← Back to branch summary

~ubuntu-branches/ubuntu/karmic/trousers/karmic

« back to all changes in this revision

Viewing changes to src/tspi/tsp_delegate.c

  • Committer: Bazaar Package Importer
  • Author(s): Daniel Baumann
  • Date: 2008-01-23 22:03:00 UTC
  • mfrom: (1.1.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20080123220300-fhtqja3c0oq0gp6z
Tags: 0.3.1-4
http://bugs.debian.org/457400
http://bugs.debian.org/459682
* Added patch from Aaron M. Ucko <ucko@debian.org> to allow trousers to
  build successfully on amd64, and presumably also other 64-bit
  architectures (Closes: #457400).
* Including udev rule for /dev/tpm from William Lima
  <wlima.amadeus@gmail.com> as suggested by David Smith <dds@google.com>
  (Closes: #459682).
* Added lintian overrides.

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/tspi/tsp_delegate.c
 
1
 
 
2
/*
 
3
 * Licensed Materials - Property of IBM
 
4
 *
 
5
 * trousers - An open source TCG Software Stack
 
6
 *
 
7
 * (C) Copyright International Business Machines Corp. 2007
 
8
 *
 
9
 */
 
10
 
 
11
 
 
12
#include <stdlib.h>
 
13
#include <stdio.h>
 
14
#include <string.h>
 
15
 
 
16
#include "trousers/tss.h"
 
17
#include "trousers/trousers.h"
 
18
#include "trousers_types.h"
 
19
#include "spi_utils.h"
 
20
#include "obj.h"
 
21
#include "tsplog.h"
 
22
#include "tsp_delegate.h"
 
23
#include "authsess.h"
 
24
 
 
25
 
 
26
TSS_RESULT
 
27
do_delegate_manage(TSS_HTPM hTpm, UINT32 familyID, UINT32 opFlag,
 
28
                   UINT32 opDataSize, BYTE *opData, UINT32 *outDataSize, BYTE **outData)
 
29
{
 
30
        TSS_HCONTEXT hContext;
 
31
        TSS_HPOLICY hPolicy;
 
32
        UINT32 secretMode = TSS_SECRET_MODE_NONE;
 
33
        Trspi_HashCtx hashCtx;
 
34
        TCPA_DIGEST digest;
 
35
        TPM_AUTH ownerAuth, *pAuth;
 
36
        UINT32 retDataSize;
 
37
        BYTE *retData = NULL;
 
38
        TSS_RESULT result;
 
39
 
 
40
        if ((result = obj_tpm_get_tsp_context(hTpm, &hContext)))
 
41
                return result;
 
42
 
 
43
        if ((result = obj_tpm_get_policy(hTpm, TSS_POLICY_USAGE, &hPolicy)))
 
44
                return result;
 
45
 
 
46
        if (hPolicy != NULL_HPOLICY) {
 
47
                if ((result = obj_policy_get_mode(hPolicy, &secretMode)))
 
48
                        return result;
 
49
        }
 
50
 
 
51
        if (secretMode != TSS_SECRET_MODE_NONE) {
 
52
                result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
53
                result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_Manage);
 
54
                result |= Trspi_Hash_UINT32(&hashCtx, familyID);
 
55
                result |= Trspi_Hash_UINT32(&hashCtx, opFlag);
 
56
                result |= Trspi_Hash_UINT32(&hashCtx, opDataSize);
 
57
                result |= Trspi_HashUpdate(&hashCtx, opDataSize, opData);
 
58
                if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
 
59
                        return result;
 
60
 
 
61
                pAuth = &ownerAuth;
 
62
                if ((result = secret_PerformAuth_OIAP(hTpm, TPM_ORD_Delegate_Manage, hPolicy, FALSE,
 
63
                                                      &digest, pAuth)))
 
64
                        return result;
 
65
        } else
 
66
                pAuth = NULL;
 
67
 
 
68
        /* Perform the delegation operation */
 
69
        if ((result = TCS_API(hContext)->Delegate_Manage(hContext, familyID, opFlag, opDataSize,
 
70
                                                         opData, pAuth, &retDataSize, &retData)))
 
71
                return result;
 
72
 
 
73
        if (pAuth) {
 
74
                result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
75
                result |= Trspi_Hash_UINT32(&hashCtx, result);
 
76
                result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_Manage);
 
77
                result |= Trspi_Hash_UINT32(&hashCtx, retDataSize);
 
78
                result |= Trspi_HashUpdate(&hashCtx, retDataSize, retData);
 
79
                if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) {
 
80
                        free(retData);
 
81
                        goto done;
 
82
                }
 
83
 
 
84
                if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, pAuth))) {
 
85
                        free(retData);
 
86
                        goto done;
 
87
                }
 
88
        }
 
89
 
 
90
        *outDataSize = retDataSize;
 
91
        *outData = retData;
 
92
 
 
93
done:
 
94
        return result;
 
