Home | History | Annotate | Line # | Download | only in tcs 
      1 
      2 /*
      3  * Licensed Materials - Property of IBM
      4  *
      5  * trousers - An open source TCG Software Stack
      6  *
      7  * (C) Copyright International Business Machines Corp. 2007
      8  *
      9  */
     10 
     11 
     12 #include <stdlib.h>
     13 #include <stdio.h>
     14 #include <string.h>
     15 
     16 #include "trousers/tss.h"
     17 #include "trousers_types.h"
     18 #include "tcs_utils.h"
     19 #include "tcslog.h"
     20 #include "req_mgr.h"
     21 
     22 TSS_RESULT
     23 TCSP_CMK_SetRestrictions_Internal(TCS_CONTEXT_HANDLE	hContext,	/* in */
     24 				  TSS_CMK_DELEGATE	Restriction,	/* in */
     25 				  TPM_AUTH*		ownerAuth)	/* in */
     26 {
     27 	TSS_RESULT result;
     28 	UINT64 offset = 0;
     29 	UINT32 paramSize;
     30 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
     31 
     32 	LogDebugFn("Enter");
     33 
     34 	if ((result = ctx_verify_context(hContext)))
     35 		return result;
     36 
     37 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
     38 		return result;
     39 
     40 	if ((result = tpm_rqu_build(TPM_ORD_CMK_SetRestrictions, &offset, txBlob,
     41 				    Restriction, ownerAuth)))
     42 		goto done;
     43 
     44 	if ((result = req_mgr_submit_req(txBlob)))
     45 		goto done;
     46 
     47 	result = UnloadBlob_Header(txBlob, &paramSize);
     48 	if (!result) {
     49 		result = tpm_rsp_parse(TPM_ORD_CMK_SetRestrictions, txBlob, paramSize,
     50 				       ownerAuth);
     51 	}
     52 
     53 	LogResult("CMK_SetRestrictions", result);
     54 
     55 done:
     56 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
     57 
     58 	return result;
     59 }
     60 
     61 TSS_RESULT
     62 TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
     63 			    TPM_DIGEST		migAuthorityDigest,	/* in */
     64 			    TPM_AUTH*		ownerAuth,		/* in, out */
     65 			    TPM_HMAC*		HmacMigAuthDigest)	/* out */
     66 {
     67 	TSS_RESULT result;
     68 	UINT64 offset = 0;
     69 	UINT32 paramSize;
     70 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
     71 
     72 	LogDebugFn("Enter");
     73 
     74 	if ((result = ctx_verify_context(hContext)))
     75 		return result;
     76 
     77 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
     78 		return result;
     79 
     80 	if ((result = tpm_rqu_build(TPM_ORD_CMK_ApproveMA, &offset, txBlob,
     81 				    &migAuthorityDigest, ownerAuth)))
     82 		goto done;
     83 
     84 	if ((result = req_mgr_submit_req(txBlob)))
     85 		goto done;
     86 
     87 	result = UnloadBlob_Header(txBlob, &paramSize);
     88 	if (!result) {
     89 		result = tpm_rsp_parse(TPM_ORD_CMK_ApproveMA, txBlob, paramSize,
     90 				       HmacMigAuthDigest, ownerAuth);
     91 	}
     92 
     93 	LogResult("CMK_SetRestrictions", result);
     94 
     95 done:
     96 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
     97 
     98 	return result;
     99 }
    100 
    101 TSS_RESULT
    102 TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
    103 			    TCS_KEY_HANDLE	hWrappingKey,		/* in */
    104 			    TPM_ENCAUTH		KeyUsageAuth,		/* in */
    105 			    TPM_HMAC		MigAuthApproval,	/* in */
    106 			    TPM_DIGEST		MigAuthorityDigest,	/* in */
    107 			    UINT32*		keyDataSize,		/* in, out */
    108 			    BYTE**		prgbKeyData,		/* in, out */
    109 			    TPM_AUTH*		pAuth)			/* in, out */
    110 {
    111 	TSS_RESULT result;
    112 	UINT64 offset = 0;
    113 	UINT32 paramSize;
    114 	UINT32 parentSlot;
    115 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
