1 2 /* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004-2006 8 * 9 */ 10 11 12 #include <stdlib.h> 13 #include <stdio.h> 14 #include <string.h> 15 #include <unistd.h> 16 #include <sys/types.h> 17 #include <sys/mman.h> 18 #include <errno.h> 19 20 #include "trousers/tss.h" 21 #include "trousers/trousers.h" 22 #include "trousers_types.h" 23 #include "trousers_types.h" 24 #include "spi_utils.h" 25 #include "capabilities.h" 26 #include "tsplog.h" 27 #include "obj.h" 28 29 30 TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } }; 31 32 TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 }; 33 34 struct tcs_api_table tcs_normal_api = { 35 #ifdef TSS_BUILD_KEY 36 .LoadKeyByBlob = RPC_LoadKeyByBlob, 37 .EvictKey = RPC_EvictKey, 38 .CreateWrapKey = RPC_CreateWrapKey, 39 .GetPubKey = RPC_GetPubKey, 40 #ifdef TSS_BUILD_TSS12 41 .OwnerReadInternalPub = RPC_OwnerReadInternalPub, 42 #endif 43 #ifdef TSS_BUILD_CERTIFY 44 .CertifyKey = RPC_CertifyKey, 45 #endif 46 #endif 47 #ifdef TSS_BUILD_OWN 48 .OwnerClear = RPC_OwnerClear, 49 .ForceClear = RPC_ForceClear, 50 #endif 51 #ifdef TSS_BUILD_AUTH 52 .TerminateHandle = RPC_TerminateHandle, 53 .OIAP = RPC_OIAP, 54 .OSAP = RPC_OSAP, 55 #endif 56 #ifdef TSS_BUILD_CHANGEAUTH 57 .ChangeAuth = RPC_ChangeAuth, 58 .ChangeAuthOwner = RPC_ChangeAuthOwner, 59 .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart, 60 .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish, 61 #endif 62 #ifdef TSS_BUILD_AIK 63 .ActivateTPMIdentity = RPC_ActivateTPMIdentity, 64 #endif 65 #ifdef TSS_BUILD_PCR_EXTEND 66 .Extend = RPC_Extend, 67 .PcrRead = RPC_PcrRead, 68 .PcrReset = RPC_PcrReset, 69 #endif 70 #ifdef TSS_BUILD_QUOTE 71 .Quote = RPC_Quote, 72 #endif 73 #ifdef TSS_BUILD_QUOTE2 74 .Quote2 = RPC_Quote2, 75 #endif 76 #ifdef TSS_BUILD_DIR 77 .DirWriteAuth = RPC_DirWriteAuth, 78 .DirRead = RPC_DirRead, 79 #endif 80 #ifdef TSS_BUILD_SEAL 81 .Seal = RPC_Seal, 82 .Unseal = RPC_Unseal, 83 #ifdef TSS_BUILD_SEALX 84 .Sealx = RPC_Sealx, 85 #endif 86 #endif 87 #ifdef TSS_BUILD_BIND 88 .UnBind = RPC_UnBind, 89 #endif 90 #ifdef TSS_BUILD_MIGRATION 91 .CreateMigrationBlob = RPC_CreateMigrationBlob, 92 .ConvertMigrationBlob = RPC_ConvertMigrationBlob, 93 .AuthorizeMigrationKey = RPC_AuthorizeMigrationKey, 94 #endif 95 #ifdef TSS_BUILD_SIGN 96 .Sign = RPC_Sign, 97 #endif 98 #ifdef TSS_BUILD_RANDOM 99 .GetRandom = RPC_GetRandom, 100 .StirRandom = RPC_StirRandom, 101 #endif 102 #ifdef TSS_BUILD_CAPS_TPM 103 .GetTPMCapability = RPC_GetTPMCapability, 104 .SetCapability = RPC_SetCapability, 105 .GetCapabilityOwner = RPC_GetCapabilityOwner, 106 #endif 107 #ifdef TSS_BUILD_EK 108 .CreateEndorsementKeyPair = RPC_CreateEndorsementKeyPair, 109 .ReadPubek = RPC_ReadPubek, 110 .OwnerReadPubek = RPC_OwnerReadPubek, 111 #endif 112 #ifdef TSS_BUILD_SELFTEST 113 .SelfTestFull = RPC_SelfTestFull, 114 .CertifySelfTest = RPC_CertifySelfTest, 115 .GetTestResult = RPC_GetTestResult, 116 #endif 117 #ifdef TSS_BUILD_ADMIN 118 .SetOwnerInstall = RPC_SetOwnerInstall, 119 .DisablePubekRead = RPC_DisablePubekRead, 120 .OwnerSetDisable = RPC_OwnerSetDisable, 121 .DisableOwnerClear = RPC_DisableOwnerClear, 122 .DisableForceClear = RPC_DisableForceClear, 123 .PhysicalDisable = RPC_PhysicalDisable, 124 .PhysicalEnable = RPC_PhysicalEnable, 125 .PhysicalSetDeactivated = RPC_PhysicalSetDeactivated, 126 .PhysicalPresence = RPC_PhysicalPresence, 127 .SetTempDeactivated = RPC_SetTempDeactivated, 128 #ifdef TSS_BUILD_TSS12 129 .SetTempDeactivated2 = RPC_SetTempDeactivated2, 130 .ResetLockValue = RPC_ResetLockValue, 131 #endif 132 #endif 133 #ifdef TSS_BUILD_MAINT 134 .CreateMaintenanceArchive = RPC_CreateMaintenanceArchive, 135 .LoadMaintenanceArchive = RPC_LoadMaintenanceArchive, 136 .KillMaintenanceFeature = RPC_KillMaintenanceFeature, 137 .LoadManuMaintPub = RPC_LoadManuMaintPub, 138 .ReadManuMaintPub = RPC_ReadManuMaintPub, 139 #endif 140 #ifdef TSS_BUILD_DAA 141 .DaaJoin = RPC_DaaJoin, 142 .DaaSign = RPC_DaaSign, 143 #endif 144 #ifdef TSS_BUILD_COUNTER 145 .ReadCounter = RPC_ReadCounter, 146 .CreateCounter = RPC_CreateCounter, 147 .IncrementCounter = RPC_IncrementCounter, 148 .ReleaseCounter = RPC_ReleaseCounter, 149 .ReleaseCounterOwner = RPC_ReleaseCounterOwner, 150 #endif 151 #ifdef TSS_BUILD_TICK 152 .ReadCurrentTicks = RPC_ReadCurrentTicks, 153 .TickStampBlob = RPC_TickStampBlob, 154 #endif 155 #ifdef TSS_BUILD_NV 156 .NV_DefineOrReleaseSpace = RPC_NV_DefineOrReleaseSpace, 157 .NV_WriteValue = RPC_NV_WriteValue, 158 .NV_WriteValueAuth = RPC_NV_WriteValueAuth, 159 .NV_ReadValue = RPC_NV_ReadValue, 160 .NV_ReadValueAuth = RPC_NV_ReadValueAuth, 161 #endif 162 #ifdef TSS_BUILD_AUDIT 163 .SetOrdinalAuditStatus = RPC_SetOrdinalAuditStatus, 164 .GetAuditDigest = RPC_GetAuditDigest, 165 .GetAuditDigestSigned = RPC_GetAuditDigestSigned, 166 #endif 167 #ifdef TSS_BUILD_TSS12 168 .SetOperatorAuth = RPC_SetOperatorAuth, 169 .FlushSpecific = RPC_FlushSpecific, 170 #endif 171 #ifdef TSS_BUILD_DELEGATION 172 .Delegate_Manage = RPC_Delegate_Manage, 173 .Delegate_CreateKeyDelegation = RPC_Delegate_CreateKeyDelegation, 174 .Delegate_CreateOwnerDelegation = RPC_Delegate_CreateOwnerDelegation, 175 .Delegate_LoadOwnerDelegation = RPC_Delegate_LoadOwnerDelegation, 176 .Delegate_ReadTable = RPC_Delegate_ReadTable, 177 .Delegate_UpdateVerificationCount = RPC_Delegate_UpdateVerificationCount, 178 .Delegate_VerifyDelegation = RPC_Delegate_VerifyDelegation, 179 .DSAP = RPC_DSAP, 180 #endif 181 .FieldUpgrade = RPC_FieldUpgrade, 182 .SetRedirection = RPC_SetRedirection, 183 }; 184 185 #ifdef TSS_BUILD_TRANSPORT 186 struct tcs_api_table tcs_transport_api = { 187 #ifdef TSS_BUILD_KEY 