📄 seal.c
字号:
/* it should be long enough to receive the encrypted data *//* which is 256 bytes, plus some overhead. 512 total recommended? *//* bloblen is a pointer to an integer which will receive the length *//* of the sealed blob *//* *//****************************************************************************/uint32_t TPM_SealCurrPCR(uint32_t keyhandle, uint32_t pcrmap, unsigned char *keyauth, unsigned char *dataauth, unsigned char *data, unsigned int datalen, unsigned char *blob, unsigned int *bloblen){ uint32_t ret; unsigned char pcrinfo[MAXPCRINFOLEN]; uint32_t pcrlen; ret = TSS_GenPCRInfo(pcrmap, pcrinfo, &pcrlen); if (ret != 0) return ret; return TPM_Seal(keyhandle, pcrinfo, pcrlen, keyauth, dataauth, data, datalen, blob, bloblen);}/****************************************************************************//* *//* Unseal a data object *//* *//* The arguments are... *//* *//* keyhandle is the handle of the key used to seal the data *//* 0x40000000 for the SRK *//* keyauth is the authorization data (password) for the key *//* or NULL if no password is required *//* dataauth is the authorization data (password) for the data being sealed *//* or NULL if no password is required *//* both authorization values must be 20 bytes long *//* blob is a pointer to an area to containing the sealed blob *//* bloblen is the length of the sealed blob *//* rawdata is a pointer to an area to receive the unsealed data (max 256?)*//* datalen is a pointer to a int to receive the length of the data *//* *//****************************************************************************/uint32_t TPM_Unseal(uint32_t keyhandle, unsigned char *keyauth, unsigned char *dataauth, unsigned char *blob, unsigned int bloblen, unsigned char *rawdata, unsigned int *datalen){ unsigned char unseal_fmt[] = "00 C3 T l l % l % o % l % o %"; unsigned char unseal_fmt_noauth[] = "00 C2 T l l % l % o %"; uint32_t ret; unsigned char tpmdata[TPM_MAX_BUFF_SIZE]; unsigned char nonceodd[TPM_NONCE_SIZE]; unsigned char enonce1[TPM_NONCE_SIZE]; unsigned char enonce2[TPM_NONCE_SIZE]; unsigned char dummyauth[TPM_NONCE_SIZE]; unsigned char *passptr2; unsigned char c; uint32_t ordinal; uint32_t keyhndl; uint32_t authhandle1; uint32_t authhandle2; unsigned char authdata1[TPM_HASH_SIZE]; unsigned char authdata2[TPM_HASH_SIZE]; memset(dummyauth, 0, sizeof dummyauth); /* check input arguments */ if (rawdata == NULL || blob == NULL) return ERR_NULL_ARG; if (dataauth == NULL) passptr2 = dummyauth; else passptr2 = dataauth; if (keyauth != NULL) { /* key password specified */ /* open TWO OIAP sessions, one for the Key and one for the Data */ ret = TSS_OIAPopen(&authhandle1, enonce1); if (ret != 0) return ret; ret = TSS_OIAPopen(&authhandle2, enonce2); if (ret != 0) return ret; /* move data to Network byte order variables for HMAC calculation */ ordinal = htonl(0x18); keyhndl = htonl(keyhandle); /* generate odd nonce */ TSS_gennonce(nonceodd); c = 0; /* calculate KEY authorization HMAC value */ ret = TSS_authhmac(authdata1, keyauth, TPM_HASH_SIZE, enonce1, nonceodd, c, TPM_U32_SIZE, &ordinal, bloblen, blob, 0, 0); if (ret != 0) { TSS_OIAPclose(authhandle1); TSS_OIAPclose(authhandle2); return ret; } /* calculate DATA authorization HMAC value */ ret = TSS_authhmac(authdata2, passptr2, TPM_NONCE_SIZE, enonce2, nonceodd, c, TPM_U32_SIZE, &ordinal, bloblen, blob, 0, 0); if (ret != 0) { TSS_OIAPclose(authhandle1); TSS_OIAPclose(authhandle2); return ret; } /* build the request buffer */ ret = TSS_buildbuff(unseal_fmt, tpmdata, ordinal, keyhndl, bloblen, blob, authhandle1, TPM_NONCE_SIZE, nonceodd, c, TPM_HASH_SIZE, authdata1, authhandle2, TPM_NONCE_SIZE, nonceodd, c, TPM_HASH_SIZE, authdata2); if ((ret & ERR_MASK) != 0) { TSS_OIAPclose(authhandle1); TSS_OIAPclose(authhandle2); return ret; } /* transmit the request buffer to the TPM device and read the reply */ ret = TPM_Transmit(tpmdata, "Unseal"); if (ret != 0) { TSS_OIAPclose(authhandle1); TSS_OIAPclose(authhandle2); return ret; } *datalen = LOAD32(tpmdata, TPM_DATA_OFFSET); /* check HMAC in response */ ret = TSS_checkhmac2(tpmdata, ordinal, nonceodd, keyauth, TPM_HASH_SIZE, passptr2, TPM_HASH_SIZE, TPM_U32_SIZE, TPM_DATA_OFFSET, *datalen, TPM_DATA_OFFSET + TPM_U32_SIZE, 0, 0); TSS_OIAPclose(authhandle1); TSS_OIAPclose(authhandle2); if (ret != 0) return ret; } else { /* no key password */ /* open ONE OIAP session, for the Data */ ret = TSS_OIAPopen(&authhandle2, enonce2); if (ret != 0) return ret; /* move data to Network byte order variables for HMAC calculation */ ordinal = htonl(0x18); keyhndl = htonl(keyhandle); /* generate odd nonce */ TSS_gennonce(nonceodd); c = 0; /* calculate DATA authorization HMAC value */ ret = TSS_authhmac(authdata2, passptr2, TPM_NONCE_SIZE, enonce2, nonceodd, c, TPM_U32_SIZE, &ordinal, bloblen, blob, 0, 0); if (ret != 0) { TSS_OIAPclose(authhandle2); return ret; } /* build the request buffer */ ret = TSS_buildbuff(unseal_fmt_noauth, tpmdata, ordinal, keyhndl, bloblen, blob, authhandle2, TPM_NONCE_SIZE, nonceodd, c, TPM_HASH_SIZE, authdata2); if ((ret & ERR_MASK) != 0) { TSS_OIAPclose(authhandle2); return ret; } /* transmit the request buffer to the TPM device and read the reply */ ret = TPM_Transmit(tpmdata, "Unseal"); if (ret != 0) { TSS_OIAPclose(authhandle2); return ret; } *datalen = LOAD32(tpmdata, TPM_DATA_OFFSET); /* check HMAC in response */ ret = TSS_checkhmac1(tpmdata, ordinal, nonceodd, passptr2, TPM_HASH_SIZE, TPM_U32_SIZE, TPM_DATA_OFFSET, *datalen, TPM_DATA_OFFSET + TPM_U32_SIZE, 0, 0); TSS_OIAPclose(authhandle2); if (ret != 0) return ret; } /* copy decrypted data back to caller */ memcpy(rawdata, tpmdata + TPM_DATA_OFFSET + TPM_U32_SIZE, *datalen); return 0;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -