA_NVA_OWNERREAD) printf("%*s" "TPMA_NV_OWNERREAD\n", indent, ""); if (source.val & TPMA_NVA_AUTHREAD) printf("%*s" "TPMA_NV_AUTHREAD\n", indent, ""); if (source.val & TPMA_NVA_POLICYREAD) printf("%*s" "TPMA_NV_POLICYREAD\n", indent, ""); if (source.val & TPMA_NVA_NO_DA) printf("%*s" "TPMA_NV_NO_DA\n", indent, ""); if (source.val & TPMA_NVA_ORDERLY) printf("%*s" "TPMA_NV_ORDERLY\n", indent, ""); if (source.val & TPMA_NVA_CLEAR_STCLEAR) printf("%*s" "TPMA_NV_CLEAR_STCLEAR\n", indent, ""); if (source.val & TPMA_NVA_READLOCKED) printf("%*s" "TPMA_NV_READLOCKED\n", indent, ""); if (source.val & TPMA_NVA_WRITTEN) printf("%*s" "TPMA_NV_WRITTEN\n", indent, ""); if (source.val & TPMA_NVA_PLATFORMCREATE) printf("%*s" "TPMA_NV_PLATFORMCREATE\n", indent, ""); if (source.val & TPMA_NVA_READ_STCLEAR) printf("%*s" "TPMA_NV_READ_STCLEAR\n", indent, ""); return; } ./utils/encryptdecrypt.c0000644000175000017500000002425413075204375013563 0ustar lo1lo1/********************************************************************************/ /* */ /* EncryptDecrypt */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: encryptdecrypt.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printDecrypt(EncryptDecrypt_Out *out); static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; EncryptDecrypt_In in; EncryptDecrypt_Out out; EncryptDecrypt2_In in2; TPMI_DH_OBJECT keyHandle = 0; const char *inFilename = NULL; const char *outFilename = NULL; TPMI_YES_NO decrypt = NO; int two = FALSE; const char *keyPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; uint16_t written; size_t length; uint8_t *buffer = NULL; /* for the free */ uint8_t *buffer1 = NULL; /* for marshaling */ setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (keyHandle == 0) { printf("Missing handle parameter -hk\n"); printUsage(); } if (inFilename == NULL) { printf("Missing encrypted message -if\n"); printUsage(); } if (rc == 0) { rc = TSS_File_ReadBinaryFile(&buffer, /* must be freed by caller */ &length, inFilename); } if (rc == 0) { if (length > MAX_DIGEST_BUFFER) { printf("Input data too long %u\n", (uint32_t)length); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { if (!two) { /* use TPM_CC_EncryptDecrypt */ /* the symmetric key used for the operation */ in.keyHandle = keyHandle; /* if YES, then the operation is decryption; if NO, the operation is encryption */ in.decrypt = decrypt; /* symmetric mode */ in.mode = TPM_ALG_NULL; /* an initial value as required by the algorithm */ in.ivIn.t.size = MAX_SYM_BLOCK_SIZE; memset(in.ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE); /* the data to be encrypted/decrypted */ in.inData.t.size = length; memcpy(in.inData.t.buffer, buffer, length); } else { /* the symmetric key used for the operation */ in2.keyHandle = keyHandle; /* if YES, then the operation is decryption; if NO, the operation is encryption */ in2.decrypt = decrypt; /* symmetric mode */ in2.mode = TPM_ALG_NULL; /* an initial value as required by the algorithm */ in2.ivIn.t.size = MAX_SYM_BLOCK_SIZE; memset(in2.ivIn.t.buffer, 0, MAX_SYM_BLOCK_SIZE); /* the data to be encrypted/decrypted */ in2.inData.t.size = length; memcpy(in2.inData.t.buffer, buffer, length); } } free (buffer); buffer = NULL; /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { if (!two) { /* use TPM_CC_EncryptDecrypt */ rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_EncryptDecrypt, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } else { /* use TPM_CC_EncryptDecrypt2 */ rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in2, NULL, TPM_CC_EncryptDecrypt2, sessionHandle0, keyPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if ((rc == 0) && (outFilename != NULL)) { written = 0; rc = TSS_TPM2B_MAX_BUFFER_Marshal(&out.outData, &written, NULL, NULL); } if ((rc == 0) && (outFilename != NULL)) { buffer = realloc(buffer, written); buffer1 = buffer; written = 0; rc = TSS_TPM2B_MAX_BUFFER_Marshal(&out.outData, &written, &buffer1, NULL); } if ((rc == 0) && (outFilename != NULL)) { rc = TSS_File_WriteBinaryFile(buffer + sizeof(uint16_t), written - sizeof(uint16_t), outFilename); } free(buffer); if (rc == 0) { if (verbose) printDecrypt(&out); if (verbose) printf("encryptdecrypt: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("encryptdecrypt: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printDecrypt(EncryptDecrypt_Out *out) { TSS_PrintAll("outData", out->outData.t.buffer, out->outData.t.size); } static void printUsage(void) { printf("\n"); printf("encryptdecrypt\n"); printf("\n"); printf("Runs TPM2_EncryptDecrypt\n"); printf("\n"); printf("\t-hk key handle\n"); printf("\t-pwdk password for key (default empty)\n"); printf("\t-d decrypt (default encrypt)\n"); printf("\t-if input file name\n"); printf("\t[-of output file name (default do not save)]\n"); printf("\t[-2 use TPM2_EncryptDecrypt2]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/importpem.c0000644000175000017500000002633213075204375012517 0ustar lo1lo1/********************************************************************************/ /* */ /* Import a PEM RSA keypair */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: importpem.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2016. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* Use OpenSSL to create an RSA keypair like this > openssl genrsa -out tmpprivkey.pem -aes256 -passout pass:rrrr 2048 */ #include #include #include #include #include #include #include #include #include #include #include "cryptoutils.h" #include "objecttemplates.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; Import_In in; Import_Out out; TPMI_DH_OBJECT parentHandle = 0; const char *parentPassword = NULL; const char *pemKeyFilename = NULL; const char *pemKeyPassword = ""; /* default empty password */ const char *outPublicFilename = NULL; const char *outPrivateFilename = NULL; const char *policyFilename = NULL; int keyType = TYPE_SI; TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_ALG_HASH nalg = TPM_ALG_SHA256; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; RSA *rsaKey = NULL; FILE *pemKeyFile = NULL; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (parentHandle == 0) { printf("Missing or bad object handle parameter -hp\n"); printUsage(); } if (pemKeyFilename == NULL) { printf("Missing parameter -ipem\n"); printUsage(); } if (outPublicFilename == NULL) { printf("Missing parameter -opu\n"); printUsage(); } if (outPrivateFilename == NULL) { printf("Missing parameter -opr\n"); printUsage(); } if (rc == 0) { in.parentHandle = parentHandle; in.encryptionKey.t.size = 0; in.inSymSeed.t.size = 0; in.symmetricAlg.algorithm = TPM_ALG_NULL; } if (rc == 0) { if (algPublic == TPM_ALG_RSA) { rc = convertRsaPemToKeyPair(&in.objectPublic, &in.duplicate, keyType, nalg, halg, pemKeyFilename, pemKeyPassword); } else if (algPublic == TPM_ALG_ECC) { rc = convertEcPemToKeyPair(&in.objectPublic, &in.duplicate, keyType, nalg, halg, pemKeyFilename, pemKeyPassword); } else { rc = TPM_RC_ASYMMETRIC; } } /* instantiate optional policy */ if (rc == 0) { rc = getPolicy(&in.objectPublic.publicArea, policyFilename); } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_Import, sessionHandle0, parentPassword, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* output the TPM2B_PUBLIC */ if (rc == 0) { rc = TSS_File_WriteStructure(&in.objectPublic, (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal, outPublicFilename); } /* output the TPM2B_PRIVATE, which is now wrapped by the parent */ if (rc == 0) { rc = TSS_File_WriteStructure(&out.outPrivate, (MarshalFunction_t)TSS_TPM2B_PRIVATE_Marshal, outPrivateFilename); } if (rc == 0) { if (verbose) printf("importpem: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("importpem: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } if (rsaKey != NULL) { RSA_free(rsaKey); /* @1 */ } if (pemKeyFile != NULL) { fclose(pemKeyFile); /* @2 */ } return rc; } static void printUsage(void) { printf("\n"); printf("Import PEM\n"); printf("\n"); printf("Runs TPM2_Import for a PEM RSA key\n"); printf("\n"); printf("\t-hp parent handle\n"); printf("\t[-pwdp password for parent (default empty)]\n"); printf("\t-ipem PEM format key pair\n"); printf("\t\t[-rsa (default)]\n"); printf("\t\t[-ecc (uses NIST P256)]\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t-opu public area file name\n"); printf("\t-opr private area file name\n"); printf("\t[-nalg name hash algorithm (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-halg scheme hash algorithm (sha1, sha256, sha384) (default sha256)]\n"); printf("\t[-pol policy file (default empty)]\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/policyrestart.c0000644000175000017500000001407213075204375013405 0ustar lo1lo1/********************************************************************************/ /* */ /* PolicyRestart */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: policyrestart.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; PolicyRestart_In in; TPMI_SH_POLICY sessionHandle = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (sessionHandle == 0) { printf("Missing handle parameter -ha\n"); printUsage(); } if (rc == 0) { in.sessionHandle = sessionHandle; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_PolicyRestart, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("policyrestart: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("policyrestart: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("policyrestart\n"); printf("\n"); printf("Runs TPM2_PolicyRestart\n"); printf("\n"); printf("\t-ha policy session handle\n"); exit(1); } ./utils/createprimary.c0000644000175000017500000005016013133205212013330 0ustar lo1lo1/********************************************************************************/ /* */ /* Create Primary */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: createprimary.c 1044 2017-07-17 19:05:46Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015, 2017. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include #include #include "objecttemplates.h" #include "cryptoutils.h" static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; CreatePrimary_In in; CreatePrimary_Out out; char hierarchyChar = 'n'; TPMI_RH_HIERARCHY primaryHandle = TPM_RH_NULL; TPMA_OBJECT addObjectAttributes; TPMA_OBJECT deleteObjectAttributes; int keyType = TYPE_ST; uint32_t keyTypeSpecified = 0; int rev116 = FALSE; const char *uniqueFilename = NULL; TPMI_ALG_PUBLIC algPublic = TPM_ALG_RSA; TPMI_ALG_HASH halg = TPM_ALG_SHA256; TPMI_ALG_HASH nalg = TPM_ALG_SHA256; TPMI_ECC_CURVE curveID = TPM_ECC_NONE; const char *policyFilename = NULL; const char *publicKeyFilename = NULL; const char *pemFilename = NULL; const char *ticketFilename = NULL; const char *creationHashFilename = NULL; const char *dataFilename = NULL; const char *keyPassword = NULL; const char *parentPassword = NULL; const char *parentPasswordFilename = NULL; const char *parentPasswordPtr = NULL; uint8_t *parentPasswordBuffer = NULL; /* for the free */ size_t parentPasswordLength = 0; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ addObjectAttributes.val = 0; addObjectAttributes.val |= TPMA_OBJECT_NODA; addObjectAttributes.val |= TPMA_OBJECT_FIXEDTPM; addObjectAttributes.val |= TPMA_OBJECT_FIXEDPARENT; deleteObjectAttributes.val = 0; for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (keyTypeSpecified > 1) { printf("Too many key attributes\n"); printUsage(); } switch (keyType) { case TYPE_BL: if (dataFilename == NULL) { printf("-bl needs -if (sealed data object needs data to seal)\n"); printUsage(); } break; case TYPE_DAA: case TYPE_DAAR: if (algPublic != TPM_ALG_ECC) { printf("-dau and -dar needs -ecc\n"); printUsage(); } /* fall through to next test is intentional */ case TYPE_ST: case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_GP: if (dataFilename != NULL) { printf("asymmetric key cannot have -if (sensitive data)\n"); printUsage(); } case TYPE_DES: case TYPE_KH: case TYPE_DP: /* inSensitive optional for symmetric keys */ break; } if (rc == 0) { if ((parentPassword != NULL) && (parentPasswordFilename != NULL)) { printf("Cannot specify both -pwdp and -pwdpi\n"); printUsage(); } } if (rc == 0) { /* command auth from string */ if (parentPassword != NULL) { parentPasswordPtr = parentPassword; } /* command parent from file */ else if (parentPasswordFilename != NULL) { if (rc == 0) { /* must be freed by caller */ rc = TSS_File_ReadBinaryFile(&parentPasswordBuffer, &parentPasswordLength, parentPasswordFilename); } if (rc == 0) { if (parentPasswordLength > sizeof(TPMU_HA)) { printf("Password too long %u\n", (unsigned int)parentPasswordLength); rc = TSS_RC_INSUFFICIENT_BUFFER; } } if (rc == 0) { parentPasswordPtr = (const char *)parentPasswordBuffer; } } /* no command parent specified */ else { parentPasswordPtr = NULL; } } /* Table 50 - TPMI_RH_HIERARCHY primaryHandle */ if (rc == 0) { if (hierarchyChar == 'e') { primaryHandle = TPM_RH_ENDORSEMENT; } else if (hierarchyChar == 'o') { primaryHandle = TPM_RH_OWNER; } else if (hierarchyChar == 'p') { primaryHandle = TPM_RH_PLATFORM; } else if (hierarchyChar == 'n') { primaryHandle = TPM_RH_NULL; } else { printf("Bad parameter %c for -hi\n", hierarchyChar); printUsage(); } in.primaryHandle = primaryHandle; } /* Table 134 - TPM2B_SENSITIVE_CREATE inSensitive */ if (rc == 0) { /* Table 133 - TPMS_SENSITIVE_CREATE */ { if (keyPassword == NULL) { in.inSensitive.sensitive.userAuth.t.size = 0; } else { rc = TSS_TPM2B_StringCopy(&in.inSensitive.sensitive.userAuth.b, keyPassword, sizeof(TPMU_HA)); } } } if (rc == 0) { /* Table 132 - Definition of TPM2B_SENSITIVE_DATA Structure data */ if (dataFilename != NULL) { rc = TSS_File_Read2B(&in.inSensitive.sensitive.data.b, MAX_SYM_DATA, dataFilename); } else { in.inSensitive.sensitive.data.t.size = 0; } } /* Table 185 - TPM2B_PUBLIC inPublic */ if (rc == 0) { switch (keyType) { case TYPE_BL: rc = blPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, policyFilename); break; case TYPE_ST: case TYPE_DAA: case TYPE_DAAR: case TYPE_DEN: case TYPE_DEO: case TYPE_SI: case TYPE_SIR: case TYPE_GP: rc = asymPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, keyType, algPublic, curveID, nalg, halg, policyFilename); break; case TYPE_DES: rc = symmetricCipherTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, rev116, policyFilename); break; case TYPE_KH: rc = keyedHashPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, halg, policyFilename); break; case TYPE_DP: rc = derivationParentPublicTemplate(&in.inPublic.publicArea, addObjectAttributes, deleteObjectAttributes, nalg, halg, policyFilename); break; } } /* Table 177 - TPMU_PUBLIC_ID unique */ /* Table 158 - TPM2B_PUBLIC_KEY_RSA rsa */ if (rc == 0) { if (uniqueFilename != NULL) { rc = TSS_File_Read2B(&in.inPublic.publicArea.unique.rsa.b, MAX_RSA_KEY_BYTES, uniqueFilename); } else { in.inPublic.publicArea.unique.rsa.t.size = 0; } } /* TPM2B_DATA outsideInfo */ if (rc == 0) { in.outsideInfo.t.size = 0; } /* Table 102 - TPML_PCR_SELECTION */ /* TPML_PCR_SELECTION creationPCR */ if (rc == 0) { in.creationPCR.count = 0; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_CreatePrimary, sessionHandle0, parentPasswordPtr, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } /* validate the creation data */ { uint16_t written = 0;; uint8_t *buffer = NULL; /* for the free */ uint32_t sizeInBytes; TPMT_HA digest; /* get the digest size from the Name algorithm */ if (rc == 0) { sizeInBytes = TSS_GetDigestSize(nalg); if (out.creationHash.b.size != sizeInBytes) { printf("createprimary: failed, " "creationData size %u incompatible with name algorithm %04x\n", out.creationHash.b.size, nalg); rc = EXIT_FAILURE; } } /* re-marshal the output structure */ if (rc == 0) { rc = TSS_Structure_Marshal(&buffer, /* freed @1 */ &written, &out.creationData.creationData, (MarshalFunction_t)TSS_TPMS_CREATION_DATA_Marshal); } /* recalculate the creationHash from creationData */ if (rc == 0) { digest.hashAlg = nalg; /* Name digest algorithm */ rc = TSS_Hash_Generate(&digest, written, buffer, 0, NULL); } /* compare the digest to creation hash */ if (rc == 0) { int irc; irc = memcmp((uint8_t *)&digest.digest, &out.creationHash.b.buffer, sizeInBytes); if (irc != 0) { printf("createprimary: failed, creationData hash does not match creationHash\n"); rc = EXIT_FAILURE; } } free(buffer); /* @1 */ } /* save the public key */ if ((rc == 0) && (publicKeyFilename != NULL)) { rc = TSS_File_WriteStructure(&out.outPublic, (MarshalFunction_t)TSS_TPM2B_PUBLIC_Marshal, publicKeyFilename); } /* save the optional PEM public key */ if ((rc == 0) && (pemFilename != NULL)) { rc = convertPublicToPEM(&out.outPublic, pemFilename); } /* save the optional creation ticket */ if ((rc == 0) && (ticketFilename != NULL)) { rc = TSS_File_WriteStructure(&out.creationTicket, (MarshalFunction_t)TSS_TPMT_TK_CREATION_Marshal, ticketFilename); } /* save the optional creation hash */ if ((rc == 0) && (creationHashFilename != NULL)) { rc = TSS_File_WriteBinaryFile(out.creationHash.b.buffer, out.creationHash.b.size, creationHashFilename); } if (rc == 0) { printf("Handle %08x\n", out.objectHandle); if (verbose) TSS_PrintAll("createprimary: public key", out.outPublic.publicArea.unique.rsa.t.buffer, out.outPublic.publicArea.unique.rsa.t.size); if (verbose) printf("createprimary: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("createprimary: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } free(parentPasswordBuffer); parentPasswordBuffer = NULL; return rc; } static void printUsage(void) { printf("\n"); printf("createprimary creates a primary storage key\n"); printf("\n"); printf("Runs TPM2_CreatePrimary\n"); printf("\n"); printf("\t[-hi hierarchy (e, o, p, n) (default null)]\n"); printf("\t[-pwdp password for hierarchy (default empty)]\n"); printf("\t[-pwdpi password file name for hierarchy (default empty)]\n"); printf("\t[-pwdk password for key (default empty)]\n"); printf("\t[-iu inPublic unique field file (default none)]\n"); printf("\t[-opu public key file name (default do not save)]\n"); printf("\t[oipem public key PEM format file name (default do not save)]\n"); printf("\t[-tk output ticket file name]\n"); printf("\t[-ch output creation hash file name]\n"); printf("\n"); printUsageTemplate(); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); printf("\t\t20 command decrypt\n"); printf("\t\t40 response encrypt\n"); exit(1); } ./utils/startup.c0000644000175000017500000001242213075204375012200 0ustar lo1lo1/********************************************************************************/ /* */ /* Startup */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: startup.c 987 2017-04-17 18:27:09Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ #include #include #include #include #include static void printUsage(void); TPM_RC selftestCommand(void); TPM_RC startupCommand(TPM_SU startupType); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ int doStartup = TRUE; /* default startup */ int doSelftest = FALSE; /* default no self test */ TPM_SU startupType = TPM_SU_CLEAR; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); /* command line argument defaults */ for (i=1 ; (i #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; HashSequenceStart_In in; HashSequenceStart_Out out; const char *authPassword = NULL; TPMI_ALG_HASH hashAlg = TPM_ALG_SHA256; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RH_NULL; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if (rc == 0) { /* auth value for sequence */ rc = TSS_TPM2B_StringCopy(&in.auth.b, authPassword, sizeof(TPMU_HA)); } if (rc == 0) { in.hashAlg = hashAlg; } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, (RESPONSE_PARAMETERS *)&out, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_HashSequenceStart, sessionHandle0, NULL, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { printf("hashsequencestart: handle %08x\n", out.sequenceHandle); if (verbose) printf("hashsequencestart: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("hashsequencestart: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("hashsequencestart\n"); printf("\n"); printf("Runs TPM2_HashSequenceStart\n"); printf("\n"); printf("\t-pwda password for sequence (default empty)\n"); printf("\t-halg (sha1, sha256, sha384, null) (default sha256)\n"); printf("\t\tnull is an event sequence\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./utils/nvchangeauth.c0000644000175000017500000001566313055132457013162 0ustar lo1lo1/********************************************************************************/ /* */ /* NV_ChangeAuth */ /* Written by Ken Goldman */ /* IBM Thomas J. Watson Research Center */ /* $Id: nvchangeauth.c 945 2017-02-27 23:24:31Z kgoldman $ */ /* */ /* (c) Copyright IBM Corporation 2015. */ /* */ /* All rights reserved. */ /* */ /* Redistribution and use in source and binary forms, with or without */ /* modification, are permitted provided that the following conditions are */ /* met: */ /* */ /* Redistributions of source code must retain the above copyright notice, */ /* this list of conditions and the following disclaimer. */ /* */ /* Redistributions in binary form must reproduce the above copyright */ /* notice, this list of conditions and the following disclaimer in the */ /* documentation and/or other materials provided with the distribution. */ /* */ /* Neither the names of the IBM Corporation nor the names of its */ /* contributors may be used to endorse or promote products derived from */ /* this software without specific prior written permission. */ /* */ /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /********************************************************************************/ /* */ #include #include #include #include #include #include #include #include static void printUsage(void); int verbose = FALSE; int main(int argc, char *argv[]) { TPM_RC rc = 0; int i; /* argc iterator */ TSS_CONTEXT *tssContext = NULL; NV_ChangeAuth_In in; TPMI_RH_NV_INDEX nvIndex = 0; const char *password = NULL; const char *newPassword = NULL; TPMI_SH_AUTH_SESSION sessionHandle0 = TPM_RS_PW; unsigned int sessionAttributes0 = 0; TPMI_SH_AUTH_SESSION sessionHandle1 = TPM_RH_NULL; unsigned int sessionAttributes1 = 0; TPMI_SH_AUTH_SESSION sessionHandle2 = TPM_RH_NULL; unsigned int sessionAttributes2 = 0; setvbuf(stdout, 0, _IONBF, 0); /* output may be going through pipe to log file */ TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1"); for (i=1 ; (i 0xff) { printf("Out of range session attributes for -se0\n"); printUsage(); } } else { printf("Missing parameter for -se0\n"); printUsage(); } } else if (strcmp(argv[i],"-se1") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle1); } else { printf("Missing parameter for -se1\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes1); if (sessionAttributes1 > 0xff) { printf("Out of range session attributes for -se1\n"); printUsage(); } } else { printf("Missing parameter for -se1\n"); printUsage(); } } else if (strcmp(argv[i],"-se2") == 0) { i++; if (i < argc) { sscanf(argv[i],"%x", &sessionHandle2); } else { printf("Missing parameter for -se2\n"); printUsage(); } i++; if (i < argc) { sscanf(argv[i],"%x", &sessionAttributes2); if (sessionAttributes2 > 0xff) { printf("Out of range session attributes for -se2\n"); printUsage(); } } else { printf("Missing parameter for -se2\n"); printUsage(); } } else if (strcmp(argv[i],"-h") == 0) { printUsage(); } else if (strcmp(argv[i],"-v") == 0) { verbose = TRUE; TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2"); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((nvIndex >> 24) != TPM_HT_NV_INDEX) { printf("NV index handle not specified or out of range, MSB not 01\n"); printUsage(); } if (rc == 0) { in.nvIndex = nvIndex; } /* convert password string to TPM2B */ if (rc == 0) { if (newPassword == NULL) { in.newAuth.t.size = 0; } else { rc = TSS_TPM2B_StringCopy(&in.newAuth.b, newPassword, sizeof(TPMU_HA)); } } /* Start a TSS context */ if (rc == 0) { rc = TSS_Create(&tssContext); } /* call TSS to execute the command */ if (rc == 0) { rc = TSS_Execute(tssContext, NULL, (COMMAND_PARAMETERS *)&in, NULL, TPM_CC_NV_ChangeAuth, sessionHandle0, password, sessionAttributes0, sessionHandle1, NULL, sessionAttributes1, sessionHandle2, NULL, sessionAttributes2, TPM_RH_NULL, NULL, 0); } { TPM_RC rc1 = TSS_Delete(tssContext); if (rc == 0) { rc = rc1; } } if (rc == 0) { if (verbose) printf("nvchangeauth: success\n"); } else { const char *msg; const char *submsg; const char *num; printf("nvchangeauth: failed, rc %08x\n", rc); TSS_ResponseCode_toString(&msg, &submsg, &num, rc); printf("%s%s%s\n", msg, submsg, num); rc = EXIT_FAILURE; } return rc; } static void printUsage(void) { printf("\n"); printf("nvchangeauth\n"); printf("\n"); printf("Runs TPM2_NV_ChangeAuth\n"); printf("\n"); printf("\t-ha NV index handle\n"); printf("\t-pwdo password (default empty)\n"); printf("\t-pwdn new password (default empty)\n"); printf("\n"); printf("\t-se[0-2] session handle / attributes (default PWAP)\n"); printf("\t\t01 continue\n"); exit(1); } ./ibmtss.html0000644000175000017500000030373613133212576011371 0ustar lo1lo1 IBM TSS


IBM TPM 2.0 TSS API

Ken Goldman

IBM Research

kgoldman@us.ibm.com


June 29, 2017






  1. Introduction


The IBM TSS is designed for:


  • ease of understanding

  • ease of use

  • ease of implementation

  • maximum code reuse


  1. Features



The TSS handles the following, completely hidden from the caller:


  • HMAC, password and policy sessions

  • Session and HMAC key calculations, including bind and salt sessions

  • HMAC generation and verification (including cpHash and rpHash)

  • Parameter encryption and decryption, XOR and AES

  • Nonces and nonce rolling

  • Session continue flag

  • TPM 2.0 "Name" and bind session tracking

  • Different session hash algorithms

  • Marshaling, unmarshaling, and communication with the TPM


and almost hidden from the caller:


  • bind password




  1. API


The API consists of the following calls:

    1. TSS_Execute()


#include <tss2/tss.h>


TPM_RC TSS_Execute(TSS_CONTEXT *tssContext,

RESPONSE_PARAMETERS *out,

COMMAND_PARAMETERS *in,

EXTRA_PARAMETERS *extra,

TPM_CC commandCode,

...);


This is the primary TSS function.


tssContext: Opaque object

out: The standard TPM2 Part 3 response parameter

in: The standard TPM2 Part 3 command parameter

extra: Some commands (only two so far) require extra parameter s.

commandCode: The standard TPM2 Part 2 command code.


