TSS_RESULT
TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TPM_AUTH * ownerAuth) /* in, out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering OwnerClear");
if ((result = ctx_verify_context(hContext)))
goto done;
if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
goto done;
if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth);
}
LogResult("Ownerclear", result);
done:
auth_mgr_release_auth(ownerAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCPA_CAPABILITY_AREA capArea, /* in */
UINT32 subCapSize, /* in */
BYTE * subCap, /* in */
UINT32 * respSize, /* out */
BYTE ** resp) /* out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Get Cap");
if ((result = tpm_rqu_build(TPM_ORD_GetCapability, &offset, txBlob, capArea, subCapSize,
subCap, NULL)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
return result;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_GetCapability, txBlob, paramSize, respSize, resp,
NULL, NULL);
}
LogResult("Get Cap", result);
return result;
}
TSS_RESULT
TCSP_SetOperatorAuth_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCPA_SECRET *operatorAuth) /* in */
{
TSS_RESULT result;
UINT64 offset = 0;
UINT32 paramSize;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext)))
return result;
if ((result = tpm_rqu_build(TPM_ORD_SetOperatorAuth, &offset, txBlob, TPM_AUTHDATA_SIZE,
operatorAuth->authdata)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
LogResult("SetOperatorAuth", result);
done:
return result;
}
TSS_RESULT
TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE hWrappingKey, /* in */
TPM_ENCAUTH KeyUsageAuth, /* in */
TPM_HMAC MigAuthApproval, /* in */
TPM_DIGEST MigAuthorityDigest, /* in */
UINT32* keyDataSize, /* in, out */
BYTE** prgbKeyData, /* in, out */
TPM_AUTH* pAuth) /* in, out */
{
TSS_RESULT result;
UINT64 offset = 0;
UINT32 paramSize;
UINT32 parentSlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext))) {
free(*prgbKeyData);
return result;
}
if ((result = get_slot(hContext, hWrappingKey, &parentSlot))) {
free(*prgbKeyData);
return result;
}
if (pAuth) {
if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) {
free(*prgbKeyData);
return result;
}
}
if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateKey, &offset, txBlob,
parentSlot, &KeyUsageAuth, *keyDataSize, *prgbKeyData,
&MigAuthApproval, &MigAuthorityDigest, pAuth))) {
free(*prgbKeyData);
goto done;
}
free(*prgbKeyData);
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_CMK_CreateKey, txBlob, paramSize,
keyDataSize, prgbKeyData, pAuth);
}
LogResult("CMK_SetRestrictions", result);
done:
auth_mgr_release_auth(pAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */
TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE keyHandle, /* in */
TCPA_ENCAUTH encAuth, /* in */
UINT32 pcrInfoSize, /* in */
BYTE * PcrInfo, /* in */
UINT32 inDataSize, /* in */
BYTE * inData, /* in */
TPM_AUTH * pubAuth, /* in, out */
UINT32 * SealedDataSize, /* out */
BYTE ** SealedData) /* out */
{
UINT64 offset = 0;
TSS_RESULT result;
UINT32 paramSize;
TCPA_KEY_HANDLE keySlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Seal");
if (!pubAuth)
return TCSERR(TSS_E_BAD_PARAMETER);
if ((result = ctx_verify_context(hContext)))
goto done;
if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle)))
goto done;
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
goto done;
/* XXX What's this check for? */
if (keySlot == 0) {
result = TCSERR(TSS_E_FAIL);
goto done;
}
if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata,
pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
offset = 10;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize,
