├── .gitignore ├── oath.h ├── tpmtotp.service ├── unsealtotp.sh ├── util ├── tpm_command.h ├── tpm_command.c ├── resetestbit.c ├── tpmreset.c ├── Makefile ├── savestate.c ├── setownerinstall.c ├── tpminit.c ├── physicalenable.c ├── libtpm-config.c ├── physicaldisable.c ├── disableforceclear.c ├── forceclear.c ├── sha1start.c ├── createek.c ├── revtrust.c ├── settempdeactivated.c ├── setoperatorauth.c ├── listkeys.c ├── physicalsetdeactivated.c ├── dirread.c ├── selftest.c ├── killmaintenancefeature.c ├── sha1parts.c ├── setownerpointer.c ├── loadauthcontext.c ├── savekeycontext.c ├── saveauthcontext.c ├── loadkeycontext.c ├── flushspecific.c ├── getcontextcount.c ├── counter_read.c ├── pcrread.c ├── getticks.c ├── counter_calc_incr.c ├── verifydelegation.c ├── pcrreset.c ├── cmk_setrestrictions.c ├── readmanumaintpub.c ├── loadmanumaintpub.c ├── resetlockvalue.c ├── evictkey.c └── loadcontext.c ├── dracut └── module-setup.sh ├── hotp.c ├── base32-main.c ├── totp.c ├── libtpm ├── Makefile ├── pcrs.h ├── debug.c ├── hmac.h ├── tpm_lowlevel.h ├── eviction.c ├── tpmutil_libtpms.c ├── startup.c └── mbedtls-compat.h ├── sealtotp.sh ├── Makefile ├── unsealtotp.c ├── base32.h ├── qrenc.c └── plymouth-unsealtotp.c /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | .*.d 3 | tags 4 | *.a 5 | *.so 6 | .config 7 | .configured 8 | .canary 9 | .*.swp 10 | .*.swo 11 | util/tpm 12 | qrenc 13 | totp 14 | base32 15 | -------------------------------------------------------------------------------- /oath.h: -------------------------------------------------------------------------------- 1 | #ifndef _oath_h_ 2 | #define _oath_h_ 3 | 4 | #include 5 | 6 | 7 | extern uint32_t 8 | oauth_calc( 9 | uint32_t now, 10 | const uint8_t * secret, 11 | size_t secret_len 12 | ); 13 | extern uint32_t 14 | hotp_calc( 15 | uint32_t counter, 16 | const uint8_t * secret, 17 | size_t secret_len 18 | ); 19 | 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /tpmtotp.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Display TPM-sealed TOTP secret during boot 3 | DefaultDependencies=false 4 | Requires=plymouth-start.service 5 | After=plymouth-start.service 6 | 7 | [Service] 8 | Type=simple 9 | ExecStartPre=-/usr/sbin/modprobe tpm_tis 10 | ExecStart=/usr/bin/plymouth-unsealtotp /sys/firmware/efi/efivars/TPMTOTP-6d6a372e-bd74-4ede-975d-df44eccf8226 /etc/tpmtotp 11 | Restart=no 12 | 13 | [Install] 14 | WantedBy=sysinit.target 15 | -------------------------------------------------------------------------------- /unsealtotp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Retrieve the sealed file from the NVRAM, unseal it and compute the totp 3 | 4 | die() { 5 | echo >&2 "$@" 6 | rm /tmp/sealed /tmp/secret 2>&- 7 | exit 1 8 | } 9 | 10 | tpm nv_readvalue \ 11 | -in 4d47 \ 12 | -sz 312 \ 13 | -of /tmp/sealed \ 14 | || die "Unable to retrieve sealed file from TPM NV" 15 | 16 | tpm unsealfile \ 17 | -hk 40000000 \ 18 | -if /tmp/sealed \ 19 | -of /tmp/secret \ 20 | || die "Unable to unseal totp secret" 21 | 22 | rm /tmp/sealed 23 | 24 | totp < /tmp/secret \ 25 | || die "Unable to compute TOTP hash" 26 | 27 | rm /tmp/secret 28 | -------------------------------------------------------------------------------- /util/tpm_command.h: -------------------------------------------------------------------------------- 1 | /** \file 2 | * Constructor to keep track of the TPM functions that 3 | * we have linked into the tpm busybox-like mega binary. 4 | * 5 | * This saves several hundred KB of space in the initrd. 6 | */ 7 | #pragma once 8 | 9 | typedef struct tpm_command tpm_command_t; 10 | 11 | struct tpm_command { 12 | const char * name; 13 | int (*main)(int argc, char *argv[]); 14 | void (*help)(void); 15 | tpm_command_t * next; 16 | }; 17 | 18 | extern tpm_command_t * tpm_commands; 19 | 20 | #define tpm_command_register(name,main,help) \ 21 | static void \ 22 | __attribute__((constructor)) \ 23 | tpm_command_register(void) \ 24 | { \ 25 | static tpm_command_t cmd = { name, main, help, NULL }; \ 26 | cmd.next = tpm_commands; \ 27 | tpm_commands = &cmd; \ 28 | } \ 29 | 30 | -------------------------------------------------------------------------------- /util/tpm_command.c: -------------------------------------------------------------------------------- 1 | /** \file 2 | * busybox like wrapper for the various TPM commands. 3 | */ 4 | 5 | #include 6 | #include 7 | #include "tpm_command.h" 8 | 9 | tpm_command_t * tpm_commands; 10 | 11 | int main(int argc, char **argv) 12 | { 13 | tpm_command_t * cmd = tpm_commands; 14 | 15 | if (argc == 1) 16 | { 17 | // display all the commands 18 | while(cmd) 19 | { 20 | printf("%s\n", cmd->name); 21 | cmd = cmd->next; 22 | } 23 | 24 | return 0; 25 | } 26 | 27 | const char * cmd_name = argv[1]; 28 | argc--; 29 | argv++; 30 | 31 | // find the command 32 | while(cmd) 33 | { 34 | if (strcmp(cmd_name, cmd->name) == 0) 35 | return cmd->main(argc, argv); 36 | cmd = cmd->next; 37 | } 38 | 39 | // here? oops 40 | fprintf(stderr, "%s: no such command\n", cmd_name); 41 | return -1; 42 | } 43 | -------------------------------------------------------------------------------- /dracut/module-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | check() { 4 | require_binaries unsealtotp 5 | if [ ! -f /etc/tpmtotp ] && [ ! -f /sys/firmware/efi/efivars/TPMTOTP-6d6a372e-bd74-4ede-975d-df44eccf8226 ]; then 6 | return 1; 7 | fi 8 | } 9 | 10 | depends() { 11 | echo plymouth 12 | } 13 | 14 | install() { 15 | inst_simple /usr/bin/plymouth-unsealtotp 16 | if [ -f /etc/tpmtotp ]; then 17 | inst_simple /etc/tpmtotp 18 | fi 19 | inst_simple "/etc/adjtime" 20 | inst_simple "/etc/localtime" 21 | inst_simple "${systemdsystemunitdir}/tpmtotp.service" 22 | inst_libdir_file "plymouth/label.so" 23 | inst_simple "/usr/share/fonts/dejavu/DejaVuSans.ttf" 24 | instmods tpm_tis 25 | mkdir -p "${initdir}${systemdsystemconfdir}/sysinit.target.wants" 26 | ln_r "${systemdsystemunitdir}/tpmtotp.service" "${systemdsystemconfdir}/sysinit.target.wants/" 27 | } 28 | -------------------------------------------------------------------------------- /hotp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Read a secret from stdin and generate the HOTP hash based on the time. 3 | * 4 | */ 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include "oath.h" 15 | #include 16 | 17 | 18 | int main(int argc, char *argv[]) 19 | { 20 | if (argc < 2) 21 | { 22 | fprintf(stderr, "Usage: %s \n", argv[0]); 23 | return -1; 24 | } 25 | 26 | const size_t keylen = 20; 27 | unsigned char key[keylen]; 28 | uint32_t increment = atoi(argv[1]); 29 | 30 | // this will fail on partial reads, unlikely 31 | ssize_t rc = read(0, key, sizeof(key)); 32 | 33 | if (rc < 0) 34 | { 35 | perror("stdin"); 36 | return -1; 37 | } 38 | 39 | if (rc != (ssize_t) keylen) 40 | { 41 | fprintf(stderr, "Expected %zu bytes, read %zu\n", 42 | keylen, 43 | rc 44 | ); 45 | return -1; 46 | } 47 | 48 | uint32_t token = hotp_calc(increment, key, keylen); 49 | 50 | printf("%06d\n", token); 51 | 52 | return 0; 53 | } 54 | -------------------------------------------------------------------------------- /base32-main.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Translate stdin into base32 3 | */ 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include "base32.h" 14 | 15 | 16 | int main(int argc, char *argv[]) 17 | { 18 | (void) argc; 19 | (void) argv; 20 | 21 | const size_t max_len = 65536; 22 | unsigned char blob[max_len]; 23 | 24 | size_t offset = 0; 25 | while(offset < sizeof(blob)) 26 | { 27 | ssize_t rc = read(0, blob+offset, sizeof(blob) - offset); 28 | if (rc < 0) 29 | { 30 | perror("stdin"); 31 | return -1; 32 | } 33 | if (rc == 0) 34 | break; 35 | 36 | offset += rc; 37 | } 38 | 39 | if (offset == sizeof(blob)) 40 | { 41 | fprintf(stderr, "Truncated data? max len %zu\n", sizeof(blob)); 42 | return -1; 43 | } 44 | 45 | 46 | size_t base32_len = BASE32_LEN(offset); 47 | unsigned char output[base32_len+1]; 48 | base32_encode(blob, offset, output); 49 | 50 | output[base32_len] = '\0'; 51 | printf("%s", output); 52 | 53 | return 0; 54 | } 55 | -------------------------------------------------------------------------------- /totp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Read a secret from stdin and generate the TOTP hash based on the time. 3 | * 4 | */ 5 | 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include "oath.h" 15 | 16 | 17 | int main(int argc, char *argv[]) 18 | { 19 | int show_date = 1; 20 | if (argc > 1 && strcmp(argv[1], "-q") == 0) 21 | show_date = 0; 22 | 23 | const size_t keylen = 20; 24 | unsigned char key[keylen]; 25 | 26 | // this will fail on partial reads, unlikely 27 | ssize_t rc = read(0, key, sizeof(key)); 28 | 29 | if (rc < 0) 30 | { 31 | perror("stdin"); 32 | return -1; 33 | } 34 | 35 | if (rc != (ssize_t) keylen) 36 | { 37 | fprintf(stderr, "Expected %zu bytes, read %zu\n", 38 | keylen, 39 | rc 40 | ); 41 | return -1; 42 | } 43 | 44 | time_t now = time(NULL); 45 | char time_str[128]; 46 | strftime(time_str, sizeof(time_str), "%Y-%m-%d %H:%M:%S", localtime(&now)); 47 | uint32_t token = oauth_calc(now, key, keylen); 48 | 49 | if (show_date) 50 | printf("%s: %06d\n", time_str, token); 51 | else 52 | printf("%06d\n", token); 53 | 54 | return 0; 55 | } 56 | -------------------------------------------------------------------------------- /libtpm/Makefile: -------------------------------------------------------------------------------- 1 | EXTRA_CFLAGS = \ 2 | -Werror=implicit-function-declaration \ 3 | -fPIC \ 4 | -Wall \ 5 | -O3 \ 6 | -Wp,-MMD,$(dir $@).$(notdir $@).d \ 7 | -Wp,-MT,$@ \ 8 | -DTPM_POSIX=1 \ 9 | -DTPM_NV_DISK=1 \ 10 | -DTPM_AES=1 \ 11 | -DTPM_V12=1 \ 12 | -DTPM_USE_TAG_IN_STRUCTURE=1 \ 13 | -DTPM_USE_CHARDEV=1 \ 14 | $(CONFIG_OPENSSL) \ 15 | -I. \ 16 | 17 | LIBRARY = libtpm.so 18 | 19 | HEADERS = tpmfunc.h tpm.h tpmkeys.h 20 | 21 | EXTRA_DIST = hmac.h oiaposap.h pcrs.h tpmutil.h 22 | 23 | SOURCES = \ 24 | auditing.c \ 25 | chgauth.c \ 26 | context.c \ 27 | counter.c \ 28 | daa.c \ 29 | debug.c \ 30 | dir.c \ 31 | eviction.c \ 32 | hmac.c \ 33 | identity.c \ 34 | maintenance.c \ 35 | management.c \ 36 | migrate.c \ 37 | miscfunc.c \ 38 | oiaposap.c \ 39 | optin.c \ 40 | owner.c \ 41 | ownertpmdiag.c \ 42 | raw.c \ 43 | rng.c \ 44 | serialize.c \ 45 | session.c \ 46 | sha.c \ 47 | signature.c \ 48 | startup.c \ 49 | testing.c \ 50 | ticks.c \ 51 | tpmutil.c \ 52 | tpmutil_sock.c \ 53 | tpmutil_tty.c \ 54 | tpmutil_unixio.c \ 55 | tpmutil_libtpms.c \ 56 | transport.c \ 57 | seal.c \ 58 | keys.c \ 59 | pcrs.c \ 60 | bind.c \ 61 | delegation.c \ 62 | keyswap.c \ 63 | nv.c \ 64 | 65 | 66 | OBJECTS = $(SOURCES:.c=.o) 67 | 68 | $(LIBRARY): $(OBJECTS) 69 | @-$(RM) "$@" 70 | $(CC) -shared -o "$@" $^ 71 | 72 | %.o: %.c 73 | $(CC) $(EXTRA_CFLAGS) $(CFLAGS) -o $@ -c $< 74 | 75 | clean: 76 | $(RM) -f *.o *.a 77 | 78 | 79 | -include .*.o.d 80 | -------------------------------------------------------------------------------- /sealtotp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Generate a random secret, seal it with the PCRs 3 | # and write it to the TPM NVRAM. 4 | # 5 | # Pass in a hostname if you want to change it from the default string 6 | # 7 | 8 | die() { 9 | echo >&2 "$@" 10 | exit 1 11 | } 12 | 13 | warn() { 14 | echo >&2 "$@" 15 | } 16 | 17 | HOST="$1" 18 | if [ -z "$HOST" ]; then 19 | HOST="TPMTOTP" 20 | fi 21 | 22 | dd \ 23 | if=/dev/urandom \ 24 | of=/tmp/secret \ 25 | count=1 \ 26 | bs=20 \ 27 | 2>/dev/null \ 28 | || die "Unable to generate 20 random bytes" 29 | 30 | secret="`base32 < /tmp/secret`" 31 | 32 | # Use the current values of the PCRs, which will be read 33 | # from the TPM as part of the sealing ("X"). 