95
}
 
96
 
 
97
TSS_RESULT
 
98
create_owner_delegation(TSS_HTPM       hTpm,
 
99
                        BYTE           bLabel,
 
100
                        UINT32         ulFlags,
 
101
                        TSS_HPCRS      hPcrs,
 
102
                        TSS_HDELFAMILY hFamily,
 
103
                        TSS_HPOLICY    hDelegation)
 
104
{
 
105
        TSS_HCONTEXT hContext;
 
106
        TSS_BOOL incrementCount = FALSE;
 
107
        UINT32 type;
 
108
        UINT32 publicInfoSize;
 
109
        BYTE *publicInfo = NULL;
 
110
        Trspi_HashCtx hashCtx;
 
111
        TCPA_DIGEST digest;
 
112
        UINT32 blobSize;
 
113
        BYTE *blob;
 
114
        TSS_RESULT result;
 
115
        struct authsess *xsap = NULL;
 
116
 
 
117
        if ((result = obj_tpm_get_tsp_context(hTpm, &hContext)))
 
118
                return result;
 
119
 
 
120
        if ((ulFlags & ~TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT) > 0)
 
121
                return TSPERR(TSS_E_BAD_PARAMETER);
 
122
 
 
123
        if (ulFlags & TSS_DELEGATE_INCREMENTVERIFICATIONCOUNT)
 
124
                incrementCount = TRUE;
 
125
 
 
126
        if ((result = obj_policy_get_delegation_type(hDelegation, &type)))
 
127
                return result;
 
128
 
 
129
        if (type != TSS_DELEGATIONTYPE_OWNER)
 
130
                return TSPERR(TSS_E_BAD_PARAMETER);
 
131
 
 
132
        if ((result = build_delegate_public_info(bLabel, hPcrs, hFamily, hDelegation,
 
133
                        &publicInfoSize, &publicInfo)))
 
134
                return result;
 
135
 
 
136
        if ((result = authsess_xsap_init(hContext, hTpm, hDelegation, TSS_AUTH_POLICY_NOT_REQUIRED,
 
137
                                         TPM_ORD_Delegate_CreateOwnerDelegation, TPM_ET_OWNER,
 
138
                                         &xsap)))
 
139
                return result;
 
140
 
 
141
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
142
        result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateOwnerDelegation);
 
143
        result |= Trspi_Hash_BOOL(&hashCtx, incrementCount);
 
144
        result |= Trspi_HashUpdate(&hashCtx, publicInfoSize, publicInfo);
 
145
        result |= Trspi_Hash_DIGEST(&hashCtx, xsap->encAuthUse.authdata);
 
146
        if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
 
147
                goto done;
 
148
 
 
149
        if ((result = authsess_xsap_hmac(xsap, &digest)))
 
150
                goto done;
 
151
 
 
152
        /* Create the delegation */
 
153
        if ((result = TCS_API(hContext)->Delegate_CreateOwnerDelegation(hContext, incrementCount,
 
154
                                                                        publicInfoSize, publicInfo,
 
155
                                                                        &xsap->encAuthUse,
 
156
                                                                        xsap->pAuth, &blobSize,
 
157
                                                                        &blob)))
 
158
                goto done;
 
159
 
 
160
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
161
        result |= Trspi_Hash_UINT32(&hashCtx, result);
 
162
        result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateOwnerDelegation);
 
163
        result |= Trspi_Hash_UINT32(&hashCtx, blobSize);
 
164
        result |= Trspi_HashUpdate(&hashCtx, blobSize, blob);
 
165
        if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
 
166
                goto done;
 
167
 
 
168
        if (authsess_xsap_verify(xsap, &digest)) {
 
169
                result = TSPERR(TSS_E_TSP_AUTHFAIL);
 
170
                goto done;
 
171
        }
 
172
 
 
173
        result = obj_policy_set_delegation_blob(hDelegation, TSS_DELEGATIONTYPE_OWNER,
 
174
                        blobSize, blob);
 
175
 
 
176
done:
 
177
        authsess_free(xsap);
 
178
        free(publicInfo);
 
179
 
 
180
        return result;
 
181
}
 
182
 
 
183
TSS_RESULT
 
184
create_key_delegation(TSS_HKEY       hKey,
 
185
                      BYTE           bLabel,
 
186
                      UINT32         ulFlags,
 
187
                      TSS_HPCRS      hPcrs,
 
188
                      TSS_HDELFAMILY hFamily,
 
189
                      TSS_HPOLICY    hDelegation)
 
190
{
 
191
        TSS_HCONTEXT hContext;
 
192
        UINT32 type;
 
193
        TCS_KEY_HANDLE tcsKeyHandle;
 
194
        UINT32 publicInfoSize;
 
195
        BYTE *publicInfo = NULL;
 
196
        Trspi_HashCtx hashCtx;
 
197
        TCPA_DIGEST digest;
 
198
        UINT32 blobSize;
 
199
        BYTE *blob;
 
200
        TSS_RESULT result;
 
201
        struct authsess *xsap = NULL;
 
202
 
 
203
        if ((result = obj_rsakey_get_tsp_context(hKey, &hContext)))
 
204
                return result;
 
205
 
 
206
        if (ulFlags != 0)
 
207
                return TSPERR(TSS_E_BAD_PARAMETER);
 
208
 
 
209
        if ((result = obj_policy_get_delegation_type(hDelegation, &type)))
 
210
                return result;
 
211
 
 
212
        if (type != TSS_DELEGATIONTYPE_KEY)
 
