← Back to branch summary

~ubuntu-branches/ubuntu/karmic/trousers/karmic

« back to all changes in this revision

Viewing changes to src/tspi/spi_data.c

  • Committer: Bazaar Package Importer
  • Author(s): Daniel Baumann
  • Date: 2008-01-23 22:03:00 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20080123220300-fhtqja3c0oq0gp6z
Tags: 0.3.1-4
http://bugs.debian.org/457400
http://bugs.debian.org/459682
* Added patch from Aaron M. Ucko <ucko@debian.org> to allow trousers to
  build successfully on amd64, and presumably also other 64-bit
  architectures (Closes: #457400).
* Including udev rule for /dev/tpm from William Lima
  <wlima.amadeus@gmail.com> as suggested by David Smith <dds@google.com>
  (Closes: #459682).
* Added lintian overrides.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/tspi/spi_data.c
1
 
 
2
 
/*
3
 
 * Licensed Materials - Property of IBM
4
 
 *
5
 
 * trousers - An open source TCG Software Stack
6
 
 *
7
 
 * (C) Copyright International Business Machines Corp. 2004-2006
8
 
 *
9
 
 */
10
 
 
11
 
 
12
 
#include <stdlib.h>
13
 
#include <stdio.h>
14
 
#include <string.h>
15
 
 
16
 
#include "trousers/tss.h"
17
 
#include "trousers/trousers.h"
18
 
#include "spi_internal_types.h"
19
 
#include "spi_utils.h"
20
 
#include "capabilities.h"
21
 
#include "tsplog.h"
22
 
#include "obj.h"
23
 
 
24
 
TSS_RESULT
25
 
Tspi_Data_Bind(TSS_HENCDATA hEncData,   /* in */
26
 
               TSS_HKEY hEncKey,        /* in */
27
 
               UINT32 ulDataLength,     /* in */
28
 
               BYTE *rgbDataToBind)     /* in */
29
 
{
30
 
        UINT32 encDataLength;
31
 
        BYTE encData[256];
32
 
        BYTE *keyData;
33
 
        UINT32 keyDataLength;
34
 
        TCPA_BOUND_DATA boundData;
35
 
        UINT64 offset;
36
 
        BYTE bdblob[256];
37
 
        TCPA_RESULT result;
38
 
        TCPA_KEY keyContainer;
39
 
        TSS_HCONTEXT tspContext;
40
 
 
41
 
        if (rgbDataToBind == NULL)
42
 
                return TSPERR(TSS_E_BAD_PARAMETER);
43
 
 
44
 
        if (!obj_is_encdata(hEncData))
45
 
                return TSPERR(TSS_E_INVALID_HANDLE);
46
 
 
47
 
        if ((result = obj_rsakey_get_tsp_context(hEncKey, &tspContext)))
48
 
                return result;
49
 
 
50
 
        if ((result = obj_rsakey_get_blob(hEncKey, &keyDataLength, &keyData)))
51
 
                return result;
52
 
 
53
 
        offset = 0;
54
 
        if ((result = Trspi_UnloadBlob_KEY(&offset, keyData, &keyContainer))) {
55
 
                free_tspi(tspContext, keyData);
56
 
                return result;
57
 
        }
58
 
        free_tspi(tspContext, keyData);
59
 
 
60
 
        if (keyContainer.keyUsage != TPM_KEY_BIND &&
61
 
            keyContainer.keyUsage != TPM_KEY_LEGACY) {
62
 
                result = TSPERR(TSS_E_INVALID_KEYUSAGE);
63
 
                goto done;
64
 
        }
65
 
 
66
 
        if (keyContainer.pubKey.keyLength < ulDataLength) {
67
 
                result = TSPERR(TSS_E_ENC_INVALID_LENGTH);
68
 
                goto done;
69
 
        }
70
 
 
71
 
        if (keyContainer.algorithmParms.encScheme == TCPA_ES_RSAESPKCSv15 &&
72
 
            keyContainer.keyUsage == TPM_KEY_LEGACY) {
73
 
                if ((result = Trspi_RSA_PKCS15_Encrypt(rgbDataToBind, ulDataLength, encData,
74
 
                                                       &encDataLength, keyContainer.pubKey.key,
75
 
                                                       keyContainer.pubKey.keyLength)))
76
 
                        goto done;
77
 
        } else if (keyContainer.algorithmParms.encScheme == TCPA_ES_RSAESPKCSv15 &&
78
 
                   keyContainer.keyUsage == TPM_KEY_BIND) {
79
 
                boundData.payload = TCPA_PT_BIND;
80
 
 
81
 
                memcpy(&boundData.ver, &VERSION_1_1, sizeof(TCPA_VERSION));
82
 
 
83
 
