3
* Licensed Materials - Property of IBM
5
* trousers - An open source TCG Software Stack
7
* (C) Copyright International Business Machines Corp. 2004
16
#include "trousers/tss.h"
17
#include "spi_internal_types.h"
18
#include "tcs_internal_types.h"
20
#include "tcs_utils.h"
21
#include "tcs_int_literals.h"
22
#include "capabilities.h"
28
TCS_RegisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
29
TSS_UUID *WrappingKeyUUID, /* in */
30
TSS_UUID *KeyUUID, /* in */
31
UINT32 cKeySize, /* in */
32
BYTE * rgbKey, /* in */
33
UINT32 cVendorData, /* in */
34
BYTE * gbVendorData /* in */
40
if ((result = ctx_verify_context(hContext)))
43
/* Check if key is already regisitered */
44
if (isUUIDRegistered(KeyUUID, &is_reg) != TSS_SUCCESS) {
45
LogError("Failed checking if UUID is registered.");
46
return TCSERR(TSS_E_INTERNAL_ERROR);
50
LogDebug("UUID is already registered");
51
return TCSERR(TSS_E_KEY_ALREADY_REGISTERED);
54
LogDebugUnrollKey(rgbKey);
56
/* Go ahead and store it in system persistant storage */
57
if ((result = ps_write_key(KeyUUID, WrappingKeyUUID, gbVendorData,
58
cVendorData, rgbKey, cKeySize))) {
59
LogError("Error writing key to file");
67
TCSP_UnregisterKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
68
TSS_UUID KeyUUID /* in */
73
if ((result = ctx_verify_context(hContext)))
76
return ps_remove_key(&KeyUUID);
80
TCS_EnumRegisteredKeys_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
81
TSS_UUID * pKeyUUID, /* in */
82
UINT32 * pcKeyHierarchySize, /* out */
83
TSS_KM_KEYINFO ** ppKeyHierarchy /* out */
86
TSS_RESULT result = TSS_SUCCESS;
88
TSS_KM_KEYINFO *ret = NULL;
90
struct key_disk_cache *disk_ptr, *tmp_ptrs[MAX_KEY_CHILDREN];
91
struct key_mem_cache *mem_ptr;
92
TSS_BOOL is_reg = FALSE;
94
LogDebug("Enum Reg Keys");
96
if (pcKeyHierarchySize == NULL || ppKeyHierarchy == NULL)
97
return TCSERR(TSS_E_BAD_PARAMETER);
99
if ((result = ctx_verify_context(hContext)))
102
if (pKeyUUID != NULL) {
103
/* First have to verify the key is registered */
104
if ((result = isUUIDRegistered(pKeyUUID, &is_reg)))
107
if (is_reg == FALSE) {
108
/* This return code is not listed as possible in the TSS 1.1 spec,
109
* but it makes more sense than just TCS_SUCCESS or TSS_E_FAIL */
110
return TCSERR(TSS_E_PS_KEY_NOTFOUND);
114
/* this entire operation needs to be atomic wrt registered keys. We must
115
* lock the mem cache as well to test if a given key is loaded. */
116
pthread_mutex_lock(&disk_cache_lock);
117
pthread_mutex_lock(&mem_cache_lock);
119
/* return an array of all registered keys if pKeyUUID == NULL */
120
if (pKeyUUID == NULL) {
121
/* determine the number of registered keys */
122
for (disk_ptr = key_disk_cache_head; disk_ptr; disk_ptr = disk_ptr->next) {
123
if (disk_ptr->flags & CACHE_FLAG_VALID)
127
/* malloc a structure for each of them */
129
ret = calloc(count, sizeof(TSS_KM_KEYINFO));
131
LogError("malloc of %zd bytes failed.",
132
(count * sizeof(TSS_KM_KEYINFO)));
134