34 | # should this read the storage root key? 35 | tpm sealfile2 \ 36 | -if /tmp/secret \ 37 | -of /tmp/sealed \ 38 | -hk 40000000 \ 39 | -ix 0 X \ 40 | -ix 1 X \ 41 | -ix 2 X \ 42 | -ix 3 X \ 43 | -ix 4 0000000000000000000000000000000000000000 \ 44 | || die "Unable to seal secret" 45 | 46 | rm /tmp/secret 47 | 48 | # to create an nvram space we need the TPM owner password 49 | # and the TPM physical presence must be asserted. 50 | # 51 | # The permissions are 0 since there is nothing special 52 | # about the sealed file 53 | tpm physicalpresence -s \ 54 | || warn "Warning: Unable to assert physical presence" 55 | 56 | read -s -p "TPM Owner password: " tpm_password 57 | echo 58 | 59 | tpm nv_definespace \ 60 | -in 4d47 \ 61 | -sz 312 \ 62 | -pwdo "$tpm_password" \ 63 | -per 0 \ 64 | || die "Warning: Unable to define NVRAM space; trying anyway" 65 | 66 | 67 | tpm nv_writevalue \ 68 | -in 4d47 \ 69 | -if /tmp/sealed \ 70 | || die "Unable to write sealed secret to NVRAM" 71 | 72 | rm /tmp/sealed 73 | 74 | url="otpauth://totp/$HOST?secret=$secret" 75 | 76 | qrenc "$url" 77 | #echo "$url" 78 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | CFLAGS += \ 2 | -ggdb \ 3 | -O3 \ 4 | -Wp,-MMD,$(dir $@).$(notdir $@).d \ 5 | -Wp,-MT,$@ \ 6 | -W \ 7 | -Wall \ 8 | -Wextra \ 9 | -std=c99 \ 10 | -DTPM_POSIX=1 \ 11 | -DTPM_NV_DISK=1 \ 12 | -DTPM_AES=1 \ 13 | -DTPM_V12=1 \ 14 | -DTPM_USE_TAG_IN_STRUCTURE=1 \ 15 | -DTPM_USE_CHARDEV=1 \ 16 | -I ./libtpm \ 17 | 18 | 19 | PLYMOUTH_CFLAGS = `pkg-config --cflags ply-boot-client` 20 | 21 | #LDLIBS=-Llibtpm -ltpm -loath /usr/lib/x86_64-linux-gnu/libcrypto.a -ldl 22 | #LDLIBS=-Llibtpm -ltpm -loath ../libressl-2.4.1/crypto/.libs/libcrypto.a -ldl 23 | #LDLIBS=-Llibtpm -ltpm -loath ../mbedtls-2.3.0/library/libmbedcrypto.a -ldl 24 | LDLIBS=-L../mbedtls-2.3.0/library/ -lmbedcrypto -ldl 25 | 26 | PLYMOUTH_LDLIBS = `pkg-config --libs ply-boot-client` 27 | 28 | APPS=qrenc totp hotp base32 29 | 30 | all: $(APPS) extra 31 | 32 | extra: 33 | $(MAKE) -C util 34 | 35 | libtpm/libtpm.a: 36 | $(MAKE) -C libtpm 37 | 38 | unsealtotp: unsealtotp.o oath.o 39 | totp: totp.o oath.o 40 | hotp: hotp.o oath.o 41 | base32: base32-main.o base32.o 42 | 43 | plymouth-unsealtotp: plymouth-unsealtotp.c 44 | $(CC) $(CFLAGS) $(PLYMOUTH_CFLAGS) -o $@ $< $(PLYMOUTH_LDLIBS) $(LDLIBS) 45 | 46 | qrenc: qrenc.c 47 | $(CC) \ 48 | $(CFLAGS) \ 49 | -I../qrencode-3.4.4 \ 50 | -o $@ \ 51 | $^ \ 52 | $(LDFLAGS) \ 53 | -lqrencode \ 54 | 55 | sealtotp: sealtotp.c base32.c 56 | $(CC) \ 57 | $(CFLAGS) \ 58 | -I../qrencode-3.4.4 \ 59 | -o $@ \ 60 | $^ \ 61 | ../qrencode-3.4.4/.libs/libqrencode.so \ 62 | $(LDLIBS) 63 | 64 | clean: 65 | rm -f *.o $(APPS) 66 | $(MAKE) -C libtpm clean 67 | $(MAKE) -C util clean 68 | 69 | install: 70 | install sealtotp unsealtotp plymouth-unsealtotp /usr/bin/ 71 | install -D dracut/module-setup.sh /usr/lib/dracut/modules.d/60tpmtotp/module-setup.sh 72 | install -m 0644 tpmtotp.service /lib/systemd/system 73 | systemctl enable tpmtotp.service 74 | 75 | uninstall: 76 | rm /usr/bin/sealtotp /usr/bin/unsealtotp /usr/bin/plymouth-unsealtotp 77 | rm -rf /usr/lib/dracut/modules.d/60tpmtotp/ 78 | rm /lib/systemd/system/tpmtotp.service 79 | 80 | -include .*.o.d 81 | -------------------------------------------------------------------------------- /libtpm/pcrs.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM PCR Routines */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: pcrs.h 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef PCRS_H 41 | #define PCRS_H 42 | 43 | #define TPM_PCR_NUM 16 /* number of PCR registers supported */ 44 | #define TPM_PCR_MASK_SIZE 2 /* size in bytes of PCR bit mask */ 45 | 46 | uint32_t TPM_PcrRead(uint32_t pcrindex, unsigned char *pcrvalue); 47 | //uint32_t TSS_GenPCRInfo(uint32_t pcrmap, unsigned char *pcrinfo, unsigned int *len); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /unsealtotp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sealtotp - generate a TOTP secret and seal it to the local TPM 3 | * 4 | * Copyright 2015 Matthew Garrett 5 | * 6 | * Portions derived from unsealfile.c by J. Kravitz and Copyright (C) 2004 IBM 7 | * Corporation 8 | * 9 | */ 10 | 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include "tpmfunc.h" 20 | #include "oath.h" 21 | 22 | #define keylen 20 23 | uint8_t key[keylen]; 24 | const char efivarfs[] = "/sys/firmware/efi/efivars/"; 25 | 26 | int main(int argc, char *argv[]) 27 | { 28 | int ret; 29 | struct stat sbuf; 30 | uint32_t parhandle; /* handle of parent key */ 31 | unsigned char blob[4096]; /* resulting sealed blob */ 32 | unsigned int bloblen = 322; /* blob length */ 33 | unsigned char passptr1[20] = {0}; 34 | int fd, outlen, i; 35 | char totp[7]; 36 | parhandle = 0x40000000; 37 | 38 | ret = TPM_NV_ReadValue(0x00004d47, 0, 322, blob, &bloblen, NULL); 39 | if (ret) { 40 | for (i=1; i 42 | #include 43 | 44 | #include "tpmfunc.h" 45 | 46 | void print_array(const char *name, const unsigned char *data, unsigned int len) 47 | { 48 | unsigned int i = 0; 49 | printf("%s \n",name); 50 | while (i < len) { 51 | printf("0x%02X ",data[i]); 52 | i++; 53 | if (0 == (i & 0xf)) { 54 | printf("\n"); 55 | } 56 | } 57 | printf("\n"); 58 | } 59 | -------------------------------------------------------------------------------- /util/resetestbit.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM ResetEstablishmentBit */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: resetestbit.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | 54 | int main(int argc, char *argv[]) 55 | { 56 | int ret; 57 | (void)argc; 58 | (void)argv; 59 | 60 | TPM_setlog(0); 61 | 62 | ret = TPM_ResetEstablishmentBit(); 63 | 64 | 65 | if (0 != ret) { 66 | printf("ResetEstablishmentBit returned error '%s' (%d).\n", 67 | TPM_GetErrMsg(ret), 68 | ret); 69 | } 70 | 71 | 72 | exit(ret); 73 | } 74 | 75 | -------------------------------------------------------------------------------- /base32.h: -------------------------------------------------------------------------------- 1 | /** 2 | * base32 (de)coder implementation as specified by RFC4648. 3 | * 4 | * Copyright (c) 2010 Adrien Kunysz 5 | * 6 | * Permission is hereby granted, free of charge, to any person obtaining a copy 7 | * of this software and associated documentation files (the "Software"), to deal 8 | * in the Software without restriction, including without limitation the rights 9 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | * copies of the Software, and to permit persons to whom the Software is 11 | * furnished to do so, subject to the following conditions: 12 | * 13 | * The above copyright notice and this permission notice shall be included in 14 | * all copies or substantial portions of the Software. 15 | * 16 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | * THE SOFTWARE. 23 | **/ 24 | 25 | #ifndef __BASE32_H_ 26 | #define __BASE32_H_ 27 | 28 | #include // size_t 29 | 30 | /** 31 | * Returns the length of the output buffer required to encode len bytes of 32 | * data into base32. This is a macro to allow users to define buffer size at 33 | * compilation time. 34 | */ 35 | #define BASE32_LEN(len) (((len)/5)*8 + ((len) % 5 ? 8 : 0)) 36 | 37 | /** 38 | * Returns the length of the output buffer required to decode a base32 string 39 | * of len characters. Please note that len must be a multiple of 8 as per 40 | * definition of a base32 string. This is a macro to allow users to define 41 | * buffer size at compilation time. 42 | */ 43 | #define UNBASE32_LEN(len) (((len)/8)*5) 44 | 45 | /** 46 | * Encode the data pointed to by plain into base32 and store the 47 | * result at the address pointed to by coded. The "coded" argument 48 | * must point to a location that has enough available space 49 | * to store the whole coded string. The resulting string will only 50 | * contain characters from the [A-Z2-7=] set. The "len" arguments 51 | * define how many bytes will be read from the "plain" buffer. 52 | **/ 53 | void base32_encode(const unsigned char *plain, size_t len, unsigned char *coded); 54 | 55 | /** 56 | * Decode the null terminated string pointed to by coded and write 57 | * the decoded data into the location pointed to by plain. The 58 | * "plain" argument must point to a location that has enough available 59 | * space to store the whole decoded string. 60 | * Returns the length of the decoded string. This may be less than 61 | * expected due to padding. If an invalid base32 character is found 62 | * in the coded string, decoding will stop at that point. 63 | **/ 64 | size_t base32_decode(const unsigned char *coded, unsigned char *plain); 65 | 66 | #endif 67 | -------------------------------------------------------------------------------- /libtpm/hmac.h: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM HMAC */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: hmac.h 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #ifndef HMAC_H 41 | #define HMAC_H 42 | 43 | #include 44 | 45 | uint32_t TSS_authhmac(unsigned char *digest, unsigned char *key, unsigned int keylen, 46 | unsigned char *h1, unsigned char *h2, unsigned char h3,...); 47 | uint32_t TSS_checkhmac1(const struct tpm_buffer *tb, uint32_t command, unsigned char *ononce, 48 | unsigned char *key, unsigned int keylen, ...); 49 | uint32_t TSS_checkhmac1New(const struct tpm_buffer *tb, uint32_t command, session *sess, unsigned char *ononce, 50 | unsigned char *key, unsigned int keylen, ...); 51 | uint32_t TSS_checkhmac2(const struct tpm_buffer *tb, uint32_t command, 52 | unsigned char *ononce1, 53 | unsigned char *key1, unsigned int keylen1, 54 | unsigned char *ononce2, 55 | unsigned char *key2, unsigned int keylen2, ...); 56 | uint32_t TSS_rawhmac(unsigned char *digest, const unsigned char *key, unsigned int keylen, ...); 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /util/tpmreset.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Reset */ 4 | /* Written by J. Kravitz, S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpmreset.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | /* local prototypes */ 54 | void printUsage(void); 55 | 56 | int main(int argc, char *argv[]) 57 | { 58 | int ret; 59 | int i; /* argc iterator */ 60 | TPM_setlog(0); /* turn off verbose output */ 61 | 62 | for (i=1 ; i 41 | #include 42 | #include 43 | 44 | #include "tpm.h" 45 | #include "tpmutil.h" 46 | #include "tpmfunc.h" 47 | 48 | void printUsage(void); 49 | void printUsage(void) 50 | { 51 | printf("savestate\n"); 52 | printf("- Runs TPM_SaveState\n"); 53 | printf("\n"); 54 | printf("Usage: savestate\n"); 55 | printf("\n"); 56 | exit(-1); 57 | } 58 | 59 | int main(int argc, char *argv[]) 60 | { 61 | int ret = 0; 62 | int i; /* argc iterator */ 63 | TPM_setlog(0); /* turn off verbose output */ 64 | 65 | for (i=1 ; i 41 | #include 42 | #include 43 | 44 | #ifdef TPM_POSIX 45 | #include 46 | #endif 47 | #ifdef TPM_WINDOWS 48 | #include 49 | #endif 50 | 51 | #include "tpm.h" 52 | #include "tpmutil.h" 53 | #include "tpmfunc.h" 54 | 55 | /* local prototypes */ 56 | 57 | static void printUsage() { 58 | printf(" -v : to enable verbose output\n"); 59 | exit(-1); 60 | } 61 | 62 | int main(int argc, char *argv[]) 63 | { 64 | int ret = 0; 65 | int i = 1; 66 | 67 | TPM_setlog(0); /* turn off verbose output */ 68 | 69 | for (i=1 ; i 41 | #include 42 | #include 43 | 44 | #include "tpm.h" 45 | #include "tpmutil.h" 46 | #include "tpmfunc.h" 47 | 48 | /* local prototypes */ 49 | void printUsage(void); 50 | 51 | int main(int argc, char *argv[]) 52 | { 53 | int ret = 0; 54 | int i; /* argc iterator */ 55 | 56 | TPM_setlog(0); /* turn off verbose output */ 57 | 58 | for (i=1 ; i 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void printUsage() 54 | { 55 | printf("physicalenable:\n"); 56 | } 57 | 58 | 59 | 60 | static int mymain(int argc, char *argv[]) 61 | { 62 | int ret; 63 | int i; 64 | 65 | TPM_setlog(0); /* turn off verbose output */ 66 | for (i=1 ; i 41 | #include 42 | #include 43 | 44 | /* NOTE: The regression test_console.sh uses this output. Changes to print formats can change the 45 | test flow. 46 | */ 47 | 48 | int main(int argc, char *argv[]) 49 | { 50 | (void)argc; 51 | (void)argv; 52 | const char *env; 53 | 54 | #if defined TPM_USE_CHARDEV 55 | printf("Device: /dev/tpm0 TPM_USE_CHARDEV\n"); 56 | #elif defined XCRYPTO_USE_CCA 57 | printf("Device: CCA XCRYPTO_USE_CCA\n"); 58 | #elif defined TPM_USE_UNIXIO 59 | printf("Device: UnixIO socket TPM_USE_UNIXIO\n"); 60 | #else 61 | printf("Device: TCP socket\n"); 62 | #endif 63 | 64 | printf("Virtual TPM communication disabled\n"); 65 | #ifdef TPM_MAXIMUM_KEY_SIZE 66 | printf("Maximum supported key size is %d.