1 2 /* 3 * Licensed Materials - Property of IBM 4 * 5 * trousers - An open source TCG Software Stack 6 * 7 * (C) Copyright International Business Machines Corp. 2004-2007 8 * 9 */ 10 11 #include <stdlib.h> 12 #include <stdio.h> 13 #include <string.h> 14 #include <inttypes.h> 15 16 #include "trousers/tss.h" 17 #include "trousers/trousers.h" 18 #include "trousers_types.h" 19 #include "spi_utils.h" 20 #include "capabilities.h" 21 #include "tsplog.h" 22 #include "obj.h" 23 24 #ifdef TSS_BUILD_TRANSPORT 25 TSS_RESULT 26 Transport_CreateMigrationBlob(TSS_HCONTEXT tspContext, /* in */ 27 TCS_KEY_HANDLE parentHandle, /* in */ 28 TCPA_MIGRATE_SCHEME migrationType, /* in */ 29 UINT32 MigrationKeyAuthSize, /* in */ 30 BYTE * MigrationKeyAuth, /* in */ 31 UINT32 encDataSize, /* in */ 32 BYTE * encData, /* in */ 33 TPM_AUTH * parentAuth, /* in, out */ 34 TPM_AUTH * entityAuth, /* in, out */ 35 UINT32 * randomSize, /* out */ 36 BYTE ** random, /* out */ 37 UINT32 * outDataSize, /* out */ 38 BYTE ** outData) /* out */ 39 { 40 UINT64 offset; 41 TSS_RESULT result; 42 UINT32 handlesLen, dataLen, decLen; 43 TCS_HANDLE *handles, handle; 44 TPM_DIGEST pubKeyHash; 45 Trspi_HashCtx hashCtx; 46 BYTE *data, *dec; 47 48 49 if ((result = obj_context_transport_init(tspContext))) 50 return result; 51 52 LogDebugFn("Executing in a transport session"); 53 54 if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest))) 55 return result; 56 57 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 58 result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); 59 if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) 60 return result; 61 62 handlesLen = 1; 63 handle = parentHandle; 64 handles = &handle; 65 66 dataLen = sizeof(TCPA_MIGRATE_SCHEME) 67 + MigrationKeyAuthSize 68 + sizeof(UINT32) 69 + encDataSize; 70 if ((data = malloc(dataLen)) == NULL) { 71 LogError("malloc of %u bytes failed", dataLen); 72 return TSPERR(TSS_E_OUTOFMEMORY); 73 } 74 75 offset = 0; 76 Trspi_LoadBlob_UINT16(&offset, migrationType, data); 77 Trspi_LoadBlob(&offset, MigrationKeyAuthSize, data, MigrationKeyAuth); 78 Trspi_LoadBlob_UINT32(&offset, encDataSize, data); 79 Trspi_LoadBlob(&offset, encDataSize, data, encData); 80 81 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_CreateMigrationBlob, 82 dataLen, data, &pubKeyHash, &handlesLen, 83 &handles, parentAuth, entityAuth, &decLen, 84 &dec))) { 85 free(data); 86 return result; 87 } 88 free(data); 89 90 offset = 0; 91 Trspi_UnloadBlob_UINT32(&offset, randomSize, dec); 92 93 if ((*random = malloc(*randomSize)) == NULL) { 94 free(dec); 95 LogError("malloc of %u bytes failed", *randomSize); 96 *randomSize = 0; 97 return TSPERR(TSS_E_OUTOFMEMORY); 98 } 99 Trspi_UnloadBlob(&offset, *randomSize, dec, *random); 100 101 Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); 102 103 if ((*outData = malloc(*outDataSize)) == NULL) { 104 free(*random); 105 *random = NULL; 106 *randomSize = 0; 107 free(dec); 108 LogError("malloc of %u bytes failed", *outDataSize); 109 *outDataSize = 0; 110 return TSPERR(TSS_E_OUTOFMEMORY); 111 } 112 Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); 113 free(dec); 114 115 return result; 116 } 117 118 TSS_RESULT 119 Transport_ConvertMigrationBlob(TSS_HCONTEXT tspContext, /* in */ 120 TCS_KEY_HANDLE parentHandle, /* in */ 121 UINT32 inDataSize, /* in */ 122 BYTE * inData, /* in */ 123 UINT32 randomSize, /* in */ 124 BYTE * random, /* in */ 125 TPM_AUTH * parentAuth, /* in, out */ 126 UINT32 * outDataSize, /* out */ 127 BYTE ** outData) /* out */ 128 { 129 UINT64 offset; 130 TSS_RESULT result; 131 UINT32 handlesLen, dataLen, decLen; 132 TCS_HANDLE *handles, handle; 133 TPM_DIGEST pubKeyHash; 134 Trspi_HashCtx