18
18
#include <sys/mman.h>
21
#include <sys/types.h>
22
#include <sys/socket.h>
24
#include <openssl/evp.h>
26
22
#include "trousers/tss.h"
27
23
#include "trousers_types.h"
28
#include "spi_internal_types.h"
29
#include "tcs_internal_types.h"
24
#include "trousers_types.h"
30
25
#include "tcs_tsp.h"
31
26
#include "tcs_utils.h"
32
27
#include "tcs_int_literals.h"
33
28
#include "capabilities.h"
35
30
#include "tcslog.h"
38
#include "tcsd_wrap.h"
41
struct key_mem_cache *key_mem_cache_head = NULL;
42
TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } };
44
TSS_BOOL firstVendorCheck = 1;
47
fill_key_info(struct key_disk_cache *d,
48
struct key_mem_cache *m,
49
TSS_KM_KEYINFO *key_info)
52
UINT16 tmp_blob_size = 2048;
58
key_info->fIsLoaded = FALSE;
60
/* read key from disk */
61
if ((result = ps_get_key_by_cache_entry(d, (BYTE *)&tmp_blob, &tmp_blob_size)))
65
/* XXX add a real context handle here */
66
if ((result = UnloadBlob_KEY(&offset, tmp_blob, &tmp_key)))
69
memcpy(&key_info->versionInfo, &tmp_key.ver, sizeof(TSS_VERSION));
70
memcpy(&key_info->bAuthDataUsage, &tmp_key.authDataUsage, sizeof(TCPA_AUTH_DATA_USAGE));
71
destroy_key_refs(&tmp_key);
73
if (m->tpm_handle == NULL_TPM_HANDLE)
74
key_info->fIsLoaded = FALSE;
76
key_info->fIsLoaded = TRUE;
78
memcpy(&key_info->versionInfo, &m->blob->ver, sizeof(TSS_VERSION));
79
memcpy(&key_info->bAuthDataUsage, &m->blob->authDataUsage, sizeof(TCPA_AUTH_DATA_USAGE));
82
memcpy(&key_info->keyUUID, &d->uuid, sizeof(TSS_UUID));
83
memcpy(&key_info->parentKeyUUID, &d->parent_uuid, sizeof(TSS_UUID));
85
/* XXX consider filling in something useful here */
86
key_info->ulVendorDataLength = 0;
87
key_info->rgbVendorData = NULL;
93
get_current_version(TCPA_VERSION *version)
95
TCPA_CAPABILITY_AREA capArea = TPM_CAP_VERSION_VAL;
101
/* try the 1.2 way first */
102
result = TCSP_GetCapability_Internal(InternalContext,
108
if (result == TSS_SUCCESS) {
109
offset = sizeof(UINT16); // XXX hack
110
UnloadBlob_VERSION(&offset, resp, version);
112
} else if (result == TCPA_E_BAD_MODE) {
113
/* if the TPM doesn't understand VERSION_VAL, try the 1.1 way */
114
capArea = TCPA_CAP_VERSION;
115
result = TCSP_GetCapability_Internal(InternalContext,
121
if (result == TSS_SUCCESS) {
123
UnloadBlob_VERSION(&offset, resp, version);
132
get_cap_uint32(TCPA_CAPABILITY_AREA capArea, BYTE *subCap, UINT32 subCapSize, UINT32 *v)
139
result = TCSP_GetCapability_Internal(InternalContext,
149
UnloadBlob_BYTE(&offset, (BYTE *)v, resp, NULL);
152
UnloadBlob_UINT16(&offset, (UINT16 *)v, resp, NULL);
155
UnloadBlob_UINT32(&offset, v, resp, NULL);
158
LogDebug("TCSP_GetCapability_Internal returned"
159
" %u bytes", respSize);
160
result = TCSERR(TSS_E_FAIL);
171
get_max_auths(UINT32 *auths)
173
TCS_AUTHHANDLE handles[TSS_MAX_AUTHS_CAP];
179
if (TPM_VERSION(1,2)) {
180
UINT32ToArray(TPM_CAP_PROP_MAX_AUTHSESS, (BYTE *)(&subCap));
181
result = get_cap_uint32(TPM_CAP_PROPERTY, (BYTE *)&subCap,
182
sizeof(subCap), auths);
183
} else if (TPM_VERSION(1,1)) {
184
/* open auth sessions until we get a failure */
185
for (i = 0; i < TSS_MAX_AUTHS_CAP; i++) {
186
result = TCSP_OIAP_Internal(InternalContext,
187
&(handles[i]), &nonce);
188
if (result != TSS_SUCCESS) {
189
/* this is not off by one since we're 0 indexed */
195
if (i == TSS_MAX_AUTHS_CAP)
196
*auths = TSS_MAX_AUTHS_CAP;
198
/* close the auth sessions */
199
for (i = 0; (UINT32)i < *auths; i++) {
200
internal_TerminateHandle(handles[i]);
203
result = TCSERR(TSS_E_INTERNAL_ERROR);
208
LogError("%s reported only %u auth available!", __FUNCTION__, *auths);
209
LogError("Your TPM must be reset before the TCSD can be started.");
211
LogDebug("get_max_auths reports %u auth contexts found", *auths);
212
result = TSS_SUCCESS;
218
