keys.c

IBM开发的TPM的驱动, 有少量的例子可以供参考

	kparmbufsize = ret;
	/* calculate authorization HMAC value */
	ret =
	    TSS_authhmac(pubauth, sess.ssecret, TPM_HASH_SIZE, sess.enonce,
			 nonceodd, c, TPM_U32_SIZE, &ordinal,
			 TPM_HASH_SIZE, encauth1, TPM_HASH_SIZE, encauth2,
			 kparmbufsize, kparmbuf, 0, 0);
	if (ret != 0) {
		TSS_OSAPclose(&sess);
		return ret;
	}
	/* build the request buffer */
	ret = TSS_buildbuff(create_key_fmt, tpmdata,
			    ordinal,
			    keyhndl,
			    TPM_HASH_SIZE, encauth1,
			    TPM_HASH_SIZE, encauth2,
			    kparmbufsize, kparmbuf,
			    sess.handle,
			    TPM_NONCE_SIZE, nonceodd,
			    c, TPM_HASH_SIZE, pubauth);
	if ((ret & ERR_MASK) != 0) {
		TSS_OSAPclose(&sess);
		return ret;
	}
	/* transmit the request buffer to the TPM device and read the reply */
	ret = TPM_Transmit(tpmdata, "CreateWrapKey");
	if (ret != 0) {
		TSS_OSAPclose(&sess);
		return ret;
	}
	kparmbufsize = TSS_KeySize(tpmdata + TPM_DATA_OFFSET);
	ret =
	    TSS_checkhmac1(tpmdata, ordinal, nonceodd, sess.ssecret,
			   TPM_HASH_SIZE, kparmbufsize, TPM_DATA_OFFSET, 0,
			   0);
	TSS_OSAPclose(&sess);
	if (ret != 0)
		return ret;
	/* convert the returned key to a structure */
	if (key != NULL)
		TSS_KeyExtract(tpmdata + TPM_DATA_OFFSET, key);
	/* copy the key blob to caller */
	if (keyblob != NULL) {
		memcpy(keyblob, tpmdata + TPM_DATA_OFFSET, kparmbufsize);
		if (bloblen != NULL)
			*bloblen = kparmbufsize;
	}
	return 0;
}

/****************************************************************************/
/*                                                                          */
/* Load a new Key into the TPM                                              */
/*                                                                          */
/* The arguments are...                                                     */
/*                                                                          */
/* keyhandle is the handle of parent key for the new key                    */
/*           0x40000000 for the SRK                                         */
/* keyauth   is the authorization data (password) for the parent key        */
/*           if null, it is assumed that the parent requires no auth        */
/* keyparms  is a pointer to a keydata structure with all data  for the new */
/*           key                                                            */
/* newhandle is a pointer to a 32bit word which will receive the handle     */
/*           of the new key                                                 */
/*                                                                          */
/****************************************************************************/
uint32_t TPM_LoadKey(uint32_t keyhandle, unsigned char *keyauth,
		     keydata * keyparms, uint32_t * newhandle)
{
	unsigned char load_key_fmt[] = "00 c2 T l l % l % o %";
	unsigned char load_key_fmt_noauth[] = "00 c1 T l l %";
	uint32_t ret;
	unsigned char tpmdata[TPM_MAX_BUFF_SIZE];
	unsigned char kparmbuf[TPM_MAX_BUFF_SIZE];
	unsigned char nonceodd[TPM_NONCE_SIZE];
	unsigned char evennonce[TPM_NONCE_SIZE];
	unsigned char pubauth[TPM_HASH_SIZE];
	unsigned char c;
	uint32_t ordinal;
	uint32_t keyhndl;
	uint32_t authhandle;
	int kparmbufsize;