213
                return TSPERR(TSS_E_BAD_PARAMETER);
 
214
 
 
215
        if ((result = obj_rsakey_get_tcs_handle(hKey, &tcsKeyHandle)))
 
216
                return result;
 
217
 
 
218
        if ((result = build_delegate_public_info(bLabel, hPcrs, hFamily, hDelegation,
 
219
                        &publicInfoSize, &publicInfo)))
 
220
                return result;
 
221
 
 
222
        if ((result = authsess_xsap_init(hContext, hKey, hDelegation, TSS_AUTH_POLICY_REQUIRED,
 
223
                                         TPM_ORD_Delegate_CreateKeyDelegation, TPM_ET_KEYHANDLE,
 
224
                                         &xsap)))
 
225
                return result;
 
226
 
 
227
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
228
        result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateKeyDelegation);
 
229
        result |= Trspi_HashUpdate(&hashCtx, publicInfoSize, publicInfo);
 
230
        result |= Trspi_Hash_ENCAUTH(&hashCtx, xsap->encAuthUse.authdata);
 
231
        if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
 
232
                goto done;
 
233
 
 
234
        if ((result = authsess_xsap_hmac(xsap, &digest)))
 
235
                goto done;
 
236
 
 
237
        /* Create the delegation */
 
238
        if ((result = TCS_API(hContext)->Delegate_CreateKeyDelegation(hContext, tcsKeyHandle,
 
239
                                                                      publicInfoSize, publicInfo,
 
240
                                                                      &xsap->encAuthUse,
 
241
                                                                      xsap->pAuth, &blobSize,
 
242
                                                                      &blob)))
 
243
                goto done;
 
244
 
 
245
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
246
        result |= Trspi_Hash_UINT32(&hashCtx, result);
 
247
        result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_Delegate_CreateKeyDelegation);
 
248
        result |= Trspi_Hash_UINT32(&hashCtx, blobSize);
 
249
        result |= Trspi_HashUpdate(&hashCtx, blobSize, blob);
 
250
        if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
 
251
                goto done;
 
252
 
 
253
        if (authsess_xsap_verify(xsap, &digest)) {
 
254
                result = TSPERR(TSS_E_TSP_AUTHFAIL);
 
255
                goto done;
 
256
        }
 
257
 
 
258
        result = obj_policy_set_delegation_blob(hDelegation, TSS_DELEGATIONTYPE_KEY, blobSize,
 
259
                                                blob);
 
260
 
 
261
done:
 
262
        authsess_free(xsap);
 
263
        free(publicInfo);
 
264
 
 
265
        return result;
 
266
}
 
267
 
 
268
TSS_RESULT
 
269
update_delfamily_object(TSS_HTPM hTpm, UINT32 familyID)
 
270
{
 
271
        TSS_HCONTEXT hContext;
 
272
        UINT32 familyTableSize, delegateTableSize;
 
273
        BYTE *familyTable = NULL, *delegateTable = NULL;
 
274
        UINT64 offset;
 
275
        TPM_FAMILY_TABLE_ENTRY familyTableEntry;
 
276
        TSS_BOOL familyState;
 
277
        TSS_HDELFAMILY hFamily;
 
278
        TSS_RESULT result;
 
279
 
 
280
        if ((result = obj_tpm_get_tsp_context(hTpm, &hContext)))
 
281
                return result;
 
282
 
 
283
        if ((result = TCS_API(hContext)->Delegate_ReadTable(hContext, &familyTableSize,
 
284
                                                            &familyTable, &delegateTableSize,
 
285
                                                            &delegateTable)))
 
286
                return result;
 
287
 
 
288
        for (offset = 0; offset < familyTableSize;) {
 
289
                Trspi_UnloadBlob_TPM_FAMILY_TABLE_ENTRY(&offset, familyTable, &familyTableEntry);
 
290
                if (familyTableEntry.familyID == familyID) {
 
291
                        obj_delfamily_find_by_familyid(hContext, familyID, &hFamily);
 
292
                        if (hFamily == NULL_HDELFAMILY) {
 
293
                                if ((result = obj_delfamily_add(hContext, &hFamily)))
 
294
                                        goto done;
 
295
                                if ((result = obj_delfamily_set_familyid(hFamily,
 
296
                                                                         familyTableEntry.familyID)))
 
297
                                        goto done;
 
298
                                if ((result = obj_delfamily_set_label(hFamily,
 
299
                                                                      familyTableEntry.label.label)))
 
300
                                        goto done;
 
301
                        }
 
302
 
 
303
                        /* Set/Update the family attributes */
 
304
                        familyState = (familyTableEntry.flags & TPM_FAMFLAG_DELEGATE_ADMIN_LOCK) ?
 
