1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2007
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15
16 #include "trousers/tss.h"
17 #include "trousers_types.h"
18 #include "tcs_utils.h"
19 #include "tcslog.h"
20 #include "req_mgr.h"
21
22 TSS_RESULT
TCSP_CMK_SetRestrictions_Internal(TCS_CONTEXT_HANDLE hContext,TSS_CMK_DELEGATE Restriction,TPM_AUTH * ownerAuth)23 TCSP_CMK_SetRestrictions_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
24 TSS_CMK_DELEGATE Restriction, /* in */
25 TPM_AUTH* ownerAuth) /* in */
26 {
27 TSS_RESULT result;
28 UINT64 offset = 0;
29 UINT32 paramSize;
30 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
31
32 LogDebugFn("Enter");
33
34 if ((result = ctx_verify_context(hContext)))
35 return result;
36
37 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
38 return result;
39
40 if ((result = tpm_rqu_build(TPM_ORD_CMK_SetRestrictions, &offset, txBlob,
41 Restriction, ownerAuth)))
42 goto done;
43
44 if ((result = req_mgr_submit_req(txBlob)))
45 goto done;
46
47 result = UnloadBlob_Header(txBlob, ¶mSize);
48 if (!result) {
49 result = tpm_rsp_parse(TPM_ORD_CMK_SetRestrictions, txBlob, paramSize,
50 ownerAuth);
51 }
52
53 LogResult("CMK_SetRestrictions", result);
54
55 done:
56 auth_mgr_release_auth(ownerAuth, NULL, hContext);
57
58 return result;
59 }
60
61 TSS_RESULT
TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE hContext,TPM_DIGEST migAuthorityDigest,TPM_AUTH * ownerAuth,TPM_HMAC * HmacMigAuthDigest)62 TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
63 TPM_DIGEST migAuthorityDigest, /* in */
64 TPM_AUTH* ownerAuth, /* in, out */
65 TPM_HMAC* HmacMigAuthDigest) /* out */
66 {
67 TSS_RESULT result;
68 UINT64 offset = 0;
69 UINT32 paramSize;
70 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
71
72 LogDebugFn("Enter");
73
74 if ((result = ctx_verify_context(hContext)))
75 return result;
76
77 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
78 return result;
79
80 if ((result = tpm_rqu_build(TPM_ORD_CMK_ApproveMA, &offset, txBlob,
81 &migAuthorityDigest, ownerAuth)))
82 goto done;
83
84 if ((result = req_mgr_submit_req(txBlob)))
85 goto done;
86
87 result = UnloadBlob_Header(txBlob, ¶mSize);
88 if (!result) {
89 result = tpm_rsp_parse(TPM_ORD_CMK_ApproveMA, txBlob, paramSize,
90 HmacMigAuthDigest, ownerAuth);
91 }
92
93 LogResult("CMK_SetRestrictions", result);
94
95 done:
96 auth_mgr_release_auth(ownerAuth, NULL, hContext);
97
98 return result;
99 }
100
101 TSS_RESULT
TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE hWrappingKey,TPM_ENCAUTH KeyUsageAuth,TPM_HMAC MigAuthApproval,TPM_DIGEST MigAuthorityDigest,UINT32 * keyDataSize,BYTE ** prgbKeyData,TPM_AUTH * pAuth)102 TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
103 TCS_KEY_HANDLE hWrappingKey, /* in */
104 TPM_ENCAUTH KeyUsageAuth, /* in */
105 TPM_HMAC MigAuthApproval, /* in */
106 TPM_DIGEST MigAuthorityDigest, /* in */
107 UINT32* keyDataSize, /* in, out */
108 BYTE** prgbKeyData, /* in, out */
109 TPM_AUTH* pAuth) /* in, out */
110 {
111 TSS_RESULT result;
112 UINT64 offset = 0;
113 UINT32 paramSize;
114 UINT32 parentSlot;
115 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
116
117 LogDebugFn("Enter");
118
119 if ((result = ctx_verify_context(hContext))) {
120 free(*prgbKeyData);
121 return result;
