1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2007
8 *
9 */
10
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <assert.h>
15
16 #include "trousers/tss.h"
17 #include "trousers/trousers.h"
18 #include "trousers_types.h"
19 #include "spi_utils.h"
20 #include "tsplog.h"
21 #include "hosttable.h"
22 #include "tcsd_wrap.h"
23 #include "rpc_tcstp_tsp.h"
24
25
26 TSS_RESULT
RPC_CMK_SetRestrictions_TP(struct host_table_entry * hte,TSS_CMK_DELEGATE restriction,TPM_AUTH * ownerAuth)27 RPC_CMK_SetRestrictions_TP(struct host_table_entry *hte,
28 TSS_CMK_DELEGATE restriction, /* in */
29 TPM_AUTH *ownerAuth) /* in, out */
30 {
31 TSS_RESULT result;
32
33 initData(&hte->comm, 3);
34 hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_SETRESTRICTIONS;
35 LogDebugFn("TCS Context: 0x%x", hte->tcsContext);
36
37 if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm))
38 return TSPERR(TSS_E_INTERNAL_ERROR);
39 if (setData(TCSD_PACKET_TYPE_UINT32, 1, &restriction, 0, &hte->comm))
40 return TSPERR(TSS_E_INTERNAL_ERROR);
41 if (setData(TCSD_PACKET_TYPE_AUTH, 2, ownerAuth, 0, &hte->comm))
42 return TSPERR(TSS_E_INTERNAL_ERROR);
43
44 result = sendTCSDPacket(hte);
45
46 if (result == TSS_SUCCESS)
47 result = hte->comm.hdr.u.result;
48
49 if (result == TSS_SUCCESS) {
50 if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm))
51 return TSPERR(TSS_E_INTERNAL_ERROR);
52 }
53
54 return result;
55 }
56
57 TSS_RESULT
RPC_CMK_ApproveMA_TP(struct host_table_entry * hte,TPM_DIGEST migAuthorityDigest,TPM_AUTH * ownerAuth,TPM_HMAC * migAuthorityApproval)58 RPC_CMK_ApproveMA_TP(struct host_table_entry *hte,
59 TPM_DIGEST migAuthorityDigest, /* in */
60 TPM_AUTH *ownerAuth, /* in, out */
61 TPM_HMAC *migAuthorityApproval) /* out */
62 {
63 TSS_RESULT result;
64
65 initData(&hte->comm, 3);
66 hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_APPROVEMA;
67 LogDebugFn("TCS Context: 0x%x", hte->tcsContext);
68
69 if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm))
70 return TSPERR(TSS_E_INTERNAL_ERROR);
71 if (setData(TCSD_PACKET_TYPE_DIGEST, 1, &migAuthorityDigest, 0, &hte->comm))
72 return TSPERR(TSS_E_INTERNAL_ERROR);
73 if (setData(TCSD_PACKET_TYPE_AUTH, 2, ownerAuth, 0, &hte->comm))
74 return TSPERR(TSS_E_INTERNAL_ERROR);
75
76 result = sendTCSDPacket(hte);
77
78 if (result == TSS_SUCCESS)
79 result = hte->comm.hdr.u.result;
80
81 if (result == TSS_SUCCESS) {
82 if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm))
83 return TSPERR(TSS_E_INTERNAL_ERROR);
84 if (getData(TCSD_PACKET_TYPE_DIGEST, 1, migAuthorityApproval, 0, &hte->comm))
85 return TSPERR(TSS_E_INTERNAL_ERROR);
86 }
87
88 return result;
89 }
90
91 TSS_RESULT
RPC_CMK_CreateKey_TP(struct host_table_entry * hte,TCS_KEY_HANDLE hWrappingKey,TPM_ENCAUTH * keyUsageAuth,TPM_HMAC * migAuthorityApproval,TPM_DIGEST * migAuthorityDigest,UINT32 * keyDataSize,BYTE ** keyData,TPM_AUTH * pAuth)92 RPC_CMK_CreateKey_TP(struct host_table_entry *hte,
93 TCS_KEY_HANDLE hWrappingKey, /* in */
94 TPM_ENCAUTH *keyUsageAuth, /* in */