result = TCSERR(TSS_E_OUTOFMEMORY);
141
/* fill out the structure for each key */
143
for (disk_ptr = key_disk_cache_head; disk_ptr; disk_ptr = disk_ptr->next) {
144
if (disk_ptr->flags & CACHE_FLAG_VALID) {
145
/* look for a mem cache entry to check if its loaded */
146
for (mem_ptr = key_mem_cache_head; mem_ptr; mem_ptr = mem_ptr->next) {
147
if (!memcmp(&mem_ptr->uuid, &disk_ptr->uuid, sizeof(TSS_UUID))) {
148
if ((result = fill_key_info(disk_ptr, mem_ptr, &ret[i]))) {
157
/* if there is no mem cache entry for this key, go ahead and call
158
* fill_key_info(), it will pull everything from disk */
159
if (mem_ptr == NULL) {
160
if ((result = fill_key_info(disk_ptr, NULL, &ret[i]))) {
171
/* return a chain of a key and its parents up to the SRK */
172
/* determine the number of keys in the chain */
173
memcpy(&tmp_uuid, pKeyUUID, sizeof(TSS_UUID));
174
disk_ptr = key_disk_cache_head;
175
while (disk_ptr != NULL && count < MAX_KEY_CHILDREN)
177
if (disk_ptr->flags & CACHE_FLAG_VALID &&
178
!memcmp(&disk_ptr->uuid, &tmp_uuid, sizeof(TSS_UUID)))
180
/* increment count, then search for the parent */
182
/* save a pointer to this cache entry */
183
tmp_ptrs[count - 1] = disk_ptr;
184
/* if the parent of this key is NULL, we're at the root of the tree */
185
if (!memcmp(&disk_ptr->parent_uuid, &NULL_UUID, sizeof(TSS_UUID)))
187
/* overwrite tmp_uuid with the parent, which we will now search for */
188
memcpy(&tmp_uuid, &disk_ptr->parent_uuid, sizeof(TSS_UUID));
189
disk_ptr = key_disk_cache_head;
192
disk_ptr = disk_ptr->next;
194
/* when we reach this point, we have an array of TSS_UUID's that leads from the
195
* requested key up to the SRK*/
197
/* malloc a structure for each of them */
199
ret = calloc(count, sizeof(TSS_KM_KEYINFO));
201
LogError("malloc of %zd bytes failed.",
202
(count * sizeof(TSS_KM_KEYINFO)));
204
result = TCSERR(TSS_E_OUTOFMEMORY);
211
for (i = 0; i < count; i++) {
212
/* look for a mem cache entry to check if its loaded */
213
for (mem_ptr = key_mem_cache_head; mem_ptr; mem_ptr = mem_ptr->next) {
214
if (!memcmp(&mem_ptr->uuid, &tmp_ptrs[i]->uuid, sizeof(TSS_UUID))) {
215
if ((result = fill_key_info(tmp_ptrs[i], mem_ptr, &ret[i]))) {
224
/* if there is no mem cache entry for this key, go ahead and call
225
* fill_key_info(), it will pull everything from disk */
226
if (mem_ptr == NULL) {
227
if ((result = fill_key_info(tmp_ptrs[i], NULL, &ret[i]))) {
238
pthread_mutex_unlock(&disk_cache_lock);
239
pthread_mutex_unlock(&mem_cache_lock);
241
*ppKeyHierarchy = ret;
242
*pcKeyHierarchySize = count;
248
TCS_GetRegisteredKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
249
TSS_UUID *KeyUUID, /* in */
250
TSS_KM_KEYINFO ** ppKeyInfo /* out */
255
BYTE tcpaKeyBlob[1024];
257
UINT16 keySize = sizeof (tcpaKeyBlob);
260
/* This should be set in case we return before the malloc */
263
if ((result = ctx_verify_context(hContext)))
266
if ((result = ps_get_key_by_uuid(KeyUUID, tcpaKeyBlob, &keySize))) {
267