SealedData, pubAuth);
}
LogResult("Seal", result);
done:
auth_mgr_release_auth(pubAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE parentHandle, /* in */
TPM_CMK_AUTH restrictTicket, /* in */
TPM_HMAC sigTicket, /* in */
UINT32 keyDataSize, /* in */
BYTE* prgbKeyData, /* in */
UINT32 msaListSize, /* in */
BYTE* msaList, /* in */
UINT32 randomSize, /* in */
BYTE* random, /* in */
TPM_AUTH* parentAuth, /* in, out */
UINT32* outDataSize, /* out */
BYTE** outData) /* out */
{
TSS_RESULT result;
UINT64 offset = 0;
UINT32 paramSize;
UINT32 parentSlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext)))
return result;
if ((result = get_slot(hContext, parentHandle, &parentSlot)))
return result;
if (parentAuth) {
if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
return result;
}
if ((result = tpm_rqu_build(TPM_ORD_CMK_ConvertMigration, &offset, txBlob,
parentSlot, &restrictTicket, &sigTicket,
keyDataSize, prgbKeyData, msaListSize, msaList,
randomSize, random, parentAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_CMK_ConvertMigration, txBlob, paramSize,
outDataSize, outData, parentAuth, NULL);
}
LogResult("CMK_SetRestrictions", result);
done:
auth_mgr_release_auth(parentAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_Quote2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE keyHandle, /* in */
TCPA_NONCE antiReplay, /* in */
UINT32 pcrDataSizeIn, /* in */
BYTE * pcrDataIn, /* in */
TSS_BOOL addVersion, /* in */
TPM_AUTH * privAuth, /* in, out */
UINT32 * pcrDataSizeOut, /* out */
BYTE ** pcrDataOut, /* out */
UINT32 * versionInfoSize, /* out */
BYTE ** versionInfo, /* out */
UINT32 * sigSize, /* out */
BYTE ** sig) /* out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
UINT32 keySlot;
/* Command packet to be sent to the TPM */
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering quote2");
if ((result = ctx_verify_context(hContext)))
goto done;
if (privAuth != NULL) {
LogDebug("Auth Used");
if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle)))
goto done;
} else {
LogDebug("No Auth");
}
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
goto done;
if ((result = tpm_rqu_build(TPM_ORD_Quote2, &offset, txBlob, keySlot, antiReplay.nonce,
pcrDataSizeIn, pcrDataIn, &addVersion, privAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_Quote2, txBlob, paramSize, pcrDataSizeOut,
pcrDataOut, &addVersion, versionInfoSize, versionInfo,
sigSize, sig, privAuth);
}
LogResult("Quote2", result);
done:
auth_mgr_release_auth(privAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_Sign_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE keyHandle, /* in */
UINT32 areaToSignSize, /* in */
BYTE * areaToSign, /* in */
TPM_AUTH * privAuth, /* in, out */
UINT32 * sigSize, /* out */
BYTE ** sig /* out */
)
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
TCPA_KEY_HANDLE keySlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Sign");
if ((result = ctx_verify_context(hContext)))
return result;
if (privAuth != NULL) {
LogDebug("Auth Used");
if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle)))
goto done;
} else {
LogDebug("No Auth");
}
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
goto done;
if ((result = tpm_rqu_build(TPM_ORD_Sign, &offset, txBlob, keySlot, areaToSignSize,
areaToSign, privAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_Sign, txBlob, paramSize, sigSize, sig, privAuth,
NULL);
}
LogResult("sign", result);
done:
auth_mgr_release_auth(privAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
UINT32 PublicVerifyKeySize, /* in */
BYTE* PublicVerifyKey, /* in */