188 .LoadKeyByBlob = Transport_LoadKeyByBlob, 189 .EvictKey = Transport_EvictKey, 190 .CreateWrapKey = Transport_CreateWrapKey, 191 .GetPubKey = Transport_GetPubKey, 192 #ifdef TSS_BUILD_TSS12 193 .OwnerReadInternalPub = Transport_OwnerReadInternalPub, 194 #endif 195 #ifdef TSS_BUILD_CERTIFY 196 .CertifyKey = Transport_CertifyKey, 197 #endif 198 #endif 199 #ifdef TSS_BUILD_OWN 200 .OwnerClear = Transport_OwnerClear, 201 .ForceClear = Transport_ForceClear, 202 #endif 203 #ifdef TSS_BUILD_AUTH 204 .OIAP = Transport_OIAP, 205 .OSAP = Transport_OSAP, 206 .TerminateHandle = Transport_TerminateHandle, 207 #endif 208 #ifdef TSS_BUILD_CHANGEAUTH 209 .ChangeAuth = Transport_ChangeAuth, 210 .ChangeAuthOwner = Transport_ChangeAuthOwner, 211 .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart, 212 .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish, 213 #endif 214 #ifdef TSS_BUILD_AIK 215 .ActivateTPMIdentity = Transport_ActivateTPMIdentity, 216 #endif 217 #ifdef TSS_BUILD_PCR_EXTEND 218 .Extend = Transport_Extend, 219 .PcrRead = Transport_PcrRead, 220 .PcrReset = Transport_PcrReset, 221 #endif 222 #ifdef TSS_BUILD_QUOTE 223 .Quote = Transport_Quote, 224 #endif 225 #ifdef TSS_BUILD_QUOTE2 226 .Quote2 = Transport_Quote2, 227 #endif 228 #ifdef TSS_BUILD_DIR 229 .DirWriteAuth = Transport_DirWriteAuth, 230 .DirRead = Transport_DirRead, 231 #endif 232 #ifdef TSS_BUILD_SEAL 233 .Seal = Transport_Seal, 234 .Sealx = Transport_Sealx, 235 .Unseal = Transport_Unseal, 236 #endif 237 #ifdef TSS_BUILD_BIND 238 .UnBind = Transport_UnBind, 239 #endif 240 #ifdef TSS_BUILD_MIGRATION 241 .CreateMigrationBlob = Transport_CreateMigrationBlob, 242 .ConvertMigrationBlob = Transport_ConvertMigrationBlob, 243 .AuthorizeMigrationKey = Transport_AuthorizeMigrationKey, 244 #endif 245 #ifdef TSS_BUILD_SIGN 246 .Sign = Transport_Sign, 247 #endif 248 #ifdef TSS_BUILD_RANDOM 249 .GetRandom = Transport_GetRandom, 250 .StirRandom = Transport_StirRandom, 251 #endif 252 #ifdef TSS_BUILD_CAPS_TPM 253 .GetTPMCapability = Transport_GetTPMCapability, 254 .SetCapability = Transport_SetCapability, 255 .GetCapabilityOwner = Transport_GetCapabilityOwner, 256 #endif 257 #ifdef TSS_BUILD_EK 258 .ReadPubek = RPC_ReadPubek, 259 .OwnerReadPubek = RPC_OwnerReadPubek, 260 #endif 261 #ifdef TSS_BUILD_SELFTEST 262 .SelfTestFull = Transport_SelfTestFull, 263 .CertifySelfTest = Transport_CertifySelfTest, 264 .GetTestResult = Transport_GetTestResult, 265 #endif 266 #ifdef TSS_BUILD_ADMIN 267 .SetOwnerInstall = Transport_SetOwnerInstall, 268 .DisablePubekRead = Transport_DisablePubekRead, 269 .OwnerSetDisable = Transport_OwnerSetDisable, 270 .ResetLockValue = Transport_ResetLockValue, 271 .DisableOwnerClear = Transport_DisableOwnerClear, 272 .DisableForceClear = Transport_DisableForceClear, 273 .PhysicalDisable = Transport_PhysicalDisable, 