return TCSERR(TSS_E_PS_KEY_NOTFOUND);
270
if ((result = getParentUUIDByUUID(KeyUUID, &parentUUID)))
271
return TCSERR(TSS_E_FAIL);
273
*ppKeyInfo = malloc(sizeof(TSS_KM_KEYINFO));
274
if (*ppKeyInfo == NULL) {
275
LogError("malloc of %zd bytes failed.", sizeof(TSS_KM_KEYINFO));
276
return TCSERR(TSS_E_OUTOFMEMORY);
280
UnloadBlob_KEY(&offset, tcpaKeyBlob, &tcpaKey);
282
(*ppKeyInfo)->bAuthDataUsage = tcpaKey.authDataUsage;
284
(*ppKeyInfo)->fIsLoaded = FALSE;
286
(*ppKeyInfo)->versionInfo.bMajor = tcpaKey.ver.major;
287
(*ppKeyInfo)->versionInfo.bMinor = tcpaKey.ver.minor;
288
(*ppKeyInfo)->versionInfo.bRevMajor = tcpaKey.ver.revMajor;
289
(*ppKeyInfo)->versionInfo.bRevMinor = tcpaKey.ver.revMinor;
291
memcpy(&((*ppKeyInfo)->keyUUID), KeyUUID, sizeof(TSS_UUID));
293
(*ppKeyInfo)->ulVendorDataLength = 0;
294
(*ppKeyInfo)->rgbVendorData = 0;
296
memcpy(&((*ppKeyInfo)->parentKeyUUID), &parentUUID, sizeof(TSS_UUID));
301
TCS_GetRegisteredKeyBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
302
TSS_UUID *KeyUUID, /* in */
303
UINT32 * pcKeySize, /* out */
304
BYTE ** prgbKey /* out */
311
if ((result = ctx_verify_context(hContext)))
314
keySize = sizeof(buffer);
315
if ((result = ps_get_key_by_uuid(KeyUUID, buffer, &keySize)))
316
return TCSERR(TSS_E_PS_KEY_NOTFOUND);
318
*prgbKey = calloc(1, keySize);
319
if (*prgbKey == NULL) {
320
LogError("malloc of %d bytes failed.", keySize);
321
return TCSERR(TSS_E_OUTOFMEMORY);
323
memcpy(*prgbKey, buffer, keySize);
325
*pcKeySize = keySize;
331
TCSP_LoadKeyByBlob_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
332
TCS_KEY_HANDLE hUnwrappingKey, /* in */
333
UINT32 cWrappedKeyBlobSize, /* in */
334
BYTE * rgbWrappedKeyBlob, /* in */
335
TPM_AUTH * pAuth, /* in, out */
336
TCS_KEY_HANDLE * phKeyTCSI, /* out */
337
TCS_KEY_HANDLE * phKeyHMAC /* out */
344
TCPA_KEY_HANDLE myKeySlot;
345
TCS_KEY_HANDLE myTcsKeyHandle;
346
TCPA_STORE_PUBKEY *parentPubKey = NULL;
347
TCPA_KEY_HANDLE parentKeySlot;
348
TSS_BOOL needToSendPacket = TRUE, canLoad;
349
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
352
LogDebugUnrollKey(rgbWrappedKeyBlob);
354
if ((result = ctx_verify_context(hContext)))
358
LogDebug("Auth Used");
359
if ((result = auth_mgr_check(hContext, pAuth->AuthHandle)))
362
LogDebug("No Auth Used");
366
memset(&key, 0, sizeof(TCPA_KEY));
367
if ((result = UnloadBlob_KEY(&offset, rgbWrappedKeyBlob, &key)))
369
cWrappedKeyBlobSize = offset;
371
/******************************************
372
* The first thing to make sure is that the parent is loaded.
373
* If the parentKeySlot is invalid, then it either wasn't found in the cache
374
* or it was evicted. Then checking if it was ever in the cache by calling
375
* getParentPubByPub will tell us whether or not there is an error. If this
376
* unregistered parent was never loaded by the user, then he's hosed and
377
* this is an error. If there is knowledge, then the shim is called to load
378
* the parent by it's public key.