TPM_DIGEST SignedData, /* in */
UINT32 SigValueSize, /* in */
BYTE* SigValue, /* in */
TPM_AUTH* pOwnerAuth, /* in, out */
TPM_HMAC* SigTicket) /* out */
{
TSS_RESULT result;
UINT64 offset = 0;
UINT32 paramSize;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext)))
return result;
if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
return result;
if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateTicket, &offset, txBlob,
PublicVerifyKeySize, PublicVerifyKey, &SignedData,
SigValueSize, SigValue, pOwnerAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_CMK_CreateTicket, txBlob, paramSize,
SigTicket, pOwnerAuth);
}
LogResult("CMK_SetRestrictions", result);
done:
auth_mgr_release_auth(pOwnerAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_NV_ReadValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TSS_NV_INDEX hNVStore, /* in */
UINT32 offset, /* in */
UINT32 * pulDataLength, /* in, out */
TPM_AUTH * privAuth, /* in, out */
BYTE ** rgbDataRead) /* out */
{
UINT64 off_set = 0;
UINT32 paramSize;
TSS_RESULT result;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext)))
return result;
if (privAuth) {
if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle)))
goto done;
}
if ((result = tpm_rqu_build(TPM_ORD_NV_ReadValue, &off_set, txBlob, hNVStore, offset,
*pulDataLength, privAuth)))
return result;
LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", off_set);
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_NV_ReadValue, txBlob, paramSize, pulDataLength,
rgbDataRead, privAuth, NULL);
}
done:
LogDebug("Leaving NVReadValue with result:%u", result);
auth_mgr_release_auth(privAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TPM_DIGEST migAuthorityDigest, /* in */
TPM_AUTH* ownerAuth, /* in, out */
TPM_HMAC* HmacMigAuthDigest) /* out */
{
TSS_RESULT result;
UINT64 offset = 0;
UINT32 paramSize;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext)))
return result;
if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
return result;
if ((result = tpm_rqu_build(TPM_ORD_CMK_ApproveMA, &offset, txBlob,
&migAuthorityDigest, ownerAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_CMK_ApproveMA, txBlob, paramSize,
HmacMigAuthDigest, ownerAuth);
}
LogResult("CMK_SetRestrictions", result);
done:
auth_mgr_release_auth(ownerAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_NV_DefineOrReleaseSpace_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
UINT32 cPubInfoSize, /* in */
BYTE* pPubInfo, /* in */
TPM_ENCAUTH encAuth, /* in */
TPM_AUTH* pAuth) /* in, out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext)))
return result;
if (pAuth) {
if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle)))
goto done;
}
if ((result = tpm_rqu_build(TPM_ORD_NV_DefineSpace, &offset, txBlob, cPubInfoSize, pPubInfo,
TPM_ENCAUTH_SIZE, encAuth.authdata, pAuth)))
return result;
LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", offset);
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_NV_DefineSpace, txBlob, paramSize, pAuth);
}
done:
LogDebug("Leaving DefineSpace with result:%u", result);
auth_mgr_release_auth(pAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_GetCapabilityOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TPM_AUTH * pOwnerAuth, /* in / out */
TCPA_VERSION * pVersion, /* out */
UINT32 * pNonVolatileFlags, /* out */
UINT32 * pVolatileFlags) /* out */
{
UINT64 offset = 0;
TSS_RESULT result;
UINT32 paramSize;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Getcap owner");
if ((result = ctx_verify_context(hContext)))
goto done;
if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
goto done;