	/* check input arguments */
	if (keyparms == NULL || newhandle == NULL)
		return ERR_NULL_ARG;
	if (keyauth != NULL) {	/* parent requires authorization */
		/* generate odd nonce */
		TSS_gennonce(nonceodd);
		/* Open OIAP Session */
		ret = TSS_OIAPopen(&authhandle, evennonce);
		if (ret != 0)
			return ret;
		/* move Network byte order data to variables for hmac calculation */
		ordinal = htonl(0x20);
		keyhndl = htonl(keyhandle);
		c = 0;
		/* convert keyparm structure to buffer */
		ret = TPM_BuildKey(kparmbuf, keyparms);
		if ((ret & ERR_MASK) != 0) {
			TSS_OIAPclose(authhandle);
			return ret;
		}
		kparmbufsize = ret;
		/* calculate authorization HMAC value */
		ret =
		    TSS_authhmac(pubauth, keyauth, TPM_HASH_SIZE,
				 evennonce, nonceodd, c, TPM_U32_SIZE,
				 &ordinal, kparmbufsize, kparmbuf, 0, 0);
		if (ret < 0) {
			TSS_OIAPclose(authhandle);
			return ret;
		}
		/* build the request buffer */
		ret = TSS_buildbuff(load_key_fmt, tpmdata,
				    ordinal,
				    keyhndl,
				    kparmbufsize, kparmbuf,
				    authhandle,
				    TPM_NONCE_SIZE, nonceodd,
				    c, TPM_HASH_SIZE, pubauth);
		if ((ret & ERR_MASK) != 0) {
			TSS_OIAPclose(authhandle);
			return ret;
		}
		/* transmit the request buffer to the TPM device and read the reply */
		ret = TPM_Transmit(tpmdata, "LoadKey");
		if (ret != 0) {
			TSS_OIAPclose(authhandle);
			return ret;
		}
		TSS_OIAPclose(authhandle);
		ret =
		    TSS_checkhmac1(tpmdata, ordinal, nonceodd, keyauth,
				   TPM_HASH_SIZE, TPM_U32_SIZE,
				   TPM_DATA_OFFSET, 0, 0);
		if (ret != 0)
			return ret;
		*newhandle = LOAD32(tpmdata, TPM_DATA_OFFSET);
	} else {		/* parent requires NO authorization */

		/* move Network byte order data to variables for hmac calculation */
		ordinal = htonl(0x20);
		keyhndl = htonl(keyhandle);
		/* convert keyparm structure to buffer */
		ret = TPM_BuildKey(kparmbuf, keyparms);
		if ((ret & ERR_MASK) != 0)
			return ret;
		kparmbufsize = ret;
		/* build the request buffer */
		ret = TSS_buildbuff(load_key_fmt_noauth, tpmdata,
				    ordinal,
				    keyhndl, kparmbufsize, kparmbuf);
		if ((ret & ERR_MASK) != 0)
			return ret;
		/* transmit the request buffer to the TPM device and read the reply */
		ret = TPM_Transmit(tpmdata, "LoadKey");
		if (ret != 0)
			return ret;
		*newhandle = LOAD32(tpmdata, TPM_DATA_OFFSET);
	}
	return 0;
}

/****************************************************************************/
/*                                                                          */
/* Get a Public Key from the TPM                                            */
/*                                                                          */
/* The arguments are...                                                     */
/*                                                                          */
/* keyhandle is the handle of the key to be read                            */
/*           0x40000000 for the SRK                                         */
/* keyauth   is the authorization data (password) for the key               */
/*           if null, it is assumed that the key requires no authorization  */
/* keyblob   is a pointer to an area which will receive a copy of the       */
/*           public key blob.                                               */
/* keyblen   is a pointer to an integer which will receive the length of    */
/*           the key blob                                                   */
/*                                                                          */
/****************************************************************************/
uint32_t TPM_GetPubKey(uint32_t keyhandle,
		       unsigned char *keyauth,
		       unsigned char *keyblob, unsigned int *keyblen)
{
	unsigned char getpub_key_fmt[] = "00 c2 T l l l % o %";
	unsigned char getpub_key_fmt_noauth[] = "00 c1 T l l";
	uint32_t ret;
	unsigned char tpmdata[TPM_MAX_BUFF_SIZE];
	unsigned char nonceodd[TPM_NONCE_SIZE];
	unsigned char evennonce[TPM_NONCE_SIZE];
	unsigned char pubauth[TPM_HASH_SIZE];
	unsigned char c;
	uint32_t ordinal;
	uint32_t keyhndl;
	uint32_t authhandle;
	int size;