                boundData.payloadData = malloc(ulDataLength);
84
 
                if (boundData.payloadData == NULL) {
85
 
                        result = TSPERR(TSS_E_OUTOFMEMORY);
86
 
                        goto done;
87
 
                }
88
 
                memcpy(boundData.payloadData, rgbDataToBind, ulDataLength);
89
 
 
90
 
                offset = 0;
91
 
                Trspi_LoadBlob_BOUND_DATA(&offset, boundData, ulDataLength, bdblob);
92
 
 
93
 
                if ((result = Trspi_RSA_PKCS15_Encrypt(bdblob, offset, encData,
94
 
                                                       &encDataLength, keyContainer.pubKey.key,
95
 
                                                       keyContainer.pubKey.keyLength))) {
96
 
                        free(boundData.payloadData);
97
 
                        goto done;
98
 
                }
99
 
                free(boundData.payloadData);
100
 
        } else {
101
 
                boundData.payload = TCPA_PT_BIND;
102
 
 
103
 
                memcpy(&boundData.ver, &VERSION_1_1, sizeof(TCPA_VERSION));
104
 
 
105
 
                boundData.payloadData = malloc(ulDataLength);
106
 
                if (boundData.payloadData == NULL) {
107
 
                        LogError("malloc of %u bytes failed.", ulDataLength);
108
 
                        result = TSPERR(TSS_E_OUTOFMEMORY);
109
 
                        goto done;
110
 
                }
111
 
                memcpy(boundData.payloadData, rgbDataToBind, ulDataLength);
112
 
 
113
 
                offset = 0;
114
 
                Trspi_LoadBlob_BOUND_DATA(&offset, boundData, ulDataLength, bdblob);
115
 
 
116
 
                if ((result = Trspi_RSA_Encrypt(bdblob, offset, encData, &encDataLength,
117
 
                                                keyContainer.pubKey.key,
118
 
                                                keyContainer.pubKey.keyLength))) {
119
 
                        free(boundData.payloadData);
120
 
                        goto done;
121
 
                }
122
 
 
123
 
                free(boundData.payloadData);
124
 
        }
125
 
 
126
 
        if ((result = obj_encdata_set_data(hEncData, encDataLength, encData))) {
127
 
                LogError("Error in calling SetAttribData on the encrypted "
128
 
                                "data object.");
129
 
                result = TSPERR(TSS_E_INTERNAL_ERROR);
130
 
                goto done;
131
 
        }
132
 
done:
133
 
        free_key_refs(&keyContainer);
134
 
        return result;
135
 
}
136
 
 
137
 
TSS_RESULT
138
 
Tspi_Data_Unbind(TSS_HENCDATA hEncData,         /* in */
139
 
                 TSS_HKEY hKey,                 /* in */
140
 
                 UINT32 * pulUnboundDataLength, /* out */
141
 
                 BYTE ** prgbUnboundData)       /* out */
142
 
{
143
 
        TCPA_RESULT result;
144
 
        TPM_AUTH privAuth;
145
 
        TCPA_DIGEST digest;
146
 
        UINT64 offset;
147
 
        TSS_HPOLICY hPolicy;
148
 
        BYTE *encData;
149
 
        UINT32 encDataSize;
150
 
        BYTE hashBlob[1024];
151
 
        TCS_KEY_HANDLE tcsKeyHandle;
152
 
        TSS_BOOL usesAuth;
153
 
        TPM_AUTH *pPrivAuth;
154
 
        TSS_HCONTEXT tspContext;
155
 
 
156
 
        if (pulUnboundDataLength == NULL || prgbUnboundData == NULL)
157
 
                return TSPERR(TSS_E_BAD_PARAMETER);
158
 
 
159
 
        if ((result = obj_encdata_get_tsp_context(hEncData, &tspContext)))
160
 
                return result;
161
 
 
162
 
        if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth)))
163
 
                return result;
164
 
 
165
 
        if ((result = obj_encdata_get_data(hEncData, &encDataSize, &encData)))
166
 
                return result == TSPERR(TSS_E_INVALID_OBJ_ACCESS) ?
167
 
                       TSPERR(TSS_E_ENC_NO_DATA) :