. . . : A list of session 3-tuples , of the form

TPMI_SH_AUTH_SESSION sessionHandle,

const char *password,

unsigned int sessionAttributes

The list is terminated with (TPM_RH_NULL, NULL, 0)


    1. TSS_Create()


#include <tss2/tss.h>


TPM_RC TSS_Create(TSS_CONTEXT **tssContext);


This creates the TSS_CONTEXT used in the TSS_Execute() function. It is initialized with the default configuration, which can be then changed using 3.4.3 TSS_SetProperty().


Returns an error if the context cannot be allocated, or if the properties cannot be initialized, typically due to an invalid environment variable.


See 3.3 TSS_Delete().


It does not immediately open a connection, so that the connection properties can be changed from the default first.


    1. TSS_Delete()


#include <tss2/tss.h>


TPM_RC TSS_Delete(TSS_CONTEXT *tssContext);


The deletes the opaque context created using 3.2 TSS_Create().


It closes an open connection.


Returns an error if the connection close fails.


    1. Optional Customization


The TSS is designed to work by default with no configuration.


The current default connects to the Microsoft format socket simulation. This will eventually change to connect to the resource manager.


There are three ways to customize the configuration:


  1. At compile time, with a compiler flag

  2. At program start, using an environment variable

  3. During run time, using the 3.4.3 TSS_SetProperty() function.


The environment variables and TSS_SetProperty property use the same names. The makefile flag uses the name with _DEFAULT appended.


The environment variable overrides the compiler flag, and the TSS_SetProperty() function overrides both the compiler flag and the environment variable.


      1. Property Example


To change the default TPM interface to the TPM device driver:


  • With a makefile:


-DTPM_INTERFACE_TYPE_DEFAULT="\"dev\""


  • With an environment variable:


> setenv TPM_INTERFACE_TYPE dev


  • With the TSS_SetProperty() function:


rc = TSS_SetProperty(tssContext, TPM_INTERFACE_TYPE, "dev");


      1. Properties


(Remember that the makefile compiler flag requires _DEFAULT to be added, and that the quotes must be escaped.).


The property and legal values are:


TPM_TRACE_LEVEL

default - 0

0 - no tracing

1 - trace errors

2 - trace errors and execution flow


TPM_DATA_DIR

default - current directory

set the directory where the TSS can store persistent data


TPM_INTERFACE_TYPE

default - socsim

socsim - the socket simulator

see

TPM_SERVER_NAME

TPM_SERVER_TYPE

TPM_COMMAND_PORT

TPM_PLATFORM_PORT

dev - TPM device driver

see

TPM_DEVICE

TPM_SERVER_NAME

default - localhost

set the socket server name (full host name or dotted decimal)

TPM_SERVER_TYPE

default - mssim

mssim - send packets in the Microsoft simulator format (header and footer)

raw - send packets in the raw TPM specification Part 3 format


TPM_COMMAND_PORT

default - 2321

set the socket port for TPM commands


TPM_PLATFORM_PORT

default - 2322

set the socket port for TPM simulator platform commands


TPM_DEVICE

Unix/Linux default - /dev/tpm0 (single user)

Windows default - Windows 7,8,10 Tbsi

For Unix, sets the TPM device name

/dev/tpmrm0 is the multi-user kernel resource manager

Once the kernel resource manager is upstreamed, this

may become the default.

For Windows, not currently used, only Tbsi supported

TPM_ENCRYPT_SESSIONS

default 1

1 - Session state is saved encrypted

0 - Session state is saved in plaintext


Since session state can potentially hold secrets, it should normally be encrypted. When the process terminates, the ephemeral encryption key is lost.


See 4.9 Command Line Utilities for the special case of using the command line utilities. That section is not applicable when using the TSS library in programs.


      1. TSS_SetProperty()


#include <tss2/tss.h>


TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext,

int property,

const char *value);



The TSS_SetProperty() function overrides the defaults and environment variables programmatically.

If the property is related to the connection, an open connection is closed before the property is processed.


NOTE: The close occurs even if the new value is the same as the old value. This can be used to close a connection without deleting the context.


Question: Is it good to mandate this behavior? It offers functionality and makes the implementation easier, but perhaps it's too clever?


NOTE: The value parameter is always a string. For simplicity, the 'value' pointer is stored. The input should be a constant string.


NOTE: For the property TPM_TRACE_LEVEL, tssContext is ignored. The trace level is per process, not per context.







    1. Extra Parameter


The extra parameter is a catch-all for any parameters that TSS_Execute() requires beyond the normal TPM command and response parameters.


TPM2_StartAuthSession needs the bind password so that it can calculate the session key.


    1. Other APIs and Headers


Headers are now in the …/utils/tss2 directory. This move (from …/utils) permits source to use this construct, compatible with an eventual header install in /usr/include/tss2:


#include <tss2/tss.h>


The utility / demo applications cheat a bit, in that they call into TSS utility functions. These are less likely to be stable than the official API above.


  • tss.h: The official API


  • tsserror.h: Included by tss.h for convenience. Error codes may be added.


  • tssmarshal.h: Marshal structures to arrays. These are likely to be stable. They are similar to the TPM side functions but return errors.


  • Unmarshal_fp.h: Unmarshal arrays to structures. These are likely to be stable, since they are used on the TPM side.


  • tssresponsecode.h: Response code to text. Useful for debugging. The API should be stable, but the actual output may change.


  • tssprint.h: Functions to print structures. Useful for debugging. The API should be stable. Functions may be added, and the output is likely to change.


  • tssutils.h: Demo helper functions. These are useful for rapid prototyping but are not recommended for production code.


  • tssfile.h: Demo helper functions. These are useful for rapid prototyping but are not recommended for production code.


  • tsscrypto.h: Sample crypto code. These are useful for rapid prototyping but are not recommended for production code.


  • Any of the lower layer TSS functions are for TSS internal use. They should not be called.


  1. Application Notes


Several areas have non-obvious usage. They are described here.


    1. TPM Simulator


A typical cause of a hang when sending the first command to the TPM simulator is that it has not received a simulated "powered up." Send this command:


> powerup


The platform firmware initializes a hardware TPM. The TPM simulator requires this command:


> startup


    1. Parameter Encryption


The caller does NOT perform parameter encryption. Simply set the session attribute to either or both of TPMA_SESSION_ENCRYPT or TPMA_SESSION_DECRYPT.


    1. Session Salt


To salt, the caller should set tpmKey (the handle of a loaded decrypt key) in TPM2_StartAuthSession. The key must be an RSA 2048-bit key or EC NIST P256 key with sign clear and decrypt set.


The caller must supply the extra parameter as a StartAuthSession_Extra structure.


The caller does NOT supply the HMAC salt. The encryptedSalt parameter is ignored, as the TSS generates the salt.


    1. Session Bind


To bind, the caller should set bind (the bind entity handle) in TPM2_StartAuthSession. The caller must supply the extra parameter as a StartAuthSession_Extra structure and set the bindPassword member to the bind handle password.


    1. NV


For applications that do not share an NV index and don't use global locks or transient locks that change after a reboot, the following details are unnecessary. Just issue the TPM2_NV_DefineSpace and everything works, including HMAC sessions.


For applications that do not satisfy the above criteria, the application must issue TPM2_NV_ReadPublic and validate that the public area is as expected, including the locks.

      1. Rationale


Why? For authorization, the TSS includes the Name (a hash of the public NV metadata) in the HMAC calculation. This ensures that the NV index has not been replaced with a different version with untrusted metadata.


Normally, the TSS tracks the Name, even when the application changes the written or lock attributes. However, if the attributes (and therefore the Name) change outside the application, the TSS is unable to track the change. In those cases, the application must read the public data and validate it.


Why doesn't the TSS automatically issue the TPM2_NV_ReadPublic? If it did that, it would encourage the application developer to blindly trust the index. The application is expected to examine the TPM2_NV_ReadPublic return (e.g., the policy, the attributes) and decide whether the index is trusted. The TSS cannot enforce this, but it does at least encourage it.


The index Name can change as the metadata changes. These changes include the "written" bit and the read and write locks. The TSS automatically tracks the changes performed on a single index by the application. It does not track:


  1. Changes "out of band", by a different application, including an attacker.


This will surface as an HMAC failure. The application should reissue TPM2_NV_ReadPublic and decide if the index is still trusted.


  1. Changes to transient lock status due to a reboot.


If the application is aware of the reboot, it can reissue TPM2_NV_ReadPublic and re-evaluate the return. Otherwise, it can wait for the potential HMAC failure and handle it as above.


  1. Locks due to a global lock, because it's hard and because global lock is expected to be used at provisioning, if ever.


This case will probably never occur in practice. If it does, handle the HMAC failure as above.


      1. NV Preprovisioning


This is the case where some other application has used TPM2_NV_DefineSpace to preprovision an index. As an alternative to the application evaluating the TPM2_NV_ReadPublic response, the NV metadata and Name can be preprovisioned when the application is installed. Two files are required:


[nnnnnnnn] is the hex value of the NV index.


  1. h[nnnnnnnn].bin - The Name, a binary hash of the public data

  2. nvp[nnnnnnnn].bin - The marshaled TPMS_NV_Public


    1. TPM2_LoadExternal


This command is unique, in that it has an optional parameter, TPM2B_SENSITIVE inPrivate. The caller should use the size as a flag: 0 for not present, and non-zero for present.


Rationale:


The TPM uses the inPrivate.size zero to indicate that the parameter is not present, and uses the correct marshaled size to indicate that the parameter is present. This TSS uses that design pattern, but, as with other TPM2B's that wrap structures, it does not require the caller to marshal the structure and determine the correct size.


    1. Connecting to Resource Managers


An issue arises when using the TSS utilities (not the TSS itself) on a platform with a resource manager. Windows currently has a resource manager (called TBS) and all OSes will eventually have one.


A resource manager flushes all resources (objects like keys, and sessions) when a connection closes. Since the utilities are standalone processes, the connection closes after each invocation. Thus, for example, a utility can load a key, but, when the "load" command terminates, the resource manager will flush the key.


This is not an issue for a complete application using the TSS, because the TSS will keep the connection open through multiple TPM commands. For prototyping using the utilities, the solution is to simulate this persistent connection behavior.


The "tpm_proxy" program connects as a socket server on one side and a TPM device driver on the other. Once the proxy starts, the resource manager sees one persistent connection, as desired. The utilities use the socket interface to the proxy.


The proxy (for both TPM 1.2 and TPM 2.0) is part of the tarball at


https://sourceforge.net/projects/ibmswtpm/files/?source=navbar


It is not well tested for TPM 2.0. I expect that the TPM_Startup call must be commented out, and that the TSS must run in "raw" mode.


    1. Endorsement Key (EK Certificates)


The TSS includes several TPM vendor EK root certificates for convenience.


There is no reason for a user to trust these certificates. Obtain production certificates directly from the TPM vendor.


These URLs are provided for convenience. Observe that some URLs are http. I encourage all readers to ask the TPM vendors to offer these certificates over a secured web page, since they form the root of trust for TPM authenticity.


Utilities such as "createek" that take a -root argument require a list of EK root certificates in a file. The utilities include a sample file …/utils/certificates/rootcerts.txt. The file MUST be edited, since the file names must have a complete path to your install directory.


Certificates must be in PEM format. To convert from DER format (.cer, .crt) to PEM using openssl:


> openssl x509 -in cert.cer -inform DER -out cert.pem


      1. Nuvoton


https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%202110.cer


https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%201110.cer


      1. St Micro


GlobalSign Trusted Computing CA


http://secure.globalsign.com/cacert/gstpmroot.crt


ST TPM Root certificate


http://secure.globalsign.com/cacert/stmtpmekroot.crt


ST Intermediate CA 01


http://secure.globalsign.com/cacert/stmtpmekint01.crt


ST Intermediate CA 02


http://secure.globalsign.com/cacert/stmtpmekint02.crt


ST Intermediate CA 03


http://secure.globalsign.com/cacert/stmtpmekint03.crt


ST Intermediate CA 04


http://secure.globalsign.com/cacert/stmtpmekint04.crt


ST Intermediate CA 05


http://secure.globalsign.com/cacert/stmtpmekint05.crt


GlobalSign Trusted Platform Module ECC


Root CA


http://secure.globalsign.com/cacert/tpmeccroot.crt


STM TPM ECC Root CA 01


http://secure.globalsign.com/stmtpmeccroot01.crt


STM TPM ECC Intermediate CA 01


http://secure.globalsign.com/stmtpmeccint01.crt


      1. Infineon


https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates


      1. NationZ


Root


https://pki.nationz.com.cn/EkRootCA/EkRootCA.crt


Intermediate certificates


https://pki.nationz.com.cn/EkMfrCA001/EkMfrCA001.crt

https://pki.nationz.com.cn/EkMfrCA002/EkMfrCA002.crt

https://pki.nationz.com.cn/EkMfrCA003/EkMfrCA003.crt

      1. Intel


PTT EK Root Certificate


https://upgrades.intel.com/content/CRL/ekcert/EKRootPublicKey.cer


PTT EK Intermediate Certificate

http://upgrades.intel.com/content/CRL/ekcert/SPTHEPIDPROD_EK_Platform_Public_Key.cer

        1. Intel EK Certificate Download


As of June, 2017, the Intel PTT does not come provisioned with EK certificates. They must be downloaded using this procedure.


  • Read the EK public key

  • Construct digest data

    • For RSA, concatenate the public modulus to the default exponent 010001, all in binary.

    • For EC, this step is currently undocumented.

  • Calculate a SHA-256 digest of the digest data

  • Base64 encode the digest

  • Convert the base64 to URL base64 by changing = to %3D, + to -, and / to _.

  • Prepend https://ekop.intel.com/ekcertservice/ to form the certificate URL.

  • Use a browser to display the certificate (or use wget and edit in a text editor)

  • Extract the text between the <certificate> and </certificate> to a text editor.

  • Convert the URL base64 to base64 by changing %3D to =, - to +, and _ to /. Remove all newlines.

  • Base64 decode to create the DER certificate.


    1. Command Line Utilities


See also section 4.7 Connecting to Resource Managers.


As stated in section 3.4.2 Properties, the default is to build the TSS library to encrypt session state with an ephemeral encryption key that is lost when the application exits.


This behavior would preclude using the command line utilities with sessions, since the encryption key would change. There are two facilities to remedy this.


  1. For stand-alone debugging, save session state in plaintext. For example, use an environment variable:


> setenv TPM_ENCRYPT_SESSIONS 0


or the equivalent compile time flag


-DTPM_ENCRYPT_SESSIONS_DEFAULT="\"0\""


  1. For using the command line utilities securely, either stand-alone or in scripts, a fixed encryption key can be specified.


In the script:

TPM_SESSION_ENCKEY=`./getrandom -by 16 -ns`

On the command line:

> setenv TPM_SESSION_ENCKEY `./getrandom -by 16 -ns`


  1. Example

Each standalone utility serves as an example for a single command.


The signapp.c source shows how several commands can be chained together to form an application. It does the following:


  • Start an authorization HMAC session

  • Create a primary storage key, using the session

  • Create a signing key under the storage key

  • Load the signing key, using the session

  • Sign a digest, using the session

  • Verify the signature

  • Flush the primary key

  • Flush the signing key

  • Flush the session

  1. Build

The builds for Linux and Windows create the TSS shared object / dll and about 110 command line programs. The command line programs can be used in a script for rapid prototyping or as sample usage code.


The build files clear TPM_ENCRYPT_SESSIONS, which is useful for prototyping and regression testing. This should be removed for production applications.

    1. Directories


The TSS ships with these directories:


…/utils TSS and utility / demo applications

…/utils/regtests TSS regression tests

…/utils/policies TSS regression test policies and miscellaneous files

…/demo TSS demo web pages

…/tpmutils TSS Visual Studio files


To extract the tarball


> cd …

> tar xvf ibmtssnnn.tar .


    1. Linux


Install OpenSSL 1.0.x or 1.1.x.


> cd …/utils

> make


Note: Linux builds must have TPM_POSIX defined.


After building, run the regression test against a running simulator. -h gives help. The Linux version takes about 1 minute.


> ./reg.sh -a


The regression test can run against a software TPM at /dev/tpm0. It will skip the power up sequence. However, it uses the environment variable TPM_INTERFACE_TYPE as the determination. If the default TPM_INTERFACE_TYPE was changed at compile time, the regression test will try the power up sequence unless the environment variable is also set.


I would not expect the regression test to run against a hardware TPM, since the platform firmware will have set the platform authorization. There are likely to be other errors due to protected or unsupported TPM features.


Use the regression test for TSS verification, not as a TPM test tool.


The TPM device driver normally does not permit non-root access. Either


> chmod 777 /dev/tpm0


or run as root or sudo.


    1. Windows


Install OpenSSL. The usual place to get OpenSSL for Windows is http://slproweb.com/products/Win32OpenSSL.html. There is no need to build / compile from source. Just run the downloaded .exe.


Install OpenSSL 1.0.x, not 1.1.x, which is a major API departure from previous versions. The port to 1.1.x has not yet been tested on Windows.


Install Win32 OpenSSL, not the "Light" versions, which I believe do not contain the development files.


If you chose not to install OpenSSL in the recommended location, C:\Program Files\OpenSSL, you must fix the build paths. (In other words, use the recommended location.)


This directory should be added to the Path environment variable if it's not already there:


c:\Program Files\OpenSSL\bin


Note: Windows builds must have TPM_WINDOWS defined.


Build with Visual Studio using the solution …/tpmutils/tpmutils.sln


After building, run the regression test against a running simulator. The Windows version takes about 15 minutes.


The Windows script assumes that typical command line tools such as touch and diff are installed. A typical download location is


http://gnuwin32.sourceforge.net/packages.html


See CoreUtils and DiffUtils.


> reg.bat


The regression test script defaults to the executables being in the same directory as the script, …/tpm2/utils. This is correct for the gcc build, but not for the Visual Studio build. To point to those executables, set this environment variable. Do not omit the trailing slash.


> set TPM_EXE_PATH=../tpmutils/Debug/


      1. Windows Tbsi


These instructions have been lightly tested.


Users that use only the socket interface may not want to install Tbsi (Windows TPM Base Services). Undefine TPM_WINDOWS_TBSI to remove that dependency.


Note: To undefined the macro in Visual Studio:

  1. View - Other Windows - Property Manager

  2. Expand one of the projects

  3. Expand Debug (or Release if doing a release build)

  4. Double click CommonProperties

  5. Expand Common Properties, then C/C++, then select Preprocessor

  6. Next to Preprocessor Definitions, click the value, then the down arrow, then <Edit>

  7. Remove the macro TPM_WINDOWS_TBSI

  8. OK, OK


To build in Tbsi:


  • Install the Microsoft Platform SDK or the Windows SDK to get the tbs.h include file.


  • Define the preprocessor macro TPM_WINDOWS_TBSI

  • Define the preprocessor macro TPM_WINDOWS_TBSI_WIN8


NOTE: For Windows 7, the alternate macro TPM_WINDOWS_TBSI_WIN7 uses the TPM 1.2 Tbsi API. I use it for light testing, but it is probably useless for a TPM 2.0.


Note: The TPM_WINDOWS_TBSI_WIN8 macro also supports Windows 10.


  • Link the tss with Tbs.lib


Note: For Windows 7, use c:/progra~1/Micros~2/Windows/v7.1/lib/Tbs.lib


      1. Windows Visual Studio


VS solution and project files are supplied. The Visual Studio 2013 Solution is …/tpmutils/tpmutils.sln.


It is currently configured to compile in the Windows (TPM_WINDOWS) TBSI (TPM_WINDOWS_TBSI) for Windows 8 (TPM_WINDOWS_TBSI_WIN8). It links with Tbs.lib.


The default is to connect to the socket simulator using the Microsoft simulator packet format. To change the default from a SW TPM to a HW TPM, add the preprocessor definition:


TPM_INTERFACE_TYPE_DEFAULT="dev"


      1. Windows gcc


A mingw (Minimalist GNU for Windows) makefile.mak is included. mingw from http://www.mingw.org/ must be installed.


winerror.h may have to be installed in C:\Program Files\MinGW\include


If the mingw install does not come with C:\Program Files\MinGW\include\tbs.h, a lightly tested file is included in the utils directory. Copy to C:\Program Files\MinGW\include.


Uncomment as indicated in makefile.mak to use the TBSI, either Windows 8 or Windows 7. Build using:


> cd …/utils

> make -f makefile.mak


    1. AIX


Use gnu make (gmake), not make.


> cd …/utils

> gmake -f makefile.aix


After building, run the regression test against a running Microsoft simulator. -h gives help. Since the TPM simulator does not run on AIX yet, set the TPM_SERVER_NAME environment variable.


> reg.sh -a


    1. Minimal TSS Library Builds


There are several compile time macros that permit building a subset of the TSS library. Features are lost, but the tradeoff may be important in some environments.


Since the regression test does not function against minimal builds, these variations are very lightly tested. Please report bugs.

      1. TPM_TSS_NOFILE


Defining this macro builds a TSS library that does not use files for temporary and persistent state. All state is stored in the TSS context and is lost when the context is deleted.


Drawbacks:


  • Scripting, which requires state to persist between processes, does not work.

  • Names and public keys of persistent entities do not persist, so the entities must be reread (and revalidated) at each connection.

  • Context save and load are not implemented yet.

  • There are currently some fixed size arrays for transient object and session state.


      1. TPM_TSS_NOCRYPTO


Defining this macro builds a TSS library that does not depend on a crypto library.


Drawbacks:


  • Salted sessions do not work.

  • HMAC session do not work, including policies that require HMAC.

  • Encrypt and decrypt sessions do not work.


  1. Fedora

This section is only relevant to a Fedora rpm install. It is a work in progress, and may not be 100% correct yet.


The …/utils directory holds a sample makefile, makefile.sample that can be modified for a user application.


Prerequisite:


# yum install rpm-build

    1. Local Install


Download the rpms:


TBD


  1. Install binaries:


  • the libraries - /usr/lib64/libtss.so.0.1and the link /usr/lib64/libtss.so.0

  • the utilities - /usr/bin/tssxxx. Note that the installed utilities are namespaced with the 'tss' prefix.

  • the license - /usr/share/doc/tss2-nnn/LICENSE


# rpm -ivh tss2-nnn-1.el6.x86_64.rpm


  1. Install development headers:


  • the headers - /usr/include/tss2

  • the library - link /usr/lib64/libtss.so

  • this documentation - /usr/share/doc/tss2-devel-nnn/ibmtss.doc


# rpm -ivh tss2-devel-nnn-1.el6.x86_64.rpm


  1. Install debug source and support


# rpm -ivh tss2-debuginfo-nnn-1.el6.x86_64.rpm


    1. Alternative Local Install



Erase an old version as needed:


# yum erase tss2-devel-nnn-1.el6.x86_64

# yum erase tss2-nnn-1.el6.x86_64

# yum erase tss2-debuginfo-nnn-1.el6.x86_64


Install (new method)


# dnf install ./tss2-nnn-1.el6.x86_64.rpm

# dnf install ./tss2-devel-nnn-1.el6.x86_64.rpm

# dnf install ./tss2-debuginfo-nnn-1.el6.x86_64.rpm


Install (old method)


# yum install ./tss2-nnn-1.el6.x86_64.rpm

# yum install ./tss2-devel-nnn-1.el6.x86_64.rpm

# yum install ./tss2-debuginfo-nnn-1.el6.x86_64.rpm


    1. Repository Install


Once the packages have been upstreamed, use this process.


# dnf install tss


    1. Install Test


This assumes that the SW TPM has been installed, see this link:


https://sourceforge.net/projects/ibmtpm20tss/?source=navbar


It also assumes that the regression test has been installed. See Section 7.5.


In reg.sh, change the utility prefix variable to tss.


PREFIX=tss


Run the regression test:


> cd ~/rpmbuild/BUILD/tss2-nnn/utils

> ./reg.sh


    1. Source rpms


Install source (as non-root user)


> rpm -ivh tss2-nnn-1.el6.src.rpm


The src rpm has a tarball and spec file. To build:


> cd ~/rpmbuild

> rpmbuild -bp SPECS/tss2.spec

> cd BUILD/tss2-nnn/utils

> make -f makefile.fedora



  1. Status

    1. Utilities


The utilities serve several purposes:


  • They are called by a bash or bat script to form the regression test.


The bash regression test script itself is sample code for how to use the utilities and the TPM to perform multi-step tasks.


  • They are sample code on how to use the TSS.


  • They can be used in a script for rapid prototyping.


NOTE: The utility command line arguments are not stable. They change occasionally to improve consistency among utilities or to add features


The utilities currently do not permit all TPM command options. Let me know what needs enhancement.


    1. Bugs



Please report bugs.


    1. Untested


These may "just work" but they have not been tested yet.

Users are welcome to suggest ECC tests and prioritize the below list.


  • ECC commands - ECDH_KeyGen, ECDH_ZGen, ZGen_2Phase. Commit, EC_Ephemeral

  • Several policy commands (PolicyNameHash, PolicyDuplicationSelect, PolicyLocality)

  • TestParams, GetTestResult



  1. Theading


The TSS is not thread safe.


There are many issues with making a TSS thread safe, because the TPM is inherently single threaded. For example:


  • There is only one channel to a TPM. Two threads writing bytes to a socket to a resource manager or simulator, or writing bytes to the device driver, will fail.

  • The TPM has session state that has to be coordinated with an application. For example, if a thread begins to calculate an HMAC for a session, and another thread uses the session, the rolling nonces will cause the first thread HMAC to fail.

  • Applications have state at a higher level. For example, if a thread begins to use a key and another thread saves the key context and flushes the key, the first thread's application will fail.


I think the best we can do is provide a common "TSS lock semaphore" mechanism, so that threads can coordinate access to the TSS using a common API.