95 TPM_HMAC *migAuthorityApproval, /* in */
96 TPM_DIGEST *migAuthorityDigest, /* in */
97 UINT32 *keyDataSize, /* in, out */
98 BYTE **keyData, /* in, out */
99 TPM_AUTH *pAuth) /* in, out */
100 {
101 TSS_RESULT result;
102
103 initData(&hte->comm, 8);
104 hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CREATEKEY;
105 LogDebugFn("TCS Context: 0x%x", hte->tcsContext);
106
107 if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm))
108 return TSPERR(TSS_E_INTERNAL_ERROR);
109 if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hWrappingKey, 0, &hte->comm))
110 return TSPERR(TSS_E_INTERNAL_ERROR);
111 if (setData(TCSD_PACKET_TYPE_ENCAUTH, 2, keyUsageAuth, 0, &hte->comm))
112 return TSPERR(TSS_E_INTERNAL_ERROR);
113 if (setData(TCSD_PACKET_TYPE_DIGEST, 3, migAuthorityApproval, 0, &hte->comm))
114 return TSPERR(TSS_E_INTERNAL_ERROR);
115 if (setData(TCSD_PACKET_TYPE_DIGEST, 4, migAuthorityDigest, 0, &hte->comm))
116 return TSPERR(TSS_E_INTERNAL_ERROR);
117 if (setData(TCSD_PACKET_TYPE_UINT32, 5, keyDataSize, 0, &hte->comm))
118 return TSPERR(TSS_E_INTERNAL_ERROR);
119 if (setData(TCSD_PACKET_TYPE_PBYTE, 6, *keyData, *keyDataSize, &hte->comm))
120 return TSPERR(TSS_E_INTERNAL_ERROR);
121 if (pAuth) {
122 if (setData(TCSD_PACKET_TYPE_AUTH, 7, pAuth, 0, &hte->comm))
123 return TSPERR(TSS_E_INTERNAL_ERROR);
124 } else {
125 TPM_AUTH nullAuth;
126
127 __tspi_memset(&nullAuth, 0, sizeof(TPM_AUTH));
128 if (setData(TCSD_PACKET_TYPE_AUTH, 7, &nullAuth, 0, &hte->comm))
129 return TSPERR(TSS_E_INTERNAL_ERROR);
130 }
131 free(*keyData);
132 *keyData = NULL;
133
134 result = sendTCSDPacket(hte);
135
136 if (result == TSS_SUCCESS)
137 result = hte->comm.hdr.u.result;
138
139 if (result == TSS_SUCCESS) {
140 if (getData(TCSD_PACKET_TYPE_UINT32, 0, keyDataSize, 0, &hte->comm))
141 return TSPERR(TSS_E_INTERNAL_ERROR);
142 *keyData = (BYTE *)malloc(*keyDataSize);
143 if (*keyData == NULL) {
144 LogError("malloc of %u bytes failed.", *keyDataSize);
145 return TSPERR(TSS_E_OUTOFMEMORY);
146 }
147 if (getData(TCSD_PACKET_TYPE_PBYTE, 1, *keyData, *keyDataSize, &hte->comm)) {
148 free(*keyData);
149 return TSPERR(TSS_E_INTERNAL_ERROR);
150 }
151 if (pAuth) {
152 if (getData(TCSD_PACKET_TYPE_AUTH, 2, pAuth, 0, &hte->comm)) {
153 free(*keyData);
154 return TSPERR(TSS_E_INTERNAL_ERROR);
155 }
156 }
157 }
158
159 return result;
160 }
161
162 TSS_RESULT
RPC_CMK_CreateTicket_TP(struct host_table_entry * hte,UINT32 publicVerifyKeySize,BYTE * publicVerifyKey,TPM_DIGEST signedData,UINT32 sigValueSize,BYTE * sigValue,TPM_AUTH * ownerAuth,TPM_HMAC * sigTicket)163 RPC_CMK_CreateTicket_TP(struct host_table_entry *hte,
164 UINT32 publicVerifyKeySize, /* in */
165 BYTE *publicVerifyKey, /* in */
166 TPM_DIGEST signedData, /* in */
167 UINT32 sigValueSize, /* in */
168 BYTE *sigValue, /* in */
169 TPM_AUTH *ownerAuth, /* in, out */
170 TPM_HMAC *sigTicket) /* out */
171 {
172 TSS_RESULT result;
173
174 initData(&hte->comm, 7);
175 hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CREATETICKET;
