Ejemplo n.º 1
0
int blob_pubkey(char *out, unsigned int olen, char *in, unsigned int ilen,
    char *p, unsigned int psize)
{
	unsigned int offset, size;

	if (olen < ilen) {
		printf("\t\tblob_pubkey failed: olen < ilen\n");
		return;
	}
	if (psize == 0) {
		printf("\t\tblob_pubkey failed: psize == 0\n");
		return;
	}
	memcpy(out, in, ilen);

	/* Keep all the keyparms the same, overwrite the public key at end.
	 * Check sizes to make sure we get the right offset.  They are
	 * big-endian. */

	offset = 4 + 2 + 2;
	/* Key parms length */
	size = Decode_UINT32(in + offset);
	offset += 4;
	offset += size;

	/* Key length */
	UINT32ToArray(psize, out + offset);
	offset += 4;
	/* out + offset should now be pointing to the public key */
	memcpy(out + offset, p, psize);
	offset += psize;

	return offset;
}
Ejemplo n.º 2
0
TSS_RESULT
get_max_auths(UINT32 *auths)
{
	TCS_AUTHHANDLE handles[TSS_MAX_AUTHS_CAP];
	TCPA_NONCE nonce;
	UINT32 subCap;
	TSS_RESULT result;
	int i;

	if (TPM_VERSION_IS(1,2)) {
		UINT32ToArray(TPM_CAP_PROP_MAX_AUTHSESS, (BYTE *)(&subCap));
		result = get_cap_uint32(TPM_CAP_PROPERTY, (BYTE *)&subCap, sizeof(subCap), auths);
	} else if (TPM_VERSION_IS(1,1)) {
		/* open auth sessions until we get a failure */
		for (i = 0; i < TSS_MAX_AUTHS_CAP; i++) {
			result = TCSP_OIAP_Internal(InternalContext, &(handles[i]), &nonce);
			if (result != TSS_SUCCESS) {
				/* this is not off by one since we're 0 indexed */
				*auths = i;
				break;
			}
		}

		if (i == TSS_MAX_AUTHS_CAP)
			*auths = TSS_MAX_AUTHS_CAP;

		/* close the auth sessions */
		for (i = 0; (UINT32)i < *auths; i++) {
			internal_TerminateHandle(handles[i]);
		}
	} else {
		result = TCSERR(TSS_E_INTERNAL_ERROR);
		*auths = 0;
	}

	if (*auths < 2) {
		LogError("%s reported only %u auth available!", __FUNCTION__, *auths);
		LogError("Your TPM must be reset before the TCSD can be started.");
	} else {
		LogDebug("get_max_auths reports %u auth contexts found", *auths);
		result = TSS_SUCCESS;
	}

	return result;
}
Ejemplo n.º 3
0
/* This is only called from init paths, so printing an error message is
 * appropriate if something goes wrong */
TSS_RESULT
get_tpm_metrics(struct tpm_properties *p)
{
	TSS_RESULT result;
	UINT32 subCap, rv = 0;

	if ((result = get_current_version(&p->version)))
		goto err;

	UINT32ToArray(TPM_ORD_SaveKeyContext, (BYTE *)&subCap);
	if ((result = get_cap_uint32(TCPA_CAP_ORD, (BYTE *)&subCap, sizeof(UINT32), &rv)))
		goto err;
	p->keyctx_swap = rv ? TRUE : FALSE;

	rv = 0;
	UINT32ToArray(TPM_ORD_SaveAuthContext, (BYTE *)&subCap);
	if ((result = get_cap_uint32(TCPA_CAP_ORD, (BYTE *)&subCap, sizeof(UINT32), &rv)))
		goto err;
	p->authctx_swap = rv ? TRUE : FALSE;

	UINT32ToArray(TPM_CAP_PROP_PCR, (BYTE *)&subCap);
	if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
					&p->num_pcrs)))
		goto err;

	UINT32ToArray(TPM_CAP_PROP_DIR, (BYTE *)&subCap);
	if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
					&p->num_dirs)))
		goto err;

	UINT32ToArray(TPM_CAP_PROP_SLOTS, (BYTE *)&subCap);
	if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
					&p->num_keys)))
		goto err;

	UINT32ToArray(TPM_CAP_PROP_MANUFACTURER, (BYTE *)&subCap);
	if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
					(UINT32 *)&p->manufacturer)))
		goto err;

	result = get_max_auths(&(p->num_auths));

err:
	if (result)
		LogError("TCS GetCapability failed with result = 0x%x", result);

	return result;
}
Ejemplo n.º 4
0
TSS_RESULT
pcrs_calc_composite(TPM_PCR_SELECTION *select, TPM_PCRVALUE *arrayOfPcrs, TPM_DIGEST *digestOut)
{
	UINT32 size, index;
	BYTE mask;
	BYTE hashBlob[1024];
	UINT32 numPCRs = 0;
	UINT64 offset = 0;
	UINT64 sizeOffset = 0;

