xref: /netbsd-src/crypto/external/cpl/trousers/dist/src/tspi/tsp_ek.c (revision 4d342c046e3288fb5a1edcd33cfec48c41c80664) 
1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2004-2007
8  *
9  */
10 
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <inttypes.h>
15 
16 #include "trousers/tss.h"
17 #include "trousers/trousers.h"
18 #include "trousers_types.h"
19 #include "spi_utils.h"
20 #include "capabilities.h"
21 #include "tsplog.h"
22 #include "obj.h"
23 
24 
25 TSS_RESULT
26 owner_get_pubek(TSS_HCONTEXT tspContext, TSS_HTPM hTPM, TSS_HKEY *hPubEk)
27 {
28 	TSS_RESULT result;
29 	UINT32 tpmVersion, pubEKSize;
30 	TSS_HPOLICY hPolicy;
31 	Trspi_HashCtx hashCtx;
32 	BYTE *pubEK = NULL;
33 	TSS_HKEY hRetKey;
34 	TPM_AUTH ownerAuth;
35 	TPM_DIGEST digest;
36 
37 
38 	if ((result = obj_context_get_tpm_version(tspContext, &tpmVersion)))
39 		return result;
40 
41 	if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy)))
42 		return result;
43 
44 	switch (tpmVersion) {
45 	case 2:
46 		result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
47 		result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub);
48 		result |= Trspi_Hash_UINT32(&hashCtx, TPM_KH_EK);
49 		if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
50 			goto done;
51 
52 		if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadInternalPub,
53 						      hPolicy, FALSE, &digest, &ownerAuth)))
54 			goto done;
55 
56 		if ((result = TCS_API(tspContext)->OwnerReadInternalPub(tspContext, TPM_KH_EK,
57 									&ownerAuth, &pubEKSize,
58 									&pubEK)))
59 			goto done;
60 
61 		result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
62 		result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS);
63 		result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub);
64 		result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK);
65 		if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
66 			goto done;
67 
68 		if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth)))
69 			goto done;
70 		break;
71 	default:
72 		result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
73 		result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek);
74 		if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
75 			goto done;
76 
77 		if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadPubek, hPolicy, FALSE,
78 						      &digest, &ownerAuth)))
79 			goto done;
80 
81 		if ((result = TCS_API(tspContext)->OwnerReadPubek(tspContext, &ownerAuth,
82 								  &pubEKSize, &pubEK)))
83 			goto done;
84 
85 		result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
86 		result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS);
87 		result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek);
88 		result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK);
89 		if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
90 			goto done;
91 
92 		if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth)))
93 			goto done;
94 
95 		break;
96 	}
97 
98 	if ((result = obj_rsakey_add(tspContext, TSS_KEY_SIZE_2048|TSS_KEY_TYPE_LEGACY, &hRetKey)))
99 		goto done;
100 
101 	if ((result = obj_rsakey_set_pubkey(hRetKey, TRUE, pubEK)))
102 		goto done;
103 
104 	*hPubEk = hRetKey;
105 done:
106 	free(pubEK);
107 	return result;
108 }
109