379
*********************************************/
381
/* Check the mem cache to see if there is a TPM handle associated with the
382
* parent's TCS handle */
383
LogDebugFn("calling mc_get_slot_by_handle");
384
if ((parentKeySlot = mc_get_slot_by_handle(hUnwrappingKey)) == NULL_TPM_HANDLE) {
385
LogDebugFn("calling mc_get_pub_by_slot");
386
parentPubKey = mc_get_pub_by_slot(hUnwrappingKey);
387
if (parentPubKey == NULL) {
388
result = TCSERR(TCS_E_KM_LOADFAILED);
391
LogDebugFn("calling LoadKeyShim");
392
/* Otherwise, try to load it using the shim */
393
if ((result = LoadKeyShim(hContext, parentPubKey, NULL, &parentKeySlot)))
396
/*******************************************
398
*If it passes, we had prior knowledge of this key and we can avoid redundant copies of it
399
*******************************************/
401
/*--- If it's an authorized load, then assume that we brute-force load it every time */
403
LogDebugFn("Checking if LoadKeyByBlob can be avoided by using"
406
myTcsKeyHandle = mc_get_handle_by_pub(&key.pubKey, hUnwrappingKey);
407
if (myTcsKeyHandle != NULL_TCS_HANDLE) {
408
LogDebugFn("tcs key handle exists");
410
myKeySlot = mc_get_slot_by_handle(myTcsKeyHandle);
411
if (myKeySlot != NULL_TPM_HANDLE && isKeyLoaded(myKeySlot) == TRUE) {
412
needToSendPacket = FALSE;
413
LogDebugFn("Don't need to reload this key.");
414
result = TSS_SUCCESS;
415
goto add_cache_entry;
420
/******************************************
421
*Now we just have to check if there is enough room in the chip.
422
*********************************************/
424
LogDebugFn("calling canILoadThisKey");
425
if ((result = canILoadThisKey(&(key.algorithmParms), &canLoad)))
428
if (canLoad == FALSE) {
429
LogDebugFn("calling evictFirstKey");
430
/* Evict a key that isn't the parent */
431
if ((result = evictFirstKey(hUnwrappingKey)))
435
LogDebugFn("Entering LoadKey by blob");
437
/****************************************
438
* Now the parent is loaded and all of the info is ready.
439
* Send the loadkey command. If the auth is a NULL Pointer
440
* then this represents a NoAuth load
441
********************************************/
444
LoadBlob_UINT32(&offset, parentKeySlot, txBlob, "parentHandle");
445
LoadBlob(&offset, cWrappedKeyBlobSize, txBlob, rgbWrappedKeyBlob, "wrapped blob");
447
LoadBlob_Auth(&offset, txBlob, pAuth);
448
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_LoadKey, txBlob);
450
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_LoadKey, txBlob);
452
LogDebugUnrollKey(rgbWrappedKeyBlob);
453
LogDebugFn("Submitting request to the TPM");
454
if ((result = req_mgr_submit_req(txBlob)))
457
if (needToSendPacket == TRUE) {
458
LogDebugFn("calling UnloadBlob_Header");
459
if ((result = UnloadBlob_Header(txBlob, ¶mSize))) {
460
LogDebugFn("UnloadBlob_Header failed: rc=0x%x", result);
465
/*--- Finish unloading the stuff */
466
UnloadBlob_UINT32(&offset, &myKeySlot, txBlob, "handle back");
468
UnloadBlob_Auth(&offset, txBlob, pAuth);
471
LogDebugFn("Key slot is 0x%x", myKeySlot);
474
/***************************************
475
*See if a TCSKeyHandle already exists.
476
* If it's 0, then it doesn't exist, and we need new knowledge of the key.
