Hey everyone,
I am not quite sure, whether this should go on the tech- or the users-
list, but I am experiencing issues with the transport functionality of
the TSP, the signing of a transport to be precise. When calling
Tspi_Context_CloseSignTransport, the function does not terminate. I am
fairly sure, that the key I am using (which is an AIK) has been loaded
correctly, and that I correctly initialized the validation structure as
well as the context, because I can quote within the same context using
the same code for initializing them.
I am using:
Ubuntu 11.04 (have to for compatibility reasons with other software)
trousers0.3.5-2_i386.deb (haven't seen anything on the update logs, that
would possibly fix this in future versions)
Atmel TPM v1.2 (capabilities include one transport session)
gcc 4.5.2
I will attach a piece of code to the bottom, which produces the error
with my system setup. I cleaned it from any unrelated code and at the
moment it is not executing anything within the transport. However the
same problem occurs, when executing TPM-commands during the transport.
Calling
gcc -ltspi -Wall -o ttest cleanTransportCall.c
on my source file should give no warning, or at least I do not get any.
Best regards,
Michael Dorner
########### Code for cleanTransportCall.c:##############################
/*
* cleanTransportCall.c
*
* Created on: Jan 7, 2013
* Author: michaeldorner
* Purpose: Bugreport CloseSignTransport
*
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/types.h>
#include <tss/platform.h>
#include <tss/tspi.h>
#include <trousers/trousers.h>
//challener debug macro (from tutorial)
#define DBG(message,tResult)printf("(Line%d, %s)%s returned 0x%08x. %s
\n", __LINE__,__func__,message, tResult,
(char*)Trspi_Error_String(tResult))
//declarations, supporting only plaintext secrets here
TSS_RESULT context_init(TSS_HCONTEXT *phContext);
TSS_RESULT srk_tpm_init(TSS_HCONTEXT *phContext, TSS_HKEY *phSRK,
char* srk_auth, TSS_HTPM *phTPM, char* owner_auth);
TSS_RESULT load_aik(TSS_HCONTEXT *hContext, TSS_HKEY *srk, TSS_HKEY
*hAIK,
TSS_UUID aik_uuid, char* aik_auth);
int main(int argc, char **agrv) {
printf("entered main\n");
TSS_HCONTEXT hContext;
TSS_HTPM hTPM;
TSS_HKEY hSRK, hAIKey;
TSS_VALIDATION vData;
TSS_RESULT result;
BYTE nonce[20];
int size = 20;
//modify this code to select own aik
TSS_UUID aik_uuid = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 12 } };
if ((result = context_init(&hContext)) != TSS_SUCCESS) {
exit(result);
}
if ((result = srk_tpm_init(&hContext, &hSRK, "password", &hTPM,
"password"))
!= TSS_SUCCESS) {
exit(result);
}
vData.ulExternalDataLength = size;
vData.rgbExternalData = nonce;
if ((result = load_aik(&hContext, &hSRK, &hAIKey, aik_uuid, NULL ))
!= TSS_SUCCESS) {
exit(result);
}
//set the nonce as external data
printf("starting transport session\n");
if ((result = Tspi_SetAttribUint32(hContext,
TSS_TSPATTRIB_CONTEXT_TRANSPORT,
TSS_TSPATTRIB_CONTEXTTRANS_CONTROL,
TSS_TSPATTRIB_ENABLE_TRANSPORT)) != TSS_SUCCESS) {
exit(result);
}
if ((result = Tspi_SetAttribUint32(hContext,
TSS_TSPATTRIB_CONTEXT_TRANSPORT,
TSS_TSPATTRIB_CONTEXTTRANS_MODE,
TSS_TSPATTRIB_TRANSPORT_NO_DEFAULT_ENCRYPTION)) !=
TSS_SUCCESS) {
exit(result);
}
if ((result = Tspi_SetAttribUint32(hContext,
TSS_TSPATTRIB_CONTEXT_TRANSPORT,
TSS_TSPATTRIB_CONTEXTTRANS_MODE,
TSS_TSPATTRIB_TRANSPORT_EXCLUSIVE)) != TSS_SUCCESS) {
exit(result);
}
if ((result = Tspi_SetAttribUint32(hContext,
