← Back to branch summary

~ubuntu-branches/ubuntu/hardy/trousers/hardy-proposed

« back to all changes in this revision

Viewing changes to src/tspi/spi_utils.c

  • Committer: Bazaar Package Importer
  • Author(s): Daniel Baumann
  • Date: 2008-01-23 22:03:00 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20080123220300-fhtqja3c0oq0gp6z
Tags: 0.3.1-4
http://bugs.debian.org/457400
http://bugs.debian.org/459682
* Added patch from Aaron M. Ucko <ucko@debian.org> to allow trousers to
  build successfully on amd64, and presumably also other 64-bit
  architectures (Closes: #457400).
* Including udev rule for /dev/tpm from William Lima
  <wlima.amadeus@gmail.com> as suggested by David Smith <dds@google.com>
  (Closes: #459682).
* Added lintian overrides.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/tspi/spi_utils.c
20
20
#include "trousers/tss.h"
21
21
#include "trousers/trousers.h"
22
22
#include "trousers_types.h"
23
 
#include "spi_internal_types.h"
 
23
#include "trousers_types.h"
24
24
#include "spi_utils.h"
25
25
#include "capabilities.h"
26
26
#include "tsplog.h"
27
27
#include "obj.h"
28
28
 
 
29
 
29
30
TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } };
30
31
 
31
32
TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 };
32
33
 
33
 
int
34
 
pin_mem(void *addr, size_t len)
35
 
{
36
 
        /* only root can lock pages into RAM */
37
 
        if (getuid() != (uid_t)0) {
38
 
                LogWarn("Not pinning secrets in memory due to insufficient perms.");
39
 
                return 0;
40
 
        }
41
 
 
42
 
        if (mlock(addr, len) == -1) {
43
 
                LogError("mlock: %s", strerror(errno));
44
 
                return 1;
45
 
        }
46
 
 
47
 
        return 0;
48
 
}
49
 
 
50
 
int
51
 
unpin_mem(void *addr, size_t len)
52
 
{
53
 
        /* only root can lock pages into RAM */
54
 
        if (getuid() != (uid_t)0) {
55
 
                return 0;
56
 
        }
57
 
 
58
 
        if (munlock(addr, len) == -1) {
59
 
                LogError("mlock: %s", strerror(errno));
60
 
                return 1;
61
 
        }
62
 
 
63
 
        return 0;
64
 
}
65
 
 
66
 
short
67
 
get_port(void)
68
 
{
69
 
        char *env_port;
70
 
        int port = 0;
71
 
 
72
 
        env_port = getenv("TSS_TCSD_PORT");
73
 
 
74
 
        if (env_port == NULL)
75
 
                return TCSD_DEFAULT_PORT;
76
 
 
77
 
        port = atoi(env_port);
78
 
 
79
 
        if (port == 0 || port > 65535)
80
 
                return TCSD_DEFAULT_PORT;
81
 
 
82
 
        return (short)port;
83
 
}
84
 
 
85
 
TSS_RESULT
86
 
internal_GetRandomNonce(TSS_HCONTEXT tspContext, TCPA_NONCE * nonce)
87
 
{
88
 
        TSS_RESULT result;
89
 
        BYTE *random;
90
 
 
91
 
        if ((result = get_local_random(tspContext, sizeof(TCPA_NONCE), &random)))
92
 
                return TSPERR(TSS_E_INTERNAL_ERROR);
93
 
 
94
 
        memcpy(nonce->nonce, random, sizeof(TCPA_NONCE));
95
 
        free_tspi(tspContext, random);
96
 
 
97
 
        return TSS_SUCCESS;
98
 
}
99
 
 
100
 
UINT16
101
 
get_num_pcrs(TCS_CONTEXT_HANDLE hContext)
102
 
{
103
 
        TSS_RESULT result;
104
 
        static UINT16 ret = 0;
105
 
        UINT32 subCap;
106
 
        UINT32 respSize;
107
 
        BYTE *resp;
108
 
 
109
 
        if (ret != 0)
110
 
                return ret;
111
 
 
112
 
        subCap = endian32(TPM_CAP_PROP_PCR);
113
 
        if ((result = TCSP_GetCapability(hContext, TCPA_CAP_PROPERTY, sizeof(UINT32),
114
 