if ((result = tpm_rqu_build(TPM_ORD_GetCapabilityOwner, &offset, txBlob, pOwnerAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_GetCapabilityOwner, txBlob, paramSize, pVersion,
pNonVolatileFlags, pVolatileFlags, pOwnerAuth);
}
LogResult("GetCapowner", result);
done:
auth_mgr_release_auth(pOwnerAuth, NULL, hContext);
return result;
}
TSS_RESULT LIBTPMCALL TCS_FlushSpecific(UINT32 locality, TPM_KEY_HANDLE handle, TPM_RESOURCE_TYPE type) {
UINT64 offset = 0;
TSS_RESULT result;
UINT32 paramSize;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
if(LIBTPM_IsInit() == false) {
LOGERROR("libtpm not initialized");
return TCSERR(TSS_E_INTERNAL_ERROR);
}
LOGDEBUG("Entering TCS_FlushSpecific");
// Communication with TPM
result = tpm_rqu_build(TPM_ORD_FlushSpecific, &offset, txBlob, handle, type);
if(result) {
LOGDEBUG("tpm_rqu_build returns %x", result);
return result;
}
UnloadBlob_Header(txBlob, ¶mSize);
result = tpm_io(locality, txBlob, paramSize, txBlob, sizeof(txBlob));
if(result) {
result = TDDLERR(result);
LOGERROR("tpm_io returns %x", result);
return result;
}
result = UnloadBlob_Header(txBlob, ¶mSize);
if (! result) {
result = tpm_rsp_parse(TPM_ORD_FlushSpecific, txBlob, paramSize, NULL);
}
LOGDEBUG("Exiting TCS_FlushSpecific : %x", result);
return result;
}
TSS_RESULT
TCSP_SetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCPA_CAPABILITY_AREA capArea, /* in */
UINT32 subCapSize, /* in */
BYTE * subCap, /* in */
UINT32 valueSize, /* in */
BYTE * value, /* in */
TPM_AUTH * pOwnerAuth) /* in, out */
{
UINT64 offset = 0;
TSS_RESULT result;
UINT32 paramSize;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
if ((result = ctx_verify_context(hContext)))
goto done;
if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
goto done;
if ((result = tpm_rqu_build(TPM_ORD_SetCapability, &offset, txBlob, capArea, subCapSize,
subCap, valueSize, value, pOwnerAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_SetCapability, txBlob, paramSize, pOwnerAuth);
}
done:
auth_mgr_release_auth(pOwnerAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
UINT16 protocolID, /* in */
UINT32 encOwnerAuthSize, /* in */
BYTE * encOwnerAuth, /* in */
UINT32 encSrkAuthSize, /* in */
BYTE * encSrkAuth, /* in */
UINT32 srkInfoSize, /*in */
BYTE * srkInfo, /*in */
TPM_AUTH * ownerAuth, /* in, out */
UINT32 * srkKeySize, /*out */
BYTE ** srkKey) /*out */
{
UINT64 offset;
UINT32 paramSize;
TSS_RESULT result;
TSS_KEY srkKeyContainer;
BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, };
BYTE oldAuthDataUsage;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
if ((result = ctx_verify_context(hContext)))
goto done;
if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
goto done;
/* Check on the Atmel Bug Patch */
offset = 0;
UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer);
oldAuthDataUsage = srkKeyContainer.authDataUsage;
LogDebug("auth data usage is %.2X", oldAuthDataUsage);
offset = 0;
if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID,
encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth,
srkInfoSize, srkInfo, ownerAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize,
srkKey, ownerAuth)))
goto done;
offset = 0;
if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) {
*srkKeySize = 0;
free(*srkKey);
goto done;
}
if (srkKeyContainer.authDataUsage != oldAuthDataUsage) {
LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS");
srkKeyContainer.authDataUsage = oldAuthDataUsage;
}
#ifdef TSS_BUILD_PS
{
BYTE *save;
/* Once the key file is created, it stays forever. There could be
* migratable keys in the hierarchy that are still useful to someone.