477
* If it exists, then just register the new keySlot with that existing handle
478
*****************************************/
480
LogDebugFn("calling mc_get_handle_by_pub");
482
if ((myTcsKeyHandle = mc_get_handle_by_pub(&key.pubKey, hUnwrappingKey))
483
== NULL_TCS_HANDLE) {
484
LogDebugFn("No existing key handle for this key, need to create a new one");
485
/* Get a new TCS Key Handle */
486
myTcsKeyHandle = getNextTcsKeyHandle();
487
/* if it was an authorized load, then we can't make complete knowledge about it */
489
/* Add this info to the memory cache */
492
destroy_key_refs(key);
493
if ((result = UnloadBlob_KEY(&offset, rgbWrappedKeyBlob, key)))
497
LogDebugFn("calling mc_add_entry, TCS handle: 0x%x,"
498
" TPM handle 0x%x", myTcsKeyHandle, myKeySlot);
499
if ((result = mc_add_entry(myTcsKeyHandle, myKeySlot, &key)))
502
LogDebugFn("ctx_mark_key_loaded");
503
if (ctx_mark_key_loaded(hContext, myTcsKeyHandle)) {
504
LogError("Error marking key as loaded");
505
result = TCSERR(TSS_E_INTERNAL_ERROR);
509
if ((result = mc_set_parent_by_handle(myTcsKeyHandle, hUnwrappingKey))) {
510
LogError("setParentBlobByHandle failed.");
514
mc_set_slot_by_handle(myTcsKeyHandle, myKeySlot);
516
result = TSS_SUCCESS;
518
/* Setup the outHandles */
519
*phKeyTCSI = myTcsKeyHandle;
520
*phKeyHMAC = myKeySlot;
522
LogDebugFn("Key handles for loadKeyByBlob slot:%.8X tcshandle:%.8X",
523
myKeySlot, myTcsKeyHandle);
525
destroy_key_refs(&key);
526
auth_mgr_release_auth(pAuth, NULL, hContext);
531
TCSP_LoadKeyByUUID_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
532
TSS_UUID *KeyUUID, /* in */
533
TCS_LOADKEY_INFO * pLoadKeyInfo, /* in, out */
534
TCS_KEY_HANDLE * phKeyTCSI /* out */
537
UINT32 keyslot = 0, keySize;
540
BYTE keyBlob[0x1000];
541
UINT16 blobSize = sizeof(keyBlob);
543
TCS_KEY_HANDLE parentTCSKeyHandle;
545
LogDebugFn("Enter: uuid: 0x%lx auth? 0x%x ***********", (unsigned long)KeyUUID,
546
pLoadKeyInfo == NULL ? 0xdeadbeef : pLoadKeyInfo->authData.AuthHandle);
548
if ((result = ctx_verify_context(hContext)))
551
memset(&parentUuid, 0, sizeof(TSS_UUID));
554
memcmp(&pLoadKeyInfo->parentKeyUUID, &parentUuid, sizeof(TSS_UUID))) {
555
if (ps_get_key_by_uuid(&pLoadKeyInfo->keyUUID, keyBlob, &blobSize))
556
return TCSERR(TSS_E_PS_KEY_NOTFOUND);
558
if (mc_get_handles_by_uuid(&pLoadKeyInfo->parentKeyUUID, &parentTCSKeyHandle,
560
return TCSERR(TCS_E_KM_LOADFAILED);
562
return TCSP_LoadKeyByBlob_Internal(hContext, parentTCSKeyHandle,
564
&pLoadKeyInfo->authData,
565
phKeyTCSI, &keyslot);
568
/* if KeyUUID is already loaded, increment the ref count and return */
569
if (mc_get_handles_by_uuid(KeyUUID, phKeyTCSI, &keyslot) == TSS_SUCCESS) {
571
if (ctx_mark_key_loaded(hContext, *phKeyTCSI)) {
572
LogError("Error marking key as loaded");
573
return TCSERR(TSS_E_INTERNAL_ERROR);
578
/*********************************************************************
579
* The first thing to do in this func is setup all the info and make sure
580
* that we get it all from either the keyfile or the keyCache
581
* also, it's important to return if the key is already loaded
582
***********************************************************************/
583
LogDebugFn("calling ps_get_key_by_uuid");
584
if (ps_get_key_by_uuid(KeyUUID, keyBlob, &blobSize))
585
return TCSERR(TSS_E_PS_KEY_NOTFOUND);
586
/* convert UINT16 to UIN32 */
589
LogDebugFn("calling getParentUUIDByUUID");
590
/*--- Get my parent's UUID. Since My key is registered, my parent should be as well. */
591
if ((result = getParentUUIDByUUID(KeyUUID, &parentUuid)))
592
return TCSERR(TCS_E_KM_LOADFAILED);
594
if ((result = TCSP_LoadKeyByUUID_Internal(hContext, &parentUuid,
595
pLoadKeyInfo, &parentTCSKeyHandle)))
598
LogDebugFn("calling TCSP_LoadKeyByBlob_Internal");
599
/*******************************************************
600
* If no errors have happend up till now, then the parent is loaded and ready for use.