/* This is only called from init paths, so printing an error message is
219
* appropriate if something goes wrong */
221
get_tpm_metrics(struct tpm_properties *p)
224
UINT32 subCap, rv = 0;
226
if ((result = get_current_version(&p->version)))
229
UINT32ToArray(TPM_ORD_SaveKeyContext, (BYTE *)&subCap);
230
if ((result = get_cap_uint32(TCPA_CAP_ORD, (BYTE *)&subCap, sizeof(UINT32), &rv)))
232
p->keyctx_swap = rv ? TRUE : FALSE;
235
UINT32ToArray(TPM_ORD_SaveAuthContext, (BYTE *)&subCap);
236
if ((result = get_cap_uint32(TCPA_CAP_ORD, (BYTE *)&subCap, sizeof(UINT32), &rv)))
238
p->authctx_swap = rv ? TRUE : FALSE;
240
UINT32ToArray(TPM_CAP_PROP_PCR, (BYTE *)&subCap);
241
if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
245
UINT32ToArray(TPM_CAP_PROP_DIR, (BYTE *)&subCap);
246
if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
250
UINT32ToArray(TPM_CAP_PROP_SLOTS, (BYTE *)&subCap);
251
if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
255
UINT32ToArray(TPM_CAP_PROP_MANUFACTURER, (BYTE *)&subCap);
256
if ((result = get_cap_uint32(TCPA_CAP_PROPERTY, (BYTE *)&subCap, sizeof(UINT32),
257
(UINT32 *)&p->manufacturer)))
260
result = get_max_auths(&(p->num_auths));
264
LogError("TCS GetCapability failed with result = 0x%x", result);
33
TCS_CONTEXT_HANDLE InternalContext = 0x30000000;
34
TSS_UUID SRK_UUID = TSS_UUID_SRK;
270
38
LogData(char *string, UINT32 data)
475
LoadBlob_UINT32(UINT64 * offset, UINT32 in, BYTE * blob, char *log)
107
Decode_UINT64(BYTE *y)
112
x = ((x << 8) | (y[1] & 0xFF));
113
x = ((x << 8) | (y[2] & 0xFF));
114
x = ((x << 8) | (y[3] & 0xFF));
115
x = ((x << 8) | (y[4] & 0xFF));
116
x = ((x << 8) | (y[5] & 0xFF));
117
x = ((x << 8) | (y[6] & 0xFF));
118
x = ((x << 8) | (y[7] & 0xFF));
124
LoadBlob_UINT64(UINT64 *offset, UINT64 in, BYTE * blob)
127
UINT64ToArray(in, &blob[*offset]);
128
*offset += sizeof(UINT64);
132
LoadBlob_UINT32(UINT64 *offset, UINT32 in, BYTE * blob)
478
135
UINT32ToArray(in, &blob[*offset]);
136
*offset += sizeof(UINT32);
487
LoadBlob_UINT16(UINT64 * offset, UINT16 in, BYTE * blob, char *log)
140
LoadBlob_UINT16(UINT64 *offset, UINT16 in, BYTE * blob)
490
143
UINT16ToArray(in, &blob[*offset]);
499
UnloadBlob_UINT32(UINT64 * offset, UINT32 * out, BYTE * blob, char *log)
501
*out = Decode_UINT32(&blob[*offset]);
510
UnloadBlob_UINT16(UINT64 * offset, UINT16 * out, BYTE * blob, char *log)
512
*out = Decode_UINT16(&blob[*offset]);
521
LoadBlob_BYTE(UINT64 * offset, BYTE data, BYTE * blob, char *log)
524
blob[*offset] = data;
528
LogDebug("%s: %c", log, data);
533
UnloadBlob_BYTE(UINT64 * offset, BYTE * dataOut, BYTE * blob, char *log)
535
*dataOut = blob[*offset];
539
LogDebug("%s: %c", log, *dataOut);
544
LoadBlob_BOOL(UINT64 * offset, TSS_BOOL data, BYTE * blob, char *log)
547
blob[*offset] = data;
551
LogDebug("%s: %c", log, data);
556
UnloadBlob_BOOL(UINT64 * offset, TSS_BOOL *dataOut, BYTE * blob, char *log)
558
*dataOut = blob[*offset];
562
LogDebug("%s: %c", log, *dataOut);
567
LoadBlob(UINT64 * offset, UINT32 size, BYTE * container, BYTE * object,
144
*offset += sizeof(UINT16);
148
UnloadBlob_UINT64(UINT64 *offset, UINT64 * out, BYTE * blob)
151
*out = Decode_UINT64(&blob[*offset]);
152
*offset += sizeof(UINT64);
156
UnloadBlob_UINT32(UINT64 *offset, UINT32 * out, BYTE * blob)
159
*out = Decode_UINT32(&blob[*offset]);
160
*offset += sizeof(UINT32);
164
UnloadBlob_UINT16(UINT64 *offset, UINT16 * out, BYTE * blob)
167
*out = Decode_UINT16(&blob[*offset]);
168
*offset += sizeof(UINT16);
172
LoadBlob_BYTE(UINT64 *offset, BYTE data, BYTE * blob)
175
blob[*offset] = data;
180
UnloadBlob_BYTE(UINT64 *offset, BYTE * dataOut, BYTE * blob)
183
*dataOut = blob[*offset];
188
LoadBlob_BOOL(UINT64 *offset, TSS_BOOL data, BYTE * blob)
191
blob[*offset] = data;
196
