Introduction to Using the TSS-dongfs

dongfs_lovedongfs.blog.chinaunix.net

首页　| 　博文目录　| 　关于我

dongfs_love

博客访问： 466168
博文数量： 40
博客积分： 1178
博客等级：少尉
技术积分： 578
用户组：普通用户
注册时间： 2009-04-28 21:27

文章分类

全部博文（40）

字符串类笔试题（1）
Matlab_Vxworks（1）
MATLAB与C++混合（2）
软件面试（3）
MATLAB（2）
QT（0）
A*算法（2）
C/C++（22）

通信类笔试题（1）

C/C++笔试题（2）

COM中数组使用（4）
心情（2）
ubuntu（1）
可信计算（1）
未分配的博文（3）

文章存档

2012年（3）

2011年（29）

2010年（7）

2009年（1）

我的朋友

相关博文

Introduction to Using the TSS

分类： LINUX

2010-01-29 19:55:02

Introduction to Using the TSS

By Ari Singer NTRU Cryptosystems November 7, 2005

1.TPM Keys

Endorsement key for root of TPM trust
Storage root key for top of key hierarchy

Storage keys for key hierarchy and sealing

Identity keys for certifiable signatures

Binding keys for binding

Signing keys for signing arbitrary data

Legacy keys that can both sign and encrypt.

2.Accessing the TPM

There are several APIs and mechanisms for accessing the TPM

These APIs require differing levels of understanding of the TPM

Some mechanisms abstract away more TPM complexity than others

3. Understanding the TSS

The TSS abstracts some of the TPM complexities away

If you learn the TPM basics and the TSS API, you can create secure applications

The main goals of the TSS are:

   – Supply one entry point for applications to the TPM functionality
   – Provide synchronized access to the TPM
   – Hide building command streams with appropriate byte ordering and alignment from the applications
   – Manage TPM resources
   – Release TPM resources when appropriate
   – Manage application use of secrets and keys

4. TCG Device Driver Library (TDDL)

Creates an abstraction layer hiding OS-specific device driver interfaces from the TCS

Single point of compatibility for TSS developers

Allows the TPM vendor to get/set device driver capabilities

5.Code Samples
Now here are some details about how to actually use this stuff . . .

/***** Seal to PCR Code ****/ int main(void) { TSS_HCONTEXT hContext; TSS_HTPM hTPM; TSS_HPOLICY hPolicy; TSS_HKEY hSRK ,hSealKey; TSS_HENCDATA hSealData; TSS_HPCRS hPCRs; BYTE wellKnownSecret[] = TSS_WELL_KNOWN_SECRET; BYTE rawData[64]; UINT32 unsealedDataLength, pcrLength; BYTE *unsealedData, *pcrValue; int i; for (i = 0; i < 64; i++) rawData[i] = (BYTE)i; /* create context and connect to TPM */ Tspi_Context_Create(&hContext); Tspi_Context_Connect(hContext, NULL); /* create empty keys and data object */ Tspi_Context_CreateObject(hContext,

TSS_OBJECT_TYPE_RSAKEY,

TSS_KEY_TSP_SRK,

&hSRK); Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_STORAGE | TSS KEY SIZE 2048 | TSS_KEY_NO_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE, &hSealKey); Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_ENCDATA, TSS_ENCDATA_SEAL,

&hSealData); /* get TPM object */ Tspi_Context_GetTpmObject(hContext, &hTPM); /* set up the default policy - this will apply to all objects */ Tspi_Context_GetDefaultPolicy(hContext, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_SHA1, 20, wellKnownSecret); /* create and load the sealing key */ Tspi_Key_CreateKey(hSealKey, hSRK, 0); Tspi_Key_LoadKey(hSealKey, hSRK); /* seal to PCR values */ /* set the PCR values to the current values in the TPM */ Tspi_TPM_PcrRead(hTPM, 5, &pcrLength, &pcrValue); Tspi_PcrComposite_SetPcrValue(hPCRs, 5, pcrLength,pcrValue); Tspi TPM_PcrRead(hTPM, 7, &pcrLength, &pcrValue); Tspi_PcrComposite_SetPcrValue(hPCRs, 7, pcrLength,pcrValue); /* perform the seal operation */ Tspi_Data_Seal(hSealData,hSealKey, 64, rawData, hPCRs); /* unseal the blob */ unsealedData = NULL; Tspi_Data_Unseal(hSealData, hSealKey, &unsealedDataLength, &unsealedData); /* free memory */ Tspi_Context_FreeMemory(hContext, unsealedData); /* clean up */ Tspi_Key_UnloadKey(hSealKey); Tspi_Context_CloseObject(hContext, hPCRs); Tspi_Context_CloseObject(hContext, hSealKey); Tspi_Context_CloseObject(hContext, hSealData); /* close context */ Tspi_Context_Close(hContext); return 0; }

/*******Sign/verify Code************/ int main(void) { TSS_HCONTEXT hContext; TSS_HHASH hHash; TSS_HKEY hSigningKey, hSRK; TSS HPOLICY hPolicy; TSS_UUID srkUUID = TSS_UUID_SRK; BYTE secret[] = TSS_WELL_KNOWN_SECRET; UINT32 sigLen; BYTE *sig; BYTE hash[] = {0x32, 0xd1, 0x0c, 0x7b, 0x8c, 0xf9, 0x65, 0x70, 0xca, 0x04, 0xce, 0x37, 0xf2, 0xa1, 0x9d, 0x84, 0x24, 0x0d, 0x3a, 0x89}; /* create context and connect */ Tspi_Context_Create(&hContext); Tspi_Context_Connect(hContext, remote-pc); /* create a signing key under the SRK */ Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_USAGE, &hPolicy); Tspi_Policy_SetSecret(hPolicy, TSS_SECRET_MODE_SHA1, 20, secret); Tspi_Context_GetKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, srkUUID, &hSRK); Tspi_Policy_AssignToObject(hPolicy,hSRK); Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, TSS_KEY_TYPE_SIGNING | TSS_KEY_SIZE_2048 | TSS_KEY_AUTHORIZATION | TSS_KEY_NOT_MIGRATABLE, &hSigningKey); Tspi_Policy_AssignToObject(hPolicy, hSigningKey); Tspi_Key_CreateKey(hSigningKey, hSRK, 0); Tspi_Key_LoadKey(hSigningKey, hSRK); /* open valid hash object */ Tspi_Context_CreateObject(hContext,TSS_OBJECT_TYPE_HASH,TSS_HASH_SHA1, &hHash); /* set hash value and get valid signature */ Tspi_Hash_SetHashValue(hHash, sizeof(hash), hash); Tspi_Hash_Sign(hHash, hSigningKey, &sigLen, &sig); /* verify signature */ Tspi_Hash_VerifySignature(hHash, hSigningKey, sigLen, sig); /* free sig memory, close signing key object and context */ Tspi Context FreeMemory(hContext sig); Tspi_Context_CloseObject(hContext, hSigningKey); /* close context */ Tspi_Context_Close(hContext); // we forgot to unload the signing key, but the TSS did it for us // when we closed the context return 0; }

阅读(2539) | 评论(0) | 转发(1) |

上一篇：网络套接字发送结构体及数据处理（原创）

下一篇：Ubuntu Linux系统已开始支持SELinux技术

给主人留下些什么吧！~~

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6