Page 31

./ibmtss.doc0000644000175000017500000052500013125266066011164 0ustar lo1lo1ࡱ> NQKLM bjbj[[ 8@99a!4!4!4!4!4!H!H!H!8!#$H! b@$$ d.z.z.z.U/ O:$s=$md4!?U/U/??4!4!z.z.\\\? 4!z.4!z.\?\\j0^z.@Hn(2v0 ZQd^"4!R$,??\???HO?"q????V\??? ????????????? :  IBM TPM 2.0 TSS API Ken Goldman IBM Research kgoldman@us.ibm.com June 29, 2017  TOC \o "1-3" \h \z \u  HYPERLINK \l "_Toc485736479" 1. Introduction  PAGEREF _Toc485736479 \h 4  HYPERLINK \l "_Toc485736480" 2. Features  PAGEREF _Toc485736480 \h 5  HYPERLINK \l "_Toc485736481" 3. API  PAGEREF _Toc485736481 \h 6  HYPERLINK \l "_Toc485736482" 3.1. TSS_Execute()  PAGEREF _Toc485736482 \h 6  HYPERLINK \l "_Toc485736483" 3.2. TSS_Create()  PAGEREF _Toc485736483 \h 6  HYPERLINK \l "_Toc485736484" 3.3. TSS_Delete()  PAGEREF _Toc485736484 \h 7  HYPERLINK \l "_Toc485736485" 3.4. Optional Customization  PAGEREF _Toc485736485 \h 8  HYPERLINK \l "_Toc485736486" 3.4.1. Property Example  PAGEREF _Toc485736486 \h 8  HYPERLINK \l "_Toc485736487" 3.4.2. Properties  PAGEREF _Toc485736487 \h 8  HYPERLINK \l "_Toc485736488" 3.4.3. TSS_SetProperty()  PAGEREF _Toc485736488 \h 11  HYPERLINK \l "_Toc485736489" 3.5. Extra Parameter  PAGEREF _Toc485736489 \h 12  HYPERLINK \l "_Toc485736490" 3.6. Other APIs and Headers  PAGEREF _Toc485736490 \h 12  HYPERLINK \l "_Toc485736491" 4. Application Notes  PAGEREF _Toc485736491 \h 14  HYPERLINK \l "_Toc485736492" 4.1. TPM Simulator  PAGEREF _Toc485736492 \h 14  HYPERLINK \l "_Toc485736493" 4.2. Parameter Encryption  PAGEREF _Toc485736493 \h 14  HYPERLINK \l "_Toc485736494" 4.3. Session Salt  PAGEREF _Toc485736494 \h 14  HYPERLINK \l "_Toc485736495" 4.4. Session Bind  PAGEREF _Toc485736495 \h 14  HYPERLINK \l "_Toc485736496" 4.5. NV  PAGEREF _Toc485736496 \h 15  HYPERLINK \l "_Toc485736497" 4.5.1. Rationale  PAGEREF _Toc485736497 \h 15  HYPERLINK \l "_Toc485736498" 4.5.2. NV Preprovisioning  PAGEREF _Toc485736498 \h 16  HYPERLINK \l "_Toc485736499" 4.6. TPM2_LoadExternal  PAGEREF _Toc485736499 \h 16  HYPERLINK \l "_Toc485736500" 4.7. Connecting to Resource Managers  PAGEREF _Toc485736500 \h 16  HYPERLINK \l "_Toc485736501" 4.8. Endorsement Key (EK Certificates)  PAGEREF _Toc485736501 \h 17  HYPERLINK \l "_Toc485736502" 4.8.1. Nuvoton  PAGEREF _Toc485736502 \h 17  HYPERLINK \l "_Toc485736503" 4.8.2. St Micro  PAGEREF _Toc485736503 \h 17  HYPERLINK \l "_Toc485736504" 4.8.3. Infineon  PAGEREF _Toc485736504 \h 18  HYPERLINK \l "_Toc485736505" 4.8.4. NationZ  PAGEREF _Toc485736505 \h 19  HYPERLINK \l "_Toc485736506" 4.8.5. Intel  PAGEREF _Toc485736506 \h 19  HYPERLINK \l "_Toc485736507" 4.8.5.1. Intel EK Certificate Download  PAGEREF _Toc485736507 \h 19  HYPERLINK \l "_Toc485736508" 4.9. Command Line Utilities  PAGEREF _Toc485736508 \h 20  HYPERLINK \l "_Toc485736509" 5. Example  PAGEREF _Toc485736509 \h 21  HYPERLINK \l "_Toc485736510" 6. Build  PAGEREF _Toc485736510 \h 22  HYPERLINK \l "_Toc485736511" 6.1. Directories  PAGEREF _Toc485736511 \h 22  HYPERLINK \l "_Toc485736512" 6.2. Linux  PAGEREF _Toc485736512 \h 22  HYPERLINK \l "_Toc485736513" 6.3. Windows  PAGEREF _Toc485736513 \h 23  HYPERLINK \l "_Toc485736514" 6.3.1. Windows Tbsi  PAGEREF _Toc485736514 \h 24  HYPERLINK \l "_Toc485736515" 6.3.2. Windows Visual Studio  PAGEREF _Toc485736515 \h 25  HYPERLINK \l "_Toc485736516" 6.3.3. Windows gcc  PAGEREF _Toc485736516 \h 25  HYPERLINK \l "_Toc485736517" 6.4. AIX  PAGEREF _Toc485736517 \h 25  HYPERLINK \l "_Toc485736518" 6.5. Minimal TSS Library Builds  PAGEREF _Toc485736518 \h 26  HYPERLINK \l "_Toc485736519" 6.5.1. TPM_TSS_NOFILE  PAGEREF _Toc485736519 \h 26  HYPERLINK \l "_Toc485736520" 6.5.2. TPM_TSS_NOCRYPTO  PAGEREF _Toc485736520 \h 26  HYPERLINK \l "_Toc485736521" 7. Fedora  PAGEREF _Toc485736521 \h 27  HYPERLINK \l "_Toc485736522" 7.1. Local Install  PAGEREF _Toc485736522 \h 27  HYPERLINK \l "_Toc485736523" 7.2. Alternative Local Install  PAGEREF _Toc485736523 \h 27  HYPERLINK \l "_Toc485736524" 7.3. Repository Install  PAGEREF _Toc485736524 \h 28  HYPERLINK \l "_Toc485736525" 7.4. Install Test  PAGEREF _Toc485736525 \h 28  HYPERLINK \l "_Toc485736526" 7.5. Source rpms  PAGEREF _Toc485736526 \h 28  HYPERLINK \l "_Toc485736527" 8. Status  PAGEREF _Toc485736527 \h 30  HYPERLINK \l "_Toc485736528" 8.1. Utilities  PAGEREF _Toc485736528 \h 30  HYPERLINK \l "_Toc485736529" 8.2. Bugs  PAGEREF _Toc485736529 \h 30  HYPERLINK \l "_Toc485736530" 8.3. Untested  PAGEREF _Toc485736530 \h 30  HYPERLINK \l "_Toc485736531" 9. Theading  PAGEREF _Toc485736531 \h 31  Introduction The IBM TSS is designed for: ease of understanding ease of use ease of implementation maximum code reuse Features The TSS handles the following, completely hidden from the caller: HMAC, password and policy sessions Session and HMAC key calculations, including bind and salt sessions HMAC generation and verification (including cpHash and rpHash) Parameter encryption and decryption, XOR and AES Nonces and nonce rolling Session continue flag TPM 2.0 "Name" and bind session tracking Different session hash algorithms Marshaling, unmarshaling, and communication with the TPM and almost hidden from the caller: bind password API The API consists of the following calls: TSS_Execute() #include TPM_RC TSS_Execute(TSS_CONTEXT *tssContext, RESPONSE_PARAMETERS *out, COMMAND_PARAMETERS *in, EXTRA_PARAMETERS *extra, TPM_CC commandCode, ...); This is the primary TSS function. tssContext: Opaque object out: The standard TPM2 Part 3 response parameter in: The standard TPM2 Part 3 command parameter extra: Some commands (only two so far) require extra parameter s. commandCode: The standard TPM2 Part 2 command code. . . . : A list of session 3-tuples , of the form TPMI_SH_AUTH_SESSION sessionHandle, const char *password, unsigned int sessionAttributes The list is terminated with (TPM_RH_NULL, NULL, 0) TSS_Create() #include TPM_RC TSS_Create(TSS_CONTEXT **tssContext); This creates the TSS_CONTEXT used in the TSS_Execute() function. It is initialized with the default configuration, which can be then changed using  REF _Ref418692484 \r \h 3.4.3  REF _Ref418692484 \h TSS_SetProperty(). Returns an error if the context cannot be allocated, or if the properties cannot be initialized, typically due to an invalid environment variable. See  REF _Ref437348811 \r \h 3.3  REF _Ref437348811 \h TSS_Delete(). It does not immediately open a connection, so that the connection properties can be changed from the default first. TSS_Delete() #include TPM_RC TSS_Delete(TSS_CONTEXT *tssContext); The deletes the opaque context created using  REF _Ref437348825 \r \h 3.2  REF _Ref437348825 \h TSS_Create(). It closes an open connection. Returns an error if the connection close fails. Optional Customization The TSS is designed to work by default with no configuration. The current default connects to the Microsoft format socket simulation. This will eventually change to connect to the resource manager. There are three ways to customize the configuration: At compile time, with a compiler flag At program start, using an environment variable During run time, using the  REF _Ref418692484 \r \h 3.4.3  REF _Ref418692484 \h TSS_SetProperty() function. The environment variables and TSS_SetProperty property use the same names. The makefile flag uses the name with _DEFAULT appended. The environment variable overrides the compiler flag, and the  REF _Ref418692484 \h TSS_SetProperty() function overrides both the compiler flag and the environment variable. Property Example To change the default TPM interface to the TPM device driver: With a makefile: -DTPM_INTERFACE_TYPE_DEFAULT="\"dev\"" With an environment variable: > setenv TPM_INTERFACE_TYPE dev With the  REF _Ref418692484 \h TSS_SetProperty() function: rc = TSS_SetProperty(tssContext, TPM_INTERFACE_TYPE, "dev"); Properties (Remember that the makefile compiler flag requires _DEFAULT to be added, and that the quotes must be escaped.). The property and legal values are: TPM_TRACE_LEVEL default - 0 0 - no tracing 1 - trace errors 2 - trace errors and execution flow TPM_DATA_DIR default - current directory set the directory where the TSS can store persistent data TPM_INTERFACE_TYPE default - socsim socsim - the socket simulator see  REF _Ref473273410 \h TPM_SERVER_NAME  REF _Ref473273447 \h TPM_SERVER_TYPE  REF _Ref473273450 \h TPM_COMMAND_PORT  REF _Ref473273453 \h TPM_PLATFORM_PORT dev - TPM device driver see  REF _Ref473273499 \h TPM_DEVICE TPM_SERVER_NAME default - localhost set the socket server name (full host name or dotted decimal) TPM_SERVER_TYPE default - mssim mssim - send packets in the Microsoft simulator format (header and footer) raw - send packets in the raw TPM specification Part 3 format TPM_COMMAND_PORT default - 2321 set the socket port for TPM commands TPM_PLATFORM_PORT default - 2322 set the socket port for TPM simulator platform commands TPM_DEVICE Unix/Linux default - /dev/tpm0 (single user) Windows default - Windows 7,8,10 Tbsi For Unix, sets the TPM device name /dev/tpmrm0 is the multi-user kernel resource manager Once the kernel resource manager is upstreamed, this may become the default. For Windows, not currently used, only Tbsi supported TPM_ENCRYPT_SESSIONS default 1 1 - Session state is saved encrypted 0 - Session state is saved in plaintext Since session state can potentially hold secrets, it should normally be encrypted. When the process terminates, the ephemeral encryption key is lost. See  REF _Ref469903483 \r \h 4.9  REF _Ref469903483 \h Command Line Utilities for the special case of using the command line utilities. That section is not applicable when using the TSS library in programs. TSS_SetProperty() #include TPM_RC TSS_SetProperty(TSS_CONTEXT *tssContext, int property, const char *value); The TSS_SetProperty() function overrides the defaults and environment variables programmatically. If the property is related to the connection, an open connection is closed before the property is processed. NOTE: The close occurs even if the new value is the same as the old value. This can be used to close a connection without deleting the context. Question: Is it good to mandate this behavior? It offers functionality and makes the implementation easier, but perhaps it's too clever? NOTE: The value parameter is always a string. For simplicity, the 'value' pointer is stored. The input should be a constant string. NOTE: For the property  REF _Ref473273918 \h TPM_TRACE_LEVEL, tssContext is ignored. The trace level is per process, not per context. Extra Parameter The extra parameter is a catch-all for any parameters that TSS_Execute() requires beyond the normal TPM command and response parameters. TPM2_StartAuthSession needs the bind password so that it can calculate the session key. Other APIs and Headers Headers are now in the /utils/tss2 directory. This move (from /utils) permits source to use this construct, compatible with an eventual header install in /usr/include/tss2: #include The utility / demo applications cheat a bit, in that they call into TSS utility functions. These are less likely to be stable than the official API above. tss.h: The official API tsserror.h: Included by tss.h for convenience. Error codes may be added. tssmarshal.h: Marshal structures to arrays. These are likely to be stable. They are similar to the TPM side functions but return errors. Unmarshal_fp.h: Unmarshal arrays to structures. These are likely to be stable, since they are used on the TPM side. tssresponsecode.h: Response code to text. Useful for debugging. The API should be stable, but the actual output may change. tssprint.h: Functions to print structures. Useful for debugging. The API should be stable. Functions may be added, and the output is likely to change. tssutils.h: Demo helper functions. These are useful for rapid prototyping but are not recommended for production code. tssfile.h: Demo helper functions. These are useful for rapid prototyping but are not recommended for production code. tsscrypto.h: Sample crypto code. These are useful for rapid prototyping but are not recommended for production code. Any of the lower layer TSS functions are for TSS internal use. They should not be called. Application Notes Several areas have non-obvious usage. They are described here. TPM Simulator A typical cause of a hang when sending the first command to the TPM simulator is that it has not received a simulated "powered up." Send this command: > powerup The platform firmware initializes a hardware TPM. The TPM simulator requires this command: > startup Parameter Encryption The caller does NOT perform parameter encryption. Simply set the session attribute to either or both of TPMA_SESSION_ENCRYPT or TPMA_SESSION_DECRYPT. Session Salt To salt, the caller should set tpmKey (the handle of a loaded decrypt key) in TPM2_StartAuthSession. The key must be an RSA 2048-bit key or EC NIST P256 key with sign clear and decrypt set. The caller must supply the extra parameter as a StartAuthSession_Extra structure. The caller does NOT supply the HMAC salt. The encryptedSalt parameter is ignored, as the TSS generates the salt. Session Bind To bind, the caller should set bind (the bind entity handle) in TPM2_StartAuthSession. The caller must supply the extra parameter as a StartAuthSession_Extra structure and set the bindPassword member to the bind handle password. NV For applications that do not share an NV index and don't use global locks or transient locks that change after a reboot, the following details are unnecessary. Just issue the TPM2_NV_DefineSpace and everything works, including HMAC sessions. For applications that do not satisfy the above criteria, the application must issue TPM2_NV_ReadPublic and validate that the public area is as expected, including the locks. Rationale Why? For authorization, the TSS includes the Name (a hash of the public NV metadata) in the HMAC calculation. This ensures that the NV index has not been replaced with a different version with untrusted metadata. Normally, the TSS tracks the Name, even when the application changes the written or lock attributes. However, if the attributes (and therefore the Name) change outside the application, the TSS is unable to track the change. In those cases, the application must read the public data and validate it. Why doesn't the TSS automatically issue the TPM2_NV_ReadPublic? If it did that, it would encourage the application developer to blindly trust the index. The application is expected to examine the TPM2_NV_ReadPublic return (e.g., the policy, the attributes) and decide whether the index is trusted. The TSS cannot enforce this, but it does at least encourage it. The index Name can change as the metadata changes. These changes include the "written" bit and the read and write locks. The TSS automatically tracks the changes performed on a single index by the application. It does not track: Changes "out of band", by a different application, including an attacker. This will surface as an HMAC failure. The application should reissue TPM2_NV_ReadPublic and decide if the index is still trusted. Changes to transient lock status due to a reboot. If the application is aware of the reboot, it can reissue TPM2_NV_ReadPublic and re-evaluate the return. Otherwise, it can wait for the potential HMAC failure and handle it as above. Locks due to a global lock, because it's hard and because global lock is expected to be used at provisioning, if ever. This case will probably never occur in practice. If it does, handle the HMAC failure as above. NV Preprovisioning This is the case where some other application has used TPM2_NV_DefineSpace to preprovision an index. As an alternative to the application evaluating the TPM2_NV_ReadPublic response, the NV metadata and Name can be preprovisioned when the application is installed. Two files are required: [nnnnnnnn] is the hex value of the NV index. h[nnnnnnnn].bin - The Name, a binary hash of the public data nvp[nnnnnnnn].bin - The marshaled TPMS_NV_Public TPM2_LoadExternal This command is unique, in that it has an optional parameter, TPM2B_SENSITIVE inPrivate. The caller should use the size as a flag: 0 for not present, and non-zero for present. Rationale: The TPM uses the inPrivate.size zero to indicate that the parameter is not present, and uses the correct marshaled size to indicate that the parameter is present. This TSS uses that design pattern, but, as with other TPM2B's that wrap structures, it does not require the caller to marshal the structure and determine the correct size. Connecting to Resource Managers An issue arises when using the TSS utilities (not the TSS itself) on a platform with a resource manager. Windows currently has a resource manager (called TBS) and all OSes will eventually have one. A resource manager flushes all resources (objects like keys, and sessions) when a connection closes. Since the utilities are standalone processes, the connection closes after each invocation. Thus, for example, a utility can load a key, but, when the "load" command terminates, the resource manager will flush the key. This is not an issue for a complete application using the TSS, because the TSS will keep the connection open through multiple TPM commands. For prototyping using the utilities, the solution is to simulate this persistent connection behavior. The "tpm_proxy" program connects as a socket server on one side and a TPM device driver on the other. Once the proxy starts, the resource manager sees one persistent connection, as desired. The utilities use the socket interface to the proxy. The proxy (for both TPM 1.2 and TPM 2.0) is part of the tarball at  HYPERLINK "https://sourceforge.net/projects/ibmswtpm/files/?source=navbar" https://sourceforge.net/projects/ibmswtpm/files/?source=navbar It is not well tested for TPM 2.0. I expect that the TPM_Startup call must be commented out, and that the TSS must run in "raw" mode. Endorsement Key (EK Certificates) The TSS includes several TPM vendor EK root certificates for convenience. There is no reason for a user to trust these certificates. Obtain production certificates directly from the TPM vendor. These URLs are provided for convenience. Observe that some URLs are http. I encourage all readers to ask the TPM vendors to offer these certificates over a secured web page, since they form the root of trust for TPM authenticity. Utilities such as "createek" that take a -root argument require a list of EK root certificates in a file. The utilities include a sample file /utils/certificates/rootcerts.txt. The file MUST be edited, since the file names must have a complete path to your install directory. Certificates must be in PEM format. To convert from DER format (.cer, .crt) to PEM using openssl: > openssl x509 -in cert.cer -inform DER -out cert.pem Nuvoton  HYPERLINK "https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%202110.cer" https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%202110.cer  HYPERLINK "https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%201110.cer" https://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton%20TPM%20Root%20CA%201110.cer St Micro GlobalSign Trusted Computing CA http://secure.globalsign.com/cacert/gstpmroot.crt ST TPM Root certificate http://secure.globalsign.com/cacert/stmtpmekroot.crt ST Intermediate CA 01 http://secure.globalsign.com/cacert/stmtpmekint01.crt ST Intermediate CA 02 http://secure.globalsign.com/cacert/stmtpmekint02.crt ST Intermediate CA 03 http://secure.globalsign.com/cacert/stmtpmekint03.crt ST Intermediate CA 04 http://secure.globalsign.com/cacert/stmtpmekint04.crt ST Intermediate CA 05 http://secure.globalsign.com/cacert/stmtpmekint05.crt GlobalSign Trusted Platform Module ECC Root CA http://secure.globalsign.com/cacert/tpmeccroot.crt STM TPM ECC Root CA 01 http://secure.globalsign.com/stmtpmeccroot01.crt STM TPM ECC Intermediate CA 01 http://secure.globalsign.com/stmtpmeccint01.crt Infineon  HYPERLINK "https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates" https://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates NationZ Root https://pki.nationz.com.cn/EkRootCA/EkRootCA.crt Intermediate certificates https://pki.nationz.com.cn/EkMfrCA001/EkMfrCA001.crt https://pki.nationz.com.cn/EkMfrCA002/EkMfrCA002.crt https://pki.nationz.com.cn/EkMfrCA003/EkMfrCA003.crt Intel PTT EK Root Certificate https://upgrades.intel.com/content/CRL/ekcert/EKRootPublicKey.cer PTT EK Intermediate Certificate  HYPERLINK "http://upgrades.intel.com/content/CRL/ekcert/SPTHEPIDPROD_EK_Platform_Public_Key.cer" http://upgrades.intel.com/content/CRL/ekcert/SPTHEPIDPROD_EK_Platform_Public_Key.cer Intel EK Certificate Download As of June, 2017, the Intel PTT does not come provisioned with EK certificates. They must be downloaded using this procedure. Read the EK public key Construct digest data For RSA, concatenate the public modulus to the default exponent 010001, all in binary. For EC, this step is currently undocumented. Calculate a SHA-256 digest of the digest data Base64 encode the digest Convert the base64 to URL base64 by changing = to %3D, + to -, and / to _. Prepend  HYPERLINK "https://ekop.intel.com/ekcertservice/" https://ekop.intel.com/ekcertservice/ to form the certificate URL. Use a browser to display the certificate (or use wget and edit in a text editor) Extract the text between the and to a text editor. Convert the URL base64 to base64 by changing %3D to =, - to +, and _ to /. Remove all newlines. Base64 decode to create the DER certificate. Command Line Utilities See also section  REF _Ref483554619 \r \h 4.7  REF _Ref483554623 \h Connecting to Resource Managers. As stated in section  REF _Ref469903681 \r \h 3.4.2  REF _Ref469903677 \h Properties, the default is to build the TSS library to encrypt session state with an ephemeral encryption key that is lost when the application exits. This behavior would preclude using the command line utilities with sessions, since the encryption key would change. There are two facilities to remedy this. For stand-alone debugging, save session state in plaintext. For example, use an environment variable: > setenv TPM_ENCRYPT_SESSIONS 0 or the equivalent compile time flag -DTPM_ENCRYPT_SESSIONS_DEFAULT="\"0\"" For using the command line utilities securely, either stand-alone or in scripts, a fixed encryption key can be specified. In the script: TPM_SESSION_ENCKEY=`./getrandom -by 16 -ns` On the command line: > setenv TPM_SESSION_ENCKEY `./getrandom -by 16 -ns` Example Each standalone utility serves as an example for a single command. The signapp.c source shows how several commands can be chained together to form an application. It does the following: Start an authorization HMAC session Create a primary storage key, using the session Create a signing key under the storage key Load the signing key, using the session Sign a digest, using the session Verify the signature Flush the primary key Flush the signing key Flush the session Build The builds for Linux and Windows create the TSS shared object / dll and about 110 command line programs. The command line programs can be used in a script for rapid prototyping or as sample usage code. The build files clear  REF _Ref473274288 \h TPM_ENCRYPT_SESSIONS, which is useful for prototyping and regression testing. This should be removed for production applications. Directories The TSS ships with these directories: /utils TSS and utility / demo applications /utils/regtests TSS regression tests /utils/policies TSS regression test policies and miscellaneous files /demo TSS demo web pages /tpmutils TSS Visual Studio files To extract the tarball > cd > tar xvf ibmtssnnn.tar . Linux Install OpenSSL 1.0.x or 1.1.x. > cd /utils > make Note: Linux builds must have TPM_POSIX defined. After building, run the regression test against a running simulator. -h gives help. The Linux version takes about 1 minute. > ./reg.sh -a The regression test can run against a software TPM at /dev/tpm0. It will skip the power up sequence. However, it uses the environment variable  REF _Ref473274005 \h TPM_INTERFACE_TYPE as the determination. If the default  REF _Ref473274005 \h TPM_INTERFACE_TYPE was changed at compile time, the regression test will try the power up sequence unless the environment variable is also set. I would not expect the regression test to run against a hardware TPM, since the platform firmware will have set the platform authorization. There are likely to be other errors due to protected or unsupported TPM features. Use the regression test for TSS verification, not as a TPM test tool. The TPM device driver normally does not permit non-root access. Either > chmod 777 /dev/tpm0 or run as root or sudo. Windows Install OpenSSL. The usual place to get OpenSSL for Windows is  HYPERLINK "http://slproweb.com/products/Win32OpenSSL.html" http://slproweb.com/products/Win32OpenSSL.html. There is no need to build / compile from source. Just run the downloaded .exe. Install OpenSSL 1.0.x, not 1.1.x, which is a major API departure from previous versions. The port to 1.1.x has not yet been tested on Windows. Install Win32 OpenSSL, not the "Light" versions, which I believe do not contain the development files. If you chose not to install OpenSSL in the recommended location, C:\Program Files\OpenSSL, you must fix the build paths. (In other words, use the recommended location.) This directory should be added to the Path environment variable if it's not already there: c:\Program Files\OpenSSL\bin Note: Windows builds must have TPM_WINDOWS defined. Build with Visual Studio using the solution /tpmutils/tpmutils.sln After building, run the regression test against a running simulator. The Windows version takes about 15 minutes. The Windows script assumes that typical command line tools such as touch and diff are installed. A typical download location is  HYPERLINK "http://gnuwin32.sourceforge.net/packages.html" http://gnuwin32.sourceforge.net/packages.html See CoreUtils and DiffUtils. > reg.bat The regression test script defaults to the executables being in the same directory as the script, /tpm2/utils. This is correct for the gcc build, but not for the Visual Studio build. To point to those executables, set this environment variable. Do not omit the trailing slash. > set TPM_EXE_PATH=../tpmutils/Debug/ Windows Tbsi These instructions have been lightly tested. Users that use only the socket interface may not want to install Tbsi (Windows TPM Base Services). Undefine TPM_WINDOWS_TBSI to remove that dependency. Note: To undefined the macro in Visual Studio: View - Other Windows - Property Manager Expand one of the projects Expand Debug (or Release if doing a release build) Double click CommonProperties Expand Common Properties, then C/C++, then select Preprocessor Next to Preprocessor Definitions, click the value, then the down arrow, then Remove the macro TPM_WINDOWS_TBSI OK, OK To build in Tbsi: Install the Microsoft Platform SDK or the Windows SDK to get the tbs.h include file. Define the preprocessor macro TPM_WINDOWS_TBSI Define the preprocessor macro TPM_WINDOWS_TBSI_WIN8 NOTE: For Windows 7, the alternate macro TPM_WINDOWS_TBSI_WIN7 uses the TPM 1.2 Tbsi API. I use it for light testing, but it is probably useless for a TPM 2.0. Note: The TPM_WINDOWS_TBSI_WIN8 macro also supports Windows 10. Link the tss with Tbs.lib Note: For Windows 7, use c:/progra~1/Micros~2/Windows/v7.1/lib/Tbs.lib Windows Visual Studio VS solution and project files are supplied. The Visual Studio 2013 Solution is /tpmutils/tpmutils.sln. It is currently configured to compile in the Windows (TPM_WINDOWS) TBSI (TPM_WINDOWS_TBSI) for Windows 8 (TPM_WINDOWS_TBSI_WIN8). It links with Tbs.lib. The default is to connect to the socket simulator using the Microsoft simulator packet format. To change the default from a SW TPM to a HW TPM, add the preprocessor definition: TPM_INTERFACE_TYPE_DEFAULT="dev" Windows gcc A mingw (Minimalist GNU for Windows) makefile.mak is included. mingw from  HYPERLINK "http://www.mingw.org/" http://www.mingw.org/ must be installed. winerror.h may have to be installed in C:\Program Files\MinGW\include If the mingw install does not come with C:\Program Files\MinGW\include\tbs.h, a lightly tested file is included in the utils directory. Copy to C:\Program Files\MinGW\include. Uncomment as indicated in makefile.mak to use the TBSI, either Windows 8 or Windows 7. Build using: > cd /utils > make -f makefile.mak AIX Use gnu make (gmake), not make. > cd /utils > gmake -f makefile.aix After building, run the regression test against a running Microsoft simulator. -h gives help. Since the TPM simulator does not run on AIX yet, set the  REF _Ref473273410 \h TPM_SERVER_NAME environment variable. > reg.sh -a Minimal TSS Library Builds There are several compile time macros that permit building a subset of the TSS library. Features are lost, but the tradeoff may be important in some environments. Since the regression test does not function against minimal builds, these