305
                                      TRUE : FALSE;
 
306
                        if ((result = obj_delfamily_set_locked(hFamily, familyState, FALSE)))
 
307
                                goto done;
 
308
                        familyState = (familyTableEntry.flags & TPM_FAMFLAG_ENABLE) ? TRUE : FALSE;
 
309
                        if ((result = obj_delfamily_set_enabled(hFamily, familyState, FALSE)))
 
310
                                goto done;
 
311
                        if ((result = obj_delfamily_set_vercount(hFamily,
 
312
                                                                 familyTableEntry.verificationCount)))
 
313
                                goto done;
 
314
 
 
315
                        break;
 
316
                }
 
317
        }
 
318
 
 
319
done:
 
320
        free(familyTable);
 
321
        free(delegateTable);
 
322
 
 
323
        return result;
 
324
}
 
325
 
 
326
TSS_RESULT
 
327
get_delegate_index(TSS_HCONTEXT hContext, UINT32 index, TPM_DELEGATE_PUBLIC *public)
 
328
{
 
329
        UINT32 familyTableSize, delegateTableSize;
 
330
        BYTE *familyTable = NULL, *delegateTable = NULL;
 
331
        UINT64 offset;
 
332
        UINT32 tpmIndex;
 
333
        TPM_DELEGATE_PUBLIC tempPublic;
 
334
        TSS_RESULT result;
 
335
 
 
336
        if ((result = TCS_API(hContext)->Delegate_ReadTable(hContext, &familyTableSize,
 
337
                                                            &familyTable, &delegateTableSize,
 
338
                                                            &delegateTable)))
 
339
                goto done;
 
340
 
 
341
        for (offset = 0; offset < delegateTableSize;) {
 
342
                Trspi_UnloadBlob_UINT32(&offset, &tpmIndex, delegateTable);
 
343
                if (tpmIndex == index) {
 
344
                        result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&offset, delegateTable, public);
 
345
                        goto done;
 
346
                } else {
 
347
                        if ((result = Trspi_UnloadBlob_TPM_DELEGATE_PUBLIC(&offset, delegateTable, &tempPublic)))
 
348
                                goto done;
 
349
                }
 
350
 
 
351
                free(tempPublic.pcrInfo.pcrSelection.pcrSelect);
 
352
        }
 
353
 
 
354
        /* Didn't find a matching index */
 
355
        result = TSPERR(TSS_E_BAD_PARAMETER);
 
356
 
 
357
done:
 
358
        free(familyTable);
 
359
        free(delegateTable);
 
360
 
 
361
        return result;
 
362
}
 
363
 
 
364
TSS_RESULT
 
365
build_delegate_public_info(BYTE           bLabel,
 
366
                           TSS_HPCRS      hPcrs,
 
367
                           TSS_HDELFAMILY hFamily,
 
368
                           TSS_HPOLICY    hDelegation,
 
369
                           UINT32        *publicInfoSize,
 
370
                           BYTE         **publicInfo)
 
371
{
 
372
        TPM_DELEGATE_PUBLIC public;
 
373
        UINT32 delegateType;
 
374
        UINT32 pcrInfoSize;
 
375
        BYTE *pcrInfo = NULL;
 
376
        UINT64 offset;
 
377
        TSS_RESULT result = TSS_SUCCESS;
 
378
 
 
379
        if (hDelegation == NULL_HPOLICY)
 
380
                return TSPERR(TSS_E_BAD_PARAMETER);
 
381
 
 
382
        if ((result = obj_policy_get_delegation_type(hDelegation, &delegateType)))
 
383
                return result;
 
384
 
 
385
        /* This call will create a "null" PCR_INFO_SHORT if hPcrs is null */
 
386
        if ((result = obj_pcrs_create_info_short(hPcrs, &pcrInfoSize, &pcrInfo)))
 
387
                return result;
 
388
 
 
389
        memset(&public, 0, sizeof(public));
 
390
        public.tag = TPM_TAG_DELEGATE_PUBLIC;
 
391
        public.label.label = bLabel;
 
392
        offset = 0;
 
393
        if ((result = Trspi_UnloadBlob_PCR_INFO_SHORT(&offset, pcrInfo, &public.pcrInfo)))
 
394
                goto done;
 
395
        public.permissions.tag = TPM_TAG_DELEGATIONS;
 
396
        public.permissions.delegateType =
 
397
                (delegateType == TSS_DELEGATIONTYPE_OWNER) ? TPM_DEL_OWNER_BITS : TPM_DEL_KEY_BITS;
 
398
        if ((result = obj_policy_get_delegation_per1(hDelegation, &public.permissions.per1)))
 
399
                goto done;
 
400
        if ((result = obj_policy_get_delegation_per2(hDelegation, &public.permissions.per2)))
 
401
                goto done;
 
402
        if ((result = obj_delfamily_get_familyid(hFamily, &public.familyID)))
 
403
                goto done;
 
404
        if ((result = obj_delfamily_get_vercount(hFamily, &public.verificationCount)))
 
405
                goto done;
 
406
 
 
407
        offset = 0;
 
408
        Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(&offset, NULL, &public);
 
409
        *publicInfoSize = offset;
 
410
        *publicInfo = malloc(*publicInfoSize);
 
411
        if (*publicInfo == NULL) {
 
412
                LogError("malloc of %u bytes failed.", *publicInfoSize);
 
413
                result = TSPERR(TSS_E_OUTOFMEMORY);
 
414
                goto done;
 
415
        }
 
416
        offset = 0;
 
417
        Trspi_LoadBlob_TPM_DELEGATE_PUBLIC(&offset, *publicInfo, &public);
 
418
 
 
419
done:
 
