1 /*
2 * The Initial Developer of the Original Code is International
3 * Business Machines Corporation. Portions created by IBM
4 * Corporation are Copyright (C) 2005 International Business
5 * Machines Corporation. All Rights Reserved.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the Common Public License as published by
9 * IBM Corporation; either version 1 of the License, or (at your option)
10 * any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * Common Public License for more details.
16 *
17 * You should have received a copy of the Common Public License
18 * along with this program; if not, a copy can be viewed at
19 * http://www.opensource.org/licenses/cpl1.0.php.
20 */
21
22 #include "tpm_tspi.h"
23 #include "tpm_utils.h"
24
help(const char * aCmd)25 static void help(const char* aCmd)
26 {
27 logCmdHelp(aCmd);
28 logUnicodeCmdOption();
29 logCmdOption("-y, --owner-well-known", _("Set the owner secret to all zeros (20 bytes of zeros)."));
30 logCmdOption("-z, --srk-well-known", _("Set the SRK secret to all zeros (20 bytes of zeros)."));
31 }
32
33 static BOOL ownerWellKnown = FALSE;
34 static BOOL srkWellKnown = FALSE;
35 TSS_HCONTEXT hContext = 0;
36
parse(const int aOpt,const char * aArg)37 static int parse(const int aOpt, const char *aArg)
38 {
39
40 switch (aOpt) {
41 case 'y':
42 ownerWellKnown = TRUE;
43 break;
44 case 'z':
45 srkWellKnown = TRUE;
46 break;
47 default:
48 return -1;
49 }
50 return 0;
51 }
52
tpmTakeOwnership(TSS_HTPM a_hTpm,TSS_HKEY a_hSrk)53 static inline TSS_RESULT tpmTakeOwnership(TSS_HTPM a_hTpm, TSS_HKEY a_hSrk)
54 {
55
56 TSS_RESULT result =
57 Tspi_TPM_TakeOwnership(a_hTpm, a_hSrk, NULL_HKEY);
58 tspiResult("Tspi_TPM_TakeOwnership", result);
59
60 return result;
61 }
62
main(int argc,char ** argv)63 int main(int argc, char **argv)
64 {
65
66 char *szTpmPasswd = NULL;
67 char *szSrkPasswd = NULL;
68 int tpm_len, srk_len;
69 TSS_HTPM hTpm;
70 TSS_HKEY hSrk;
71 TSS_FLAG fSrkAttrs;
72 TSS_HPOLICY hTpmPolicy, hSrkPolicy;
73 int iRc = -1;
74 BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
75 struct option opts[] = {
76 {"owner-well-known", no_argument, NULL, 'y'},
77 {"srk-well-known", no_argument, NULL, 'z'},
78 };
79
80 initIntlSys();
81
82 if (genericOptHandler
83 (argc, argv, "yz", opts, sizeof(opts) / sizeof(struct option),
84 parse, help) != 0)
85 goto out;
86
87 if (contextCreate(&hContext) != TSS_SUCCESS)
88 goto out;
89
90 if (!ownerWellKnown) {
91 // Prompt for owner password
92 szTpmPasswd = GETPASSWD(_("Enter owner password: "), &tpm_len, TRUE);
93 if (!szTpmPasswd)
94 goto out;
95 }
96
97 if (!srkWellKnown) {
98 // Prompt for srk password
99 szSrkPasswd = GETPASSWD(_("Enter SRK password: "), &srk_len, TRUE);
100 if (!szSrkPasswd)
101 goto out;
102 }
103
104 if (contextConnect(hContext) != TSS_SUCCESS)
105 goto out_close;
106
107 if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS)
108 goto out_close;
109
110 if (policyGet(hTpm, &hTpmPolicy) != TSS_SUCCESS)
111 goto out_close;
112
113 if (ownerWellKnown) {
114 tpm_len = TCPA_SHA1_160_HASH_LEN;
115 if (policySetSecret(hTpmPolicy, tpm_len, well_known_secret) != TSS_SUCCESS)
116 goto out_obj_close;
117 } else {
118 if (policySetSecret(hTpmPolicy, tpm_len, (BYTE *)szTpmPasswd) != TSS_SUCCESS)
119 goto out_close;
120 }
121
122 fSrkAttrs = TSS_KEY_TSP_SRK | TSS_KEY_AUTHORIZATION;
123
124 if (contextCreateObject
125 (hContext, TSS_OBJECT_TYPE_RSAKEY, fSrkAttrs,
126 &hSrk) != TSS_SUCCESS)
127 goto out_close;
128
129 if (policyGet(hSrk, &hSrkPolicy) != TSS_SUCCESS)
130 goto out_obj_close;
131
132 if (srkWellKnown) {
133 srk_len = TCPA_SHA1_160_HASH_LEN;
134 if (policySetSecret(hSrkPolicy, srk_len, well_known_secret) != TSS_SUCCESS)
135 goto out_obj_close;
136 } else {
137 if (policySetSecret(hSrkPolicy, srk_len, (BYTE *)szSrkPasswd) != TSS_SUCCESS)
138 goto out_obj_close;
139 }
140
141 if (tpmTakeOwnership(hTpm, hSrk) != TSS_SUCCESS)
142 goto out_obj_close;
143
144 iRc = 0;
145 logSuccess(argv[0]);
146
147 out_obj_close:
148 contextCloseObject(hContext, hSrk);
149
150 out_close:
151 contextClose(hContext);
152
153 out:
154 if (szTpmPasswd)
155 shredPasswd(szTpmPasswd);
156
157 if (szSrkPasswd)
158 shredPasswd(szSrkPasswd);
159
160 return iRc;
161 }
162