                                         (BYTE *)&subCap, &respSize, &resp))) {
115
 
                if ((resp = (BYTE *)getenv("TSS_DEFAULT_NUM_PCRS")) == NULL)
116
 
                        return TSS_DEFAULT_NUM_PCRS;
117
 
 
118
 
                /* don't set ret here, next time we may be connected */
119
 
                return atoi((char *)resp);
120
 
        }
121
 
 
122
 
        ret = (UINT16)Decode_UINT32(resp);
123
 
        free(resp);
124
 
 
125
 
        return ret;
126
 
}
127
 
 
128
 
TSS_RESULT
129
 
Init_AuthNonce(TSS_HCONTEXT tspContext, TPM_AUTH * auth)
130
 
{
131
 
        TSS_RESULT result;
132
 
 
133
 
        auth->fContinueAuthSession = 0x00;
134
 
        if ((result = internal_GetRandomNonce(tspContext, &auth->NonceOdd))) {
135
 
                LogError("Failed creating random nonce");
136
 
                return TSPERR(TSS_E_INTERNAL_ERROR);
137
 
        }
138
 
 
139
 
        return TSS_SUCCESS;
140
 
}
141
 
 
142
 
TSS_BOOL
143
 
validateReturnAuth(BYTE *secret, BYTE *hash, TPM_AUTH *auth)
144
 
{
145
 
        BYTE digest[20];
146
 
        /* auth is expected to have both nonces and the digest from the TPM */
147
 
        memcpy(digest, &auth->HMAC, 20);
148
 
        HMAC_Auth(secret, hash, auth);
149
 
 
150
 
        return (TSS_BOOL) memcmp(digest, &auth->HMAC, 20);
151
 
}
152
 
 
153
 
void
154
 
HMAC_Auth(BYTE * secret, BYTE * Digest, TPM_AUTH * auth)
155
 
{
156
 
        UINT64 offset;
157
 
        BYTE Blob[61];
158
 
 
159
 
        offset = 0;
160
 
        Trspi_LoadBlob(&offset, 20, Blob, Digest);
161
 
        Trspi_LoadBlob(&offset, 20, Blob, auth->NonceEven.nonce);
162
 
        Trspi_LoadBlob(&offset, 20, Blob, auth->NonceOdd.nonce);
163
 
        Blob[offset++] = auth->fContinueAuthSession;
164
 
 
165
 
        Trspi_HMAC(TSS_HASH_SHA1, 20, secret, offset, Blob, (BYTE *)&auth->HMAC);
166
 
}
167
 
 
168
 
TSS_RESULT
169
 
OSAP_Calc(TSS_HCONTEXT tspContext, UINT16 EntityType, UINT32 EntityValue, BYTE *authSecret,
170
 
          BYTE *usageSecret, BYTE *migSecret, TCPA_ENCAUTH *encAuthUsage, TCPA_ENCAUTH *encAuthMig,
171
 
          BYTE *sharedSecret, TPM_AUTH *auth)
172
 
{
173
 
        TSS_RESULT rc;
174
 
        TCPA_NONCE nonceEvenOSAP;
175
 
        UINT64 offset;
176
 
        BYTE hmacBlob[0x200];
177
 
        BYTE hashBlob[0x200];
178
 
        BYTE xorUsageAuth[20];
179
 
        BYTE xorMigAuth[20];
180
 
        UINT32 i;
181
 
 
182
 
        if ((rc = internal_GetRandomNonce(tspContext, &auth->NonceOdd))) {
183
 
                LogError("Failed creating random nonce");
184
 
                return TSPERR(TSS_E_INTERNAL_ERROR);
185
 
        }
186
 
        auth->fContinueAuthSession = 0x00;
187
 
 
188
 
        if ((rc = TCSP_OSAP(tspContext, EntityType, EntityValue, auth->NonceOdd, &auth->AuthHandle,
189
 