variations are very lightly tested. Please report bugs. TPM_TSS_NOFILE Defining this macro builds a TSS library that does not use files for temporary and persistent state. All state is stored in the TSS context and is lost when the context is deleted. Drawbacks: Scripting, which requires state to persist between processes, does not work. Names and public keys of persistent entities do not persist, so the entities must be reread (and revalidated) at each connection. Context save and load are not implemented yet. There are currently some fixed size arrays for transient object and session state. TPM_TSS_NOCRYPTO Defining this macro builds a TSS library that does not depend on a crypto library. Drawbacks: Salted sessions do not work. HMAC session do not work, including policies that require HMAC. Encrypt and decrypt sessions do not work. Fedora This section is only relevant to a Fedora rpm install. It is a work in progress, and may not be 100% correct yet. The /utils directory holds a sample makefile, makefile.sample that can be modified for a user application. Prerequisite: # yum install rpm-build Local Install Download the rpms: TBD Install binaries: the libraries - /usr/lib64/libtss.so.0.1and the link /usr/lib64/libtss.so.0 the utilities - /usr/bin/tssxxx. Note that the installed utilities are namespaced with the 'tss' prefix. the license - /usr/share/doc/tss2-nnn/LICENSE # rpm -ivh tss2-nnn-1.el6.x86_64.rpm Install development headers: the headers - /usr/include/tss2 the library - link /usr/lib64/libtss.so this documentation - /usr/share/doc/tss2-devel-nnn/ibmtss.doc # rpm -ivh tss2-devel-nnn-1.el6.x86_64.rpm Install debug source and support # rpm -ivh tss2-debuginfo-nnn-1.el6.x86_64.rpm Alternative Local Install Erase an old version as needed: # yum erase tss2-devel-nnn-1.el6.x86_64 # yum erase tss2-nnn-1.el6.x86_64 # yum erase tss2-debuginfo-nnn-1.el6.x86_64 Install (new method) # dnf install ./tss2-nnn-1.el6.x86_64.rpm # dnf install ./tss2-devel-nnn-1.el6.x86_64.rpm # dnf install ./tss2-debuginfo-nnn-1.el6.x86_64.rpm Install (old method) # yum install ./tss2-nnn-1.el6.x86_64.rpm # yum install ./tss2-devel-nnn-1.el6.x86_64.rpm # yum install ./tss2-debuginfo-nnn-1.el6.x86_64.rpm Repository Install Once the packages have been upstreamed, use this process. # dnf install tss Install Test This assumes that the SW TPM has been installed, see this link:  HYPERLINK "https://sourceforge.net/projects/ibmtpm20tss/?source=navbar" https://sourceforge.net/projects/ibmtpm20tss/?source=navbar It also assumes that the regression test has been installed. See Section  REF _Ref456884269 \r \h 7.5. In reg.sh, change the utility prefix variable to tss. PREFIX=tss Run the regression test: > cd ~/rpmbuild/BUILD/tss2-nnn/utils > ./reg.sh Source rpms Install source (as non-root user) > rpm -ivh tss2-nnn-1.el6.src.rpm The src rpm has a tarball and spec file. To build: > cd ~/rpmbuild > rpmbuild -bp SPECS/tss2.spec > cd BUILD/tss2-nnn/utils > make -f makefile.fedora Status Utilities The utilities serve several purposes: They are called by a bash or bat script to form the regression test. The bash regression test script itself is sample code for how to use the utilities and the TPM to perform multi-step tasks. They are sample code on how to use the TSS. They can be used in a script for rapid prototyping. NOTE: The utility command line arguments are not stable. They change occasionally to improve consistency among utilities or to add features The utilities currently do not permit all TPM command options. Let me know what needs enhancement. Bugs Please report bugs. Untested These may "just work" but they have not been tested yet. Users are welcome to suggest ECC tests and prioritize the below list. ECC commands - ECDH_KeyGen, ECDH_ZGen, ZGen_2Phase. Commit, EC_Ephemeral Several policy commands (PolicyNameHash, PolicyDuplicationSelect, PolicyLocality) TestParams, GetTestResult Theading The TSS is not thread safe. There are many issues with making a TSS thread safe, because the TPM is inherently single threaded. For example: There is only one channel to a TPM. Two threads writing bytes to a socket to a resource manager or simulator, or writing bytes to the device driver, will fail. The TPM has session state that has to be coordinated with an application. For example, if a thread begins to calculate an HMAC for a session, and another thread uses the session, the rolling nonces will cause the first thread HMAC to fail. Applications have state at a higher level. For example, if a thread begins to use a key and another thread saves the key context and flushes the key, the first thread's application will fail. I think the best we can do is provide a common "TSS lock semaphore" mechanism, so that threads can coordinate access to the TSS using a common API.      Page  PAGE 31 ABCIJPQRSTUVmnop{r{bW?W.h9nhL5CJOJQJaJmHnHsH uhKPahL0J@jhKPahL0JUhLmHnHuhKPahL0JjhKPahL0JU h! hwjh! hwU hJah,v hJahgOhEhFCJ(aJ(mHsHhEhoaCJ(aJ(mHsHhZACJ(aJ(h9~CJ(aJ(hLCJ(aJ( hJah_ h[h$h$ hh,v!.BCQRTU W T `  s !  !  !  $a$gd2YgdJa$a$gd$gd!     , - . / 1 2 5 6 ǯǦǂpǯǦ`ǂjhKPahL0JU#jwhLUmHnHuhKPahL0J@jhKPahL0JUhLmHnHuhKPahL0J.h9nhL5CJOJQJaJmHnHsH ujhKPahL0JU#j}hLUmHnHujhLUmHnHuhLmHnHu%6 7 Q R S T U V W X Y u v w x | } ƮƥƥxfxƥVƥjhKPahL0JU#jkhLUmHnHu'h9nhLCJOJQJaJmHnHujhKPahL0JUhLmHnHuhKPahL0J.h9nhL5CJOJQJaJmHnHsH ujhKPahL0JU#jqhLUmHnHuhLmHnHujhLUmHnHu!     ! % & 2 3 4 N O P Q R S T U V r s t u y z ׶ȩ␩~ȩnjhKPahL0JU#j_hLUmHnHujhKPahL0JUhLmHnHujhKPahL0JU#jehLUmHnHujhLUmHnHuhLmHnHuhKPahL0J'h9nhLCJOJQJaJmHnHu)     * + , - 3 4 > ? @ Z ƲƩƩ~ƲƩnƩjhKPahL0JU#jShLUmHnHujhKPahL0JUhLmHnHuhKPahL0J'h9nhLCJOJQJaJmHnHujhKPahL0JUhLmHnHujhLUmHnHu#jYhLUmHnHu$Z [ \ ] ^ _ ` a b ~  ƲƩƩ~ƲƩnƩj hKPahL0JU#jG hLUmHnHujhKPahL0JUhLmHnHuhKPahL0J'h9nhLCJOJQJaJmHnHujhKPahL0JUhLmHnHujhLUmHnHu#jMhLUmHnHu$         2 3 4 5 9 : P Q R l m n p q r s t u ƲƩƩ~ƲƩnchKPahL0J@j hKPahL0JU#j; hLUmHnHuj hKPahL0JUhLmHnHuhKPahL0J'h9nhLCJOJQJaJmHnHujhKPahL0JUhLmHnHujhLUmHnHu#jA hLUmHnHu      ! " # ? @ ұä褛n\än#j/ hLUmHnHu'h9nhLCJOJQJaJmHnHuj hKPahL0JUhLmHnHuhKPahL0JjhKPahL0JU#j5 hLUmHnHujhLUmHnHuhLmHnHuhKPahL0J@.h9nhL5CJOJQJaJmHnHsH u!@ A B F G [ \ ] w x y { | } ~  ٺِـٺnِ#j#hLUmHnHujhKPahL0JUhLmHnHu#j)hLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj hKPahL0JU$! ~ (s$~PHTM?LT !  !  !"#%&'()*FGHIMNPQRlmnpqrstuٺِـٺnِ#jhLUmHnHujhKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUjhKPahL0JU$!"#$%&BCٺِـٺnِ#j hLUmHnHujhKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUjhKPahL0JU$CDEIJ[\]wxy{|}~ٺِـٺnِ#jhLUmHnHujhKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUjhKPahL0JU$  -./IJKMNOPQRnopqwxٺِـٺnِ#jhLUmHnHujvhKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj|hKPahL0JU$%&'ABCEFGHIJfgٺِـٺnِ#jhLUmHnHujjhKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUjphKPahL0JU$ghiopwxy ٺِـٺnِ#jhLUmHnHuj^hKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUjdhKPahL0JU$   123MNOQRSTUVrstuyzٺِـٺnِ#jhLUmHnHujRhKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUjXhKPahL0JU$ !"$%*+,FGHJKLMNOkl׿״⊁q׿״_⊁#jhLUmHnHujFhKPahL0JUhLmHnHuhKPahL0J#jhLUmHnHujhLUmHnHuhLmHnHu.h9nhL5CJOJQJaJmHnHsH uhKPahL0J@jhKPahL0JUjLhKPahL0JU$lmnrs~ ٺِـٺnِ#j hLUmHnHuj: hKPahL0JUhLmHnHu#jhLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj@hKPahL0JU$89:<=>?@A]^_`fgstuٺِـٺnِ#j"hLUmHnHuj."hKPahL0JUhLmHnHu#j!hLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj4!hKPahL0JU$)*+EFGIJKLMNjkٺِـٺnِ#j$hLUmHnHuj"$hKPahL0JUhLmHnHu#j#hLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj(#hKPahL0JU$klmqruvwٺِـٺnِ#j&hLUmHnHuj&hKPahL0JUhLmHnHu#j%hLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj%hKPahL0JU$"#123MNOQRSTUVrstu{|ٺِـٺnِ#j(hLUmHnHuj (hKPahL0JUhLmHnHu#j'hLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj'hKPahL0JU$TRdWDFGTUrs & Fgd88gd*gd2Y$$ & F hPh*$^`Pa$gdNZgdNZgdqT !  ! !"/01KLMO׿״⊁q]K#j{*hLUmHnHu'h9nhLCJOJQJaJmHnHuj)hKPahL0JUhLmHnHuhKPahL0J#j)hLUmHnHujhLUmHnHuhLmHnHu.h9nhL5CJOJQJaJmHnHsH uhKPahL0J@jhKPahL0JUj)hKPahL0JUOPQRSTpqrswx    -.ƽƭƢƽƀƢnƽ#jo,hLUmHnHuj+hKPahL0JU#ju+hLUmHnHuhLmHnHuj*hKPahL0JUhLmHnHuhKPahL0J'h9nhLCJOJQJaJmHnHujhKPahL0JUjhLUmHnHu+./045ABC]^_abcdefٺِـٺnِ#jc.hLUmHnHuj-hKPahL0JUhLmHnHu#ji-hLUmHnHujhLUmHnHuhLmHnHu'h9nhLCJOJQJaJmHnHuhKPahL0JjhKPahL0JUj,hKPahL0JU$#$%&*+456PQRT׿״⊁q]K#jW0hLUmHnHu'h9nhLCJOJQJaJmHnHuj/hKPahL0JUhLmHnHuhKPahL0J#j]/hLUmHnHujhLUmHnHuhLmHnHu.h9nhL5CJOJQJaJmHnHsH uhKPahL0J@jhKPahL0JUj.hKPahL0JUTUVWXYuvwx|}ƽƭƢƽƀƢnƽ#jK2hLUmHnHuj1hKPahL0JU#jQ1hLUmHnHuhLmHnHuj0hKPahL0JUhLmHnHuhKPahL0J'h9nhLCJOJQJaJmHnHujhKPahL0JUjhLUmHnHu+!"#=>?ABCDEFGSTUY`׿״⿈}rg`\X\`MhNZh*@CJhb h* hh/hNZhGp@CJhNZh/@CJhNZ h! hNZjh! hwU#jE3hLUmHnHujhLUmHnHuhLmHnHu.h9nhL5CJOJQJaJmHnHsH uhKPahL0J@jhKPahL0JUj2hKPahL0JU 1u=_gdigd*gd~$$ & F hPh*$^`Pa$gdNZgd2Y & Fgd88 !"#*+.7CFJ`tu}źhxUh\' hZ!hm h8hm hh%ph%phmhz h5_h5_h5_hNZh/@CJhNZh*@CJ hhgO hJahgOhihb h* h*h*h~hNZh}I@CJ3  "#S{Q^gdxUgdxUgdmgdmgd5_$$ & F hPh*$^`Pa$gdNZgdJa     ' * ? B !!!!!!!!!!!!!!!!!˼˼˼˞˼ h.hhLj95h.hUh':j4h.hUhBj?4h.hUhLj3h.hUjh.hUhr hrhr hh%ph%p h.hh.hhzhmhxUh.h7*Pj  !!!!R"S"`"a"w"x"""gd%pgd.hgdm!!!!I"J"O"S"V"]"a"v"w"x"~""""""""""""" # # #######;#l###Q$R$$$%%%%%%ǸǸϞ}j6hmUjhmU h[hm h[hmhmh| h.hhLj36h.hUhLj5h.hUjh.hUh) hh%ph%p h.hh.hhzhB hBhBhr]@h.hh':1"##<#=#n#####Q$R$$$$$R%S%%%&&&&&&gdm & F gdmgd[h^hgdmgdmgdm%%3%4%5%F%G%s%t%&&-&.&/&@&A&&'>'P'`'a'w'x'y'''''''''((N(P(Q(((((a)c))))))))))))󩝙䝩j8hA1%UhA1%jhA1%Uh&xbh!` h ~hmh[ hVhVhVj'8hmU h[hmj7hmUhzhLj-7hmUhmjhmU5&&&''4'5'V'W'''''''Q(R(u(v(((((((()C)gdVgdmgdm & FgdmC)D)W)k)))))*:*T*Y*~*****+Q+++++ ^`gd`b ^`gdm ^`gd!`^gdmgdVgdm)))))))))) * ***%*&*'*8*9*:*T*X*Y*Z*p*q*r*|*}*~*****++++++W,Y,b,p,,,,,,,0-3-H-V-h-}-ÿʰʬʰʰʰʤʰʜʰhN,hv"9h%]hTh`bhi"hh&xbj:hA1%Uh!` hJahmhmj:hA1%Uj9hA1%UhA1%hLjhA1%Uj!9hA1%U7+++++6,7,B,q,,,,--H-~-------..b/t/u/gdmgd;RgdA1%gdA1%gdVgdm}-~---............... //`/a/b/d/e/s/t/u/////////////////F00000鿸h|hY hE hJahmhc0h^L hh*|Nh*|N hhm hhmhz h ~hmhmhpj;hf(UhLj;hf(Ujhf(Uhf(h`Ch?hA1% h[hm1u////////D0F000F1G111Y2Z222222^gd!gd[^gd[gdY p^p`gdm p^p`gd^Lgdmgd*|N0F1G11122Y2d2q2r222222222222222:3;3333A4\4f444444^5a5x5{55555566G7J777777883878\8ϼϸ橥橥渡ۡ۸۸۝۝۝hb*hE)h!hgh, hhmhzhLj<hMUhMjhMUhc0h^L hY hY hmhY h! h[h! h[h|<222223333334444]5^5w5x555O6P666F7gd^L & Fgd^LgdE) & FgdmgdmgdmF7G777\8]888M9N9999999 : ::::gdGgdGgdhQ$$ & F hPh*$^`Pa$gdNZgdmgd[ & Fgdm & Fgd^Lgd^L\8]8888M9N9h9q9r9{9999999;;;;;; <#<$<;<_<s<<<=\=j=k===== >!>P>Q>R>T>U>y>>>>>?üǸǚǖh45Whh\[~hGhRqh6i hhQhhQh, h+hSchLh7x3hSch+ hGhGhGhhQhNZhhQ@CJ hmhmh[h2hmh^Lhzhb*hH h[h[3:: ;;;;.;/;;;;;<<<<\=]=j=k=Q>R>U>V>I?J?gdrGgdGgd~4gdScgd+gdhQgdhQgdG??.?H?I??@@BDDD:EDEFFGnGGGHHH*I3IIIIIJJ K KKAMfMMNNNNOOFOGOOOOOOO\P]P^PPŽh\' hPShPShyEh- h- 0JmH nH uj<h- Ujh- Uh- hdMGhRihPShh% h h  h 6h h 6h  h\[~h\[~hh\[~hh45W6J??@@@@B BvCwC_D`DDD.E/EaEbEFFFFFFGG*Hgd\[~gd\[~ & F gd\[~gdgdrG*H+HYHZHHHHHHIIIIJJ KKKKMM N NOOEOgdPSgd gdPSgd & F gd\[~gd\[~EOFOOO]P^PPPPPIQJQ2R3RJSKSSSSSSSTTjUkUtUuUgd<\(gd\'gd\'gdPSPPPPPPQQ0R1R2RJSSSSSSSQTSTTTUTTTTTTUUUUhUiUUUUV2VhVVVVWWUWnWWW X$XUXwXXXXѿձѦձ h<\(h<\(hh<\(0JmH nH uj>hK?Uh+hKxD0JmH nH uj=hK?U hKxDhKxDhKxDjhKxDU h*%h*%hh*%hbh<\(hh\'hrG6uUUUUUUUVV1V2VhViVVVVVVVWWWWUWVWmWnWWWWgd<\(WWWW X X#X$XUXVXvXwXXXXXYYZYbYcYhYiYYYYYgdlgdubQgdubQgdgd<\(gd\'gd<\(XXXXX Y Y Y YWYXYYYcYiYYYYYYUZuZZZZZZ@[B[C[D[˽xjxW$j@hL0JUmH nH uhLhL0JmH nH uhL0JmH nH ujhL0JUmH nH u hLhLh`8h`80JmH nH uh`8 h(h( h(0Jhlhlhl0JmH nH uh(hubQhp(h0JmH nH uj?hK?U h<\(hhjhUYY ZUZ[Z\ZtZuZZZZ[[[8\9\P\f\\\]1]|]] & F.gd`8 & F.gdL & F.gdLgdL & FgdLgd`8gd`8gdlD[[[[[H\I\\\]]]]]]]]]]]^-_._D_E_F_W_X_q_r_s_v_w_x_y_____˻ôé×Ð|q|m||b|mjChLUhLjChLUjhLUhf(hxNhL h`8hLh`8h?g%hXO0JmH nH uj/BhLU hXOhXOjhXOUhXOh/hL hLhLh`80JmH nH ujhL0JUmH nH uh?g%hL0JmH nH u&]O^^_-_._E_F___``&hWehS hShShw h}IhL} hGghGghugh(tQ hh7[ hh7[hGg h"h&D!hZOh&D!hLjDhMUjhMUhuh'VhMh2hGg@CJ0dee|ffffffgIgdggggggggggggghhgdGggd(tQgd2Ygd2Ygd&D!gd&D!gd2h3h4hhhhhQjRj4k5k{k|kkkkkkkkklmmmmmgdl-gdGggd2YgdSgdGgkilimiiiiiiiiiiQjRjj5k{kkkkkll>l?l{l|l}lllllXmmmm$n0n8nRnon}yuyqmimimh2h2h8VDh3h(tQh\_khIhl-0JmH nH ujoFhIUhIjhIUhkhl- hl-hl-hGg hGghOh6hdhF5B*phhFjEhMUhMh'hLjhMUjuEhMU(onpnnnnoooSoZomosooo ppppppppppqqq_r`rerfrgrrrrrrrrrrrrrrss;shj h 7_hl-h;khthZh Chj.0JmH nH ujVGh[U hj.hj.jhj.Uhj.he%hAh!agdK* & F+gd; & Fgd;gd;gd;W}l}m}~~ _`ɀErsˁց!&02Ƃǂւ -4HIrsy¾º³ݯᯤݯݤhKhx(h< hfThfThLhhfT h7h7h,$h-[h7h~ hahahKhahYh/`hHhH@CJhe.h; h;h;hK*<stÁՁց" & Fgd/` & FgdfT & F'gd-[gd7gdHgdagdH$$ & F hPh*$^`Pa$gdNZ!Jփ׃"#$DEmgdx/gdagdx/gd/` & FgdfT & F'gd-[gdHh`hgd-[y|"#vwUgĆ>?AiӇƽư̢ƛ刓|u hI8,hI8,hj)hI8,hLjnJhaUjhaU hahahp(ha0JmH nH ujmIhK?0JUhaha0J ha0Jjha0JUhF1)h~ h~hx/hahx/ h/`h/`h/`hfThx(.ф҄,`avwхTUghuv@Agdagdagd~gd~gd/`gdx/ 0;<HIklÈĈԈ '()gdHgd/`gdagda24:<HIJYilw|&'()/09:|&'STBNX{|}~ǼyuhF] hhl<hGg hhl< h3mh3mhh3W hPh<h<hBhR*{h3mhNZh2H@CJhNZhGg@CJ hHh<h<h*hmSU h/`hah^^hyKh/` hahah hahI8,.)0:;ab&'ST|}gd2Ygd2Ygd<gdPgd'V^gd<gd< & Fgd3mgd3mgd3m$$ & F hPh*$^`Pa$gdNZދ$%nڌیtu & Fgd@$$ & F hPh*$^`Pa$gdNZ4gd@ & Fgd3W & Fgdgd3WgdGggd2Ygd2Y#$12LWnڌی\]^_`abdeghjkmstzȽӵӨwhwjhhX+CJUaJhhX+CJaJhtzjhtzUj/Kn~['~mJ>PNG  IHDR atEXtSoftwareMicrosoft Office5qPLTE *.)&?";6P6E?w1dY :N!9J 8S">Z!:` 8`$B_"BS'F\'DZ+La,Ox#@{+Lo'Fg'Fj(Jt/So-Pp0Ut$@e3Yw3Zv3\2Y'H0T;j>l:h?uAqB~C|F{F{\\P[kׅVtRNS@f pHYs@@bCc[ cmPPJCmp0712HsYIDATWc`@Ff "P1= +SUf0OBR_ "#&nb %p3y J*,P4t  2 lp0qt7@dNIENDB`Ddh  C 6Aclip_bullet001"@@b+&0)QYnMn+&0)QYnPNG  IHDR extEXtSoftwareMicrosoft Office5qPLTE "39*%% =;A2 H8 HDSHMLZVICXWNMWO[Zb]cYiXhQhYi]papajdxixjodww&un"{y({{)sq%uo#jf mj"ni!kf tt&~y&|w%ts&vs&fqpf'{!|((*!+&+(760)'376Ĵ2><::>CN_\Y{s]tRNS@f pHYs@@bCc[ cmPPJCmp0712Hs~IDATWc`}A^050?+^K@dTD@?DS֒31aH(HI WT25d` ڹ{x F@Y*E'\1dIENDB`Ddh  C 6Aclip_bullet002"@@b- m\KX{Qn- m\KX{PNG  IHDR rtEXtSoftwareMicrosoft Office5qPLTE  & *&$5+J2O,W3f";V 9]!?y%?e&CZ(F[&AT.Ul-Qg%Bl&Di.Pp&Cd2Wt+Mp4\x0Sm1Z/V,R5]"b7g7b?o7b&f7jFA|[LZe|y vtRNS@f pHYs@@bCc[ cmPPJCmp0712HsOIDATWc`0 &J/-ndf,fJK|2Br 6'D3"7PF h?IENDB`^8 ppppppppp002 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~_HmH nH sH tH @`@ JaNormalCJ_HaJmH sH tH Z@Z 6{X Heading 1$<@&5CJ KH OJQJ\^JaJ b@b {X Heading 2$ & F<@&5CJOJQJ\]^JaJZ@Z 2^!F Heading 3$ & F<@&5CJOJQJ\aJZ@Z 7V Heading 4$<@&5CJOJPJQJ\^JaJDA`D Default Paragraph FontRi@R  Table Normal4 l4a (k (0No List V@V ! pTOC 1$ ! ^a$5CJaJmHsHBU`Bb 0 Hyperlink>*B*mHnHphu.@. pTOC 3 ^FV`!F kFollowedHyperlink >*B* ph.@. R?pTOC 2 ^4B4 FHeader  !4 @R4 FFooter  !@"@@ {XCaption xx5CJ\aJH@rH B Balloon TextCJOJQJ^JaJ>@> Ge Footnote TextCJaJ@&`@ GeFootnote ReferenceH*^>`^ 3{XTitle /CJ0KHOJPJQJ\^J_HaJ0mH sH tH 2B@2 sr Body TextxLoL -~Body Text CharCJ_HaJmH sH tH xOxsrVersion+$$d&dNP#CJOJPJQJ^JaJmHnHuRY@R 8 Document Map-D M OJQJ^JXOX IBody Text Link,ti $$POJPJQJ^Jvov IBody Text Link Char,ti Char(CJOJPJQJ^J_HaJmH sH tH ZOZ I Table Head!$$5CJOJPJQJ^JaJj#j K Table Grid7:V!0"@3 / Table Grid 5:V"0    jjj# j #5\5\@C a Table List 5:V#0jj#  $5\5\2@2 =pTOC 4 %^_HO2@2 =pTOC 5 &^_HO2@2 =pTOC 6 '^_HO2@2 =pTOC 7 (^_HO2@2 =pTOC 8 )^_HO2@2 =pTOC 9 *^_HO&& RmirrorsB'`B UComment ReferenceCJaJ<@< U Comment Text-CJaJ@j@@ UComment Subject.5\JJr9Style Numbered 11.5 pt/ FHoH Style 11.5 pt Black CJphJoJ gnHeading 3 Char5CJOJQJ]aJLo!L ^!FHeading 3 Char15CJOJQJ\aJLo1L $ Title CharCJ0KHOJPJQJ\^JaJ0f@Bf * List Paragraph4d^m$CJOJPJQJ^JaJT`RT * No Spacing5$CJOJPJQJ_HaJmH sH tH RoaR NZHeading 1 Char5CJ KH OJQJ\^JaJ RoqR VHeading 4 Char5CJOJPJQJ\^JaJPK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭V$ !)O^rC$y@/yH*񄴽)޵߻UDb`}"qۋJחX^)I`nEp)liV[]1M<OP6r=zgbIguSebORD۫qu gZo~ٺlAplxpT0+[}`jzAV2Fi@qv֬5\|ʜ̭NleXdsjcs7f W+Ն7`g ȘJj|h(KD- dXiJ؇(x$( :;˹! I_TS 1?E??ZBΪmU/?~xY'y5g&΋/ɋ>GMGeD3Vq%'#q$8K)fw9:ĵ x}rxwr:\TZaG*y8IjbRc|XŻǿI u3KGnD1NIBs RuK>V.EL+M2#'fi ~V vl{u8zH *:(W☕ ~JTe\O*tHGHY}KNP*ݾ˦TѼ9/#A7qZ$*c?qUnwN%Oi4 =3N)cbJ uV4(Tn 7_?m-ٛ{UBwznʜ"Z xJZp; {/<P;,)''KQk5qpN8KGbe Sd̛\17 pa>SR! 3K4'+rzQ TTIIvt]Kc⫲K#v5+|D~O@%\w_nN[L9KqgVhn R!y+Un;*&/HrT >>\ t=.Tġ S; Z~!P9giCڧ!# B,;X=ۻ,I2UWV9$lk=Aj;{AP79|s*Y;̠[MCۿhf]o{oY=1kyVV5E8Vk+֜\80X4D)!!?*|fv u"xA@T_q64)kڬuV7 t '%;i9s9x,ڎ-45xd8?ǘd/Y|t &LILJ`& -Gt/PK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0C)theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] 3@ #6 Z @ Cg lkO.T!%)}-0\8?PXD[_dkionsyW}yzIKLMNOPQRTUVWXYZ[\]^_`bcdefgikmortvy{! T"&C)+u/2F7:J?*HEOuUWY]bdhmfruxE|)JSahjlnpqsuwxz|}~Umn   .6RTUWw 3OQRTt   ,?[]^`4Qmpqs!A\x{|~"%&(HQmpqs!"$D\x{|~.JMNPp & B E F H h x 2 N Q R T t  ! + G J K M m    9 < = ? _ t  * F I J L l v 2NQRTt0LOPRr   /B^abd%5QTUWw">ABD 4F.@`x!!!!!!!! ""&"8"Y"q"|"&&&&&&q***FGGGKTLLLMhMP QWQRCSSUUUWWrWvWxWWWWWWWXX]] ^Talaaaaa>d|ddhhhqDqZqsst~> X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%̕TTTtTXXXXXXTXXXTX#!8@0(  B S  ?d _Ref166921735 _Toc485736479 _Toc485736480 _Toc485736481 _Toc485736482 _Ref437348825 _Toc485736483 _Ref437348811 _Toc485736484 _Toc485736485 _Toc485736486 _Ref469903677 _Ref469903681 _Toc485736487 _Ref473273918 _Ref473274005 _Ref473273410 _Ref473273447 _Ref473273450 _Ref473273453 _Ref473273499 _Ref473274288 _Ref418692484 _Toc485736488 _Toc485736489 _Toc485736490 _Toc485736491 _Toc485736492 _Toc485736493 _Toc485736494 _Toc485736495 _Toc485736496 _Toc485736497 _Toc485736498 _Toc485736499 _Toc467152813 _Ref483554619 _Ref483554623 _Toc485736500 _Toc485736501 _Toc485736502 _Toc485736503 _Toc485736504 _Toc485736505 _Toc485736506 _Toc485736507 _Ref469903483 _Toc485736508 _Toc485736509 _Toc485736510 _Ref156904153 _Toc485736511 _Toc485736512 _Toc485736513 _Toc485736514 _Toc432519259 _Toc432519260 _Toc485736515 _Toc485736516 _Toc485736517 _Toc467152829 _Toc467152831 _Toc467152832 _Toc467152837 _Toc154370782 _Toc154371349 _Toc154371458 _Toc154383391 _Toc154384105 _Toc154384265 _Toc154554698 _Toc156112646 _Toc156116350 _Toc145317310 _Toc145317372 _Toc145317878 _Toc145318604 _Toc145318669 _Toc145328450 _Toc145388433 _Toc145754964 _Toc485736518 _Toc485736519 _Toc485736520 _Toc485736521 _Toc485736522 _Toc485736523 _Toc485736524 _Toc485736525 _Ref456884269 _Toc485736526 _Toc485736527 _Toc458078490 _Toc458078536 _Toc458503980 _Toc485736528 _Toc485736529 _Toc485736530 _Toc485736531_PictureBulletsEGSSnv D!~""##7$%b'b'*+1133]5R67>@BBBB^HKkMPZQURS.W.W[\|^|^_cgjnnnpr)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)tmuwxy|~h~<<)0000}ۄ]  !"#$%&'()*+,-./0132456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcSS __ V!""##A$%s's'*+1 2-33i5T68?@B C C CHKsMPaQZRSDWDW[\^__csjnnnpr)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)t)tCt{uwxy!|~t~GG/0009` a< d<  f<m~sHJ +6GQANTYwz{?JS]pu 5Dq/>7=yc!i!l!r!"## #$$%&%o%s%b'q'''''''''''''**8+C+,,;,@,,,,,^-c-x------P.^.`.i...G/Q///]0f0002233445&55 6 6,6>?V?b???-@5@\@d@@@@@@@*A3AAAFF:GAG HHFJNJJJKKKKKKKKKKKKuMMOOZQaQ/V3VYYZZZZ[ [g[p[=]@]^^^^^^_ _f_n_______ccccggi iiiiiiiVj^jojsjjjkkklllmmmmyn|n=oEoppppqqrq|qqqqqqqrr0r5r[r`rrr ss#s(s+s0s4s@s yy,y4y6yEyyy zz3z6z;zAzjztzzzzzzz{{`{c{{{{{|||}.}1}6~@~W~Z~c~f~*/svˀӀրހ &4?AJamʄ̄لۄ]`acdfgijlmCPal /7"QSTYnvCK.*8W_=l9E3?7= ( ! !Y!`!l!r!!!;">"T"W"""""""# #R#U########$$$0%3%%%%%%%&&B&f's'''''''''V(`())))**<+D+--...../G/r/t////30F00000$171111122223315;5668888 ::::::`<<?>C>??-@5@aAbAHCNCGGH.HUIaIJJKKSST!TTTcUfUVV=YxYYYYYZZZZ]]M^^^________````aabbccccleeff_hlhiiijSjUjjj ooZoqoqqrq|qrrrrs s+s0sEtot'v1vv www&x0xKyZyyy"z%zzz{{{{G|J|o|r||||||}.}1}y}|}}}}}W~Z~~~j| 03nqƀȀրހgqYdƒփLPe]`acdfgijlm3333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333CCIJ 6U3R ?^Qq\|&Qq"\|.N& F x 2 R + K   = t   * J k l v 2Rst0Pqr ./Bb$%5Uvw"BGA`!!!!! ""9"Y"}"0%3%&&&&q**jMjMiQQQURRSUU.W.WDWDWWWwWxWWWWWX] ^Taaaa>dd$f$fff`j`jstmm]`aacddfgijlmns~CCIJ 6U3R ?^Qq\|&Qq"\|.N& F x 2 R + K   = t   * J k l v 2Rst0Pqr ./Bb$%5Uvw"BGA`!!!!! ""9"Y"}"0%3%&&&&q**jMjMiQQQURRSUU.W.WDWDWWWwWxWWWWWX] ^Taaaa>dd$f$fff`j`jstmm]`as~i G8D2IĒOl֌}"Ԃd~p0(3,*2vRcw3<#4>LR^@R[_C^*Q2OtSTvMxX@Pv"C^LxfGoky6!/Vnpis~O(h ,mu\h ^`o(hH.h^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh h^h`hH.h 8^8`hH.h L^`LhH.h  ^ `hH.h  ^ `hH.h xL^x`LhH.h H^H`hH.h ^`hH.h L^`LhH.h ^`hH.h v^v`hH.h F L^F `LhH.h ^`hH.h ^`hH.h L^`LhH.h ^`hH.h V^V`hH.h &L^&`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh88^8`CJaJhH.h^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh ^`o(hH.h^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh ^`hH.h pLp^p`LhH.h @ @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PLP^P`LhH.Vhh^h`o(G CJ OJQJsH tH ^JaJ _Ho(G CJ OJQJsH tH ^JaJ _HhH.0P^`Po(G CJOJQJsH tH ^JaJ_HhH..hh^h`3*G&5\CJOJQJsHtH^JaJ_H4*6789:;<>*@EHH*KHEHS*TX[]o(G CJOJQJsH tH ^JaJ_HhH... x8^`xo(hH.... ^`o(hH ..... Xp^`Xo(hH ......  @ ^ `o(hH.......   8 ^ `8o(hH........  `x^``o(hH.........h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hH/#4/Vn/VnGokw3/Vn/Vn/Vn/VnOtSxfi  pis/VnE/Vn/Vn /Vnd~p0 ,muMxX"C^^@/Vn/Vn,*2/Vn/Vn/Vn2/Vn/Vn/Vn/Vn/Vn}"*Q/VnG/Vn[_C/VnI/Vn/Vnl/Vn8,ReSn Ur                                                                                                                                                                                     @ @ @t(j ^w6W:T^wtH99tA8^9uY 6WO=A8Lk^wwr\Wh B^w  &BM ei Wdw ^w[ K/ ^wh NY -q<,[ _[ e5rlBE^wpE t&} 2Ww}S"0PF W 5"#5"#:$Y 0%^wS %/Vy5&Ix'-q>D([ iP)^wFR*^w-[ > .z.-q/80-qSD0^wl1&B2"0(/3^wj 4^w5~5^wOC5-qBz6-q6&BA8zICJ9N=H99:~fU;/=(N= V=-q_[)?^w.Z?^w/?dY&BpGzICc(fEpGNH5"#RKkIY ^KN^w1N^wTlNA8'3O^9u[P R-q>>#R-q{vW[ dYw[^wS]dYh a 0%d[ r0od5"#z`d^w9h^w9h^wRh^wNjiA8I/kY 8l_lyFm^wgm^wn[ -|p^w-qt&}%t^w^9u~fU;^w/Vy MzdYg\z^wy{z_l*G{WaL{TJ|^w-Uf~^w+~[ "0c(fE  vHI]s x#L} />4QjSVXam 3 NVW,[8_iuTT'0/_)ai}Xq [(*4/;7QLoOW~W1@AFrNNVZ_c%l  Nl\Jb,Z%0l2R^nmq6v| Z  6  ' ` ka b b c d ~r ~t }   %  F% 5 < > > $H h p | | 0  r - ,$ %% D D_ c t y   e ! %+ / O W Y h^ a a <n!-0FXWtuwb EhmZp" QJ!"X)/BGH bb6i2qr7{7!f(0a4b5gHHPZ[[\ np59K]K;RT`Io}3!"?~I+`qaty~  )%=S['tk/h2:#ABPTW_dvx|%N&$4e9Eqs\%X17EF_ffoZ b+Q3p9<>&?`ls"X/CQFHbharEvrvw Y-{km/,7g@D]gre~* :>B@}CHLRjwstxz~ /"26=BPRCUX`by%%($4CGwKxNRelpq`ssu/=>%MM|  &  6    ) ?2 B tF F J d n 'p r s d!!!!!!!!!!p"!)!.!3!=!k@!&D!I!z\!o! "" " "'"q3"O"#U"_"ta"tc"6v"#x"y"| #*#|[#c#=$$j $$$p&$ 2$2$<4$S$V$u$w$s~$,%,%Y(%,%.%A1%D%J%rd%h%a{%|%&A&&-&2&7&>&@&jh&n& }&5}&''s*':'c;'&['b'Id'v'}'((E(<\(^(f())E)))))$)a()F1),3);)W)])Zf)0j)o)***--*5*7*$:* >*>*K*O*Y*^*b*v* ++0+`<+=+Q\+}l+~ ,,,7,I8,E,QI,k,p,p,Sv,t--3-A-6T-SW-:Z-^-n-.Z ..a!.*.,.=.c.j.j.Ql.r~./Q"/0/\J/P/V/=[/l/6n/p/r/x/ 0i(0)0K20:0+Z0}i0{q01 1:1;1YK1W1sY1p122220282K2M2_2ap2z2U3m37%3(3x+303K235;3L37x32444o 4!4040424@4jT4^4_4!g4nr45)5p45@5[R5( 66:6A6}E6O6e6r6t6?}67777!7i7hl7o7u7}78q8888a880)888`\8b8o9 99v"9"9*9?9LH9vP9[9r9= : ::':-:@:LR:V:![:_:ya:~:!; ';5;I;O;f;Xo;s;?x;< << <_%<)<,1<R<U<Bf<Bl<l<=0)=P1=E=K=O=A?>E>O>)>4?!?z??D?RE?R?R?d[?^?nf?_n?Dv?|?? @r@?@!@s'@(@"6@r]@`h@}@~@~@AAAOAAZAhA3pAwA}!B!B5BSUBX[BoBqBuBY|BCC C/+CXC`C}CUD%D(D2D8VDYDZD*fDoDKxDE*E1E4Ez;EVE\EF^!F#(F-Fc/FAFPqFrFq{FA|FGrGh+GdMGqG?GVH;$H6H>HIFHSHZHnHH III}I2IgHIMIXIBhIiImI wI}Iy#J30J5JAJ9SJXJyYJ]JVkJ=yJ~J(J"Kl&K-K:1K AKBJKLKPKRKUK^K1fKmKwKyK}K LL~6LILqL M/M1M4M7MHMLM,QMKSM0aMeM(nM3|M}MMRN-N(NX*N;NYNz]N*|NOgO(O'OuQ|TQubQDhQhQ(tQuQzQvR0RR:RRIR[R9sRuR}RSSS SN+SW,S?STSdSfS`jSvS6TqTrTTh TuTT3(TtJTNTYT_T'mTpTyTUU%U'U7UMUmSU]U:`U VVVVK#V$V/V|9VXVYV'`VfV9gVUhVwV^WkWpWrWWO,W3W45WEWQWPrW~W4Xg"X:X+kl6mlolUslulbmKm3m6m>mLmmfm0omnnY n!n"n9nJnoangncwnzzn~n5o)o/o/o2o@oYo bopp%p?pLpjpupq5 q? q@qqRq#q%q/q71qS3q 9q\:qP;qK=quFqGqeWq\q\tqr(r6yKy0nyy\z zzz!z.zAzKBzIzZzyzS{R*{5{B{CD{5N{T{t{<{{}{| ||]|6|,|V1|+4|7|uH|J|X|GY| } }}'}(}J-}58}|O}Y}a}f}7o} ~3~9~>~"?~A~\[~]^~6j~u~w 9 ~4ecDD07=JwyV7,++.2C46:L-fmp~ |$*5,1:;[fa|4~,O\vey,DZeQ $%*NI^klntDhG9ntz 5=(?B,RXru{@C H_c`zQ1:461NxQZl[bcny|@25;KOS.h| *0`88bJJYZ~0 0%)*2UVhl} $,?)NrWg7'~6O7>XAx\dHhhov %182MCGumyd/>V$*~/85CCHQ^^kltDxy} 8 9JOGeXhbIWaZa~|0 P J,A%'l-;c? KK2Z\[q|> ;1P[bcn~)j !$u9CG6LhMYlms8203+9?oP_l %!2-2AQ^x0(uBFE!TBcizzM+2@EMM]!u|B^K 1(77OMPZU\Zz{R  $M4'fyJ$(lV+6%\Efrr|}_*a-:QR` o!!!v%,JhKO$RTp]wi7 -<1?PS`mm(pv9)*9@KOTnl N .1>Y?V^FgKw>#'o:<UlzL!2 )SU^m nPoos|S +H0;EH!MNvUzmoK;MoVs +7<Rando*A#'35AKTTUagh:nrw nB59kOPWJg3o)ww= 7&W* //g6^>K?LR WYwy&@(,=eB:FP_:|  "1F^^z P?ENR_TYa>mrt|('4J0-/4,5@^W_q}s]{ "%6:N\ gbkpL},P.L0 ?T?VYZR`jtguZ y g&)*f--+5L?BE_erlCyQ} $/EZnxz(}j$m-mDFFOQ^` cqyv !,;/.35Q:&@dU]dAvHv&|~~<$,'58/;<N\_b#cf9zz~M]Xbc|gpqDuPw;3p3GuIQYg}~')".0QZVbr#x{<)<sCzKXOYeks| #/!G./Z@&HI NNye 9,2ASf\_g,n(vFS $(!0V$X~hwrxx~ lw}$$@Vew E!Y$ %(K*+4DOE4XX^ch"nmnC&.8%AX_`j 9bPQ,T]T %u.>G=IKQ^^q|C"8&),7=AV_akovx| I,.69:v[_ i|p!m =?2eg+46F}b+DBG[[ O"$&9=CT#[e3k5 3"#6,:CIVXk$J5\]hIje!L%&j<t=KK]Calms`P=O_muA1JKTBUa jg$ N=YZ\)]e 1 8~!F\f8hpr| $$'/9>CFFM T_IfT7[[Weiops?u !<|$9I/Kug5@-:@I_rMU7`LxU'V(XY^je%O0 1?#AyEwK fuvz"8C<J './2D1Ldi,jy ,j{')N,5K.T\itz[3@< P*8JZc D!LWrw &\'*g8<Q_b`h{v->&?BYdhuw*x{( x y}"#I$')&*.|AIJ"OHW+m'no?w:KNDSYZ-[[aekvm t2!!(02Hrddu="m)2E5F K Meih}(29gHQac@JJJJ@Unknown G*Ax Times New Roman5Symbol3. *Cx Arial7.@Calibri7@Cambria5. .[`)TahomaG=  jMS Mincho-3 fg?= *Cx Courier New;WingdingsA$BCambria Math"1h#;GVJHG8KZtEZtEq4 3qHP !]Gp  xx IBM TSS Ken Goldman Ken Goldmand         /         Oh+'0x  ( 4 @ LX`hpIBM TSS Ken Goldman Normal.dotm Ken Goldman193Microsoft Office Word@P9 @O@f#@rZt՜.+,D՜.+,@ hp  IBM CorporationE IBM TSS Title 8@ _PID_HLINKSADz#r<https://sourceforge.net/projects/ibmtpm20tss/?source=navbarWhttp://www.mingw.org/B.http://gnuwin32.sourceforge.net/packages.htmlw:/http://slproweb.com/products/Win32OpenSSL.html &https://ekop.intel.com/ekcertservice/Uhttp://upgrades.intel.com/content/CRL/ekcert/SPTHEPIDPROD_EK_Platform_Public_Key.cer=.Khttps://www.infineon.com/cms/en/product/promopages/optiga_tpm_certificates}Nhttps://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root CA 1110.cerzNhttps://www.nuvoton.com/security/NTC-TPM-EK-Cert/Nuvoton TPM Root CA 2110.cer +w?https://sourceforge.net/projects/ibmswtpm/files/?source=navbar7:_Toc48573653174_Toc4857365307._Toc4857365297(_Toc4857365287"_Toc4857365277_Toc4857365267_Toc4857365257_Toc4857365247 _Toc4857365237_Toc4857365227_Toc4857365217_Toc4857365207_Toc4857365197_Toc4857365187_Toc4857365177_Toc4857365167_Toc4857365157_Toc4857365147_Toc4857365137_Toc4857365127_Toc4857365117_Toc4857365107_Toc4857365097_Toc4857365087_Toc4857365077_Toc4857365067_Toc4857365057_Toc4857365047_Toc4857365037_Toc4857365027_Toc4857365017_Toc4857365006z_Toc4857364996t_Toc4857364986n_Toc4857364976h_Toc4857364966b_Toc4857364956\_Toc4857364946V_Toc4857364936P_Toc4857364926J_Toc4857364916D_Toc4857364906>_Toc48573648968_Toc48573648862_Toc4857364876,_Toc4857364866&_Toc4857364856 _Toc4857364846_Toc4857364836_Toc4857364826_Toc4857364816_Toc4857364806_Toc485736479  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      !"#$%&'()*+,-./012345789:;<=?@ABCDEFGHIJOPSRoot Entry F#ARData S1TableWordDocument 8@SummaryInformation(6DocumentSummaryInformation8>MsoDataStore@u6@RKMAIG0DA==2@u6@Item  PropertiesUCompObj r   F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q./demo/0000751000175000017500000000000013133212575010105 5ustar lo1lo1./demo/keycreate.php0000755000175000017500000002135013036201205012570 0ustar lo1lo1 TSS 2.0 Demo Key Creation <?php echo gethostname(); ?>
"; $retval = 1; } if (strlen($keytype) == 0) { echo "Key Type must be specified
"; $retval = 1; } if ($keytype == "bl") { if (strlen($msg) == 0) { echo "Message must be specified for sealed data blob
"; $retval = 1; } } if ($keytype != "bl") { if (strlen($msg) != 0) { echo "Message must not be specified unless sealed data blob
"; $retval = 1; } } if (strlen($hp) == 0) { echo "Parent handle must be specified
"; $retval = 1; } } if ($retval == 0) { if (isset($cl)) { $commandStr = "/var/www/html/tpm2/createloaded"; } else { $commandStr = "/var/www/html/tpm2/create"; } // parent handle $commandStr .= " -hp " . $hp; // key attributes if (isset($fixedtpm)) { $commandStr .= " -kt f"; } if (isset($fixedparent)) { $commandStr .= " -kt p"; } if (isset($da)) { $commandStr .= " -da"; } // key type $commandStr .= " -" . $keytype; // parent password if (strlen($pwdpc) != 0) { $commandStr .= " -pwdp " . $pwdpc; } // key password if (strlen($pwdk) != 0) { $commandStr .= " -pwdk " . $pwdk; } // key label -> output file name $commandStr .= " -opu " . $label . "pub.key"; $commandStr .= " -opr " . $label . "priv.key"; $commandStr .= " -nalg $halg"; $commandStr .= " -halg $halg"; // sealed data blob has message to seal and policypcr if ($keytype == "bl") { $commandStr .= " -if message.tmp"; $commandStr .= " -pol policies/policypcr16aaa" . $halg . ".bin"; } } if ($retval == 0) { if ($keytype == "bl") { $rc = file_put_contents ('message.tmp', $msg); if (!$rc) { echo "could not write message to message.tmp
"; $retval = 1; } } } if ($retval == 0) { //echo "Command string: $commandStr.
"; $retval = 0; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { ; } else { echo "$commandStr
"; for ($i = 0 ; $i < count($output) ; $i++) { echo "$output[$i]
"; } } } @unlink ('message.tmp'); } elseif ($command == 'Create Primary') { $commandStr = "/var/www/html/tpm2/createprimary"; // hierarchy if (strlen($hi) != 0) { $commandStr .= " -hi " . $hi; } // hierarchy password if (strlen($pwdph) != 0) { $commandStr .= " -pwdp " . $pwdph; } // key password if (strlen($pwdk)!= 0) { $commandStr .= " -pwdk " . $pwdk; } //echo "Command string: $commandStr
"; $retval = 0; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { echo $output[0] . "
"; } else { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo "$output[$i]
"; } } } else { echo ("Invalid command $command"); } } ?>