176 LogDebugFn("TCS Context: 0x%x", hte->tcsContext);
177
178 if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm))
179 return TSPERR(TSS_E_INTERNAL_ERROR);
180 if (setData(TCSD_PACKET_TYPE_UINT32, 1, &publicVerifyKeySize, 0, &hte->comm))
181 return TSPERR(TSS_E_INTERNAL_ERROR);
182 if (setData(TCSD_PACKET_TYPE_PBYTE, 2, publicVerifyKey, publicVerifyKeySize, &hte->comm))
183 return TSPERR(TSS_E_INTERNAL_ERROR);
184 if (setData(TCSD_PACKET_TYPE_DIGEST, 3, &signedData, 0, &hte->comm))
185 return TSPERR(TSS_E_INTERNAL_ERROR);
186 if (setData(TCSD_PACKET_TYPE_UINT32, 4, &sigValueSize, 0, &hte->comm))
187 return TSPERR(TSS_E_INTERNAL_ERROR);
188 if (setData(TCSD_PACKET_TYPE_PBYTE, 5, sigValue, sigValueSize, &hte->comm))
189 return TSPERR(TSS_E_INTERNAL_ERROR);
190 if (setData(TCSD_PACKET_TYPE_AUTH, 6, ownerAuth, 0, &hte->comm))
191 return TSPERR(TSS_E_INTERNAL_ERROR);
192
193 result = sendTCSDPacket(hte);
194
195 if (result == TSS_SUCCESS)
196 result = hte->comm.hdr.u.result;
197
198 if (result == TSS_SUCCESS) {
199 if (getData(TCSD_PACKET_TYPE_AUTH, 0, ownerAuth, 0, &hte->comm))
200 return TSPERR(TSS_E_INTERNAL_ERROR);
201 if (getData(TCSD_PACKET_TYPE_DIGEST, 1, sigTicket, 0, &hte->comm))
202 return TSPERR(TSS_E_INTERNAL_ERROR);
203 }
204
205 return result;
206 }
207
208 TSS_RESULT
RPC_CMK_CreateBlob_TP(struct host_table_entry * hte,TCS_KEY_HANDLE hParentKey,TSS_MIGRATE_SCHEME migrationType,UINT32 migKeyAuthSize,BYTE * migKeyAuth,TPM_DIGEST pubSourceKeyDigest,UINT32 msaListSize,BYTE * msaList,UINT32 restrictTicketSize,BYTE * restrictTicket,UINT32 sigTicketSize,BYTE * sigTicket,UINT32 encDataSize,BYTE * encData,TPM_AUTH * pAuth,UINT32 * randomSize,BYTE ** random,UINT32 * outDataSize,BYTE ** outData)209 RPC_CMK_CreateBlob_TP(struct host_table_entry *hte,
210 TCS_KEY_HANDLE hParentKey, /* in */
211 TSS_MIGRATE_SCHEME migrationType, /* in */
212 UINT32 migKeyAuthSize, /* in */
213 BYTE *migKeyAuth, /* in */
214 TPM_DIGEST pubSourceKeyDigest, /* in */
215 UINT32 msaListSize, /* in */
216 BYTE *msaList, /* in */
217 UINT32 restrictTicketSize, /* in */
218 BYTE *restrictTicket, /* in */
219 UINT32 sigTicketSize, /* in */
220 BYTE *sigTicket, /* in */
221 UINT32 encDataSize, /* in */
222 BYTE *encData, /* in */
223 TPM_AUTH *pAuth, /* in, out */
224 UINT32 *randomSize, /* out */
225 BYTE **random, /* out */
226 UINT32 *outDataSize, /* out */
227 BYTE **outData) /* out */
228 {
229 TSS_RESULT result;
230 int i;
231
232 initData(&hte->comm, 15);
233 hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CREATEBLOB;
234 LogDebugFn("TCS Context: 0x%x", hte->tcsContext);
235
236 if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm))
237 return TSPERR(TSS_E_INTERNAL_ERROR);
238 if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hParentKey, 0, &hte->comm))
239 return TSPERR(TSS_E_INTERNAL_ERROR);
240 if (setData(TCSD_PACKET_TYPE_UINT16, 2, &migrationType, 0, &hte->comm))
241 return TSPERR(TSS_E_INTERNAL_ERROR);
242 if (setData(TCSD_PACKET_TYPE_UINT32, 3, &migKeyAuthSize, 0, &hte->comm))