hashCtx; 135 BYTE *data, *dec; 136 137 138 if ((result = obj_context_transport_init(tspContext))) 139 return result; 140 141 LogDebugFn("Executing in a transport session"); 142 143 if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest))) 144 return result; 145 146 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 147 result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest); 148 if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest))) 149 return result; 150 151 handlesLen = 1; 152 handle = parentHandle; 153 handles = &handle; 154 155 dataLen = (2 * sizeof(UINT32)) + randomSize + inDataSize; 156 if ((data = malloc(dataLen)) == NULL) { 157 LogError("malloc of %u bytes failed", dataLen); 158 return TSPERR(TSS_E_OUTOFMEMORY); 159 } 160 161 offset = 0; 162 Trspi_LoadBlob_UINT32(&offset, inDataSize, data); 163 Trspi_LoadBlob(&offset, inDataSize, data, inData); 164 Trspi_LoadBlob_UINT32(&offset, randomSize, data); 165 Trspi_LoadBlob(&offset, randomSize, data, random); 166 167 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_ConvertMigrationBlob, 168 dataLen, data, &pubKeyHash, &handlesLen, 169 &handles, parentAuth, NULL, &decLen, &dec))) { 170 free(data); 171 return result; 172 } 173 free(data); 174 175 offset = 0; 176 Trspi_UnloadBlob_UINT32(&offset, outDataSize, dec); 177 178 if ((*outData = malloc(*outDataSize)) == NULL) { 179 free(dec); 180 LogError("malloc of %u bytes failed", *outDataSize); 181 *outDataSize = 0; 182 return TSPERR(TSS_E_OUTOFMEMORY); 183 } 184 Trspi_UnloadBlob(&offset, *outDataSize, dec, *outData); 185 free(dec); 186 187 return result; 188 } 189 190 TSS_RESULT 191 Transport_AuthorizeMigrationKey(TSS_HCONTEXT tspContext, /* in */ 192 TCPA_MIGRATE_SCHEME migrateScheme, /* in */ 193 UINT32 MigrationKeySize, /* in */ 194 BYTE * MigrationKey, /* in */ 195 TPM_AUTH * ownerAuth, /* in, out */ 196 UINT32 * MigrationKeyAuthSize, /* out */ 197 BYTE ** MigrationKeyAuth) /* out */ 198 { 199 UINT64 offset; 200 UINT16 tpmMigrateScheme; 201 TSS_RESULT result; 202 UINT32 handlesLen = 0, dataLen, decLen; 203 BYTE *data, *dec; 204 205 206 if ((result = obj_context_transport_init(tspContext))) 207 return result; 208 209 LogDebugFn("Executing in a transport session"); 210 211 /* The TSS_MIGRATE_SCHEME must be changed to a TPM_MIGRATE_SCHEME here, since the TCS 212 * expects a TSS migrate scheme, but this could be wrapped by the TSP before it gets to the 213 * TCS. */ 214 switch (migrateScheme) { 215 case TSS_MS_MIGRATE: 216 tpmMigrateScheme = TCPA_MS_MIGRATE; 217 break; 218 case TSS_MS_REWRAP: 219 tpmMigrateScheme = TCPA_MS_REWRAP; 220 break; 221 case TSS_MS_MAINT: 222 tpmMigrateScheme = TCPA_MS_MAINT; 223 break; 224 #ifdef TSS_BUILD_CMK 225 case TSS_MS_RESTRICT_MIGRATE: 226 tpmMigrateScheme = TPM_MS_RESTRICT_MIGRATE; 227 break; 228 229 case TSS_MS_RESTRICT_APPROVE_DOUBLE: 230 tpmMigrateScheme = TPM_MS_RESTRICT_APPROVE_DOUBLE; 231 break; 232 #endif 233 default: 234 return TSPERR(TSS_E_BAD_PARAMETER); 235 break; 236 } 237 238 dataLen = sizeof(TCPA_MIGRATE_SCHEME) + MigrationKeySize; 239 if ((data = malloc(dataLen)) == NULL) { 240 LogError("malloc of %u bytes failed", dataLen); 241 return TSPERR(TSS_E_OUTOFMEMORY); 242 } 243 244 offset = 0; 245 Trspi_LoadBlob_UINT16(&offset, tpmMigrateScheme, data); 246 Trspi_LoadBlob(&offset, MigrationKeySize, data, MigrationKey); 247 248 if ((result = obj_context_transport_execute(tspContext, TPM_ORD_AuthorizeMigrationKey, 249 dataLen, data, NULL, &handlesLen, NULL, 250 ownerAuth, NULL, &decLen, &dec))) { 251 free(data); 252 return result; 253 } 254 free(data); 255 256 *MigrationKeyAuthSize = decLen; 257 *MigrationKeyAuth = dec; 258 259 return result; 260 } 261 262 #endif 263 264