420
        free(pcrInfo);
 
421
        free(public.pcrInfo.pcrSelection.pcrSelect);
 
422
 
 
423
        return result;
 
424
}
 
425
 
 
426
#ifdef TSS_BUILD_TRANSPORT
 
427
TSS_RESULT
 
428
Transport_Delegate_Manage(TSS_HCONTEXT tspContext,              /* in */
 
429
                          TPM_FAMILY_ID familyID,             /* in */
 
430
                          TPM_FAMILY_OPERATION opFlag,        /* in */
 
431
                          UINT32 opDataSize,                  /* in */
 
432
                          BYTE *opData,                       /* in */
 
433
                          TPM_AUTH *ownerAuth,                /* in, out */
 
434
                          UINT32 *retDataSize,                /* out */
 
435
                          BYTE **retData)                     /* out */
 
436
{
 
437
        TSS_RESULT result;
 
438
        UINT32 handlesLen = 0, decLen, dataLen;
 
439
        UINT64 offset;
 
440
        BYTE *data, *dec;
 
441
 
 
442
 
 
443
        if ((result = obj_context_transport_init(tspContext)))
 
444
                return result;
 
445
 
 
446
        LogDebugFn("Executing in a transport session");
 
447
 
 
448
        dataLen = sizeof(TPM_FAMILY_ID)
 
449
                  + sizeof(TPM_FAMILY_OPERATION)
 
450
                  + sizeof(UINT32)
 
451
                  + opDataSize;
 
452
        if ((data = malloc(dataLen)) == NULL) {
 
453
                LogError("malloc of %u bytes failed", dataLen);
 
454
                return TSPERR(TSS_E_OUTOFMEMORY);
 
455
        }
 
456
 
 
457
        offset = 0;
 
458
        Trspi_LoadBlob_UINT32(&offset, familyID, data);
 
459
        Trspi_LoadBlob_UINT32(&offset, opFlag, data);
 
460
        Trspi_LoadBlob_UINT32(&offset, opDataSize, data);
 
461
        Trspi_LoadBlob(&offset, opDataSize, data, opData);
 
462
 
 
463
        if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_Manage, dataLen,
 
464
                                                    data, NULL, &handlesLen, NULL, ownerAuth,
 
465
                                                    NULL, &decLen, &dec))) {
 
466
                free(data);
 
467
                return result;
 
468
        }
 
469
        free(data);
 
470
 
 
471
        offset = 0;
 
472
        Trspi_UnloadBlob_UINT32(&offset, retDataSize, dec);
 
473
 
 
474
        if ((*retData = malloc(*retDataSize)) == NULL) {
 
475
                free(dec);
 
476
                LogError("malloc of %u bytes failed", *retDataSize);
 
477
                *retDataSize = 0;
 
478
                return TSPERR(TSS_E_OUTOFMEMORY);
 
479
        }
 
480
        Trspi_UnloadBlob(&offset, *retDataSize, dec, *retData);
 
481
 
 
482
        free(dec);
 
483
 
 
484
        return result;
 
485
}
 
486
 
 
487
TSS_RESULT
 
488
Transport_Delegate_CreateKeyDelegation(TSS_HCONTEXT tspContext,         /* in */
 
489
                                       TCS_KEY_HANDLE hKey,           /* in */
 
490
                                       UINT32 publicInfoSize,         /* in */
 
491
                                       BYTE *publicInfo,              /* in */
 
492
                                       TPM_ENCAUTH *encDelAuth,        /* in */
 
493
                                       TPM_AUTH *keyAuth,             /* in, out */
 
494
                                       UINT32 *blobSize,              /* out */
 
495
                                       BYTE **blob)                   /* out */
 
496
{
 
497
        TSS_RESULT result;
 
498
        UINT32 handlesLen, decLen, dataLen;
 
499
        TCS_HANDLE *handles, handle;
 
500
        TPM_DIGEST pubKeyHash;
 
501
        Trspi_HashCtx hashCtx;
 
502
        UINT64 offset;
 
503
        BYTE *data, *dec;
 
504
 
 
505
 
 
506
        if ((result = obj_context_transport_init(tspContext)))
 
507
                return result;
 
508
 
 
509
        LogDebugFn("Executing in a transport session");
 
510
 
 
511
        if ((result = obj_tcskey_get_pubkeyhash(hKey, pubKeyHash.digest)))
 
512
                return result;
 
513
 
 
514
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
515
        result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest);
 
516
        if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest)))
 
517
                return result;
 
518
 
 
519
        handlesLen = 1;
 
520
        handle = hKey;
 
521
        handles = &handle;
 
522
 
 
523
        dataLen = publicInfoSize + sizeof(TPM_ENCAUTH);
 
524
        if ((data = malloc(dataLen)) == NULL) {
 
525
                LogError("malloc of %u bytes failed", dataLen);
 
526
                return TSPERR(TSS_E_OUTOFMEMORY);
 
527
        }
 
528
 
 
529
        offset = 0;
 
530
        Trspi_LoadBlob(&offset, publicInfoSize, data, publicInfo);
 
531
        Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encDelAuth->authdata);
 