*/
result = ps_remove_key(&SRK_UUID);
if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) {
destroy_key_refs(&srkKeyContainer);
LogError("Error removing SRK from key file.");
*srkKeySize = 0;
free(*srkKey);
goto done;
}
/* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for
* privacy reasons as outlined in the TSS spec */
save = srkKeyContainer.pubKey.key;
srkKeyContainer.pubKey.key = fake_pubkey;
offset = 0;
LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer);
if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk,
offset))) {
destroy_key_refs(&srkKeyContainer);
LogError("Error writing SRK to disk");
*srkKeySize = 0;
free(*srkKey);
goto done;
}
srkKeyContainer.pubKey.key = save;
}
#endif
if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer,
&SRK_UUID))) {
destroy_key_refs(&srkKeyContainer);
LogError("Error creating SRK mem cache entry");
*srkKeySize = 0;
free(*srkKey);
}
destroy_key_refs(&srkKeyContainer);
}
LogResult("TakeOwnership", result);
done:
auth_mgr_release_auth(ownerAuth, NULL, hContext);
return result;
}
TSS_RESULT LIBTPMCALL TCS_Seal(
UINT32 locality,
TPM_KEY_HANDLE hParent,
TPM_AUTHDATA * parentAuth,
TPM_ENCAUTH * encDataAuth,
UINT32 pcrInfoSize,
BYTE * pcrInfo,
UINT32 dataSize,
BYTE * data,
TPM_AUTH * auth,
UINT32 * sealedDataSize,
BYTE ** sealedData) {
UINT64 offset = 0;
TSS_RESULT result;
UINT32 paramSize;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
TPM_COMMAND_CODE ordinal = TPM_ORD_Seal;
BYTE bigendian_ordinal[sizeof(ordinal)];
BYTE bigendian_pcrInfoSize[sizeof(pcrInfoSize)];
BYTE bigendian_dataSize[sizeof(dataSize)];
TPM_NONCE h1;
TPM_NONCE h1Check;
struct USHAContext ctx_sha1;
if(LIBTPM_IsInit() == false) {
LOGERROR("libtpm not initialized");
return TCSERR(TSS_E_INTERNAL_ERROR);
}
LOGDEBUG("Entering TCS_Seal");
// Generate H1
USHAReset(&ctx_sha1, SHA1);
UINT32ToArray(ordinal, bigendian_ordinal);
UINT32ToArray(pcrInfoSize, bigendian_pcrInfoSize);
UINT32ToArray(dataSize, bigendian_dataSize);
USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal));
USHAInput(&ctx_sha1, encDataAuth->authdata, sizeof(encDataAuth->authdata));
USHAInput(&ctx_sha1, bigendian_pcrInfoSize, sizeof(bigendian_pcrInfoSize));
USHAInput(&ctx_sha1, pcrInfo, pcrInfoSize);
USHAInput(&ctx_sha1, bigendian_dataSize, sizeof(bigendian_dataSize));
USHAInput(&ctx_sha1, data, dataSize);
USHAResult(&ctx_sha1, (uint8_t *) &h1);
memset(&ctx_sha1, 0, sizeof(ctx_sha1));
// Compute AUTH
result = tcs_compute_auth(locality, auth, &h1, parentAuth);
if(result) {
return result;
}
// Communication with TPM
result = tpm_rqu_build(TPM_ORD_Seal, &offset, txBlob, hParent, encDataAuth->authdata, pcrInfoSize, pcrInfo, dataSize, data, auth);
if(result) {
LOGDEBUG("tpm_rqu_build returns %x", result);
return result;
}
UnloadBlob_Header(txBlob, ¶mSize);
result = tpm_io(locality, txBlob, paramSize, txBlob, sizeof(txBlob));
if(result) {
result = TDDLERR(result);
LOGERROR("tpm_io returns %x", result);
return result;
}
result = UnloadBlob_Header(txBlob, ¶mSize);
if (! result) {
result = tpm_rsp_parse(TPM_ORD_Seal, txBlob, paramSize, sealedDataSize, sealedData, auth);
}
if(! result) {
// Check auth value
USHAReset(&ctx_sha1, SHA1);
USHAInput(&ctx_sha1, (uint8_t *) &result, sizeof(TPM_RESULT));
USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal));
USHAInput(&ctx_sha1, *sealedData, *sealedDataSize);
USHAResult(&ctx_sha1, (uint8_t *) &h1Check);
memset(&ctx_sha1, 0, sizeof(ctx_sha1));
result = tcs_check_auth(auth, &h1Check, parentAuth);
if(result) {
free(*sealedData);
*sealedData = 0;
}
}
LOGDEBUG("Exiting TCS_Seal : %x", result);
