xref: /netbsd-src/crypto/external/cpl/trousers/dist/src/tcs/tcsi_cmk.c (revision 4d342c046e3288fb5a1edcd33cfec48c41c80664) 
1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2007
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 
16 #include "trousers/tss.h"
17 #include "trousers_types.h"
18 #include "tcs_utils.h"
19 #include "tcslog.h"
20 #include "req_mgr.h"
21 
22 TSS_RESULT
23 TCSP_CMK_SetRestrictions_Internal(TCS_CONTEXT_HANDLE	hContext,	/* in */
24 				  TSS_CMK_DELEGATE	Restriction,	/* in */
25 				  TPM_AUTH*		ownerAuth)	/* in */
26 {
27 	TSS_RESULT result;
28 	UINT64 offset = 0;
29 	UINT32 paramSize;
30 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
31 
32 	LogDebugFn("Enter");
33 
34 	if ((result = ctx_verify_context(hContext)))
35 		return result;
36 
37 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
38 		return result;
39 
40 	if ((result = tpm_rqu_build(TPM_ORD_CMK_SetRestrictions, &offset, txBlob,
41 				    Restriction, ownerAuth)))
42 		goto done;
43 
44 	if ((result = req_mgr_submit_req(txBlob)))
45 		goto done;
46 
47 	result = UnloadBlob_Header(txBlob, &paramSize);
48 	if (!result) {
49 		result = tpm_rsp_parse(TPM_ORD_CMK_SetRestrictions, txBlob, paramSize,
50 				       ownerAuth);
51 	}
52 
53 	LogResult("CMK_SetRestrictions", result);
54 
55 done:
56 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
57 
58 	return result;
59 }
60 
61 TSS_RESULT
62 TCSP_CMK_ApproveMA_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
63 			    TPM_DIGEST		migAuthorityDigest,	/* in */
64 			    TPM_AUTH*		ownerAuth,		/* in, out */
65 			    TPM_HMAC*		HmacMigAuthDigest)	/* out */
66 {
67 	TSS_RESULT result;
68 	UINT64 offset = 0;
69 	UINT32 paramSize;
70 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
71 
72 	LogDebugFn("Enter");
73 
74 	if ((result = ctx_verify_context(hContext)))
75 		return result;
76 
77 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
78 		return result;
79 
80 	if ((result = tpm_rqu_build(TPM_ORD_CMK_ApproveMA, &offset, txBlob,
81 				    &migAuthorityDigest, ownerAuth)))
82 		goto done;
83 
84 	if ((result = req_mgr_submit_req(txBlob)))
85 		goto done;
86 
87 	result = UnloadBlob_Header(txBlob, &paramSize);
88 	if (!result) {
89 		result = tpm_rsp_parse(TPM_ORD_CMK_ApproveMA, txBlob, paramSize,
90 				       HmacMigAuthDigest, ownerAuth);
91 	}
92 
93 	LogResult("CMK_SetRestrictions", result);
94 
95 done:
96 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
97 
98 	return result;
99 }
100 
101 TSS_RESULT
102 TCSP_CMK_CreateKey_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
103 			    TCS_KEY_HANDLE	hWrappingKey,		/* in */
104 			    TPM_ENCAUTH		KeyUsageAuth,		/* in */
105 			    TPM_HMAC		MigAuthApproval,	/* in */
106 			    TPM_DIGEST		MigAuthorityDigest,	/* in */
107 			    UINT32*		keyDataSize,		/* in, out */
108 			    BYTE**		prgbKeyData,		/* in, out */
109 			    TPM_AUTH*		pAuth)			/* in, out */
110 {
111 	TSS_RESULT result;
112 	UINT64 offset = 0;
113 	UINT32 paramSize;
114 	UINT32 parentSlot;
115 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
116 
117 	LogDebugFn("Enter");
118 
119 	if ((result = ctx_verify_context(hContext))) {
120 		free(*prgbKeyData);
