Commit bdba604b authored by Cody Cutler's avatar Cody Cutler

Add tools/tspitests

This code includes various useful TPM tools along with doquote.c and
tpm-signoff.c which we use in the MFS to proceed down the secure
bootchain.
parent a21d2f8b
all:
gcc -o idkey idkey.c -ltspi #-lcrypto
gcc -o keygen keygen.c -ltspi
gcc -o doquote doquote.c -ltspi
gcc -o tpm-signoff tpm-signoff.c -ltspi
gcc -o getpub getpub.c -ltspi
gcc -o loadkey loadkey.c -ltspi
gcc -o fail fail.c -ltspi
gcc -o pcrcomposite pcrcomposite.c -ltspi
gcc -o ltpmloadkey ltpmloadkey.c libtpm/bind.c libtpm/chgauth.c \
libtpm/hmac.c libtpm/keys.c libtpm/migrate.c libtpm/miscfunc.c \
libtpm/oiaposap.c libtpm/owner.c libtpm/pcrs.c libtpm/seal.c \
libtpm/signature.c libtpm/tpmutil.c -Ilibtpm -lcrypto
These example programs show how to do various things with Trousers and
libtpm. The only important ones are these:
idkey.c - Goes through the trouble of creating an
identity key - this process is fairly complex
under normal circumstances but in our
environment it is much simpler. This is why we
are able to skip all the Privacy CA stuff.
doquote.c - This is a helper program that we use inside
the TPM MFS; it was made to be used in scripts
with tmcc. It will take the output from TMCD
'quoteprep' command, do the proper quote, and
then write the output back out so it can be
piped right back to tmcc for the 'nextstate'
command. See the usage for more details.
loadkey.c - This demonstrates how to load an encrypted
identity key blob and make a quote with it. It
also has some bonus code that shows how to parse
the quote.
ltpmloadkey.c - This also loads an identity key (but it uses
libtpm, unlike all other code here), generates a
quote with the identity key, parses it, and
verifies it. This is fairly valuable because
there is/was practically no documentation on how
to do this.
pcrcomposite.c - Shows the PCR composite structure (also in
ltpmloadkey.c).
tpm-signoff.c - This is another helper program we use in the
TPM MFS. It extends rubbish into the specified
PCR. We use this for the sign-off phase of the
boot chain.
This diff is collapsed.
/*
* EMULAB-COPYRIGHT
* Copyright (c) 2008-2010 University of Utah and the Flux Group.
* All rights reserved.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <err.h>
#include <fcntl.h>
#include <openssl/ssl.h>
#include <sys/stat.h>
#include <tss/tspi.h>
#include <tss/platform.h>
#include <tss/tss_typedef.h>
#include <tss/tss_structs.h>
#define TSS_ERROR_CODE(x) (x & 0xFFF)
#define FATAL(x) do{printf("**\t");printf(x);printf("\n");}while(0);
//#define FATAL(x) do{printf(x);printf("\n");exit(1);}while(0);
void check(char *msg, int cin){
int in = TSS_ERROR_CODE(cin);
printf("%s: ", msg);
if(in == TSS_SUCCESS) {
printf("TSS_SUCCESS\n");
return;
} else if(in == TSS_E_INVALID_HANDLE)
printf("TSS_E_INVALID_HANDLE\n");
else if(in == TSS_E_INTERNAL_ERROR)
printf("TSS_E_INTERNAL_ERROR\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else if(in == TSS_E_HASH_INVALID_LENGTH)
printf("TSS_E_HASH_INVALID_LENGTH\n");
else if(in == TSS_E_HASH_NO_DATA)
printf("TSS_E_HASH_NO_DATA\n");
else if(in == TSS_E_INVALID_SIGSCHEME)
printf("TSS_E_INVALID_SIGSCHEME\n");
else if(in == TSS_E_HASH_NO_IDENTIFIER)
printf("TSS_E_HASH_NO_IDENTIFIER\n");
else if(in == TSS_E_PS_KEY_NOTFOUND)
