1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004-2006
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <unistd.h>
16 #include <sys/types.h>
17 #include <sys/mman.h>
18 #include <errno.h>
19
20 #include "trousers/tss.h"
21 #include "trousers/trousers.h"
22 #include "trousers_types.h"
23 #include "trousers_types.h"
24 #include "spi_utils.h"
25 #include "capabilities.h"
26 #include "tsplog.h"
27 #include "obj.h"
28
29
30 TSS_UUID NULL_UUID = { 0, 0, 0, 0, 0, { 0, 0, 0, 0, 0, 0 } };
31
32 TSS_VERSION VERSION_1_1 = { 1, 1, 0, 0 };
33
34 struct tcs_api_table tcs_normal_api = {
35 #ifdef TSS_BUILD_KEY
36 .LoadKeyByBlob = RPC_LoadKeyByBlob,
37 .EvictKey = RPC_EvictKey,
38 .CreateWrapKey = RPC_CreateWrapKey,
39 .GetPubKey = RPC_GetPubKey,
40 #ifdef TSS_BUILD_TSS12
41 .OwnerReadInternalPub = RPC_OwnerReadInternalPub,
42 #endif
43 #ifdef TSS_BUILD_CERTIFY
44 .CertifyKey = RPC_CertifyKey,
45 #endif
46 #endif
47 #ifdef TSS_BUILD_OWN
48 .OwnerClear = RPC_OwnerClear,
49 .ForceClear = RPC_ForceClear,
50 #endif
51 #ifdef TSS_BUILD_AUTH
52 .TerminateHandle = RPC_TerminateHandle,
53 .OIAP = RPC_OIAP,
54 .OSAP = RPC_OSAP,
55 #endif
56 #ifdef TSS_BUILD_CHANGEAUTH
57 .ChangeAuth = RPC_ChangeAuth,
58 .ChangeAuthOwner = RPC_ChangeAuthOwner,
59 .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
60 .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
61 #endif
62 #ifdef TSS_BUILD_AIK
63 .ActivateTPMIdentity = RPC_ActivateTPMIdentity,
64 #endif
65 #ifdef TSS_BUILD_PCR_EXTEND
66 .Extend = RPC_Extend,
67 .PcrRead = RPC_PcrRead,
68 .PcrReset = RPC_PcrReset,
69 #endif
70 #ifdef TSS_BUILD_QUOTE
71 .Quote = RPC_Quote,
72 #endif
73 #ifdef TSS_BUILD_QUOTE2
74 .Quote2 = RPC_Quote2,
75 #endif
76 #ifdef TSS_BUILD_DIR
77 .DirWriteAuth = RPC_DirWriteAuth,
78 .DirRead = RPC_DirRead,
79 #endif
80 #ifdef TSS_BUILD_SEAL
81 .Seal = RPC_Seal,
82 .Unseal = RPC_Unseal,
83 #ifdef TSS_BUILD_SEALX
84 .Sealx = RPC_Sealx,
85 #endif
86 #endif
87 #ifdef TSS_BUILD_BIND
88 .UnBind = RPC_UnBind,
89 #endif
90 #ifdef TSS_BUILD_MIGRATION
91 .CreateMigrationBlob = RPC_CreateMigrationBlob,
92 .ConvertMigrationBlob = RPC_ConvertMigrationBlob,
93 .AuthorizeMigrationKey = RPC_AuthorizeMigrationKey,
94 #endif
95 #ifdef TSS_BUILD_SIGN
96 .Sign = RPC_Sign,
97 #endif
98 #ifdef TSS_BUILD_RANDOM
99 .GetRandom = RPC_GetRandom,
100 .StirRandom = RPC_StirRandom,
101 #endif
102 #ifdef TSS_BUILD_CAPS_TPM
103 .GetTPMCapability = RPC_GetTPMCapability,
104 .SetCapability = RPC_SetCapability,
105 .GetCapabilityOwner = RPC_GetCapabilityOwner,
106 #endif
107 #ifdef TSS_BUILD_EK
108 .CreateEndorsementKeyPair = RPC_CreateEndorsementKeyPair,
109 .ReadPubek = RPC_ReadPubek,
110 .OwnerReadPubek = RPC_OwnerReadPubek,
111 #endif
112 #ifdef TSS_BUILD_SELFTEST
113 .SelfTestFull = RPC_SelfTestFull,
114 .CertifySelfTest = RPC_CertifySelfTest,
115 .GetTestResult = RPC_GetTestResult,
116 #endif
117 #ifdef TSS_BUILD_ADMIN
