TSS_RESULT TCSP_GetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCPA_CAPABILITY_AREA capArea, /* in */ UINT32 subCapSize, /* in */ BYTE * subCap, /* in */ UINT32 * respSize, /* out */ BYTE ** resp) /* out */ { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering Get Cap"); if ((result = tpm_rqu_build(TPM_ORD_GetCapability, &offset, txBlob, capArea, subCapSize, subCap, NULL))) return result; if ((result = req_mgr_submit_req(txBlob))) return result; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_GetCapability, txBlob, paramSize, respSize, resp, NULL, NULL); } LogResult("Get Cap", result); return result; }
TSS_RESULT TCSP_OwnerClear_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TPM_AUTH * ownerAuth) /* in, out */ { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering OwnerClear"); if ((result = ctx_verify_context(hContext))) goto done; if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) goto done; if ((result = tpm_rqu_build(TPM_ORD_OwnerClear, &offset, txBlob, ownerAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_OwnerClear, txBlob, paramSize, ownerAuth); } LogResult("Ownerclear", result); done: auth_mgr_release_auth(ownerAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE hWrappingKey, /* in */ TPM_ENCAUTH KeyUsageAuth, /* in */ TPM_HMAC MigAuthApproval, /* in */ TPM_DIGEST MigAuthorityDigest, /* in */ UINT32* keyDataSize, /* in, out */ BYTE** prgbKeyData, /* in, out */ TPM_AUTH* pAuth) /* in, out */ { TSS_RESULT result; UINT64 offset = 0; UINT32 paramSize; UINT32 parentSlot; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) { free(*prgbKeyData); return result; } if ((result = get_slot(hContext, hWrappingKey, &parentSlot))) { free(*prgbKeyData); return result; } if (pAuth) { if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) { free(*prgbKeyData); return result; } } if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateKey, &offset, txBlob, parentSlot, &KeyUsageAuth, *keyDataSize, *prgbKeyData, &MigAuthApproval, &MigAuthorityDigest, pAuth))) { free(*prgbKeyData); goto done; } free(*prgbKeyData); if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_CMK_CreateKey, txBlob, paramSize, keyDataSize, prgbKeyData, pAuth); } LogResult("CMK_SetRestrictions", result); done: auth_mgr_release_auth(pAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */ TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE keyHandle, /* in */ TCPA_ENCAUTH encAuth, /* in */ UINT32 pcrInfoSize, /* in */ BYTE * PcrInfo, /* in */ UINT32 inDataSize, /* in */ BYTE * inData, /* in */ TPM_AUTH * pubAuth, /* in, out */ UINT32 * SealedDataSize, /* out */ BYTE ** SealedData) /* out */ { UINT64 offset = 0; TSS_RESULT result; UINT32 paramSize; TCPA_KEY_HANDLE keySlot; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering Seal"); if (!pubAuth) return TCSERR(TSS_E_BAD_PARAMETER); if ((result = ctx_verify_context(hContext))) goto done; if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle))) goto done; if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) goto done; /* XXX What's this check for? */ if (keySlot == 0) { result = TCSERR(TSS_E_FAIL); goto done; } if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata, pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth))) return result; if ((result = req_mgr_submit_req(txBlob))) goto done; offset = 10; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize, SealedData, pubAuth); } LogResult("Seal", result); done: auth_mgr_release_auth(pubAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE parentHandle, /* in */ TPM_CMK_AUTH restrictTicket, /* in */ TPM_HMAC sigTicket, /* in */ UINT32 