Common Parameters

Key Password (optional)

Create Primary

>Platform >Owner >Endorsement >Null
Hierarchy Password

Create

Parent Handle ">
Parent Password
Key Label
Key Attributes
>Fixed TPM
>Fixed Parent
>DA Protection
>Create Loaded
Key Type
>Storage
>Signing
>Restricted Signing
>Keyed Hash (HMAC)
>RSA Decryption, NULL scheme
>RSA Decryption, OAEP scheme
>AES Encrypt/Decrypt
>Data Blob for Unseal --- Message to Seal
>RSA General Purpose

./demo/nvram.php0000755000175000017500000002056713033767473011775 0ustar lo1lo1 TSS 2.0 Demo NV Indexes <?php echo gethostname(); ?>
"; $command = $_POST['command']; $ha = $_POST['ha']; $pwdpd = $_POST['pwdpd']; $pwdpu = $_POST['pwdpu']; $pwdn = $_POST['pwdn']; $hid = $_POST['hid']; $hiu = $_POST['hiu']; $ty = $_POST['ty']; $wd = $_POST['wd']; $szd = $_POST['szd']; $szr = $_POST['szr']; $ic = $_POST['ic']; $retval == 0; // parameter checks if ($retval == 0) { if (strlen($ha) == 0) { echo "NV Index handle must be specified
"; $retval = 1; } if ($command == 'NV Define Space') { if (strlen($ty) == 0) { echo "NV Define Space type must be specified
"; $retval = 1; } if (strlen($hid) == 0) { echo "NV Define Space hierarchy must be specified
"; $retval = 1; } } if ($command == 'NV Undefine Space') { if (strlen($hiu) == 0) { echo "NV Define Space hierarchy must be specified
"; $retval = 1; } } } // construct the command if ($retval == 0) { switch ($command) { case 'NV Define Space': $commandStr = "/var/www/html/tpm2/nvdefinespace"; $commandStr .= " -ha " . $ha; if (strlen($pwdn) != 0) { $commandStr .= " -pwdn " . $pwdn; } $commandStr .= " -ty " . $ty; if (strlen($wd) != 0) { $commandStr .= " +at wd"; } $commandStr .= " -hi " . $hid; if (strlen($pwdpd) != 0) { $commandStr .= " -pwdp " . $pwdpd; } if (strlen($szd) != 0) { $commandStr .= " -sz " . $szd; } break; case 'NV Undefine Space': $commandStr = "/var/www/html/tpm2/nvundefinespace"; $commandStr .= " -ha " . $ha; $commandStr .= " -hi " . $hiu; if (strlen($pwdpu) != 0) { $commandStr .= " -pwdp " . $pwdpu; } break; case 'NV Write': $commandStr = "/var/www/html/tpm2/nvwrite"; $commandStr .= " -ha " . $ha; if (strlen($pwdn) != 0) { $commandStr .= " -pwdn " . $pwdn; } if (strlen($ic) != 0) { $commandStr .= " -ic " . $ic; } break; case 'NV Write Lock': $commandStr = "/var/www/html/tpm2/nvwritelock"; $commandStr .= " -ha " . $ha; if (strlen($pwdn) != 0) { $commandStr .= " -pwdn " . $pwdn; } break; case 'NV Read': $commandStr = "/var/www/html/tpm2/nvread"; $commandStr .= " -ha " . $ha; if (strlen($pwdn) != 0) { $commandStr .= " -pwdn " . $pwdn; } if (strlen($szr) != 0) { $commandStr .= " -sz " . $szr; } break; case 'NV Increment': $commandStr = "/var/www/html/tpm2/nvincrement"; $commandStr .= " -ha " . $ha; if (strlen($pwdn) != 0) { $commandStr .= " -pwdn " . $pwdn; } break; default: echo ("Invalid command $command"); $retval = 1; break; } } // run the command if ($retval == 0) { //echo 'Command string: ' . $commandStr . "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { if ($command == 'NV Define Space') { exec ("/var/www/html/tpm2/nvreadpublic -ha " . $ha); } else if ($command == 'NV Read') { echo "NV Read data (hex ascii):
\n"; echo ""; for ($l = 1 ; $l < count($output) ; $l++) { echo $output[$l] . "
"; } echo ""; // convert back to ascii echo "NV Read data (ascii):
\n"; for ($l = 1 ; $l < count($output) ; $l++) { $chars = str_split ($output[$l], 3); for ($i = 0 ; $i < count($chars) ; $i++) { echo chr('0x' . trim($chars[$i])); } echo "
\n"; } } //echo "Success"; } else { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } } ?>