243 return TSPERR(TSS_E_INTERNAL_ERROR);
244 if (setData(TCSD_PACKET_TYPE_PBYTE, 4, migKeyAuth, migKeyAuthSize, &hte->comm))
245 return TSPERR(TSS_E_INTERNAL_ERROR);
246 if (setData(TCSD_PACKET_TYPE_DIGEST, 5, &pubSourceKeyDigest, 0, &hte->comm))
247 return TSPERR(TSS_E_INTERNAL_ERROR);
248 if (setData(TCSD_PACKET_TYPE_UINT32, 6, &msaListSize, 0, &hte->comm))
249 return TSPERR(TSS_E_INTERNAL_ERROR);
250 if (setData(TCSD_PACKET_TYPE_PBYTE, 7, msaList, msaListSize, &hte->comm))
251 return TSPERR(TSS_E_INTERNAL_ERROR);
252 if (setData(TCSD_PACKET_TYPE_UINT32, 8, &restrictTicketSize, 0, &hte->comm))
253 return TSPERR(TSS_E_INTERNAL_ERROR);
254 if (setData(TCSD_PACKET_TYPE_PBYTE, 9, restrictTicket, restrictTicketSize, &hte->comm))
255 return TSPERR(TSS_E_INTERNAL_ERROR);
256 if (setData(TCSD_PACKET_TYPE_UINT32, 10, &sigTicketSize, 0, &hte->comm))
257 return TSPERR(TSS_E_INTERNAL_ERROR);
258 if (setData(TCSD_PACKET_TYPE_PBYTE, 11, sigTicket, sigTicketSize, &hte->comm))
259 return TSPERR(TSS_E_INTERNAL_ERROR);
260 if (setData(TCSD_PACKET_TYPE_UINT32, 12, &encDataSize, 0, &hte->comm))
261 return TSPERR(TSS_E_INTERNAL_ERROR);
262 if (setData(TCSD_PACKET_TYPE_PBYTE, 13, encData, encDataSize, &hte->comm))
263 return TSPERR(TSS_E_INTERNAL_ERROR);
264 if (pAuth) {
265 if (setData(TCSD_PACKET_TYPE_AUTH, 14, pAuth, 0, &hte->comm))
266 return TSPERR(TSS_E_INTERNAL_ERROR);
267 } else {
268 TPM_AUTH nullAuth;
269
270 __tspi_memset(&nullAuth, 0, sizeof(TPM_AUTH));
271 if (setData(TCSD_PACKET_TYPE_AUTH, 14, &nullAuth, 0, &hte->comm))
272 return TSPERR(TSS_E_INTERNAL_ERROR);
273 }
274
275 result = sendTCSDPacket(hte);
276
277 if (result == TSS_SUCCESS)
278 result = hte->comm.hdr.u.result;
279
280 if (result == TSS_SUCCESS) {
281 i = 0;
282 if (pAuth) {
283 if (getData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &hte->comm))
284 return TSPERR(TSS_E_INTERNAL_ERROR);
285 }
286 if (getData(TCSD_PACKET_TYPE_UINT32, i++, randomSize, 0, &hte->comm))
287 return TSPERR(TSS_E_INTERNAL_ERROR);
288 *random = (BYTE *)malloc(*randomSize);
289 if (*random == NULL) {
290 LogError("malloc of %u bytes failed.", *randomSize);
291 return TSPERR(TSS_E_OUTOFMEMORY);
292 }
293 if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *random, *randomSize, &hte->comm)) {
294 free(*random);
295 return TSPERR(TSS_E_INTERNAL_ERROR);
296 }
297 if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm))
298 return TSPERR(TSS_E_INTERNAL_ERROR);
299 *outData = (BYTE *)malloc(*outDataSize);
300 if (*outData == NULL) {
301 LogError("malloc of %u bytes failed.", *outDataSize);
302 free(*random);
303 return TSPERR(TSS_E_OUTOFMEMORY);
304 }
305 if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) {
306 free(*random);
307 free(*outData);
308 return TSPERR(TSS_E_INTERNAL_ERROR);
309 }
310 }
311
312 return result;
313 }
314
315 TSS_RESULT
RPC_CMK_ConvertMigration_TP(struct host_table_entry * hte,TCS_KEY_HANDLE hParentHandle,TPM_CMK_AUTH restrictTicket,TPM_HMAC sigTicket,UINT32 keyDataSize,BYTE * keyData,UINT32 msaListSize,BYTE * msaList,UINT32 randomSize,BYTE * random,TPM_AUTH * pAuth,UINT32 * outDataSize,BYTE ** outData)316 RPC_CMK_ConvertMigration_TP(struct host_table_entry *hte,
