1 /********************************************************************************/
2 /*										*/
3 /*			   Unseal 						*/
4 /*			     Written by Ken Goldman				*/
5 /*		       IBM Thomas J. Watson Research Center			*/
6 /*										*/
7 /* (c) Copyright IBM Corporation 2015 - 2019.					*/
8 /*										*/
9 /* All rights reserved.								*/
10 /* 										*/
11 /* Redistribution and use in source and binary forms, with or without		*/
12 /* modification, are permitted provided that the following conditions are	*/
13 /* met:										*/
14 /* 										*/
15 /* Redistributions of source code must retain the above copyright notice,	*/
16 /* this list of conditions and the following disclaimer.			*/
17 /* 										*/
18 /* Redistributions in binary form must reproduce the above copyright		*/
19 /* notice, this list of conditions and the following disclaimer in the		*/
20 /* documentation and/or other materials provided with the distribution.		*/
21 /* 										*/
22 /* Neither the names of the IBM Corporation nor the names of its		*/
23 /* contributors may be used to endorse or promote products derived from		*/
24 /* this software without specific prior written permission.			*/
25 /* 										*/
26 /* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS		*/
27 /* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT		*/
28 /* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR	*/
29 /* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT		*/
30 /* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,	*/
31 /* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT		*/
32 /* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	*/
33 /* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	*/
34 /* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT		*/
35 /* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	*/
36 /* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.		*/
37 /********************************************************************************/
38 
39 /*
40 
41 */
42 
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <stdint.h>
47 
48 #include <ibmtss/tss.h>
49 #include <ibmtss/tssutils.h>
50 #include <ibmtss/tssresponsecode.h>
51 
52 static void printUsage(void);
53 
54 extern int tssUtilsVerbose;
55 
main(int argc,char * argv[])56 int main(int argc, char *argv[])
57 {
58     TPM_RC			rc = 0;
59     int				i;    /* argc iterator */
60     TSS_CONTEXT			*tssContext = NULL;
61     Unseal_In 			in;
62     Unseal_Out 			out;
63     TPMI_DH_OBJECT		itemHandle = 0;
64     const char			*outDataFilename = NULL;
65     const char			*password = NULL;
66     TPMI_SH_AUTH_SESSION    	sessionHandle0 = TPM_RS_PW;
67     unsigned int		sessionAttributes0 = 0;
68     TPMI_SH_AUTH_SESSION    	sessionHandle1 = TPM_RH_NULL;
69     unsigned int		sessionAttributes1 = 0;
70     TPMI_SH_AUTH_SESSION    	sessionHandle2 = TPM_RH_NULL;
71     unsigned int		sessionAttributes2 = 0;
72 
73     setvbuf(stdout, 0, _IONBF, 0);      /* output may be going through pipe to log file */
74     TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "1");
75     tssUtilsVerbose = FALSE;
76 
77     for (i=1 ; (i<argc) && (rc == 0) ; i++) {
78 	if (strcmp(argv[i],"-ha") == 0) {
79 	    i++;
80 	    if (i < argc) {
81 		sscanf(argv[i],"%x", &itemHandle);
82 	    }
83 	    else {
84 		printf("Missing parameter for -ha\n");
85 		printUsage();
86 	    }
87 	}
88 	else if (strcmp(argv[i],"-pwd") == 0) {
89 	    i++;
90 	    if (i < argc) {
91 		password = argv[i];
92 	    }
93 	    else {
94 		printf("-pwd option needs a value\n");
95 		printUsage();
96 	    }
97 	}
98 	else if (strcmp(argv[i],"-of") == 0) {
99 	    i++;
100 	    if (i < argc) {
101 		outDataFilename = argv[i];
102 	    }
103 	    else {
104 		printf("-of option needs a value\n");
105 		printUsage();
106 	    }
107 	}
108 	else if (strcmp(argv[i],"-se0") == 0) {
109 	    i++;
110 	    if (i < argc) {
111 		sscanf(argv[i],"%x", &sessionHandle0);