274 .PhysicalEnable = Transport_PhysicalEnable, 275 .PhysicalSetDeactivated = Transport_PhysicalSetDeactivated, 276 .PhysicalPresence = Transport_PhysicalPresence, 277 .SetTempDeactivated = Transport_SetTempDeactivated, 278 .SetTempDeactivated2 = Transport_SetTempDeactivated2, 279 #endif 280 #ifdef TSS_BUILD_MAINT 281 .CreateMaintenanceArchive = Transport_CreateMaintenanceArchive, 282 .LoadMaintenanceArchive = Transport_LoadMaintenanceArchive, 283 .KillMaintenanceFeature = Transport_KillMaintenanceFeature, 284 .LoadManuMaintPub = Transport_LoadManuMaintPub, 285 .ReadManuMaintPub = Transport_ReadManuMaintPub, 286 #endif 287 #ifdef TSS_BUILD_DAA 288 .DaaJoin = RPC_DaaJoin, 289 .DaaSign = RPC_DaaSign, 290 #endif 291 #ifdef TSS_BUILD_COUNTER 292 .ReadCounter = Transport_ReadCounter, 293 .CreateCounter = RPC_CreateCounter, 294 .IncrementCounter = RPC_IncrementCounter, 295 .ReleaseCounter = RPC_ReleaseCounter, 296 .ReleaseCounterOwner = RPC_ReleaseCounterOwner, 297 #endif 298 #ifdef TSS_BUILD_TICK 299 .ReadCurrentTicks = Transport_ReadCurrentTicks, 300 .TickStampBlob = Transport_TickStampBlob, 301 #endif 302 #ifdef TSS_BUILD_NV 303 .NV_DefineOrReleaseSpace = Transport_NV_DefineOrReleaseSpace, 304 .NV_WriteValue = Transport_NV_WriteValue, 305 .NV_WriteValueAuth = Transport_NV_WriteValueAuth, 306 .NV_ReadValue = Transport_NV_ReadValue, 307 .NV_ReadValueAuth = Transport_NV_ReadValueAuth, 308 #endif 309 #ifdef TSS_BUILD_AUDIT 310 .SetOrdinalAuditStatus = Transport_SetOrdinalAuditStatus, 311 .GetAuditDigest = Transport_GetAuditDigest, 312 .GetAuditDigestSigned = Transport_GetAuditDigestSigned, 313 #endif 314 #ifdef TSS_BUILD_TSS12 315 .SetOperatorAuth = Transport_SetOperatorAuth, 316 .FlushSpecific = Transport_FlushSpecific, 317 #endif 318 #ifdef TSS_BUILD_DELEGATION 319 .Delegate_Manage = Transport_Delegate_Manage, 320 .Delegate_CreateKeyDelegation = Transport_Delegate_CreateKeyDelegation, 321 .Delegate_CreateOwnerDelegation = Transport_Delegate_CreateOwnerDelegation, 322 .Delegate_LoadOwnerDelegation = Transport_Delegate_LoadOwnerDelegation, 323 .Delegate_ReadTable = Transport_Delegate_ReadTable, 324 .Delegate_UpdateVerificationCount = Transport_Delegate_UpdateVerificationCount, 325 .Delegate_VerifyDelegation = Transport_Delegate_VerifyDelegation, 326 .DSAP = Transport_DSAP, 327 #endif 328 .FieldUpgrade = RPC_FieldUpgrade, 329 .SetRedirection = RPC_SetRedirection, 330 }; 331 #endif 332 333 UINT16 334 Decode_UINT16(BYTE * in) 335 { 336 UINT16 temp = 0; 337 temp = (in[1] & 0xFF); 338 temp |= (in[0] << 8); 339 return temp; 340 } 341 342 void 343 UINT32ToArray(UINT32 i, BYTE * out) 344 { 345 out[0] = (BYTE) ((i >> 24) & 0xFF); 346 out[1] = (BYTE) ((i >> 16) & 0xFF); 347 out[2] = (BYTE) ((i >> 8) & 0xFF); 348 out[3] = (BYTE) i & 0xFF; 349 } 350 351 void 352 UINT64ToArray(UINT64 