\n",TPM_MAXIMUM_KEY_SIZE); 67 | #endif 68 | env = getenv("TPM_SERVER_PORT"); 69 | if (env == NULL) { 70 | printf("TPM_SERVER_PORT not set\n"); 71 | } 72 | else { 73 | printf("TPM_SERVER_PORT %s\n", env); 74 | } 75 | 76 | env = getenv("TPM_SERVER_NAME"); 77 | if (env == NULL) { 78 | printf("TPM_SERVER_NAME not set\n"); 79 | } 80 | else { 81 | printf("TPM_SERVER_NAME %s\n", env); 82 | } 83 | return 0; 84 | } 85 | -------------------------------------------------------------------------------- /util/physicaldisable.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM PhysicalDisable */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: physicaldisable.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void printUsage() 54 | { 55 | printf("physicaldisable:\n"); 56 | } 57 | 58 | int mymain(int argc, char *argv[]) 59 | { 60 | int ret; 61 | int i; 62 | 63 | TPM_setlog(0); /* turn off verbose output */ 64 | /* get the command line arguments */ 65 | for (i=1 ; i 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | uint32_t TPM_FlushSpecific(uint32_t handle, 58 | uint32_t resourceType) 59 | { 60 | uint32_t ret; 61 | uint32_t ordinal_no = htonl(TPM_ORD_FlushSpecific); 62 | uint32_t handle_no = htonl(handle); 63 | uint32_t resourceType_no = htonl(resourceType); 64 | STACK_TPM_BUFFER(tpmdata) 65 | 66 | #if 0 67 | if (resourceType == TPM_RT_KEY) { 68 | ret = needKeysRoom(handle, 0, 0, 0); 69 | if (ret != 0) { 70 | return ret; 71 | } 72 | } 73 | #endif 74 | 75 | ret = TSS_buildbuff("00 c1 T l l l",&tpmdata, 76 | ordinal_no, 77 | handle_no, 78 | resourceType_no); 79 | if ((ret & ERR_MASK)) { 80 | return ret; 81 | } 82 | 83 | ret = TPM_Transmit(&tpmdata,"FlushSpecific"); 84 | 85 | return ret; 86 | } 87 | -------------------------------------------------------------------------------- /libtpm/tpmutil_libtpms.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM LibTPMS Interface Functions */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: tpmutil_libtpms.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* IBM Confidential */ 9 | /* OCO Source Materials */ 10 | /* (c) Copyright IBM Corp. 2010 */ 11 | /* All Rights Reserved */ 12 | /* */ 13 | /* The source code for this program is not published or otherwise */ 14 | /* divested of its trade secrets, irrespective of what has been */ 15 | /* deposited with the U.S. Copyright Office. */ 16 | /* */ 17 | /********************************************************************************/ 18 | 19 | #ifdef TPM_USE_LIBTPMS 20 | 21 | #include 22 | #include 23 | #include 24 | 25 | #include "tpm_types.h" 26 | #include "tpm_error.h" 27 | 28 | #ifdef USE_IN_TREE_LIBTPMS 29 | 30 | #include "../../../src/tpm_library.h" 31 | 32 | #else 33 | 34 | #include 35 | 36 | #endif 37 | 38 | #include "tpmutil.h" 39 | #include "tpm_lowlevel.h" 40 | 41 | 42 | static uint32_t TPM_OpenLibTPMS(int *sockfd); 43 | static uint32_t TPM_CloseLibTPMS(int sockfd); 44 | static uint32_t TPM_SendLibTPMS(int sockfd, struct tpm_buffer *tb, 45 | const char *msg); 46 | static uint32_t TPM_ReceiveLibTPMS(int sockfd, struct tpm_buffer *tb); 47 | 48 | static struct tpm_transport libtpms_transport = { 49 | .open = TPM_OpenLibTPMS, 50 | .close = TPM_CloseLibTPMS, 51 | .send = TPM_SendLibTPMS, 52 | .recv = TPM_ReceiveLibTPMS, 53 | }; 54 | 55 | void TPM_LowLevel_TransportLibTPMS_Set(void) 56 | { 57 | TPM_LowLevel_Transport_Set(&libtpms_transport); 58 | } 59 | 60 | 61 | /* 62 | * Functions that implement the transport 63 | */ 64 | static uint32_t TPM_OpenLibTPMS(int *sockfd) 65 | { 66 | (void)sockfd; 67 | return 0; 68 | } 69 | 70 | static uint32_t TPM_CloseLibTPMS(int sockfd) 71 | { 72 | (void)sockfd; 73 | return 0; 74 | } 75 | 76 | 77 | static uint32_t TPM_SendLibTPMS(int sockfd, struct tpm_buffer *tb, 78 | const char *msg) 79 | { 80 | unsigned char *respbuffer = NULL; 81 | uint32_t resp_size; 82 | uint32_t respbufsize; 83 | uint32_t rc; 84 | char mymsg[1024]; 85 | 86 | (void)sockfd; 87 | 88 | snprintf(mymsg, sizeof(mymsg), "TPM_SendLibTPMS: To TPM [%s]", 89 | msg); 90 | 91 | showBuff(tb->buffer, mymsg); 92 | 93 | rc = TPMLIB_Process(&respbuffer, &resp_size, &respbufsize, 94 | tb->buffer, tb->used); 95 | 96 | if (rc != TPM_SUCCESS) 97 | return ERR_IO; 98 | 99 | if (tb->size < resp_size) 100 | return ERR_BUFFER; 101 | 102 | memcpy(tb->buffer, respbuffer, resp_size); 103 | tb->used = resp_size; 104 | 105 | free(respbuffer); 106 | 107 | snprintf(mymsg, sizeof(mymsg), "TPM_SendLibTPMS: From TPM [%s]", 108 | msg); 109 | 110 | showBuff(tb->buffer, mymsg); 111 | 112 | return 0; 113 | } 114 | 115 | 116 | static uint32_t TPM_ReceiveLibTPMS(int sockfd, struct tpm_buffer *tb) 117 | { 118 | /* 119 | * Doing everything in the transmit function 120 | */ 121 | (void)sockfd; 122 | (void)tb; 123 | return 0; 124 | } 125 | 126 | #endif /* TPM_USE_LIBTPMS */ 127 | 128 | -------------------------------------------------------------------------------- /util/disableforceclear.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM DisableForceClear */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: disableforceclear.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | void printUsage(void); 54 | 55 | void printUsage(void) 56 | { 57 | printf("disableforceclear \n"); 58 | printf("- Runs TPM_DisableForceClear\n"); 59 | printf("Disables TPM_ForceClear\n"); 60 | printf("\n"); 61 | printf("Usage: disableforceclear \n"); 62 | printf("\n"); 63 | exit(-1); 64 | } 65 | 66 | 67 | int main(int argc, char *argv[]) 68 | { 69 | int ret; 70 | int i; /* argc iterator */ 71 | TPM_setlog(0); /* turn off verbose output */ 72 | 73 | for (i=1 ; i 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | /* local prototypes */ 54 | void printUsage(void); 55 | 56 | static int mymain(int argc, char *argv[]) 57 | { 58 | int ret = 0; 59 | int i; 60 | 61 | TPM_setlog(0); 62 | 63 | for (i=1 ; i 5 | * Copyright 2015 Matthew Garrett 6 | * Copyright 2015 Andreas Fuchs, Fraunhofer SIT 7 | * 8 | * Portions derived from sealfile.c by J. Kravitz and Copyright (C) 2004 IBM 9 | * Corporation 10 | * 11 | * Portions derived from qrenc.c Copyright (C) 2006-2012 Kentaro Fukuchi 12 | * 13 | * 14 | * This program is free software; you can redistribute it and/or modify 15 | * it under the terms of the GNU General Public License as published by 16 | * the Free Software Foundation; either version 2 of the License, or 17 | * (at your option) any later version. 18 | */ 19 | 20 | #include 21 | #include 22 | #include 23 | #include 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include 29 | 30 | static int unicode_output = 1; 31 | static const int margin = 1; 32 | 33 | static const char * utf8(int cp) 34 | { 35 | static unsigned char buf[4]; 36 | 37 | buf[0] = 0xE0 | ((cp >> 12) & 0x0F); 38 | buf[1] = 0x80 | ((cp >> 6) & 0x3F); 39 | buf[2] = 0x80 | ((cp >> 0) & 0x3F); 40 | buf[3] = '\0'; 41 | 42 | return (const char*) buf; 43 | } 44 | 45 | 46 | static const char * block(int cp) 47 | { 48 | if (unicode_output) 49 | { 50 | if (cp == 0) 51 | return utf8(0x2588); 52 | if (cp == 1) 53 | return utf8(0x2580); 54 | if (cp == 2) 55 | return utf8(0x2584); 56 | if (cp == 3) 57 | return " "; 58 | } else { 59 | // code page whatever 60 | if (cp == 0) return "\xDB"; 61 | if (cp == 1) return "\xDC"; 62 | if (cp == 2) return "\xDF"; 63 | if (cp == 3) return " "; 64 | } 65 | 66 | return "--?"; 67 | } 68 | 69 | 70 | static int 71 | writeANSI( 72 | const QRcode * const qrcode, 73 | FILE * const fp 74 | ) 75 | { 76 | /* raw data */ 77 | const unsigned char * const p = qrcode->data; 78 | 79 | for(int y=0 ; y < margin ; y++) 80 | { 81 | for(int x=0; xwidth + 4 * margin; x++) 82 | fputs(block(0), fp); 83 | fputs("\n", fp); 84 | } 85 | 86 | for(int y=0; y < qrcode->width; y += 2) 87 | { 88 | const unsigned char * const row0 = p + (y+0)*qrcode->width; 89 | const unsigned char * const row1 = p + (y+1)*qrcode->width; 90 | 91 | for(int x=0; x < margin*2; x++ ) 92 | fputs(block(0), fp); 93 | 94 | for(int x=0; x < qrcode->width; x++) 95 | { 96 | int r0 = row0[x] & 0x1; 97 | int r1 = y < qrcode->width-1 ? row1[x] & 0x1 : 0; 98 | 99 | fputs(block(r0 << 1 | r1 << 0), fp); 100 | } 101 | 102 | for(int x=0; xwidth + 4 * margin; x++) 112 | fputs(block(1), fp); 113 | fputs("\n", fp); 114 | } 115 | 116 | return 0; 117 | } 118 | 119 | 120 | int main(int argc, char *argv[]) 121 | { 122 | const char * qr_string = ""; 123 | if (argc > 1) 124 | qr_string = argv[1]; 125 | 126 | if (strlen(qr_string) == 0) 127 | { 128 | fprintf(stderr, "%s: empty strings are not valid\n", argv[0]); 129 | return -1; 130 | } 131 | 132 | QRcode * qrcode = QRcode_encodeString( 133 | qr_string, 134 | 0, 135 | QR_ECLEVEL_L, 136 | QR_MODE_8, 137 | 1 138 | ); 139 | 140 | writeANSI(qrcode, stdout); 141 | return 0; 142 | } 143 | -------------------------------------------------------------------------------- /util/sha1start.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM SHA1Start Function */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: sha1start.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | /* This command creates a sha1context. It is used for VTPM migration testing */ 41 | 42 | #include 43 | #include 44 | #include 45 | #include 46 | 47 | #ifdef TPM_POSIX 48 | #include 49 | #endif 50 | #ifdef TPM_WINDOWS 51 | #include 52 | #endif 53 | 54 | #include "tpm.h" 55 | #include "tpmutil.h" 56 | #include "tpmfunc.h" 57 | #include "tpm_constants.h" 58 | #include "tpm_structures.h" 59 | 60 | /* local functions */ 61 | 62 | static void usage() { 63 | printf("Usage: sha1start\n" 64 | "\n"); 65 | exit(-1); 66 | } 67 | 68 | int main(int argc, char * argv[]) 69 | { 70 | int i = 1; 71 | uint32_t ret = 0; 72 | TPM_BOOL verbose = FALSE; 73 | uint32_t maxNumBytes = 0; /* return from TPM_SHA1Start */ 74 | 75 | TPM_setlog(0); 76 | 77 | while (i < argc) { 78 | if (!strcmp("-v",argv[i])) { 79 | TPM_setlog(1); 80 | verbose = TRUE; 81 | } else 82 | if (!strcmp("-h",argv[i])) { 83 | usage(); 84 | } else { 85 | printf("\n%s is not a valid option\n", argv[i]); 86 | usage(); 87 | } 88 | i++; 89 | } 90 | (void)verbose; 91 | 92 | /* Create the SHA1 context */ 93 | ret = TPM_SHA1Start(&maxNumBytes); 94 | if (0 != ret) { 95 | printf("Error from TPM_SHA1Start(): %d (0x%x)\n", 96 | ret, 97 | ret); 98 | exit(-1); 99 | } 100 | if (maxNumBytes < 64) { 101 | printf("The size parameter returned from TPM_SHA1Start() is bad.