601
* The parent's TCS Handle should be in parentTCSKeyHandle.
602
******************************************************/
603
if ((result = TCSP_LoadKeyByBlob_Internal(hContext, parentTCSKeyHandle,
606
phKeyTCSI, &keyslot))) {
607
LogDebugFn("TCSP_LoadKeyByBlob_Internal returned 0x%x", result);
608
if (result == TCPA_E_AUTHFAIL && pLoadKeyInfo) {
611
/* set up a load key info struct */
612
memcpy(&pLoadKeyInfo->parentKeyUUID, &parentUuid, sizeof(TSS_UUID));
613
memcpy(&pLoadKeyInfo->keyUUID, KeyUUID, sizeof(TSS_UUID));
615
/* calculate the paramDigest */
617
LoadBlob_UINT32(&offset, TPM_ORD_LoadKey, blob, NULL);
618
LoadBlob(&offset, keySize, blob, keyBlob, NULL);
619
if (Hash(TSS_HASH_SHA1, offset, blob,
620
(BYTE *)&pLoadKeyInfo->paramDigest.digest))
621
result = TCSERR(TSS_E_INTERNAL_ERROR);
623
result = TCSERR(TCS_E_KM_LOADFAILED);
631
TCSP_EvictKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
632
TCS_KEY_HANDLE hKey /* in */
636
TCPA_KEY_HANDLE tpm_handle;
638
if ((result = ctx_verify_context(hContext)))
641
tpm_handle = mc_get_slot_by_handle(hKey);
642
if (tpm_handle == NULL_TPM_HANDLE)
643
return TSS_SUCCESS; /*let's call this success if the key is already evicted */
645
if ((result = internal_EvictByKeySlot(tpm_handle)))
648
result = mc_set_slot_by_slot(tpm_handle, NULL_TPM_HANDLE);
654
TCSP_CreateWrapKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
655
TCS_KEY_HANDLE hWrappingKey, /* in */
656
TCPA_ENCAUTH KeyUsageAuth, /* in */
657
TCPA_ENCAUTH KeyMigrationAuth, /* in */
658
UINT32 keyInfoSize, /* in */
659
BYTE * keyInfo, /* in */
660
UINT32 * keyDataSize, /* out */
661
BYTE ** keyData, /* out */
662
TPM_AUTH * pAuth /* in, out */
668
TCPA_KEY keyContainer;
669
TCPA_KEY_HANDLE parentSlot;
670
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
672
LogDebug("Entering Create Wrap Key");
674
if ((result = ctx_verify_context(hContext)))
677
if ((result = auth_mgr_check(hContext, pAuth->AuthHandle)))
680
/* Since hWrappingKey must already be loaded, we can fail immediately if
681
* mc_get_slot_by_handle_lock() fails.*/
682
parentSlot = mc_get_slot_by_handle_lock(hWrappingKey);
683
if (parentSlot == NULL_TPM_HANDLE) {
684
result = TCSERR(TSS_E_FAIL);
689
LoadBlob_UINT32(&offset, parentSlot, txBlob, "parent handle");
690
LoadBlob(&offset, TCPA_ENCAUTH_SIZE, txBlob, KeyUsageAuth.authdata, "data usage encauth");
691
LoadBlob(&offset, TCPA_ENCAUTH_SIZE, txBlob,
692
KeyMigrationAuth.authdata, "data mig encauth");
693
LoadBlob(&offset, keyInfoSize, txBlob, keyInfo, "Key");
694
LoadBlob_Auth(&offset, txBlob, pAuth);
695
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset,
696
TPM_ORD_CreateWrapKey, txBlob);
697
if ((result = req_mgr_submit_req(txBlob)))
701
result = UnloadBlob_Header(txBlob, ¶mSize);
704
/* First get the data from the packet */
705
if ((result = UnloadBlob_KEY(&offset, txBlob, &keyContainer)))
708
/* Here's how big it is */
709
*keyDataSize = offset - 10;
710
/* malloc the outBuffer */
711
*keyData = calloc(1, *keyDataSize);
712
if (*keyData == NULL) {