	if (select->sizeOfSelect > 0) {
		sizeOffset = 0;
		Trspi_LoadBlob_PCR_SELECTION(&sizeOffset, hashBlob, select);
		offset = sizeOffset + 4;

		for (size = 0; size < select->sizeOfSelect; size++) {
			for (index = 0, mask = 1; index < 8; index++, mask = mask << 1) {
				if (select->pcrSelect[size] & mask) {
					memcpy(&hashBlob[(numPCRs * TPM_SHA1_160_HASH_LEN) + offset],
					       arrayOfPcrs[index + (size << 3)].digest,
					       TPM_SHA1_160_HASH_LEN);
					numPCRs++;
				}
			}
		}

		if (numPCRs > 0) {
			offset += (numPCRs * TPM_SHA1_160_HASH_LEN);
			UINT32ToArray(numPCRs * TPM_SHA1_160_HASH_LEN, &hashBlob[sizeOffset]);

			return Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digestOut->digest);
		}
	}

	return TSPERR(TSS_E_INTERNAL_ERROR);
}
Ejemplo n.º 5
0
TSS_RESULT LIBTPMCALL TCS_Seal(
                           UINT32         locality, 
                           TPM_KEY_HANDLE hParent,
                           TPM_AUTHDATA * parentAuth,
                           TPM_ENCAUTH *  encDataAuth,
                           UINT32         pcrInfoSize,
		                     BYTE *         pcrInfo,
                           UINT32         dataSize,
                           BYTE *         data,
                           TPM_AUTH *     auth,
                           UINT32 *       sealedDataSize,
                           BYTE **        sealedData) {
   UINT64 			 	offset = 0;
	TSS_RESULT 	 		result;
	UINT32 		 		paramSize;
	BYTE 		 			txBlob[TSS_TPM_TXBLOB_SIZE];
	TPM_COMMAND_CODE 	ordinal = TPM_ORD_Seal;
	BYTE 		 			bigendian_ordinal[sizeof(ordinal)];
	BYTE 		 			bigendian_pcrInfoSize[sizeof(pcrInfoSize)];
	BYTE 		 			bigendian_dataSize[sizeof(dataSize)];
	TPM_NONCE 	 		h1;
	TPM_NONCE 	 		h1Check;
	struct USHAContext ctx_sha1;
	
	if(LIBTPM_IsInit() == false) {
      LOGERROR("libtpm not initialized");
      return TCSERR(TSS_E_INTERNAL_ERROR);
   }

	LOGDEBUG("Entering TCS_Seal");

   // Generate H1
	USHAReset(&ctx_sha1, SHA1);
	UINT32ToArray(ordinal, bigendian_ordinal);
	UINT32ToArray(pcrInfoSize, bigendian_pcrInfoSize);
	UINT32ToArray(dataSize, bigendian_dataSize);
	USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal));
	USHAInput(&ctx_sha1, encDataAuth->authdata, sizeof(encDataAuth->authdata));
	USHAInput(&ctx_sha1, bigendian_pcrInfoSize, sizeof(bigendian_pcrInfoSize));
	USHAInput(&ctx_sha1, pcrInfo, pcrInfoSize);
	USHAInput(&ctx_sha1, bigendian_dataSize, sizeof(bigendian_dataSize));
	USHAInput(&ctx_sha1, data, dataSize);
	USHAResult(&ctx_sha1, (uint8_t *) &h1);
	memset(&ctx_sha1, 0, sizeof(ctx_sha1));
	
	// Compute AUTH
	result = tcs_compute_auth(locality, auth, &h1, parentAuth);
	if(result) {
		return result;
	}
	
	// Communication with TPM
	result = tpm_rqu_build(TPM_ORD_Seal, &offset, txBlob, hParent, encDataAuth->authdata, pcrInfoSize, pcrInfo, dataSize, data, auth);
	if(result) {
		LOGDEBUG("tpm_rqu_build returns %x", result);
		return result;
	}
				    
	UnloadBlob_Header(txBlob, &paramSize);
	result = tpm_io(locality, txBlob, paramSize, txBlob, sizeof(txBlob));
	if(result) {
	   result = TDDLERR(result);
		LOGERROR("tpm_io returns %x", result);
		return result;
	}
	
	result = UnloadBlob_Header(txBlob, &paramSize);
	if (! result) {
		result = tpm_rsp_parse(TPM_ORD_Seal, txBlob, paramSize, sealedDataSize, sealedData, auth);
	}
	
	if(! result) {
		// Check auth value
		USHAReset(&ctx_sha1, SHA1);
		USHAInput(&ctx_sha1, (uint8_t *) &result, sizeof(TPM_RESULT));
		USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal));
		USHAInput(&ctx_sha1, *sealedData, *sealedDataSize);
		USHAResult(&ctx_sha1, (uint8_t *) &h1Check);
		memset(&ctx_sha1, 0, sizeof(ctx_sha1));
		
		result = tcs_check_auth(auth, &h1Check, parentAuth);
		if(result) {
		   free(*sealedData);
		   *sealedData = 0;
		}
	}

	LOGDEBUG("Exiting TCS_Seal : %x", result);

	return result;
}