\n"); 102 | exit(-1); 103 | } 104 | return 0; 105 | } 106 | -------------------------------------------------------------------------------- /plymouth-unsealtotp.c: -------------------------------------------------------------------------------- 1 | /* 2 | * sealtotp - generate a TOTP secret and seal it to the local TPM 3 | * 4 | * Copyright 2015 Matthew Garrett 5 | * 6 | * Portions derived from unsealfile.c by J. Kravitz and Copyright (C) 2004 IBM 7 | * Corporation 8 | * 9 | */ 10 | 11 | 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include "tpmfunc.h" 20 | #include 21 | #include 22 | #include 23 | 24 | #define keylen 20 25 | char key[keylen]; 26 | static char efivarfs[] = "/sys/firmware/efi/efivars"; 27 | 28 | static ply_boot_client_t *ply_client; 29 | static ply_event_loop_t *ply_loop; 30 | 31 | static void on_failure(void* dummy) 32 | { 33 | ply_event_loop_exit(ply_loop, 0); 34 | } 35 | 36 | static void on_disconnect(void* dummy) 37 | { 38 | ply_event_loop_exit(ply_loop, 0); 39 | } 40 | 41 | static void display_totp() { 42 | int ret; 43 | char totp[7]; 44 | 45 | ret = oath_totp_generate(key, keylen, time(NULL), 30, 0, 6, totp); 46 | if (ret != 0) { 47 | fprintf(stderr, "Error generating totp value\n"); 48 | exit(-1); 49 | } 50 | ply_boot_client_tell_daemon_to_display_message (ply_client, 51 | totp, NULL, 52 | (ply_boot_client_response_handler_t) on_failure, NULL); 53 | } 54 | 55 | static void on_timeout(void* dummy) 56 | { 57 | time_t t = time(NULL); 58 | time_t delay; 59 | 60 | display_totp(); 61 | delay = 30 - (t % 30); 62 | ply_event_loop_watch_for_timeout(ply_loop, delay, on_timeout, NULL); 63 | } 64 | 65 | int main(int argc, char *argv[]) 66 | { 67 | int ret; 68 | struct stat sbuf; 69 | uint32_t parhandle; /* handle of parent key */ 70 | unsigned char blob[4096]; /* resulting sealed blob */ 71 | unsigned int bloblen = 322; /* blob length */ 72 | unsigned char passptr1[20] = {0}; 73 | int fd, outlen, i; 74 | time_t t, delay; 75 | 76 | parhandle = 0x40000000; 77 | 78 | ret = TPM_NV_ReadValue(0x10004d47, 0, 322, blob, &bloblen, NULL); 79 | if (ret != 0) { 80 | for (i=1; i 41 | #include 42 | #include 43 | 44 | #ifdef TPM_POSIX 45 | #include 46 | #endif 47 | #ifdef TPM_WINDOWS 48 | #include 49 | #endif 50 | 51 | #include "tpm.h" 52 | #include "tpmutil.h" 53 | #include "tpmfunc.h" 54 | 55 | /* local prototypes */ 56 | static void printUsage(void); 57 | 58 | 59 | static int mymain(int argc, char *argv[]) 60 | { 61 | int ret = 0; 62 | int i; /* argc iterator */ 63 | uint32_t len = 0; 64 | 65 | TPM_setlog(0); /* turn off verbose output */ 66 | 67 | for (i=1 ; (i 41 | #include 42 | #include 43 | 44 | #ifdef TPM_POSIX 45 | #include 46 | #endif 47 | #ifdef TPM_WINDOWS 48 | #include 49 | #endif 50 | 51 | #include "tpm.h" 52 | #include "tpmutil.h" 53 | #include "tpmfunc.h" 54 | 55 | /* local prototypes */ 56 | 57 | 58 | static void usage() { 59 | printf("Usage: revtrust -pwdk password [-v]\n" 60 | "\n" 61 | "-pwdk password : The password to be used with revoketrust\n" 62 | "-v : enables verbose mode\n" 63 | "\n"); 64 | exit(-1); 65 | } 66 | 67 | int main(int argc, char *argv[]) 68 | { 69 | int ret = 0; 70 | unsigned char *passptr1; 71 | char * password = NULL; 72 | unsigned char passhash1[20]; /* hash of password */ 73 | int i = 1; 74 | 75 | TPM_setlog(0); 76 | while (i < argc) { 77 | if (!strcmp(argv[i],"-pwdk")) { 78 | i++; 79 | if (i >= argc) { 80 | printf("Parameter missing!\n"); 81 | usage(); 82 | } 83 | password = argv[i]; 84 | } else 85 | if (!strcmp(argv[i],"-v")) { 86 | TPM_setlog(1); 87 | } else 88 | if (!strcmp(argv[i],"-h")) { 89 | usage(); 90 | } else { 91 | printf("\n%s is not a valid option\n", argv[i]); 92 | usage(); 93 | } 94 | i++; 95 | } 96 | 97 | if (password != NULL) { 98 | TSS_sha1(password,strlen(password),passhash1); 99 | passptr1 = passhash1; 100 | } else { 101 | printf("Missing parameter -pwdk\n"); 102 | exit(-1); 103 | } 104 | 105 | ret = TPM_RevokeTrust(passptr1); 106 | if (0 != ret) { 107 | printf("Error %s from TPM_RevokeTrust\n", 108 | TPM_GetErrMsg(ret)); 109 | } 110 | exit(ret); 111 | } 112 | 113 | -------------------------------------------------------------------------------- /util/settempdeactivated.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM SetTempDeactivated */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: settempdeactivated.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void printUsage() { 54 | printf("Usage: settempdeactivated [-pwdo ]\n"); 55 | printf("\n"); 56 | printf(" -pwdo : the TPM operator password\n"); 57 | printf(" -v : to enable verbose output\n"); 58 | printf("\n"); 59 | printf("Examples:\n"); 60 | printf("settempdeactivated -pwdo aaa \n"); 61 | exit(-1); 62 | } 63 | 64 | 65 | int main(int argc, char *argv[]) 66 | { 67 | unsigned char passhash1[TPM_HASH_SIZE]; 68 | unsigned char *passptr = NULL; 69 | char * operpass = NULL; 70 | int ret; 71 | int i = 1; 72 | 73 | TPM_setlog(0); 74 | 75 | for (i=1 ; i 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include 50 | #include 51 | #include 52 | #include 53 | #include 54 | #include 55 | #include 56 | 57 | uint32_t TPM_Startup(uint16_t type) 58 | { 59 | uint32_t ret; 60 | uint32_t ordinal_no = htonl(TPM_ORD_Startup); 61 | STACK_TPM_BUFFER(tpmdata) 62 | uint16_t type_no = htons(type); 63 | 64 | ret = TSS_buildbuff("00 c1 T l s",&tpmdata, 65 | ordinal_no, 66 | type_no); 67 | if ((ret & ERR_MASK)) { 68 | return ret; 69 | } 70 | 71 | ret = TPM_Transmit(&tpmdata,"Startup"); 72 | 73 | if (ret == 0 && tpmdata.used != 10) { 74 | ret = ERR_BAD_RESP; 75 | } 76 | 77 | return ret; 78 | } 79 | 80 | uint32_t TPM_SaveState() 81 | { 82 | uint32_t ret; 83 | uint32_t ordinal_no = htonl(TPM_ORD_SaveState); 84 | STACK_TPM_BUFFER(tpmdata) 85 | 86 | ret = TSS_buildbuff("00 c1 T l",&tpmdata, 87 | ordinal_no); 88 | if ((ret & ERR_MASK)) { 89 | return ret; 90 | } 91 | 92 | ret = TPM_Transmit(&tpmdata,"SaveState"); 93 | 94 | if (ret == 0 && tpmdata.used != 10) { 95 | ret = ERR_BAD_RESP; 96 | } 97 | 98 | return ret; 99 | } 100 | 101 | uint32_t TPM_Init() 102 | { 103 | uint32_t ret; 104 | uint32_t ordinal_no = htonl(TPM_ORD_Init); 105 | STACK_TPM_BUFFER(tpmdata); 106 | 107 | ret = TSS_buildbuff("00 c1 T l",&tpmdata, 108 | ordinal_no); 109 | if ((ret & ERR_MASK)) { 110 | return ret; 111 | } 112 | 113 | ret = TPM_Transmit(&tpmdata,"Init"); 114 | 115 | return ret; 116 | } 117 | -------------------------------------------------------------------------------- /util/setoperatorauth.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM SetOperatorAuth */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: setoperatorauth.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void usage() { 54 | printf("Usage: setoperatorauth -pwdo [-e]\n"); 55 | printf("\n"); 56 | printf(" -pwdo pwd : the TPM operator password\n"); 57 | printf(" -v : to enable verbose output\n"); 58 | printf("\n"); 59 | printf("Examples:\n"); 60 | printf("setoperatorauth -pwdo aaa \n"); 61 | exit(-1); 62 | } 63 | 64 | 65 | int main(int argc, char *argv[]) 66 | { 67 | unsigned char passhash1[20]; 68 | char * operpass = NULL; 69 | int ret; 70 | 71 | int i = 1; 72 | 73 | TPM_setlog(0); 74 | 75 | while (i < argc) { 76 | if (!strcmp("-pwdo",argv[i])) { 77 | i++; 78 | if (i < argc) { 79 | operpass = argv[i]; 80 | } else { 81 | printf("Missing parameter for -pwdo.\n"); 82 | usage(); 83 | } 84 | } else 85 | if (!strcmp("-v",argv[i])) { 86 | TPM_setlog(1); 87 | } else 88 | if (!strcmp("-h",argv[i])) { 89 | usage(); 90 | } else { 91 | printf("\n%s is not a valid option\n", argv[i]); 92 | usage(); 93 | } 94 | i++; 95 | } 96 | 97 | if (NULL == operpass) { 98 | printf("Missing -pwdo argument.\n"); 99 | usage(); 100 | } 101 | 102 | if (NULL != operpass) { 103 | TSS_sha1(operpass,strlen(operpass),passhash1); 104 | } 105 | 106 | 107 | ret = TPM_SetOperatorAuth(passhash1); 108 | 109 | 110 | if (0 != ret) { 111 | printf("TPM_SetOperatorAuth returned error '%s' (%d).\n", 112 | TPM_GetErrMsg(ret), 113 | ret); 114 | } 115 | 116 | 117 | exit(ret); 118 | } 119 | 120 | -------------------------------------------------------------------------------- /util/listkeys.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM List Key Handles */ 4 | /* Written by J. Kravitz, S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: listkeys.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #ifdef TPM_POSIX 43 | #include 44 | #endif 45 | #ifdef TPM_WINDOWS 46 | #include 47 | #endif 48 | #include "tpmfunc.h" 49 | 50 | /* local prototypes */ 51 | static void printUsage(void); 52 | 53 | static int mymain(int argc, char *argv[]) 54 | { 55 | int ret = 0; 56 | uint32_t handle; 57 | int listsize; 58 | int offset; 59 | int i; /* argc iterator */ 60 | TPM_setlog(0); /* turn off verbose output */ 61 | 62 | for (i=1 ; i 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void print_usage(void); 54 | 55 | static int mymain(int argc, char *argv[]) 56 | { 57 | int ret = 0; 58 | int i; /* argc iterator */ 59 | TPM_BOOL state = TRUE; 60 | 61 | TPM_setlog(0); /* turn off verbose output */ 62 | 63 | for (i=1 ; (i 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | 54 | static void usage() { 55 | printf("Usage: dirread -in \n" 56 | "\n" 57 | "-in index : The index of the DIR to read from - in hex\n" 58 | "\n" 59 | "Examples:\n" 60 | "dirread -in 0\n"); 61 | exit(-1); 62 | } 63 | 64 | 65 | 66 | int main(int argc, char *argv[]) 67 | { 68 | unsigned char data[TPM_HASH_SIZE]; 69 | int ret; 70 | int index = -1; 71 | int j = 0; 72 | int i = 1; 73 | 74 | TPM_setlog(0); 75 | 76 | while (i < argc) { 77 | if (!strcmp("-in",argv[i])) { 78 | i++; 79 | if (i < argc) { 80 | if (1 != sscanf(argv[i],"%x",&index)) { 81 | printf("Could not parse the index number.\n"); 82 | exit(-1); 83 | } 84 | } else { 85 | printf("Missing parameter for -in.\n"); 86 | usage(); 87 | } 88 | } 89 | else if (!strcmp("-v",argv[i])) { 90 | TPM_setlog(1); 91 | } 92 | else if (!strcmp("-h",argv[i])) { 93 | usage(); 94 | } 95 | else { 96 | printf("\n%s is not a valid option\n",argv[i]); 97 | usage(); 98 | } 99 | i++; 100 | } 101 | if (index == -1) { 102 | printf("Missing -in parameter\n"); 103 | usage(); 104 | } 105 | 106 | ret = TPM_DirRead(index, data); 107 | 108 | 109 | if (0 != ret) { 110 | printf("DirRead returned error '%s'.\n", 111 | TPM_GetErrMsg(ret)); 112 | } else { 113 | printf("Content of DIR %d: ",index); 114 | while (j < (int)sizeof(data)) { 115 | printf("%02x",data[j]); 116 | j++; 117 | } 118 | printf("\n"); 119 | } 120 | 121 | exit(ret); 122 | } 123 | 124 | -------------------------------------------------------------------------------- /util/selftest.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TCPA Self-test the TPM */ 4 | /* Written by Stefan Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: selftest.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | 44 | #ifdef TPM_POSIX 45 | #include 46 | #endif 47 | #ifdef TPM_WINDOWS 48 | #include 49 | #endif 50 | 51 | #include "tpm.h" 52 | #include "tpmutil.h" 53 | #include "tpmfunc.h" 54 | 55 | /* local prototypes */ 56 | void printUsage(void); 57 | 58 | 59 | int main(int argc, char *argv[]) 60 | { 61 | int ret = 0; 62 | int i; /* argc iterator */ 63 | TPM_setlog(0); /* turn off verbose output */ 64 | 65 | for (i=1 ; i 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void usage() { 54 | printf("Usage: killmaintenancefeature -pwdo [-v]\n"); 55 | printf("\n"); 56 | printf(" -pwdo pwd : the TPM owner password\n"); 57 | printf(" -v : to enable verbose output\n"); 58 | printf("\n"); 59 | printf("Examples:\n"); 60 | printf("killmaintenancefeature -pwdo aaa \n"); 61 | exit(-1); 62 | } 63 | 64 | 65 | int main(int argc, char *argv[]) 66 | { 67 | unsigned char passhash1[20]; 68 | char * ownerpass = NULL; 69 | int ret; 70 | int verbose = FALSE; 71 | 72 | int i = 1; 73 | 74 | TPM_setlog(0); 75 | 76 | while (i < argc) { 77 | if (!strcmp("-pwdo",argv[i])) { 78 | i++; 79 | if (i < argc) { 80 | ownerpass = argv[i]; 81 | } else { 82 | printf("Missing parameter for -pwdo.\n"); 83 | usage(); 84 | } 85 | } 86 | else if (!strcmp("-v",argv[i])) { 87 | verbose = TRUE; 88 | TPM_setlog(1); 89 | } 90 | else if (!strcmp("-h",argv[i])) { 91 | usage(); 92 | } 93 | else { 94 | printf("\n%s is not a valid option\n", argv[i]); 95 | usage(); 96 | } 97 | i++; 98 | } 99 | (void)verbose; 100 | 101 | if (NULL == ownerpass) { 102 | printf("Missing -pwdo argument.