                            &auth->NonceEven, &nonceEvenOSAP))) {
190
 
                if (rc == TCPA_E_RESOURCES) {
191
 
                        int retry = 0;
192
 
                        do {
193
 
                                /* POSIX sleep time, { secs, nanosecs } */
194
 
                                struct timespec t = { 0, AUTH_RETRY_NANOSECS };
195
 
 
196
 
                                nanosleep(&t, NULL);
197
 
 
198
 
                                rc = TCSP_OSAP(tspContext, EntityType, EntityValue, auth->NonceOdd,
199
 
                                               &auth->AuthHandle, &auth->NonceEven, &nonceEvenOSAP);
200
 
                        } while (rc == TCPA_E_RESOURCES && ++retry < AUTH_RETRY_COUNT);
201
 
                }
202
 
 
203
 
                if (rc)
204
 
                        return rc;
205
 
        }
206
 
 
207
 
        offset = 0;
208
 
        Trspi_LoadBlob(&offset, 20, hmacBlob, nonceEvenOSAP.nonce);
209
 
        Trspi_LoadBlob(&offset, 20, hmacBlob, auth->NonceOdd.nonce);
210
 
 
211
 
        Trspi_HMAC(TSS_HASH_SHA1, 20, authSecret, offset, hmacBlob, sharedSecret);
212
 
 
213
 
        offset = 0;
214
 
        Trspi_LoadBlob(&offset, 20, hashBlob, sharedSecret);
215
 
        Trspi_LoadBlob(&offset, 20, hashBlob, auth->NonceEven.nonce);
216
 
 
217
 
        Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, xorUsageAuth);
218
 
 
219
 
        offset = 0;
220
 
        Trspi_LoadBlob(&offset, 20, hashBlob, sharedSecret);
221
 
        Trspi_LoadBlob(&offset, 20, hashBlob, auth->NonceOdd.nonce);
222
 
        Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, xorMigAuth);
223
 
 
224
 
        for (i = 0; i < sizeof(TCPA_ENCAUTH); i++)
225
 
                encAuthUsage->authdata[i] = usageSecret[i] ^ xorUsageAuth[i];
226
 
        for (i = 0; i < sizeof(TCPA_ENCAUTH); i++)
227
 
                encAuthMig->authdata[i] = migSecret[i] ^ xorMigAuth[i];
228
 
 
229
 
        return TSS_SUCCESS;
230
 
}
 
34
struct tcs_api_table tcs_normal_api = {
 
35
#ifdef TSS_BUILD_KEY
 
36
        .LoadKeyByBlob = RPC_LoadKeyByBlob,
 
37
        .EvictKey = RPC_EvictKey,
 
38
        .CreateWrapKey = RPC_CreateWrapKey,
 
39
        .GetPubKey = RPC_GetPubKey,
 
40
#ifdef TSS_BUILD_TSS12
 
41
        .OwnerReadInternalPub = RPC_OwnerReadInternalPub,
 
42
#endif
 
43
#ifdef TSS_BUILD_CERTIFY
 
44
        .CertifyKey = RPC_CertifyKey,
 
45
#endif
 
46
#endif
 
47
#ifdef TSS_BUILD_OWN
 
48
        .OwnerClear = RPC_OwnerClear,
 
49
        .ForceClear = RPC_ForceClear,
 
50
#endif
 
51
#ifdef TSS_BUILD_AUTH
 
52
        .TerminateHandle = RPC_TerminateHandle,
 
53
        .OIAP = RPC_OIAP,
 
54
        .OSAP = RPC_OSAP,
 
55
#endif
 
56
#ifdef TSS_BUILD_CHANGEAUTH
 
57
        .ChangeAuth = RPC_ChangeAuth,
 
58
        .ChangeAuthOwner = RPC_ChangeAuthOwner,
 
59
        .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
 
60
        .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
 
61
#endif
 
62
#ifdef TSS_BUILD_AIK
 
63
        .ActivateTPMIdentity = RPC_ActivateTPMIdentity,
 
64
#endif
 
65
#ifdef TSS_BUILD_PCR_EXTEND
 
66
        .Extend = RPC_Extend,
 
67
        .PcrRead = RPC_PcrRead,
 
68
        .PcrReset = RPC_PcrReset,
 
69
#endif
 
70
#ifdef TSS_BUILD_QUOTE
 
71
        .Quote = RPC_Quote,
 
72
#endif
 
73
#ifdef TSS_BUILD_QUOTE2
 
74
        .Quote2 = RPC_Quote2,
 
75
#endif
 
76
#ifdef TSS_BUILD_DIR
 
77
        .DirWriteAuth = RPC_DirWriteAuth,
 
78
        .DirRead = RPC_DirRead,
 
79
#endif
 
80
#ifdef TSS_BUILD_SEAL
 
81
        .Seal = RPC_Seal,
 
82
        .Sealx = RPC_Sealx,
 
83
        .Unseal = RPC_Unseal,
 
84
#endif
 
85
#ifdef TSS_BUILD_BIND
 
86
        .UnBind = RPC_UnBind,
 
87
#endif
 
88
#ifdef TSS_BUILD_MIGRATION
 
89
        .CreateMigrationBlob = RPC_CreateMigrationBlob,
 
90
        .ConvertMigrationBlob = RPC_ConvertMigrationBlob,
 
91