    116 
    117 	LogDebugFn("Enter");
    118 
    119 	if ((result = ctx_verify_context(hContext))) {
    120 		free(*prgbKeyData);
    121 		return result;
    122 	}
    123 
    124 	if ((result = get_slot(hContext, hWrappingKey, &parentSlot))) {
    125 		free(*prgbKeyData);
    126 		return result;
    127 	}
    128 
    129 	if (pAuth) {
    130 		if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) {
    131 			free(*prgbKeyData);
    132 			return result;
    133 		}
    134 	}
    135 
    136 	if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateKey, &offset, txBlob,
    137 				    parentSlot, &KeyUsageAuth, *keyDataSize, *prgbKeyData,
    138 				    &MigAuthApproval, &MigAuthorityDigest, pAuth))) {
    139 		free(*prgbKeyData);
    140 		goto done;
    141 	}
    142 	free(*prgbKeyData);
    143 
    144 	if ((result = req_mgr_submit_req(txBlob)))
    145 		goto done;
    146 
    147 	result = UnloadBlob_Header(txBlob, &paramSize);
    148 	if (!result) {
    149 		result = tpm_rsp_parse(TPM_ORD_CMK_CreateKey, txBlob, paramSize,
    150 				       keyDataSize, prgbKeyData, pAuth);
    151 	}
    152 
    153 	LogResult("CMK_SetRestrictions", result);
    154 
    155 done:
    156 	auth_mgr_release_auth(pAuth, NULL, hContext);
    157 
    158 	return result;
    159 }
    160 
    161 TSS_RESULT
    162 TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
    163 			       UINT32			PublicVerifyKeySize,	/* in */
    164 			       BYTE*			PublicVerifyKey,	/* in */
    165 			       TPM_DIGEST		SignedData,		/* in */
    166 			       UINT32			SigValueSize,		/* in */
    167 			       BYTE*			SigValue,		/* in */
    168 			       TPM_AUTH*		pOwnerAuth,		/* in, out */
    169 			       TPM_HMAC*		SigTicket)		/* out */
    170 {
    171 	TSS_RESULT result;
    172 	UINT64 offset = 0;
    173 	UINT32 paramSize;
    174 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
    175 
    176 	LogDebugFn("Enter");
    177 
    178 	if ((result = ctx_verify_context(hContext)))
    179 		return result;
    180 
    181 	if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
    182 		return result;
    183 
    184 	if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateTicket, &offset, txBlob,
    185 				    PublicVerifyKeySize, PublicVerifyKey, &SignedData,
    186 				    SigValueSize, SigValue, pOwnerAuth)))
    187 		goto done;
    188 
    189 	if ((result = req_mgr_submit_req(txBlob)))
    190 		goto done;
    191 
    192 	result = UnloadBlob_Header(txBlob, &paramSize);
    193 	if (!result) {
    194 		result = tpm_rsp_parse(TPM_ORD_CMK_CreateTicket, txBlob, paramSize,
    195 				       SigTicket, pOwnerAuth);
    196 	}
    197 
    198 	LogResult("CMK_SetRestrictions", result);
    199 
    200 done:
    201 	auth_mgr_release_auth(pOwnerAuth, NULL, hContext);
    202 
    203 	return result;
    204 }
    205 
    206 TSS_RESULT
    207 TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
    208 			     TCS_KEY_HANDLE	parentHandle,		/* in */
    209 			     TSS_MIGRATE_SCHEME	migrationType,		/* in */
    210 			     UINT32		MigrationKeyAuthSize,	/* in */
    211 			     BYTE*		MigrationKeyAuth,	/* in */
    212 			     TPM_DIGEST		PubSourceKeyDigest,	/* in */
    213 			     UINT32		msaListSize,		/* in */
    214 			     BYTE*		msaList,		/* in */
    215 			     UINT32		restrictTicketSize,	/* in */
    216 			     BYTE*		restrictTicket,		/* in */
    217 			     UINT32		sigTicketSize,		/* in */
    218 			     BYTE*		sigTicket,		/* in */
    219 			     UINT32		encDataSize,		/* in */
    220 			     BYTE*		encData,		/* in */
    221 			     TPM_AUTH*		parentAuth,		/* in, out */