\n"); 103 | usage(); 104 | } 105 | 106 | if (NULL != ownerpass) { 107 | TSS_sha1(ownerpass,strlen(ownerpass),passhash1); 108 | } 109 | 110 | 111 | ret = TPM_KillMaintenanceFeature(passhash1); 112 | 113 | 114 | if (0 != ret) { 115 | printf("KillMaintenanceFeature returned error '%s' (%d).\n", 116 | TPM_GetErrMsg(ret), 117 | ret); 118 | } 119 | 120 | exit(ret); 121 | } 122 | -------------------------------------------------------------------------------- /util/sha1parts.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* SHA1 test that can send in 4 parts */ 4 | /* Written by Ken Goldman */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: sha1parts.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* IBM Confidential */ 9 | /* OCO Source Materials */ 10 | /* (c) Copyright IBM Corp. 2010 */ 11 | /* All Rights Reserved */ 12 | /* */ 13 | /* The source code for this program is not published or otherwise */ 14 | /* divested of its trade secrets, irrespective of what has been */ 15 | /* deposited with the U.S. Copyright Office. */ 16 | /* */ 17 | /********************************************************************************/ 18 | 19 | #include 20 | #include 21 | #include 22 | 23 | #include "tpm_structures.h" 24 | #include "tpmfunc.h" 25 | 26 | int getArgs(int *start, 27 | int *update, 28 | int *complete, 29 | int *verbose, 30 | int argc, 31 | char **argv); 32 | void printUsage(void); 33 | 34 | int main(int argc, char** argv) 35 | { 36 | int rc = 0; 37 | int start; 38 | int update; 39 | int complete; 40 | int verbose; 41 | 42 | unsigned char buffer1[] = "1234567890123456789012345678901234567890123456789012345678901234"; 43 | unsigned char buffer2[] = "12345678901234567890123456789012"; 44 | unsigned char expect[] = {0xbf, 0x63, 0xee, 0xe7, 0x1c, 0x21, 0x1f, 0x83, 45 | 0xc9, 0x63, 0xf1, 0x41, 0xd2, 0xff, 0xd4, 0x0a, 46 | 0x01, 0x9f, 0xb0, 0x90}; 47 | TPM_DIGEST actual; 48 | int not_equal; 49 | uint32_t maxNumBytes = 0; /* return from TPM_SHA1Start */ 50 | 51 | /* get caller's command line arguments */ 52 | if (rc == 0) { 53 | rc = getArgs(&start, 54 | &update, 55 | &complete, 56 | &verbose, 57 | argc, argv); 58 | } 59 | if ((rc == 0) && start) { 60 | rc = TPM_SHA1Start(&maxNumBytes); /* ignore, buffer is small */ 61 | if (rc != 0) { 62 | printf("sha1parts: Error in TPM_SHA1Start\n"); 63 | } 64 | } 65 | if ((rc == 0) && update) { 66 | rc = TPM_SHA1Update(buffer1, 64); 67 | if (rc != 0) { 68 | printf("sha1parts: Error in TPM_SHA1Update\n"); 69 | } 70 | } 71 | if ((rc == 0) && complete) { 72 | rc = TPM_SHA1Complete(buffer2, 32, actual); 73 | if (rc != 0) { 74 | printf("sha1parts: Error in TPM_SHA1Complete\n"); 75 | } 76 | } 77 | if ((rc == 0) && complete) { 78 | not_equal = memcmp(expect, actual, TPM_DIGEST_SIZE); 79 | if (not_equal) { 80 | printf("sha1parts: Error in digest\n"); 81 | rc = -1; 82 | } 83 | } 84 | if (rc != 0) { 85 | printf("sha1parts: Error\n"); 86 | } 87 | return rc; 88 | } 89 | 90 | /* getArgs() gets the command line arguments from the framework. 91 | */ 92 | 93 | int getArgs(int *start, 94 | int *update, 95 | int *complete, 96 | int *verbose, 97 | int argc, 98 | char **argv) 99 | { 100 | long rc = 0; 101 | int i; 102 | 103 | /* command line argument defaults */ 104 | *start = FALSE; 105 | *update = FALSE; 106 | *complete = FALSE; 107 | TPM_setlog(0); 108 | 109 | /* get the command line arguments */ 110 | for (i = 1 ; (i < argc) && (rc == 0) ; i++) { 111 | if (strcmp(argv[i],"-s") == 0) { 112 | *start = TRUE; 113 | } 114 | else if (strcmp(argv[i],"-u") == 0) { 115 | *update = TRUE; 116 | } 117 | else if (strcmp(argv[i],"-c") == 0) { 118 | *complete = TRUE; 119 | } 120 | else if (strcmp(argv[i],"-h") == 0) { 121 | printUsage(); 122 | } 123 | else if (strcmp(argv[i],"-v") == 0) { 124 | TPM_setlog(1); 125 | *verbose = TRUE; 126 | } 127 | else { 128 | printf("\n%s is not a valid option\n", argv[i]); 129 | printUsage(); 130 | } 131 | } 132 | return rc; 133 | } 134 | 135 | void printUsage() 136 | { 137 | printf("sha1parts usage:\n" 138 | "\n" 139 | "\t-s - Issue SHA1 Start\n" 140 | "\t-u - Issue SHA1 Update\n" 141 | "\t-c - Issue SHA1 Complete\n" 142 | "\n" 143 | ); 144 | exit(1); 145 | } 146 | -------------------------------------------------------------------------------- /util/setownerpointer.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM DisableForceClear */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: setownerpointer.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void usage(void) 54 | { 55 | printf("Usage: setownerpointer Argument\n" 56 | "\n" 57 | "The argument must be either one of the following\n" 58 | " -own - to indicate owner type\n" 59 | " -row - to indicate the row number; row number in hex (0x...) or dec.\n" 60 | "\n" 61 | "examples:\n" 62 | "setownerpointer -row 2\n" 63 | "setownerpointer -own\n"); 64 | exit(-1); 65 | } 66 | 67 | 68 | int main(int argc, char *argv[]) 69 | { 70 | uint32_t ret; 71 | uint32_t value = -1; 72 | uint16_t type = -1; 73 | int i = 1; 74 | 75 | TPM_setlog(0); 76 | 77 | while (i < argc) { 78 | if (!strcmp("-own",argv[i])) { 79 | type = TPM_ET_OWNER; 80 | } 81 | else if (!strcmp("-row",argv[i])) { 82 | type = TPM_ET_DEL_ROW; 83 | i++; 84 | if (i >= argc) { 85 | printf("Missing argument after -row\n"); 86 | usage(); 87 | } 88 | if (1 != sscanf(argv[i],"%x",&value)) { 89 | printf("Could not parse the -row value.\n"); 90 | return -1; 91 | } 92 | } 93 | else if (!strcmp("-v",argv[i])) { 94 | TPM_setlog(1); 95 | } 96 | else if (!strcmp("-h",argv[i])) { 97 | usage(); 98 | } 99 | else { 100 | printf("\n%s is not a valid option\n", argv[i]); 101 | usage(); 102 | } 103 | i++; 104 | } 105 | if ((type == 0xffff) || 106 | ((type == TPM_ET_DEL_ROW) && (value == 0xffffffff))) { 107 | printf("Missing parameter"); 108 | usage(); 109 | } 110 | ret = TPM_SetOwnerPointer(type, value); 111 | 112 | if (0 != ret) { 113 | printf("SetOwnerPointer returned error '%s'.\n", 114 | TPM_GetErrMsg(ret)); 115 | } 116 | 117 | exit(ret); 118 | } 119 | -------------------------------------------------------------------------------- /util/loadauthcontext.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Load TPM authorization session context */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: loadauthcontext.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | 50 | #include 51 | #include 52 | #include 53 | #include 54 | 55 | #include "tpm.h" 56 | #include "tpmutil.h" 57 | #include 58 | 59 | static void usage() { 60 | printf("Usage: loadauthcontext -if filename\n"); 61 | printf("\n"); 62 | printf("-if filename : the filename of the file holding the authorization session\n"); 63 | printf("\n"); 64 | exit(-1); 65 | } 66 | 67 | 68 | int main(int argc, char *argv[]) 69 | { 70 | int ret; 71 | char * filename = NULL; 72 | uint32_t handle = 0; 73 | unsigned char * context = NULL; 74 | uint32_t contextSize = 0; 75 | int i = 1; 76 | 77 | TPM_setlog(0); 78 | 79 | while (i < argc) { 80 | if (!strcmp("-if",argv[i])) { 81 | i++; 82 | if (i < argc) { 83 | filename = argv[i]; 84 | } else { 85 | printf("Missing parameter for -if.\n"); 86 | usage(); 87 | } 88 | } 89 | else if (!strcmp("-v",argv[i])) { 90 | TPM_setlog(1); 91 | } 92 | else if (!strcmp("-h",argv[i])) { 93 | usage(); 94 | } 95 | else { 96 | printf("\n%s is not a valid option\n", argv[i]); 97 | usage(); 98 | } 99 | i++; 100 | } 101 | 102 | if (NULL == filename) { 103 | printf("Missing -if argument.\n"); 104 | usage(); 105 | } 106 | 107 | ret = TPM_ReadFile(filename, 108 | &context, &contextSize); 109 | if ( (ret & ERR_MASK) != 0) { 110 | printf("Error while reading context file.\n"); 111 | exit(-1); 112 | } 113 | ret = TPM_LoadAuthContext(context, contextSize, 114 | &handle); 115 | 116 | if (0 != ret) { 117 | printf("LoadAuthContext returned error '%s'.\n", 118 | TPM_GetErrMsg(ret)); 119 | } else { 120 | printf("New Handle = %08X\n",handle); 121 | } 122 | 123 | exit(ret); 124 | } 125 | -------------------------------------------------------------------------------- /util/savekeycontext.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Save TPM key context */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: savekeycontext.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void usage() { 54 | printf("Usage: savekeycontext -hk handle -of filename\n"); 55 | printf("\n"); 56 | printf(" -hk handle : the handle of the key to save; hex-number starting with 0x\n"); 57 | printf(" -of filename : the filename where to write the key context into\n"); 58 | printf("\n"); 59 | exit(-1); 60 | } 61 | 62 | 63 | int main(int argc, char *argv[]) 64 | { 65 | int ret; 66 | char * filename = NULL; 67 | uint32_t keyhandle = -1; 68 | STACK_TPM_BUFFER(context); 69 | int i = 1; 70 | 71 | TPM_setlog(0); 72 | 73 | while (i < argc) { 74 | if (!strcmp("-of",argv[i])) { 75 | i++; 76 | if (i < argc) { 77 | filename = argv[i]; 78 | } else { 79 | printf("Missing parameter for -of.\n"); 80 | usage(); 81 | } 82 | } 83 | else if (!strcmp("-hk",argv[i])) { 84 | i++; 85 | if (i < argc) { 86 | sscanf(argv[i],"%x",&keyhandle); 87 | } 88 | else { printf("Missing parameter for -hk.\n"); 89 | usage(); 90 | } 91 | } 92 | else if (!strcmp("-v",argv[i])) { 93 | TPM_setlog(1); 94 | } 95 | else if (!strcmp("-h",argv[i])) { 96 | usage(); 97 | } 98 | else { 99 | printf("\n%s is not a valid option\n", argv[i]); 100 | usage(); 101 | } 102 | i++; 103 | } 104 | if (NULL == filename || -1 == (int)keyhandle) { 105 | usage(); 106 | } 107 | 108 | ret = TPM_SaveKeyContext(keyhandle, &context); 109 | 110 | if (0 != ret) { 111 | printf("SaveKeyContext returned error '%s' (%d).\n", 112 | TPM_GetErrMsg(ret), 113 | ret); 114 | } else { 115 | FILE * f = fopen(filename, "wb"); 116 | if (NULL != f) { 117 | fwrite(context.buffer,context.used,1,f); 118 | fclose(f); 119 | } 120 | } 121 | 122 | 123 | exit(ret); 124 | } 125 | 126 | -------------------------------------------------------------------------------- /util/saveauthcontext.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Save TPM Auth context */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: saveauthcontext.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void usage() { 54 | printf("Usage: saveauthcontext -ha handle -of filename\n"); 55 | printf("\n"); 56 | printf(" -ha handle : the handle of the authorization session to save\n"); 57 | printf(" -of filename : the filename where to write the key context into\n"); 58 | printf("\n"); 59 | exit(-1); 60 | } 61 | 62 | 63 | int main(int argc, char *argv[]) 64 | { 65 | int ret; 66 | char * filename = NULL; 67 | uint32_t handle = -1; 68 | unsigned char context[2048]; 69 | uint32_t contextSize = sizeof(context); 70 | int i = 1; 71 | 72 | TPM_setlog(0); 73 | 74 | while (i < argc) { 75 | if (!strcmp("-of",argv[i])) { 76 | i++; 77 | if (i < argc) { 78 | filename = argv[i]; 79 | } else { 80 | printf("Missing parameter for -of.\n"); 81 | usage(); 82 | } 83 | } 84 | else if (!strcmp("-ha",argv[i])) { 85 | i++; 86 | if (i < argc) { 87 | sscanf(argv[i],"%x",&handle); 88 | } 89 | else { printf("Missing parameter for -ha.\n"); 90 | usage(); 91 | } 92 | } 93 | else if (!strcmp("-v",argv[i])) { 94 | TPM_setlog(1); 95 | } 96 | else if (!strcmp("-h",argv[i])) { 97 | usage(); 98 | } 99 | else { 100 | printf("\n%s is not a valid option\n", argv[i]); 101 | usage(); 102 | } 103 | i++; 104 | } 105 | if (NULL == filename || -1 == (int)handle) { 106 | usage(); 107 | } 108 | 109 | ret = TPM_SaveAuthContext(handle, context, &contextSize); 110 | 111 | if (0 != ret) { 112 | printf("SaveAuthContext returned error '%s' (%d).