713
LogError("malloc of %d bytes failed.", *keyDataSize);
714
result = TCSERR(TSS_E_OUTOFMEMORY);
716
/* Reset the offset and load it into the outbuf */
717
memcpy(*keyData, &txBlob[10], *keyDataSize);
720
UnloadBlob_Auth(&offset, txBlob, pAuth);
722
destroy_key_refs(&keyContainer);
724
LogResult("Create Wrap Key", result);
727
auth_mgr_release_auth(pAuth, NULL, hContext);
732
TCSP_GetPubKey_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
733
TCS_KEY_HANDLE hKey, /* in */
734
TPM_AUTH * pAuth, /* in, out */
735
UINT32 * pcPubKeySize, /* out */
736
BYTE ** prgbPubKey /* out */
742
TCPA_PUBKEY pubContainer;
743
TCPA_KEY_HANDLE keySlot;
744
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
746
LogDebug("Entering Get pub key");
747
if ((result = ctx_verify_context(hContext)))
751
LogDebug("Auth Used");
752
if ((result = auth_mgr_check(hContext, pAuth->AuthHandle)))
758
if (ensureKeyIsLoaded(hContext, hKey, &keySlot)) {
759
result = TCSERR(TCS_E_KM_LOADFAILED);
763
LogDebug("GetPubKey: handle: 0x%x, slot: 0x%x", hKey, keySlot);
765
LoadBlob_UINT32(&offset, keySlot, txBlob, "key handle");
767
LoadBlob_Auth(&offset, txBlob, pAuth);
768
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_GetPubKey, txBlob);
770
LoadBlob_Header(TPM_TAG_RQU_COMMAND, offset, TPM_ORD_GetPubKey, txBlob);
773
if ((result = req_mgr_submit_req(txBlob)))
777
result = UnloadBlob_Header(txBlob, ¶mSize);
780
if ((result = UnloadBlob_PUBKEY(&offset, txBlob, &pubContainer)))
782
free(pubContainer.pubKey.key);
783
free(pubContainer.algorithmParms.parms);
785
*pcPubKeySize = offset - 10;
786
*prgbPubKey = calloc(1, *pcPubKeySize);
787
if (*prgbPubKey == NULL) {
788
LogError("malloc of %d bytes failed.", *pcPubKeySize);
789
result = TCSERR(TSS_E_OUTOFMEMORY);
792
memcpy(*prgbPubKey, &txBlob[10], *pcPubKeySize);
795
UnloadBlob_Auth(&offset, txBlob, pAuth);
798
LogResult("Get Public Key", result);
800
auth_mgr_release_auth(pAuth, NULL, hContext);
805
TCSP_MakeIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
806
TCPA_ENCAUTH identityAuth, /* in */
807
TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */
808
UINT32 idKeyInfoSize, /* in */
809
BYTE * idKeyInfo, /* in */
810
TPM_AUTH * pSrkAuth, /* in, out */
811
TPM_AUTH * pOwnerAuth, /* in, out */
812
UINT32 * idKeySize, /* out */
813
BYTE ** idKey, /* out */
814
UINT32 * pcIdentityBindingSize, /* out */
815
BYTE ** prgbIdentityBinding, /* out */
816
UINT32 * pcEndorsementCredentialSize, /* out */
817
BYTE ** prgbEndorsementCredential, /* out */
818
UINT32 * pcPlatformCredentialSize, /* out */
819
BYTE ** prgbPlatformCredential, /* out */
820
UINT32 * pcConformanceCredentialSize, /* out */
821
BYTE ** prgbConformanceCredential /* out */
827
TCPA_KEY idKeyContainer;
828
BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
830
if ((result = ctx_verify_context(hContext)))
833
if (pSrkAuth != NULL) {
834
LogDebug("SRK Auth Used");
835
if ((result = auth_mgr_check(hContext, pSrkAuth->AuthHandle)))
838
LogDebug("No SRK Auth");
841
