Just to clarify, Im aware that the problem appears to be to do with an OSAP session not being properly setup, so what do I need to do for it to be setup properly?
On Tue, 25 Feb 2020 at 20:12, Sam Jenkins <[email protected]> wrote: > hi, > could somone please help me with this? I've been trying to get this > working since late december and havn't been able to. I've successfully > sealed the data to the TPM using tspi_data_seal, but tspi_data_unseal if > failing. > > in debugging the I've found that it fails at authsess_xsap_verify, and it > seems to be something to do with the authorization session, I havn't been > able to figure out any more detail than that. > > I've included my code below, if anyone can see what Im missing in terms of > authorization before the call to tspi_data_unseal it really would be > greatly appreciated. Im not sure where else to ask about this. And looking > at the examples of how its used in tpm_tools and in other places (guide to > trusted computing etc.) have got me this far but no further. > > #include "test.h" > #include <stddef.h> > #include <stdio.h> > #include <stdlib.h> > #include <string.h> > #include <tss/platform.h> > #include <tss/tss_structs.h> > #include <tss/tss_typedef.h> > #include <unistd.h> > > int main() { > TSS_HPCRS pcrs; > UINT32 pcrsToUse[8] = {0, 1, 2, 3, 4, 5, 6, 7}; > UINT32 numOfPcrs = 8; > createKey(); > CreatePcrs(numOfPcrs, pcrsToUse, &pcrs); > > BYTE outBuffer[400] = {0}; > BYTE *inBuffer = readFile(); > > SealData(kHandle, pcrs, inSize, inBuffer, &outSize, outBuffer); > printf("sealed out %u\n", outSize); > // unsealData(kHandle, inSize, inBuffer, &outSize, outBuffer); > > // Tspi_Context_FreeMemory(hContext, NULL); > Tspi_Context_Close(hContext); > free(inBuffer); > printf("result = %u\n", result); > return 0; > } > > BYTE *readFile() { > BYTE *inBuffer; > > FILE *fin, *fout; > fin = fopen("/home/bham/Desktop/keyfile", "rb"); > fseek(fin, 0, SEEK_END); > inSize = ftell(fin); > if (inSize < 400) { > inBuffer = malloc(inSize); > } else { > return NULL; > } > outSize = inSize + 103; > fseek(fin, 0, SEEK_SET); > fread(inBuffer, inSize, 1, fin); > fclose(fin); > return inBuffer; > } > > TSS_HKEY initialSetup(TSS_UUID SRK_UUID) { > TSS_HPOLICY hOwnerPolicy; > > TSS_HKEY hSRK; > Tspi_Context_Create(&hContext); > Tspi_SetAttribUint32(hContext, TSS_TSPATTRIB_CONTEXT_VERSION_MODE, 0, > TSS_TSPATTRIB_CONTEXT_VERSION_V1_2); > Tspi_Context_Connect(hContext, NULL); > // set self to owner > Tspi_Context_GetTpmObject(hContext, &hTPM); > Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy); > Tspi_Policy_SetSecret(hOwnerPolicy, TSS_SECRET_MODE_SHA1, 4, "bham"); > > Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, > &hSRK); > // set SRK secret to well known secret > Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hOwnerPolicy); > Tspi_Policy_SetSecret(hOwnerPolicy, TSS_SECRET_MODE_SHA1, 20, wks); > return hSRK; > } > > TSS_HKEY newKey(TSS_UUID key_uuid, TSS_UUID SRK_UUID, TSS_HKEY hSRK, > TSS_HKEY hKey) { > TSS_HPOLICY policy; > // set a secret on the key, this will be used as setting a password once > the > // seal/unseal is working > Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, > TSS_POLICY_USAGE, > &policy); > Tspi_Policy_SetSecret(policy, TSS_SECRET_MODE_PLAIN, 4, "bham"); > Tspi_Policy_AssignToObject(policy, hKey); > > // create the key and register it to storage > result = Tspi_Key_CreateKey(hKey, hSRK, 0); > result = Tspi_Context_RegisterKey(hContext, hKey, TSS_PS_TYPE_SYSTEM, > key_uuid, TSS_PS_TYPE_SYSTEM, > SRK_UUID); > > result = Tspi_Key_LoadKey(hKey, hSRK); > return hKey; > } > > int createKey() { > TSS_FLAG initFlags; > TSS_HKEY hSRK, hKey; > TSS_UUID key_uuid = {7}, SRK_UUID = TSS_UUID_SRK; > > hSRK = initialSetup(SRK_UUID); > > initFlags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | > TSS_KEY_NOT_MIGRATABLE; > Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, initFlags, > &hKey); > > // check that a key has been created, otherwise make one. > if (!