118 .SetOwnerInstall = RPC_SetOwnerInstall,
119 .DisablePubekRead = RPC_DisablePubekRead,
120 .OwnerSetDisable = RPC_OwnerSetDisable,
121 .DisableOwnerClear = RPC_DisableOwnerClear,
122 .DisableForceClear = RPC_DisableForceClear,
123 .PhysicalDisable = RPC_PhysicalDisable,
124 .PhysicalEnable = RPC_PhysicalEnable,
125 .PhysicalSetDeactivated = RPC_PhysicalSetDeactivated,
126 .PhysicalPresence = RPC_PhysicalPresence,
127 .SetTempDeactivated = RPC_SetTempDeactivated,
128 #ifdef TSS_BUILD_TSS12
129 .SetTempDeactivated2 = RPC_SetTempDeactivated2,
130 .ResetLockValue = RPC_ResetLockValue,
131 #endif
132 #endif
133 #ifdef TSS_BUILD_MAINT
134 .CreateMaintenanceArchive = RPC_CreateMaintenanceArchive,
135 .LoadMaintenanceArchive = RPC_LoadMaintenanceArchive,
136 .KillMaintenanceFeature = RPC_KillMaintenanceFeature,
137 .LoadManuMaintPub = RPC_LoadManuMaintPub,
138 .ReadManuMaintPub = RPC_ReadManuMaintPub,
139 #endif
140 #ifdef TSS_BUILD_DAA
141 .DaaJoin = RPC_DaaJoin,
142 .DaaSign = RPC_DaaSign,
143 #endif
144 #ifdef TSS_BUILD_COUNTER
145 .ReadCounter = RPC_ReadCounter,
146 .CreateCounter = RPC_CreateCounter,
147 .IncrementCounter = RPC_IncrementCounter,
148 .ReleaseCounter = RPC_ReleaseCounter,
149 .ReleaseCounterOwner = RPC_ReleaseCounterOwner,
150 #endif
151 #ifdef TSS_BUILD_TICK
152 .ReadCurrentTicks = RPC_ReadCurrentTicks,
153 .TickStampBlob = RPC_TickStampBlob,
154 #endif
155 #ifdef TSS_BUILD_NV
156 .NV_DefineOrReleaseSpace = RPC_NV_DefineOrReleaseSpace,
157 .NV_WriteValue = RPC_NV_WriteValue,
158 .NV_WriteValueAuth = RPC_NV_WriteValueAuth,
159 .NV_ReadValue = RPC_NV_ReadValue,
160 .NV_ReadValueAuth = RPC_NV_ReadValueAuth,
161 #endif
162 #ifdef TSS_BUILD_AUDIT
163 .SetOrdinalAuditStatus = RPC_SetOrdinalAuditStatus,
164 .GetAuditDigest = RPC_GetAuditDigest,
165 .GetAuditDigestSigned = RPC_GetAuditDigestSigned,
166 #endif
167 #ifdef TSS_BUILD_TSS12
168 .SetOperatorAuth = RPC_SetOperatorAuth,
169 .FlushSpecific = RPC_FlushSpecific,
170 #endif
171 #ifdef TSS_BUILD_DELEGATION
172 .Delegate_Manage = RPC_Delegate_Manage,
173 .Delegate_CreateKeyDelegation = RPC_Delegate_CreateKeyDelegation,
174 .Delegate_CreateOwnerDelegation = RPC_Delegate_CreateOwnerDelegation,
175 .Delegate_LoadOwnerDelegation = RPC_Delegate_LoadOwnerDelegation,
176 .Delegate_ReadTable = RPC_Delegate_ReadTable,
177 .Delegate_UpdateVerificationCount = RPC_Delegate_UpdateVerificationCount,
178 .Delegate_VerifyDelegation = RPC_Delegate_VerifyDelegation,
179 .DSAP = RPC_DSAP,
180 #endif
181 .FieldUpgrade = RPC_FieldUpgrade,
182 .SetRedirection = RPC_SetRedirection,
183 };
184
185 #ifdef TSS_BUILD_TRANSPORT
186 struct tcs_api_table tcs_transport_api = {
187 #ifdef TSS_BUILD_KEY
188 .LoadKeyByBlob = Transport_LoadKeyByBlob,
189 .EvictKey = Transport_EvictKey,
190 .CreateWrapKey = Transport_CreateWrapKey,
191 .GetPubKey = Transport_GetPubKey,
192 #ifdef TSS_BUILD_TSS12
