3
* Licensed Materials - Property of IBM
5
* trousers - An open source TCG Software Stack
7
* (C) Copyright International Business Machines Corp. 2004-2007
17
#include "trousers/tss.h"
18
#include "trousers/trousers.h"
19
#include "trousers_types.h"
20
#include "spi_utils.h"
21
#include "capabilities.h"
27
Tspi_Context_SetTransEncryptionKey(TSS_HCONTEXT hContext, /* in */
28
TSS_HKEY hIdentKey) /* in */
30
if (!obj_is_rsakey(hIdentKey))
31
return TSPERR(TSS_E_INVALID_HANDLE);
33
return obj_context_set_transport_key(hContext, hIdentKey);
37
Tspi_Context_CloseSignTransport(TSS_HCONTEXT hContext, /* in */
38
TSS_HKEY hSigningKey, /* in */
39
TSS_VALIDATION* pValidationData) /* in, out */
47
Trspi_HashCtx hashCtx;
49
TPM_SIGN_INFO signInfo;
51
if (!obj_is_context(hContext))
52
return TSPERR(TSS_E_INVALID_HANDLE);
54
if ((result = obj_rsakey_get_policy(hSigningKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth)))
57
if (pValidationData) {
58
if (pValidationData->ulExternalDataLength != sizeof(TPM_NONCE))
59
return TSPERR(TSS_E_BAD_PARAMETER);
61
memcpy(signInfo.replay.nonce, pValidationData->rgbExternalData, sizeof(TPM_NONCE));
63
if ((result = get_local_random(hContext, FALSE, sizeof(TPM_NONCE),
64
(BYTE **)&signInfo.replay.nonce)))
68
/* the transport sessions properties are kept in the context object itself, so just pass
69
* in what this function provides and let it call ReleaseTransportSigned */
70
if ((result = obj_context_transport_close(hContext, hSigningKey, hPolicy, usesAuth,
71
&signInfo, &sigLen, &sig)))
74
/* inside obj_context_transport_close we set up all the fields of the sign info structure
75
* other than the tag and 'fixed' */
76
signInfo.tag = TPM_TAG_SIGNINFO;
77
signInfo.fixed[0] = 'T';
78
signInfo.fixed[1] = 'R';
79
signInfo.fixed[2] = 'A';
80
signInfo.fixed[3] = 'N';
82
/* hash the sign info struct for use in verifying the TPM's signature */
83
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
84
result |= Trspi_Hash_SIGN_INFO(&hashCtx, &signInfo);
85
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) {
87
return TSPERR(TSS_E_INTERNAL_ERROR);
91
if (pValidationData) {
92
/* tag the returned allocated memory as alloc'd by the TSP */
93
if ((result = add_mem_entry(hContext, sig))) {
95
return TSPERR(TSS_E_INTERNAL_ERROR);
97
pValidationData->rgbValidationData = sig;
98
pValidationData->ulValidationDataLength = sigLen;
100
/* passing a NULL blob here puts the exact size of TPM_SIGN_INFO into offset */
101
Trspi_LoadBlob_SIGN_INFO(&offset, NULL, &signInfo);
102
pValidationData->rgbData = calloc_tspi(hContext, offset);
103
if (pValidationData->rgbData == NULL) {
104
LogError("malloc of %" PRIu64 " bytes failed.", offset);
105
free_tspi(hContext, pValidationData->rgbValidationData);
106
pValidationData->rgbValidationData = NULL;
107
pValidationData->ulValidationDataLength = 0;
108
return TSPERR(TSS_E_OUTOFMEMORY);
110
pValidationData->ulDataLength = (UINT32)offset;
113
Trspi_LoadBlob_SIGN_INFO(&offset, pValidationData->rgbData, &signInfo);
115
result = rsa_verify(hSigningKey, TSS_HASH_SHA1, sizeof(TPM_DIGEST), digest.digest,