(TSS_SUCCESS == Tspi_Context_GetKeyByUUID(hContext, > TSS_PS_TYPE_SYSTEM, > key_uuid, &kHandle))) { > kHandle = newKey(key_uuid, SRK_UUID, hSRK, hKey); > printf("key created result = %u\n", result); > } else { > result = Tspi_Key_LoadKey(kHandle, hSRK); > } > printf("key premade result = %u\n", result); > return 0; > } > > int SealData(TSS_HKEY hKey, TSS_HPCRS hPcrs, UINT32 in_size, BYTE *in, > UINT32 *out_size, BYTE *out) { > TSS_HENCDATA hEncData; > UINT32 keySize, tmp_out_size; > BYTE *tmp_out; > /* Create the encrypted data object in the TSP */ > Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, > TSS_ENCDATA_SEAL, > &hEncData); > Tspi_GetAttribUint32(hKey, TSS_TSPATTRIB_KEY_INFO, > TSS_TSPATTRIB_KEYINFO_SIZE, > &keySize); > > TSS_HPOLICY policy; > > Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, > TSS_POLICY_USAGE, > &policy); > Tspi_Policy_SetSecret(policy, TSS_SECRET_MODE_PLAIN, 4, "bham"); > > /* Make sure the data is small enough to be bound by this* > key,taking into account the OAEP padding size (38) and* the > size of the TPM_SEALED_DATA structure (65) */ > if (in_size > 153) { > printf("Data to be encrypted is too big !\n"); > return -1; > } > > result = Tspi_Data_Seal(hEncData, hKey, in_size, in, hPcrs); > > printf("result of seal = %u\n", result); > // This is the test unseal I'm using directly afterwoods, wont be here in > // finished program. > BYTE *outputholder; > printf("result of policy =%u\n", result); > result = Tspi_Data_Unseal(hEncData, hKey, &in_size, &outputholder); > printf("result of unseal: %u\n", result); > FILE *fout; > fout = fopen("/home/bham/Desktop/Temp Work/testout", "wb"); > write(fileno(fout), outputholder, *out_size); > fclose(fout); > > /* Now hEncData contains an encrypted blob, let’s extract * it > NORMAL CODE RESUMES HERE*/ > Tspi_GetAttribData(hEncData, TSS_TSPATTRIB_ENCDATA_BLOB, > TSS_TSPATTRIB_ENCDATABLOB_BLOB, &tmp_out_size, > &tmp_out); > printf("output of get data: %u\n", result); > > printf("result = %i\n", result); > printf("%u = tmp_out_size\n", tmp_out_size); > printf("%s = tmp_out\n", tmp_out); > > memcpy(out, tmp_out, tmp_out_size); > *out_size = tmp_out_size; > > printf("out is :%s\n", out); > /* Free the blob returned by the TSP */ > Tspi_Context_FreeMemory(hContext, tmp_out); > /* Close the encrypted data object, it will no longer * be used */ > Tspi_Context_CloseObject(hContext, hEncData); > return 0; > } > > int CreatePcrs(UINT32 num_pcrs, UINT32 *pcrs, TSS_HPCRS *hPcrs) { > UINT32 numPcrs, subCap, i; > UINT32 ulPcrValueLength; > BYTE *rgbPcrValue, *rgbNumPcrs; > Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0, hPcrs); > // Retrieve number of PCRs from the TPM > subCap = TSS_TPMCAP_PROP_PCR; > Tspi_TPM_GetCapability(hTPM, TSS_TPMCAP_PROPERTY, sizeof(UINT32), > (BYTE *)&subCap, &ulPcrValueLength, &rgbNumPcrs); > numPcrs = *(UINT32 *)rgbNumPcrs; > Tspi_Context_FreeMemory(hContext, rgbNumPcrs); > for (i = 0; i < num_pcrs; i++) { > if (pcrs[i] >= numPcrs) { > printf("PCR value %u is too big !\n", pcrs[i]); > Tspi_Context_CloseObject(hContext, *hPcrs); > return -1; > } > Tspi_TPM_PcrRead(hTPM, pcrs[i], &ulPcrValueLength, &rgbPcrValue); > Tspi_PcrComposite_SetPcrValue(*hPcrs, pcrs[i], ulPcrValueLength, > rgbPcrValue); > Tspi_Context_FreeMemory(hContext, rgbPcrValue); > } > return 0; > } > > and yes Im aware of flaws in here like fixed and rubbish passwords, this > is all just simple test stuff while I get it working. > -- hello
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