return result;
}
TSS_RESULT
TCSP_CertifyKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE certHandle, /* in */
TCS_KEY_HANDLE keyHandle, /* in */
TCPA_NONCE antiReplay, /* in */
TPM_AUTH * certAuth, /* in, out */
TPM_AUTH * keyAuth, /* in, out */
UINT32 * CertifyInfoSize, /* out */
BYTE ** CertifyInfo, /* out */
UINT32 * outDataSize, /* out */
BYTE ** outData) /* out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
TCPA_KEY_HANDLE certKeySlot, keySlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Certify Key");
if ((result = ctx_verify_context(hContext)))
goto done;
if (certAuth != NULL) {
LogDebug("Auth Used for Cert signing key");
if ((result = auth_mgr_check(hContext, &certAuth->AuthHandle)))
goto done;
} else {
LogDebug("No Auth used for Cert signing key");
}
if (keyAuth != NULL) {
LogDebug("Auth Used for Key being signed");
if ((result = auth_mgr_check(hContext, &keyAuth->AuthHandle)))
goto done;
} else {
LogDebug("No Auth used for Key being signed");
}
if ((result = ensureKeyIsLoaded(hContext, certHandle, &certKeySlot)))
goto done;
if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
goto done;
if ((result = tpm_rqu_build(TPM_ORD_CertifyKey, &offset, txBlob, certKeySlot, keySlot,
antiReplay.nonce, certAuth, keyAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_CertifyKey, txBlob, paramSize, CertifyInfoSize,
CertifyInfo, outDataSize, outData, certAuth, keyAuth);
}
LogResult("Certify Key", result);
done:
auth_mgr_release_auth(certAuth, keyAuth, hContext);
return result;
}
TSS_RESULT
TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE parentHandle, /* in */
UINT32 SealedDataSize, /* in */
BYTE * SealedData, /* in */
TPM_AUTH * parentAuth, /* in, out */
TPM_AUTH * dataAuth, /* in, out */
UINT32 * DataSize, /* out */
BYTE ** Data) /* out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
TCPA_KEY_HANDLE keySlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebug("Entering Unseal");
if (dataAuth == NULL)
return TCSERR(TSS_E_BAD_PARAMETER);
if ((result = ctx_verify_context(hContext)))
goto done;
if (parentAuth != NULL) {
LogDebug("Auth used");
if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
goto done;
} else {
LogDebug("No Auth");
}
if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle)))
goto done;
if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
goto done;
/* XXX What's this check for? */
if (keySlot == 0) {
result = TCSERR(TSS_E_FAIL);
goto done;
}
if ((result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, keySlot, SealedDataSize,
SealedData, parentAuth, dataAuth)))
return result;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
offset = 10;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data,
parentAuth, dataAuth);
}
LogResult("Unseal", result);
done:
auth_mgr_release_auth(parentAuth, dataAuth, hContext);
return result;
}
TSS_RESULT
TCSP_DaaJoin_internal(TCS_CONTEXT_HANDLE hContext, /* in */
TPM_HANDLE handle, /* in */
BYTE stage, /* in */
UINT32 inputSize0, /* in */
BYTE *inputData0, /* in */
UINT32 inputSize1, /* in */
BYTE *inputData1, /* in */
TPM_AUTH * ownerAuth, /* in, out */
UINT32 *outputSize, /* out */
BYTE **outputData) /* out */
{
UINT64 offset = 0;
UINT32 paramSize;
TSS_RESULT result;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ( (result = ctx_verify_context(hContext)) != TSS_SUCCESS)
return result;
if( (result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)) != TSS_SUCCESS)
goto done;
#if 0
offset = 10;
LoadBlob_UINT32( &offset, handle, txBlob);
LogDebug("load BYTE: stage: %x", stage);
LoadBlob( &offset, sizeof(BYTE), txBlob, &stage);