532
 
 
533
        if ((result = obj_context_transport_execute(tspContext,
 
534
                                                    TPM_ORD_Delegate_CreateKeyDelegation, dataLen,
 
535
                                                    data, &pubKeyHash, &handlesLen, &handles,
 
536
                                                    keyAuth, NULL, &decLen, &dec))) {
 
537
                free(data);
 
538
                return result;
 
539
        }
 
540
        free(data);
 
541
 
 
542
        offset = 0;
 
543
        Trspi_UnloadBlob_UINT32(&offset, blobSize, dec);
 
544
 
 
545
        if ((*blob = malloc(*blobSize)) == NULL) {
 
546
                free(dec);
 
547
                LogError("malloc of %u bytes failed", *blobSize);
 
548
                *blobSize = 0;
 
549
                return TSPERR(TSS_E_OUTOFMEMORY);
 
550
        }
 
551
        Trspi_UnloadBlob(&offset, *blobSize, dec, *blob);
 
552
 
 
553
        free(dec);
 
554
 
 
555
        return result;
 
556
}
 
557
 
 
558
TSS_RESULT
 
559
Transport_Delegate_CreateOwnerDelegation(TSS_HCONTEXT tspContext,       /* in */
 
560
                                         TSS_BOOL increment,          /* in */
 
561
                                         UINT32 publicInfoSize,       /* in */
 
562
                                         BYTE *publicInfo,            /* in */
 
563
                                         TPM_ENCAUTH *encDelAuth,      /* in */
 
564
                                         TPM_AUTH *ownerAuth,         /* in, out */
 
565
                                         UINT32 *blobSize,            /* out */
 
566
                                         BYTE **blob)                 /* out */
 
567
{
 
568
        TSS_RESULT result;
 
569
        UINT32 handlesLen = 0, decLen, dataLen;
 
570
        UINT64 offset;
 
571
        BYTE *data, *dec;
 
572
 
 
573
 
 
574
        if ((result = obj_context_transport_init(tspContext)))
 
575
                return result;
 
576
 
 
577
        LogDebugFn("Executing in a transport session");
 
578
 
 
579
        dataLen = sizeof(TSS_BOOL) + publicInfoSize + sizeof(TPM_ENCAUTH);
 
580
        if ((data = malloc(dataLen)) == NULL) {
 
581
                LogError("malloc of %u bytes failed", dataLen);
 
582
                return TSPERR(TSS_E_OUTOFMEMORY);
 
583
        }
 
584
 
 
585
        offset = 0;
 
586
        Trspi_LoadBlob_BOOL(&offset, increment, data);
 
587
        Trspi_LoadBlob(&offset, publicInfoSize, data, publicInfo);
 
588
        Trspi_LoadBlob(&offset, sizeof(TPM_ENCAUTH), data, encDelAuth->authdata);
 
589
 
 
590
        if ((result = obj_context_transport_execute(tspContext,
 
591
                                                    TPM_ORD_Delegate_CreateOwnerDelegation, dataLen,
 
592
                                                    data, NULL, &handlesLen, NULL, ownerAuth,
 
593
                                                    NULL, &decLen, &dec))) {
 
594
                free(data);
 
595
                return result;
 
596
        }
 
597
        free(data);
 
598
 
 
599
        offset = 0;
 
600
        Trspi_UnloadBlob_UINT32(&offset, blobSize, dec);
 
601
 
 
602
        if ((*blob = malloc(*blobSize)) == NULL) {
 
603
                free(dec);
 
604
                LogError("malloc of %u bytes failed", *blobSize);
 
605
                *blobSize = 0;
 
606
                return TSPERR(TSS_E_OUTOFMEMORY);
 
607
        }
 
608
        Trspi_UnloadBlob(&offset, *blobSize, dec, *blob);
 
609
 
 
610
        free(dec);
 
611
 
 
612
        return result;
 
613
}
 
614
 
 
615
TSS_RESULT
 
616
Transport_Delegate_LoadOwnerDelegation(TSS_HCONTEXT tspContext, /* in */
 
617
                                       TPM_DELEGATE_INDEX index,      /* in */
 
618
                                       UINT32 blobSize,               /* in */
 
619
                                       BYTE *blob,                    /* in */
 
620
                                       TPM_AUTH *ownerAuth)           /* in, out */
 
621
{
 
622
        TSS_RESULT result;
 
623
        UINT32 handlesLen = 0, dataLen;
 
624
        UINT64 offset;
 
625
        BYTE *data;
 
626
 
 
627
 
 
628
        if ((result = obj_context_transport_init(tspContext)))
 
629
                return result;
 
630
 
 
631
        LogDebugFn("Executing in a transport session");
 
632
 
 
633
        dataLen = sizeof(TPM_DELEGATE_INDEX) + sizeof(UINT32) + blobSize;
 
634
        if ((data = malloc(dataLen)) == NULL) {
 
635
                LogError("malloc of %u bytes failed", dataLen);
 
636
                return TSPERR(TSS_E_OUTOFMEMORY);
 
637
        }
 
638
 
 
639
        offset = 0;
 