122 }
123
124 if ((result = get_slot(hContext, hWrappingKey, &parentSlot))) {
125 free(*prgbKeyData);
126 return result;
127 }
128
129 if (pAuth) {
130 if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) {
131 free(*prgbKeyData);
132 return result;
133 }
134 }
135
136 if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateKey, &offset, txBlob,
137 parentSlot, &KeyUsageAuth, *keyDataSize, *prgbKeyData,
138 &MigAuthApproval, &MigAuthorityDigest, pAuth))) {
139 free(*prgbKeyData);
140 goto done;
141 }
142 free(*prgbKeyData);
143
144 if ((result = req_mgr_submit_req(txBlob)))
145 goto done;
146
147 result = UnloadBlob_Header(txBlob, ¶mSize);
148 if (!result) {
149 result = tpm_rsp_parse(TPM_ORD_CMK_CreateKey, txBlob, paramSize,
150 keyDataSize, prgbKeyData, pAuth);
151 }
152
153 LogResult("CMK_SetRestrictions", result);
154
155 done:
156 auth_mgr_release_auth(pAuth, NULL, hContext);
157
158 return result;
159 }
160
161 TSS_RESULT
TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE hContext,UINT32 PublicVerifyKeySize,BYTE * PublicVerifyKey,TPM_DIGEST SignedData,UINT32 SigValueSize,BYTE * SigValue,TPM_AUTH * pOwnerAuth,TPM_HMAC * SigTicket)162 TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
163 UINT32 PublicVerifyKeySize, /* in */
164 BYTE* PublicVerifyKey, /* in */
165 TPM_DIGEST SignedData, /* in */
166 UINT32 SigValueSize, /* in */
167 BYTE* SigValue, /* in */
168 TPM_AUTH* pOwnerAuth, /* in, out */
169 TPM_HMAC* SigTicket) /* out */
170 {
171 TSS_RESULT result;
172 UINT64 offset = 0;
173 UINT32 paramSize;
174 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
175
176 LogDebugFn("Enter");
177
178 if ((result = ctx_verify_context(hContext)))
179 return result;
180
181 if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
182 return result;
183
184 if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateTicket, &offset, txBlob,
185 PublicVerifyKeySize, PublicVerifyKey, &SignedData,
186 SigValueSize, SigValue, pOwnerAuth)))
187 goto done;
188
189 if ((result = req_mgr_submit_req(txBlob)))
190 goto done;
191
192 result = UnloadBlob_Header(txBlob, ¶mSize);
193 if (!result) {
194 result = tpm_rsp_parse(TPM_ORD_CMK_CreateTicket, txBlob, paramSize,
195 SigTicket, pOwnerAuth);
196 }
197
198 LogResult("CMK_SetRestrictions", result);
199
200 done:
201 auth_mgr_release_auth(pOwnerAuth, NULL, hContext);
202
203 return result;
204 }
205
206 TSS_RESULT
TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE parentHandle,TSS_MIGRATE_SCHEME migrationType,UINT32 MigrationKeyAuthSize,BYTE * MigrationKeyAuth,TPM_DIGEST PubSourceKeyDigest,UINT32 msaListSize,BYTE * msaList,UINT32 restrictTicketSize,BYTE * restrictTicket,UINT32 sigTicketSize,BYTE * sigTicket,UINT32 encDataSize,BYTE * encData,TPM_AUTH * parentAuth,UINT32 * randomSize,BYTE ** random,UINT32 * outDataSize,BYTE ** outData)207 TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
208 TCS_KEY_HANDLE parentHandle, /* in */
209 TSS_MIGRATE_SCHEME migrationType, /* in */
210 UINT32 MigrationKeyAuthSize, /* in */
211 BYTE* MigrationKeyAuth, /* in */
212 TPM_DIGEST PubSourceKeyDigest, /* in */
213 UINT32 msaListSize, /* in */
214 BYTE* msaList, /* in */
215 UINT32 restrictTicketSize, /* in */
216 BYTE* restrictTicket, /* in */
217 UINT32 sigTicketSize, /* in */
218 BYTE* sigTicket, /* in */