	/* check input arguments */
	if (keyblob == NULL || keyblen == NULL)
		return ERR_NULL_ARG;
	if (keyauth != NULL) {	/* key requires authorization */
		/* generate odd nonce */
		TSS_gennonce(nonceodd);
		/* Open OIAP Session */
		ret = TSS_OIAPopen(&authhandle, evennonce);
		if (ret != 0)
			return ret;
		/* move Network byte order data to variables for hmac calculation */
		ordinal = htonl(0x21);
		keyhndl = htonl(keyhandle);
		c = 0;
		/* calculate authorization HMAC value */
		ret =
		    TSS_authhmac(pubauth, keyauth, TPM_HASH_SIZE,
				 evennonce, nonceodd, c, TPM_U32_SIZE,
				 &ordinal, 0, 0);
		if (ret != 0) {
			TSS_OIAPclose(authhandle);
			return ret;
		}
		/* build the request buffer */
		ret = TSS_buildbuff(getpub_key_fmt, tpmdata,
				    ordinal,
				    keyhndl,
				    authhandle,
				    TPM_NONCE_SIZE, nonceodd,
				    c, TPM_HASH_SIZE, pubauth);
		if ((ret & ERR_MASK) != 0) {
			TSS_OIAPclose(authhandle);
			return ret;
		}
		/* transmit the request buffer to the TPM device and read the reply */
		ret = TPM_Transmit(tpmdata, "GetPubKey");
		if (ret != 0) {
			TSS_OIAPclose(authhandle);
			return ret;
		}
		TSS_OIAPclose(authhandle);
		size = TSS_PubKeySize(tpmdata + TPM_DATA_OFFSET, 0);
		ret =
		    TSS_checkhmac1(tpmdata, ordinal, nonceodd, keyauth,
				   TPM_HASH_SIZE, size, TPM_DATA_OFFSET, 0,
				   0);
		if (ret != 0)
			return ret;
		memcpy(keyblob, tpmdata + TPM_DATA_OFFSET, size);
		*keyblen = size;
	} else {		/* key requires NO authorization */

		/* move Network byte order data to variables for hmac calculation */
		ordinal = htonl(0x21);
		keyhndl = htonl(keyhandle);
		/* build the request buffer */
		ret = TSS_buildbuff(getpub_key_fmt_noauth, tpmdata,
				    ordinal, keyhndl);
		if ((ret & ERR_MASK) != 0)
			return ret;
		/* transmit the request buffer to the TPM device and read the reply */
		ret = TPM_Transmit(tpmdata, "GetPubKey");
		if (ret != 0)
			return ret;
		size = TSS_PubKeySize(tpmdata + TPM_DATA_OFFSET, 0);
		memcpy(keyblob, tpmdata + TPM_DATA_OFFSET, size);
		*keyblen = size;
	}
	return 0;
}

/****************************************************************************/
/*                                                                          */
/* Evict (delete) a  Key from the TPM                                       */
/*                                                                          */
/* The arguments are...                                                     */
/*                                                                          */
/* keyhandle is the handle of the key to be evicted                         */
/*                                                                          */
/****************************************************************************/
uint32_t TPM_EvictKey(uint32_t keyhandle)
{
	unsigned char evict_key_fmt[] = "00 c1 T 00 00 00 22 L";
	uint32_t ret;
	unsigned char tpmdata[TPM_MAX_BUFF_SIZE];

	ret = TSS_buildbuff(evict_key_fmt, tpmdata, keyhandle);
	if ((ret & ERR_MASK) != 0)
		return ret;