193 .OwnerReadInternalPub = Transport_OwnerReadInternalPub,
194 #endif
195 #ifdef TSS_BUILD_CERTIFY
196 .CertifyKey = Transport_CertifyKey,
197 #endif
198 #endif
199 #ifdef TSS_BUILD_OWN
200 .OwnerClear = Transport_OwnerClear,
201 .ForceClear = Transport_ForceClear,
202 #endif
203 #ifdef TSS_BUILD_AUTH
204 .OIAP = Transport_OIAP,
205 .OSAP = Transport_OSAP,
206 .TerminateHandle = Transport_TerminateHandle,
207 #endif
208 #ifdef TSS_BUILD_CHANGEAUTH
209 .ChangeAuth = Transport_ChangeAuth,
210 .ChangeAuthOwner = Transport_ChangeAuthOwner,
211 .ChangeAuthAsymStart = RPC_ChangeAuthAsymStart,
212 .ChangeAuthAsymFinish = RPC_ChangeAuthAsymFinish,
213 #endif
214 #ifdef TSS_BUILD_AIK
215 .ActivateTPMIdentity = Transport_ActivateTPMIdentity,
216 #endif
217 #ifdef TSS_BUILD_PCR_EXTEND
218 .Extend = Transport_Extend,
219 .PcrRead = Transport_PcrRead,
220 .PcrReset = Transport_PcrReset,
221 #endif
222 #ifdef TSS_BUILD_QUOTE
223 .Quote = Transport_Quote,
224 #endif
225 #ifdef TSS_BUILD_QUOTE2
226 .Quote2 = Transport_Quote2,
227 #endif
228 #ifdef TSS_BUILD_DIR
229 .DirWriteAuth = Transport_DirWriteAuth,
230 .DirRead = Transport_DirRead,
231 #endif
232 #ifdef TSS_BUILD_SEAL
233 .Seal = Transport_Seal,
234 .Sealx = Transport_Sealx,
235 .Unseal = Transport_Unseal,
236 #endif
237 #ifdef TSS_BUILD_BIND
238 .UnBind = Transport_UnBind,
239 #endif
240 #ifdef TSS_BUILD_MIGRATION
241 .CreateMigrationBlob = Transport_CreateMigrationBlob,
242 .ConvertMigrationBlob = Transport_ConvertMigrationBlob,
243 .AuthorizeMigrationKey = Transport_AuthorizeMigrationKey,
244 #endif
245 #ifdef TSS_BUILD_SIGN
246 .Sign = Transport_Sign,
247 #endif
248 #ifdef TSS_BUILD_RANDOM
249 .GetRandom = Transport_GetRandom,
250 .StirRandom = Transport_StirRandom,
251 #endif
252 #ifdef TSS_BUILD_CAPS_TPM
253 .GetTPMCapability = Transport_GetTPMCapability,
254 .SetCapability = Transport_SetCapability,
255 .GetCapabilityOwner = Transport_GetCapabilityOwner,
256 #endif
257 #ifdef TSS_BUILD_EK
258 .ReadPubek = RPC_ReadPubek,
259 .OwnerReadPubek = RPC_OwnerReadPubek,
260 #endif
261 #ifdef TSS_BUILD_SELFTEST
262 .SelfTestFull = Transport_SelfTestFull,
263 .CertifySelfTest = Transport_CertifySelfTest,
264 .GetTestResult = Transport_GetTestResult,
265 #endif
266 #ifdef TSS_BUILD_ADMIN
267 .SetOwnerInstall = Transport_SetOwnerInstall,
268 .DisablePubekRead = Transport_DisablePubekRead,
269 .OwnerSetDisable = Transport_OwnerSetDisable,
270 .ResetLockValue = Transport_ResetLockValue,
271 .DisableOwnerClear = Transport_DisableOwnerClear,
272 .DisableForceClear = Transport_DisableForceClear,
273 .PhysicalDisable = Transport_PhysicalDisable,
274 .PhysicalEnable = Transport_PhysicalEnable,
275 .PhysicalSetDeactivated = Transport_PhysicalSetDeactivated,
276 .PhysicalPresence = Transport_PhysicalPresence,
277 .SetTempDeactivated = Transport_SetTempDeactivated,
278 .SetTempDeactivated2 = Transport_SetTempDeactivated2,