i, BYTE *out) 353 { 354 out[0] = (BYTE) ((i >> 56) & 0xFF); 355 out[1] = (BYTE) ((i >> 48) & 0xFF); 356 out[2] = (BYTE) ((i >> 40) & 0xFF); 357 out[3] = (BYTE) ((i >> 32) & 0xFF); 358 out[4] = (BYTE) ((i >> 24) & 0xFF); 359 out[5] = (BYTE) ((i >> 16) & 0xFF); 360 out[6] = (BYTE) ((i >> 8) & 0xFF); 361 out[7] = (BYTE) i & 0xFF; 362 } 363 364 void 365 UINT16ToArray(UINT16 i, BYTE * out) 366 { 367 out[0] = ((i >> 8) & 0xFF); 368 out[1] = i & 0xFF; 369 } 370 371 UINT64 372 Decode_UINT64(BYTE *y) 373 { 374 UINT64 x = 0; 375 376 x = y[0]; 377 x = ((x << 8) | (y[1] & 0xFF)); 378 x = ((x << 8) | (y[2] & 0xFF)); 379 x = ((x << 8) | (y[3] & 0xFF)); 380 x = ((x << 8) | (y[4] & 0xFF)); 381 x = ((x << 8) | (y[5] & 0xFF)); 382 x = ((x << 8) | (y[6] & 0xFF)); 383 x = ((x << 8) | (y[7] & 0xFF)); 384 385 return x; 386 } 387 388 UINT32 389 Decode_UINT32(BYTE * y) 390 { 391 UINT32 x = 0; 392 393 x = y[0]; 394 x = ((x << 8) | (y[1] & 0xFF)); 395 x = ((x << 8) | (y[2] & 0xFF)); 396 x = ((x << 8) | (y[3] & 0xFF)); 397 398 return x; 399 } 400 401 UINT32 402 get_pcr_event_size(TSS_PCR_EVENT *e) 403 { 404 return (sizeof(TSS_PCR_EVENT) + e->ulEventLength + e->ulPcrValueLength); 405 } 406 407 void 408 LoadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) 409 { 410 Trspi_LoadBlob_UINT32(offset, auth->AuthHandle, blob); 411 Trspi_LoadBlob(offset, 20, blob, auth->NonceOdd.nonce); 412 Trspi_LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob); 413 Trspi_LoadBlob(offset, 20, blob, (BYTE *)&auth->HMAC); 414 } 415 416 void 417 UnloadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth) 418 { 419 Trspi_UnloadBlob(offset, 20, blob, auth->NonceEven.nonce); 420 Trspi_UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob); 421 Trspi_UnloadBlob(offset, 20, blob, (BYTE *)&auth->HMAC); 422 } 423 424 /* If alloc is true, we allocate a new buffer for the bytes and set *data to that. 425 * If alloc is false, data is really a BYTE*, so write the bytes directly to that buffer */ 426 TSS_RESULT 427 get_local_random(TSS_HCONTEXT tspContext, TSS_BOOL alloc, UINT32 size, BYTE **data) 428 { 429 FILE *f = NULL; 430 BYTE *buf = NULL; 431 432 f = fopen(TSS_LOCAL_RANDOM_DEVICE, "r"); 433 if (f == NULL) { 434 LogError("open of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno)); 435 return TSPERR(TSS_E_INTERNAL_ERROR); 436 } 437 438 if (alloc) { 439 buf = calloc_tspi(tspContext, size); 440 if (buf == NULL) { 441 LogError("malloc of %u bytes failed", size); 442 fclose(f); 443 return TSPERR(TSS_E_OUTOFMEMORY); 444 } 445 } else 446 buf = (BYTE *)data; 447 448 if (fread(buf, size, 1, f) == 0) { 449 LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno)); 450 fclose(f); 451 return TSPERR(TSS_E_INTERNAL_ERROR); 452 } 453 454 if (alloc) 455 *data = buf; 456 fclose(f); 457 458 return TSS_SUCCESS; 459 } 460