168
 
                       result;
169
 
 
170
 
        if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle)))
171
 
                return result;
172
 
 
173
 
        if (usesAuth) {
174
 
                offset = 0;
175
 
                Trspi_LoadBlob_UINT32(&offset, TPM_ORD_UnBind, hashBlob);
176
 
                Trspi_LoadBlob_UINT32(&offset, encDataSize, hashBlob);
177
 
                Trspi_LoadBlob(&offset, encDataSize, hashBlob, encData);
178
 
 
179
 
                Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
180
 
 
181
 
                if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_UnBind,
182
 
                                                      hPolicy, &digest,
183
 
                                                      &privAuth)))
184
 
                        return result;
185
 
                pPrivAuth = &privAuth;
186
 
        } else {
187
 
                pPrivAuth = NULL;
188
 
        }
189
 
 
190
 
        if ((result = TCSP_UnBind(tspContext, tcsKeyHandle, encDataSize,
191
 
                                 encData, pPrivAuth, pulUnboundDataLength,
192
 
                                 prgbUnboundData)))
193
 
                return result;
194
 
 
195
 
        if (usesAuth) {
196
 
                offset = 0;
197
 
                Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
198
 
                Trspi_LoadBlob_UINT32(&offset, TPM_ORD_UnBind, hashBlob);
199
 
                Trspi_LoadBlob_UINT32(&offset, *pulUnboundDataLength, hashBlob);
200
 
                Trspi_LoadBlob(&offset, *pulUnboundDataLength, hashBlob, *prgbUnboundData);
201
 
                Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
202
 
 
203
 
                if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &privAuth))) {
204
 
                        free_tspi(tspContext, *prgbUnboundData);
205
 
                        return result;
206
 
                }
207
 
        }
208
 
 
209
 
        return TSS_SUCCESS;
210
 
}
211
 
 
212
 
TSS_RESULT
213
 
Tspi_Data_Seal(TSS_HENCDATA hEncData,   /* in */
214
 
               TSS_HKEY hEncKey,        /* in */
215
 
               UINT32 ulDataLength,     /* in */
216
 
               BYTE * rgbDataToSeal,    /* in */
217
 
               TSS_HPCRS hPcrComposite) /* in */
218
 
{
219
 
        UINT64 offset;
220
 
        BYTE hashBlob[0x1000];
221
 
        BYTE sharedSecret[20];
222
 
        TPM_AUTH auth;
223
 
        TCPA_ENCAUTH encAuthUsage;
224
 
        TCPA_ENCAUTH encAuthMig;
225
 
        TCPA_DIGEST digest;
226
 
        TCPA_RESULT result;
227
 
        TSS_HPOLICY hPolicy, hEncPolicy;
228
 
        BYTE *encData = NULL;
229
 
        UINT32 encDataSize;
230
 
        UINT32 pcrDataSize;
231
 
        BYTE pcrData[256];
232
 
        TCS_KEY_HANDLE tcsKeyHandle;
233
 
        TCPA_NONCE nonceEvenOSAP;
234
 
        TCPA_DIGEST digAtCreation;
235
 
        TSS_HCONTEXT tspContext;
236
 
        TCPA_PCR_SELECTION pcrSelect = { 0, NULL };
237
 
 
238
 
        if (rgbDataToSeal == NULL)
239
 
                return TSPERR(TSS_E_BAD_PARAMETER);
240
 
 
241
 
        if ((result = obj_encdata_get_tsp_context(hEncData, &tspContext)))
242
 
                return result;
243
 
 
244
 
        if ((result = obj_rsakey_get_policy(hEncKey, TSS_POLICY_USAGE,
245
 
                                            &hPolicy, NULL)))
246
 
                return result;
247
 
 
248
 
        if ((result = obj_encdata_get_policy(hEncData, &hEncPolicy)))
249
 
                return result;
250
 
 
251
 
        if ((result = obj_rsakey_get_tcs_handle(hEncKey, &tcsKeyHandle)))
252
 
                return result;
253
 
 
254
 
        /* If PCR's are of interest */
255
 
        pcrDataSize = 0;
256
 
        if (hPcrComposite) {
257
 