UnloadBlob_BOOL(UINT64 *offset, TSS_BOOL *dataOut, BYTE * blob)
199
*dataOut = blob[*offset];
204
LoadBlob(UINT64 *offset, UINT32 size, BYTE *container, BYTE *object)
571
210
memcpy(&container[*offset], object, size);
572
211
(*offset) += (UINT64) size;
576
UnloadBlob(UINT64 * offset, UINT32 size, BYTE * container, BYTE * object,
215
UnloadBlob(UINT64 *offset, UINT32 size, BYTE *container, BYTE *object)
579
memcpy(object, &container[*offset], size);
221
memcpy(object, &container[*offset], size);
580
222
(*offset) += (UINT64) size;
582
/* commenting out for now, logs getting too chatty */
585
/* XXX Crashes sometimes. Investigate. */
586
//LogBlob(size, object);
592
LoadBlob_Header(UINT16 tag, UINT32 paramSize, UINT32 ordinal,
226
LoadBlob_Header(UINT16 tag, UINT32 paramSize, UINT32 ordinal, BYTE * blob)
596
229
UINT16ToArray(tag, &blob[0]);
619
LoadBlob_MIGRATIONKEYAUTH(UINT64 * offset, BYTE * blob,
620
TCPA_MIGRATIONKEYAUTH * mkAuth)
622
LoadBlob_PUBKEY(offset, blob, &mkAuth->migrationKey);
623
LoadBlob_UINT16(offset, mkAuth->migrationScheme, blob,
625
LoadBlob(offset, 20, blob, mkAuth->digest.digest, "mkauth digest");
629
UnloadBlob_MIGRATIONKEYAUTH(UINT64 * offset,
630
BYTE * blob, TCPA_MIGRATIONKEYAUTH * mkAuth)
634
if ((result = UnloadBlob_PUBKEY(offset, blob, &mkAuth->migrationKey)))
637
UnloadBlob_UINT16(offset, &mkAuth->migrationScheme, blob,
639
UnloadBlob(offset, 20, blob, mkAuth->digest.digest, "mkauth digest");
645
LoadBlob_Auth(UINT64 * offset, BYTE * blob, TPM_AUTH * auth)
647
LoadBlob_UINT32(offset, auth->AuthHandle, blob, "Auth AuthHandle");
648
LoadBlob(offset, TCPA_NONCE_SIZE, blob, auth->NonceOdd.nonce, "Auth: NonceOdd");
649
LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob, "CAS");
650
LoadBlob(offset, TCPA_AUTHDATA_SIZE, blob, (BYTE *)&auth->HMAC, "auth: HMAC");
654
UnloadBlob_Auth(UINT64 * offset, BYTE * blob, TPM_AUTH * auth)
656
UnloadBlob(offset, TCPA_NONCE_SIZE, blob, auth->NonceEven.nonce, "Nonce Even");
657
UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob, "CAS");
658
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&auth->HMAC, "Auth HMAC");
662
LoadBlob_KEY_PARMS(UINT64 * offset, BYTE * blob,
663
TCPA_KEY_PARMS * keyInfo)
665
LoadBlob_UINT32(offset, keyInfo->algorithmID, blob, "KEY_PARMS: algID");
666
LoadBlob_UINT16(offset, keyInfo->encScheme, blob,
667
"KEY_PARMS: encScheme");
668
LoadBlob_UINT16(offset, keyInfo->sigScheme, blob,
669
"KEY_PARMS: sigScheme");
670
LoadBlob_UINT32(offset, keyInfo->parmSize, blob, "KEY_PARMS: parmSize");
671
LoadBlob(offset, keyInfo->parmSize, blob, keyInfo->parms,
676
UnloadBlob_KEY_PARMS(UINT64 * offset, BYTE * blob,
677
TCPA_KEY_PARMS * keyParms)
679
UnloadBlob_UINT32(offset, &keyParms->algorithmID, blob,
681
UnloadBlob_UINT16(offset, &keyParms->encScheme, blob,
682
"KEY_PARMS: encScheme");
683
UnloadBlob_UINT16(offset, &keyParms->sigScheme, blob,
684
"KEY_PARMS: sigScheme");
685
UnloadBlob_UINT32(offset, &keyParms->parmSize, blob,
686
"KEY_PARMS: parmSize");
252
LoadBlob_Auth(UINT64 *offset, BYTE * blob, TPM_AUTH * auth)
254
LoadBlob_UINT32(offset, auth->AuthHandle, blob);
255
LoadBlob(offset, TCPA_NONCE_SIZE, blob, auth->NonceOdd.nonce);
256
LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob);
257
LoadBlob(offset, TCPA_AUTHDATA_SIZE, blob, (BYTE *)&auth->HMAC);
261
UnloadBlob_Auth(UINT64 *offset, BYTE * blob, TPM_AUTH * auth)
264
UnloadBlob(offset, TCPA_NONCE_SIZE, blob, NULL);
265
UnloadBlob_BOOL(offset, NULL, blob);
266
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, NULL);
271
UnloadBlob(offset, TCPA_NONCE_SIZE, blob, auth->NonceEven.nonce);
272
UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob);
273
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&auth->HMAC);
277
UnloadBlob_VERSION(UINT64 *offset, BYTE *blob, TPM_VERSION *out)