TSS_TSPATTRIB_CONTEXT_TRANSPORT,
TSS_TSPATTRIB_CONTEXTTRANS_MODE,
TSS_TSPATTRIB_TRANSPORT_AUTHENTIC_CHANNEL)) !=
TSS_SUCCESS) {
exit(result);
}
//encapsulated commands start
//encapsulated commands end
printf("calling closeSignTransport\n");
if ((result = Tspi_Context_CloseSignTransport(hContext, hAIKey,
&vData))
!= TSS_SUCCESS) {
DBG("closing transport", result);
exit(result);
}
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
DBG("leaving main", result);
exit(result);
}
//helpers
/*
* this function takes an uninitalized tpmobject, srk and context and
initializes/loads it
*/
TSS_RESULT context_init(TSS_HCONTEXT *phContext) {
printf("entered context_init\n");
TSS_RESULT result;
//create context and connect to it
if ((result = Tspi_Context_Create(phContext)) != TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_Context_Connect(*phContext, NULL )) != TSS_SUCCESS)
{
return (result);
}
DBG("leaving context_init", result);
return result;
}
TSS_RESULT srk_tpm_init(TSS_HCONTEXT *phContext, TSS_HKEY *phSRK,
char* srk_auth, TSS_HTPM *phTPM, char* owner_auth) {
TSS_RESULT result;
TSS_HPOLICY hSRKPolicy, hTPMPolicy;
TSS_UUID UUID_SRK = TSS_UUID_SRK;
if ((result = Tspi_Context_LoadKeyByUUID(*phContext,
TSS_PS_TYPE_SYSTEM,
UUID_SRK, phSRK)) != TSS_SUCCESS) {
return (result);
}
//create policy object for the SRK and assign it
if ((result = Tspi_Context_CreateObject(*phContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hSRKPolicy)) != TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_PLAIN,
strlen(srk_auth), (BYTE *) srk_auth)) != TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_Policy_AssignToObject(hSRKPolicy, *phSRK)) !=
TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_Context_GetTpmObject(*phContext, phTPM)) !=
TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_Context_CreateObject(*phContext,
TSS_OBJECT_TYPE_POLICY,
TSS_POLICY_USAGE, &hTPMPolicy)) != TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
strlen(owner_auth), (BYTE *) owner_auth)) !=
TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_Policy_AssignToObject(hTPMPolicy, *phTPM)) !=
TSS_SUCCESS) {
return (result);
}
return result;
}
/*
* load an attestation key by its UUID, the context has to be connected
and the srk has to be loaded
*/
TSS_RESULT load_aik(TSS_HCONTEXT *hContext, TSS_HKEY *srk, TSS_HKEY
*hAIK,
TSS_UUID aik_uuid, char *aik_auth) {
printf("entered load_aik_by_uuid\n");
TSS_RESULT result;
TSS_HPOLICY hAIKPolicy;
if ((result = Tspi_Context_LoadKeyByUUID(*hContext, TSS_PS_TYPE_SYSTEM,
aik_uuid, hAIK)) != TSS_SUCCESS) {
return (result);
}
if ((result = Tspi_GetPolicyObject(*hAIK, TSS_POLICY_USAGE,
&hAIKPolicy))
!= TSS_SUCCESS) {
return (result);
}
//if using an AIK generated from the privacyCA.com code, it has NULL as
plain secret
if (aik_auth != NULL ) {
if ((result = Tspi_Policy_SetSecret(hAIKPolicy,
TSS_SECRET_MODE_PLAIN,
strlen(aik_auth), (BYTE*) aik_auth)) !=
TSS_SUCCESS) {
return (result);
}
} else {
if ((result = Tspi_Policy_SetSecret(hAIKPolicy,
TSS_SECRET_MODE_PLAIN,
0, NULL )) != TSS_SUCCESS) {
return (result);
}
}
DBG("leaving load_aik_by_uuid", result);
return (result);
}
------------------------------------------------------------------------------
Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and
much more. Get web development skills now with LearnDevNow -
350+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122812
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