        .AuthorizeMigrationKey = RPC_AuthorizeMigrationKey,
 
92
#endif
 
93
#ifdef TSS_BUILD_SIGN
 
94
        .Sign = RPC_Sign,
 
95
#endif
 
96
#ifdef TSS_BUILD_RANDOM
 
97
        .GetRandom = RPC_GetRandom,
 
98
        .StirRandom = RPC_StirRandom,
 
99
#endif
 
100
#ifdef TSS_BUILD_CAPS_TPM
 
101
        .GetTPMCapability = RPC_GetTPMCapability,
 
102
        .SetCapability = RPC_SetCapability,
 
103
        .GetCapabilityOwner = RPC_GetCapabilityOwner,
 
104
#endif
 
105
#ifdef TSS_BUILD_EK
 
106
        .CreateEndorsementKeyPair = RPC_CreateEndorsementKeyPair,
 
107
        .ReadPubek = RPC_ReadPubek,
 
108
        .OwnerReadPubek = RPC_OwnerReadPubek,
 
109
#endif
 
110
#ifdef TSS_BUILD_SELFTEST
 
111
        .SelfTestFull = RPC_SelfTestFull,
 
112
        .CertifySelfTest = RPC_CertifySelfTest,
 
113
        .GetTestResult = RPC_GetTestResult,
 
114
#endif
 
115
#ifdef TSS_BUILD_ADMIN
 
116
        .SetOwnerInstall = RPC_SetOwnerInstall,
 
117
        .DisablePubekRead = RPC_DisablePubekRead,
 
118
        .OwnerSetDisable = RPC_OwnerSetDisable,
 
119
        .ResetLockValue = RPC_ResetLockValue,
 
120
        .DisableOwnerClear = RPC_DisableOwnerClear,
 
121
        .DisableForceClear = RPC_DisableForceClear,
 
122
        .PhysicalDisable = RPC_PhysicalDisable,
 
123
        .PhysicalEnable = RPC_PhysicalEnable,
 
124
        .PhysicalSetDeactivated = RPC_PhysicalSetDeactivated,
 
125
        .PhysicalPresence = RPC_PhysicalPresence,
 
126
        .SetTempDeactivated = RPC_SetTempDeactivated,
 
127
        .SetTempDeactivated2 = RPC_SetTempDeactivated2,
 
128
#endif
 
129
#ifdef TSS_BUILD_MAINT
 
130
        .CreateMaintenanceArchive = RPC_CreateMaintenanceArchive,
 
131
        .LoadMaintenanceArchive = RPC_LoadMaintenanceArchive,
 
132
        .KillMaintenanceFeature = RPC_KillMaintenanceFeature,
 
133
        .LoadManuMaintPub = RPC_LoadManuMaintPub,
 
134
        .ReadManuMaintPub = RPC_ReadManuMaintPub,
 
135
#endif
 
136
#ifdef TSS_BUILD_DAA
 
137
        .DaaJoin = RPC_DaaJoin,
 
138
        .DaaSign = RPC_DaaSign,
 
139
#endif
 
140
#ifdef TSS_BUILD_COUNTER
 
141
        .ReadCounter = RPC_ReadCounter,
 
142
        .CreateCounter = RPC_CreateCounter,
 
143
        .IncrementCounter = RPC_IncrementCounter,
 
144
        .ReleaseCounter = RPC_ReleaseCounter,
 
145
        .ReleaseCounterOwner = RPC_ReleaseCounterOwner,
 
146
#endif
 
147
#ifdef TSS_BUILD_TICK
 
148
        .ReadCurrentTicks = RPC_ReadCurrentTicks,
 
149
        .TickStampBlob = RPC_TickStampBlob,
 
150
#endif
 
151
#ifdef TSS_BUILD_NV
 
152
        .NV_DefineOrReleaseSpace = RPC_NV_DefineOrReleaseSpace,
 
153
        .NV_WriteValue = RPC_NV_WriteValue,
 
154
        .NV_WriteValueAuth = RPC_NV_WriteValueAuth,
 
155
        .NV_ReadValue = RPC_NV_ReadValue,
 
156
        .NV_ReadValueAuth = RPC_NV_ReadValueAuth,
 
157
#endif
 
158
#ifdef TSS_BUILD_AUDIT
 
159
        .SetOrdinalAuditStatus = RPC_SetOrdinalAuditStatus,
 
160
        .GetAuditDigest = RPC_GetAuditDigest,
 
161
        .GetAuditDigestSigned = RPC_GetAuditDigestSigned,
 
162
#endif
 
163
#ifdef TSS_BUILD_TSS12
 
164
        .SetOperatorAuth = RPC_SetOperatorAuth,
 
165
        .FlushSpecific = RPC_FlushSpecific,
 
166
#endif
 
167
#ifdef TSS_BUILD_DELEGATION
 
168
        .Delegate_Manage = RPC_Delegate_Manage,
 
169
        .Delegate_CreateKeyDelegation = RPC_Delegate_CreateKeyDelegation,
 
170
        .Delegate_CreateOwnerDelegation = RPC_Delegate_CreateOwnerDelegation,
 
171
        .Delegate_LoadOwnerDelegation = RPC_Delegate_LoadOwnerDelegation,
 
172
        .Delegate_ReadTable = RPC_Delegate_ReadTable,
 
173
        .Delegate_UpdateVerificationCount = RPC_Delegate_UpdateVerificationCount,
 
174
        .Delegate_VerifyDelegation = RPC_Delegate_VerifyDelegation,
 
175
        .DSAP = RPC_DSAP,
 
176
#endif
 
177
        .FieldUpgrade = RPC_FieldUpgrade,
 
178
        .SetRedirection = RPC_SetRedirection,
 
179
};
 