280
*offset += (sizeof(BYTE) * 4);
284
UnloadBlob_BYTE(offset, &out->major, blob);
285
UnloadBlob_BYTE(offset, &out->minor, blob);
286
UnloadBlob_BYTE(offset, &out->revMajor, blob);
287
UnloadBlob_BYTE(offset, &out->revMinor, blob);
291
LoadBlob_VERSION(UINT64 *offset, BYTE *blob, TPM_VERSION *ver)
293
LoadBlob_BYTE(offset, ver->major, blob);
294
LoadBlob_BYTE(offset, ver->minor, blob);
295
LoadBlob_BYTE(offset, ver->revMajor, blob);
296
LoadBlob_BYTE(offset, ver->revMinor, blob);
300
UnloadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION *out)
303
*offset += (sizeof(BYTE) * 4);
307
UnloadBlob_BYTE(offset, &out->major, blob);
308
UnloadBlob_BYTE(offset, &out->minor, blob);
309
UnloadBlob_BYTE(offset, &out->revMajor, blob);
310
UnloadBlob_BYTE(offset, &out->revMinor, blob);
314
LoadBlob_TCPA_VERSION(UINT64 *offset, BYTE *blob, TCPA_VERSION *ver)
316
LoadBlob_BYTE(offset, ver->major, blob);
317
LoadBlob_BYTE(offset, ver->minor, blob);
318
LoadBlob_BYTE(offset, ver->revMajor, blob);
319
LoadBlob_BYTE(offset, ver->revMinor, blob);
323
UnloadBlob_KEY_PARMS(UINT64 *offset, BYTE *blob, TCPA_KEY_PARMS *keyParms)
328
UnloadBlob_UINT32(offset, NULL, blob);
329
UnloadBlob_UINT16(offset, NULL, blob);
330
UnloadBlob_UINT16(offset, NULL, blob);
331
UnloadBlob_UINT32(offset, &parmSize, blob);
334
UnloadBlob(offset, parmSize, blob, NULL);
339
UnloadBlob_UINT32(offset, &keyParms->algorithmID, blob);
340
UnloadBlob_UINT16(offset, &keyParms->encScheme, blob);
341
UnloadBlob_UINT16(offset, &keyParms->sigScheme, blob);
342
UnloadBlob_UINT32(offset, &keyParms->parmSize, blob);
688
344
if (keyParms->parmSize == 0)
689
345
keyParms->parms = NULL;
695
351
return TCSERR(TSS_E_OUTOFMEMORY);
698
UnloadBlob(offset, keyParms->parmSize, blob, keyParms->parms,
706
UnloadBlob_STORE_PUBKEY(UINT64 * offset, BYTE * blob,
707
TCPA_STORE_PUBKEY * store)
709
UnloadBlob_UINT32(offset, &store->keyLength, blob,
710
"STORE_PUBKEY KeyLength");
712
if (store->keyLength == 0) {
714
LogWarn("Unloading a public key of size 0!");
716
store->key = (BYTE *)malloc(store->keyLength);
717
if (store->key == NULL) {
718
LogError("malloc of %u bytes failed.", store->keyLength);
719
store->keyLength = 0;
720
return TCSERR(TSS_E_OUTOFMEMORY);
723
UnloadBlob(offset, store->keyLength, blob, store->key,
731
LoadBlob_STORE_PUBKEY(UINT64 * offset, BYTE * blob,
732
TCPA_STORE_PUBKEY * store)
734
LoadBlob_UINT32(offset, store->keyLength, blob,
735
"STORE_PUBKEY keyLength");
736
LoadBlob(offset, store->keyLength, blob, store->key,
741
UnloadBlob_VERSION(UINT64 * offset, BYTE * blob, TCPA_VERSION * out)
743
UnloadBlob_BYTE(offset, &out->major, blob, NULL);
744
UnloadBlob_BYTE(offset, &out->minor, blob, NULL);
745
UnloadBlob_BYTE(offset, &out->revMajor, blob, NULL);
746
UnloadBlob_BYTE(offset, &out->revMinor, blob, NULL);
750
LoadBlob_VERSION(UINT64 * offset, BYTE * blob, TCPA_VERSION * ver)
752
LoadBlob_BYTE(offset, ver->major, blob, NULL);
753
LoadBlob_BYTE(offset, ver->minor, blob, NULL);
754
LoadBlob_BYTE(offset, ver->revMajor, blob, NULL);
755
LoadBlob_BYTE(offset, ver->revMinor, blob, NULL);
759
UnloadBlob_KEY(UINT64 * offset, BYTE * blob, TCPA_KEY * key)
763
UnloadBlob_VERSION(offset, blob, &key->ver);
764
UnloadBlob_UINT16(offset, &key->keyUsage, blob, "KEY keyUsage");
765
UnloadBlob_KEY_FLAGS(offset, blob, &key->keyFlags);
766
UnloadBlob_BOOL(offset, (TSS_BOOL *)&key->authDataUsage, blob, "KEY AuthDataUsage");
767
if ((rc = UnloadBlob_KEY_PARMS(offset, blob, &key->algorithmParms)))
769
UnloadBlob_UINT32(offset, &key->PCRInfoSize, blob, "KEY PCRInfoSize");
771
if (key->PCRInfoSize == 0)
774
key->PCRInfo = malloc(key->PCRInfoSize);
775
if (key->PCRInfo == NULL) {
776
LogError("malloc of %u bytes failed.", key->PCRInfoSize);
777