\n", 113 | TPM_GetErrMsg(ret), 114 | ret); 115 | } else { 116 | FILE * f = fopen(filename, "wb"); 117 | if (NULL != f) { 118 | fwrite(context,contextSize,1,f); 119 | fclose(f); 120 | } 121 | } 122 | 123 | exit(ret); 124 | } 125 | -------------------------------------------------------------------------------- /util/loadkeycontext.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Load TPM key context */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: loadkeycontext.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | 50 | #include 51 | #include 52 | #include 53 | #include 54 | 55 | #include "tpm.h" 56 | #include "tpmutil.h" 57 | #include 58 | 59 | static void usage() { 60 | printf("Usage: loadkeycontext -if filename\n"); 61 | printf("\n"); 62 | printf("-if filename : the filename of the file holding the key context\n"); 63 | printf("\n"); 64 | exit(-1); 65 | } 66 | 67 | 68 | int main(int argc, char *argv[]) 69 | { 70 | int ret; 71 | char * filename = NULL; 72 | uint32_t handle = 0; 73 | unsigned char * mycontext = NULL; 74 | uint32_t contextSize = 0; 75 | STACK_TPM_BUFFER(context); 76 | int i = 1; 77 | 78 | TPM_setlog(0); 79 | 80 | while (i < argc) { 81 | if (!strcmp("-if",argv[i])) { 82 | i++; 83 | if (i < argc) { 84 | filename = argv[i]; 85 | } else { 86 | printf("Missing parameter for -if.\n"); 87 | usage(); 88 | } 89 | } 90 | else if (!strcmp("-v",argv[i])) { 91 | TPM_setlog(1); 92 | } 93 | else if (!strcmp("-h",argv[i])) { 94 | usage(); 95 | } 96 | else { 97 | printf("\n%s is not a valid option\n", argv[i]); 98 | usage(); 99 | } 100 | i++; 101 | } 102 | if (NULL == filename) { 103 | printf("Missing -if argument.\n"); 104 | usage(); 105 | exit(-1); 106 | } 107 | 108 | ret = TPM_ReadFile(filename, 109 | &mycontext, &contextSize); 110 | if ( (ret & ERR_MASK) != 0) { 111 | printf("Error while reading context file.\n"); 112 | exit(-1); 113 | } 114 | SET_TPM_BUFFER(&context, mycontext, contextSize); 115 | ret = TPM_LoadKeyContext(&context, 116 | &handle); 117 | 118 | if (0 != ret) { 119 | printf("LoadKeyContext returned error '%s'.\n", 120 | TPM_GetErrMsg(ret)); 121 | } else { 122 | printf("New Handle = %08X\n",handle); 123 | } 124 | free(mycontext); 125 | exit(ret); 126 | } 127 | -------------------------------------------------------------------------------- /util/flushspecific.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Flush a specific handle from the TPM */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: flushspecific.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void printUsage() { 54 | printf("Usage: flushspecific -ha -rt [-v]\n" 55 | "\n" 56 | "-ha : the handle to flush (give hex number)\n" 57 | "-rt : the resource type of the handle (as decimal)\n" 58 | "\t 1 - key\n" 59 | "\t 2 - auth\n" 60 | "\t 4 - transport\n" 61 | "\t 5 - context\n" 62 | "-v : turns on verbose mode\n" 63 | "\n"); 64 | exit(-1); 65 | } 66 | 67 | int main(int argc, char *argv[]) 68 | { 69 | int ret; 70 | int i = 1; 71 | uint32_t handle = -1; 72 | uint32_t type = -1; 73 | 74 | TPM_setlog(0); 75 | 76 | while (i < argc) { 77 | if (!strcmp("-ha",argv[i])) { 78 | i++; 79 | if (i < argc) { 80 | sscanf(argv[i],"%x",&handle); 81 | } else { 82 | printf("Missing parameter for -ha.\n"); 83 | printUsage(); 84 | } 85 | } else 86 | if (!strcmp("-rt",argv[i])) { 87 | i++; 88 | if (i < argc) { 89 | sscanf(argv[i],"%d",&type); 90 | } else { 91 | printf("Missing parameter for -rt.\n"); 92 | printUsage(); 93 | } 94 | } else 95 | if (!strcmp("-v",argv[i])) { 96 | TPM_setlog(1); 97 | } else 98 | if (!strcmp("-h",argv[i])) { 99 | printUsage(); 100 | } else { 101 | printf("\n%s is not a valid option\n", argv[i]); 102 | printUsage(); 103 | } 104 | i++; 105 | } 106 | 107 | if (-1 == (int)handle || -1 == (int)type) { 108 | printf("Missing command line parameter.\n"); 109 | printUsage(); 110 | } 111 | 112 | ret = TPM_FlushSpecific(handle, type); 113 | if (ret != 0) { 114 | printf("FlushSpecific returned error %s.\n", 115 | TPM_GetErrMsg(ret)); 116 | } else { 117 | printf("Successfully flushed item of type %X with handle %08x.\n", 118 | type, 119 | handle); 120 | } 121 | 122 | exit(ret); 123 | } 124 | -------------------------------------------------------------------------------- /util/getcontextcount.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* Get the context count of a context blob */ 4 | /* Written by Stefan Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: getcontextcount.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | 44 | #ifdef TPM_POSIX 45 | #include 46 | #endif 47 | #ifdef TPM_WINDOWS 48 | #include 49 | #endif 50 | 51 | #include "tpm.h" 52 | #include "tpmutil.h" 53 | #include "tpmfunc.h" 54 | 55 | /* local prototypes */ 56 | 57 | 58 | static void print_usage(void) 59 | { 60 | printf("Usage: getcontextcount [-v] -if \n" 61 | "\tParses the context blob and prints the context count\n" 62 | "\n" 63 | "-v : enables verbose mode\n" 64 | "\n"); 65 | exit(-1); 66 | } 67 | 68 | int main(int argc, char *argv[]) 69 | { 70 | int ret = 0; 71 | char *filename = NULL; 72 | int i = 1; 73 | unsigned char * buffer; 74 | uint32_t buffersize; 75 | TPM_CONTEXT_BLOB context; 76 | STACK_TPM_BUFFER(tpmbuffer) 77 | 78 | TPM_setlog(0); 79 | while (i < argc) { 80 | if (!strcmp("-if",argv[i])) { 81 | i++; 82 | if (i < argc) { 83 | filename = argv[i]; 84 | } else { 85 | printf("Missing parameter for -if.\n"); 86 | print_usage(); 87 | } 88 | } 89 | else if (!strcmp(argv[i],"-v")) { 90 | TPM_setlog(1); 91 | } 92 | else if (!strcmp("-h",argv[i])) { 93 | print_usage(); 94 | } 95 | else if (!strcmp(argv[i],"-h")) { 96 | print_usage(); 97 | } 98 | else { 99 | printf("\n%s is not a valid option\n", argv[i]); 100 | print_usage(); 101 | } 102 | i++; 103 | } 104 | if (NULL == filename) { 105 | printf("Missing -if argument.\n"); 106 | print_usage(); 107 | } 108 | 109 | ret = TPM_ReadFile(filename, &buffer, &buffersize); 110 | 111 | if (ret != 0) { 112 | printf("Error while reading file '%s'.\n",filename); 113 | exit(-1); 114 | } 115 | 116 | SET_TPM_BUFFER(&tpmbuffer, buffer, buffersize); 117 | ret = TPM_ReadContextBlob(&tpmbuffer, 0, &context); 118 | if ((ret & ERR_MASK)) { 119 | printf("Error while parsing the context blob.\n"); 120 | exit(-1); 121 | } 122 | 123 | printf("ContextCount: 0x%08X\n",context.contextCount); 124 | ret = 0; 125 | 126 | exit(ret); 127 | } 128 | 129 | -------------------------------------------------------------------------------- /util/counter_read.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TCPA Read a counter */ 4 | /* Written by Stefan Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: counter_read.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #include 44 | 45 | #ifdef TPM_POSIX 46 | #include 47 | #endif 48 | #ifdef TPM_WINDOWS 49 | #include 50 | #endif 51 | 52 | #include "tpm.h" 53 | #include "tpmutil.h" 54 | #include "tpmfunc.h" 55 | #include "tpm_constants.h" 56 | #include "tpm_structures.h" 57 | 58 | 59 | static void usage() { 60 | printf("Usage: counter_read -ix id [-v]\n"); 61 | printf("\n"); 62 | printf(" -ix id : The id of the counter.\n"); 63 | printf(" -v : Enable verbose output.\n"); 64 | printf("\n"); 65 | printf("Examples:\n"); 66 | printf("counter_read -ix 5\n"); 67 | } 68 | 69 | static int mymain(int argc, char * argv[]) { 70 | uint32_t ret; 71 | int i = 0; 72 | uint32_t id = -1; 73 | unsigned char buffer[TPM_COUNTER_VALUE_SIZE]; 74 | 75 | i = 1; 76 | 77 | TPM_setlog(0); 78 | 79 | while (i < argc) { 80 | if (!strcmp("-ix",argv[i])) { 81 | i++; 82 | if (i < argc) { 83 | id = atoi(argv[i]); 84 | } else { 85 | printf("Missing mandatory parameter for -ix.\n"); 86 | usage(); 87 | exit(-1); 88 | } 89 | } 90 | else if (!strcmp("-v",argv[i])) { 91 | TPM_setlog(1); 92 | } 93 | else if (!strcmp("-h",argv[i])) { 94 | usage(); 95 | exit(-1); 96 | } 97 | else { 98 | printf("\n%s is not a valid option\n",argv[i]); 99 | usage(); 100 | exit(-1); 101 | } 102 | i++; 103 | } 104 | if (0xffffffff == id) { 105 | printf("Input parameter -ix missing!\n"); 106 | usage(); 107 | exit(-1); 108 | } 109 | /* 110 | * Read a counter 111 | */ 112 | ret = TPM_ReadCounter(id, 113 | NULL, 114 | buffer); 115 | 116 | if (0 != ret) { 117 | printf("Got error '%s' (0x%x) from TPM_ReadCounter.\n", 118 | TPM_GetErrMsg(ret), 119 | ret); 120 | } else { 121 | printf("%d: ", id); 122 | i = 0; 123 | while (i < (int)sizeof(buffer)){ 124 | printf("%02x",buffer[i]); 125 | i++; 126 | } 127 | printf("\n"); 128 | } 129 | return ret; 130 | } 131 | 132 | #include "tpm_command.h" 133 | tpm_command_register("counter_read", mymain, usage) 134 | -------------------------------------------------------------------------------- /util/pcrread.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* Read value of a PCR */ 4 | /* Written by Stefan Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: pcrread.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | 47 | #ifdef TPM_POSIX 48 | #include 49 | #endif 50 | #ifdef TPM_WINDOWS 51 | #include 52 | #endif 53 | 54 | #include "tpm.h" 55 | #include "tpmutil.h" 56 | #include "tpmfunc.h" 57 | #include "tpm_constants.h" 58 | #include "tpm_structures.h" 59 | 60 | /* local prototypes */ 61 | 62 | static void printUsage() { 63 | printf("Usage: pcrread -ix [-v]\n" 64 | "-ix : index of PCR to read\n" 65 | "-v : enable verbose output\n" 66 | "\n" 67 | "Read a PCR.\n" 68 | "\n" 69 | "Examples:\n" 70 | "pcrread -ix 1\n"); 71 | } 72 | 73 | static int mymain(int argc, char * argv[]) { 74 | int i = 0; 75 | int ret = 0; 76 | int index = -1; 77 | unsigned char digest[TPM_HASH_SIZE]; 78 | 79 | i = 1; 80 | 81 | TPM_setlog(0); 82 | 83 | while (i < argc) { 84 | if (!strcmp("-ix",argv[i])) { 85 | i++; 86 | if (i < argc) { 87 | if (1 != sscanf(argv[i],"%d",&index)) { 88 | printf("Could not parse the PCR index number.\n"); 89 | exit(-1); 90 | } 91 | } else { 92 | printf("Missing parameter for -ix.\n"); 93 | printUsage(); 94 | exit(-1); 95 | } 96 | } else 97 | if (!strcmp("-v",argv[i])) { 98 | TPM_setlog(1); 99 | } else 100 | if (!strcmp("-h",argv[i])) { 101 | printUsage(); 102 | exit(-1); 103 | } else { 104 | printf("\n%s is not a valid option\n", argv[i]); 105 | printUsage(); 106 | exit(-1); 107 | } 108 | i++; 109 | } 110 | 111 | 112 | if (-1 == index) { 113 | printf("Missing or wrong parameter.\n"); 114 | printUsage(); 115 | exit(-1); 116 | } 117 | 118 | ret = TPM_PcrRead(index, digest); 119 | 120 | if (0 == ret) { 121 | i = 0; 122 | while (i < TPM_HASH_SIZE) { 123 | printf("%02x",digest[i]);\ 124 | i++; 125 | } 126 | printf("\n"); 127 | } else { 128 | printf("PCRRead returned error '%s'.\n", 129 | TPM_GetErrMsg(ret)); 130 | } 131 | exit(ret); 132 | } 133 | 134 | #include "tpm_command.h" 135 | tpm_command_register("pcrread", mymain, printUsage) 136 | -------------------------------------------------------------------------------- /util/getticks.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TCPA Get the current tick count of the TPM */ 4 | /* Written by Stefan Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: getticks.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | 44 | #ifdef TPM_POSIX 45 | #include 46 | #endif 47 | #ifdef TPM_WINDOWS 48 | #include 49 | #endif 50 | 51 | #include "tpm.h" 52 | #include "tpmutil.h" 53 | #include "tpmfunc.h" 54 | 55 | /* local prototypes */ 56 | 57 | void printUsage(void); 58 | 59 | void printUsage(void) 60 | { 61 | printf("getticks\n"); 62 | printf("- Runs TPM_GetTicks\n"); 63 | printf("\n"); 64 | exit(-1); 65 | } 66 | 67 | int main(int argc, char *argv[]) 68 | { 69 | int ret = 0; 70 | unsigned char tickbuffer[36]; 71 | TPM_CURRENT_TICKS ticks; 72 | int i; /* argc iterator */ 73 | 74 | TPM_setlog(0); 75 | for (i=1 ; i 41 | #include 42 | #include 43 | #include 44 | 45 | #ifdef TPM_POSIX 46 | #include 47 | #endif 48 | #ifdef TPM_WINDOWS 49 | #include 50 | #endif 51 | 52 | #include "tpm.h" 53 | #include "tpmutil.h" 54 | #include "tpmfunc.h" 55 | #include "tpm_constants.h" 56 | #include "tpm_structures.h" 57 | 58 | 59 | static void usage() { 60 | printf("Usage: counter_calc_incr -ix [-v]\n"); 61 | printf("\n"); 62 | printf(" -ix : The id of the counter.