NV Index Parameters

Index Handle ">
Index Password

NV Define Space (Create Index)

Type >Ordinary >Counter >Bits >Extend
Attributes Write Define (Lockable)
Hierarchy >Platform >Owner
Hierarchy Password
Index Size ">

NV Undefine Space (Delete Index)

Hierarchy >Platform >Owner
Hierarchy Password

NV Write

Data

NV Write Lock

NV Read

Index Size ">

NV Increment

./demo/pcr.php0000755000175000017500000001075013033767473011427 0ustar lo1lo1 TSS 2.0 Demo PCRs <?php echo gethostname(); ?>
"; $retval = 1; } if ($command == 'PCR Extend') { if (strlen($ic) == 0) { echo "PCR Extend data must be specified
"; $retval = 1; } } } // construct the command if ($retval == 0) { switch ($command) { case 'PCR Extend': $commandStr = "/var/www/html/tpm2/pcrextend -halg $halg"; $commandStr .= " -ha " . $ha; $commandStr .= " -ic " . $ic; break; case 'PCR Reset': $commandStr = "/var/www/html/tpm2/pcrreset"; $commandStr .= " -ha " . $ha; break; default: echo ("Invalid command $command"); $retval = 1; break; } } // run the command if ($retval == 0) { //echo 'Command string: ' . $commandStr. "
"; $retval = 0; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { ; } else { echo "
" . $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } } echo "

PCRs

"; echo "\n"; for ($i = '0' ; $i < '24' ; $i++) { $commandStr = "/var/www/html/tpm2/pcrread -ha $i -halg $halg"; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); printf("PCR %02d: ", $i); if ($retval == 0) { echo $output[2] . $output[3] . "
\n"; } else { printf("pcrread returned: $retval
\n"); } } echo ""; ?>

PCR Extend and Reset

PCR Index ">
PCR Extend Data ">


./demo/handles.php0000755000175000017500000001314613033767473012263 0ustar lo1lo1 TSS 2.0 Demo Handles <?php echo gethostname(); ?>
\n"; //print_r($_POST); //echo "
\n"; // construct the flush command $handles = array_keys($_POST); foreach ($handles as $handle) { // echo "Handle: " . $handle . "
\n"; // echo "1 " . hexdec($handle) . "
\n"; // echo "1 " . (hexdec($handle) & 0xff000000) . "
\n"; switch (hexdec($handle) & 0xff000000) { // NV index case 0x01000000: $commandStr = "/var/www/html/tpm2/nvundefinespace -hi o -ha " . $handle; break; // loaded sessions, saved sessions, transient objects case 0x02000000: case 0x03000000: case 0x80000000: $commandStr = "/var/www/html/tpm2/flushcontext -ha " . $handle; break; case 0x81000000: $commandStr = "/var/www/html/tpm2/evictcontrol -hi p -ho " . $handle . " -hp " . $handle; break; default: echo "Unknown handle type: " . $handle . "
\n"; continue 2; } // run the command //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { ; } else { // get the TSS error code $value = $output[0]; $values = explode (" ", trim($value)); //echo "TPM rc: " . $values[3] . "
\n"; // do not print the missing file error, because demo may be in different data directory if (strcmp($values[3], "000b0016") != 0) { echo 'Error executing ' . $commandStr . '
'; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . '
'; } } } } } echo "

NV Indexes

\n"; unset($output); exec ('/var/www/html/tpm2/getcapability -cap 1 -pr 01000000', $output, $retval); sscanf($output[0], '%d', $count); for ($i = 0 ; $i < $count ; $i++) { printf("", trim($output[1 + $i])); printf("%s
\n", trim($output[1 + $i])); } echo "

Loaded Sessions

\n"; unset($output); exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 02000000", $output, $retval); sscanf($output[0], "%d", $count); for ($i = 0 ; $i < $count ; $i++) { printf("", trim($output[1 + $i])); printf("%s
\n", trim($output[1 + $i])); } echo "

Saved Sessions

\n"; unset($output); exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 03000000", $output, $retval); sscanf($output[0], "%d", $count); for ($i = 0 ; $i < $count ; $i++) { printf("", trim($output[1 + $i])); printf("%s
\n", trim($output[1 + $i])); } echo "

Transient Objects

\n"; unset($output); exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 80000000", $output, $retval); sscanf($output[0], "%d", $count); for ($i = 0 ; $i < $count ; $i++) { printf("", trim($output[1 + $i])); printf("%s
\n", trim($output[1 + $i])); } echo "

Persistent Objects

\n"; unset($output); exec ("/var/www/html/tpm2/getcapability -cap 1 -pr 81000000", $output, $retval); sscanf($output[0], "%d", $count); for ($i = 0 ; $i < $count ;1 + $i++) { printf("", trim($output[1 + $i])); printf("%s
\n", trim($output[1 + $i])); } ?>
./demo/unseal.php0000755000175000017500000001631413033767473012134 0ustar lo1lo1 TSS 2.0 Demo Unseal <?php echo gethostname(); ?>
"; $command = $_POST['command']; // not used $hp = $_POST['hp']; $pwdp = $_POST['pwdp']; $label = $_POST['label']; $retval == 0; // parameter checks if ($retval == 0) { if (strlen($hp) == 0) { echo "Parent handle must be specified
"; $retval = 1; } if (strlen($label) == 0) { echo "Sealed data label must be specified
"; $retval = 1; } } // load the sealed data blob if ($retval == 0) { $commandStr = "/var/www/html/tpm2/load"; $commandStr .= " -hp " . $hp; $commandStr .= " -ipu " . $label . "pub.key"; $commandStr .= " -ipr " . $label . "priv.key"; if (strlen($pwdp) != 0) { $commandStr .= " -pwdp " . $pwdp; } //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } // get the handle from the response if ($retval == 0) { //print_r($output); $values = explode (" ", $output[0]); $blobhandle = $values[1]; echo "Loaded handle: " . $blobhandle . "
"; } // start policy session if ($retval == 0) { $commandStr = "/var/www/html/tpm2/startauthsession -se p -halg $halg"; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } if ($retval == 0) { //print_r($output); $values = explode (" ", $output[0]); $sessionhandle = $values[1]; echo "Policy Session handle: " . $sessionhandle . "
"; } // policypcr, select PCR 16 if ($retval == 0) { $commandStr = "/var/www/html/tpm2/policypcr -halg $halg -bm 10000"; $commandStr .= " -ha " . $sessionhandle; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } // unseal to message file if ($retval == 0) { $commandStr = "/var/www/html/tpm2/unseal"; $commandStr .= " -ha " . $blobhandle; $commandStr .= " -of message.tmp"; $commandStr .= " -se0 " . $sessionhandle . " 1"; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } // display the message if ($retval == 0) { $message = file_get_contents('message.tmp'); echo "Unsealed message: " . $message . "
"; } // flush session if (strlen($sessionhandle) != 0) { $commandStr = "/var/www/html/tpm2/flushcontext"; $commandStr .= " -ha " . $sessionhandle; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } // flush sealed data blob if (strlen($blobhandle) != 0) { $commandStr = "/var/www/html/tpm2/flushcontext"; $commandStr .= " -ha " . $blobhandle; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } unlink ('message.tmp'); } ?>

Unseal

(For the IBM TSS demo, the Unseal policy is hard coded to PCR 16 with a SHA-256 value c2 11 97 64 ... or SHA-1 value 1d 47 f6 8a ... . Set this value by extending PCR 16 with PCR Extend Data aaa.)

Parent Handle ">
Parent Password
Sealed Data Label
./demo/makefile0000644000175000017500000000442112770505626011622 0ustar lo1lo1# # # TPM2 with SHA-256 and sockets demo makefile # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile 750 2016-09-21 13:31:02Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # TSS for sockets, hash algorithm SHA-256 DEST=/var/www/html/tpm2 SRCUTILS=../utils include makefile-common $(DEST)/halg.inc: FORCE cp halgsha256.inc $(DEST)/halg.inc chmod 777 $(DEST)/halg.inc $(DEST)/nav.html: FORCE cp nav.html $(DEST)/nav.html chmod 777 $(DEST)/nav.html FORCE: ./demo/halgsha256.inc0000644000175000017500000000013312644021500012435 0ustar lo1lo1 ./demo/nv.php0000755000175000017500000001400413033767473011262 0ustar lo1lo1 TSS 2.0 Demo NV Properties <?php echo gethostname(); ?>
Handle: %s", $handle); unset($output); exec ("/var/www/html/tpm2/nvreadpublic -ha $handle", $output, $retval); if ($retval == 0) { //print_r($output); // first line is name algorithm $exp = explode(" ", $output[0]); switch ($exp[3]) { case '000b': printf("Name Algorithm: SHA-256\n
"); break; case '0004': printf("Name Algorithm: SHA-1\n
"); break; default: printf("Name Algorithm: %04x unknown\n
", $exp[3]); } // second line is size $exp = explode(" ", $output[1]); printf("Data size: %u\n
", $exp[3]); // third line are attributes $exp = explode(" ", $output[2]); $attr = hexdec($exp[2]); printf("Attributes: %08x\n
", $attr); switch ($attr & 0x000000f0) { case '0x00000000': printf("Type: Ordinary\n"); break; case '0x00000010': printf("Type: Counter\n"); break; case '0x00000020': printf("Type: Bits\n"); break; case '0x00000040': printf("Type: Extend\n"); break; case '0x00000080': printf("Type: Pin Fail\n"); break; case '0x00000090': printf("Type: Pin Pass\n"); break; default: printf("Type: %08x unknown\n", $attr); } echo "
\n"; if ($attr & 0x00000001) { // bit 0 printf("\tPlatform Authorization write
\n"); } if ($attr & 0x00000002) { printf("\tOwner Authorization write
\n"); } if ($attr & 0x00000004) { printf("\tIndex Authorization write
\n"); } if ($attr & 0x00000008) { printf("\tPolicy Authorization write
\n"); } if ($attr & 0x00000400) { printf("\tPolicy Authorization delete
\n"); } if ($attr & 0x00000800) { printf("\tWrite locked
\n"); } if ($attr & 0x00001000) { // bit 12 printf("\tWrite all
\n"); } if ($attr & 0x00002000) { printf("\tWrite lockable (write define)
\n"); } if ($attr & 0x00004000) { printf("\tWrite lockable until ST Clear
\n"); } if ($attr & 0x00008000) { printf("\tGlobal lockable
\n"); } if ($attr & 0x00010000) { // bit 16 printf("\tPlatform Authorization read
\n"); } if ($attr & 0x00020000) { printf("\tOwner Authorization read
\n"); } if ($attr & 0x00040000) { printf("\tIndex Authorization read
\n"); } if ($attr & 0x00080000) { printf("\tPolicy Authorization read
\n"); } if ($attr & 0x02000000) { // bit 25 printf("\tNo DA protection
\n"); } if ($attr & 0x04000000) { printf("\tOrderly (hybrid) index
\n"); } if ($attr & 0x08000000) { printf("\tWritten cleared on ST Clear
\n"); } if ($attr & 0x10000000) { // bit 28 printf("\tRead locked
\n"); } if ($attr & 0x20000000) { printf("\tWritten
\n"); } if ($attr & 0x40000000) { printf("\tPlatform created
\n"); } if ($attr & 0x80000000) { printf("\tRead lockable until ST Clear
\n"); } echo "\n
\n"; // search for policy for ($i = 0 ; $i < count($output) ; $i++) { $found = strpos($output[$i], "policy"); if ($found) { $exp = explode(" ", $output[$i]); echo "Policy length: " . $exp[4] . "\n
\n"; if ($exp[4] != 0) { echo "Policy:\n
"; echo "\n\n"; echo "\t" . $output[$i + 1] . "\n
\n"; echo "\t" . $output[$i + 2] . "\n
\n"; echo "\n"; } } } } else { echo $commandStr . "
\n"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
\n"; } } } ?>
./demo/demo.css0000644000175000017500000000074113033767473011564 0ustar lo1lo1/* $Id: demo.css 900 2017-01-06 19:25:47Z kgoldman $: */ #header { background-color:#1d6ab2; color:white; text-align:center; padding:5px; } #nav { line-height:30px; background-color:#eeeeee; height:400px; width:150px; float:left; padding:5px; } #section { width:850px; float:left; padding:10px; } #footer { background-color:#1d6ab2; color:white; clear:both; text-align:center; padding:5px; } ./demo/nav.html0000644000175000017500000000104613040470020011550 0ustar lo1lo1 ./demo/quote.php0000755000175000017500000001546713033767473012012 0ustar lo1lo1 TSS 2.0 Demo Quote <?php echo gethostname(); ?>
\n"; $command = $_POST['command']; $hp = $_POST['hp']; $hpcr = $_POST['hpcr']; $label= $_POST['label']; $quotename = $_POST['quotename']; $pwdk = $_POST['pwdk']; $retval == 0; // parameter checks if ($retval == 0) { if (strlen($hp) == 0) { echo "Parent handle must be specified
\n"; $retval = 1; } if (strlen($label) == 0) { echo "Label must be specified
\n"; $retval = 1; } if (strlen($quotename) == 0) { echo "Quote name must be specified
\n"; $retval = 1; } if (strlen($hpcr) == 0) { echo "PCR must be specified
\n"; $retval = 1; } else { if (($hpcr < 0) || ($hpcr > 23)) { echo "PCR must be between 0 and 23
\n"; $retval = 1; } } } // load the key if ($retval == 0) { $commandStr = "/var/www/html/tpm2/load"; $commandStr .= " -hp " . $hp; $commandStr .= " -ipu " . $label . "pub.key"; $commandStr .= " -ipr " . $label . "priv.key"; if (strlen($pwdp) != 0) { $commandStr .= " -pwdp " . $pwdp; } //echo 'Command string: ' . $commandStr. "
\n"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
\n"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
\n"; } } } // get the handle from the response if ($retval == 0) { //print_r($output); $values = explode (" ", $output[0]); $hk = $values[1]; echo "Loaded quote signing key handle: " . $hk . "
\n"; } // construct the quote or verify command using the signing key if ($retval == 0) { switch ($command) { case 'Quote': $commandStr = "/var/www/html/tpm2/quote"; $commandStr .= " -hk " . $hk; $commandStr .= " -halg " . $halg; $commandStr .= " -hp " . $hpcr; $commandStr .= " -os " . $quotename . ".sig"; $commandStr .= " -oa " . $quotename . ".att"; if (strlen($pwdk) != 0) { $commandStr .= " -pwdk " . $pwdk; } break; case 'Verify Quote': $commandStr = "/var/www/html/tpm2/verifysignature"; $commandStr .= " -hk " . $hk; $commandStr .= " -halg " . $halg; $commandStr .= " -is " . $quotename . ".sig"; $commandStr .= " -if " . $quotename . ".att"; break; default: echo ("Invalid command $command
\n"); $retval = 1; break; } } // run the quote or verify command if ($retval == 0) { //echo 'Command string: ' . $commandStr. "
\n"; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { if ($command == 'Quote') { // after a successful quote, display the PCR value quoted */ $commandStr = "/var/www/html/tpm2/pcrread -ha $hpcr -halg $halg"; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); printf("Quoted PCR %02d: ", $hpcr); if ($retval == 0) { echo $output[2] . $output[3] . '
'; } else { printf("pcrread returned: $retval
"); } } else if ($command == 'Verify Quote') { echo "Success
\n"; } } else { echo $commandStr . "
\n"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
\n"; } } } // flush if (strlen($hk) != 0) { $commandStr = "/var/www/html/tpm2/flushcontext"; $commandStr .= " -ha " . $hk; //echo 'Command string: ' . $commandStr. "
\n"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
\n"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
\n"; } } } } ?>

Parameters

Parent Handle ">
Key Label
Quote Name

Quote

Key Password
PCR

Verify

./demo/makefilesha10000644000175000017500000000426112770505626012401 0ustar lo1lo1# # # TPM2 with SHA-1 and sockets demo makefile # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefilesha1 750 2016-09-21 13:31:02Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # TSS for sockets, hash algorithm SHA-1 DEST=/var/www/html/tpm2 SRCUTILS=../utils include makefile-common $(DEST)/halg.inc: FORCE cp halgsha1.inc $(DEST)/halg.inc chmod 777 $(DEST)/halg.inc $(DEST)/nav.html: FORCE cp nav.html $(DEST)/nav.html chmod 777 $(DEST)/nav.html FORCE: ./demo/ibm.png0000644000175000017500000000357213033767473011410 0ustar lo1lo1PNG  IHDRcӱ;rPLTEj_fh dmDa]U)p؋n<{|Ζ*pPu`ƴ⟼pIDATxb0$*j^h]rv0'wEk`Ls5x>ʞ{xa,˸|56~ &jM6yK[!$z'xu-O8%:}>+Y>\jscWG k XUc)a5UUDj^ه౟X[@ޖTi|&=Q W/m_Js74V:ms',5q)_?.1Ώbxzɉg w ٘ڵSr;ݣΌ"5&kcaYj<nrӗN=uzxleN sg6Z4FJ%#$Y)_+ݐok*-M#y{ݜ\{T^G CHxp9XU[WڳbU[: yeXʽ+_d|{ty|pn[go/-%*̶F%c5fF6+yoG&JksK\ xPx̤NRˤ }>O2q zm݈ђ/q^ڜ. cNHVNP _f'#zis}7M0K UKIENDB`./demo/navdev.html0000644000175000017500000000104613040470020012247 0ustar lo1lo1 ./demo/makefilesha1_dev0000644000175000017500000000443312770266635013244 0ustar lo1lo1# # # TPM2 with SHA-1 and /dev/tpm0 demo makefile # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefilesha1_dev 749 2016-09-20 17:10:53Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # TSS for /dev/tpm0, hash algorithm SHA-1 DEST=/var/www/html/tpm2 SRCUTILS=../utils include makefile-common $(DEST)/halg.inc: FORCE cp halgsha1.inc $(DEST)/halg.inc chmod 777 $(DEST)/halg.inc $(DEST)/nav.html: FORCE cp navdev.html $(DEST)/nav.html chmod 777 $(DEST)/nav.html FORCE: ./demo/makefile-common0000644000175000017500000001665313033767473013125 0ustar lo1lo1# # # TPM2 demo common makefile # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile-common 900 2017-01-06 19:25:47Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# $(DEST)/%.php: %.php cp $< $@ chmod a+r $@ $(DEST)/%.html: %.html cp $< $@ chmod a+r $@ $(DEST)/%.css: %.css cp $< $@ chmod a+r $@ $(DEST)/%.png: %.png cp $< $@ chmod a+r $@ all: \ $(DEST)/nav.html \ $(DEST)/footer.html \ $(DEST)/index.php \ $(DEST)/admin.php \ $(DEST)/nvram.php \ $(DEST)/pcr.php \ $(DEST)/handles.php \ $(DEST)/nv.php \ $(DEST)/keycreate.php \ $(DEST)/nvram.php \ $(DEST)/sign.php \ $(DEST)/unseal.php \ $(DEST)/quote.php \ \ $(DEST)/halg.inc \ $(DEST)/demo.css \ $(DEST)/block.png \ $(DEST)/ibm.png \ \ $(DEST)/policies/policypcr16aaasha256.bin \ $(DEST)/policies/policypcr16aaasha1.bin \ \ $(DEST)/libtss.so \ \ $(DEST)/clockset \ $(DEST)/create \ $(DEST)/createloaded \ $(DEST)/createprimary \ $(DEST)/evictcontrol \ $(DEST)/flushcontext \ $(DEST)/getcapability \ $(DEST)/getrandom \ $(DEST)/hierarchychangeauth \ $(DEST)/hierarchycontrol \ $(DEST)/load \ $(DEST)/nvreadpublic \ $(DEST)/nvdefinespace \ $(DEST)/nvundefinespace \ $(DEST)/nvwrite \ $(DEST)/nvwritelock \ $(DEST)/nvread \ $(DEST)/nvincrement \ $(DEST)/pcrextend \ $(DEST)/pcrread \ $(DEST)/pcrreset \ $(DEST)/policypcr \ $(DEST)/quote \ $(DEST)/readclock \ $(DEST)/sign \ $(DEST)/startauthsession \ $(DEST)/verifysignature \ $(DEST)/unseal $(DEST)/policies/policypcr16aaasha256.bin: $(SRCUTILS)/policies/policypcr16aaasha256.bin mkdir -p $(DEST)/policies cp $(SRCUTILS)/policies/policypcr16aaasha256.bin $(DEST)/policies/policypcr16aaasha256.bin chmod a+r $(DEST)/policies/policypcr16aaasha256.bin $(DEST)/policies/policypcr16aaasha1.bin: $(SRCUTILS)/policies/policypcr16aaasha1.bin mkdir -p $(DEST)/policies cp $(SRCUTILS)/policies/policypcr16aaasha1.bin $(DEST)/policies/policypcr16aaasha1.bin chmod a+r $(DEST)/policies/policypcr16aaasha1.bin $(DEST)/libtss.so: $(SRCUTILS)/libtss.so cp $(SRCUTILS)/libtss.so $(DEST)/libtss.so chmod 777 $(DEST)/libtss.so $(DEST)/pcrread: $(SRCUTILS)/pcrread cp $(SRCUTILS)/pcrread $(DEST)/pcrread chmod 777 $(DEST)/pcrread $(DEST)/readclock: $(SRCUTILS)/readclock cp $(SRCUTILS)/readclock $(DEST)/readclock chmod 777 $(DEST)/readclock $(DEST)/clockset: $(SRCUTILS)/clockset cp $(SRCUTILS)/clockset $(DEST)/clockset chmod 777 $(DEST)/clockset $(DEST)/getcapability: $(SRCUTILS)/getcapability cp $(SRCUTILS)/getcapability $(DEST)/getcapability chmod 777 $(DEST)/getcapability $(DEST)/getrandom: $(SRCUTILS)/getrandom cp $(SRCUTILS)/getrandom $(DEST)/getrandom chmod 777 $(DEST)/getrandom $(DEST)/nvreadpublic: $(SRCUTILS)/nvreadpublic cp $(SRCUTILS)/nvreadpublic $(DEST)/nvreadpublic chmod 777 $(DEST)/nvreadpublic $(DEST)/create: $(SRCUTILS)/create cp $(SRCUTILS)/create $(DEST)/create chmod 777 $(DEST)/create $(DEST)/createloaded: $(SRCUTILS)/createloaded cp $(SRCUTILS)/createloaded $(DEST)/createloaded chmod 777 $(DEST)/createloaded $(DEST)/createprimary: $(SRCUTILS)/createprimary cp $(SRCUTILS)/createprimary $(DEST)/createprimary chmod 777 $(DEST)/createprimary $(DEST)/nvdefinespace: $(SRCUTILS)/nvdefinespace cp $(SRCUTILS)/nvdefinespace $(DEST)/nvdefinespace chmod 777 $(DEST)/nvdefinespace $(DEST)/nvundefinespace: $(SRCUTILS)/nvundefinespace cp $(SRCUTILS)/nvundefinespace $(DEST)/nvundefinespace chmod 777 $(DEST)/nvundefinespace $(DEST)/nvwrite: $(SRCUTILS)/nvwrite cp $(SRCUTILS)/nvwrite $(DEST)/nvwrite chmod 777 $(DEST)/nvwrite $(DEST)/nvwritelock: $(SRCUTILS)/nvwritelock cp $(SRCUTILS)/nvwritelock $(DEST)/nvwritelock chmod 777 $(DEST)/nvwritelock $(DEST)/nvread: $(SRCUTILS)/nvread cp $(SRCUTILS)/nvread $(DEST)/nvread chmod 777 $(DEST)/nvread $(DEST)/nvincrement: $(SRCUTILS)/nvincrement cp $(SRCUTILS)/nvincrement $(DEST)/nvincrement chmod 777 $(DEST)/nvincrement $(DEST)/sign: $(SRCUTILS)/sign cp $(SRCUTILS)/sign $(DEST)/sign chmod 777 $(DEST)/sign $(DEST)/verifysignature: $(SRCUTILS)/verifysignature cp $(SRCUTILS)/verifysignature $(DEST)/verifysignature chmod 777 $(DEST)/verifysignature $(DEST)/hierarchychangeauth: $(SRCUTILS)/hierarchychangeauth cp $(SRCUTILS)/hierarchychangeauth $(DEST)/hierarchychangeauth chmod 777 $(DEST)/hierarchychangeauth $(DEST)/hierarchycontrol: $(SRCUTILS)/hierarchycontrol cp $(SRCUTILS)/hierarchycontrol $(DEST)/hierarchycontrol chmod 777 $(DEST)/hierarchycontrol $(DEST)/pcrextend: $(SRCUTILS)/pcrextend cp $(SRCUTILS)/pcrextend $(DEST)/pcrextend chmod 777 $(DEST)/pcrextend $(DEST)/pcrreset: $(SRCUTILS)/pcrreset cp $(SRCUTILS)/pcrreset $(DEST)/pcrreset chmod 777 $(DEST)/pcrreset $(DEST)/load: $(SRCUTILS)/load cp $(SRCUTILS)/load $(DEST)/load chmod 777 $(DEST)/load $(DEST)/startauthsession: $(SRCUTILS)/startauthsession cp $(SRCUTILS)/startauthsession $(DEST)/startauthsession chmod 777 $(DEST)/startauthsession $(DEST)/unseal: $(SRCUTILS)/unseal cp $(SRCUTILS)/unseal $(DEST)/unseal chmod 777 $(DEST)/unseal $(DEST)/policypcr: $(SRCUTILS)/policypcr cp $(SRCUTILS)/policypcr $(DEST)/policypcr chmod 777 $(DEST)/policypcr $(DEST)/flushcontext: $(SRCUTILS)/flushcontext cp $(SRCUTILS)/flushcontext $(DEST)/flushcontext chmod 777 $(DEST)/flushcontext $(DEST)/quote: $(SRCUTILS)/quote cp $(SRCUTILS)/quote $(DEST)/quote chmod 777 $(DEST)/quote $(DEST)/evictcontrol: $(SRCUTILS)/evictcontrol cp $(SRCUTILS)/evictcontrol $(DEST)/evictcontrol chmod 777 $(DEST)/evictcontrol ./demo/.cvsignore0000644000175000017500000000000612770266635012121 0ustar lo1lo1*.bin ./demo/index.php0000755000175000017500000000501113033767473011744 0ustar lo1lo1 TSS 2.0 Demo <?php echo gethostname(); ?>

Demo Block Diagram

All software is running on the server side. There are no remote procedure calls. The client side uses only the browser.