key->PCRInfoSize = 0;
778
free(key->algorithmParms.parms);
779
key->algorithmParms.parms = NULL;
780
key->algorithmParms.parmSize = 0;
781
return TCSERR(TSS_E_OUTOFMEMORY);
783
UnloadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo, "KEY PCRInfo");
786
if ((rc = UnloadBlob_STORE_PUBKEY(offset, blob, &key->pubKey))) {
789
key->PCRInfoSize = 0;
790
free(key->algorithmParms.parms);
791
key->algorithmParms.parms = NULL;
792
key->algorithmParms.parmSize = 0;
795
UnloadBlob_UINT32(offset, &key->encSize, blob, "KEY encSize");
797
if (key->encSize == 0)
800
key->encData = (BYTE *)malloc(key->encSize);
801
if (key->encData == NULL) {
802
LogError("malloc of %d bytes failed.", key->encSize);
804
free(key->algorithmParms.parms);
805
key->algorithmParms.parms = NULL;
806
key->algorithmParms.parmSize = 0;
809
key->PCRInfoSize = 0;
810
free(key->pubKey.key);
811
key->pubKey.key = NULL;
812
key->pubKey.keyLength = 0;
813
return TCSERR(TSS_E_OUTOFMEMORY);
815
UnloadBlob(offset, key->encSize, blob, key->encData, "KEY encData");
822
LoadBlob_KEY(UINT64 * offset, BYTE * blob, TCPA_KEY * key)
824
LoadBlob_VERSION(offset, blob, &key->ver);
825
LoadBlob_UINT16(offset, key->keyUsage, blob, "KEY keyUsage");
826
LoadBlob_KEY_FLAGS(offset, blob, &key->keyFlags);
827
LoadBlob_BOOL(offset, key->authDataUsage, blob, "KEY authDataUsage");
828
LoadBlob_KEY_PARMS(offset, blob, &key->algorithmParms);
829
LoadBlob_UINT32(offset, key->PCRInfoSize, blob, "KEY pcrInfosize");
830
LoadBlob(offset, key->PCRInfoSize, blob, key->PCRInfo, "KEY PCRInfo");
831
LoadBlob_STORE_PUBKEY(offset, blob, &key->pubKey);
832
LoadBlob_UINT32(offset, key->encSize, blob, "KEY encSize");
833
LoadBlob(offset, key->encSize, blob, key->encData, "KEY encData");
837
LoadBlob_PUBKEY(UINT64 * offset, BYTE * blob, TCPA_PUBKEY * key)
839
LoadBlob_KEY_PARMS(offset, blob, &(key->algorithmParms));
840
LoadBlob_STORE_PUBKEY(offset, blob, &(key->pubKey));
844
UnloadBlob_PUBKEY(UINT64 * offset, BYTE * blob,
849
if ((rc = UnloadBlob_KEY_PARMS(offset, blob, &key->algorithmParms)))
851
if ((rc = UnloadBlob_STORE_PUBKEY(offset, blob, &key->pubKey))) {
852
free(key->algorithmParms.parms);
853
key->algorithmParms.parms = NULL;
854
key->algorithmParms.parmSize = 0;
861
LoadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key)
863
LoadBlob_UINT32(offset, key->algId, blob, NULL);
864
LoadBlob_UINT16(offset, key->encScheme, blob, NULL);
865
LoadBlob_UINT16(offset, key->size, blob, NULL);
868
LoadBlob(offset, key->size, blob, key->data, NULL);
875
UnloadBlob_SYMMETRIC_KEY(UINT64 *offset, BYTE *blob, TCPA_SYMMETRIC_KEY *key)
877
UnloadBlob_UINT32(offset, &key->algId, blob, NULL);
878
UnloadBlob_UINT16(offset, &key->encScheme, blob, NULL);
879
UnloadBlob_UINT16(offset, &key->size, blob, NULL);
882
key->data = (BYTE *)malloc(key->size);
883
if (key->data == NULL) {
884
LogError("malloc of %hu bytes failed.", key->size);
886
return TCSERR(TSS_E_OUTOFMEMORY);
888
UnloadBlob(offset, key->size, blob, key->data, "SYM KEY data");
897
UnloadBlob_PCR_SELECTION(UINT64 * offset, BYTE * blob, TCPA_PCR_SELECTION * pcr)
899
UnloadBlob_UINT16(offset, &pcr->sizeOfSelect, blob, NULL);
900
pcr->pcrSelect = malloc(pcr->sizeOfSelect);
901
if (pcr->pcrSelect == NULL) {
902
LogError("malloc of %hu bytes failed.", pcr->sizeOfSelect);
903
pcr->sizeOfSelect = 0;
904
return TCSERR(TSS_E_OUTOFMEMORY);
906
UnloadBlob(offset, pcr->sizeOfSelect, blob, pcr->pcrSelect, NULL);
911
LoadBlob_PCR_SELECTION(UINT64 * offset, BYTE * blob,
912
TCPA_PCR_SELECTION pcr)
914
LoadBlob_UINT16(offset, pcr.sizeOfSelect, blob, "PCR SEL sizeOfSel");
915
LoadBlob(offset, pcr.sizeOfSelect, blob, pcr.pcrSelect,
920
UnloadBlob_PCR_COMPOSITE(UINT64 *offset, BYTE *blob,
921
TCPA_PCR_COMPOSITE *out)
925
if ((rc = UnloadBlob_PCR_SELECTION(offset, blob, &out->select)))