LogDebug("load UNIT32: inputSize0: %x (oldOffset=%" PRIu64 ")", inputSize0, offset);
LoadBlob_UINT32(&offset, inputSize0, txBlob);
LogDebug("load Data: inputData0: %X (oldOffset=%" PRIu64 ")", (int)inputData0, offset);
LoadBlob(&offset, inputSize0, txBlob, inputData0);
LogDebug("load UINT32: inputSize1:%x (oldOffset=%" PRIu64 ")", inputSize1, offset);
LoadBlob_UINT32(&offset, inputSize1, txBlob);
if( inputSize1>0) {
LogDebug("load Data: inputData1: %X (oldOffset=%" PRIu64 ")", (int)inputData1, offset);
LoadBlob(&offset, inputSize1, txBlob, inputData1);
}
LogDebug("load Auth: ownerAuth: %X (oldOffset=%" PRIu64 ")", (int)ownerAuth, offset);
LoadBlob_Auth(&offset, txBlob, ownerAuth);
LogDebug("load Header: ordinal: %X (oldOffset=%" PRIu64 ")", TPM_ORD_DAA_Join, offset);
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_DAA_Join, txBlob);
#else
if ((result = tpm_rqu_build(TPM_ORD_DAA_Join, &offset, txBlob, handle, stage, inputSize0,
inputData0, inputSize1, inputData1, ownerAuth)))
goto done;
#endif
LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", offset);
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
LogDebug("UnloadBlob (paramSize=%d) result=%d", paramSize, result);
if (!result) {
#if 0
offset = 10;
UnloadBlob_UINT32( &offset, outputSize, txBlob);
LogDebug("Unload outputSize=%d", *outputSize);
*outputData = malloc(*outputSize);
if( *outputData == NULL) {
LogError("malloc of %u bytes failed.", *outputSize);
result = TCSERR(TSS_E_OUTOFMEMORY);
goto done;
}
LogDebug("Unload outputData");
UnloadBlob( &offset, *outputSize, txBlob, *outputData);
LogDebug("Unload Auth");
UnloadBlob_Auth(&offset, txBlob, ownerAuth);
#else
result = tpm_rsp_parse(TPM_ORD_DAA_Join, txBlob, paramSize, outputSize, outputData,
ownerAuth);
#endif
}
done:
LogDebug("Leaving DaaJoin with result:%d", result);
auth_mgr_release_auth(ownerAuth, NULL, hContext);
return result;
}
TSS_RESULT
TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
TCS_KEY_HANDLE parentHandle, /* in */
TSS_MIGRATE_SCHEME migrationType, /* in */
UINT32 MigrationKeyAuthSize, /* in */
BYTE* MigrationKeyAuth, /* in */
TPM_DIGEST PubSourceKeyDigest, /* in */
UINT32 msaListSize, /* in */
BYTE* msaList, /* in */
UINT32 restrictTicketSize, /* in */
BYTE* restrictTicket, /* in */
UINT32 sigTicketSize, /* in */
BYTE* sigTicket, /* in */
UINT32 encDataSize, /* in */
BYTE* encData, /* in */
TPM_AUTH* parentAuth, /* in, out */
UINT32* randomSize, /* out */
BYTE** random, /* out */
UINT32* outDataSize, /* out */
BYTE** outData) /* out */
{
TSS_RESULT result;
UINT64 offset = 0;
UINT32 paramSize;
UINT32 parentSlot;
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
LogDebugFn("Enter");
if ((result = ctx_verify_context(hContext)))
return result;
if ((result = get_slot(hContext, parentHandle, &parentSlot)))
return result;
if (parentAuth) {
if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
return result;
}
if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateBlob, &offset, txBlob,
parentSlot, migrationType, MigrationKeyAuthSize,
MigrationKeyAuth, &PubSourceKeyDigest, msaListSize, msaList,
restrictTicketSize, restrictTicket, sigTicketSize, sigTicket,
encDataSize, encData, parentAuth)))
goto done;
if ((result = req_mgr_submit_req(txBlob)))
goto done;
result = UnloadBlob_Header(txBlob, ¶mSize);
if (!result) {
result = tpm_rsp_parse(TPM_ORD_CMK_CreateBlob, txBlob, paramSize,
randomSize, random, outDataSize, outData, parentAuth, NULL);
}
LogResult("CMK_SetRestrictions", result);
done:
auth_mgr_release_auth(parentAuth, NULL, hContext);
return result;
}
