← Back to branch summary

~ubuntu-branches/ubuntu/hardy/trousers/hardy-proposed

« back to all changes in this revision

Viewing changes to src/tspi/tsp_seal.c

  • Committer: Bazaar Package Importer
  • Author(s): Daniel Baumann
  • Date: 2008-01-23 22:03:00 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20080123220300-fhtqja3c0oq0gp6z
Tags: 0.3.1-4
http://bugs.debian.org/457400
http://bugs.debian.org/459682
* Added patch from Aaron M. Ucko <ucko@debian.org> to allow trousers to
  build successfully on amd64, and presumably also other 64-bit
  architectures (Closes: #457400).
* Including udev rule for /dev/tpm from William Lima
  <wlima.amadeus@gmail.com> as suggested by David Smith <dds@google.com>
  (Closes: #459682).
* Added lintian overrides.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/tspi/tsp_seal.c
 
1
 
 
2
/*
 
3
 * Licensed Materials - Property of IBM
 
4
 *
 
5
 * trousers - An open source TCG Software Stack
 
6
 *
 
7
 * (C) Copyright International Business Machines Corp. 2007
 
8
 *
 
9
 */
 
10
 
 
11
 
 
12
#include <stdlib.h>
 
13
#include <stdio.h>
 
14
#include <string.h>
 
15
 
 
16
#include "trousers/tss.h"
 
17
#include "trousers/trousers.h"
 
18
#include "trousers_types.h"
 
19
#include "spi_utils.h"
 
20
#include "obj.h"
 
21
#include "tsplog.h"
 
22
#include "authsess.h"
 
23
 
 
24
TSS_RESULT
 
25
sealx_mask_cb(PVOID lpAppData,
 
26
              TSS_HKEY hEncKey,
 
27
              TSS_HENCDATA hEncData,
 
28
              TSS_ALGORITHM_ID algId,
 
29
              UINT32 ulSizeNonces,
 
30
              BYTE *rgbNonceEven,
 
31
              BYTE *rgbNonceOdd,
 
32
              BYTE *rgbNonceEvenOSAP,
 
33
              BYTE *rgbNonceOddOSAP,
 
34
              UINT32 ulDataLength,
 
35
              BYTE *rgbDataToMask,
 
36
              BYTE *rgbMaskedData)
 
37
{
 
38
        UINT32 mgf1SeedLen, sharedSecretLen = sizeof(TPM_DIGEST);
 
39
        BYTE *mgf1Seed, *mgf1Buffer;
 
40
        UINT32 i;
 
41
        TSS_RESULT result;
 
42
        struct authsess *sess = (struct authsess *)lpAppData;
 
43
 
 
44
        mgf1SeedLen = (ulSizeNonces * 2) + strlen("XOR") + sharedSecretLen;
 
45
        if ((mgf1Seed = (BYTE *)calloc(1, mgf1SeedLen)) == NULL) {
 
46
                LogError("malloc of %u bytes failed.", mgf1SeedLen);
 
47
                return TSPERR(TSS_E_OUTOFMEMORY);
 
48
        }
 
49
        mgf1Buffer = mgf1Seed;
 
50
        memcpy(mgf1Buffer, rgbNonceEven, ulSizeNonces);
 
51
        mgf1Buffer += ulSizeNonces;
 
52
        memcpy(mgf1Buffer, rgbNonceOdd, ulSizeNonces);
 
53
        mgf1Buffer += ulSizeNonces;
 
54
        memcpy(mgf1Buffer, "XOR", strlen("XOR"));
 
55
        mgf1Buffer += strlen("XOR");
 
56
        memcpy(mgf1Buffer, sess->sharedSecret.digest, sharedSecretLen);
 
57
 
 
58
        if ((result = Trspi_MGF1(TSS_HASH_SHA1, mgf1SeedLen, mgf1Seed, ulDataLength,
 
59
                                 rgbMaskedData)))
 
60
                goto done;
 
61
 
 
62
        for (i = 0; i < ulDataLength; i++)
 
63
                rgbMaskedData[i] ^= rgbDataToMask[i];
 