                if ((result = obj_pcrs_get_composite(hPcrComposite,
258
 
                                                     &digAtCreation)))
259
 
                        return result;
260
 
 
261
 
                if ((result = obj_pcrs_get_selection(hPcrComposite,
262
 
                                                     &pcrSelect)))
263
 
                        return result;
264
 
 
265
 
                LogDebug("Digest at Creation:");
266
 
                LogDebugData(sizeof(digAtCreation), (BYTE *)&digAtCreation);
267
 
 
268
 
                offset = 0;
269
 
                Trspi_LoadBlob_PCR_SELECTION(&offset, pcrData, &pcrSelect);
270
 
                free(pcrSelect.pcrSelect);
271
 
                Trspi_LoadBlob(&offset, TCPA_SHA1_160_HASH_LEN, pcrData,
272
 
                               digAtCreation.digest);
273
 
                /* XXX */
274
 
                Trspi_LoadBlob(&offset, TCPA_SHA1_160_HASH_LEN, pcrData,
275
 
                               digAtCreation.digest);
276
 
                pcrDataSize = offset;
277
 
        }
278
 
 
279
 
        if ((result = secret_PerformXOR_OSAP(hPolicy, hEncPolicy, hEncPolicy,
280
 
                                             hEncKey, TCPA_ET_KEYHANDLE,
281
 
                                             tcsKeyHandle,
282
 
                                             &encAuthUsage, &encAuthMig,
283
 
                                             sharedSecret, &auth,
284
 
                                             &nonceEvenOSAP)))
285
 
                return result;
286
 
 
287
 
        offset = 0;
288
 
        Trspi_LoadBlob_UINT32(&offset, TPM_ORD_Seal, hashBlob);
289
 
        Trspi_LoadBlob(&offset, 20, hashBlob, encAuthUsage.authdata);
290
 
        Trspi_LoadBlob_UINT32(&offset, pcrDataSize, hashBlob);
291
 
        Trspi_LoadBlob(&offset, pcrDataSize, hashBlob, pcrData);
292
 
        Trspi_LoadBlob_UINT32(&offset, ulDataLength, hashBlob);
293
 
        Trspi_LoadBlob(&offset, ulDataLength, hashBlob, rgbDataToSeal);
294
 
        Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
295
 
 
296
 
        if ((result = secret_PerformAuth_OSAP(hEncKey, TPM_ORD_Seal, hPolicy,
297
 
                                              hEncPolicy, hEncPolicy,
298
 
                                              sharedSecret, &auth,
299
 
                                              digest.digest, &nonceEvenOSAP)))
300
 
                return result;
301
 
 
302
 
        if ((result = TCSP_Seal(tspContext, tcsKeyHandle, encAuthUsage,
303
 
                                pcrDataSize, pcrData, ulDataLength,
304
 
                                rgbDataToSeal, &auth, &encDataSize, &encData)))
305
 
                return result;
306
 
 
307
 
        offset = 0;
308
 
        Trspi_LoadBlob_UINT32(&offset, result, hashBlob);
309
 
        Trspi_LoadBlob_UINT32(&offset, TPM_ORD_Seal, hashBlob);
310
 
        Trspi_LoadBlob(&offset, encDataSize, hashBlob, encData);
311
 
        Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest);
312
 
 
313
 
        if ((result = secret_ValidateAuth_OSAP(hEncKey, TPM_ORD_Seal, hPolicy,
314
 
                                               hEncPolicy, hEncPolicy,
315
 
                                               sharedSecret, &auth,
316
 
                                               digest.digest,
317
 
                                               &nonceEvenOSAP))) {
318
 
                free(encData);
319
 
                return result;
320
 
        }
321
 
 
322
 
        /* Need to set the object with the blob and the pcr's */
323
 
        if ((result = obj_encdata_set_data(hEncData, encDataSize, encData)))
324
 
                return result;
325
 
 
326
 
        free(encData);
327
 
 
328
 
        if (pcrDataSize) {
329
 
                if ((result = obj_encdata_set_pcr_info(hEncData, pcrData)))
