3
* Licensed Materials - Property of IBM
5
* trousers - An open source TCG Software Stack
7
* (C) Copyright International Business Machines Corp. 2004-2006
16
#include "trousers/tss.h"
17
#include "trousers/trousers.h"
18
#include "trousers_types.h"
19
#include "spi_utils.h"
20
#include "capabilities.h"
26
Tspi_TPM_CreateMaintenanceArchive(TSS_HTPM hTPM, /* in */
27
TSS_BOOL fGenerateRndNumber, /* in */
28
UINT32 * pulRndNumberLength, /* out */
29
BYTE ** prgbRndNumber, /* out */
30
UINT32 * pulArchiveDataLength, /* out */
31
BYTE ** prgbArchiveData) /* out */
34
TSS_HCONTEXT tspContext;
35
TSS_HPOLICY hOwnerPolicy;
38
Trspi_HashCtx hashCtx;
40
if (pulArchiveDataLength == NULL || prgbArchiveData == NULL)
41
return TSPERR(TSS_E_BAD_PARAMETER);
43
if (fGenerateRndNumber &&
44
(pulRndNumberLength == NULL || prgbRndNumber == NULL))
45
return TSPERR(TSS_E_BAD_PARAMETER);
47
if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext)))
50
if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy)))
53
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
54
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CreateMaintenanceArchive);
55
result |= Trspi_Hash_BYTE(&hashCtx, fGenerateRndNumber);
56
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
59
if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_CreateMaintenanceArchive, hOwnerPolicy,
60
FALSE, &digest, &ownerAuth)))
63
if ((result = TCS_API(tspContext)->CreateMaintenanceArchive(tspContext, fGenerateRndNumber,
64
&ownerAuth, pulRndNumberLength,
70
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
71
result |= Trspi_Hash_UINT32(&hashCtx, result);
72
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CreateMaintenanceArchive);
73
result |= Trspi_Hash_UINT32(&hashCtx, *pulRndNumberLength);
74
result |= Trspi_HashUpdate(&hashCtx, *pulRndNumberLength, *prgbRndNumber);
75
result |= Trspi_Hash_UINT32(&hashCtx, *pulArchiveDataLength);
76
result |= Trspi_HashUpdate(&hashCtx, *pulArchiveDataLength, *prgbArchiveData);
77
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
80
if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &ownerAuth)))
83
if ((result = add_mem_entry(tspContext, *prgbRndNumber)))
86
if ((result = add_mem_entry(tspContext, *prgbArchiveData))) {
87
free_tspi(tspContext, *prgbRndNumber);
95
free(*prgbArchiveData);
100
Tspi_TPM_KillMaintenanceFeature(TSS_HTPM hTPM) /* in */
103
TSS_HCONTEXT tspContext;
104
TSS_HPOLICY hOwnerPolicy;
107
Trspi_HashCtx hashCtx;
109
if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext)))
112
if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hOwnerPolicy)))
115
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
116
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_KillMaintenanceFeature);
117
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
120
if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_KillMaintenanceFeature, hOwnerPolicy,
121
FALSE, &digest, &ownerAuth)))
124
if ((result = TCS_API(tspContext)->KillMaintenanceFeature(tspContext, &ownerAuth)))
127
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
128
result |= Trspi_Hash_UINT32(&hashCtx, result);
129
result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_KillMaintenanceFeature);
130
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
133
if ((result = obj_policy_validate_auth_oiap(hOwnerPolicy, &digest, &ownerAuth)))
140
Tspi_TPM_LoadMaintenancePubKey(TSS_HTPM hTPM, /* in */
141
TSS_HKEY hMaintenanceKey, /* in */
142
TSS_VALIDATION * pValidationData) /* in, out */
145
