1 2 /* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2007 8 * 9 */ 10 11 12 #include <stdlib.h> 13 #include <stdio.h> 14 #include <string.h> 15 16 #include "trousers/tss.h" 17 #include "trousers/trousers.h" 18 #include "trousers_types.h" 19 #include "spi_utils.h" 20 #include "obj.h" 21 #include "tsplog.h" 22 #include "authsess.h" 23 24 25 #ifdef TSS_BUILD_SEALX 26 TSS_RESULT 27 sealx_mask_cb(PVOID lpAppData, 28 TSS_HKEY hEncKey, 29 TSS_HENCDATA hEncData, 30 TSS_ALGORITHM_ID algId, 31 UINT32 ulSizeNonces, 32 BYTE *rgbNonceEven, 33 BYTE *rgbNonceOdd, 34 BYTE *rgbNonceEvenOSAP, 35 BYTE *rgbNonceOddOSAP, 36 UINT32 ulDataLength, 37 BYTE *rgbDataToMask, 38 BYTE *rgbMaskedData) 39 { 40 UINT32 mgf1SeedLen, sharedSecretLen = sizeof(TPM_DIGEST); 41 BYTE *mgf1Seed, *mgf1Buffer; 42 UINT32 i; 43 TSS_RESULT result; 44 struct authsess *sess = (struct authsess *)lpAppData; 45 46 mgf1SeedLen = (ulSizeNonces * 2) + strlen("XOR") + sharedSecretLen; 47 if ((mgf1Seed = (BYTE *)calloc(1, mgf1SeedLen)) == NULL) { 48 LogError("malloc of %u bytes failed.", mgf1SeedLen); 49 return TSPERR(TSS_E_OUTOFMEMORY); 50 } 51 mgf1Buffer = mgf1Seed; 52 memcpy(mgf1Buffer, rgbNonceEven, ulSizeNonces); 53 mgf1Buffer += ulSizeNonces; 54 memcpy(mgf1Buffer, rgbNonceOdd, ulSizeNonces); 55 mgf1Buffer += ulSizeNonces; 56 memcpy(mgf1Buffer, "XOR", strlen("XOR")); 57 mgf1Buffer += strlen("XOR"); 58 memcpy(mgf1Buffer, sess->sharedSecret.digest, sharedSecretLen); 59 60 if ((result = Trspi_MGF1(TSS_HASH_SHA1, mgf1SeedLen, mgf1Seed, ulDataLength, 61 rgbMaskedData))) 62 goto done; 63 64 for (i = 0; i < ulDataLength; i++) 65 rgbMaskedData[i] ^= rgbDataToMask[i]; 66 67 done: 68 free(mgf1Seed); 69 70 return result; 71 } 72 #endif 73 74 #ifdef TSS_BUILD_TRANSPORT 75 TSS_RESULT 76 Transport_Seal(TSS_HCONTEXT tspContext, /* in */ 77 TCS_KEY_HANDLE keyHandle, /* in */ 78 TCPA_ENCAUTH *encAuth, /* in */ 79 UINT32 pcrInfoSize, /* in */ 80 BYTE * PcrInfo, /* in */ 81 UINT32 inDataSize, /* in */ 82 BYTE * inData, /* in */ 83 TPM_AUTH * pubAuth, /* in, out */ 84 UINT32 * SealedDataSize, /* out */ 85 BYTE ** SealedData) /* out */ 86 { 87 TSS_RESULT result; 88 UINT32 handlesLen, decLen, dataLen; 89 TCS_HANDLE *handles, handle; 90 TPM_DIGEST pubKeyHash; 91 Trspi_HashCtx hashCtx; 92 UINT64 offset; 93 BYTE *data, *dec; 94 95 96 if ((result = obj_context_transport_init(tspContext))) 97 return result; 98 99 LogDebugFn("Executing in a transport session"); 100 101 if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) 102 return result; 103 104 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 105 result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); 106 if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) 107 return result; 108 109 handlesLen = 1; 110 handle = keyHandle; 111 handles = &handle; 112 113 dataLen = (2 * sizeof(UINT32)) + sizeof(TPM_ENCAUTH) + pcrInfoSize + inDataSize; 114 if ((data = malloc(dataLen)) == NULL) { 115 LogError("malloc of %u bytes failed", dataLen); 116 return TSPERR(TSS_E_OUTOFMEMORY); 117 } 118 119 offset = 0; 120 Trspi_LoadBlob_DIGEST(&offset, data, (TPM_DIGEST *)encAuth); 121 Trspi_LoadBlob_UINT32(&offset, pcrInfoSize, data); 122 Trspi_LoadBlob(&offset, pcrInfoSize, data, PcrInfo); 123 Trspi_LoadBlob_UINT32(&offset, inDataSize, data); 124 Trspi_LoadBlob(&offset, inDataSize, data, inData); 125 126 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Seal, dataLen, data, 127 &pubKeyHash, &handlesLen, &handles, pubAuth, 128 NULL, &decLen, &dec))) 129 return result; 130 131 *SealedDataSize = decLen; 132 *SealedData = dec; 133 134 return result; 135 } 136 137 TSS_RESULT 138 Transport_Sealx(TSS_HCONTEXT tspContext, /* in */ 139 TCS_KEY_HANDLE keyHandle, /* in */ 140 TCPA_ENCAUTH *encAuth, /* in */ 141 UINT32 pcrInfoSize, /* in */ 142 BYTE * PcrInfo, /* in */ 143 UINT32 inDataSize, /* in */ 144 BYTE * inData, /* in */ 145 TPM_AUTH * pubAuth, /* in, out */ 146 UINT32 * SealedDataSize, /* out */ 147 BYTE ** SealedData) /* out */ 148 { 149 TSS_RESULT result; 150 UINT32 handlesLen, decLen, dataLen; 151 TCS_HANDLE *handles, handle; 152 TPM_DIGEST pubKeyHash; 153 Trspi_HashCtx hashCtx; 154 UINT64 offset; 155 BYTE *data, *dec; 156 157 158 if ((result = obj_context_transport_init(tspContext))) 159 return result; 160 161 LogDebugFn("Executing in a transport session"); 162 163 if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest))) 164 return result; 165 166 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 167 result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); 168 if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) 169 return result; 170 171 handlesLen = 1; 172 handle = keyHandle; 173 handles = &handle; 174 175 dataLen = (2 * sizeof(UINT32)) + sizeof(TPM_ENCAUTH) + pcrInfoSize + inDataSize; 176 if ((data = malloc(dataLen)) == NULL) { 177 LogError("malloc of %u bytes failed", dataLen); 178 return TSPERR(TSS_E_OUTOFMEMORY); 179 } 180 181 offset = 0; 182 Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encAuth->authdata); 183 Trspi_LoadBlob_UINT32(&offset, pcrInfoSize, data); 184 Trspi_LoadBlob(&offset, pcrInfoSize, data, PcrInfo); 185 Trspi_LoadBlob_UINT32(&offset, inDataSize, data); 186 Trspi_LoadBlob(&offset, inDataSize, data, inData); 187 188 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Sealx, dataLen, data, 189 &pubKeyHash, &handlesLen, &handles, pubAuth, 190 NULL, &decLen, &dec))) 191 return result; 192 193 *SealedDataSize = decLen; 194 *SealedData = dec; 195 196 return result; 197 } 198 199 TSS_RESULT 200 Transport_Unseal(TSS_HCONTEXT tspContext, /* in */ 201 TCS_KEY_HANDLE parentHandle, /* in */ 202 UINT32 SealedDataSize, /* in */ 203 BYTE * SealedData, /* in */ 204 TPM_AUTH * parentAuth, /* in, out */ 205 TPM_AUTH * dataAuth, /* in, out */ 206 UINT32 * DataSize, /* out */ 207 BYTE ** Data) /* out */ 208 { 209 UINT64 offset; 210 TSS_RESULT result; 211 UINT32 handlesLen, decLen; 212 TCS_HANDLE *handles, handle; 213 TPM_DIGEST pubKeyHash; 214 Trspi_HashCtx hashCtx; 215 BYTE *dec; 216 217 218 if ((result = obj_context_transport_init(tspContext))) 219 return result; 220 221 LogDebugFn("Executing in a transport session"); 222 223 if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest))) 224 return result; 225 226 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 227 result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); 228 if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) 229 return result; 230 231 handlesLen = 1; 232 handle = parentHandle; 233 handles = &handle; 234 235 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Unseal, SealedDataSize, 236 SealedData, &pubKeyHash, &handlesLen, &handles, 237 parentAuth, dataAuth, &decLen, &dec))) 238 return result; 239 240 offset = 0; 241 Trspi_UnloadBlob_UINT32(&offset, DataSize, dec); 242 243 if ((*Data = malloc(*DataSize)) == NULL) { 244 free(dec); 245 LogError("malloc of %u bytes failed", *DataSize); 246 return TSPERR(TSS_E_OUTOFMEMORY); 247 } 248 Trspi_UnloadBlob(&offset, *DataSize, dec, *Data); 249 250 free(dec); 251 252 return result; 253 } 254 #endif 255
Indexes created Sat Jun 27 00:24:51 UTC 2026