keyDataSize, /* in */ BYTE* prgbKeyData, /* in */ UINT32 msaListSize, /* in */ BYTE* msaList, /* in */ UINT32 randomSize, /* in */ BYTE* random, /* in */ TPM_AUTH* parentAuth, /* in, out */ UINT32* outDataSize, /* out */ BYTE** outData) /* out */ { TSS_RESULT result; UINT64 offset = 0; UINT32 paramSize; UINT32 parentSlot; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) return result; if ((result = get_slot(hContext, parentHandle, &parentSlot))) return result; if (parentAuth) { if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) return result; } if ((result = tpm_rqu_build(TPM_ORD_CMK_ConvertMigration, &offset, txBlob, parentSlot, &restrictTicket, &sigTicket, keyDataSize, prgbKeyData, msaListSize, msaList, randomSize, random, parentAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_CMK_ConvertMigration, txBlob, paramSize, outDataSize, outData, parentAuth, NULL); } LogResult("CMK_SetRestrictions", result); done: auth_mgr_release_auth(parentAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_Quote2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE keyHandle, /* in */ TCPA_NONCE antiReplay, /* in */ UINT32 pcrDataSizeIn, /* in */ BYTE * pcrDataIn, /* in */ TSS_BOOL addVersion, /* in */ TPM_AUTH * privAuth, /* in, out */ UINT32 * pcrDataSizeOut, /* out */ BYTE ** pcrDataOut, /* out */ UINT32 * versionInfoSize, /* out */ BYTE ** versionInfo, /* out */ UINT32 * sigSize, /* out */ BYTE ** sig) /* out */ { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; UINT32 keySlot; /* Command packet to be sent to the TPM */ BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering quote2"); if ((result = ctx_verify_context(hContext))) goto done; if (privAuth != NULL) { LogDebug("Auth Used"); if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) goto done; } else { LogDebug("No Auth"); } if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) goto done; if ((result = tpm_rqu_build(TPM_ORD_Quote2, &offset, txBlob, keySlot, antiReplay.nonce, pcrDataSizeIn, pcrDataIn, &addVersion, privAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_Quote2, txBlob, paramSize, pcrDataSizeOut, pcrDataOut, &addVersion, versionInfoSize, versionInfo, sigSize, sig, privAuth); } LogResult("Quote2", result); done: auth_mgr_release_auth(privAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_Sign_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE keyHandle, /* in */ UINT32 areaToSignSize, /* in */ BYTE * areaToSign, /* in */ TPM_AUTH * privAuth, /* in, out */ UINT32 * sigSize, /* out */ BYTE ** sig /* out */ ) { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; TCPA_KEY_HANDLE keySlot; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering Sign"); if ((result = ctx_verify_context(hContext))) return result; if (privAuth != NULL) { LogDebug("Auth Used"); if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) goto done; } else { LogDebug("No Auth"); } if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) goto done; if ((result = tpm_rqu_build(TPM_ORD_Sign, &offset, txBlob, keySlot, areaToSignSize, areaToSign, privAuth))) return result; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_Sign, txBlob, paramSize, sigSize, sig, privAuth, NULL); } LogResult("sign", result); done: auth_mgr_release_auth(privAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ UINT32 PublicVerifyKeySize, /* in */ BYTE* PublicVerifyKey, /* in */ TPM_DIGEST SignedData, /* in */ UINT32 SigValueSize, /* in */ BYTE* SigValue, /* in */ TPM_AUTH* pOwnerAuth, /* in, out */ TPM_HMAC* SigTicket) /* out */ { TSS_RESULT result; UINT64 offset = 0; UINT32 paramSize; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) return