1 /* 2 * The Initial Developer of the Original Code is International 3 * Business Machines Corporation. Portions created by IBM 4 * Corporation are Copyright (C) 2005 International Business 5 * Machines Corporation. All Rights Reserved. 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the Common Public License as published by 9 * IBM Corporation; either version 1 of the License, or (at your option) 10 * any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * Common Public License for more details. 16 * 17 * You should have received a copy of the Common Public License 18 * along with this program; if not, a copy can be viewed at 19 * http://www.opensource.org/licenses/cpl1.0.php. 20 */ 21 22 #include <limits.h> 23 #include "tpm_tspi.h" 24 #include "tpm_utils.h" 25 26 //Controled by input options 27 static char in_filename[PATH_MAX] = ""; 28 static BOOL isInputSet = FALSE; 29 TSS_HCONTEXT hContext = 0; 30 31 static void help(const char *aCmd) 32 { 33 logCmdHelp(aCmd); 34 logCmdOption("-i, --infile FILE", 35 _("Filename containing the secret data used to revoke the EK.")); 36 37 } 38 39 static int parse(const int aOpt, const char *aArg) 40 { 41 switch (aOpt) { 42 case 'i': 43 isInputSet = TRUE; 44 if (aArg){ 45 strncpy(in_filename, aArg, PATH_MAX); 46 } 47 break; 48 default: 49 return -1; 50 } 51 52 return 0; 53 } 54 55 static TSS_RESULT 56 tpmRevokeEk(TSS_HTPM a_hTpm, UINT32 revDataSz, BYTE *revData) 57 { 58 TSS_RESULT result = Tspi_TPM_RevokeEndorsementKey( a_hTpm, revDataSz, revData); 59 tspiResult("Tspi_TPM_RevokeEndorsementKey", result); 60 return result; 61 } 62 63 static int readData(UINT32 bytesToRead, BYTE **buffer) 64 { 65 FILE *infile = NULL; 66 size_t iBytes; 67 int rc = 0; 68 BYTE eofile; 69 70 infile = fopen(in_filename, "r"); 71 if ( !infile ){ 72 logError(_("Unable to open input file: %s\n"), 73 in_filename); 74 return -1; 75 } 76 77 //Read the data 78 iBytes = fread( *buffer, 1, bytesToRead, infile ); 79 if ( iBytes < bytesToRead ){ 80 logError(_("Error: the secret data file %s contains less than %d bytes. Aborting with %s...\n"), 81 in_filename, bytesToRead); 82 rc = -1; 83 } else if ( (iBytes = fread( &eofile, 1, 1, infile )) ) { 84 //Test if there's more than 20 bytes 85 if ( !feof( infile)) 86 logMsg(_("WARNING: Using only the first %d bytes of file %s for secret data\n"), 87 bytesToRead, in_filename); 88 } else { 89 logDebug(_("Read %d bytes of secret data from file %s.\n"), 90 bytesToRead, in_filename); 91 } 92 93 fclose( infile); 94 return rc; 95 } 96 97 int main(int argc, char **argv) 98 { 99 TSS_RESULT tResult; 100 TSS_HTPM hTpm; 101 int iRc = -1; 102 struct option opts[] = { 103 {"infile", required_argument, NULL, 'i'}, 104 }; 105 BYTE revokeData[TPM_SHA1BASED_NONCE_LEN]; 106 BYTE *revData = revokeData; 107 108 initIntlSys(); 109 110 if (genericOptHandler(argc, argv, "i:", opts, sizeof(opts) / sizeof(struct option), parse, 111 help) != 0) 112 goto out; 113 114 if (isInputSet) { 115 if (readData(sizeof(revokeData), &revData)) 116 goto out; 117 } else { 118 logError(_("Please specify which file contains the secret to revoke the Ek (use option -i, --infile).\n")); 119 goto out; 120 } 121 122 logDebug("Input file name: %s\n", in_filename); 123 124 if (contextCreate(&hContext) != TSS_SUCCESS) 125 goto out; 126 127 if (contextConnect(hContext) != TSS_SUCCESS) 128 goto out_close; 129 130 if (contextGetTpm(hContext, &hTpm) != TSS_SUCCESS) 131 goto out_close; 132 133 tResult = tpmRevokeEk(hTpm, sizeof(revokeData), revData); 134 if (tResult != TSS_SUCCESS) 135 goto out_close; 136 137 iRc = 0; 138 logSuccess(argv[0]); 139 140 out_close: 141 contextClose(hContext); 142 143 out: 144 return iRc; 145 } 146