64
 
 
65
done:
 
66
        free(mgf1Seed);
 
67
 
 
68
        return result;
 
69
}
 
70
 
 
71
#ifdef TSS_BUILD_TRANSPORT
 
72
TSS_RESULT
 
73
Transport_Seal(TSS_HCONTEXT tspContext,    /* in */
 
74
               TCS_KEY_HANDLE keyHandle,   /* in */
 
75
               TCPA_ENCAUTH *encAuth,       /* in */
 
76
               UINT32 pcrInfoSize, /* in */
 
77
               BYTE * PcrInfo,     /* in */
 
78
               UINT32 inDataSize,  /* in */
 
79
               BYTE * inData,      /* in */
 
80
               TPM_AUTH * pubAuth, /* in, out */
 
81
               UINT32 * SealedDataSize,    /* out */
 
82
               BYTE ** SealedData) /* out */
 
83
{
 
84
        TSS_RESULT result;
 
85
        UINT32 handlesLen, decLen, dataLen;
 
86
        TCS_HANDLE *handles, handle;
 
87
        TPM_DIGEST pubKeyHash;
 
88
        Trspi_HashCtx hashCtx;
 
89
        UINT64 offset;
 
90
        BYTE *data, *dec;
 
91
 
 
92
 
 
93
        if ((result = obj_context_transport_init(tspContext)))
 
94
                return result;
 
95
 
 
96
        LogDebugFn("Executing in a transport session");
 
97
 
 
98
        if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest)))
 
99
                return result;
 
100
 
 
101
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
102
        result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest);
 
103
        if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest)))
 
104
                return result;
 
105
 
 
106
        handlesLen = 1;
 
107
        handle = keyHandle;
 
108
        handles = &handle;
 
109
 
 
110
        dataLen = (2 * sizeof(UINT32)) + sizeof(TPM_ENCAUTH) + pcrInfoSize + inDataSize;
 
111
        if ((data = malloc(dataLen)) == NULL) {
 
112
                LogError("malloc of %u bytes failed", dataLen);
 
113
                return TSPERR(TSS_E_OUTOFMEMORY);
 
114
        }
 
115
 
 
116
        offset = 0;
 
117
        Trspi_LoadBlob_DIGEST(&offset, data, (TPM_DIGEST *)encAuth);
 
118
        Trspi_LoadBlob_UINT32(&offset, pcrInfoSize, data);
 
119
        Trspi_LoadBlob(&offset, pcrInfoSize, data, PcrInfo);
 
120
        Trspi_LoadBlob_UINT32(&offset, inDataSize, data);
 
121
        Trspi_LoadBlob(&offset, inDataSize, data, inData);
 
122
 
 
123
        if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Seal, dataLen, data,
 
124
                                                    &pubKeyHash, &handlesLen, &handles, pubAuth,
 
125
                                                    NULL, &decLen, &dec)))
 
126
                return result;
 
127
 
 
128
        *SealedDataSize = decLen;
 
129
        *SealedData = dec;
 
130
 
 
131
        return result;
 
132
}
 
133
 
 
134
TSS_RESULT
 
135
Transport_Sealx(TSS_HCONTEXT tspContext,   /* in */
 
136
                TCS_KEY_HANDLE keyHandle,  /* in */
 
137
                TCPA_ENCAUTH *encAuth,      /* in */
 
138
                UINT32 pcrInfoSize,        /* in */
 
139
                BYTE * PcrInfo,    /* in */
 
140
                UINT32 inDataSize, /* in */
 
141
                BYTE * inData,     /* in */
 
142
                TPM_AUTH * pubAuth,        /* in, out */
 
143
                UINT32 * SealedDataSize,   /* out */
 
144
                BYTE ** SealedData)        /* out */
 
145
{
 
146
        TSS_RESULT result;
 
147
        UINT32 handlesLen, decLen, dataLen;
 
148
        TCS_HANDLE *handles, handle;
 
149
        TPM_DIGEST pubKeyHash;
 
150
        Trspi_HashCtx hashCtx;
 
151
        UINT64 offset;
 
152
        BYTE *data, *dec;
 
153
 
 
154
 
 
155
        if ((result = obj_context_transport_init(tspContext)))
 