\n"); 63 | printf(" -v : Enable verbose output.\n"); 64 | printf("\n"); 65 | printf("Examples:\n"); 66 | printf("counter_calc_incr -ix 0\n"); 67 | } 68 | 69 | int main(int argc, char * argv[]) { 70 | uint32_t ret; 71 | int i = 0; 72 | uint32_t id = -1; 73 | unsigned char buffer[TPM_COUNTER_VALUE_SIZE]; 74 | 75 | i = 1; 76 | 77 | TPM_setlog(0); 78 | 79 | while (i < argc) { 80 | if (!strcmp("-ix",argv[i])) { 81 | i++; 82 | if (i < argc) { 83 | id = atoi(argv[i]); 84 | } else { 85 | printf("Missing mandatory parameter for -ix.\n"); 86 | usage(); 87 | exit(-1); 88 | } 89 | } else 90 | if (!strcmp("-v",argv[i])) { 91 | TPM_setlog(1); 92 | } else 93 | if (!strcmp("-h",argv[i])) { 94 | usage(); 95 | exit(-1); 96 | } else { 97 | printf("\n%s is not a valid option\n",argv[i]); 98 | usage(); 99 | exit(-1); 100 | } 101 | i++; 102 | } 103 | if (0xffffffff == id) { 104 | printf("Input parameter missing -ix\n"); 105 | usage(); 106 | exit(-1); 107 | } 108 | /* 109 | * Read a counter 110 | */ 111 | ret = TPM_ReadCounter(id, 112 | NULL, 113 | buffer); 114 | if (0 != ret) { 115 | printf("Got error '%s' (0x%x) from TPM_ReadCounter.\n", 116 | TPM_GetErrMsg(ret), 117 | ret); 118 | } else { 119 | int j = sizeof(buffer)-1; 120 | i = 0; 121 | buffer[j-i]++; 122 | while (i < j) { 123 | if (!buffer[j-i] && i < (j-1)) { 124 | buffer[j-i-1]++; 125 | i++; 126 | } else { 127 | break; 128 | } 129 | } 130 | printf("Value of the incremented counter: "); 131 | i = 0; 132 | while (i < (int)sizeof(buffer)){ 133 | printf("%02x",buffer[i]); 134 | i++; 135 | } 136 | printf("\n"); 137 | } 138 | 139 | return ret; 140 | } 141 | -------------------------------------------------------------------------------- /util/verifydelegation.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Verify Delegation */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: verifydelegation.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | 50 | #include 51 | #include 52 | #include 53 | #include 54 | 55 | #include "tpm.h" 56 | #include "tpmutil.h" 57 | #include 58 | 59 | static void usage() { 60 | printf("Usage: verifydelegation -if filename [-v] \n" 61 | "\n" 62 | "-if : delegation file name\n" 63 | "-v : to enable verbose output\n" 64 | "\n"); 65 | exit(-1); 66 | } 67 | 68 | 69 | int main(int argc, char *argv[]) 70 | { 71 | uint32_t ret = 0; 72 | char * filename = NULL; 73 | int i; 74 | struct stat _stat; 75 | 76 | TPM_setlog(0); 77 | 78 | for (i=1 ; i 41 | #include 42 | #include 43 | #include 44 | #include 45 | #include 46 | 47 | #ifdef TPM_POSIX 48 | #include 49 | #endif 50 | #ifdef TPM_WINDOWS 51 | #include 52 | #endif 53 | 54 | #ifdef CONFIG_USE_OPENSSL 55 | #include 56 | #include 57 | #include 58 | #else 59 | #include "mbedtls-compat.h" 60 | #endif 61 | 62 | #include "tpm.h" 63 | #include "tpmutil.h" 64 | #include "tpmfunc.h" 65 | #include "tpm_constants.h" 66 | #include "tpm_structures.h" 67 | #include "tpm_command.h" 68 | 69 | /* local prototypes */ 70 | 71 | static void usage() { 72 | printf("Usage: pcrreset -ix [-v]\n" 73 | "-ix : index of PCR to reset\n" 74 | "-v : enable verbose output\n" 75 | "\n" 76 | "Examples:\n" 77 | "pcrreset -ix 1\n"); 78 | } 79 | 80 | static int mymain(int argc, char * argv[]) { 81 | int i = 0; 82 | int ret = 0; 83 | int index = -1; 84 | int b; 85 | TPM_PCR_SELECTION selection; 86 | uint32_t pcrs; 87 | TPM_setlog(0); 88 | 89 | memset(&selection, 0x0, sizeof(selection)); 90 | TPM_GetNumPCRRegisters(&pcrs); 91 | selection.sizeOfSelect = pcrs / 8; 92 | 93 | 94 | i = 1; 95 | 96 | 97 | while (i < argc) { 98 | if (!strcmp("-ix",argv[i])) { 99 | i++; 100 | if (i < argc) { 101 | index = atoi(argv[i]); 102 | b = (index >> 3); 103 | if (b >= selection.sizeOfSelect) { 104 | printf("Index out of range.\n"); 105 | exit(-1); 106 | } 107 | selection.pcrSelect[b] |= (1 << ((index & 0x07))); 108 | } else { 109 | printf("Missing parameter for -ix.\n"); 110 | usage(); 111 | exit(-1); 112 | } 113 | } else 114 | if (!strcmp("-v",argv[i])) { 115 | TPM_setlog(1); 116 | } else 117 | if (!strcmp("-h",argv[i])) { 118 | usage(); 119 | exit(-1); 120 | } else { 121 | printf("\n%s is not a valid option\n", argv[i]); 122 | usage(); 123 | exit(-1); 124 | } 125 | i++; 126 | } 127 | 128 | 129 | if (-1 == index) { 130 | printf("Missing -ix parameter.\n"); 131 | usage(); 132 | exit(-1); 133 | } 134 | 135 | ret = TPM_PCRReset(&selection); 136 | 137 | if (0 != ret) { 138 | printf("PCRRead returned error '%s'.\n", 139 | TPM_GetErrMsg(ret)); 140 | } 141 | exit(ret); 142 | } 143 | 144 | tpm_command_register("pcrreset", mymain, usage) 145 | -------------------------------------------------------------------------------- /util/cmk_setrestrictions.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM CMK_SetRestrictions */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: cmk_setrestrictions.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpm.h" 50 | #include "tpmutil.h" 51 | #include 52 | 53 | static void usage() { 54 | printf("Usage: cmk_setrestrictions -pwdo -bm [-v]\n" 55 | "\n" 56 | " -pwdo pwd : the TPM owner password\n" 57 | " -bm : bit mask of the restrictions\n" 58 | " -v : to enable verbose output\n" 59 | "\n" 60 | "Examples:\n" 61 | "cmk_setrestrictions -pwdo aaa -bm 80000000\n"); 62 | } 63 | 64 | 65 | int main(int argc, char *argv[]) 66 | { 67 | unsigned char passhash1[20]; 68 | char * ownerpass = NULL; 69 | int ret; 70 | int verbose = FALSE; 71 | uint32_t restrictions = 0; 72 | 73 | int i = 1; 74 | 75 | TPM_setlog(0); 76 | 77 | while (i < argc) { 78 | if (!strcmp("-pwdo",argv[i])) { 79 | i++; 80 | if (i < argc) { 81 | ownerpass = argv[i]; 82 | } else { 83 | printf("Missing parameter for -pwdo.\n"); 84 | usage(); 85 | exit(-1); 86 | } 87 | } else 88 | if (!strcmp("-bm",argv[i])) { 89 | i++; 90 | if (i < argc) { 91 | ret = sscanf(argv[i],"%x",&restrictions); 92 | if (ret != 1) { 93 | printf("Invalid argument '%s'\n",argv[i]); 94 | exit(-1); 95 | } 96 | } else { 97 | printf("Missing parameter for -bm.\n"); 98 | usage(); 99 | exit(-1); 100 | } 101 | } else 102 | if (!strcmp("-v",argv[i])) { 103 | verbose = TRUE; 104 | TPM_setlog(1); 105 | } else 106 | if (!strcmp("-h",argv[i])) { 107 | usage(); 108 | exit(-1); 109 | } else { 110 | printf("\n%s is not a valid option\n",argv[i]); 111 | usage(); 112 | exit(-1); 113 | } 114 | i++; 115 | } 116 | (void)verbose; 117 | 118 | if (NULL == ownerpass) { 119 | printf("Missing argument -pwdo.\n"); 120 | usage(); 121 | exit(-1); 122 | } 123 | 124 | if (NULL != ownerpass) { 125 | TSS_sha1(ownerpass,strlen(ownerpass),passhash1); 126 | } 127 | 128 | 129 | ret = TPM_CMK_SetRestrictions(restrictions, 130 | passhash1); 131 | 132 | 133 | if (0 != ret) { 134 | printf("CMK_SetRestrictions returned error '%s' (%d).\n", 135 | TPM_GetErrMsg(ret), 136 | ret); 137 | } 138 | 139 | 140 | exit(ret); 141 | } 142 | -------------------------------------------------------------------------------- /util/readmanumaintpub.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Read Manufacturer public maintenance key */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: readmanumaintpub.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #include "tpmfunc.h" 44 | #include 45 | #include 46 | #include 47 | 48 | #define VALID_ARGS "v:?" 49 | static void usage(); 50 | 51 | 52 | static void usage() { 53 | printf("Usage: readmanumaintpub [-v] \n" 54 | "\n" 55 | "-v : to enable verbose output\n" 56 | "\n"); 57 | } 58 | 59 | 60 | int main(int argc, char *argv[]) 61 | { 62 | unsigned char nonce[TPM_NONCE_SIZE]; 63 | unsigned char digest[TPM_DIGEST_SIZE]; 64 | unsigned char calcdigest[TPM_DIGEST_SIZE]; 65 | uint32_t ret; 66 | struct keydata key; 67 | STACK_TPM_BUFFER(serKeyData) 68 | uint32_t serKeySize; 69 | char * pubKeyFile = NULL; 70 | uint32_t buffersize; 71 | char * buffer = NULL; 72 | int index = 1; 73 | 74 | if (argc >= 3 && 0 == strcmp(argv[index],"-v")) { 75 | TPM_setlog(1); 76 | index++; 77 | } else { 78 | TPM_setlog(0); 79 | } 80 | 81 | if (index >= argc) { 82 | usage(); 83 | exit(-1); 84 | } 85 | 86 | pubKeyFile = argv[index]; 87 | 88 | if (NULL == pubKeyFile) { 89 | usage(); 90 | exit(-1); 91 | } 92 | 93 | TSS_gennonce(nonce); 94 | 95 | ret = TPM_ReadKeyfile(pubKeyFile, &key); 96 | 97 | if ( ( ret & ERR_MASK ) != 0 ) { 98 | printf("Error - could not read key file.\n"); 99 | exit (-1); 100 | } 101 | 102 | ret = TPM_WriteKeyPub(&serKeyData, &key); 103 | if ( ( ret & ERR_MASK ) != 0 ) { 104 | exit (-1); 105 | } 106 | 107 | serKeySize = ret; 108 | 109 | ret = TPM_ReadManuMaintPub(nonce, digest); 110 | 111 | if ( 0 != ret ) { 112 | printf("Error %s from ReadManuMainPub.\n", 113 | TPM_GetErrMsg(ret)); 114 | exit(ret); 115 | } 116 | 117 | 118 | /* 119 | * Now check the digest against the serialized public key 120 | * and the hash. 121 | */ 122 | buffersize = serKeySize + sizeof(nonce); 123 | buffer = malloc(buffersize); 124 | if (NULL == buffer) { 125 | exit (-1); 126 | } 127 | 128 | memcpy(buffer, 129 | serKeyData.buffer, 130 | serKeySize); 131 | memcpy(&buffer[serKeySize], 132 | nonce, 133 | sizeof(nonce)); 134 | 135 | TSS_sha1(buffer, buffersize, calcdigest); 136 | 137 | free(buffer); 138 | 139 | if (0 == memcmp(calcdigest, digest, sizeof(digest))) { 140 | printf("The same public key is in the TPM.\n"); 141 | ret = 0; 142 | } else { 143 | printf("Another public key is in the TPM.\n"); 144 | ret = -1; 145 | } 146 | 147 | exit(ret); 148 | } 149 | -------------------------------------------------------------------------------- /util/loadmanumaintpub.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Load Manufacturer public maintenance key */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: loadmanumaintpub.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #include "tpmfunc.h" 44 | #ifndef CONFIG_OPENSSL 45 | #include "mbedtls-compat.h" 46 | #else 47 | #include 48 | #include 49 | #include 50 | #endif 51 | 52 | #define VALID_ARGS "v:?" 53 | static void usage(); 54 | 55 | 56 | static void usage() { 57 | printf("Usage: loadmanumaintpub [-v] \n" 58 | "\n" 59 | "-v : to enable verbose output\n" 60 | "\n"); 61 | } 62 | 63 | 64 | int main(int argc, char *argv[]) 65 | { 66 | unsigned char nonce[TPM_NONCE_SIZE]; 67 | unsigned char digest[TPM_DIGEST_SIZE]; 68 | unsigned char calcdigest[TPM_DIGEST_SIZE]; 69 | uint32_t ret; 70 | struct keydata key; 71 | char *pubKeyFile = NULL; 72 | int index = 1; 73 | uint32_t buffersize; 74 | char *buffer = NULL; 75 | STACK_TPM_BUFFER(serKeyData) 76 | uint32_t serKeySize; 77 | 78 | if (argc >= 3 && 0 == strcmp(argv[index],"-v")) { 79 | TPM_setlog(1); 80 | index++; 81 | } else { 82 | TPM_setlog(0); 83 | } 84 | 85 | if (index >= argc) { 86 | usage(); 87 | exit(-1); 88 | } 89 | 90 | pubKeyFile = argv[index]; 91 | 92 | if (NULL == pubKeyFile) { 93 | usage(); 94 | exit(-1); 95 | } 96 | 97 | TSS_gennonce(nonce); 98 | 99 | ret = TPM_ReadKeyfile(pubKeyFile, &key); 100 | 101 | if ( ( ret & ERR_MASK ) != 0 ) { 102 | printf("Error - could not read key file.\n"); 103 | exit (-1); 104 | } 105 | 106 | ret = TPM_LoadManuMaintPub(nonce, &key, digest); 107 | 108 | if ( 0 != ret ) { 109 | printf("Error %s from LoadManuMaintPub.\n", 110 | TPM_GetErrMsg(ret)); 111 | exit(ret); 112 | } 113 | 114 | ret = TPM_WriteKeyPub(&serKeyData, &key); 115 | if ( ( ret & ERR_MASK ) != 0 ) { 116 | printf("Could not serialize the key.