if ((result = auth_mgr_check(hContext, pOwnerAuth->AuthHandle)))
847
/*LoadBlob( &offset, idKeyInfoSize, txBlob, idKeyInfo, "idKeyInfo" ); */
848
LoadBlob(&offset, TCPA_ENCAUTH_SIZE, txBlob, identityAuth.authdata, "encAuth");
849
/*LoadBlob_UINT32( &offset, 20, txBlob, "label size"); */
850
LoadBlob(&offset, 20, txBlob, IDLabel_PrivCAHash.digest, "label");
851
LoadBlob(&offset, idKeyInfoSize, txBlob, idKeyInfo, "idKeyInfo");
852
if (pSrkAuth != NULL) {
853
LoadBlob_Auth(&offset, txBlob, pSrkAuth);
854
LoadBlob_Auth(&offset, txBlob, pOwnerAuth);
855
LoadBlob_Header(TPM_TAG_RQU_AUTH2_COMMAND, offset, TPM_ORD_MakeIdentity, txBlob);
857
LoadBlob_Auth(&offset, txBlob, pOwnerAuth);
858
LoadBlob_Header(TPM_TAG_RQU_AUTH1_COMMAND, offset, TPM_ORD_MakeIdentity, txBlob);
861
if ((result = req_mgr_submit_req(txBlob)))
865
result = UnloadBlob_Header(txBlob, ¶mSize);
868
/* Call UnloadBlob_KEY to set the size of the key in &offset */
869
if ((result = UnloadBlob_KEY(&offset, txBlob, &idKeyContainer)))
872
destroy_key_refs(&idKeyContainer);
873
*idKeySize = offset - 10;
874
*idKey = calloc(1, *idKeySize);
875
if (*idKey == NULL) {
876
LogError("malloc of %d bytes failed.", *idKeySize);
877
result = TCSERR(TSS_E_OUTOFMEMORY);
880
memcpy(*idKey, &txBlob[10], *idKeySize);
882
UnloadBlob_UINT32(&offset, pcIdentityBindingSize, txBlob, NULL);
883
*prgbIdentityBinding = calloc(1, *pcIdentityBindingSize);
884
if (*prgbIdentityBinding == NULL) {
887
LogError("malloc of %d bytes failed.", *pcIdentityBindingSize);
888
result = TCSERR(TSS_E_OUTOFMEMORY);
891
UnloadBlob(&offset, *pcIdentityBindingSize, txBlob, *prgbIdentityBinding, NULL);
893
/* If an error occurs, these will return NULL */
894
get_credential(PLATFORM, pcPlatformCredentialSize, prgbPlatformCredential);
895
get_credential(CONFORMANCE, pcConformanceCredentialSize, prgbConformanceCredential);
896
get_credential(ENDORSEMENT, pcEndorsementCredentialSize, prgbEndorsementCredential);
898
if (pSrkAuth != NULL)
899
UnloadBlob_Auth(&offset, txBlob, pSrkAuth);
900
UnloadBlob_Auth(&offset, txBlob, pOwnerAuth);
902
LogResult("Make Identity", result);
904
auth_mgr_release_auth(pSrkAuth, pOwnerAuth, hContext);
909
TCSP_GetRegisteredKeyByPublicInfo_Internal(TCS_CONTEXT_HANDLE tcsContext, /* in */
910
TCPA_ALGORITHM_ID algID, /* in */
911
UINT32 ulPublicInfoLength, /* in */
912
BYTE * rgbPublicInfo, /* in */
913
UINT32 * keySize, /* out */
914
BYTE ** keyBlob) /* out */
916
TCPA_STORE_PUBKEY pubKey;
917
TSS_RESULT result = TCSERR(TSS_E_FAIL);
919
if ((result = ctx_verify_context(tcsContext)))
922
if (algID == TCPA_ALG_RSA) {
923
/*--- Convert Public info to a structure */
924
pubKey.keyLength = ulPublicInfoLength;
925
pubKey.key = malloc(pubKey.keyLength);
926
if (pubKey.key == NULL) {
927
LogError("malloc of %d bytes failed.", pubKey.keyLength);
928
return TCSERR(TSS_E_OUTOFMEMORY);
931
memcpy(pubKey.key, rgbPublicInfo, pubKey.keyLength);
933
if ((result = ps_get_key_by_pub(&pubKey, keySize, keyBlob))) {
934
LogDebug("Public key data not found in PS");
936
return TCSERR(TSS_E_PS_KEY_NOTFOUND);