156
                return result;
 
157
 
 
158
        LogDebugFn("Executing in a transport session");
 
159
 
 
160
        if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest)))
 
161
                return result;
 
162
 
 
163
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
164
        result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest);
 
165
        if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest)))
 
166
                return result;
 
167
 
 
168
        handlesLen = 1;
 
169
        handle = keyHandle;
 
170
        handles = &handle;
 
171
 
 
172
        dataLen = (2 * sizeof(UINT32)) + sizeof(TPM_ENCAUTH) + pcrInfoSize + inDataSize;
 
173
        if ((data = malloc(dataLen)) == NULL) {
 
174
                LogError("malloc of %u bytes failed", dataLen);
 
175
                return TSPERR(TSS_E_OUTOFMEMORY);
 
176
        }
 
177
 
 
178
        offset = 0;
 
179
        Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encAuth->authdata);
 
180
        Trspi_LoadBlob_UINT32(&offset, pcrInfoSize, data);
 
181
        Trspi_LoadBlob(&offset, pcrInfoSize, data, PcrInfo);
 
182
        Trspi_LoadBlob_UINT32(&offset, inDataSize, data);
 
183
        Trspi_LoadBlob(&offset, inDataSize, data, inData);
 
184
 
 
185
        if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Sealx, dataLen, data,
 
186
                                                    &pubKeyHash, &handlesLen, &handles, pubAuth,
 
187
                                                    NULL, &decLen, &dec)))
 
188
                return result;
 
189
 
 
190
        *SealedDataSize = decLen;
 
191
        *SealedData = dec;
 
192
 
 
193
        return result;
 
194
}
 
195
 
 
196
TSS_RESULT
 
197
Transport_Unseal(TSS_HCONTEXT tspContext,  /* in */
 
198
                 TCS_KEY_HANDLE parentHandle,      /* in */
 
199
                 UINT32 SealedDataSize,    /* in */
 
200
                 BYTE * SealedData,        /* in */
 
201
                 TPM_AUTH * parentAuth,    /* in, out */
 
202
                 TPM_AUTH * dataAuth,      /* in, out */
 
203
                 UINT32 * DataSize,        /* out */
 
204
                 BYTE ** Data)     /* out */
 
205
{
 
206
        UINT64 offset;
 
207
        TSS_RESULT result;
 
208
        UINT32 handlesLen, decLen;
 
209
        TCS_HANDLE *handles, handle;
 
210
        TPM_DIGEST pubKeyHash;
 
211
        Trspi_HashCtx hashCtx;
 
212
        BYTE *dec;
 
213
 
 
214
 
 
215
        if ((result = obj_context_transport_init(tspContext)))
 
216
                return result;
 
217
 
 
218
        LogDebugFn("Executing in a transport session");
 
219
 
 
220
        if ((result = obj_tcskey_get_pubkeyhash(parentHandle, pubKeyHash.digest)))
 
221
                return result;
 
222
 
 
223
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
224
        result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest);
 
225
        if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest)))
 
226
                return result;
 
227
 
 
228
        handlesLen = 1;
 
229
        handle = parentHandle;
 
230
        handles = &handle;
 
231
 
 
232
        if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Unseal, SealedDataSize,
 
233
                                                    SealedData, &pubKeyHash, &handlesLen, &handles,
 
234
                                                    parentAuth, dataAuth, &decLen, &dec)))
 
235
                return result;
 
236
 
 
237
        offset = 0;
 
238
        Trspi_UnloadBlob_UINT32(&offset, DataSize, dec);
 
239
 
 
240
        if ((*Data = malloc(*DataSize)) == NULL) {
 
241
                free(dec);
 
242
                LogError("malloc of %u bytes failed", *DataSize);
 
243
                return TSPERR(TSS_E_OUTOFMEMORY);
 
244
        }
 
245
        Trspi_UnloadBlob(&offset, *DataSize, dec, *Data);
 
246
 
 
247
        free(dec);
 
248
 
 
249
        return result;
 
250
}
 
251
#endif