Block Diagram

./demo/makefile_dev0000644000175000017500000000443412770266635012470 0ustar lo1lo1# # # TPM2 with SHA-256 and /dev/tpm0 demo makefile # # Written by Ken Goldman # # IBM Thomas J. Watson Research Center # # $Id: makefile_dev 749 2016-09-20 17:10:53Z kgoldman $ # # # # (c) Copyright IBM Corporation 2016 # # # # All rights reserved. # # # # Redistribution and use in source and binary forms, with or without # # modification, are permitted provided that the following conditions are # # met: # # # # Redistributions of source code must retain the above copyright notice, # # this list of conditions and the following disclaimer. # # # # Redistributions in binary form must reproduce the above copyright # # notice, this list of conditions and the following disclaimer in the # # documentation and/or other materials provided with the distribution. # # # # Neither the names of the IBM Corporation nor the names of its # # contributors may be used to endorse or promote products derived from # # this software without specific prior written permission. # # # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR # # A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # # HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, # # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY # # THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE # # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # ################################################################################# # TSS for /dev/tpm0, hash algorithm SHA-256 DEST=/var/www/html/tpm2 SRCUTILS=../utils include makefile-common $(DEST)/halg.inc: FORCE cp halgsha256.inc $(DEST)/halg.inc chmod 777 $(DEST)/halg.inc $(DEST)/nav.html: FORCE cp navdev.html $(DEST)/nav.html chmod 777 $(DEST)/nav.html FORCE: ./demo/block.png0000644000175000017500000002027012770266635011726 0ustar lo1lo1PNG  IHDRhsRGB@}PLTE  7/' ?#4.E888 000(((-0^),W&(O"$G#:VbHHHPPP@@@GK@CKOCGOSZ_RWV[QqKlYx^chhhpppxxx```ioagekxpwt{msoƧȴL pHYs+tEXtSoftwareMicrosoft Office5qIDATx {#a჋Tv \Xi@(n"ڑG:`fؕ}'ȃ@A ORk ^ `IKXX$%,, `IKXX$%,, `IKXX$%,, `IKXX$%,, `IKXX$%,, `IKXX$%,, `IKX߼K}FJЋg%'`` 0` 0`0 `0,`0 ``/ ` 0,` 0 `` 0`X 0`0 0`0 `[ xB ` BTiv!9e I݋ճHvE{qm{ {> aP2LQ[\P~XyY$ PyY^wIn;QgsWqur>*۹ah=(]ޱ$*lVE;[)A$Ө;~&ٟHK pI}ym'۩v pޑ<$p{1BYvN9۰O zr268d> 8ίa ܸ,d[{5wt|bG;7'K pkX.qoX%zA~xwҁ}e[!S?xpw0-|B0J!NFyc=}n9ryAq8ʵ\4.^x2s;uuzC|[l<< \`xYuu[e?hYRX`w߽?+y|=#3ЃbVw~wNtrRż|.3Mt-.35|7DzCJv. 08Vg?nHX4Ҡ؁4dnN{~T.{UjW.U_ 0fqoFjW;L/(Nir.GdѸIq\?L5}6˧oh>( -㫽K O 0/U?ɟ0aUt ul@ 0o,:}_6V0 0`0,`0 `` 0 `X 0 ` 0^` 0`X 0` 0`0 `0`lVB߾/[!JG7 X ` X ` X ` X `,X `,X `,X `,X `,0X `,0X `,0X `,0X `,X `,X `,X `, `,ϿzWrV>1W! Z/B6o!|jU'nZ!|?ٶVz> {/j]^ վ~,KZwoE}ZW /uU{yJVz^}i%=+!? \/ 0 ` `,`0,` 0,X 0 `X ` `0 ` 0,` 0`` 0Tӳ{ͺ=5P?0*gB\}2>? Bqd {Ym, zՠr>*(:g;'ɻ!َ?pNCTZ`xB7Ȭ,>dsh66f^q@ǵ;6uhCWZ`[ xNsIX,u(i$A2Z & *] pw[ %. jbtwvT iH,Wݭyr/d@cg=~qIX {TpuYs -$M–i[ 0OC8-ǖfuO5dzRX$#ya|0? 8Y6cXOd \{: 䯊+~zG`_pvi|n>!xw`k.yǀWf'o| ^qAU7BgGu';.̼?P-o~󌀧X]q^sGťXX'o8yLYgkq^)Q~6/Go!ggrp~v|'l32m`0-]ӸWeQ_vd:;?wV94mW~kQ\>z#nUwv˱(tS^z#ɣX{ ۭCJXa7w},x9J= p{3Cu6FSXwV07NT0t?x1}|8-O4\sсlxEy :Esa'Sm}ܩ62^݌]fv&T&b$;Y⚓io3mf潀w,s n&ۻξH<p2^&gk[x];Yog? Hb+]nTMm?1;I. =W}Iתw+ߊuל\ G̣;Nza7^-O {>b'wcDR4D-t,Nۧ~RM7pV~`o{8usi1N00:y e~dt~<9)΀7QZoEK7gQţE7q!7razm͞)V7Qt?]F }7qe罊''Ń̀s0 0`0,`0 `` 0 `X 0 ` 0`,`0,` 0,X 0 `X `X `0qf%0soBhZ hX `,X `,X `,X `,0X `,0X `,0X `,0X `,X `,X `,X `,X `, `, `7>GjS IVu_e!O]N.> ߼e&/_W^ ն~,{X뻵x)V3X- w^ʾJ~jg? w^Ҿ _yx7Zo`%uWWZի/}m_?$s\ 0,X 0`X ` `0 ` 0,` 0`X 0` 0`0 `0 ``0 `XExa)aw։ίnf!#Q7gm @-?aax 070~,cҡ:7I[[^q `8,Jᄐ1/jbrk4:I|L7҅6wOqa 9N';Lw 8al77^$rҨ:|-1OwTGwL~xУA S3+r, aY| ''n>`y_|~_9y;P>=\0m]uӽgs|<|_rk&3x/AQq=6Y姗\=zd`SG'?Ǖr鱣b,?;[=|8o\5.Gsձluz3ٖYWɞ4-NW Ӏ'#He}}N|Oo:oN,r1&|ZK7|ռ>rk koe'I?q-4? x]_\%N-Ǟ:i$>peCߝ'G;d|18mb۠ξ\`76$a^ŝdtc`Sz;Y1"0tٸ1ޛw]j_ 09r~0mwXb@/|TjW/`7qo.jd E: WO_j`C\-QW܏^n` 0,` 0 `` 0`X 0`0 0 0` 0`0 `0 ``0 `X 0 ` 0` ~{z٬}_|_ G[k ~k%CX `,0X `,0X `,0XmݫX ` X ` X ` X ` `,`,`,`}}kji? `gw_^˷y9V_r_;/jU_mCzV}N9^ղ~¯&j:d}cX}} _XrA6]+/jc?up `eX-W`/Jڽzmxe%k$s\ 0,X 0`X ` `0 ` 0,` 0`X 0` 0`0 `0 ``0 `X쀗7c)dtE׳b~8>;zhhƧ;g(jͯe\6t\g;JAyֳ O*J&nU2M&ǣ "[.J6~oBmNr/v^ɍ7 ՠ&1њm-\ C88η|5et%Ngzh fqyaaho%{vOi1tZ=Knooƍ`~ɾm1tIL2γ1au$:F 0%Ee؍?l/GN  0pQZ5^=yMo?ZoI|V~Ug/=߄pd9*k0?3E2u_f>{G' 0 8=t+.dxBg7$כ? 0j'~Cv^O 1~#͸(Jw-#'<_w4SL4珲G^NEgnT`q}8n^mFrs$6]]g,ǿ5 ?`X `0 ` 0,` 0 `` 0`X 0`0 `0,`0 `` 0 ` 0 ` ~z٬ 0e KKX$%%, `IKKX$%%, `IKKX$%%, `IKKX$%%, `IKKX$%%, ` `IKX$%%, ` `IKX҇XQ1IENDB`./demo/sign.php0000755000175000017500000001444213033767473011605 0ustar lo1lo1 TSS 2.0 Demo Sign <?php echo gethostname(); ?>
"; $command = $_POST['command']; $hp = $_POST['hp']; $label= $_POST['label']; $sigfile= $_POST['sigfile']; $msg = $_POST['msg']; $pwdk = $_POST['pwdk']; $retval == 0; // parameter checks if ($retval == 0) { if (strlen($hp) == 0) { echo "Parent handle must be specified
"; $retval = 1; } if (strlen($label) == 0) { echo "Label must be specified
"; $retval = 1; } if (strlen($sigfile) == 0) { echo "Signature name must be specified
"; $retval = 1; } if (strlen($msg) == 0) { echo "Message must be specified
"; $retval = 1; } } if ($retval == 0) { $rc = file_put_contents ('message.tmp', $msg); if (!$rc) { echo "could not write message to message.tmp
"; $retval = 1; } } // load the key if ($retval == 0) { $commandStr = "/var/www/html/tpm2/load"; $commandStr .= " -hp " . $hp; $commandStr .= " -ipu " . $label . "pub.key"; $commandStr .= " -ipr " . $label . "priv.key"; if (strlen($pwdp) != 0) { $commandStr .= " -pwdp " . $pwdp; } //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } // get the handle from the response if ($retval == 0) { //print_r($output); $values = explode (" ", $output[0]); $hk = $values[1]; echo "Loaded signing key handle: " . $hk . "
"; } // construct the sign or verify command using the signing key if ($retval == 0) { switch ($command) { case 'Sign': $commandStr = "/var/www/html/tpm2/sign"; $commandStr .= " -hk " . $hk; $commandStr .= " -os " . $sigfile . ".sig"; $commandStr .= " -if message.tmp"; if (strlen($pwdk) != 0) { $commandStr .= " -pwdk " . $pwdk; } break; case 'Verify Signature': $commandStr = "/var/www/html/tpm2/verifysignature"; $commandStr .= " -hk " . $hk; $commandStr .= " -is " . $sigfile . ".sig"; $commandStr .= " -if message.tmp"; break; default: echo ("Invalid command $command"); $retval = 1; break; } } // run the sign or verify command if ($retval == 0) { //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { if ($command == 'Sign') { ; } else if ($command == 'Verify Signature') { ; } echo "Success"; } else { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } unlink ('message.tmp'); // flush if (strlen($hk) != 0) { $commandStr = "/var/www/html/tpm2/flushcontext"; $commandStr .= " -ha " . $hk; //echo 'Command string: ' . $commandStr. "
"; unset($output); exec ($commandStr, $output, $retval); if ($retval != 0) { echo $commandStr . "
"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
"; } } } } ?>

Parameters

Parent Handle ">
Key Label
Message
Signature Name

Sign

Key Password

Verify

./demo/halgsha1.inc0000644000175000017500000000012712644021500012264 0ustar lo1lo1 ./demo/admin.php0000755000175000017500000002407113033767473011734 0ustar lo1lo1 TSS 2.0 Demo Administration <?php echo gethostname(); ?>
\n"; $retval = 1; } /* radio buttons, should never occur */ if (strlen($hip) == 0) { echo "Password - authorization hierarchy must be specified
\n"; $retval = 1; } } // construct the command if ($retval == 0) { switch ($command) { case 'Change Password': $commandStr = "/var/www/html/tpm2/hierarchychangeauth"; $commandStr .= " -hi " . $hip; if (strlen($pwda) != 0) { $commandStr .= " -pwda " . $pwda; } if (strlen($pwdn1) != 0) { $commandStr .= " -pwdn " . $pwdn1; } break; case 'Set TPM Date and Time': $commandStr = "/var/www/html/tpm2/clockset"; $commandStr .= " -hi " . $hic; $currenttime = time(); // php time in sec $commandStr .= " -time " . ($currenttime * 1000); // TPM command in msec break; case 'SH disable': $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he o -state 0"; break; case 'SH enable': $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he o -state 1"; break; case 'EH disable': $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he e -state 0"; break; case 'EH enable': $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he e -state 1"; break; case 'phEnableNV clear': $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he n -state o"; break; case 'phEnableNV set': $commandStr = "/var/www/html/tpm2/hierarchycontrol -hi p -he n -state 1"; break; default: echo ("Invalid command $command"); $retval = 1; break; } } if ($retval == 0) { // uncomment for test and debug, permits view of TPM command //echo 'Command string: ' . $commandStr. "
\n"; $retval = 0; unset($output); exec ($commandStr, $output, $retval); if ($retval == 0) { ; } else { echo $commandStr . "
\n"; for ($i = 0 ; $i < count($output) ; $i++) { echo $output[$i] . "
\n"; } } } } echo "

TPM Information

"; unset($output); exec ("/var/www/html/tpm2/getcapability -cap 6", $output, $retval); //print_r($output); $key = searchForValue("TPM_PT_MANUFACTURER", $output); $value = $output[$key]; $values = explode (" ", trim($value)); echo "Manufacturer: "; $chars = str_split ($values[3], 2); for ($i = 0 ; $i < count($chars) ; $i++) { echo chr(hexdec($chars[$i])); } echo "
\n"; echo "Vendor String: "; $key = searchForValue("TPM_PT_VENDOR_STRING_1", $output); $value = $output[$key]; $values = explode (" ", trim($value)); $chars = str_split ($values[3], 2); for ($i = 0 ; $i < count($chars) ; $i++) { echo chr(hexdec($chars[$i])); } $key = searchForValue("TPM_PT_VENDOR_STRING_2", $output); $value = $output[$key]; $values = explode (" ", trim($value)); $chars = str_split ($values[3], 2); for ($i = 0 ; $i < count($chars) ; $i++) { echo chr(hexdec($chars[$i])); } echo "
\n"; $key = searchForValue("TPM_PT_REVISION", $output); $value = $output[$key]; $values = explode (" ", trim($value)); echo "Revision: " . hexdec($values[3]) . "
\n"; $key = searchForValue("TPM_PT_FIRMWARE_VERSION_1", $output); $value = $output[$key]; $values = explode (" ", trim($value)); echo "Firmware: " . $values[3]; $key = searchForValue("TPM_PT_FIRMWARE_VERSION_2", $output); $value = $output[$key]; $values = explode (" ", trim($value)); echo " " . $values[3]; echo "
\n"; unset($output); exec ("/var/www/html/tpm2/readclock", $output, $retval); $key = searchForValue("TPMS_TIME_INFO", $output); $value = $output[$key]; $values = explode (" ", trim($value)); echo "TPM Time since startup: " . $values[2] . " msec
\n"; $key = searchForValue(" TPMS_CLOCK_INFO", $output); $value = $output[$key]; $values = explode (" ", trim($value)); // TPM time in msec echo "TPM Date and Time: " . date(DATE_RSS, ($values[2] / 1000)); // php time in sec ?> >Platform >Owner

TPM Status

\n"; } else { echo "Owner auth clear
\n"; } if ($val & 0x0002) { echo "Endorsement auth set
\n"; } else { echo "Endorsement auth clear
\n"; } if ($val & 0x0004) { echo "Lockout auth set
\n"; } else { echo "Lockout auth clear
\n"; } if ($val & 0x0100) { echo "TPM2_Clear disabled
\n"; } else { echo "TPM2_Clear enabled
\n"; } if ($val & 0x0200) { echo "In lockout
\n"; } else { echo "Not in lockout
\n"; } if ($val & 0x0400) { echo "TPM generated EPS
\n"; } else { echo "EPS createed outside TPM
\n"; } echo "
\n"; unset($output); exec ("/var/www/html/tpm2/getcapability -cap 6 -pr 201 -pc 1", $output, $retval); $capitems = explode(" ", trim($output[2])); $val = hexdec($capitems[3]); if ($val & 0x0001) { echo "Platform hierarchy enabled
\n"; } else { echo "Platform hierarchy disabled
\n"; } if ($val & 0x0002) { echo "Storage hierarchy enabled    
\n"; } else { echo "Storage hierarchy disabled    
\n"; } if ($val & 0x0004) { echo "Endorsement hierarchy enabled    
\n"; } else { echo "Endorsement hierarchy disabled    
\n"; } if ($val & 0x0008) { echo "phEnableNV set    
\n"; } else { echo "phEnableNV clear    
\n"; } ?>

TPM Random Number Generator

\n"; unlink ('rng.tmp'); function searchForValue($keyword, $arrayToSearch){ foreach($arrayToSearch as $key => $arrayItem){ if( stristr( $arrayItem, $keyword ) ){ return $key; } } } ?>