121 		return result;
122 	}
123 
124 	if ((result = get_slot(hContext, hWrappingKey, &parentSlot))) {
125 		free(*prgbKeyData);
126 		return result;
127 	}
128 
129 	if (pAuth) {
130 		if ((result = auth_mgr_check(hContext, &pAuth->AuthHandle))) {
131 			free(*prgbKeyData);
132 			return result;
133 		}
134 	}
135 
136 	if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateKey, &offset, txBlob,
137 				    parentSlot, &KeyUsageAuth, *keyDataSize, *prgbKeyData,
138 				    &MigAuthApproval, &MigAuthorityDigest, pAuth))) {
139 		free(*prgbKeyData);
140 		goto done;
141 	}
142 	free(*prgbKeyData);
143 
144 	if ((result = req_mgr_submit_req(txBlob)))
145 		goto done;
146 
147 	result = UnloadBlob_Header(txBlob, &paramSize);
148 	if (!result) {
149 		result = tpm_rsp_parse(TPM_ORD_CMK_CreateKey, txBlob, paramSize,
150 				       keyDataSize, prgbKeyData, pAuth);
151 	}
152 
153 	LogResult("CMK_SetRestrictions", result);
154 
155 done:
156 	auth_mgr_release_auth(pAuth, NULL, hContext);
157 
158 	return result;
159 }
160 
161 TSS_RESULT
162 TCSP_CMK_CreateTicket_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
163 			       UINT32			PublicVerifyKeySize,	/* in */
164 			       BYTE*			PublicVerifyKey,	/* in */
165 			       TPM_DIGEST		SignedData,		/* in */
166 			       UINT32			SigValueSize,		/* in */
167 			       BYTE*			SigValue,		/* in */
168 			       TPM_AUTH*		pOwnerAuth,		/* in, out */
169 			       TPM_HMAC*		SigTicket)		/* out */
170 {
171 	TSS_RESULT result;
172 	UINT64 offset = 0;
173 	UINT32 paramSize;
174 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
175 
176 	LogDebugFn("Enter");
177 
178 	if ((result = ctx_verify_context(hContext)))
179 		return result;
180 
181 	if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle)))
182 		return result;
183 
184 	if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateTicket, &offset, txBlob,
185 				    PublicVerifyKeySize, PublicVerifyKey, &SignedData,
186 				    SigValueSize, SigValue, pOwnerAuth)))
187 		goto done;
188 
189 	if ((result = req_mgr_submit_req(txBlob)))
190 		goto done;
191 
192 	result = UnloadBlob_Header(txBlob, &paramSize);
193 	if (!result) {
194 		result = tpm_rsp_parse(TPM_ORD_CMK_CreateTicket, txBlob, paramSize,
195 				       SigTicket, pOwnerAuth);
196 	}
197 
198 	LogResult("CMK_SetRestrictions", result);
199 
200 done:
201 	auth_mgr_release_auth(pOwnerAuth, NULL, hContext);
202 
203 	return result;
204 }
205 
206 TSS_RESULT
207 TCSP_CMK_CreateBlob_Internal(TCS_CONTEXT_HANDLE	hContext,		/* in */
208 			     TCS_KEY_HANDLE	parentHandle,		/* in */
209 			     TSS_MIGRATE_SCHEME	migrationType,		/* in */
210 			     UINT32		MigrationKeyAuthSize,	/* in */
211 			     BYTE*		MigrationKeyAuth,	/* in */
212 			     TPM_DIGEST		PubSourceKeyDigest,	/* in */
213 			     UINT32		msaListSize,		/* in */
214 			     BYTE*		msaList,		/* in */
215 			     UINT32		restrictTicketSize,	/* in */
216 			     BYTE*		restrictTicket,		/* in */
217 			     UINT32		sigTicketSize,		/* in */
218 			     BYTE*		sigTicket,		/* in */
219 			     UINT32		encDataSize,		/* in */
220 			     BYTE*		encData,		/* in */
221 			     TPM_AUTH*		parentAuth,		/* in, out */
222 			     UINT32*		randomSize,		/* out */