279 #endif
280 #ifdef TSS_BUILD_MAINT
281 .CreateMaintenanceArchive = Transport_CreateMaintenanceArchive,
282 .LoadMaintenanceArchive = Transport_LoadMaintenanceArchive,
283 .KillMaintenanceFeature = Transport_KillMaintenanceFeature,
284 .LoadManuMaintPub = Transport_LoadManuMaintPub,
285 .ReadManuMaintPub = Transport_ReadManuMaintPub,
286 #endif
287 #ifdef TSS_BUILD_DAA
288 .DaaJoin = RPC_DaaJoin,
289 .DaaSign = RPC_DaaSign,
290 #endif
291 #ifdef TSS_BUILD_COUNTER
292 .ReadCounter = Transport_ReadCounter,
293 .CreateCounter = RPC_CreateCounter,
294 .IncrementCounter = RPC_IncrementCounter,
295 .ReleaseCounter = RPC_ReleaseCounter,
296 .ReleaseCounterOwner = RPC_ReleaseCounterOwner,
297 #endif
298 #ifdef TSS_BUILD_TICK
299 .ReadCurrentTicks = Transport_ReadCurrentTicks,
300 .TickStampBlob = Transport_TickStampBlob,
301 #endif
302 #ifdef TSS_BUILD_NV
303 .NV_DefineOrReleaseSpace = Transport_NV_DefineOrReleaseSpace,
304 .NV_WriteValue = Transport_NV_WriteValue,
305 .NV_WriteValueAuth = Transport_NV_WriteValueAuth,
306 .NV_ReadValue = Transport_NV_ReadValue,
307 .NV_ReadValueAuth = Transport_NV_ReadValueAuth,
308 #endif
309 #ifdef TSS_BUILD_AUDIT
310 .SetOrdinalAuditStatus = Transport_SetOrdinalAuditStatus,
311 .GetAuditDigest = Transport_GetAuditDigest,
312 .GetAuditDigestSigned = Transport_GetAuditDigestSigned,
313 #endif
314 #ifdef TSS_BUILD_TSS12
315 .SetOperatorAuth = Transport_SetOperatorAuth,
316 .FlushSpecific = Transport_FlushSpecific,
317 #endif
318 #ifdef TSS_BUILD_DELEGATION
319 .Delegate_Manage = Transport_Delegate_Manage,
320 .Delegate_CreateKeyDelegation = Transport_Delegate_CreateKeyDelegation,
321 .Delegate_CreateOwnerDelegation = Transport_Delegate_CreateOwnerDelegation,
322 .Delegate_LoadOwnerDelegation = Transport_Delegate_LoadOwnerDelegation,
323 .Delegate_ReadTable = Transport_Delegate_ReadTable,
324 .Delegate_UpdateVerificationCount = Transport_Delegate_UpdateVerificationCount,
325 .Delegate_VerifyDelegation = Transport_Delegate_VerifyDelegation,
326 .DSAP = Transport_DSAP,
327 #endif
328 .FieldUpgrade = RPC_FieldUpgrade,
329 .SetRedirection = RPC_SetRedirection,
330 };
331 #endif
332
333 UINT16
Decode_UINT16(BYTE * in)334 Decode_UINT16(BYTE * in)
335 {
336 UINT16 temp = 0;
337 temp = (in[1] & 0xFF);
338 temp |= (in[0] << 8);
339 return temp;
340 }
341
342 void
UINT32ToArray(UINT32 i,BYTE * out)343 UINT32ToArray(UINT32 i, BYTE * out)
344 {
345 out[0] = (BYTE) ((i >> 24) & 0xFF);
346 out[1] = (BYTE) ((i >> 16) & 0xFF);
347 out[2] = (BYTE) ((i >> 8) & 0xFF);
348 out[3] = (BYTE) i & 0xFF;
349 }
350
351 void
UINT64ToArray(UINT64 i,BYTE * out)352 UINT64ToArray(UINT64 i, BYTE *out)
353 {
354 out[0] = (BYTE) ((i >> 56) & 0xFF);
355 out[1] = (BYTE) ((i >> 48) & 0xFF);
356 out[2] = (BYTE) ((i >> 40) & 0xFF);
357 out[3] = (BYTE) ((i >> 32) & 0xFF);
358 out[4] = (BYTE) ((i >> 24) & 0xFF);
359 out[5] = (BYTE) ((i >> 16) & 0xFF);