928
UnloadBlob_UINT32(offset, &out->valueSize, blob, "PCR COMP valueSize");
929
out->pcrValue = malloc(out->valueSize);
930
if (out->pcrValue == NULL) {
931
LogError("malloc of %u bytes failed.", out->valueSize);
933
return TCSERR(TSS_E_OUTOFMEMORY);
935
UnloadBlob(offset, out->valueSize, blob, (BYTE *) out->pcrValue,
941
LoadBlob_PCR_INFO(UINT64 * offset, BYTE * blob, TCPA_PCR_INFO * pcr)
943
LoadBlob_PCR_SELECTION(offset, blob, pcr->pcrSelection);
944
LoadBlob(offset, TCPA_DIGEST_SIZE, blob, pcr->digestAtRelease.digest,
945
"PCR_INFO digAtRel");
946
LoadBlob(offset, TCPA_DIGEST_SIZE, blob, pcr->digestAtCreation.digest,
947
"PCR_INFO digAtCreate");
951
UnloadBlob_PCR_INFO(UINT64 * offset, BYTE * blob,
956
if ((rc = UnloadBlob_PCR_SELECTION(offset, blob, &pcr->pcrSelection)))
958
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, pcr->digestAtRelease.digest, "PCR_INFO digAtRel");
959
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, pcr->digestAtCreation.digest, "PCR_INFO digAtCreate");
965
UnloadBlob_STORED_DATA(UINT64 * offset, BYTE * blob,
966
TCPA_STORED_DATA * data)
968
UnloadBlob_VERSION(offset, blob, &data->ver);
970
UnloadBlob_UINT32(offset, &data->sealInfoSize, blob, "seal info size");
972
if (data->sealInfoSize > 0) {
973
data->sealInfo = (BYTE *)calloc(1, data->sealInfoSize);
974
if (data->sealInfo == NULL) {
975
LogError("malloc of %u bytes failed.", data->sealInfoSize);
976
data->sealInfoSize = 0;
977
return TCSERR(TSS_E_OUTOFMEMORY);
979
UnloadBlob(offset, data->sealInfoSize, blob, data->sealInfo, "seal info");
981
data->sealInfo = NULL;
984
UnloadBlob_UINT32(offset, &data->encDataSize, blob, "encDataSize");
986
if (data->encDataSize > 0) {
987
data->encData = (BYTE *)calloc(1, data->encDataSize);
988
if (data->encData == NULL) {
989
LogError("malloc of %u bytes failed.", data->encDataSize);
990
data->encDataSize = 0;
991
free(data->sealInfo);
992
data->sealInfo = NULL;
993
data->sealInfoSize = 0;
994
return TCSERR(TSS_E_OUTOFMEMORY);
996
UnloadBlob(offset, data->encDataSize, blob, data->encData, "encdata");
998
data->encData = NULL;
1005
LoadBlob_STORED_DATA(UINT64 * offset, BYTE * blob,
1006
TCPA_STORED_DATA * data)
1008
LoadBlob_VERSION(offset, blob, &data->ver);
1010
LoadBlob_UINT32(offset, data->sealInfoSize, blob, "seal info size");
1011
LoadBlob(offset, data->sealInfoSize, blob, data->sealInfo, "seal info");
1012
LoadBlob_UINT32(offset, data->encDataSize, blob, "encSize");
1013
LoadBlob(offset, data->encDataSize, blob, data->encData, "encData");
1017
LoadBlob_KEY_FLAGS(UINT64 * offset, BYTE * blob, TCPA_KEY_FLAGS * flags)
1019
UINT32 tempFlag = 0;
1021
if ((*flags) & migratable)
1022
tempFlag |= TSS_FLAG_MIGRATABLE;
1023
if ((*flags) & redirection)
1024
tempFlag |= TSS_FLAG_REDIRECTION;
1025
if ((*flags) & volatileKey)
1026
tempFlag |= TSS_FLAG_VOLATILE;
1027
LoadBlob_UINT32(offset, tempFlag, blob, "Flags");
1031
UnloadBlob_KEY_FLAGS(UINT64 * offset, BYTE * blob, TCPA_KEY_FLAGS * flags)
1033
UINT32 tempFlag = 0;
1034
memset(flags, 0x00, sizeof (TCPA_KEY_FLAGS));
1036
UnloadBlob_UINT32(offset, &tempFlag, blob, "Flags");
1038
if (tempFlag & redirection)
1039
*flags |= redirection;
1040
if (tempFlag & migratable)
1041
*flags |= migratable;
1042
if (tempFlag & volatileKey)
1043
*flags |= volatileKey;
1047
UnloadBlob_CERTIFY_INFO(UINT64 * offset, BYTE * blob,
1048
TCPA_CERTIFY_INFO * certify)
1052
LogDebug("Certify Info");
1053
UnloadBlob_VERSION(offset, blob, &certify->version);
1054
UnloadBlob_UINT16(offset, &certify->keyUsage, blob, "usage");
354
UnloadBlob(offset, keyParms->parmSize, blob, keyParms->parms);
361
UnloadBlob_KEY_FLAGS(UINT64 *offset, BYTE *blob, TCPA_KEY_FLAGS *flags)
364
UnloadBlob_UINT32(offset, NULL, blob);
369