112 	    }
113 	    else {
114 		printf("Missing parameter for -se0\n");
115 		printUsage();
116 	    }
117 	    i++;
118 	    if (i < argc) {
119 		sscanf(argv[i],"%x", &sessionAttributes0);
120 		if (sessionAttributes0 > 0xff) {
121 		    printf("Out of range session attributes for -se0\n");
122 		    printUsage();
123 		}
124 	    }
125 	    else {
126 		printf("Missing parameter for -se0\n");
127 		printUsage();
128 	    }
129 	}
130 	else if (strcmp(argv[i],"-se1") == 0) {
131 	    i++;
132 	    if (i < argc) {
133 		sscanf(argv[i],"%x", &sessionHandle1);
134 	    }
135 	    else {
136 		printf("Missing parameter for -se1\n");
137 		printUsage();
138 	    }
139 	    i++;
140 	    if (i < argc) {
141 		sscanf(argv[i],"%x", &sessionAttributes1);
142 		if (sessionAttributes1 > 0xff) {
143 		    printf("Out of range session attributes for -se1\n");
144 		    printUsage();
145 		}
146 	    }
147 	    else {
148 		printf("Missing parameter for -se1\n");
149 		printUsage();
150 	    }
151 	}
152 	else if (strcmp(argv[i],"-se2") == 0) {
153 	    i++;
154 	    if (i < argc) {
155 		sscanf(argv[i],"%x", &sessionHandle2);
156 	    }
157 	    else {
158 		printf("Missing parameter for -se2\n");
159 		printUsage();
160 	    }
161 	    i++;
162 	    if (i < argc) {
163 		sscanf(argv[i],"%x", &sessionAttributes2);
164 		if (sessionAttributes2 > 0xff) {
165 		    printf("Out of range session attributes for -se2\n");
166 		    printUsage();
167 		}
168 	    }
169 	    else {
170 		printf("Missing parameter for -se2\n");
171 		printUsage();
172 	    }
173 	}
174 	else if (strcmp(argv[i],"-h") == 0) {
175 	    printUsage();
176 	}
177 	else if (strcmp(argv[i],"-v") == 0) {
178 	    tssUtilsVerbose = TRUE;
179 	    TSS_SetProperty(NULL, TPM_TRACE_LEVEL, "2");
180 	}
181 	else {
182 	    printf("\n%s is not a valid option\n", argv[i]);
183 	    printUsage();
184 	}
185     }
186     if (itemHandle == 0) {
187 	printf("Missing handle parameter -ha\n");
188 	printUsage();
189     }
190     if (rc == 0) {
191 	in.itemHandle = itemHandle;
192     }
193     /* Start a TSS context */
194     if (rc == 0) {
195 	rc = TSS_Create(&tssContext);
196     }
197     /* call TSS to execute the command */
198     if (rc == 0) {
199 	rc = TSS_Execute(tssContext,
200 			 (RESPONSE_PARAMETERS *)&out,
201 			 (COMMAND_PARAMETERS *)&in,
202 			 NULL,
203 			 TPM_CC_Unseal,
204 			 sessionHandle0, password, sessionAttributes0,
205 			 sessionHandle1, NULL, sessionAttributes1,
206 			 sessionHandle2, NULL, sessionAttributes2,
207 			 TPM_RH_NULL, NULL, 0);
208     }
209     {
210 	TPM_RC rc1 = TSS_Delete(tssContext);
211 	if (rc == 0) {
212 	    rc = rc1;
213 	}
214     }
215     if ((rc == 0) && (outDataFilename != NULL)) {
216 	rc = TSS_File_WriteBinaryFile(out.outData.t.buffer,
217 				      out.outData.t.size,
218 				      outDataFilename);
219     }
220     if (rc == 0) {
221 	if (tssUtilsVerbose) TSS_PrintAll("outData",
222 				  out.outData.t.buffer,
223 				  out.outData.t.size);
224 	if (tssUtilsVerbose) printf("unseal: success\n");
225     }
226     else {
227 	const char *msg;
228 	const char *submsg;
229 	const char *num;
230 	printf("unseal: failed, rc %08x\n", rc);
231 	TSS_ResponseCode_toString(&msg, &submsg, &num, rc);
232 	printf("%s%s%s\n", msg, submsg, num);
233 	rc = EXIT_FAILURE;
234     }
235     return rc;
236 }
237 
printUsage(void)238 static void printUsage(void)
239 {
240     printf("\n");
241     printf("unseal\n");
242     printf("\n");
243     printf("Runs TPM2_Unseal\n");
244     printf("\n");
245     printf("\t-ha\tsealed data item handle\n");
246     printf("\t[-pwd\tpassword sealed data item (default empty)]\n");
247     printf("\t[-of\toutput data (default do not save)]\n");
248     printf("\n");
249     printf("\t-se[0-2] session handle / attributes (default PWAP)\n");
250     printf("\t01\tcontinue\n");
251     printf("\t40\tresponse encrypt\n");
252     exit(1);
253 }
254