\n"); 117 | exit (-1); 118 | } 119 | 120 | serKeySize = ret; 121 | 122 | /* 123 | * Now check the digest against the serialized public key 124 | * and the hash. 125 | */ 126 | buffersize = serKeySize + sizeof(nonce); 127 | buffer = malloc(buffersize); 128 | if (NULL == buffer) { 129 | exit (-1); 130 | } 131 | 132 | memcpy(buffer, 133 | serKeyData.buffer, 134 | serKeySize); 135 | memcpy(&buffer[serKeySize], 136 | nonce, 137 | sizeof(nonce)); 138 | 139 | TSS_sha1(buffer, buffersize, calcdigest); 140 | 141 | free(buffer); 142 | 143 | if (0 != memcmp(calcdigest, digest, sizeof(digest))) { 144 | printf("Returned digest is incorrect!\n"); 145 | exit(-1); 146 | } 147 | 148 | exit(0); 149 | } 150 | -------------------------------------------------------------------------------- /libtpm/mbedtls-compat.h: -------------------------------------------------------------------------------- 1 | /** compatability layer with the mbedtls library */ 2 | #ifndef _mbedtls_compat_h_ 3 | #define _mbedtls_compat_h_ 4 | 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | 11 | //-------------------------------------------------- 12 | 13 | #include 14 | #define SHA_CTX mbedtls_sha1_context 15 | 16 | static inline void 17 | SHA1_Init(SHA_CTX * sha) 18 | { 19 | mbedtls_sha1_init(sha); 20 | mbedtls_sha1_starts(sha); 21 | } 22 | 23 | #define SHA1_Update(ctx,buf,len) mbedtls_sha1_update(ctx,(const void*) buf, len) 24 | #define SHA1_Final(buf,ctx) mbedtls_sha1_finish(ctx,buf) 25 | 26 | #define EVP_sha1() "SHA1" 27 | 28 | //-------------------------------------------------- 29 | 30 | #include 31 | #define HMAC_CTX mbedtls_md_context_t 32 | 33 | static inline int 34 | HMAC_Init(HMAC_CTX *ctx, const void * key, int key_len, const char *hash_name) 35 | { 36 | const mbedtls_md_info_t * md_info 37 | = mbedtls_md_info_from_string(hash_name); 38 | 39 | mbedtls_md_init(ctx); 40 | mbedtls_md_setup(ctx, md_info, 1); 41 | mbedtls_md_hmac_starts(ctx, key, key_len); 42 | 43 | return 1; 44 | } 45 | 46 | 47 | #define HMAC_Update mbedtls_md_hmac_update 48 | #define HMAC_Final(ctx,buf,lenptr) (mbedtls_md_hmac_finish(ctx,buf), *lenptr=20) 49 | #define HMAC_cleanup mbedtls_md_free 50 | 51 | 52 | /** 53 | * Read bytes from /dev/urandom, might be slow. 54 | */ 55 | static inline int 56 | RAND_bytes(void * buf_ptr, size_t len) 57 | { 58 | int fd = open("/dev/urandom", O_RDONLY); 59 | if (fd < 0) 60 | return 0; 61 | 62 | uint8_t * buf = buf_ptr; 63 | size_t offset = 0; 64 | 65 | while(offset < len) 66 | { 67 | ssize_t rc = read(fd, buf + offset, len - offset); 68 | if (rc <= 0) 69 | { 70 | close(fd); 71 | return 0; 72 | } 73 | offset += rc; 74 | } 75 | 76 | close(fd); 77 | return 1; 78 | } 79 | 80 | //-------------------------------------------------- 81 | 82 | #include 83 | 84 | #define AES_BLOCK_SIZE 16 85 | #define AES_KEY mbedtls_aes_context 86 | #define AES_DECRYPT MBEDTLS_AES_DECRYPT 87 | #define AES_ENCRYPT MBEDTLS_AES_ENCRYPT 88 | 89 | #define AES_set_encrypt_key(key,len,ctx) mbedtls_aes_setkey_enc(ctx,key,len) 90 | #define AES_set_decrypt_key(key,len,ctx) mbedtls_aes_setkey_dec(ctx,key,len) 91 | 92 | #define AES_cbc_encrypt(in, out, len, key, ivec, dir) \ 93 | mbedtls_aes_crypt_cbc(key, dir, len, ivec, in, out) 94 | 95 | #define AES_encrypt mbedtls_aes_encrypt 96 | 97 | //-------------------------------------------------- 98 | 99 | #include 100 | 101 | #define RSA mbedtls_rsa_context 102 | #define NID_sha1 MBEDTLS_MD_SHA1 103 | //#define RSA_PKCS1_PADDING MBEDTLS_RSA_PKCS_V21 104 | #define RSA_NO_PADDING 0 105 | 106 | #define RSA_free mbedtls_rsa_free 107 | 108 | static inline RSA * 109 | RSA_new(void) 110 | { 111 | RSA * rsa = calloc(1, sizeof(*rsa)); 112 | mbedtls_rsa_init(rsa, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA1); 113 | return rsa; 114 | } 115 | 116 | static inline int 117 | RSA_verify(int type, const unsigned char *m, unsigned int m_len, 118 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa) 119 | { 120 | (void) siglen; 121 | 122 | return mbedtls_rsa_pkcs1_verify( 123 | rsa, 124 | NULL, // not needed for public 125 | NULL, // not needed for public 126 | MBEDTLS_RSA_PUBLIC, 127 | type, 128 | m_len, 129 | m, 130 | sigbuf); 131 | } 132 | 133 | 134 | static inline int 135 | RSA_public_encrypt(int flen, unsigned char *from, 136 | unsigned char *to, RSA *rsa, int padding) 137 | { 138 | // XXX use flen and padding to fill this out. 139 | (void) flen; 140 | (void) padding; 141 | 142 | return mbedtls_rsa_public( 143 | rsa, 144 | from, 145 | to 146 | ); 147 | } 148 | 149 | 150 | static inline size_t 151 | RSA_size(RSA *rsa) 152 | { 153 | return rsa->len; 154 | } 155 | 156 | 157 | //-------------------------------------------------- 158 | 159 | #include 160 | #define BIGNUM mbedtls_mpi 161 | 162 | static inline BIGNUM * BN_new() 163 | { 164 | BIGNUM * n = calloc(1, sizeof(*n)); 165 | mbedtls_mpi_init(n); 166 | return n; 167 | } 168 | 169 | static inline void BN_free(BIGNUM * n) 170 | { 171 | free(n); 172 | } 173 | 174 | #define BN_bin2bn(ptr,len,bn) mbedtls_mpi_read_binary(bn, ptr, len) 175 | 176 | 177 | //-------------------------------------------------- 178 | 179 | #include 180 | typedef mbedtls_x509_crt X509; 181 | 182 | static inline X509 * d2i_X509(X509 **x509_ptr, const unsigned char **in, int len) 183 | { 184 | X509 * const x509 = x509_ptr ? *x509_ptr : calloc(1, sizeof(*x509)); 185 | int rc = mbedtls_x509_crt_parse_der(x509, *in, len); 186 | if (rc != 0) 187 | return NULL; 188 | if (x509_ptr) 189 | *x509_ptr = x509; 190 | return x509; 191 | } 192 | 193 | #define X509_free free 194 | 195 | 196 | #endif // _mbedtls-compat_h_ 197 | -------------------------------------------------------------------------------- /util/resetlockvalue.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Reset Lock Value */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: resetlockvalue.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include "tpmfunc.h" 43 | 44 | static void printUsage(void); 45 | 46 | int main(int argc, char *argv[]) 47 | { 48 | int ret = 0; 49 | int i; 50 | unsigned char ownerAuth[TPM_HASH_SIZE]; 51 | const char *ownerAuthFilename = NULL; 52 | const char *ownerPassword = NULL; 53 | 54 | TPM_setlog(0); /* turn off verbose output */ 55 | 56 | for (i=1 ; i -pwdof \n" 133 | "\n" 134 | "-h help\n" 135 | ); 136 | exit(1); 137 | return; 138 | } 139 | -------------------------------------------------------------------------------- /util/evictkey.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Evict Key */ 4 | /* Written by J. Kravitz, S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: evictkey.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | #include "tpmfunc.h" 50 | 51 | /* local prototypes */ 52 | void printUsage(void); 53 | 54 | int main(int argc, char *argv[]) 55 | { 56 | int ret; 57 | uint32_t keyhandle = 0; 58 | STACK_TPM_BUFFER(response); 59 | int i; 60 | int listsize; 61 | int offset; 62 | int all = FALSE; 63 | 64 | TPM_setlog(0); 65 | 66 | for (i=1 ; i | -all\n"); 140 | printf("\n"); 141 | exit(-2); 142 | return; 143 | } 144 | -------------------------------------------------------------------------------- /util/loadcontext.c: -------------------------------------------------------------------------------- 1 | /********************************************************************************/ 2 | /* */ 3 | /* TPM Load TPM context */ 4 | /* Written by S. Berger */ 5 | /* IBM Thomas J. Watson Research Center */ 6 | /* $Id: loadcontext.c 4702 2013-01-03 21:26:29Z kgoldman $ */ 7 | /* */ 8 | /* (c) Copyright IBM Corporation 2006, 2010. */ 9 | /* */ 10 | /* All rights reserved. */ 11 | /* */ 12 | /* Redistribution and use in source and binary forms, with or without */ 13 | /* modification, are permitted provided that the following conditions are */ 14 | /* met: */ 15 | /* */ 16 | /* Redistributions of source code must retain the above copyright notice, */ 17 | /* this list of conditions and the following disclaimer. */ 18 | /* */ 19 | /* Redistributions in binary form must reproduce the above copyright */ 20 | /* notice, this list of conditions and the following disclaimer in the */ 21 | /* documentation and/or other materials provided with the distribution. */ 22 | /* */ 23 | /* Neither the names of the IBM Corporation nor the names of its */ 24 | /* contributors may be used to endorse or promote products derived from */ 25 | /* this software without specific prior written permission. */ 26 | /* */ 27 | /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS */ 28 | /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT */ 29 | /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR */ 30 | /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT */ 31 | /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, */ 32 | /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT */ 33 | /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, */ 34 | /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY */ 35 | /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT */ 36 | /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE */ 37 | /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 38 | /********************************************************************************/ 39 | 40 | #include 41 | #include 42 | #include 43 | #ifdef TPM_POSIX 44 | #include 45 | #endif 46 | #ifdef TPM_WINDOWS 47 | #include 48 | #endif 49 | 50 | #include 51 | #include 52 | #include 53 | #include 54 | 55 | #include "tpm.h" 56 | #include "tpmutil.h" 57 | #include 58 | 59 | static void usage() { 60 | printf("Usage: loadcontext [-keep] -ha -if [-v]\n"); 61 | printf("\n"); 62 | printf(" -keep : when given indicates to keep the handle; default is FALSE\n"); 63 | printf(" -ha handle : preferred handle of the resource to load\n"); 64 | printf(" -if filename : the filename where to read the context from\n"); 65 | printf(" -v : to enable verbose output\n"); 66 | printf("\n"); 67 | printf("Examples:\n"); 68 | printf("loadcontext -keep -ha abc -if context1.sav\n"); 69 | exit(-1); 70 | } 71 | 72 | 73 | int main(int argc, char *argv[]) 74 | { 75 | int ret; 76 | char * filename = NULL; 77 | uint32_t handle = 0, entityHandle = -1; 78 | unsigned char *mycontext = NULL; 79 | uint32_t contextSize; 80 | STACK_TPM_BUFFER(context) 81 | TPM_BOOL keephandle = FALSE; 82 | int i = 1; 83 | 84 | TPM_setlog(0); 85 | 86 | while (i < argc) { 87 | if (!strcmp("-keep",argv[i])) { 88 | keephandle = TRUE; 89 | } else 90 | if (!strcmp("-if",argv[i])) { 91 | i++; 92 | if (i < argc) { 93 | filename = argv[i]; 94 | } else { 95 | printf("Missing parameter for -if.\n"); 96 | usage(); 97 | } 98 | } else 99 | if (!strcmp("-ha",argv[i])) { 100 | i++; 101 | if (i < argc) { 102 | sscanf(argv[i],"%x",&entityHandle); 103 | } else { 104 | printf("Missing parameter for -ha.\n"); 105 | usage(); 106 | } 107 | } else 108 | if (!strcmp("-v",argv[i])) { 109 | TPM_setlog(1); 110 | } else 111 | if (!strcmp("-h",argv[i])) { 112 | usage(); 113 | } else { 114 | printf("\n%s is not a valid option\n", argv[i]); 115 | usage(); 116 | } 117 | i++; 118 | } 119 | 120 | if (NULL == filename || -1 == (int)entityHandle) { 121 | printf("Missing argument.\n"); 122 | usage(); 123 | } 124 | 125 | 126 | ret = TPM_ReadFile(filename, 127 | &mycontext, &contextSize); 128 | if ( (ret & ERR_MASK) != 0) { 129 | printf("Error while reading context file.\n"); 130 | exit(-1); 131 | } 132 | SET_TPM_BUFFER(&context, mycontext, contextSize); 133 | ret = TPM_LoadContext(entityHandle, 134 | keephandle, 135 | &context, 136 | &handle); 137 | 138 | if (0 != ret) { 139 | printf("LoadContext returned error '%s' (%d).\n", 140 | TPM_GetErrMsg(ret), 141 | ret); 142 | } else { 143 | printf("New Handle = 0x%08X\n",handle); 144 | } 145 | 146 | exit(ret); 147 | } 148 | 149 | --------------------------------------------------------------------------------