printf("TSS_E_PS_KEY_NOTFOUND\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else
printf("Not here: 0x%x\n", in);
//exit(1);
}
void pquote(TSS_VALIDATION *valdata)
{
int i;
TPM_QUOTE_INFO *qinfo = (TPM_QUOTE_INFO*)valdata->rgbData;
if (valdata->ulDataLength < sizeof(TPM_QUOTE_INFO))
printf("**too small to fit in TPM_QUOTE_INFO struct\n");
printf("version: maj: %d min: %d\n", qinfo->version.major,
qinfo->version.minor);
printf("fixed: ");
for (i = 0; i < 4; i++)
printf("%c", qinfo->fixed[i]);
printf("\n");
printf("SHA1 hash: ");
for (i = 0; i < 20; i++)
printf("%02x ", qinfo->compositeHash.digest[i]);
printf("\n");
printf("nonce: ");
for (i = 0; i < 20; i++)
printf("%02x ", qinfo->externalData.nonce[i]);
printf("\n");
}
int
main(void)
{
int ret, i, fd;
TSS_HCONTEXT hContext;
TSS_HKEY hSRK, hKey;
TSS_HPOLICY hPolicy;
TSS_UUID srkUUID = TSS_UUID_SRK;
TSS_HPOLICY srkpol, hTPMPolicy;
TSS_HENCDATA hencdata;
TSS_HPCRS pcrs;
TSS_HTPM hTPM;
UINT32 srklen, bloblen;
BYTE *srkpub, blob[1024];
TSS_HPCRS hpcomp;
TSS_VALIDATION valdata;
TSS_HHASH hHash;
UINT32 siglen;
BYTE *sig;
RSA *rsa;
fd = open("key.blob", O_RDONLY, S_IRUSR | S_IWUSR);
if (fd < 0)
errx(1, "Couldn't open key.blob\n");
printf("opened; fd %d\n", fd);
bloblen = read(fd, blob, 1024);
if (bloblen == -1) {
perror(NULL);
errx(1, "error reading key.blob\n");
}
printf("read %d bytes from key.blob\n", bloblen);
/* create context and connect */
ret = Tspi_Context_Create(&hContext);
check("context create", ret);
ret = Tspi_Context_Connect(hContext, NULL);
check("context connect", ret);
ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM,
srkUUID, &hSRK);
check("loadkeybyuuid", ret);
/* srk password */
ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol);
check("get policy object", ret);
ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234");
check("policy set secret", ret);
/* owner TPM password */
ret = Tspi_Context_GetTpmObject(hContext, &hTPM);
check("get policy object", ret);
//Insert the owner auth into the TPM's policy
ret = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
check("get tpm policy", ret);
ret = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
3, "123");
check("set owner secret", ret);
ret = Tspi_Context_LoadKeyByBlob(hContext, hSRK, bloblen, blob, &hKey);
check("load key by blob", ret);
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0,
&hpcomp);
check("create pcrs object", ret);
ret = Tspi_PcrComposite_SelectPcrIndex(hpcomp, 1);
check("select pcr index", ret);
/* nonce */
valdata.ulExternalDataLength = 20;
valdata.rgbExternalData = "12345678901234567890";
ret = Tspi_TPM_Quote(hTPM, hKey, hpcomp, &valdata);
check("quote", ret);
pquote(&valdata);
/* try to sign arbitrary data instead */
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_HASH,
TSS_HASH_SHA1, &hHash);
check("create hash object", ret);
ret = Tspi_Hash_SetHashValue(hHash, 20, "Je pense, danc je sa");
check("set has value", ret);
/* Try to sign some hash with our identity key instead of a signing key
* (we shouldn't be able to do this)
*/
ret = Tspi_Hash_Sign(hHash, hKey, &siglen, &sig);
check("hash sign", ret);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
/*
* EMULAB-COPYRIGHT
* Copyright (c) 2008-2010 University of Utah and the Flux Group.
* All rights reserved.