180
 
 
181
struct tcs_api_table tcs_transport_api = {
 
182
#ifdef TSS_BUILD_KEY
 
183
        .LoadKeyByBlob = Transport_LoadKeyByBlob,
 
184
        .EvictKey = Transport_EvictKey,
 
185
        .CreateWrapKey = Transport_CreateWrapKey,
 
186
        .GetPubKey = Transport_GetPubKey,
 
187
#ifdef TSS_BUILD_TSS12
 
188
        .OwnerReadInternalPub = Transport_OwnerReadInternalPub,
 
189
#endif
 
190
#ifdef TSS_BUILD_CERTIFY
 
191
        .CertifyKey = Transport_CertifyKey,
 
192
#endif
 
193
#endif
 
194
#ifdef TSS_BUILD_OWN
 
195
        .OwnerClear = Transport_OwnerClear,
 
196
        .ForceClear = Transport_ForceClear,
 
197
#endif
 
198
#ifdef TSS_BUILD_AUTH
 
199
        .OIAP = Transport_OIAP,
 
200
        .OSAP = Transport_OSAP,
 
201
        .TerminateHandle = Transport_TerminateHandle,
 
202
#endif
 
203
#ifdef TSS_BUILD_CHANGEAUTH
 
204
        .ChangeAuth = Transport_ChangeAuth,
 
205
        .ChangeAuthOwner = Transport_ChangeAuthOwner,
 
206
        .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
 
207
        .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
 
208
#endif
 
209
#ifdef TSS_BUILD_AIK
 
210
        .ActivateTPMIdentity = Transport_ActivateTPMIdentity,
 
211
#endif
 
212
#ifdef TSS_BUILD_PCR_EXTEND
 
213
        .Extend = Transport_Extend,
 
214
        .PcrRead = Transport_PcrRead,
 
215
        .PcrReset = Transport_PcrReset,
 
216
#endif
 
217
#ifdef TSS_BUILD_QUOTE
 
218
        .Quote = Transport_Quote,
 
219
#endif
 
220
#ifdef TSS_BUILD_QUOTE2
 
221
        .Quote2 = Transport_Quote2,
 
222
#endif
 
223
#ifdef TSS_BUILD_DIR
 
224
        .DirWriteAuth = Transport_DirWriteAuth,
 
225
        .DirRead = Transport_DirRead,
 
226
#endif
 
227
#ifdef TSS_BUILD_SEAL
 
228
        .Seal = Transport_Seal,
 
229
        .Sealx = Transport_Sealx,
 
230
        .Unseal = Transport_Unseal,
 
231
#endif
 
232
#ifdef TSS_BUILD_BIND
 
233
        .UnBind = Transport_UnBind,
 
234
#endif
 
235
#ifdef TSS_BUILD_MIGRATION
 
236
        .CreateMigrationBlob = Transport_CreateMigrationBlob,
 
237
        .ConvertMigrationBlob = Transport_ConvertMigrationBlob,
 
238
        .AuthorizeMigrationKey = Transport_AuthorizeMigrationKey,
 
239
#endif
 
240
#ifdef TSS_BUILD_SIGN
 
241
        .Sign = Transport_Sign,
 
242
#endif
 
243
#ifdef TSS_BUILD_RANDOM
 
244
        .GetRandom = Transport_GetRandom,
 
245
        .StirRandom = Transport_StirRandom,
 
246
#endif
 
247
#ifdef TSS_BUILD_CAPS_TPM
 
248
        .GetTPMCapability = Transport_GetTPMCapability,
 
249
        .SetCapability = Transport_SetCapability,
 
250
        .GetCapabilityOwner = Transport_GetCapabilityOwner,
 
251
#endif
 
252
#ifdef TSS_BUILD_EK
 
253
        .ReadPubek = RPC_ReadPubek,
 
254
        .OwnerReadPubek = RPC_OwnerReadPubek,
 
255
#endif
 
256
#ifdef TSS_BUILD_SELFTEST
 
257
        .SelfTestFull = Transport_SelfTestFull,
 
258
        .CertifySelfTest = Transport_CertifySelfTest,
 
259
        .GetTestResult = Transport_GetTestResult,
 
260
#endif
 
261
#ifdef TSS_BUILD_ADMIN
 
262
        .SetOwnerInstall = Transport_SetOwnerInstall,
 
263
        .DisablePubekRead = Transport_DisablePubekRead,
 
264
        .OwnerSetDisable = Transport_OwnerSetDisable,
 
265
        .ResetLockValue = Transport_ResetLockValue,
 
266
        .DisableOwnerClear = Transport_DisableOwnerClear,
 
267
        .DisableForceClear = Transport_DisableForceClear,
 
268
        .PhysicalDisable = Transport_PhysicalDisable,
 
269
        .PhysicalEnable = Transport_PhysicalEnable,
 
270
        .PhysicalSetDeactivated = Transport_PhysicalSetDeactivated,
 
271
        .PhysicalPresence = Transport_PhysicalPresence,
 
272
        .SetTempDeactivated = Transport_SetTempDeactivated,
 
273
        .SetTempDeactivated2 = Transport_SetTempDeactivated2,
 
274
#endif
 
275
#ifdef TSS_BUILD_MAINT
 
276
        .CreateMaintenanceArchive = Transport_CreateMaintenanceArchive,
 
277
        .LoadMaintenanceArchive = Transport_LoadMaintenanceArchive,
 
278
        .KillMaintenanceFeature = Transport_KillMaintenanceFeature,
 
279
        .LoadManuMaintPub = Transport_LoadManuMaintPub,
 
280
        .ReadManuMaintPub = Transport_ReadManuMaintPub,
 
281
#endif
 
282
#ifdef TSS_BUILD_DAA
 
283
        .DaaJoin = RPC_DaaJoin,
 
284
        .DaaSign = RPC_DaaSign,
 
285
#endif
 
286
#ifdef TSS_BUILD_COUNTER
 
287
        .ReadCounter = Transport_ReadCounter,
 
288
        .CreateCounter = RPC_CreateCounter,
 
289
        .IncrementCounter = RPC_IncrementCounter,
 
290
        .ReleaseCounter = RPC_ReleaseCounter,
 
291
        .ReleaseCounterOwner = RPC_ReleaseCounterOwner,
 
292
#endif
 
293
#ifdef TSS_BUILD_TICK
 
294
        .ReadCurrentTicks = Transport_ReadCurrentTicks,
 
295
        .TickStampBlob = Transport_TickStampBlob,
 
296
#endif
 
297
#ifdef TSS_BUILD_NV
 
298
        .NV_DefineOrReleaseSpace = Transport_NV_DefineOrReleaseSpace,
 
299
        .NV_WriteValue = Transport_NV_WriteValue,
 
300
        .NV_WriteValueAuth = Transport_NV_WriteValueAuth,
 
301
        .NV_ReadValue = Transport_NV_ReadValue,
 
302
        .NV_ReadValueAuth = Transport_NV_ReadValueAuth,
 
303
#endif
 
304
#ifdef TSS_BUILD_AUDIT
 
305
        .SetOrdinalAuditStatus = Transport_SetOrdinalAuditStatus,
 
306
        .GetAuditDigest = Transport_GetAuditDigest,
 
307
        .GetAuditDigestSigned = Transport_GetAuditDigestSigned,
 
308
#endif
 
309
#ifdef TSS_BUILD_TSS12
 
310
        .SetOperatorAuth = Transport_SetOperatorAuth,
 
311
        .FlushSpecific = Transport_FlushSpecific,
 
312
#endif
 
313
#ifdef TSS_BUILD_DELEGATION
 
314
        .Delegate_Manage = Transport_Delegate_Manage,
 
315
        .Delegate_CreateKeyDelegation = Transport_Delegate_CreateKeyDelegation,
 
316
        .Delegate_CreateOwnerDelegation = Transport_Delegate_CreateOwnerDelegation,
 
