Ejemplo n.º 1
0
TSS_RESULT LIBTPMCALL TCS_Unseal(UINT32 locality, TPM_KEY_HANDLE hParent, TPM_AUTHDATA * parentSecret, BYTE * sealedData, UINT32 sealedDataSize, TPM_AUTHDATA * dataSecret, TPM_AUTH * parentAuth, TPM_AUTH * dataAuth, BYTE ** data, UINT32 * dataSize) {
	UINT64 			 	offset = 0;
	TSS_RESULT 	 		result;
	UINT32 		 		paramSize;
	BYTE 		 			txBlob[TSS_TPM_TXBLOB_SIZE];
	TPM_COMMAND_CODE 	ordinal = TPM_ORD_Unseal;
	BYTE 		 			bigendian_ordinal[sizeof(ordinal)];
	BYTE 		 			bigendian_outDataSize[sizeof(*dataSize)];
	TPM_NONCE 	 		h1;
	TPM_NONCE 	 		h1Check;	
	struct USHAContext ctx_sha1;

   if(LIBTPM_IsInit() == false) {
      LOGERROR("libtpm not initialized");
      return TCSERR(TSS_E_INTERNAL_ERROR);
   }
   		
	LOGDEBUG("Entering TCS_Unseal");
	
	// Generate H1
	USHAReset(&ctx_sha1, SHA1);
	UINT32ToArray(ordinal, bigendian_ordinal);
	USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal));
	USHAInput(&ctx_sha1, sealedData, sealedDataSize);
	USHAResult(&ctx_sha1, (uint8_t *) &h1);
	memset(&ctx_sha1, 0, sizeof(ctx_sha1));

	// Compute Auth (OSAP & OIAP)
	result = tcs_compute_auth(locality, parentAuth, &h1, parentSecret);
	if(result) {
		return result;
	}
	result = tcs_compute_auth(locality, dataAuth, &h1, dataSecret);
	if(result) {
		return result;
	}
	
	// Communication with TPM
	result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, hParent, sealedDataSize, sealedData, parentAuth, dataAuth);
	if(result) {
		LOGDEBUG("tpm_rqu_build returns %x", result);
		return result;
	}
	
	UnloadBlob_Header(txBlob, &paramSize);
	result = tpm_io(locality, txBlob, paramSize, txBlob, sizeof(txBlob));
	if(result) {
	   result = TDDLERR(result);
		LOGERROR("tpm_io returns %x", result);
		return result;
	}

	result = UnloadBlob_Header(txBlob, &paramSize);
	if(! result) {
		result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, dataSize, data, parentAuth, dataAuth);
	}
	
	if(!result) {
		//Check auth values
		UINT32ToArray(*dataSize, bigendian_outDataSize);
		USHAReset(&ctx_sha1, SHA1);
		USHAInput(&ctx_sha1, (uint8_t *) &result, sizeof(TPM_RESULT));
		USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal));
		USHAInput(&ctx_sha1, bigendian_outDataSize, sizeof(bigendian_outDataSize));
		USHAInput(&ctx_sha1, *data, (int) *dataSize);
		USHAResult(&ctx_sha1, (uint8_t *) &h1Check);
		memset(&ctx_sha1, 0, sizeof(ctx_sha1));

		result = tcs_check_auth(parentAuth, &h1Check, parentSecret);		
		if(! result) {
			result = tcs_check_auth(dataAuth, &h1Check, dataSecret);
			if(result) {
		      free(*data);
		      *data = 0;
		   }
		} else {
		   free(*data);
		   *data = 0;
		}
	}
	
	LOGDEBUG("Exiting TCS_Unseal : %x", result);

	return result;
}
Ejemplo n.º 2
0
/*
*  hmacReset
*
*  Description:
*      This function will initialize the hmacContext in preparation
*      for computing a new HMAC message digest.
*
*  Parameters:
*      context: [in/out]
*          The context to reset.
*      whichSha: [in]
*          One of SHA1, SHA224, SHA256, SHA384, SHA512
*      key: [in]
*          The secret shared key.
*      key_len: [in]
*          The length of the secret shared key.
*
*  Returns:
*      sha Error Code.
*
*/
int hmacReset(HMACContext *ctx, enum SHAversion whichSha,
    const unsigned char *key, int key_len)
{
    int i, blocksize, hashsize;

    /* inner padding - key XORd with ipad */
    unsigned char k_ipad[USHA_Max_Message_Block_Size];

    /* temporary buffer when keylen > blocksize */
    unsigned char tempkey[USHAMaxHashSize];

    if (!ctx) return shaNull;

    blocksize = ctx->blockSize = USHABlockSize(whichSha);
    hashsize = ctx->hashSize = USHAHashSize(whichSha);

    ctx->whichSha = whichSha;

    /*
    * If key is longer than the hash blocksize,
    * reset it to key = HASH(key).
    */
    if (key_len > blocksize) {
        USHAContext tctx;
        int err = USHAReset(&tctx, whichSha) ||
            USHAInput(&tctx, key, key_len) ||
            USHAResult(&tctx, tempkey);
        if (err != shaSuccess) return err;

        key = tempkey;
        key_len = hashsize;
    }

    /*
    * The HMAC transform looks like:
    *
    * SHA(K XOR opad, SHA(K XOR ipad, text))
    *
    * where K is an n byte key.
    * ipad is the byte 0x36 repeated blocksize times
    * opad is the byte 0x5c repeated blocksize times
    * and text is the data being protected.
    */

    /* store key into the pads, XOR'd with ipad and opad values */
    for (i = 0; i < key_len; i++) {
        k_ipad[i] = key[i] ^ 0x36;
        ctx->k_opad[i] = key[i] ^ 0x5c;
    }
    /* remaining pad bytes are '\0' XOR'd with ipad and opad values */
    for (; i < blocksize; i++) {
        k_ipad[i] = 0x36;
        ctx->k_opad[i] = 0x5c;
    }

    /* perform inner hash */
    /* init context for 1st pass */
    return USHAReset(&ctx->shaContext, whichSha) ||
        /* and start with inner pad */
        USHAInput(&ctx->shaContext, k_ipad, blocksize);
}