xref: /netbsd-src/crypto/external/cpl/trousers/dist/src/tcs/tcsi_ek.c (revision 9ddb6ab554e70fb9bbd90c3d96b812bc57755a14) 
1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004, 2007
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <inttypes.h>
16 
17 #include "trousers/tss.h"
18 #include "trousers_types.h"
19 #include "tcs_tsp.h"
20 #include "tcsps.h"
21 #include "tcs_utils.h"
22 #include "tcs_int_literals.h"
23 #include "capabilities.h"
24 #include "tcslog.h"
25 #include "req_mgr.h"
26 #include "tcsd_wrap.h"
27 #include "tcsd.h"
28 
29 TSS_RESULT
30 TCSP_CreateEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
31 				       TCPA_NONCE antiReplay,	/* in */
32 				       UINT32 endorsementKeyInfoSize,	/* in */
33 				       BYTE * endorsementKeyInfo,	/* in */
34 				       UINT32 * endorsementKeySize,	/* out */
35 				       BYTE ** endorsementKey,	/* out */
36 				       TCPA_DIGEST * checksum)	/* out */
37 {
38 	UINT64 offset = 0;
39 	UINT32 paramSize;
40 	TSS_RESULT result;
41 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
42 
43 	if ((result = ctx_verify_context(hContext)))
44 		return result;
45 
46 	if ((result = tpm_rqu_build(TPM_ORD_CreateEndorsementKeyPair, &offset, txBlob,
47 				    antiReplay.nonce, endorsementKeyInfoSize,
48 				    endorsementKeyInfo)))
49 		return result;
50 
51 	if ((result = req_mgr_submit_req(txBlob)))
52 		return result;
53 
54 	result = UnloadBlob_Header(txBlob, &paramSize);
55 	if (!result) {
56 		result = tpm_rsp_parse(TPM_ORD_CreateEndorsementKeyPair, txBlob, paramSize,
57 				       endorsementKeySize, endorsementKey, checksum->digest);
58 	}
59 	LogDebug("Leaving CreateEKPair with result: 0x%x", result);
60 	return result;
61 }
62 
63 TSS_RESULT
64 TCSP_ReadPubek_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
65 			TCPA_NONCE antiReplay,	/* in */
66 			UINT32 * pubEndorsementKeySize,	/* out */
67 			BYTE ** pubEndorsementKey,	/* out */
68 			TCPA_DIGEST * checksum)	/* out */
69 {
70 	UINT64 offset = 0;
71 	UINT32 paramSize;
72 	TSS_RESULT result;
73 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
74 
75 	LogDebugFn("Enter");
76 
77 	if ((result = ctx_verify_context(hContext)))
78 		return result;
79 
80 	if ((result = tpm_rqu_build(TPM_ORD_ReadPubek, &offset, txBlob, TPM_NONCE_SIZE,
81 				    antiReplay.nonce)))
82 		return result;
83 
84 	if ((result = req_mgr_submit_req(txBlob)))
85 		return result;
86 
87 	result = UnloadBlob_Header(txBlob, &paramSize);
88 	if (!result) {
89 		result = tpm_rsp_parse(TPM_ORD_ReadPubek, txBlob, paramSize, pubEndorsementKeySize,
90 				       pubEndorsementKey, checksum->digest);
91 	}
92 	LogDebugFn("result: 0x%x", result);
93 	return result;
94 }
95 
96 TSS_RESULT
97 TCSP_DisablePubekRead_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
98 			       TPM_AUTH * ownerAuth)	/* in, out */
99 {
100 	UINT64 offset = 0;
101 	UINT32 paramSize;
102 	TSS_RESULT result;
103 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
104 
105 	LogDebug("DisablePubekRead");
106 
107 	if ((result = ctx_verify_context(hContext)))
108 		goto done;
109 
110 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
111 		goto done;
112 
113 	if ((result = tpm_rqu_build(TPM_ORD_DisablePubekRead, &offset, txBlob, ownerAuth)))
114 		goto done;
115 
116 	if ((result = req_mgr_submit_req(txBlob)))
117 		goto done;
118 
119 	result = UnloadBlob_Header(txBlob, &paramSize);