317
        .Delegate_LoadOwnerDelegation = Transport_Delegate_LoadOwnerDelegation,
 
318
        .Delegate_ReadTable = Transport_Delegate_ReadTable,
 
319
        .Delegate_UpdateVerificationCount = Transport_Delegate_UpdateVerificationCount,
 
320
        .Delegate_VerifyDelegation = Transport_Delegate_VerifyDelegation,
 
321
        .DSAP = Transport_DSAP,
 
322
#endif
 
323
        .FieldUpgrade = RPC_FieldUpgrade,
 
324
        .SetRedirection = RPC_SetRedirection,
 
325
};
231
326
 
232
327
UINT16
233
328
Decode_UINT16(BYTE * in)
248
343
}
249
344
 
250
345
void
 
346
UINT64ToArray(UINT64 i, BYTE *out)
 
347
{
 
348
        out[0] = (BYTE) ((i >> 56) & 0xFF);
 
349
        out[1] = (BYTE) ((i >> 48) & 0xFF);
 
350
        out[2] = (BYTE) ((i >> 40) & 0xFF);
 
351
        out[3] = (BYTE) ((i >> 32) & 0xFF);
 
352
        out[4] = (BYTE) ((i >> 24) & 0xFF);
 
353
        out[5] = (BYTE) ((i >> 16) & 0xFF);
 
354
        out[6] = (BYTE) ((i >> 8) & 0xFF);
 
355
        out[7] = (BYTE) i & 0xFF;
 
356
}
 
357
 
 
358
void
251
359
UINT16ToArray(UINT16 i, BYTE * out)
252
360
{
253
361
        out[0] = ((i >> 8) & 0xFF);
254
362
        out[1] = i & 0xFF;
255
363
}
256
364
 
 
365
UINT64
 
366
Decode_UINT64(BYTE *y)
 
367
{
 
368
        UINT64 x = 0;
 
369
 
 
370
        x = y[0];
 
371
        x = ((x << 8) | (y[1] & 0xFF));
 
372
        x = ((x << 8) | (y[2] & 0xFF));
 
373
        x = ((x << 8) | (y[3] & 0xFF));
 
374
        x = ((x << 8) | (y[4] & 0xFF));
 
375
        x = ((x << 8) | (y[5] & 0xFF));
 
376
        x = ((x << 8) | (y[6] & 0xFF));
 
377
        x = ((x << 8) | (y[7] & 0xFF));
 
378
 
 
379
        return x;
 
380
}
 
381
 
257
382
UINT32
258
383
Decode_UINT32(BYTE * y)
259
384
{
274
399
}
275
400
 
276
401
void
277
 
LoadBlob_AUTH(UINT64 * offset, BYTE * blob, TPM_AUTH * auth)
 
402
LoadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth)
278
403
{
279
404
        Trspi_LoadBlob_UINT32(offset, auth->AuthHandle, blob);
280
405
        Trspi_LoadBlob(offset, 20, blob, auth->NonceOdd.nonce);
283
408
}
284
409
 
285
410
void
286
 
UnloadBlob_AUTH(UINT64 * offset, BYTE * blob, TPM_AUTH * auth)
 
411
UnloadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth)
287
412
{
288
413
        Trspi_UnloadBlob(offset, 20, blob, auth->NonceEven.nonce);
289
414
        Trspi_UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob);
290
415
        Trspi_UnloadBlob(offset, 20, blob, (BYTE *)&auth->HMAC);
291
416
}
292
417
 
293
 
void
294
 
LoadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info)
295
 
{
296
 
        Trspi_LoadBlob_UUID(offset, blob, info->keyUUID);
297
 
        Trspi_LoadBlob_UUID(offset, blob, info->parentKeyUUID);
298
 
        Trspi_LoadBlob(offset, TCPA_DIGEST_SIZE, blob, info->paramDigest.digest);
299
 
        Trspi_LoadBlob_UINT32(offset, info->authData.AuthHandle, blob);
300
 
        Trspi_LoadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceOdd.nonce);
301
 
        Trspi_LoadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceEven.nonce);
302
 
        Trspi_LoadBlob_BOOL(offset, info->authData.fContinueAuthSession, blob);
303
 
        Trspi_LoadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->authData.HMAC);
304
 
}
305
 
 
306
 
void
307
 
UnloadBlob_LOADKEY_INFO(UINT64 *offset, BYTE *blob, TCS_LOADKEY_INFO *info)
308
 
{
309
 
        Trspi_UnloadBlob_UUID(offset, blob, &info->keyUUID);
310
 
        Trspi_UnloadBlob_UUID(offset, blob, &info->parentKeyUUID);
311
 
        Trspi_UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->paramDigest.digest);
312
 
        Trspi_UnloadBlob_UINT32(offset, &info->authData.AuthHandle, blob);
313
 
        Trspi_UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceOdd.nonce);
314
 
        Trspi_UnloadBlob(offset, TCPA_NONCE_SIZE, blob, (BYTE *)&info->authData.NonceEven.nonce);
315
 
        Trspi_UnloadBlob_BOOL(offset, &info->authData.fContinueAuthSession, blob);
316
 
        Trspi_UnloadBlob(offset, TCPA_DIGEST_SIZE, blob, (BYTE *)&info->authData.HMAC);
317
 