result; if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) return result; if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateTicket, &offset, txBlob, PublicVerifyKeySize, PublicVerifyKey, &SignedData, SigValueSize, SigValue, pOwnerAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_CMK_CreateTicket, txBlob, paramSize, SigTicket, pOwnerAuth); } LogResult("CMK_SetRestrictions", result); done: auth_mgr_release_auth(pOwnerAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_NV_ReadValue_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TSS_NV_INDEX hNVStore, /* in */ UINT32 offset, /* in */ UINT32 * pulDataLength, /* in, out */ TPM_AUTH * privAuth, /* in, out */ BYTE ** rgbDataRead) /* out */ { UINT64 off_set = 0; UINT32 paramSize; TSS_RESULT result; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) return result; if (privAuth) { if ((result = auth_mgr_check(hContext, &privAuth->AuthHandle))) goto done; } if ((result = tpm_rqu_build(TPM_ORD_NV_ReadValue, &off_set, txBlob, hNVStore, offset, *pulDataLength, privAuth))) return result; LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", off_set); if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result); if (!result) { result = tpm_rsp_parse(TPM_ORD_NV_ReadValue, txBlob, paramSize, pulDataLength, rgbDataRead, privAuth, NULL); } done: LogDebug("Leaving NVReadValue with result:%u", result); auth_mgr_release_auth(privAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TPM_DIGEST migAuthorityDigest, /* in */ TPM_AUTH* ownerAuth, /* in, out */ TPM_HMAC* HmacMigAuthDigest) /* out */ { TSS_RESULT result; UINT64 offset = 0; UINT32 paramSize; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) return result; if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) return result; if ((result = tpm_rqu_build(TPM_ORD_CMK_ApproveMA, &offset, txBlob, &migAuthorityDigest, ownerAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_CMK_ApproveMA, txBlob, paramSize, HmacMigAuthDigest, ownerAuth); } LogResult("CMK_SetRestrictions", result); done: auth_mgr_release_auth(ownerAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_NV_DefineOrReleaseSpace_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ UINT32 cPubInfoSize, /* in */ BYTE* pPubInfo, /* in */ TPM_ENCAUTH encAuth, /* in */ TPM_AUTH* pAuth) /* in, out */ { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) return result; if (pAuth) { if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) goto done; } if ((result = tpm_rqu_build(TPM_ORD_NV_DefineSpace, &offset, txBlob, cPubInfoSize, pPubInfo, TPM_ENCAUTH_SIZE, encAuth.authdata, pAuth))) return result; LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", offset); if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); LogDebug("UnloadBlob (paramSize=%u) result=%u", paramSize, result); if (!result) { result = tpm_rsp_parse(TPM_ORD_NV_DefineSpace, txBlob, paramSize, pAuth); } done: LogDebug("Leaving DefineSpace with result:%u", result); auth_mgr_release_auth(pAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_GetCapabilityOwner_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TPM_AUTH * pOwnerAuth, /* in / out */ TCPA_VERSION * pVersion, /* out */ UINT32 * pNonVolatileFlags, /* out */ UINT32 * pVolatileFlags) /* out */ { UINT64 offset = 0; TSS_RESULT result; UINT32 paramSize; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering Getcap owner"); if ((result = ctx_verify_context(hContext))) goto done; if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) goto done; if ((result = tpm_rqu_build(TPM_ORD_GetCapabilityOwner, &offset, txBlob, pOwnerAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_GetCapabilityOwner, txBlob, paramSize, pVersion, pNonVolatileFlags, pVolatileFlags, pOwnerAuth); } LogResult("GetCapowner", result); done: auth_mgr_release_auth(pOwnerAuth, NULL, hContext); return result; }