330
 
                        return result;
331
 
        }
332
 
 
333
 
        return TSS_SUCCESS;
334
 
}
335
 
 
336
 
TSS_RESULT
337
 
Tspi_Data_Unseal(TSS_HENCDATA hEncData,         /* in */
338
 
                 TSS_HKEY hKey,                 /* in */
339
 
                 UINT32 * pulUnsealedDataLength,/* out */
340
 
                 BYTE ** prgbUnsealedData)      /* out */
341
 
{
342
 
        TPM_AUTH privAuth, privAuth2;
343
 
        UINT64 offset;
344
 
        BYTE hashblob[0x400];
345
 
        TCPA_DIGEST digest;
346
 
        TCPA_RESULT result;
347
 
        TSS_HPOLICY hPolicy, hEncPolicy;
348
 
        TCS_KEY_HANDLE tcsKeyHandle;
349
 
        TSS_HCONTEXT tspContext;
350
 
        UINT32 ulDataLen;
351
 
        BYTE *data;
352
 
 
353
 
        if (pulUnsealedDataLength == NULL || prgbUnsealedData == NULL)
354
 
                return TSPERR(TSS_E_BAD_PARAMETER);
355
 
 
356
 
        if ((result = obj_encdata_get_tsp_context(hEncData, &tspContext)))
357
 
                return result;
358
 
 
359
 
        if ((result = obj_rsakey_get_policy(hKey, TSS_POLICY_USAGE,
360
 
                                            &hPolicy, NULL)))
361
 
                return result;
362
 
 
363
 
        if ((result = obj_encdata_get_policy(hEncData, &hEncPolicy)))
364
 
                return result;
365
 
 
366
 
        if ((result = obj_encdata_get_data(hEncData, &ulDataLen, &data)))
367
 
                return result == TSPERR(TSS_E_INVALID_OBJ_ACCESS) ?
368
 
                       TSPERR(TSS_E_ENC_NO_DATA) :
369
 
                       result;
370
 
 
371
 
        if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle)))
372
 
                return result;
373
 
 
374
 
        offset = 0;
375
 
        Trspi_LoadBlob_UINT32(&offset, TPM_ORD_Unseal, hashblob);
376
 
        Trspi_LoadBlob(&offset, ulDataLen, hashblob, data);
377
 
        Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest);
378
 
 
379
 
        if ((result = secret_PerformAuth_OIAP(hKey, TPM_ORD_Unseal,
380
 
                                              hPolicy, &digest,
381
 
                                              &privAuth)))
382
 
                return result;
383
 
 
384
 
        if ((result = secret_PerformAuth_OIAP(hEncData, TPM_ORD_Unseal,
385
 
                                              hEncPolicy, &digest,
386
 
                                              &privAuth2)))
387
 
                return result;
388
 
 
389
 
        if ((result = TCSP_Unseal(tspContext, tcsKeyHandle,
390
 
                                  ulDataLen, data, &privAuth,
391
 
                                  &privAuth2, pulUnsealedDataLength,
392
 
                                  prgbUnsealedData)))
393
 
                return result;
394
 
 
395
 
        offset = 0;
396
 
        Trspi_LoadBlob_UINT32(&offset, result, hashblob);
397
 
        Trspi_LoadBlob_UINT32(&offset, TPM_ORD_Unseal, hashblob);
398
 
        Trspi_LoadBlob_UINT32(&offset, *pulUnsealedDataLength, hashblob);
399
 
        Trspi_LoadBlob(&offset, *pulUnsealedDataLength, hashblob,
400
 
                       *prgbUnsealedData);
401
 
        Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest);
402
 
 
403
 
        if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest,
404
 
                                                    &privAuth))) {
405
 
                free_tspi(tspContext, *prgbUnsealedData);
406
 
                return result;
407
 
        }
408
 
 
409
 
        if ((result = obj_policy_validate_auth_oiap(hEncPolicy, &digest,
410
 
                                                    &privAuth2))) {
411
 
                free_tspi(tspContext, *prgbUnsealedData);
412
 
                return result;
413
 
        }
414
 
 
415
 
        return TSS_SUCCESS;
416
 
}