1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <inttypes.h>
16
17 #include "trousers/tss.h"
18 #include "trousers_types.h"
19 #include "tcs_tsp.h"
20 #include "tcs_utils.h"
21 #include "tcs_int_literals.h"
22 #include "capabilities.h"
23 #include "tcslog.h"
24 #include "tcsps.h"
25 #include "req_mgr.h"
26 #include "tcs_aik.h"
27
28
29 TSS_RESULT
TCSP_MakeIdentity_Internal(TCS_CONTEXT_HANDLE hContext,TCPA_ENCAUTH identityAuth,TCPA_CHOSENID_HASH IDLabel_PrivCAHash,UINT32 idKeyInfoSize,BYTE * idKeyInfo,TPM_AUTH * pSrkAuth,TPM_AUTH * pOwnerAuth,UINT32 * idKeySize,BYTE ** idKey,UINT32 * pcIdentityBindingSize,BYTE ** prgbIdentityBinding,UINT32 * pcEndorsementCredentialSize,BYTE ** prgbEndorsementCredential,UINT32 * pcPlatformCredentialSize,BYTE ** prgbPlatformCredential,UINT32 * pcConformanceCredentialSize,BYTE ** prgbConformanceCredential)30 TCSP_MakeIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
31 TCPA_ENCAUTH identityAuth, /* in */
32 TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */
33 UINT32 idKeyInfoSize, /* in */
34 BYTE * idKeyInfo, /* in */
35 TPM_AUTH * pSrkAuth, /* in, out */
36 TPM_AUTH * pOwnerAuth, /* in, out */
37 UINT32 * idKeySize, /* out */
38 BYTE ** idKey, /* out */
39 UINT32 * pcIdentityBindingSize, /* out */
40 BYTE ** prgbIdentityBinding, /* out */
41 UINT32 * pcEndorsementCredentialSize, /* out */
42 BYTE ** prgbEndorsementCredential, /* out */
43 UINT32 * pcPlatformCredentialSize, /* out */
44 BYTE ** prgbPlatformCredential, /* out */
45 UINT32 * pcConformanceCredentialSize, /* out */
46 BYTE ** prgbConformanceCredential) /* out */
47 {
48 UINT64 offset;
49 UINT32 paramSize;
50 TSS_RESULT result;
51 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
52
53 if ((result = ctx_verify_context(hContext)))
54 goto done;
55
56 if (pSrkAuth != NULL) {
57 LogDebug("SRK Auth Used");
58 if ((result = auth_mgr_check(hContext, &pSrkAuth->AuthHandle)))
59 goto done;
60 } else {
61 LogDebug("No SRK Auth");
62 }
63
64 if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
65 goto done;
66
67 offset = 0;
68 if ((result = tpm_rqu_build(TPM_ORD_MakeIdentity, &offset, txBlob, identityAuth.authdata,
69 IDLabel_PrivCAHash.digest, idKeyInfoSize, idKeyInfo, pSrkAuth,
70 pOwnerAuth)))
71 goto done;
72
73 if ((result = req_mgr_submit_req(txBlob)))
74 goto done;
75
76 result = UnloadBlob_Header(txBlob, ¶mSize);
77 if (!result) {
78 if ((result = tpm_rsp_parse(TPM_ORD_MakeIdentity, txBlob, paramSize, idKeySize,
79 idKey, pcIdentityBindingSize, prgbIdentityBinding,
80 pSrkAuth, pOwnerAuth)))
81 goto done;
82
83 /* If an error occurs, these will return NULL */
84 get_credential(TSS_TCS_CREDENTIAL_PLATFORMCERT, pcPlatformCredentialSize,
85 prgbPlatformCredential);
86 get_credential(TSS_TCS_CREDENTIAL_TPM_CC, pcConformanceCredentialSize,
87 prgbConformanceCredential);
88 get_credential(TSS_TCS_CREDENTIAL_EKCERT, pcEndorsementCredentialSize,
89 prgbEndorsementCredential);
90 }
91 LogResult("Make Identity", result);
92 done:
93 auth_mgr_release_auth(pSrkAuth, pOwnerAuth, hContext);
94 return result;
95 }
96
97 TSS_RESULT
TCSP_ActivateTPMIdentity_Internal(TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE idKey,UINT32 blobSize,BYTE * blob,TPM_AUTH * idKeyAuth,TPM_AUTH * ownerAuth,UINT32 * SymmetricKeySize,BYTE ** SymmetricKey)98 TCSP_ActivateTPMIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
99 TCS_KEY_HANDLE idKey, /* in */
100 UINT32 blobSize, /* in */
101 BYTE * blob, /* in */
102 TPM_AUTH * idKeyAuth, /* in, out */
103 TPM_AUTH * ownerAuth, /* in, out */
104 UINT32 * SymmetricKeySize, /* out */
105 BYTE ** SymmetricKey) /* out */
106 {
107 UINT64 offset;
108 TSS_RESULT result;
109 UINT32 paramSize;
110 UINT32 keySlot;
111 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
112
113 LogDebug("TCSP_ActivateTPMIdentity");
114