317 TCS_KEY_HANDLE hParentHandle, /* in */
318 TPM_CMK_AUTH restrictTicket, /* in */
319 TPM_HMAC sigTicket, /* in */
320 UINT32 keyDataSize, /* in */
321 BYTE *keyData, /* in */
322 UINT32 msaListSize, /* in */
323 BYTE *msaList, /* in */
324 UINT32 randomSize, /* in */
325 BYTE *random, /* in */
326 TPM_AUTH *pAuth, /* in, out */
327 UINT32 *outDataSize, /* out */
328 BYTE **outData) /* out */
329 {
330 TSS_RESULT result;
331 int i;
332
333 initData(&hte->comm, 11);
334 hte->comm.hdr.u.ordinal = TCSD_ORD_CMK_CONVERTMIGRATION;
335 LogDebugFn("TCS Context: 0x%x", hte->tcsContext);
336
337 if (setData(TCSD_PACKET_TYPE_UINT32, 0, &hte->tcsContext, 0, &hte->comm))
338 return TSPERR(TSS_E_INTERNAL_ERROR);
339 if (setData(TCSD_PACKET_TYPE_UINT32, 1, &hParentHandle, 0, &hte->comm))
340 return TSPERR(TSS_E_INTERNAL_ERROR);
341 if (setData(TCSD_PACKET_TYPE_PBYTE, 2, &restrictTicket, sizeof(restrictTicket), &hte->comm))
342 return TSPERR(TSS_E_INTERNAL_ERROR);
343 if (setData(TCSD_PACKET_TYPE_DIGEST, 3, &sigTicket, 0, &hte->comm))
344 return TSPERR(TSS_E_INTERNAL_ERROR);
345 if (setData(TCSD_PACKET_TYPE_UINT32, 4, &keyDataSize, 0, &hte->comm))
346 return TSPERR(TSS_E_INTERNAL_ERROR);
347 if (setData(TCSD_PACKET_TYPE_PBYTE, 5, keyData, keyDataSize, &hte->comm))
348 return TSPERR(TSS_E_INTERNAL_ERROR);
349 if (setData(TCSD_PACKET_TYPE_UINT32, 6, &msaListSize, 0, &hte->comm))
350 return TSPERR(TSS_E_INTERNAL_ERROR);
351 if (setData(TCSD_PACKET_TYPE_PBYTE, 7, msaList, msaListSize, &hte->comm))
352 return TSPERR(TSS_E_INTERNAL_ERROR);
353 if (setData(TCSD_PACKET_TYPE_UINT32, 8, &randomSize, 0, &hte->comm))
354 return TSPERR(TSS_E_INTERNAL_ERROR);
355 if (setData(TCSD_PACKET_TYPE_PBYTE, 9, random, randomSize, &hte->comm))
356 return TSPERR(TSS_E_INTERNAL_ERROR);
357 if (pAuth) {
358 if (setData(TCSD_PACKET_TYPE_AUTH, 10, pAuth, 0, &hte->comm))
359 return TSPERR(TSS_E_INTERNAL_ERROR);
360 } else {
361 TPM_AUTH nullAuth;
362
363 __tspi_memset(&nullAuth, 0, sizeof(TPM_AUTH));
364 if (setData(TCSD_PACKET_TYPE_AUTH, 10, &nullAuth, 0, &hte->comm))
365 return TSPERR(TSS_E_INTERNAL_ERROR);
366 }
367
368 result = sendTCSDPacket(hte);
369
370 if (result == TSS_SUCCESS)
371 result = hte->comm.hdr.u.result;
372
373 if (result == TSS_SUCCESS) {
374 i = 0;
375 if (pAuth) {
376 if (getData(TCSD_PACKET_TYPE_AUTH, i++, pAuth, 0, &hte->comm))
377 return TSPERR(TSS_E_INTERNAL_ERROR);
378 }
379 if (getData(TCSD_PACKET_TYPE_UINT32, i++, outDataSize, 0, &hte->comm))
380 return TSPERR(TSS_E_INTERNAL_ERROR);
381 *outData = (BYTE *)malloc(*outDataSize);
382 if (*outData == NULL) {
383 LogError("malloc of %u bytes failed.", *outDataSize);
384 return TSPERR(TSS_E_OUTOFMEMORY);
385 }
386 if (getData(TCSD_PACKET_TYPE_PBYTE, i++, *outData, *outDataSize, &hte->comm)) {
387 free(*outData);
388 return TSPERR(TSS_E_INTERNAL_ERROR);
389 }
390 }
391
392 return result;
393 }
394
395