}
318
 
 
319
 
void
320
 
Trspi_LoadBlob_BOUND_DATA(UINT64 * offset, TCPA_BOUND_DATA bd,
321
 
                UINT32 payloadLength, BYTE * blob)
322
 
{
323
 
        Trspi_LoadBlob_TCPA_VERSION(offset, blob, bd.ver);
324
 
        Trspi_LoadBlob(offset, 1, blob, &bd.payload);
325
 
        Trspi_LoadBlob(offset, payloadLength, blob, bd.payloadData);
326
 
}
327
 
 
328
 
void
329
 
Trspi_LoadBlob_IDENTITY_REQ(UINT64 * offset, BYTE *blob,
330
 
                            TCPA_IDENTITY_REQ *req)
331
 
{
332
 
        Trspi_LoadBlob_UINT32(offset, req->asymSize, blob);
333
 
        Trspi_LoadBlob_UINT32(offset, req->symSize, blob);
334
 
        Trspi_LoadBlob_KEY_PARMS(offset, blob, &req->asymAlgorithm);
335
 
        Trspi_LoadBlob_KEY_PARMS(offset, blob, &req->symAlgorithm);
336
 
        Trspi_LoadBlob(offset, req->asymSize, blob, req->asymBlob);
337
 
        Trspi_LoadBlob(offset, req->symSize, blob, req->symBlob);
338
 
}
339
 
 
340
 
void
341
 
Trspi_LoadBlob_CHANGEAUTH_VALIDATE(UINT64 * offset, BYTE * blob,
342
 
                TCPA_CHANGEAUTH_VALIDATE * caValidate)
343
 
{
344
 
        Trspi_LoadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, caValidate->newAuthSecret.authdata);
345
 
        Trspi_LoadBlob(offset, TCPA_SHA1_160_HASH_LEN, blob, caValidate->n1.nonce);
346
 
}
347
 
 
348
 
 
349
 
TSS_RESULT
350
 
get_tpm_flags(TSS_HCONTEXT tspContext, TSS_HTPM hTPM, UINT32 *volFlags, UINT32 *nonVolFlags)
351
 
{
352
 
        BYTE hashBlob[128];
353
 
        TCPA_DIGEST digest;
354
 
        TPM_AUTH auth;
355
 
        TCPA_VERSION version;
356
 
        TSS_RESULT result;
357
 
        UINT64 offset;
358
 
        TSS_HPOLICY hPolicy;
359
 
 
360
 
        if ((result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hPolicy)))
361
 
                return result;
362
 
 
363
 
        /* do an owner authorized get capability call */
364
 
        UINT32ToArray(TPM_ORD_GetCapabilityOwner, hashBlob);
365
 
        Trspi_Hash(TSS_HASH_SHA1, sizeof(UINT32), hashBlob, digest.digest);
366
 
 
367
 
        if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_GetCapabilityOwner,
368
 
                                              hPolicy, &digest, &auth)))
369
 
                return result;
370
 
 
371
 
        if ((result = TCSP_GetCapabilityOwner(tspContext, &auth, &version, nonVolFlags, volFlags)))
372
 
                return result;
373
 
 
374
 
        offset = 0;
375
 
        Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
376
 
        Trspi_LoadBlob_UINT32(&offset, TPM_ORD_GetCapabilityOwner, hashBlob);
377
 
        Trspi_LoadBlob_TCPA_VERSION(&offset, hashBlob, version);
378
 
        Trspi_LoadBlob_UINT32(&offset, *nonVolFlags, hashBlob);
379
 
        Trspi_LoadBlob_UINT32(&offset, *volFlags, hashBlob);
380
 
 
381
 
        Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
382
 
 
383
 
        return obj_policy_validate_auth_oiap(hPolicy, &digest, &auth);
384
 
}
385
 
 
386
 
TSS_RESULT
387
 
get_local_random(TSS_HCONTEXT tspContext, UINT32 size, BYTE **data)
 
418
/* If alloc is true, we allocate a new buffer for the bytes and set *data to that.
 
419
 * If alloc is false, data is really a BYTE*, so write the bytes directly to that buffer */
 
420
TSS_RESULT
 
421
get_local_random(TSS_HCONTEXT tspContext, TSS_BOOL alloc, UINT32 size, BYTE **data)
388
422
{
389
423
        FILE *f = NULL;
390
424
        BYTE *buf = NULL;
391
425
 
392
426
        f = fopen(TSS_LOCAL_RANDOM_DEVICE, "r");
393
427
        if (f == NULL) {
394
 
                LogError("open of %s failed: %s",
395
 
                         TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
 
428
                LogError("open of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
396
429
                return TSPERR(TSS_E_INTERNAL_ERROR);
397
430
        }
398
431
 
399
 
        buf = calloc_tspi(tspContext, size);
400
 
        if (buf == NULL) {
401
 
                LogError("malloc of %u bytes failed", size);
402
 
                fclose(f);
403
 
                return TSPERR(TSS_E_OUTOFMEMORY);
404
 
        }
 
432
        if (alloc) {
 
433
                buf = calloc_tspi(tspContext, size);
 
434
                if (buf == NULL) {
 
435
                        LogError("malloc of %u bytes failed", size);
 
436
                        fclose(f);
 
437
                        return TSPERR(TSS_E_OUTOFMEMORY);
 
438
                }
 
439
        } else
 
440
                buf = (BYTE *)data;
405
441
 
406
442
        if (fread(buf, size, 1, f) == 0) {
407
 
                LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE,
408
 
                         strerror(errno));
 