UnloadBlob_UINT32(offset, flags, blob);
373
UnloadBlob_CERTIFY_INFO(UINT64 *offset, BYTE *blob, TCPA_CERTIFY_INFO *certify)
380
UnloadBlob_VERSION(offset, blob, NULL);
381
UnloadBlob_UINT16(offset, NULL, blob);
382
UnloadBlob_KEY_FLAGS(offset, blob, NULL);
383
UnloadBlob_BOOL(offset, NULL, blob);
385
if ((rc = UnloadBlob_KEY_PARMS(offset, blob, NULL)))
388
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, NULL);
389
UnloadBlob(offset, TCPA_NONCE_SIZE, blob, NULL);
390
UnloadBlob_BOOL(offset, NULL, blob);
391
UnloadBlob_UINT32(offset, &size, blob);
394
UnloadBlob(offset, size, blob, NULL);
399
UnloadBlob_VERSION(offset, blob, (TPM_VERSION *)&certify->version);
400
UnloadBlob_UINT16(offset, &certify->keyUsage, blob);
1055
401
UnloadBlob_KEY_FLAGS(offset, blob, &certify->keyFlags);
1056
UnloadBlob_BOOL(offset, (TSS_BOOL *)&certify->authDataUsage, blob, "authDatausage");
402
UnloadBlob_BOOL(offset, (TSS_BOOL *)&certify->authDataUsage, blob);
1058
404
if ((rc = UnloadBlob_KEY_PARMS(offset, blob, &certify->algorithmParms)))
1061
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, certify->pubkeyDigest.digest, "pubkey digest");
1062
UnloadBlob(offset, TCPA_NONCE_SIZE, blob, certify->data.nonce, "data");
1063
UnloadBlob_BOOL(offset, &certify->parentPCRStatus, blob, "parent pcr status");
1064
UnloadBlob_UINT32(offset, &certify->PCRInfoSize, blob, "pcr info size");
407
UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, certify->pubkeyDigest.digest);
408
UnloadBlob(offset, TCPA_NONCE_SIZE, blob, certify->data.nonce);
409
UnloadBlob_BOOL(offset, (TSS_BOOL *)&certify->parentPCRStatus, blob);
410
UnloadBlob_UINT32(offset, &certify->PCRInfoSize, blob);
1066
412
if (certify->PCRInfoSize > 0) {
1067
413
certify->PCRInfo = (BYTE *)malloc(certify->PCRInfoSize);
1098
455
return TCSERR(TSS_E_OUTOFMEMORY);
1101
for (i = 0; i < list->loaded; i++) {
1102
UnloadBlob_UINT32(offset, &list->handle[i], blob,
1103
"key handle list: handle");
458
for (i = 0; i < list->loaded; i++)
459
UnloadBlob_UINT32(offset, &list->handle[i], blob);
1105
461
return TSS_SUCCESS;
1109
LoadBlob_UUID(UINT64 * offset, BYTE * blob, TSS_UUID uuid)
1111
LoadBlob_UINT32(offset, uuid.ulTimeLow, blob, NULL);
1112
LoadBlob_UINT16(offset, uuid.usTimeMid, blob, NULL);
1113
LoadBlob_UINT16(offset, uuid.usTimeHigh, blob, NULL);
1114
LoadBlob_BYTE(offset, uuid.bClockSeqHigh, blob, NULL);
1115
LoadBlob_BYTE(offset, uuid.bClockSeqLow, blob, NULL);
1116
LoadBlob(offset, 6, blob, uuid.rgbNode, NULL);
1120
UnloadBlob_UUID(UINT64 * offset, BYTE * blob, TSS_UUID *uuid)
1122
memset(uuid, 0, sizeof(TSS_UUID));
1123
UnloadBlob_UINT32(offset, &uuid->ulTimeLow, blob, NULL);
1124
UnloadBlob_UINT16(offset, &uuid->usTimeMid, blob, NULL);
1125
UnloadBlob_UINT16(offset, &uuid->usTimeHigh, blob, NULL);
1126
UnloadBlob_BYTE(offset, &uuid->bClockSeqHigh, blob, NULL);
1127
UnloadBlob_BYTE(offset, &uuid->bClockSeqLow, blob, NULL);
1128
UnloadBlob(offset, 6, blob, uuid->rgbNode, NULL);
1132
destroy_key_refs(TCPA_KEY *key)
1134
free(key->algorithmParms.parms);
1135
key->algorithmParms.parms = NULL;
1136
key->algorithmParms.parmSize = 0;
1138
free(key->pubKey.key);
1139
key->pubKey.key = NULL;
1140
key->pubKey.keyLength = 0;
1143
key->encData = NULL;
1147
key->PCRInfo = NULL;
1148
key->PCRInfoSize = 0;
1151
/* XXX make this a macro */
1153
get_pcr_event_size(TSS_PCR_EVENT *e)
1155
return (sizeof(TSS_PCR_EVENT) + e->ulEventLength + e->ulPcrValueLength);
1159
* Hopefully this will make the code clearer since
1160
* OpenSSL returns 1 on success
1162
#define EVP_SUCCESS 1
1165
Hash(UINT32 HashType, UINT32 BufSize, BYTE* Buf, BYTE* Digest)
1168
unsigned int result_size;
1173
rv = EVP_DigestInit(&md_ctx, EVP_sha1());
1176
rv = TSPERR(TSS_E_BAD_PARAMETER);
1181
if (rv != EVP_SUCCESS) {
1182