    222 			     UINT32*		randomSize,		/* out */
    223 			     BYTE**		random,			/* out */
    224 			     UINT32*		outDataSize,		/* out */
    225 			     BYTE**		outData)		/* out */
    226 {
    227 	TSS_RESULT result;
    228 	UINT64 offset = 0;
    229 	UINT32 paramSize;
    230 	UINT32 parentSlot;
    231 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
    232 
    233 	LogDebugFn("Enter");
    234 
    235 	if ((result = ctx_verify_context(hContext)))
    236 		return result;
    237 
    238 	if ((result = get_slot(hContext, parentHandle, &parentSlot)))
    239 		return result;
    240 
    241 	if (parentAuth) {
    242 		if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
    243 			return result;
    244 	}
    245 
    246 	if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateBlob, &offset, txBlob,
    247 				    parentSlot, migrationType, MigrationKeyAuthSize,
    248 				    MigrationKeyAuth, &PubSourceKeyDigest, msaListSize, msaList,
    249 				    restrictTicketSize, restrictTicket, sigTicketSize, sigTicket,
    250 				    encDataSize, encData, parentAuth)))
    251 		goto done;
    252 
    253 	if ((result = req_mgr_submit_req(txBlob)))
    254 		goto done;
    255 
    256 	result = UnloadBlob_Header(txBlob, &paramSize);
    257 	if (!result) {
    258 		result = tpm_rsp_parse(TPM_ORD_CMK_CreateBlob, txBlob, paramSize,
    259 				       randomSize, random, outDataSize, outData, parentAuth, NULL);
    260 	}
    261 
    262 	LogResult("CMK_SetRestrictions", result);
    263 
    264 done:
    265 	auth_mgr_release_auth(parentAuth, NULL, hContext);
    266 
    267 	return result;
    268 }
    269 
    270 TSS_RESULT
    271 TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE	hContext,	/* in */
    272 				   TCS_KEY_HANDLE	parentHandle,	/* in */
    273 				   TPM_CMK_AUTH		restrictTicket,	/* in */
    274 				   TPM_HMAC		sigTicket,	/* in */
    275 				   UINT32		keyDataSize,	/* in */
    276 				   BYTE*		prgbKeyData,	/* in */
    277 				   UINT32		msaListSize,	/* in */
    278 				   BYTE*		msaList,	/* in */
    279 				   UINT32		randomSize,	/* in */
    280 				   BYTE*		random,		/* in */
    281 				   TPM_AUTH*		parentAuth,	/* in, out */
    282 				   UINT32*		outDataSize,	/* out */
    283 				   BYTE**		outData)	/* out */
    284 {
    285 	TSS_RESULT result;
    286 	UINT64 offset = 0;
    287 	UINT32 paramSize;
    288 	UINT32 parentSlot;
    289 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
    290 
    291 	LogDebugFn("Enter");
    292 
    293 	if ((result = ctx_verify_context(hContext)))
    294 		return result;
    295 
    296 	if ((result = get_slot(hContext, parentHandle, &parentSlot)))
    297 		return result;
    298 
    299 	if (parentAuth) {
    300 		if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
    301 			return result;
    302 	}
    303 
    304 	if ((result = tpm_rqu_build(TPM_ORD_CMK_ConvertMigration, &offset, txBlob,
    305 				    parentSlot, &restrictTicket, &sigTicket,
    306 				    keyDataSize, prgbKeyData, msaListSize, msaList,
    307 				    randomSize, random, parentAuth)))
    308 		goto done;
    309 
    310 	if ((result = req_mgr_submit_req(txBlob)))
    311 		goto done;
    312 
    313 	result = UnloadBlob_Header(txBlob, &paramSize);
    314 	if (!result) {
    315 		result = tpm_rsp_parse(TPM_ORD_CMK_ConvertMigration, txBlob, paramSize,
    316 				       outDataSize, outData, parentAuth, NULL);
    317 	}
    318 
    319 	LogResult("CMK_SetRestrictions", result);
    320 
    321 done:
    322 	auth_mgr_release_auth(parentAuth, NULL, hContext);
    323 
    324 	return result;
    325 }
    326 
    327