360 out[6] = (BYTE) ((i >> 8) & 0xFF);
361 out[7] = (BYTE) i & 0xFF;
362 }
363
364 void
UINT16ToArray(UINT16 i,BYTE * out)365 UINT16ToArray(UINT16 i, BYTE * out)
366 {
367 out[0] = ((i >> 8) & 0xFF);
368 out[1] = i & 0xFF;
369 }
370
371 UINT64
Decode_UINT64(BYTE * y)372 Decode_UINT64(BYTE *y)
373 {
374 UINT64 x = 0;
375
376 x = y[0];
377 x = ((x << 8) | (y[1] & 0xFF));
378 x = ((x << 8) | (y[2] & 0xFF));
379 x = ((x << 8) | (y[3] & 0xFF));
380 x = ((x << 8) | (y[4] & 0xFF));
381 x = ((x << 8) | (y[5] & 0xFF));
382 x = ((x << 8) | (y[6] & 0xFF));
383 x = ((x << 8) | (y[7] & 0xFF));
384
385 return x;
386 }
387
388 UINT32
Decode_UINT32(BYTE * y)389 Decode_UINT32(BYTE * y)
390 {
391 UINT32 x = 0;
392
393 x = y[0];
394 x = ((x << 8) | (y[1] & 0xFF));
395 x = ((x << 8) | (y[2] & 0xFF));
396 x = ((x << 8) | (y[3] & 0xFF));
397
398 return x;
399 }
400
401 UINT32
get_pcr_event_size(TSS_PCR_EVENT * e)402 get_pcr_event_size(TSS_PCR_EVENT *e)
403 {
404 return (sizeof(TSS_PCR_EVENT) + e->ulEventLength + e->ulPcrValueLength);
405 }
406
407 void
LoadBlob_AUTH(UINT64 * offset,BYTE * blob,TPM_AUTH * auth)408 LoadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth)
409 {
410 Trspi_LoadBlob_UINT32(offset, auth->AuthHandle, blob);
411 Trspi_LoadBlob(offset, 20, blob, auth->NonceOdd.nonce);
412 Trspi_LoadBlob_BOOL(offset, auth->fContinueAuthSession, blob);
413 Trspi_LoadBlob(offset, 20, blob, (BYTE *)&auth->HMAC);
414 }
415
416 void
UnloadBlob_AUTH(UINT64 * offset,BYTE * blob,TPM_AUTH * auth)417 UnloadBlob_AUTH(UINT64 *offset, BYTE *blob, TPM_AUTH *auth)
418 {
419 Trspi_UnloadBlob(offset, 20, blob, auth->NonceEven.nonce);
420 Trspi_UnloadBlob_BOOL(offset, &auth->fContinueAuthSession, blob);
421 Trspi_UnloadBlob(offset, 20, blob, (BYTE *)&auth->HMAC);
422 }
423
424 /* If alloc is true, we allocate a new buffer for the bytes and set *data to that.
425 * If alloc is false, data is really a BYTE*, so write the bytes directly to that buffer */
426 TSS_RESULT
get_local_random(TSS_HCONTEXT tspContext,TSS_BOOL alloc,UINT32 size,BYTE ** data)427 get_local_random(TSS_HCONTEXT tspContext, TSS_BOOL alloc, UINT32 size, BYTE **data)
428 {
429 FILE *f = NULL;
430 BYTE *buf = NULL;
431
432 f = fopen(TSS_LOCAL_RANDOM_DEVICE, "r");
433 if (f == NULL) {
434 LogError("open of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
435 return TSPERR(TSS_E_INTERNAL_ERROR);
436 }
437
438 if (alloc) {
439 buf = calloc_tspi(tspContext, size);
440 if (buf == NULL) {
441 LogError("malloc of %u bytes failed", size);
442 fclose(f);
443 return TSPERR(TSS_E_OUTOFMEMORY);
444 }
445 } else
446 buf = (BYTE *)data;
447
448 if (fread(buf, size, 1, f) == 0) {
449 LogError("fread of %s failed: %s", TSS_LOCAL_RANDOM_DEVICE, strerror(errno));
450 fclose(f);
451 return TSPERR(TSS_E_INTERNAL_ERROR);
452 }
453
454 if (alloc)
455 *data = buf;
456 fclose(f);
457
458 return TSS_SUCCESS;
459 }
460