TSS_HCONTEXT tspContext;
146
TCPA_DIGEST checkSum, digest;
150
BYTE hashBlob[512], *pubBlob;
152
if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext)))
155
if (pValidationData == NULL) {
156
if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE),
157
(BYTE **)nonce.nonce)))
160
if (pValidationData->ulExternalDataLength < sizeof(nonce.nonce))
161
return TSPERR(TSS_E_BAD_PARAMETER);
163
memcpy(&nonce.nonce, pValidationData->rgbExternalData, sizeof(nonce.nonce));
166
if ((result = obj_rsakey_get_pub_blob(hMaintenanceKey, &pubBlobSize, &pubBlob)))
169
if ((result = TCS_API(tspContext)->LoadManuMaintPub(tspContext, nonce, pubBlobSize, pubBlob,
174
Trspi_LoadBlob(&offset, pubBlobSize, hashBlob, pubBlob);
175
Trspi_LoadBlob(&offset, TCPA_SHA1_160_HASH_LEN, hashBlob, (BYTE *)&nonce.nonce);
177
if (pValidationData == NULL) {
178
if ((result = Trspi_Hash(TSS_HASH_SHA1, offset, hashBlob, digest.digest)))
181
if (memcmp(&digest.digest, &checkSum.digest, TCPA_SHA1_160_HASH_LEN))
182
result = TSPERR(TSS_E_FAIL);
184
if ((pValidationData->rgbData = calloc_tspi(tspContext, offset)) == NULL)
185
return TSPERR(TSS_E_OUTOFMEMORY);
187
pValidationData->ulDataLength = offset;
188
memcpy(pValidationData->rgbData, hashBlob, offset);
190
if ((pValidationData->rgbValidationData = calloc_tspi(tspContext,
191
TPM_SHA1_160_HASH_LEN))
193
free_tspi(tspContext, pValidationData->rgbData);
194
pValidationData->rgbData = NULL;
195
pValidationData->ulDataLength = 0;
196
return TSPERR(TSS_E_OUTOFMEMORY);
198
pValidationData->ulValidationDataLength = TCPA_SHA1_160_HASH_LEN;
200
memcpy(pValidationData->rgbValidationData, checkSum.digest, TCPA_SHA1_160_HASH_LEN);
207
Tspi_TPM_CheckMaintenancePubKey(TSS_HTPM hTPM, /* in */
208
TSS_HKEY hMaintenanceKey, /* in */
209
TSS_VALIDATION * pValidationData) /* in, out */
212
TSS_HCONTEXT tspContext;
213
TCPA_DIGEST checkSum, digest;
217
Trspi_HashCtx hashCtx;
219
if ((pValidationData && hMaintenanceKey) || (!pValidationData && !hMaintenanceKey))
220
return TSPERR(TSS_E_BAD_PARAMETER);
222
if ((result = obj_tpm_get_tsp_context(hTPM, &tspContext)))
225
if (pValidationData == NULL) {
226
if ((result = get_local_random(tspContext, FALSE, sizeof(TCPA_NONCE),
227
(BYTE **)nonce.nonce)))
230
if (pValidationData->ulExternalDataLength < sizeof(nonce.nonce))
231
return TSPERR(TSS_E_BAD_PARAMETER);
233
memcpy(&nonce.nonce, pValidationData->rgbExternalData, sizeof(nonce.nonce));
236
if ((result = TCS_API(tspContext)->ReadManuMaintPub(tspContext, nonce, &checkSum)))
239
if (pValidationData == NULL) {
240
if ((result = obj_rsakey_get_pub_blob(hMaintenanceKey, &pubBlobSize, &pubBlob)))
243
result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
244
result |= Trspi_HashUpdate(&hashCtx, pubBlobSize, pubBlob);
245
result |= Trspi_HashUpdate(&hashCtx, TCPA_SHA1_160_HASH_LEN, (BYTE *)&nonce.nonce);
246
if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
249
if (memcmp(&digest.digest, &checkSum.digest, TCPA_SHA1_160_HASH_LEN))
250
result = TSPERR(TSS_E_FAIL);
252
free_tspi(tspContext, pubBlob);
254
/* Ignore Data and DataLength, the application must already have this data.
255
* Do, however, copy out the checksum so that the application can verify */
256
if ((pValidationData->rgbValidationData = calloc_tspi(tspContext,
257
TCPA_SHA1_160_HASH_LEN))
259
free_tspi(tspContext, pubBlob);
260
return TSPERR(TSS_E_OUTOFMEMORY);
263
pValidationData->ulValidationDataLength = TCPA_SHA1_160_HASH_LEN;
264
memcpy(pValidationData->rgbValidationData, checkSum.digest, TCPA_SHA1_160_HASH_LEN);