TSS_RESULT LIBTPMCALL TCS_FlushSpecific(UINT32 locality, TPM_KEY_HANDLE handle, TPM_RESOURCE_TYPE type) { UINT64 offset = 0; TSS_RESULT result; UINT32 paramSize; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; if(LIBTPM_IsInit() == false) { LOGERROR("libtpm not initialized"); return TCSERR(TSS_E_INTERNAL_ERROR); } LOGDEBUG("Entering TCS_FlushSpecific"); // Communication with TPM result = tpm_rqu_build(TPM_ORD_FlushSpecific, &offset, txBlob, handle, type); if(result) { LOGDEBUG("tpm_rqu_build returns %x", result); return result; } UnloadBlob_Header(txBlob, ¶mSize); result = tpm_io(locality, txBlob, paramSize, txBlob, sizeof(txBlob)); if(result) { result = TDDLERR(result); LOGERROR("tpm_io returns %x", result); return result; } result = UnloadBlob_Header(txBlob, ¶mSize); if (! result) { result = tpm_rsp_parse(TPM_ORD_FlushSpecific, txBlob, paramSize, NULL); } LOGDEBUG("Exiting TCS_FlushSpecific : %x", result); return result; }
TSS_RESULT TCSP_SetCapability_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCPA_CAPABILITY_AREA capArea, /* in */ UINT32 subCapSize, /* in */ BYTE * subCap, /* in */ UINT32 valueSize, /* in */ BYTE * value, /* in */ TPM_AUTH * pOwnerAuth) /* in, out */ { UINT64 offset = 0; TSS_RESULT result; UINT32 paramSize; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; if ((result = ctx_verify_context(hContext))) goto done; if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) goto done; if ((result = tpm_rqu_build(TPM_ORD_SetCapability, &offset, txBlob, capArea, subCapSize, subCap, valueSize, value, pOwnerAuth))) return result; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_SetCapability, txBlob, paramSize, pOwnerAuth); } done: auth_mgr_release_auth(pOwnerAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_DaaJoin_internal(TCS_CONTEXT_HANDLE hContext, /* in */ TPM_HANDLE handle, /* in */ BYTE stage, /* in */ UINT32 inputSize0, /* in */ BYTE *inputData0, /* in */ UINT32 inputSize1, /* in */ BYTE *inputData1, /* in */ TPM_AUTH * ownerAuth, /* in, out */ UINT32 *outputSize, /* out */ BYTE **outputData) /* out */ { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ( (result = ctx_verify_context(hContext)) != TSS_SUCCESS) return result; if( (result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)) != TSS_SUCCESS) goto done; #if 0 offset = 10; LoadBlob_UINT32( &offset, handle, txBlob); LogDebug("load BYTE: stage: %x", stage); LoadBlob( &offset, sizeof(BYTE), txBlob, &stage); LogDebug("load UNIT32: inputSize0: %x (oldOffset=%" PRIu64 ")", inputSize0, offset); LoadBlob_UINT32(&offset, inputSize0, txBlob); LogDebug("load Data: inputData0: %X (oldOffset=%" PRIu64 ")", (int)inputData0, offset); LoadBlob(&offset, inputSize0, txBlob, inputData0); LogDebug("load UINT32: inputSize1:%x (oldOffset=%" PRIu64 ")", inputSize1, offset); LoadBlob_UINT32(&offset, inputSize1, txBlob); if( inputSize1>0) { LogDebug("load Data: inputData1: %X (oldOffset=%" PRIu64 ")", (int)inputData1, offset); LoadBlob(&offset, inputSize1, txBlob, inputData1); } LogDebug("load Auth: ownerAuth: %X (oldOffset=%" PRIu64 ")", (int)ownerAuth, offset); LoadBlob_Auth(&offset, txBlob, ownerAuth); LogDebug("load Header: ordinal: %X (oldOffset=%" PRIu64 ")", TPM_ORD_DAA_Join, offset); LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_DAA_Join, txBlob); #else if ((result = tpm_rqu_build(TPM_ORD_DAA_Join, &offset, txBlob, handle, stage, inputSize0, inputData0, inputSize1, inputData1, ownerAuth))) goto done; #endif LogDebug("req_mgr_submit_req (oldOffset=%" PRIu64 ")", offset); if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); LogDebug("UnloadBlob (paramSize=%d) result=%d", paramSize, result); if (!result) { #if 0 offset = 10; UnloadBlob_UINT32( &offset, outputSize, txBlob); LogDebug("Unload outputSize=%d", *outputSize); *outputData = malloc(*outputSize); if( *outputData == NULL) { LogError("malloc of %u bytes failed.", *outputSize); result = TCSERR(TSS_E_OUTOFMEMORY); goto done; } LogDebug("Unload outputData"); UnloadBlob( &offset, *outputSize, txBlob, *outputData); LogDebug("Unload Auth"); UnloadBlob_Auth(&offset, txBlob, ownerAuth); #else result = tpm_rsp_parse(TPM_ORD_DAA_Join, txBlob, paramSize, outputSize, outputData, ownerAuth); #endif } done: LogDebug("Leaving DaaJoin with result:%d", result); auth_mgr_release_auth(ownerAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE parentHandle, /* in */ UINT32 SealedDataSize, /* in */ BYTE * SealedData, /* in */ TPM_AUTH * parentAuth, /* in, out */ TPM_AUTH * dataAuth, /* in, out */ UINT32 * DataSize, /* out */ BYTE ** Data) /* out */ { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; TCPA_KEY_HANDLE keySlot; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering Unseal"); if (dataAuth == NULL) return TCSERR(TSS_E_BAD_PARAMETER); if ((result = ctx_verify_context(hContext))) goto done; if (parentAuth != NULL) { LogDebug("Auth used"); if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) goto done; } else { LogDebug("No Auth"); } if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle))) goto done; if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot))) goto done; /* XXX What's this check for? */ if (keySlot == 0) { result = TCSERR(TSS_E_FAIL); goto done; } if ((result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, keySlot, SealedDataSize, SealedData, parentAuth, dataAuth))) return result; if ((result = req_mgr_submit_req(txBlob))) goto done; offset = 10; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data, parentAuth, dataAuth); } LogResult("Unseal", result); done: auth_mgr_release_auth(parentAuth, dataAuth, hContext); return result; }
TSS_RESULT TCSP_TakeOwnership_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ UINT16 protocolID, /* in */ UINT32 encOwnerAuthSize, /* in */ BYTE * encOwnerAuth, /* in */ UINT32 encSrkAuthSize, /* in */ BYTE * encSrkAuth, /* in */ UINT32 srkInfoSize, /*in */ BYTE * srkInfo, /*in */ TPM_AUTH * ownerAuth, /* in, out */ UINT32 * srkKeySize, /*out */ BYTE ** srkKey) /*out */ { UINT64 offset; UINT32 paramSize; TSS_RESULT result; TSS_KEY srkKeyContainer; BYTE fake_pubkey[256] = { 0, }, fake_srk[2048] = { 0, }; BYTE oldAuthDataUsage; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; if ((result = ctx_verify_context(hContext))) goto done; if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) goto done; /* Check on the Atmel Bug Patch */ offset = 0; UnloadBlob_TSS_KEY(&offset, srkInfo, &srkKeyContainer); oldAuthDataUsage = srkKeyContainer.authDataUsage; LogDebug("auth data usage is %.2X", oldAuthDataUsage); offset = 0; if ((result = tpm_rqu_build(TPM_ORD_TakeOwnership, &offset, txBlob, protocolID, encOwnerAuthSize, encOwnerAuth, encSrkAuthSize, encSrkAuth, srkInfoSize, srkInfo, ownerAuth))) return result; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { if ((result = tpm_rsp_parse(TPM_ORD_TakeOwnership, txBlob, paramSize, srkKeySize, srkKey, ownerAuth))) goto done; offset = 0; if ((result = UnloadBlob_TSS_KEY(&offset, *srkKey, &srkKeyContainer))) { *srkKeySize = 0; free(*srkKey); goto done; } if (srkKeyContainer.authDataUsage != oldAuthDataUsage) { LogDebug("AuthDataUsage was changed by TPM. Atmel Bug. Fixing it in PS"); srkKeyContainer.authDataUsage = oldAuthDataUsage; } #ifdef TSS_BUILD_PS { BYTE *save; /* Once the key file is created, it stays forever. There could be * migratable keys in the hierarchy that are still useful to someone. */ result = ps_remove_key(&SRK_UUID); if (result != TSS_SUCCESS && result != TCSERR(TSS_E_PS_KEY_NOTFOUND)) { destroy_key_refs(&srkKeyContainer); LogError("Error removing SRK from key file."); *srkKeySize = 0; free(*srkKey); goto done; } /* Set the SRK pubkey to all 0's before writing the SRK to disk, this is for * privacy reasons as outlined in the TSS spec */ save = srkKeyContainer.pubKey.key; srkKeyContainer.pubKey.key = fake_pubkey; offset = 0; LoadBlob_TSS_KEY(&offset, fake_srk, &srkKeyContainer); if ((result = ps_write_key(&SRK_UUID, &NULL_UUID, NULL, 0, fake_srk, offset))) { destroy_key_refs(&srkKeyContainer); LogError("Error writing SRK to disk"); *srkKeySize = 0; free(*srkKey); goto done; } srkKeyContainer.pubKey.key = save; } #endif if ((result = mc_add_entry_init(SRK_TPM_HANDLE, SRK_TPM_HANDLE, &srkKeyContainer, &SRK_UUID))) { destroy_key_refs(&srkKeyContainer); LogError("Error creating SRK mem cache entry"); *srkKeySize = 0; free(*srkKey); } destroy_key_refs(&srkKeyContainer); } LogResult("TakeOwnership", result); done: auth_mgr_release_auth(ownerAuth, NULL, hContext); return result; }
TSS_RESULT LIBTPMCALL TCS_Seal( UINT32 locality, TPM_KEY_HANDLE hParent, TPM_AUTHDATA * parentAuth, TPM_ENCAUTH * encDataAuth, UINT32 pcrInfoSize, BYTE * pcrInfo, UINT32 dataSize, BYTE * data, TPM_AUTH * auth, UINT32 * sealedDataSize, BYTE ** sealedData) { UINT64 offset = 0; TSS_RESULT result; UINT32 paramSize; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; TPM_COMMAND_CODE ordinal = TPM_ORD_Seal; BYTE bigendian_ordinal[sizeof(ordinal)]; BYTE bigendian_pcrInfoSize[sizeof(pcrInfoSize)]; BYTE bigendian_dataSize[sizeof(dataSize)]; TPM_NONCE h1; TPM_NONCE h1Check; struct USHAContext ctx_sha1; if(LIBTPM_IsInit() == false) { LOGERROR("libtpm not initialized"); return TCSERR(TSS_E_INTERNAL_ERROR); } LOGDEBUG("Entering TCS_Seal"); // Generate H1 USHAReset(&ctx_sha1, SHA1); UINT32ToArray(ordinal, bigendian_ordinal); UINT32ToArray(pcrInfoSize, bigendian_pcrInfoSize); UINT32ToArray(dataSize, bigendian_dataSize); USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal)); USHAInput(&ctx_sha1, encDataAuth->authdata, sizeof(encDataAuth->authdata)); USHAInput(&ctx_sha1, bigendian_pcrInfoSize, sizeof(bigendian_pcrInfoSize)); USHAInput(&ctx_sha1, pcrInfo, pcrInfoSize); USHAInput(&ctx_sha1, bigendian_dataSize, sizeof(bigendian_dataSize)); USHAInput(&ctx_sha1, data, dataSize); USHAResult(&ctx_sha1, (uint8_t *) &h1); memset(&ctx_sha1, 0, sizeof(ctx_sha1)); // Compute AUTH result = tcs_compute_auth(locality, auth, &h1, parentAuth); if(result) { return result; } // Communication with TPM result = tpm_rqu_build(TPM_ORD_Seal, &offset, txBlob, hParent, encDataAuth->authdata, pcrInfoSize, pcrInfo, dataSize, data, auth); if(result) { LOGDEBUG("tpm_rqu_build returns %x", result); return result; } UnloadBlob_Header(txBlob, ¶mSize); result = tpm_io(locality, txBlob, paramSize, txBlob, sizeof(txBlob)); if(result) { result = TDDLERR(result); LOGERROR("tpm_io returns %x", result); return result; } result = UnloadBlob_Header(txBlob, ¶mSize); if (! result) { result = tpm_rsp_parse(TPM_ORD_Seal, txBlob, paramSize, sealedDataSize, sealedData, auth); } if(! result) { // Check auth value USHAReset(&ctx_sha1, SHA1); USHAInput(&ctx_sha1, (uint8_t *) &result, sizeof(TPM_RESULT)); USHAInput(&ctx_sha1, bigendian_ordinal, sizeof(bigendian_ordinal)); USHAInput(&ctx_sha1, *sealedData, *sealedDataSize); USHAResult(&ctx_sha1, (uint8_t *) &h1Check); memset(&ctx_sha1, 0, sizeof(ctx_sha1)); result = tcs_check_auth(auth, &h1Check, parentAuth); if(result) { free(*sealedData); *sealedData = 0; } } LOGDEBUG("Exiting TCS_Seal : %x", result); return result; }
