xref: /illumos-gate/usr/src/cmd/cmd-crypto/tpmadm/main.c (revision 6f2b04a2)

/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */

/*
 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 * Copyright 2018 OmniOS Community Edition (OmniOSce) Association.
 */


#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <strings.h>
#include <libintl.h>
#include <locale.h>

#include <tss/tspi.h>
#include <trousers/trousers.h>
#include "tpmadm.h"

extern cmdtable_t commands[];

static void
print_usage(char *progname, cmdtable_t cmds[])
{
	cmdtable_t *p;

	(void) fprintf(stderr,
	    gettext("usage: %s command args ...\n"), progname);
	(void) fprintf(stderr,
	    gettext("where 'command' is one of the following:\n"));
	for (p = &cmds[0]; p->name != NULL; p++) {
		(void) fprintf(stderr, "\t%s %s\n", p->name, p->args);
	}
}

int
main(int argc, char *argv[])
{
	char *progname;
	cmdtable_t *p;
	cmdfunc_t fptr = NULL;
	int ret;
	TSS_HCONTEXT hContext;
	TSS_HOBJECT hTPM;

	/* Set up for i18n/l10n. */
#if !defined(TEXT_DOMAIN)		/* Should be defined by cc -D. */
#define	TEXT_DOMAIN	"SYS_TEST"	/* Use this only if it isn't. */
#endif
	(void) setlocale(LC_ALL, "");
	(void) textdomain(TEXT_DOMAIN);

	progname = argv[0];
	argc--;
	argv++;

	if (argc <= 0) {
		print_usage(progname, commands);
		return (ERR_USAGE);
	}

	for (p = &commands[0]; p->name != NULL; p++) {
		if (0 == strcmp(p->name, argv[0])) {
			fptr = p->func;
			break;
		}
	}
	if (fptr == NULL) {
		print_usage(progname, commands);
		return (ERR_USAGE);
	}

	if (tpm_preamble(&hContext, &hTPM))
		return (ERR_FAIL);
	ret = fptr(hContext, hTPM, argc, argv);
	(void) tpm_postamble(hContext);

	return (ret);
}


/*
 * Utility functions
 */

void
print_bytes(BYTE *bytes, size_t len, int formatted)
{
	int i;
	for (i = 0; i < len; i++) {
		(void) printf("%02X ", bytes[i]);
		if (formatted && i % 16 == 7)
			(void) printf("  ");
		if (formatted && i % 16 == 15)
			(void) printf("\n");
	}
	(void) printf("\n");
}


/*
 * TSS convenience functions
 */

void
print_error(TSS_RESULT ret, char *msg)
{
	char *err_string;

	/* Print the standard error string and error code. */
	err_string = Trspi_Error_String(ret);
	(void) fprintf(stderr, "%s: %s (0x%0x)\n", msg, err_string, ret);

	/* For a few special cases, add a more verbose error message. */
	switch (ret) {
	case TPM_E_DEACTIVATED:
	case TPM_E_DISABLED:
		(void) fprintf(stderr,
		    gettext("Enable the TPM and reboot.\n"));
		break;
	case TSP_ERROR(TSS_E_COMM_FAILURE):
		(void) fprintf(stderr,
		    gettext("Make sure the tcsd service "
		    "(svc:/application/security/tcsd) is running.\n"));
		break;
	}
}

int
get_tpm_capability(TSS_HCONTEXT hContext, TSS_HOBJECT hTPM, UINT32 cap,
    UINT32 subcap, void *buf, size_t bufsize)
{
	TSS_RESULT ret;
	UINT32 datalen;
	BYTE *data;

	ret = Tspi_TPM_GetCapability(hTPM, cap, sizeof (subcap),
	    (BYTE *)&subcap, &datalen, &data);
	if (ret) {
		print_error(ret, gettext("Get TPM capability"));
		return (ERR_FAIL);
	}

	if (datalen > bufsize) {
		(void) fprintf(stderr,
		    gettext("Capability 0x%x returned %u bytes "
		    "(expected %u)\n"), cap, datalen, bufsize);
		return (ERR_FAIL);
	}
	bcopy(data, buf, datalen);

	ret = Tspi_Context_FreeMemory(hContext, data);
	if (ret) {
		print_error(ret, gettext("Free capability buffer"));
		return (ERR_FAIL);
	}

	return (0);
}

int
set_policy_options(TSS_HPOLICY hPolicy, TSS_FLAG mode, char *prompt,
    UINT32 secret_len, BYTE *secret)
{
	TSS_RESULT ret;
	BYTE *unicode_prompt;
	UINT32 len;

	ret = Tspi_Policy_SetSecret(hPolicy, mode, secret_len, secret);
	if (ret) {
		print_error(ret, gettext("Set policy secret"));
		return (ERR_FAIL);
	}
	if (prompt != NULL) {
		unicode_prompt = Trspi_Native_To_UNICODE((BYTE *)prompt, &len);
		ret = Tspi_SetAttribData(hPolicy,
		    TSS_TSPATTRIB_POLICY_POPUPSTRING,
		    0, len, unicode_prompt);
		if (ret) {
			print_error(ret, gettext("Set policy prompt"));
			return (ERR_FAIL);
		}
	}

	return (0);
}

int
set_object_policy(TSS_HOBJECT handle, TSS_FLAG mode, char *prompt,
    UINT32 secret_len, BYTE *secret)
{
	TSS_HPOLICY hPolicy;
	TSS_RESULT ret;

	ret = Tspi_GetPolicyObject(handle, TSS_POLICY_USAGE, &hPolicy);
	if (ret) {
		print_error(ret, gettext("Get object policy"));
		return (ERR_FAIL);
	}

	return (set_policy_options(hPolicy, mode, prompt, secret_len, secret));
}

int
tpm_preamble(TSS_HCONTEXT *hContext, TSS_HOBJECT *hTPM)
{
	TSS_RESULT ret;

	ret = Tspi_Context_Create(hContext);
	if (ret) {
		print_error(ret, gettext("Create context"));
		return (ERR_FAIL);
	}

	ret = Tspi_Context_Connect(*hContext, NULL);
	if (ret) {
		print_error(ret, gettext("Connect context"));
		(void) Tspi_Context_Close(*hContext);
		return (ERR_FAIL);
	}

	ret = Tspi_Context_GetTpmObject(*hContext, hTPM);
	if (ret) {
		print_error(ret, gettext("Get TPM object"));
		(void) Tspi_Context_Close(*hContext);
		return (ERR_FAIL);
	}
	return (0);
}

int
tpm_postamble(TSS_HCONTEXT hContext)
{
	TSS_RESULT ret;

	ret = Tspi_Context_Close(hContext);
	if (ret) {
		print_error(ret, gettext("Close context"));
		return (ERR_FAIL);
	}
	return (0);
}