223 			     BYTE**		random,			/* out */
224 			     UINT32*		outDataSize,		/* out */
225 			     BYTE**		outData)		/* out */
226 {
227 	TSS_RESULT result;
228 	UINT64 offset = 0;
229 	UINT32 paramSize;
230 	UINT32 parentSlot;
231 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
232 
233 	LogDebugFn("Enter");
234 
235 	if ((result = ctx_verify_context(hContext)))
236 		return result;
237 
238 	if ((result = get_slot(hContext, parentHandle, &parentSlot)))
239 		return result;
240 
241 	if (parentAuth) {
242 		if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
243 			return result;
244 	}
245 
246 	if ((result = tpm_rqu_build(TPM_ORD_CMK_CreateBlob, &offset, txBlob,
247 				    parentSlot, migrationType, MigrationKeyAuthSize,
248 				    MigrationKeyAuth, &PubSourceKeyDigest, msaListSize, msaList,
249 				    restrictTicketSize, restrictTicket, sigTicketSize, sigTicket,
250 				    encDataSize, encData, parentAuth)))
251 		goto done;
252 
253 	if ((result = req_mgr_submit_req(txBlob)))
254 		goto done;
255 
256 	result = UnloadBlob_Header(txBlob, &paramSize);
257 	if (!result) {
258 		result = tpm_rsp_parse(TPM_ORD_CMK_CreateBlob, txBlob, paramSize,
259 				       randomSize, random, outDataSize, outData, parentAuth, NULL);
260 	}
261 
262 	LogResult("CMK_SetRestrictions", result);
263 
264 done:
265 	auth_mgr_release_auth(parentAuth, NULL, hContext);
266 
267 	return result;
268 }
269 
270 TSS_RESULT
271 TCSP_CMK_ConvertMigration_Internal(TCS_CONTEXT_HANDLE	hContext,	/* in */
272 				   TCS_KEY_HANDLE	parentHandle,	/* in */
273 				   TPM_CMK_AUTH		restrictTicket,	/* in */
274 				   TPM_HMAC		sigTicket,	/* in */
275 				   UINT32		keyDataSize,	/* in */
276 				   BYTE*		prgbKeyData,	/* in */
277 				   UINT32		msaListSize,	/* in */
278 				   BYTE*		msaList,	/* in */
279 				   UINT32		randomSize,	/* in */
280 				   BYTE*		random,		/* in */
281 				   TPM_AUTH*		parentAuth,	/* in, out */
282 				   UINT32*		outDataSize,	/* out */
283 				   BYTE**		outData)	/* out */
284 {
285 	TSS_RESULT result;
286 	UINT64 offset = 0;
287 	UINT32 paramSize;
288 	UINT32 parentSlot;
289 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
290 
291 	LogDebugFn("Enter");
292 
293 	if ((result = ctx_verify_context(hContext)))
294 		return result;
295 
296 	if ((result = get_slot(hContext, parentHandle, &parentSlot)))
297 		return result;
298 
299 	if (parentAuth) {
300 		if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
301 			return result;
302 	}
303 
304 	if ((result = tpm_rqu_build(TPM_ORD_CMK_ConvertMigration, &offset, txBlob,
305 				    parentSlot, &restrictTicket, &sigTicket,
306 				    keyDataSize, prgbKeyData, msaListSize, msaList,
307 				    randomSize, random, parentAuth)))
308 		goto done;
309 
310 	if ((result = req_mgr_submit_req(txBlob)))
311 		goto done;
312 
313 	result = UnloadBlob_Header(txBlob, &paramSize);
314 	if (!result) {
315 		result = tpm_rsp_parse(TPM_ORD_CMK_ConvertMigration, txBlob, paramSize,
316 				       outDataSize, outData, parentAuth, NULL);
317 	}
318 
319 	LogResult("CMK_SetRestrictions", result);
320 
321 done:
322 	auth_mgr_release_auth(parentAuth, NULL, hContext);
323 
324 	return result;
325 }
326 
327