TPM Authorization

>Platform >Owner
Old Password
New Password
New Password

./demo/IBM-TSS-Demo.doc0000644000175000017500000024700012771272436012554 0ustar lo1lo1ࡱ>  /bjbjR|R| 8h00& 88888LLL8 dLbl d#z#z#z#U$:&3'Tmoooooo$P8 (U$U$ ( (88z#z#000 (~8z#8z#m0 (m00uX4]z#B)[6Y0[E+l]"]8d&''0'''H'"''''-8''' ( ( ( (''''''''' :  IBM TSS 2.0 Demo Ken Goldman  HYPERLINK "mailto:kgold@watson.ibm.com" kgoldman@us.ibm.com December 1, 2015  TOC \o "1-3" \h \z \u  HYPERLINK \l "_Toc436747999" 1. Introduction  PAGEREF _Toc436747999 \h 2  HYPERLINK \l "_Toc436748000" 2. Installation  PAGEREF _Toc436748000 \h 2  HYPERLINK \l "_Toc436748001" 2.1. Standard libraries  PAGEREF _Toc436748001 \h 2  HYPERLINK \l "_Toc436748002" 2.2. IBM software  PAGEREF _Toc436748002 \h 2  HYPERLINK \l "_Toc436748003" 2.3. IBM TPM 2.0  PAGEREF _Toc436748003 \h 3  HYPERLINK \l "_Toc436748004" 2.4. IBM TSS 2.0  PAGEREF _Toc436748004 \h 3  HYPERLINK \l "_Toc436748005" 2.5. IBM TSS 2.0 Demo  PAGEREF _Toc436748005 \h 3  HYPERLINK \l "_Toc436748006" 3. Starting the demo  PAGEREF _Toc436748006 \h 3  HYPERLINK \l "_Toc436748007" 4. Running the demo  PAGEREF _Toc436748007 \h 4  HYPERLINK \l "_Toc436748008" 4.1. Home Page  PAGEREF _Toc436748008 \h 4  HYPERLINK \l "_Toc436748009" 4.2. Administration  PAGEREF _Toc436748009 \h 4  HYPERLINK \l "_Toc436748010" 4.3. PCRs  PAGEREF _Toc436748010 \h 5  HYPERLINK \l "_Toc436748011" 4.4. Handles  PAGEREF _Toc436748011 \h 5  HYPERLINK \l "_Toc436748012" 4.5. NVRAM Properties  PAGEREF _Toc436748012 \h 5  HYPERLINK \l "_Toc436748013" 4.6. Key Creation  PAGEREF _Toc436748013 \h 6  HYPERLINK \l "_Toc436748014" 4.7. RSA Sign and Verify  PAGEREF _Toc436748014 \h 6  HYPERLINK \l "_Toc436748015" 4.1. Unseal  PAGEREF _Toc436748015 \h 6  HYPERLINK \l "_Toc436748016" 4.2. NV RAM Indexes  PAGEREF _Toc436748016 \h 7 Introduction The demo is intended primarily as a visual way to demonstrate the IBM TSS and typical TPM 2.0 features. It is also somewhat useful as a management interface. This explains how to install and run the IBM TSS 2.0 Demo. As the home page at  HYPERLINK "http://hostname/tpm2/index.php" http://hostname/tpm2/index.php indicates, the stack is a web server serving php pages. The php pages call the TSS command line utilities included with the TSS. The utilities, as usual, call the TSS. The demo (through the TSS) can interface with either a SW TPM or a hardware TPM. The demo has run on Windows, but this document only describes Linux installation. It runs on Fedora, RHEL, Ubuntu, Centos and probably any Linux. It runs on x86 and IBM Power processors, big and little endian, physical and virtual machines. Installation Standard Software openssl and openssl-devel (use 1.0.x, not 1.1.x) php and php-devel tomcat and apache Create a directory for the demo and start the web server. E.g., # mkdir /var/www/html/tpm2 # chmod 777 /var/www/html/tpm2 IBM Software TPM 2.0 Download the IBM TPM 2.0 if using a SW TPM. Even if using a HW TPM, a SW TPM is useful for initial testing. Build instructions are included.  HYPERLINK "https://sourceforge.net/projects/ibmswtpm2/" https://sourceforge.net/projects/ibmswtpm2/ IBM TSS 2.0 Download the IBM TSS 2.0 and this demo. TSS build instructions are included.  HYPERLINK "https://sourceforge.net/projects/ibmtpm20tss" https://sourceforge.net/projects/ibmtpm20tss IBM TSS 2.0 Demo The software is in /demo. There are four makefiles, each of which calls makefile-common: makefile - SHA-256 and the SW TPM makefile_dev - SHA-256 and the HW TPM makefilesha1 - SHA-1 and the SW TPM makefilesha1_dev - SHA-1 and the HW TPM The build copies the html, css, php, TSS utilities and TSS library to /var/www/html/tpm2. Note that not all HW TPMs support SHA-256. The hash algorithm is a php variable. The device type is an environment variable for the TSS library. Starting the demo Start the https service. This command is distro dependent. # service httpd start If using the software TPM, start it in the /src directory. > tpm_server If using a SW TPM, simulate the BIOS TPM startup in the /utils directory. > powerup > startup Connect the web browser to the demo home page.  HYPERLINK "http://localhost/tpm2/index.php" http://localhost/tpm2/index.php The demo can be run remotely if the firewall is set up to allow incoming connections on port 80. Running the demo Beware that the demo below may have to be adjusted when using a HW TPM, because the platform authorization is unknown to the user. Each section has two parts: Demo: indicates how to run the standard demo. Demo errors: indicates additional demos showing error conditions. Home Page This page shows a demo block diagram. When introducing the demo, please explain that the browser, web server, and PHP are simply for ease of creating a demo. The actual TSS does not require any remote procedure calls. It's a very simple, full-featured C API. Administration Demo: The page retrieves basic TPM information. Click "Set TPM Date and Time" to set the TPM clock to the current time. Since the TPM clock can only be set forward, not backward, this may fail intermittently after the clock is set due to skew between the TPM clock and the system clock. Refresh the screen to demo the TPM random number generator. The TPM platform authorization is empty after boot. For the basic demo, leave it empty. It can be changed to show platform authorization. Demo Errors: Specify an incorrect "Old Password" to show the authorization failure. PCRs Demo: The page lists the current PCR values. Extend PCR 16 and see that the value changes. Reset PCR 16 and see that the value resets. Extend PCR 16 with the data 'aaa' and see that the value becomes c2 11 97 This value is needed for the Unseal demo. Demo errors: Extend PCR 17, the DRTM PCR, and show the locality failure. Reset PCR 0 to show the failure. Handles Demo: The page lists all volatile and non-volatile handles. Show this page periodically to show loaded objects and sessions. Normally, the demo cleans up sessions and non-primary keys after use. Use this page to flush primary keys. A HW TPM may show non-volatile indexes, which hold the EK certificates. The Flush Handles button deletes the handles checked. EK certificates cannot be deleted. NVRAM Properties This page may not be interesting. Demo: The page lists defined NV indexes and their properties. Key Creation Demo: Click "Create Primary" to create a primary storage key. The handle is likely to be 80000000. If not, remember the value. Create a Signing key. Give it a label, e.g., "sign" and the Key Type 'Signing". It will be used on the RSA Sign and Verify page. Create a Data Blob. Give it a label, e.g., "sdb" and the Key Type "Data Blob". Supply a message to seal. Demo errors: Create a Restricted Signing key with a different label, e.g. "signr". Try to create a key under the primary key parent that is Fixed Parent but not Fixed TPM. This combination is illegal for a parent primary key. RSA Sign and Verify Demo: Specify the Label of the signing key. Supply a Message to sign. Supply a signature name, e.g. sig. Click "Sign" and then "Verify Signature". Demo errors: Change the Message, and show that "Verify Signature" fails. Change the label to the restricted signing key. Show that "Sign" fails. Invalid ticket indicates that a restricted signing key cannot sign data hashed outside the TPM. Use the Data Blob. See that the blob cannot be used to sign. Change the parent handle. See that the signing key load fails. Unseal Demo: Specify the Label of the sealed data. See that "Unseal" decrypts the message. Show that the TSS loaded the sealed data, typically at 80000001. It used a policy session, typically at 03000000. On the PCR page, extend PCR 0. Unseal and show the successful result. The policy sealed the data to PCR 16, so changing PCR 0 should not matter. Demo Errors: On the PCR page, extend PCR 16. Unseal and show the policy check failure. On the PCR page, reset PCR 16. The Unseal should still fail. Then extend PCR 16 with aaa and the Unseal should again work. Specify the Label of a signing key. The Unseal should fail with a policy error. The TPM checks the policy, which is empty for the signing key, before it checks the key type. Quote Demo: Specify the Label of the signing key. Supply a quote name, e.g. quote. Specify a PCR. Click "Quote" and then "Verify Quote". Note: In general, quote can take a PCR list. The demo uses only one PCR. Demo errors: Try to quote with the sealed data blob label and show that "Quote" fails. Change the parent handle. See that the signing key load fails. NV RAM Indexes Demo: Define an ordinary index at 01000000, 8 bytes, with Write Define checked. NV Write 8 bytes of data into the index. NV Read and show that the data is returned. On the Handles page, show that the NV Index is enumerated. This uses the TPM Get Capability. The NVRAM Properties page lists the properties for all enumerated handles. NV Undefine Space. On the Handles page, show that the Index has been removed. Define a counter index at 01000000. Use NV Increment to write the index. NV Read 8 bytes shows that the value. The value may not be 1 because the TPM retains a history. A specific NV counter NV cannot repeat a value. Increment and show that the value increments. Demo Errors: Try to define a second index at 01000000. It should fail because the index is already defined. Undefine the index at 01000000. Define an ordinary index of 8 bytes. NV Read should fail. In TPM 2.0, an index cannot be read before it is written. NV Write more than 8 bytes and show the range error. NV Increment shows that an ordinary index cannot be incremented. NV Write with a password. Show the failure because the index was defined with an empty password. NV Write 8 bytes. NV Write Lock. NV Write and show that the index is locked. Undefine the ordinary index. Define a Counter index. NV Write fails because counters cannot be written with user defined data.      Page  PAGE 5  IJKPSTV^_`hjpqrŲŜyyqiaRChEhFCJ(aJ(mHsHhEhoaCJ(aJ(mHsHh9hCJ(aJ(h9#CJ(aJ(heCJ(aJ(h]h0JCJ(aJ(mHnHsH$hEh_0JCJ(aJ(mHnHsH+jhEh^SCJ(UaJ(mHsH%jhEh_CJ(UaJ(mHsHhEh_CJ(aJ(mHsHhEhCCJ(aJ(mHsHhEh_CJ(aJ( hEh\fh9# hh,v`qrsuv3 4 6 3  & z  ! $a$gd2Ygd2Ygdrstuvw̽mbSbASbSm#j>h(UmHnHujh(UmHnHuh(mHnHu*hSuh(5CJOJQJaJmHnHujhZ h(0JUh(mHnHuhZ h(0JjhZ h(0JUhhwCJaJjhhwCJUaJhh,vmHsHhEh,vCJaJmHsHhEhgOCJaJmHsHhEhEmHsH        - . / 0 1 2 3 4 5 Q R S T X Y k l m 鯠~j鯠X#j2h(UmHnHu'hSuh(CJOJQJaJmHnHujhZ h(0JU#j8h(UmHnHujh(UmHnHuh(mHnHu*hSuh(5CJOJQJaJmHnHujhZ h(0JUh(mHnHuhZ h(0JjhZ h(0JU"        . / 0 1 2 3 4 5 6 R S ռձՀձn#j&h(UmHnHujhZ h(0JU#j,h(UmHnHujh(UmHnHuh(mHnHujhZ h(0JUh(mHnHuhZ h(0J'hSuh(CJOJQJaJmHnHujhZ h(0JU*S T U Y Z e f g ٺِـٺnِ#jh(UmHnHujhZ h(0JUh(mHnHu#j h(UmHnHujh(UmHnHuh(mHnHu'hSuh(CJOJQJaJmHnHuhZ h(0JjhZ h(0JUjhZ h(0JU$      0 1 2 3 4 5 6 7 8 T U V W Y Z j k l ٸَ~ٸlَ#j h(UmHnHujhZ h(0JUh(mHnHu#jh(UmHnHujh(UmHnHuh(mHnHu*hSuh(5CJOJQJaJmHnHuhZ h(0JjhZ h(0JUjhZ h(0JU$      - . / 0 1 2 3 4 5 Q R ٺِـٺnِ#j h(UmHnHuj hZ h(0JUh(mHnHu#j h(UmHnHujh(UmHnHuh(mHnHu'hSuh(CJOJQJaJmHnHuhZ h(0JjhZ h(0JUj hZ h(0JU$R S T X Y ] ^ _ y z { | } ~  ٺِـٺnِ#j h(UmHnHujy hZ h(0JUh(mHnHu#j h(UmHnHujh(UmHnHuh(mHnHu'hSuh(CJOJQJaJmHnHuhZ h(0JjhZ h(0JUj hZ h(0JU$    ! " # $ % & ' ( D E F G K L X Y Z t u v w x y z { | ٺِـٺnِ#jh(UmHnHujmhZ h(0JUh(mHnHu#j h(UmHnHujh(UmHnHuh(mHnHu'hSuh(CJOJQJaJmHnHuhZ h(0JjhZ h(0JUjs hZ h(0JU$  !"#$%ABٺِـٺnِ#jh(UmHnHujahZ h(0JUh(mHnHu#jh(UmHnHujh(UmHnHuh(mHnHu'hSuh(CJOJQJaJmHnHuhZ h(0JjhZ h(0JUjghZ h(0JU$ #y()depq . & F gd9#gd9#gd2Ygd9hgd!.sgdgd@"gd2Ygd2Y ! BCDHIWXYstuvwxyz).cdyzٺŎyuququmieu]uVu] h@"h@"jh@"Uh/h9#h9hhDh@" hh/ hOAhGp hOAh/jhhwU#jh(UmHnHujh(UmHnHuh(mHnHu'hSuh(CJOJQJaJmHnHuhZ h(0JjhZ h(0JUj[hZ h(0JU u  ./UV˼˼˵ˠ˼˜{ϼwsh(hxAh`A;h`A;0JmH nH ujUh`A;Ujh`A;Uh`A; hUhU h9#h9# hWhU hWhWhU h9hh9hh}Ih9#h9h hhc hhhh@"jh@"Uhi~h@"0JmH nH u,./qrTU; & F gdUgdLgdxAgdgd2YgdUgdUgd9#gdWUVW{-AwxıjhZnUhvh(h]hmhZnhi.ht"nhF|1 hhUh3uhxAh`A;hU0JmH nH uj6hUUjhUU hUhUh[hUh7;_{,-xygdt"ngdt"ngdZngd2Ygd3u & F gdU  .pqo @`aQRrst{|i   H I ¾·Ѱ٬ѨѠљّٕ͠hchch-m hVHhNkh"h(8hVHh1 h1hNk h1hmh`hm hNkhNkhH^hNkhLh1h]hZnhmjhZnUhi~hZn0JmH nH u7pq#$RSgd1gdLgdLgdNkgdLgdt"n45  23abgdVHgd1gd1gd1QRst|}ij   B C I J gd]!gdcgd"gd1gd1gdVHI !!!"")"W""""J#i######$*$$$$ % % %%j%k%%%r&t&&&''((>)E)r)s)t)u))))))ҼҼҼҼұұαhf]hseh|xh hLh=D h(h( h@h(h( h=Dh[h[ h]!h@ h@h=DhMLh=Dhuh. h"h"hU)h@h]!h1 h]!h"h"5 !!!!""""X"Y"""""########$gd@gdU)gd"gd]!$$$$ % %%%%%k%l%%%t&u&&&&&L'M'''(( (gd( & Fgd(gd=D & Fgd=Dgd@ ( (((((((2)3)s)t)u)))))))**-*.*****(+gd]!gdgd=Dgd())*********+++++,5,,,=-q-r--.h.k.l................//// / / //ƹ豭h]CJaJmHnHujhh(8CJUaJhh(8CJaJh0"jh0"UjjhmCh0"<UjhmCh0"<UjhmCh0"<Uh(whC ho]h#WhJ%h,hseh\y}2(+)+,,5,6,C,D,,,<-=-r-s---..g.h..........gd]!.. / / //gd]!61h/R :p/ =!"#$% DyK yK Pmailto:kgold@watson.ibm.comyX;H,]ą'c}DyK _Toc436747999}DyK _Toc436747999}DyK _Toc436748000}DyK _Toc436748000}DyK _Toc436748001}DyK _Toc436748001}DyK _Toc436748002}DyK _Toc436748002}DyK _Toc436748003}DyK _Toc436748003}DyK _Toc436748004}DyK _Toc436748004}DyK _Toc436748005}DyK _Toc436748005}DyK _Toc436748006}DyK _Toc436748006}DyK _Toc436748007}DyK _Toc436748007}DyK _Toc436748008}DyK _Toc436748008}DyK _Toc436748009}DyK _Toc436748009}DyK _Toc436748010}DyK _Toc436748010}DyK _Toc436748011}DyK _Toc436748011}DyK _Toc436748012}DyK _Toc436748012}DyK _Toc436748013}DyK _Toc436748013}DyK _Toc436748014}DyK _Toc436748014}DyK _Toc436748015}DyK _Toc436748015}DyK _Toc436748016}DyK _Toc436748016DyK yK phttps://sourceforge.net/projects/ibmswtpm2/yX;H,]ą'cDyK yK rhttps://sourceforge.net/projects/ibmtpm20tssyX;H,]ą'cDdh  C 6Aclip_bullet001"@@b~['~mJ>] n~['~mJ>PNG  IHDR atEXtSoftwareMicrosoft Office5qPLTE *.)&?";6P6E?w1dY :N!9J 8S">Z!:` 8`$B_"BS'F\'DZ+La,Ox#@{+Lo'Fg'Fj(Jt/So-Pp0Ut$@e3Yw3Zv3\2Y'H0T;j>l:h?uAqB~C|F{F{\\P[kׅVtRNS@f pHYs@@bCc[ cmPPJCmp0712HsYIDATWc`@Ff "P1= +SUf0OBR_ "#&nb %p3y J*,P4t  2 lp0qt7@dNIENDB`Ddh  C 6Aclip_bullet001"@@b+&0)QYn n+&0)QYnPNG  IHDR extEXtSoftwareMicrosoft Office5qPLTE "39*%% =;A2 H8 HDSHMLZVICXWNMWO[Zb]cYiXhQhYi]papajdxixjodww&un"{y({{)sq%uo#jf mj"ni!kf tt&~y&|w%ts&vs&fqpf'{!|((*!+&+(760)'376Ĵ2><::>CN_\Y{s]tRNS@f pHYs@@bCc[ cmPPJCmp0712Hs~IDATWc`}A^050?+^K@dTD@?DS֒31aH(HI WT25d` ڹ{x F@Y*E'\1dIENDB`Ddh  C 6Aclip_bullet002"@@b- m\KX{ n- m\KX{PNG  IHDR rtEXtSoftwareMicrosoft Office5qPLTE  & *&$5+J2O,W3f";V 9]!?y%?e&CZ(F[&AT.Ul-Qg%Bl&Di.Pp&Cd2Wt+Mp4\x0Sm1Z/V,R5]"b7g7b?o7b&f7jFA|[LZe|y vtRNS@f pHYs@@bCc[ cmPPJCmp0712HsOIDATWc`0 &J/-ndf,fJK|2Br 6'D3"7PF h?IENDB`^3 ppppppppp002 0@P`p2( 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p 0@P`p8XV~_HmH nH sH tH @`@ yNormalCJ_HaJmH sH tH b@b {X Heading 1$ & F<@&5CJ KH OJQJ\^JaJ b@b {X Heading 2$ & F<@&5CJOJQJ\]^JaJl@l 2c Heading 3)$ & F 8X<@&^X5CJOJQJ\aJDA`D Default Paragraph FontRi@R  Table Normal4 l4a (k (0No List N@N pTOC 1$ ! ^a$ 5CJ aJ BU`Bb 0 Hyperlink>*B*mHnHphu.. pTOC 3 ^FV`!F kFollowedHyperlink >*B* ph.@. R?pTOC 2 ^4B4 FHeader  !4 @R4 FFooter  !@"@@ {XCaption xx5CJ\aJH@rH B Balloon TextCJOJQJ^JaJ>@> Ge Footnote TextCJaJ@&`@ GeFootnote ReferenceH*^>`^ {XTitle /CJ0KHOJPJQJ\^J_HaJ0mH sH tH 2B@2 sr Body TextxLoL -~Body Text CharCJ_HaJmH sH tH xOxsrVersion+$$d&dNP#CJOJPJQJ^JaJmHnHuRY@R 8 Document Map-D M OJQJ^JXOX IBody Text Link,ti $$POJPJQJ^Jvov IBody Text Link Char,ti Char(CJOJPJQJ^J_HaJmH sH tH ZOZ I Table Head!$$5CJOJPJQJ^JaJj#j K Table Grid7:V!0"@3 / Table Grid 5:V"0    jjj# j #5\5\@C a Table List 5:V#0jj#  $5\5\2@2 =pTOC 4 %^_HO2@2 =pTOC 5 &^_HO2@2 =pTOC 6 '^_HO2@2 =pTOC 7 (^_HO2@2 =pTOC 8 )^_HO2@2 =pTOC 9 *^_HO&& RmirrorsB'`B UComment ReferenceCJaJ<@< U Comment Text-CJaJ@j@@ UComment Subject.5\JJr9Style Numbered 11.5 pt/ FHoH Style 11.5 pt Black CJphJoJ gnHeading 3 Char5CJOJQJ]aJLo!L cHeading 3 Char15CJOJQJ\aJPK![Content_Types].xmlN0EH-J@%ǎǢ|ș$زULTB l,3;rØJB+$G]7O٭V$ !)O^rC$y@/yH*񄴽)޵߻UDb`}"qۋJחX^)I`nEp)liV[]1M<OP6r=zgbIguSebORD۫qu gZo~ٺlAplxpT0+[}`jzAV2Fi@qv֬5\|ʜ̭NleXdsjcs7f W+Ն7`g ȘJj|h(KD- dXiJ؇(x$( :;˹! I_TS 1?E??ZBΪmU/?~xY'y5g&΋/ɋ>GMGeD3Vq%'#q$8K)fw9:ĵ x}rxwr:\TZaG*y8IjbRc|XŻǿI u3KGnD1NIBs RuK>V.EL+M2#'fi ~V vl{u8zH *:(W☕ ~JTe\O*tHGHY}KNP*ݾ˦TѼ9/#A7qZ$*c?qUnwN%Oi4 =3N)cbJ uV4(Tn 7_?m-ٛ{UBwznʜ"Z xJZp; {/<P;,)''KQk5qpN8KGbe Sd̛\17 pa>SR! 3K4'+rzQ TTIIvt]Kc⫲K#v5+|D~O@%\w_nN[L9KqgVhn R!y+Un;*&/HrT >>\ t=.Tġ S; Z~!P9giCڧ!# B,;X=ۻ,I2UWV9$lk=Aj;{AP79|s*Y;̠[MCۿhf]o{oY=1kyVV5E8Vk+֜\80X4D)!!?*|fv u"xA@T_q64)kڬuV7 t '%;i9s9x,ڎ-45xd8?ǘd/Y|t &LILJ`& -Gt/PK! ѐ'theme/theme/_rels/themeManager.xml.relsM 0wooӺ&݈Э5 6?$Q ,.aic21h:qm@RN;d`o7gK(M&$R(.1r'JЊT8V"AȻHu}|$b{P8g/]QAsم(#L[PK-![Content_Types].xmlPK-!֧6 0_rels/.relsPK-!kytheme/theme/themeManager.xmlPK-!0C)theme/theme/theme1.xmlPK-! ѐ' theme/theme/_rels/themeManager.xml.relsPK] 'h "r S R BI )/ !"$%')-1 .; $ ((+./#&(*+,./023J^v.013Sl/124Tf1346Vk.013S^z|}!#$&FYuwxz !#CXtvwyyU  V  'X X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%X%̕XXXX"!8@0(  B S  ? _Ref166921735 _Toc436747999 _Toc436748000 _Toc436748001 _Toc436748002 _Toc436748004 _Toc436748005 _Toc436748006 _Ref431391250 _Toc436748007 _Toc436748008 _Toc436748009 _Toc436748010 _Toc436748011 _Toc436748012 _Toc436748013 _Toc436748014 _Toc436748015 _Toc436748016_PictureBulletszz {qqt u!&'  {!&' 2T 3T 5T& ' ''& ' ''   u z |  !+gl{,.PU&)""$$h&p&&&&&&&&&&&& ''K_j o u z {"~1w iu&)!!##$$%%%P%Q%%%%%&)&\&e&&&&&&&&&&&&&& ''33333333333333333333333333331l2f4k1^}$Yx!Xwyu - . oh ii&&&&&&&&&&&&&&& ' ' ''1l2f4k1^}$Yx!Xwyu - . oh ii&&&& ''|v>}*~$:0J?ol9|q 4x()mb+")-j&R,2? 3N1#4>LR 66lD`Ao")YB?lb/Vn ,%JpxŒ9McpPy+XquV[tL^`.^`.88^8`.^`. ^`OJQJo( ^`OJQJo( 88^8`OJQJo( ^`OJQJo(hh^h`. hh^h`OJQJo(h^h`OJPJQJ^Jo(-^`OJQJ^Jo(hHop^p`OJQJo(hH@ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh88^8`CJaJhH.h^`OJQJ^Jo(hHoh  ^ `OJQJo(hHh  ^ `OJQJo(hHhxx^x`OJQJ^Jo(hHohHH^H`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^h`OJPJQJ^Jo(-8^8`OJQJ^Jo(hHo^`OJQJo(hH ^ `OJQJo(hH ^ `OJQJ^Jo(hHox^x`OJQJo(hHH^H`OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^h`OJPJQJ^Jo(-^`OJQJ^Jo(hHop^p`OJQJo(hH@ ^@ `OJQJo(hH^`OJQJ^Jo(hHo^`OJQJo(hH^`OJQJo(hH^`OJQJ^Jo(hHoP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHVhh^h`o(G CJ OJQJsH tH ^JaJ _Ho(G CJ OJQJsH tH ^JaJ _HhH.0P^`Po(G CJOJQJsH tH ^JaJ_HhH..hh^h`3*G&5\CJOJQJsHtH^JaJ_H4*6789:;<>*@EHH*KHEHS*TX[]o(G CJOJQJsH tH ^JaJ_HhH... x8^`xo(hH.... ^`o(hH ..... Xp^`Xo(hH ......  @ ^ `o(hH.......   8 ^ `8o(hH........  `x^``o(hH.........h^`OJQJo(hHh ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h ^`hH.h ^`hH.h pL^p`LhH.h @ ^@ `hH.h ^`hH.h L^`LhH.h ^`hH.h ^`hH.h PL^P`LhH.h^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohp^p`OJQJo(hHh@ ^@ `OJQJo(hHh^`OJQJ^Jo(hHoh^`OJQJo(hHh^`OJQJo(hHh^`OJQJ^Jo(hHohP^P`OJQJo(hH#4/Vn/Vn&R,D`A/Vn [t9Mcp?l%Jp? 3+Xq~}|/Vn/Vn /Vn /Vn+") 6)m)YB@J,87ReSn Ur@8e;                                   8e;                 8e;                                                      @ @ @q(j ^w6W:T^wtH99tA8^9uY 6WO=A8Lk^wwr\Wh B^w  &BM ei Wdw ^w[ K/ ^wh NY -q<,[ _[ e5rlBE^wt&} 2Ww}S"0PF W 5"#5"#:$Y 0%^wS %/VyIx'-q>D([ iP)^wFR*^w-[ > .z.-q/80-qSD0^wl1&B2"0(/3^wj 4^w5~5^wOC5-qBz6-q6&BA8zICJ9N=H99:~fU;/=(N= V=-q_[)?^w.Z?^w/?dY&BpGzICc(fEpGNH5"#RKkIY ^KN^w1N^wTlNA8'3O^9u[P R-q>>#R-q{vW[ dYw[^wS]dY 0%d[ r0od5"#z`d^w9h^w9h^wRh^wNjiA8I/kY 8l_lyFm^wgm^wn[ -|p^w-qt&}%t^w^9u~fU;^w/Vy MzdYg\z^wy{z_l*G{WaL{TJ|^w-Uf~^w+~[ "0c(fE  vIo]]s x@#L} />4QjSVXam 3 NVW,[8_eiuT0/_)ai}Xq [(*;7QLoOWwW1@AFrNNVZ_c%l  Nl\H^Jb,Z%0l2R^mnmq Z 6  ' ` ka b b c d ~r ~t }   %  F% 5 > > h p | | 0  r ,$ %% D_ c t y   e ! / O W h^ a a uz <n 0FXWwEhmZpQJ!"X)/G bb2qr7{7!0a4b5gHHPZ[[\ n59]KT`Io}3!"?~I+`qaty~ [ )%=S[m't/h2:#ABPTW_dv%N&$4e9EMLs\%X17F_ffoZ b+Q3p9<>&?`ls"X/CQFHbhEvrv Y-{km/,g@D]gre~* :>B@}CHRjwstxz~ /"6=BPRCU#WXy%%($4CGwKRlpq`ssu=>%MM|  &  6  C   ?2 B tF F d n 'p s d!!!!!!!p"!)!.!3!=!k@!I!z\!]!o! "" " "'"0"q3"@"O"#U"_"ta"tc"6v"#x"y"| #*#|[#c#=$$j $$$p&$ 2$2$S$V$u$w$s~$,%,%Y(%D%J%rd%a{%|%&A&&-&2&@&n& }&5}&''s*':'c;'&['b'Id'v'(E(^(f()))))$)a(),3);)U)W)])Zf)0j)o)***--*5*7*$:* >*>*O*Y*^*v* ++0+`<+=+}l+,~ ,,,7,QI,k,p,p,Sv,-3-6T-SW-:Z-n-.Z ..a!.*.,.=.c.j.Ql.r~./Q"/\J/P/V/=[/l/p/r/ 0i(0)0K20:0+Z0}i0{q011 1:1;1YK1W1sY1F|1220282K2M2_2ap2z2m37%3(3x+3035;3L3&U32444o 4!40424@4jT4^4_4!g45)5p45@5[R5( 66:6A6}E6O6r6t6?}67777!7i7j7hl7o7u7}78888a88(80)8`\8b8o9 99"9*9?9LH9vP9[9r9= : ::-:@:LR:V:![:_:ya:~:!;5;`A;I;O;f;Xo;s;?x;< << <_%<)<,1<R<U<Bf<Bl<l<=0)=P1=E=K=O=A?>E>O>)>4?!?z??RE?R?d[?^?nf?_n?Dv?|?? @r@(@`h@}@~@~@AAAOAAhA3pAwA!B5BSUBX[BoBqBY|BCC C/+COCXC}CUD%D(D2DYDZD*fDoDE*E1E4Ez;EVE\E^!F#(F-Fc/FAFq{FA|FGqG?GVH;$H6H>HIFHSHVHZHnHH III2IgHIMIXIBhIiImI wI}Iy#J30J5JAJ9SJXJyYJ]J=yJ~J(J"Kl&K-K:1KBJKLKPKUK^KmKwK}KL~6LILqL M/M1M4M7MHMLM,QMKSM0aM(nM3|M}MRN(NX*N;NYNz]NOgO(O'OuQ|TQuQxQzQvR0RR:RIR[RuR}RSS SN+SW,STSdSfS`jSvS6TrTTuTT3(TtJTNTYT_T'mTpTyTU%U7U]U:`U VVVVK#V/V|9VXVYV'`VfV9gVUhVkWpWrWO,WEWQWPrW4Xg"X:X+kl6mlolUslulbmKm-m6m>mLmmfm0omnY n!nt"n"nJnoangncwnzzn~n5o)o/o/o2o@o bopp?pLpjpq5 q? q@qq#q%q/qS3q 9q\:qP;qK=quFqGqeWq\q\tqr(roFrnrnrsr2 sq sxs&s s\s!.s,/sDsVEspsusNvsxsE~s!tttt t*t-t.t$Ot]VtetetutuIu(u5ut>uMAuCu6yKy0nyy\zzz!z.zAzKBzIzZzyzS{R*{,{5{B{CD{5N{T{t{<{{| ||]|6|,|V1|+4|7|uH|J|X|GY| } }}'}(}J-}|O}Y}a}f}7o}\y}3~>~"?~A~]^~6j~u~w  ~4cecDD07=JSuwyV7,++.2C4:L-fm~ |$*5,1:;[fa|4~,xAO\vey,DZuQ $%*^klntDhG9n J%5=(?,RXr{@C H_c`zQ1:461NxQZl[bcny|@25;KOS| *08bJJSYZ~0 0%)2UVhl} $,?)NrW~6>XAx\Hhho9#%182MCGumy/>LV$*~/85CCH^^kltDxy}8 9JO`GeZnXhbIWaZa~|0 P J,A%';c? KK2Z\[q|> ;1P[cn~)j $u9CDG6LhMYlms03+9oP_ %!2-2AQ^x0(q7uBFE!TBcizzM+2EMM]!uB^K 1OMPZU\Zz{R  $(M4yJ$(lV+6%\Efrr|}_$a-:QR` o!!v%,JO$RTp]wi7 -1?`mm(pv99@KOTnl N 1>Y?V^Kw>#'o:<UlzL!)SU nPoos +H0;EH!MNvUzmoK;MoVs +7<=DRan*A#'AKTTUagh:nr nB59kOPWJg3o)ww k&W* //g6^>R WYy.&@(,=eB:FP_:|  "1F^^z P?ENR_TYase>mt|('4J0-/4,5^W_q}s]{ "%6:N\bkp,P.L0 ?T?VYZR`jtgu y g&)*f-+5L?BE_rlCyQ} /EZxz(}j$m-mDFOQ^` cyv !,;/.35Q:&@dU]AvHv&|~<$s-'58/;N_b#cf9z~M]Xbc|gqDuPw;3p3GQYg~')Z.QZVb#x{)<sCzKYeks| #/G./Z@&HI Nye 9,2ASf\,n(vS (!0;HV$X~hwrxx~ w}$$@eE!Y$ %(K*4DOE4XX^chC&.8%AX_`9Q]T %u.>=IKQvq|C"8&)7=AV_akovx| I,.69:v[_ i|p!m" =?2eg+46F}b+DBG[[ O"&b69=CT#[e3k5 36,:CIXk$J5\]hIje!L%&j<t=KK]Calms`P=O_muJKTBUa jg$ N=Y\)]e 1 8~!F\f8hpr| $$'>CFFM TW_I7[iops?u !<|$9I/Kug5@-:@rMU7`L(XYf]^je%O0 1wK fuvz"8C<J './2D1Ldi,jy,{)15.T\itz[3< P*8JZc D!(Wrw &*g8<Q_b`h{vBYdhuw*x{( y}"#I$')&*.|AIJ"OHW+m'no?w:KNDSZ[aek t2!(02Hrddu="m)F K Meih}9gH&&@....'@Unknown G*Ax Times New Roman5Symbol3. *Cx Arial7.@Calibri7@Cambria5. .[`)TahomaG=  jMS Mincho-3 fg?= *Cx Courier New;WingdingsA$BCambria Math"1h&dI?@ABCEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~Root Entry F0BData 51TableDWordDocument 8hSummaryInformation(DocumentSummaryInformation8MsoDataStore@$/BZJGTZSDEPIGVQ==2@$/BItem  PropertiesUCompObj r   F Microsoft Word 97-2003 Document MSWordDocWord.Document.89q./demo/footer.html0000644000175000017500000000016212644021500012264 0ustar lo1lo1 ./LICENSE0000644000175000017500000001042312741700450010170 0ustar lo1lo1$Id: LICENSE 679 2016-07-14 12:10:16Z kgoldman $ (c) Copyright IBM Corporation 2016. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the names of the IBM Corporation nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------- A portion of the source code is derived from the TPM specification, which has a TCG copyright. It is reproduced here for reference. -------------------------------------------------------------------- Licenses and Notices Copyright Licenses: * Trusted Computing Group (TCG) grants to the user of the source code in this specification (the "Source Code") a worldwide, irrevocable, nonexclusive, royalty free, copyright license to reproduce, create derivative works, distribute, display and perform the Source Code and derivative works thereof, and to grant others the rights granted herein. * The TCG grants to the user of the other parts of the specification (other than the Source Code) the rights to reproduce, distribute, display, and perform the specification solely for the purpose of developing products based on such documents. Source Code Distribution Conditions: * Redistributions of Source Code must retain the above copyright licenses, this list of conditions and the following disclaimers. * Redistributions in binary form must reproduce the above copyright licenses, this list of conditions and the following disclaimers in the documentation and/or other materials provided with the distribution. Disclaimers: * THE COPYRIGHT LICENSES SET FORTH ABOVE DO NOT REPRESENT ANY FORM OF LICENSE OR WAIVER, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, WITH RESPECT TO PATENT RIGHTS HELD BY TCG MEMBERS (OR OTHER THIRD PARTIES) THAT MAY BE NECESSARY TO IMPLEMENT THIS SPECIFICATION OR OTHERWISE. Contact TCG Administration (admin@trustedcomputinggroup.org) for information on specification licensing rights available through TCG membership agreements. * THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO EXPRESS OR IMPLIED WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ACCURACY, COMPLETENESS, OR NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. * Without limitation, TCG and its members and licensors disclaim all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification and to the implementation of this specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this specification or any information herein. Any marks and brands contained herein are the property of their respective owners.