*/
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <err.h>
#include <tss/tspi.h>
#include <tss/platform.h>
#include <tss/tss_typedef.h>
#include <tss/tss_structs.h>
#define TSS_ERROR_CODE(x) (x & 0xFFF)
#define FATAL(x) do{printf("**\t");printf(x);printf("\n");}while(0);
//#define FATAL(x) do{printf(x);printf("\n");exit(1);}while(0);
void check(char *msg, int cin){
int in = TSS_ERROR_CODE(cin);
printf("%s: ", msg);
if(in == TSS_SUCCESS) {
printf("TSS_SUCCESS\n");
return;
} else if(in == TSS_E_INVALID_HANDLE)
printf("TSS_E_INVALID_HANDLE\n");
else if(in == TSS_E_INTERNAL_ERROR)
printf("TSS_E_INTERNAL_ERROR\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else if(in == TSS_E_HASH_INVALID_LENGTH)
printf("TSS_E_HASH_INVALID_LENGTH\n");
else if(in == TSS_E_HASH_NO_DATA)
printf("TSS_E_HASH_NO_DATA\n");
else if(in == TSS_E_INVALID_SIGSCHEME)
printf("TSS_E_INVALID_SIGSCHEME\n");
else if(in == TSS_E_HASH_NO_IDENTIFIER)
printf("TSS_E_HASH_NO_IDENTIFIER\n");
else if(in == TSS_E_PS_KEY_NOTFOUND)
printf("TSS_E_PS_KEY_NOTFOUND\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else
printf("Not here: 0x%x\n", in);
exit(1);
}
int
main(void)
{
TSS_HCONTEXT hContext;
TSS_HHASH hHash;
TSS_HKEY hSigningKey, hSRK;
TSS_HPOLICY hPolicy;
TSS_UUID srkUUID = TSS_UUID_SRK;
TSS_UUID myuuid = {1,1,1,1,1,{1,1,1,1,1,1}};
TSS_HPOLICY srkpol;
int ret,i;
int plen = 0;
BYTE *pub;
int explen=0;
BYTE *exp;
/* create context and connect */
ret = Tspi_Context_Create(&hContext);
check("context create", ret);
ret = Tspi_Context_Connect(hContext, NULL);
check("context connect", ret);
ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID, &hSRK);
check("loadkeybyuuid", ret);
ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol);
check("get policy object", ret);
ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234");
check("policy set secret", ret);
ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, myuuid,
&hSigningKey);
/*
ret = Tspi_Key_GetPubKey(hSigningKey, &plen, &pub);
check("getpubkey", ret);
*/
ret = Tspi_GetAttribData(hSigningKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &plen, &pub);
if(pub){
printf("modulus len: %d\n", plen);
for(i=0;i < plen;++i)
printf("\\x%.02x", pub[i]);
printf("\n");
}
ret = Tspi_GetAttribData(hSigningKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &explen, &exp);
if(exp){
printf("exp len: %d\n", explen);
for(i=0;i < explen;++i)
printf("\\x%.02x", exp[i]);
printf("\n");
}
/* close context */
ret = Tspi_Key_UnloadKey(hSigningKey);
check("unload key", ret);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
/*
* EMULAB-COPYRIGHT
* Copyright (c) 2008-2010 University of Utah and the Flux Group.
* All rights reserved.
*/
#include <stdio.h>
#include <string.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <iconv.h>
#include <langinfo.h>
#include <sys/stat.h>
#include <tss/tspi.h>
#include <tss/platform.h>
#include <tss/tss_typedef.h>
#include <tss/tss_structs.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#define TSS_ERROR_CODE(x) (x & 0xFFF)
#define FATAL(x) do{printf("**\t");printf(x);printf("\n"); return 1;}while(0);
#define print_error(x,y) do{printf(x);}while(0);
void check(char *msg, int cin){
int in = TSS_ERROR_CODE(cin);
printf("%s: ", msg);
if(in == TSS_SUCCESS)
printf("TSS_SUCCESS\n");
else if(in == TSS_E_INVALID_HANDLE)
printf("TSS_E_INVALID_HANDLE\n");
else if(in == TSS_E_INTERNAL_ERROR)
printf("TSS_E_INTERNAL_ERROR\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else if(in == TSS_E_HASH_INVALID_LENGTH)
printf("TSS_E_HASH_INVALID_LENGTH\n");
else if(in == TSS_E_HASH_NO_DATA)
printf("TSS_E_HASH_NO_DATA\n");
else if(in == TSS_E_INVALID_SIGSCHEME)
printf("TSS_E_INVALID_SIGSCHEME\n");
else if(in == TSS_E_HASH_NO_IDENTIFIER)
printf("TSS_E_HASH_NO_IDENTIFIER\n");
else if(in == TSS_E_PS_KEY_NOTFOUND)
printf("TSS_E_PS_KEY_NOTFOUND\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else if(in == TSS_E_PS_KEY_NOTFOUND)
printf("TSS_E_P_KEY_NOTFOUND\n");
else
printf("Not here: 0x%x\n", in);
return;
}
int blob_pubkey(char *out, unsigned int olen, char *in, unsigned int ilen,
char *p, unsigned int psize)
{
unsigned int offset, size;
if (olen < ilen) {
printf("\t\tblob_pubkey failed: olen < ilen\n");
return;
}
if (psize == 0) {
printf("\t\tblob_pubkey failed: psize == 0\n");
return;
}
memcpy(out, in, ilen);
/* Keep all the keyparms the same, overwrite the public key at end.