120 	if (!result) {
121 		result = tpm_rsp_parse(TPM_ORD_DisablePubekRead, txBlob, paramSize, ownerAuth);
122 	}
123 done:
124 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
125 	return result;
126 }
127 
128 TSS_RESULT
129 TCSP_OwnerReadPubek_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
130 			     TPM_AUTH * ownerAuth,	/* in, out */
131 			     UINT32 * pubEndorsementKeySize,	/* out */
132 			     BYTE ** pubEndorsementKey)	/* out */
133 {
134 	UINT32 paramSize;
135 	TSS_RESULT result;
136 	UINT64 offset = 0;
137 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
138 
139 	LogDebug("Entering OwnerReadPubek");
140 
141 	if ((result = ctx_verify_context(hContext)))
142 		goto done;
143 
144 	if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
145 		goto done;
146 
147 	if ((result = tpm_rqu_build(TPM_ORD_OwnerReadPubek, &offset, txBlob, ownerAuth)))
148 		goto done;
149 
150 	if ((result = req_mgr_submit_req(txBlob)))
151 		goto done;
152 
153 	result = UnloadBlob_Header(txBlob, &paramSize);
154 
155 	if (!result) {
156 		result = tpm_rsp_parse(TPM_ORD_OwnerReadPubek, txBlob, paramSize,
157 				       pubEndorsementKeySize, pubEndorsementKey, ownerAuth);
158 	}
159 	LogResult("Owner Read Pubek", result);
160 done:
161 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
162 	return result;
163 }
164 
165 TSS_RESULT
166 TCSP_CreateRevocableEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
167 						TPM_NONCE antiReplay,	/* in */
168 						UINT32 endorsementKeyInfoSize,	/* in */
169 						BYTE * endorsementKeyInfo,	/* in */
170 						TSS_BOOL genResetAuth,	/* in */
171 						TPM_DIGEST * eKResetAuth, /* in, out */
172 						UINT32 * endorsementKeySize,	/* out */
173 						BYTE ** endorsementKey,	/* out */
174 						TPM_DIGEST * checksum)	/* out */
175 {
176 	UINT64 offset = 0;
177 	UINT32 paramSize;
178 	TSS_RESULT result;
179 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
180 
181 	if ((result = ctx_verify_context(hContext)))
182 		return result;
183 
184 	if ((result = tpm_rqu_build(TPM_ORD_CreateRevocableEK, &offset, txBlob,
185 				    antiReplay.nonce, endorsementKeyInfoSize,
186 				    endorsementKeyInfo, genResetAuth, eKResetAuth->digest)))
187 		return result;
188 
189 	if ((result = req_mgr_submit_req(txBlob)))
190 		return result;
191 
192 	result = UnloadBlob_Header(txBlob, &paramSize);
193 	if (!result) {
194 		result = tpm_rsp_parse(TPM_ORD_CreateRevocableEK, txBlob, paramSize,
195 				endorsementKeySize, endorsementKey, checksum->digest,
196 				eKResetAuth->digest);
197 	}
198 
199 	LogDebug("Leaving CreateRevocableEKPair with result: 0x%x", result);
200 	return result;
201 }
202 
203 TSS_RESULT
204 TCSP_RevokeEndorsementKeyPair_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
205 				       TPM_DIGEST EKResetAuth)		/* in */
206 {
207 	UINT64 offset = 0;
208 	UINT32 paramSize;
209 	TSS_RESULT result;
210 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
211 
212 	if ((result = ctx_verify_context(hContext)))
213 		return result;
214 
215 	if ((result = tpm_rqu_build(TPM_ORD_RevokeTrust, &offset, txBlob, EKResetAuth.digest)))
216 		return result;
217 
218 	if ((result = req_mgr_submit_req(txBlob)))
219 		return result;
220 
221 	result = UnloadBlob_Header(txBlob, &paramSize);
222 
223 	LogDebug("Leaving RevokeEKPair with result: 0x%x", result);
224 	return result;
225 }
226 
227