640
        Trspi_LoadBlob_UINT32(&offset, index, data);
 
641
        Trspi_LoadBlob_UINT32(&offset, blobSize, data);
 
642
        Trspi_LoadBlob(&offset, blobSize, data, blob);
 
643
 
 
644
        if ((result = obj_context_transport_execute(tspContext,
 
645
                                                    TPM_ORD_Delegate_LoadOwnerDelegation, dataLen,
 
646
                                                    data, NULL, &handlesLen, NULL, ownerAuth,
 
647
                                                    NULL, NULL, NULL))) {
 
648
                free(data);
 
649
                return result;
 
650
        }
 
651
        free(data);
 
652
 
 
653
        return result;
 
654
}
 
655
 
 
656
TSS_RESULT
 
657
Transport_Delegate_ReadTable(TSS_HCONTEXT tspContext,           /* in */
 
658
                             UINT32 *familyTableSize,         /* out */
 
659
                             BYTE **familyTable,              /* out */
 
660
                             UINT32 *delegateTableSize,       /* out */
 
661
                             BYTE **delegateTable)            /* out */
 
662
{
 
663
        TSS_RESULT result;
 
664
        UINT32 handlesLen = 0, decLen;
 
665
        UINT64 offset;
 
666
        BYTE *dec;
 
667
 
 
668
 
 
669
        if ((result = obj_context_transport_init(tspContext)))
 
670
                return result;
 
671
 
 
672
        LogDebugFn("Executing in a transport session");
 
673
 
 
674
        if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_ReadTable, 0, NULL,
 
675
                                                    NULL, &handlesLen, NULL, NULL, NULL, &decLen,
 
676
                                                    &dec)))
 
677
                return result;
 
678
 
 
679
        offset = 0;
 
680
        Trspi_UnloadBlob_UINT32(&offset, familyTableSize, dec);
 
681
 
 
682
        if ((*familyTable = malloc(*familyTableSize)) == NULL) {
 
683
                free(dec);
 
684
                LogError("malloc of %u bytes failed", *familyTableSize);
 
685
                *familyTableSize = 0;
 
686
                return TSPERR(TSS_E_OUTOFMEMORY);
 
687
        }
 
688
        Trspi_UnloadBlob(&offset, *familyTableSize, dec, *familyTable);
 
689
 
 
690
        Trspi_UnloadBlob_UINT32(&offset, delegateTableSize, dec);
 
691
 
 
692
        if ((*delegateTable = malloc(*delegateTableSize)) == NULL) {
 
693
                free(dec);
 
694
                free(*familyTable);
 
695
                *familyTable = NULL;
 
696
                *familyTableSize = 0;
 
697
                LogError("malloc of %u bytes failed", *delegateTableSize);
 
698
                *delegateTableSize = 0;
 
699
                return TSPERR(TSS_E_OUTOFMEMORY);
 
700
        }
 
701
        Trspi_UnloadBlob(&offset, *delegateTableSize, dec, *delegateTable);
 
702
 
 
703
        free(dec);
 
704
 
 
705
        return result;
 
706
}
 
707
 
 
708
TSS_RESULT
 
709
Transport_Delegate_UpdateVerificationCount(TSS_HCONTEXT tspContext,     /* in */
 
710
                                           UINT32 inputSize,          /* in */
 
711
                                           BYTE *input,               /* in */
 
712
                                           TPM_AUTH *ownerAuth,       /* in, out */
 
713
                                           UINT32 *outputSize,        /* out */
 
714
                                           BYTE **output)             /* out */
 
715
{
 
716
        TSS_RESULT result;
 
717
        UINT32 handlesLen = 0, decLen, dataLen;
 
718
        UINT64 offset;
 
719
        BYTE *data, *dec;
 
720
 
 
721
 
 
722
        if ((result = obj_context_transport_init(tspContext)))
 
723
                return result;
 
724
 
 
725
        LogDebugFn("Executing in a transport session");
 
726
 
 
727
        dataLen = sizeof(UINT32) + inputSize;
 
728
        if ((data = malloc(dataLen)) == NULL) {
 
729
                LogError("malloc of %u bytes failed", dataLen);
 
730
                return TSPERR(TSS_E_OUTOFMEMORY);
 
731
        }
 
732
 
 
733
        offset = 0;
 
734
        Trspi_LoadBlob_UINT32(&offset, inputSize, data);
 
735
        Trspi_LoadBlob(&offset, inputSize, data, input);
 
736
 
 
737
        if ((result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_UpdateVerification,
 
738
                                                    dataLen, data, NULL, &handlesLen, NULL,
 
739
                                                    ownerAuth, NULL, &decLen, &dec))) {
 
740
                free(data);
 
741
                return result;
 
742
        }
 
743
        free(data);
 
744
 
 
745
 
 
746
        offset = 0;
 
747
        Trspi_UnloadBlob_UINT32(&offset, outputSize, dec);
 
748
 
 
749
        if ((*output = malloc(*outputSize)) == NULL) {
 
750
                free(dec);
 
751
                LogError("malloc of %u bytes failed", *outputSize);
 
752
                *outputSize = 0;
 
753
                return TSPERR(TSS_E_OUTOFMEMORY);
 
754
        }
 
755
        Trspi_UnloadBlob(&offset, *outputSize, dec, *output);
 
756
 
 
757
        free(dec);
 
758
 
 
759
        return result;
 