* Check sizes to make sure we get the right offset. They are
* big-endian. */
offset = 4 + 2 + 2;
/* Key parms length */
size = Decode_UINT32(in + offset);
offset += 4;
offset += size;
/* Key length */
UINT32ToArray(psize, out + offset);
offset += 4;
/* out + offset should now be pointing to the public key */
memcpy(out + offset, p, psize);
offset += psize;
return offset;
}
TSS_RESULT
make_fake_key(TSS_HCONTEXT hContext, TSS_HKEY *hCAKey, RSA **rsa, int padding)
{
TSS_RESULT result;
UINT32 encScheme, size_n, pub_size;
BYTE n[2048];
TCPA_PUBKEY pubkey;
UINT32 blob_size, size;
BYTE *blob, pub_blob[1024];
switch (padding) {
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
//Create CA Key Object
result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, hCAKey);
if (result != TSS_SUCCESS) {
check("Tspi_Context_CreateObject", result);
return result;
}
// generate a software key to represent the CA's key
if ((*rsa = RSA_generate_key(2048, 65537, NULL, NULL)) == NULL) {
ERR_print_errors_fp(stdout);
return 254; // ?
}
// get the pub CA key
if ((size_n = BN_bn2bin((*rsa)->n, n)) <= 0) {
fprintf(stderr, "BN_bn2bin failed\n");
ERR_print_errors_fp(stdout);
RSA_free(*rsa);
return 254; // ?
}
result = Tspi_GetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blob_size, &blob);
if (result != TSS_SUCCESS) {
check("Tspi_GetAttribData", result);
return result;
}
pub_size = blob_pubkey(pub_blob, 1024, blob, blob_size, n, size_n);
result = Tspi_SetAttribData(*hCAKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, pub_size, pub_blob);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribData", result);
return result;
}
// set the CA key's algorithm
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM,
TSS_ALG_RSA);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's number of primes
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_PRIMES,
2);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
// set the CA key's encryption scheme
result = Tspi_SetAttribUint32(*hCAKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME,
encScheme);
if (result != TSS_SUCCESS) {
check("Tspi_SetAttribUint32", result);
RSA_free(*rsa);
return result;
}
return TSS_SUCCESS;
}
int
main(void)
{
TSS_HCONTEXT hContext;
TSS_HKEY hKey, hSRK, hCAKey;
TSS_HPOLICY hPolicy, hTPMPolicy, hidpol;
TSS_UUID srkUUID = TSS_UUID_SRK;
TSS_UUID myuuid = {1,1,1,1,1,{1,1,1,1,1,1}};
TSS_HPOLICY srkpol;
TSS_HTPM hTPM;
UINT32 idbloblen;
BYTE *labelString = "My Identity Label";
UINT32 labelLen = strlen(labelString) + 1;
BYTE *rgbIdentityLabelData = NULL, *identityReqBlob;
UINT32 ulIdentityReqBlobLen;
int ret,i, blobos, fd;
RSA *rsa = NULL;
BYTE *blobo, *idblob;
/* create context and connect */
ret = Tspi_Context_Create(&hContext);
check("context create", ret);
ret = Tspi_Context_Connect(hContext, NULL);
check("context connect", ret);
ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID,
&hSRK);
check("loadkeybyuuid", ret);
ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol);
check("get policy object", ret);
ret = Tspi_Policy_SetSecret(srkpol, TSS_SECRET_MODE_PLAIN, 4, "1234");
check("policy set secret", ret);
ret = Tspi_Context_GetTpmObject(hContext, &hTPM);
check("get policy object", ret);
//Insert the owner auth into the TPM's policy
ret = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy);
check("get tpm policy", ret);
ret = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_PLAIN,
3, "123");
check("set owner secret", ret);
ret = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
//TSS_KEY_TYPE_STORAGE
TSS_KEY_TYPE_IDENTITY
//TSS_KEY_TYPE_SIGNING
| TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION
| TSS_KEY_NOT_MIGRATABLE | TSS_KEY_VOLATILE
, &hKey);
check("create object - key", ret);
ret = Tspi_GetPolicyObject(hKey, TSS_POLICY_USAGE, &hidpol);
check("get id key policy", ret);
ret = Tspi_Policy_SetSecret(hidpol, TSS_SECRET_MODE_PLAIN,
4, "1234");
check("set idkey secret", ret);
/* We must create this fake privacy CA key in software so that
* Tspi_TPM_CollateIdentityRequest will happily work. It needs it to
* create the cert request which is required in a normal remote
* attestion procedure. It is not needed in our setup though.