219 UINT32 encDataSize, /* in */
220 BYTE* encData, /* in */
221 TPM_AUTH* parentAuth, /* in, out */
222 UINT32* randomSize, /* out */
223 BYTE** random, /* out */
224 UINT32* outDataSize, /* out */
225 BYTE** outData) /* out */
226 {
227 TSS_RESULT result;
228 UINT64 offset = 0;
229 UINT32 paramSize;
230 UINT32 parentSlot;
231 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
232
233 LogDebugFn("Enter");
234
235 if ((result = ctx_verify_context(hContext)))
236 return result;
237
238 if ((result = get_slot(hContext, parentHandle, &parentSlot)))
239 return result;
240
241 if (parentAuth) {
242 if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
243 return result;
244 }
245
246 if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateBlob, &offset, txBlob,
247 parentSlot, migrationType, MigrationKeyAuthSize,
248 MigrationKeyAuth, &PubSourceKeyDigest, msaListSize, msaList,
249 restrictTicketSize, restrictTicket, sigTicketSize, sigTicket,
250 encDataSize, encData, parentAuth)))
251 goto done;
252
253 if ((result = req_mgr_submit_req(txBlob)))
254 goto done;
255
256 result = UnloadBlob_Header(txBlob, ¶mSize);
257 if (!result) {
258 result = tpm_rsp_parse(TPM_ORD_CMK_CreateBlob, txBlob, paramSize,
259 randomSize, random, outDataSize, outData, parentAuth, NULL);
260 }
261
262 LogResult("CMK_SetRestrictions", result);
263
264 done:
265 auth_mgr_release_auth(parentAuth, NULL, hContext);
266
267 return result;
268 }
269
270 TSS_RESULT
TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE parentHandle,TPM_CMK_AUTH restrictTicket,TPM_HMAC sigTicket,UINT32 keyDataSize,BYTE * prgbKeyData,UINT32 msaListSize,BYTE * msaList,UINT32 randomSize,BYTE * random,TPM_AUTH * parentAuth,UINT32 * outDataSize,BYTE ** outData)271 TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
272 TCS_KEY_HANDLE parentHandle, /* in */
273 TPM_CMK_AUTH restrictTicket, /* in */
274 TPM_HMAC sigTicket, /* in */
275 UINT32 keyDataSize, /* in */
276 BYTE* prgbKeyData, /* in */
277 UINT32 msaListSize, /* in */
278 BYTE* msaList, /* in */
279 UINT32 randomSize, /* in */
280 BYTE* random, /* in */
281 TPM_AUTH* parentAuth, /* in, out */
282 UINT32* outDataSize, /* out */
283 BYTE** outData) /* out */
284 {
285 TSS_RESULT result;
286 UINT64 offset = 0;
287 UINT32 paramSize;
288 UINT32 parentSlot;
289 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
290
291 LogDebugFn("Enter");
292
293 if ((result = ctx_verify_context(hContext)))
294 return result;
295
296 if ((result = get_slot(hContext, parentHandle, &parentSlot)))
297 return result;
298
299 if (parentAuth) {
300 if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
301 return result;
302 }
303
304 if ((result = tpm_rqu_build(TPM_ORD_CMK_ConvertMigration, &offset, txBlob,
305 parentSlot, &restrictTicket, &sigTicket,
306 keyDataSize, prgbKeyData, msaListSize, msaList,
307 randomSize, random, parentAuth)))
308 goto done;
309
310 if ((result = req_mgr_submit_req(txBlob)))
311 goto done;
312
313 result = UnloadBlob_Header(txBlob, ¶mSize);
314 if (!result) {
315 result = tpm_rsp_parse(TPM_ORD_CMK_ConvertMigration, txBlob, paramSize,
316 outDataSize, outData, parentAuth, NULL);
317 }
318
319 LogResult("CMK_SetRestrictions", result);
320
321 done:
322 auth_mgr_release_auth(parentAuth, NULL, hContext);
323
324 return result;
325 }
326
327