760
}
 
761
 
 
762
TSS_RESULT
 
763
Transport_Delegate_VerifyDelegation(TSS_HCONTEXT tspContext,    /* in */
 
764
                                    UINT32 delegateSize,      /* in */
 
765
                                    BYTE *delegate)           /* in */
 
766
{
 
767
        TSS_RESULT result;
 
768
        UINT32 handlesLen = 0, dataLen;
 
769
        UINT64 offset;
 
770
        BYTE *data;
 
771
 
 
772
 
 
773
        if ((result = obj_context_transport_init(tspContext)))
 
774
                return result;
 
775
 
 
776
        LogDebugFn("Executing in a transport session");
 
777
 
 
778
        dataLen = + sizeof(UINT32) + delegateSize;
 
779
        if ((data = malloc(dataLen)) == NULL) {
 
780
                LogError("malloc of %u bytes failed", dataLen);
 
781
                return TSPERR(TSS_E_OUTOFMEMORY);
 
782
        }
 
783
 
 
784
        offset = 0;
 
785
        Trspi_LoadBlob_UINT32(&offset, delegateSize, data);
 
786
        Trspi_LoadBlob(&offset, delegateSize, data, delegate);
 
787
 
 
788
        result = obj_context_transport_execute(tspContext, TPM_ORD_Delegate_VerifyDelegation,
 
789
                                               dataLen, data, NULL, &handlesLen, NULL, NULL, NULL,
 
790
                                               NULL, NULL);
 
791
        free(data);
 
792
 
 
793
        return result;
 
794
}
 
795
 
 
796
TSS_RESULT
 
797
Transport_DSAP(TSS_HCONTEXT tspContext,         /* in */
 
798
               TPM_ENTITY_TYPE entityType,      /* in */
 
799
               TCS_KEY_HANDLE keyHandle,        /* in */
 
800
               TPM_NONCE *nonceOddDSAP,         /* in */
 
801
               UINT32 entityValueSize,          /* in */
 
802
               BYTE * entityValue,              /* in */
 
803
               TCS_AUTHHANDLE *authHandle,      /* out */
 
804
               TPM_NONCE *nonceEven,            /* out */
 
805
               TPM_NONCE *nonceEvenDSAP)        /* out */
 
806
{
 
807
        TSS_RESULT result;
 
808
        UINT32 handlesLen, dataLen, decLen;
 
809
        TCS_HANDLE *handles, handle;
 
810
        TPM_DIGEST pubKeyHash;
 
811
        Trspi_HashCtx hashCtx;
 
812
        UINT64 offset;
 
813
        BYTE *data, *dec;
 
814
 
 
815
 
 
816
        if ((result = obj_context_transport_init(tspContext)))
 
817
                return result;
 
818
 
 
819
        LogDebugFn("Executing in a transport session");
 
820
 
 
821
        if ((result = obj_tcskey_get_pubkeyhash(keyHandle, pubKeyHash.digest)))
 
822
                return result;
 
823
 
 
824
        result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
 
825
        result |= Trspi_Hash_DIGEST(&hashCtx, pubKeyHash.digest);
 
826
        if ((result |= Trspi_HashFinal(&hashCtx, pubKeyHash.digest)))
 
827
                return result;
 
828
 
 
829
        dataLen = sizeof(TPM_ENTITY_TYPE) + sizeof(TPM_KEY_HANDLE)
 
830
                                          + sizeof(TPM_NONCE)
 
831
                                          + sizeof(UINT32)
 
832
                                          + entityValueSize;
 
833
        if ((data = malloc(dataLen)) == NULL) {
 
834
                LogError("malloc of %u bytes failed", dataLen);
 
835
                return TSPERR(TSS_E_OUTOFMEMORY);
 
836
        }
 
837
 
 
838
        handlesLen = 1;
 
839
        handle = keyHandle;
 
840
        handles = &handle;
 
841
 
 
842
        offset = 0;
 
843
        Trspi_LoadBlob_UINT32(&offset, entityType, data);
 
844
        Trspi_LoadBlob_UINT32(&offset, keyHandle, data);
 
845
        Trspi_LoadBlob(&offset, sizeof(TPM_NONCE), data, nonceEvenDSAP->nonce);
 
846
        Trspi_LoadBlob_UINT32(&offset, entityValueSize, data);
 
847
        Trspi_LoadBlob(&offset, entityValueSize, data, entityValue);
 
848
 
 
849
        if ((result = obj_context_transport_execute(tspContext, TPM_ORD_DSAP, dataLen, data,
 
850
                                                    &pubKeyHash, &handlesLen, &handles, NULL, NULL,
 
851
                                                    &decLen, &dec))) {
 
852
                free(data);
 
853
                return result;
 
854
        }
 
855
        free(data);
 
856
 
 
857
        offset = 0;
 
858
        Trspi_UnloadBlob_UINT32(&offset, authHandle, dec);
 
859
 
 
860
        Trspi_UnloadBlob(&offset, sizeof(TPM_NONCE), dec, nonceEven->nonce);
 
861
        Trspi_UnloadBlob(&offset, sizeof(TPM_NONCE), dec, nonceEvenDSAP->nonce);
 
862
 
 
863
 
 
864
        return result;
 
865
}
 
866
#endif