*/
ret = make_fake_key(hContext, &hCAKey, &rsa, RSA_PKCS1_OAEP_PADDING);
check("ca nonsense", ret);
/* We do not care about idblob - that is the certificate request that
* we are supposed to send to our CA in normal remote attestation. The
* fifth argument is our identity label (it is supposed to be unicode).
*/
ret = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hCAKey, 8, "id label",
hKey, TSS_ALG_3DES, &idbloblen, &idblob);
check("collate id", ret);
blobo = NULL;
/*ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobos, &blobo);*/
ret = Tspi_GetAttribData(hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_BLOB, &blobos, &blobo);
check("get blob", ret);
if (!blobo) {
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
FATAL("no blobo");
}
printf("size: %d\n", blobos);
for (i = 0;i < blobos; i++) {
printf("\\x%x", blobo[i]);
}
printf("\n");
fd = open("key.blob", O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR);
if (fd == -1) {
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
FATAL("Open\n");
}
ret = write(fd, blobo, blobos);
if (ret != blobos)
printf("Warning: couldn't write the whole key\n");
close(fd);
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
/*
* EMULAB-COPYRIGHT
* Copyright (c) 2008-2010 University of Utah and the Flux Group.
* All rights reserved.
*/
#include <stdio.h>
#include <string.h>
#include <err.h>
#include <tss/tspi.h>
#include <tss/platform.h>
#include <tss/tss_typedef.h>
#include <tss/tss_structs.h>
#define TSS_ERROR_CODE(x) (x & 0xFFF)
#define FATAL(x) do{printf("**\t");printf(x);printf("\n");}while(0);
//#define FATAL(x) do{printf(x);printf("\n");exit(1);}while(0);
void check(char *msg, int cin){
int in = TSS_ERROR_CODE(cin);
printf("%s: ", msg);
if(in == TSS_SUCCESS)
printf("TSS_SUCCESS\n");
else if(in == TSS_E_INVALID_HANDLE)
printf("TSS_E_INVALID_HANDLE\n");
else if(in == TSS_E_INTERNAL_ERROR)
printf("TSS_E_INTERNAL_ERROR\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else if(in == TSS_E_HASH_INVALID_LENGTH)
printf("TSS_E_HASH_INVALID_LENGTH\n");
else if(in == TSS_E_HASH_NO_DATA)
printf("TSS_E_HASH_NO_DATA\n");
else if(in == TSS_E_INVALID_SIGSCHEME)
printf("TSS_E_INVALID_SIGSCHEME\n");
else if(in == TSS_E_HASH_NO_IDENTIFIER)
printf("TSS_E_HASH_NO_IDENTIFIER\n");
else if(in == TSS_E_PS_KEY_NOTFOUND)
printf("TSS_E_PS_KEY_NOTFOUND\n");
else if(in == TSS_E_BAD_PARAMETER)
printf("TSS_E_BAD_PARAMETER\n");
else if(in == TSS_E_PS_KEY_NOTFOUND)
printf("TSS_E_P_KEY_NOTFOUND\n");
else
printf("Not here: 0x%x\n", in);
return;
}
int
main(void)
{
TSS_HCONTEXT hContext;
TSS_HKEY hKey, hSRK;
TSS_HPOLICY hPolicy;
TSS_UUID srkUUID = TSS_UUID_SRK;
TSS_UUID myuuid = {1,1,1,1,1,{1,1,1,1,1,1}};
TSS_HPOLICY srkpol;
int ret,i, blobos;
BYTE *blobo;
/* create context and connect */
ret = Tspi_Context_Create(&hContext);
check("context create", ret);
ret = Tspi_Context_Connect(hContext, NULL);
check("context connect", ret);
ret = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID, &hSRK);
check("loadkeybyuuid", ret);
ret = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkpol);
check("get policy object", ret);