TSS_RESULT TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE parentHandle, /* in */ TSS_MIGRATE_SCHEME migrationType, /* in */ UINT32 MigrationKeyAuthSize, /* in */ BYTE* MigrationKeyAuth, /* in */ TPM_DIGEST PubSourceKeyDigest, /* in */ UINT32 msaListSize, /* in */ BYTE* msaList, /* in */ UINT32 restrictTicketSize, /* in */ BYTE* restrictTicket, /* in */ UINT32 sigTicketSize, /* in */ BYTE* sigTicket, /* in */ UINT32 encDataSize, /* in */ BYTE* encData, /* in */ TPM_AUTH* parentAuth, /* in, out */ UINT32* randomSize, /* out */ BYTE** random, /* out */ UINT32* outDataSize, /* out */ BYTE** outData) /* out */ { TSS_RESULT result; UINT64 offset = 0; UINT32 paramSize; UINT32 parentSlot; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebugFn("Enter"); if ((result = ctx_verify_context(hContext))) return result; if ((result = get_slot(hContext, parentHandle, &parentSlot))) return result; if (parentAuth) { if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle))) return result; } if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateBlob, &offset, txBlob, parentSlot, migrationType, MigrationKeyAuthSize, MigrationKeyAuth, &PubSourceKeyDigest, msaListSize, msaList, restrictTicketSize, restrictTicket, sigTicketSize, sigTicket, encDataSize, encData, parentAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_CMK_CreateBlob, txBlob, paramSize, randomSize, random, outDataSize, outData, parentAuth, NULL); } LogResult("CMK_SetRestrictions", result); done: auth_mgr_release_auth(parentAuth, NULL, hContext); return result; }
TSS_RESULT TCSP_CertifyKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ TCS_KEY_HANDLE certHandle, /* in */ TCS_KEY_HANDLE keyHandle, /* in */ TCPA_NONCE antiReplay, /* in */ TPM_AUTH * certAuth, /* in, out */ TPM_AUTH * keyAuth, /* in, out */ UINT32 * CertifyInfoSize, /* out */ BYTE ** CertifyInfo, /* out */ UINT32 * outDataSize, /* out */ BYTE ** outData) /* out */ { UINT64 offset = 0; UINT32 paramSize; TSS_RESULT result; TCPA_KEY_HANDLE certKeySlot, keySlot; BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; LogDebug("Entering Certify Key"); if ((result = ctx_verify_context(hContext))) goto done; if (certAuth != NULL) { LogDebug("Auth Used for Cert signing key"); if ((result = auth_mgr_check(hContext, &certAuth->AuthHandle))) goto done; } else { LogDebug("No Auth used for Cert signing key"); } if (keyAuth != NULL) { LogDebug("Auth Used for Key being signed"); if ((result = auth_mgr_check(hContext, &keyAuth->AuthHandle))) goto done; } else { LogDebug("No Auth used for Key being signed"); } if ((result = ensureKeyIsLoaded(hContext, certHandle, &certKeySlot))) goto done; if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot))) goto done; if ((result = tpm_rqu_build(TPM_ORD_CertifyKey, &offset, txBlob, certKeySlot, keySlot, antiReplay.nonce, certAuth, keyAuth))) goto done; if ((result = req_mgr_submit_req(txBlob))) goto done; result = UnloadBlob_Header(txBlob, ¶mSize); if (!result) { result = tpm_rsp_parse(TPM_ORD_CertifyKey, txBlob, paramSize, CertifyInfoSize, CertifyInfo, outDataSize, outData, certAuth, keyAuth); } LogResult("Certify Key", result); done: auth_mgr_release_auth(certAuth, keyAuth, hContext); return result; }