rv = TSPERR(TSS_E_INTERNAL_ERROR);
1186
rv = EVP_DigestUpdate(&md_ctx, Buf, BufSize);
1187
if (rv != EVP_SUCCESS) {
1188
rv = TSPERR(TSS_E_INTERNAL_ERROR);
1192
result_size = EVP_MD_CTX_size(&md_ctx);
1193
rv = EVP_DigestFinal(&md_ctx, Digest, &result_size);
1194
if (rv != EVP_SUCCESS) {
1195
rv = TSPERR(TSS_E_INTERNAL_ERROR);
1204
get_credential(int type, UINT32 *size, BYTE **cred)
1209
struct stat stat_buf;
1214
path = tcsd_options.platform_cred;
1217
path = tcsd_options.conformance_cred;
1220
path = tcsd_options.endorsement_cred;
1223
LogDebugFn("Bad credential type");
1230
if ((fd = open(path, O_RDONLY)) < 0) {
1231
LogError("open(%s): %s", path, strerror(errno));
1235
if ((rc = fstat(fd, &stat_buf)) == -1) {
1236
LogError("Error stating credential: %s: %s", path, strerror(errno));
1240
file_size = (size_t)stat_buf.st_size;
1242
LogDebugFn("%s, (%zd bytes)", path, file_size);
1244
file = mmap(0, file_size, PROT_READ, MAP_PRIVATE, fd, 0);
1245
if (file == MAP_FAILED) {
1246
LogError("Error reading credential: %s: %s", path, strerror(errno));
1252
if ((*cred = malloc(file_size)) == NULL) {
1253
LogError("malloc of %zd bytes failed.", file_size);
1254
munmap(file, file_size);
1258
memcpy(*cred, file, file_size);
1260
munmap(file, file_size);
1269
free_external_events(UINT32 eventCount, TSS_PCR_EVENT *ppEvents)
1276
for (j = 0; j < eventCount; j++) {
1277
/* This is a fairly heinous hack, but PCR event logs can get really large
1278
* and without it, there is a real potential to exhaust memory by leaks.
1279
* The PCR event logs that we pull out of securityfs have had their
1280
* rgbPcrValue and rgbEvent pointers malloc'd dynamically as the
1281
* securityfs log was parsed. The other event log lists that are
1282
* maintained by the TCSD don't need to have this data free'd, since that
1283
* will happen at shutdown time only. So, for each PCR index that's
1284
* read from securityfs, we need to free its pointers after that data has
1285
* been set in the packet to send back to the TSP. */
1286
if ((tcsd_options.kernel_pcrs & (1 << ppEvents[j].ulPcrIndex)) ||
1287
(tcsd_options.firmware_pcrs & (1 << ppEvents[j].ulPcrIndex))) {
1288
free(ppEvents[j].rgbPcrValue);
1289
free(ppEvents[j].rgbEvent);
1295
recv_from_socket(int sock, void *buffer, int size)
1297
int recv_size = 0, recv_total = 0;
1299
while (recv_total < size) {
1301
if ((recv_size = recv(sock, buffer+recv_total, size-recv_total, 0)) <= 0) {
1302
if (recv_size < 0) {
1305
LogError("Socket receive connection error: %s.", strerror(errno));
1307
LogDebug("Socket connection closed.");
1312
recv_total += recv_size;
1319
send_to_socket(int sock, void *buffer, int size)
1321
int send_size = 0, send_total = 0;
1323
while (send_total < size) {
1324
if ((send_size = send(sock, buffer+send_total, size-send_total, 0)) < 0) {
1325
LogError("Socket send connection error: %s.", strerror(errno));
1328
send_total += send_size;
465
LoadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest)
467
LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, digest->digest);
471
UnloadBlob_DIGEST(UINT64 *offset, BYTE *blob, TPM_DIGEST *digest)
473
UnloadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, digest->digest);
477
LoadBlob_NONCE(UINT64 *offset, BYTE *blob, TPM_NONCE *nonce)
479
LoadBlob(offset, TCPA_NONCE_SIZE, blob, nonce->nonce);
483
UnloadBlob_NONCE(UINT64 *offset, BYTE *blob, TPM_NONCE *nonce)
485
UnloadBlob(offset, TCPA_NONCE_SIZE, blob, nonce->nonce);
489
LoadBlob_AUTHDATA(UINT64 *offset, BYTE *blob, TPM_AUTHDATA *authdata)
491
LoadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, authdata->authdata);
495
UnloadBlob_AUTHDATA(UINT64 *offset, BYTE *blob, TPM_AUTHDATA *authdata)
497
UnloadBlob(offset, TPM_SHA1_160_HASH_LEN, blob, authdata->authdata);