115 if ((result = ctx_verify_context(hContext)))
116 goto done;
117
118 if (idKeyAuth != NULL) {
119 if ((result = auth_mgr_check(hContext, &idKeyAuth->AuthHandle)))
120 goto done;
121 }
122 if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
123 goto done;
124
125 if ((result = ensureKeyIsLoaded(hContext, idKey, &keySlot)))
126 goto done;
127
128 offset = 0;
129 if ((result = tpm_rqu_build(TPM_ORD_ActivateIdentity, &offset, txBlob, keySlot, blobSize,
130 blob, idKeyAuth, ownerAuth)))
131 goto done;
132
133 if ((result = req_mgr_submit_req(txBlob)))
134 goto done;
135
136 result = UnloadBlob_Header(txBlob, ¶mSize);
137 if (!result) {
138 if ((result = tpm_rsp_parse(TPM_ORD_ActivateIdentity, txBlob, paramSize,
139 SymmetricKeySize, SymmetricKey, idKeyAuth, ownerAuth)))
140 goto done;
141 }
142
143 done:
144 auth_mgr_release_auth(idKeyAuth, ownerAuth, hContext);
145 return result;
146 }
147
148 TSS_RESULT
TCS_GetCredential_Internal(TCS_CONTEXT_HANDLE hContext,UINT32 ulCredentialType,UINT32 ulCredentialAccessMode,UINT32 * pulCredentialSize,BYTE ** prgbCredentialData)149 TCS_GetCredential_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
150 UINT32 ulCredentialType, /* in */
151 UINT32 ulCredentialAccessMode, /* in */
152 UINT32 * pulCredentialSize, /* out */
153 BYTE ** prgbCredentialData) /* out */
154 {
155 TSS_RESULT result;
156
157 if ((result = ctx_verify_context(hContext)))
158 return result;
159
160 if ((ulCredentialType != TSS_TCS_CREDENTIAL_EKCERT) &&
161 (ulCredentialType != TSS_TCS_CREDENTIAL_TPM_CC) &&
162 (ulCredentialType != TSS_TCS_CREDENTIAL_PLATFORMCERT)) {
163 LogError("GetCredential - Unsupported Credential Type");
164 return TCSERR(TSS_E_BAD_PARAMETER);
165 }
166
167 if (ulCredentialAccessMode == TSS_TCS_CERT_ACCESS_AUTO) {
168 get_credential(ulCredentialType, pulCredentialSize, prgbCredentialData);
169 } else {
170 LogError("GetCredential - Unsupported Credential Access Mode");
171 return TCSERR(TSS_E_FAIL);
172 }
173
174 return TSS_SUCCESS;
175 }
176
177 TSS_RESULT
TCSP_MakeIdentity2_Internal(TCS_CONTEXT_HANDLE hContext,TCPA_ENCAUTH identityAuth,TCPA_CHOSENID_HASH IDLabel_PrivCAHash,UINT32 idKeyInfoSize,BYTE * idKeyInfo,TPM_AUTH * pSrkAuth,TPM_AUTH * pOwnerAuth,UINT32 * idKeySize,BYTE ** idKey,UINT32 * pcIdentityBindingSize,BYTE ** prgbIdentityBinding)178 TCSP_MakeIdentity2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
179 TCPA_ENCAUTH identityAuth, /* in */
180 TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */
181 UINT32 idKeyInfoSize, /* in */
182 BYTE * idKeyInfo, /* in */
183 TPM_AUTH * pSrkAuth, /* in, out */
184 TPM_AUTH * pOwnerAuth, /* in, out */
185 UINT32 * idKeySize, /* out */
186 BYTE ** idKey, /* out */
187 UINT32 * pcIdentityBindingSize, /* out */
188 BYTE ** prgbIdentityBinding) /* out */
189 {
190 UINT64 offset;
191 UINT32 paramSize;
192 TSS_RESULT result;
193 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
194
195 if ((result = ctx_verify_context(hContext)))
196 goto done;
197
198 if (pSrkAuth) {
199 if ((result = auth_mgr_check(hContext, &pSrkAuth->AuthHandle)))
200 goto done;
201 }
202
203 if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
204 goto done;
205
206 offset = 0;
207 if ((result = tpm_rqu_build(TPM_ORD_MakeIdentity, &offset, txBlob, identityAuth.authdata,
208 IDLabel_PrivCAHash.digest, idKeyInfoSize, idKeyInfo, pSrkAuth,
209 pOwnerAuth)))
210 goto done;
211
212 if ((result = req_mgr_submit_req(txBlob)))
213 goto done;
214
215 result = UnloadBlob_Header(txBlob, ¶mSize);
216 if (!result) {
217 if ((result = tpm_rsp_parse(TPM_ORD_MakeIdentity, txBlob, paramSize, idKeySize,
218 idKey, pcIdentityBindingSize, prgbIdentityBinding,
219 pSrkAuth, pOwnerAuth)))
220 goto done;
221 }
222 LogResult("Make Identity", result);
223 done:
224 auth_mgr_release_auth(pSrkAuth, pOwnerAuth, hContext);
225 return result;
226 }
227
228