443
                LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
409
444
                fclose(f);
410
445
                return TSPERR(TSS_E_INTERNAL_ERROR);
411
446
        }
412
447
 
 
448
        if (alloc)
 
449
                *data = buf;
413
450
        fclose(f);
414
 
        *data = buf;
415
 
 
416
 
        return TSS_SUCCESS;
417
 
}
418
 
 
419
 
TSS_RESULT
420
 
internal_GetCap(TSS_HCONTEXT tspContext, TSS_FLAG capArea, UINT32 subCap,
421
 
                UINT32 * respSize, BYTE ** respData)
422
 
{
423
 
        UINT64 offset = 0;
424
 
        TSS_VERSION v = INTERNAL_CAP_TSP_VERSION;
425
 
 
426
 
        if (capArea == TSS_TSPCAP_VERSION) {
427
 
                if ((*respData = calloc_tspi(tspContext, sizeof(TSS_VERSION))) == NULL)
428
 
                        return TSPERR(TSS_E_OUTOFMEMORY);
429
 
 
430
 
                Trspi_LoadBlob_TSS_VERSION(&offset, *respData, v);
431
 
                *respSize = offset;
432
 
        } else if (capArea == TSS_TSPCAP_ALG) {
433
 
                if ((*respData = calloc_tspi(tspContext, 1)) == NULL)
434
 
                        return TSPERR(TSS_E_OUTOFMEMORY);
435
 
                *respSize = 1;
436
 
 
437
 
                switch (subCap) {
438
 
                        case TSS_ALG_RSA:
439
 
                                (*respData)[0] = INTERNAL_CAP_TSP_ALG_RSA;
440
 
                                break;
441
 
                        case TSS_ALG_AES:
442
 
                                (*respData)[0] = INTERNAL_CAP_TSP_ALG_AES;
443
 
                                break;
444
 
                        case TSS_ALG_SHA:
445
 
                                (*respData)[0] = INTERNAL_CAP_TSP_ALG_SHA;
446
 
                                break;
447
 
                        case TSS_ALG_HMAC:
448
 
                                (*respData)[0] = INTERNAL_CAP_TSP_ALG_HMAC;
449
 
                                break;
450
 
                        case TSS_ALG_DES:
451
 
                                (*respData)[0] = INTERNAL_CAP_TSP_ALG_DES;
452
 
                                break;
453
 
                        case TSS_ALG_3DES:
454
 
                                (*respData)[0] = INTERNAL_CAP_TSP_ALG_3DES;
455
 
                                break;
456
 
                        default:
457
 
                                free_tspi(tspContext, *respData);
458
 
                                return TSPERR(TSS_E_BAD_PARAMETER);
459
 
                }
460
 
        } else if (capArea == TSS_TSPCAP_PERSSTORAGE) {
461
 
                if ((*respData = calloc_tspi(tspContext, 1)) == NULL)
462
 
                        return TSPERR(TSS_E_OUTOFMEMORY);
463
 
 
464
 
                *respSize = 1;
465
 
                (*respData)[0] = INTERNAL_CAP_TSP_PERSSTORAGE;
466
 
        } else
467
 
                return TSPERR(TSS_E_BAD_PARAMETER);
468
 
 
469
 
        return TSS_SUCCESS;
470
 
}
471
 
 
472
 
void
473
 
free_key_refs(TCPA_KEY *key)
474
 
{
475
 
        free(key->algorithmParms.parms);
476
 
        key->algorithmParms.parms = NULL;
477
 
        key->algorithmParms.parmSize = 0;
478
 
 
479
 
        free(key->pubKey.key);
480
 
        key->pubKey.key = NULL;
481
 
        key->pubKey.keyLength = 0;
482
 
 
483
 
        free(key->encData);
484
 
        key->encData = NULL;
485
 
        key->encSize = 0;
486
 
 
487
 
        free(key->PCRInfo);
488
 
        key->PCRInfo = NULL;
489
 
        key->PCRInfoSize = 0;
490
 
}
491
 
 
492
 
TSS_RESULT
493
 
merge_key_hierarchies(TSS_HCONTEXT tspContext, UINT32 tsp_size, TSS_KM_KEYINFO *tsp_hier,
494
 
                      UINT32 tcs_size, TSS_KM_KEYINFO *tcs_hier, UINT32 *merged_size,
495
 
                      TSS_KM_KEYINFO **merged_hier)
496
 
{
497
 
        UINT32 i, j;
498
 
 
499
 
        *merged_hier = malloc((tsp_size + tcs_size) * sizeof(TSS_KM_KEYINFO));
500
 
        if (*merged_hier == NULL) {
501
 
                LogError("malloc of %zu bytes failed.", (tsp_size + tcs_size) *
502
 
                         sizeof(TSS_KM_KEYINFO));
503
 
                return TSPERR(TSS_E_OUTOFMEMORY);
504
 
        }
505
 
 
506
 
        for (i = 0; i < tsp_size; i++)
507
 
                memcpy(&((*merged_hier)[i]), &tsp_hier[i], sizeof(TSS_KM_KEYINFO));
508
 
 
509
 
        for (j = 0; j < tcs_size; j++)
510
 
                memcpy(&((*merged_hier)[i + j]), &tcs_hier[j], sizeof(TSS_KM_KEYINFO));
511
 
 
512
 
        *merged_size = i + j;
513
451
 
514
452
        return TSS_SUCCESS;
515
453
}