1 
2 /*
3  * Licensed Materials - Property of IBM
4  *
5  * trousers - An open source TCG Software Stack
6  *
7  * (C) Copyright International Business Machines Corp. 2007
8  *
9  */
10 
11 
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 
16 #include "trousers/tss.h"
17 #include "trousers_types.h"
18 #include "tcs_utils.h"
19 #include "tcslog.h"
20 #include "req_mgr.h"
21 
22 TSS_RESULT
TCSP_Delegate_Manage_Internal(TCS_CONTEXT_HANDLE hContext,TPM_FAMILY_ID familyID,TPM_FAMILY_OPERATION opFlag,UINT32 opDataSize,BYTE * opData,TPM_AUTH * ownerAuth,UINT32 * retDataSize,BYTE ** retData)23 TCSP_Delegate_Manage_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
24 			      TPM_FAMILY_ID familyID,		/* in */
25 			      TPM_FAMILY_OPERATION opFlag,	/* in */
26 			      UINT32 opDataSize,		/* in */
27 			      BYTE *opData,			/* in */
28 			      TPM_AUTH *ownerAuth,		/* in/out */
29 			      UINT32 *retDataSize,		/* out */
30 			      BYTE **retData)			/* out */
31 {
32 	TSS_RESULT result;
33 	UINT64 offset = 0;
34 	UINT32 paramSize;
35 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
36 
37 	LogDebugFn("Enter");
38 
39 	if ((result = ctx_verify_context(hContext)))
40 		return result;
41 
42 	if (ownerAuth) {
43 		if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
44 			return result;
45 	}
46 
47 	if ((result = tpm_rqu_build(TPM_ORD_Delegate_Manage, &offset, txBlob, familyID, opFlag,
48 				    opDataSize, opData, ownerAuth)))
49 		goto done;
50 
51 	if ((result = req_mgr_submit_req(txBlob)))
52 		goto done;
53 
54 	result = UnloadBlob_Header(txBlob, &paramSize);
55 	if (!result) {
56 		result = tpm_rsp_parse(TPM_ORD_Delegate_Manage, txBlob, paramSize, retDataSize,
57 				       retData, ownerAuth, NULL);
58 	}
59 
60 	LogResult("Delegate_Manage", result);
61 
62 done:
63 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
64 
65 	return result;
66 }
67 
68 TSS_RESULT
TCSP_Delegate_CreateKeyDelegation_Internal(TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE hKey,UINT32 publicInfoSize,BYTE * publicInfo,TPM_ENCAUTH * encDelAuth,TPM_AUTH * keyAuth,UINT32 * blobSize,BYTE ** blob)69 TCSP_Delegate_CreateKeyDelegation_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
70 					   TCS_KEY_HANDLE hKey,		/* in */
71 					   UINT32 publicInfoSize,	/* in */
72 					   BYTE *publicInfo,		/* in */
73 					   TPM_ENCAUTH *encDelAuth,	/* in */
74 					   TPM_AUTH *keyAuth,		/* in, out */
75 					   UINT32 *blobSize,		/* out */
76 					   BYTE **blob)			/* out */
77 {
78 	TSS_RESULT result;
79 	TCPA_KEY_HANDLE keySlot;
80 	UINT64 offset = 0;
81 	UINT32 paramSize;
82 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
83 
84 	LogDebugFn("Enter");
85 
86 	if ((result = ctx_verify_context(hContext)))
87 		return result;
88 
89 	if (keyAuth) {
90 		if ((result = auth_mgr_check(hContext, &keyAuth->AuthHandle)))
91 			return result;
92 	}
93 
94 	if ((result = ensureKeyIsLoaded(hContext, hKey, &keySlot)))
95 		goto done;
96 
97 	if ((result = tpm_rqu_build(TPM_ORD_Delegate_CreateKeyDelegation, &offset, txBlob, keySlot,
98 				    publicInfoSize, publicInfo, encDelAuth, keyAuth)))
99 		goto done;
100 
101 	if ((result = req_mgr_submit_req(txBlob)))
102 		goto done;
103 
104 	result = UnloadBlob_Header(txBlob, &paramSize);
105 	if (!result) {
106 		result = tpm_rsp_parse(TPM_ORD_Delegate_CreateKeyDelegation, txBlob, paramSize,
107 				       blobSize, blob, keyAuth, NULL);
108 	}
109 
110 	LogResult("Delegate_CreateKeyDelegation", result);
111 
112 done:
113 	auth_mgr_release_auth(keyAuth, NULL, hContext);
114 
115 	return result;
116 }
117 
118 TSS_RESULT
TCSP_Delegate_CreateOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext,TSS_BOOL increment,UINT32 publicInfoSize,BYTE * publicInfo,TPM_ENCAUTH * encDelAuth,TPM_AUTH * ownerAuth,UINT32 * blobSize,BYTE ** blob)119 TCSP_Delegate_CreateOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
120 					     TSS_BOOL increment,		/* in */
121 					     UINT32 publicInfoSize,		/* in */
122 					     BYTE *publicInfo,			/* in */
123 					     TPM_ENCAUTH *encDelAuth,		/* in */
124 					     TPM_AUTH *ownerAuth,		/* in, out */
125 					     UINT32 *blobSize,			/* out */
126 					     BYTE **blob)			/* out */
127 {
128 	TSS_RESULT result;
129 	UINT64 offset = 0;
130 	UINT32 paramSize;
131 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
132 
133 	LogDebugFn("Enter");
134 
135 	if ((result = ctx_verify_context(hContext)))
136 		return result;
137 
138 	if (ownerAuth) {
139 		if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
140 			return result;
141 	}
142 
143 	if ((result = tpm_rqu_build(TPM_ORD_Delegate_CreateOwnerDelegation, &offset, txBlob,
144 				    increment, publicInfoSize, publicInfo, encDelAuth, ownerAuth)))
145 		goto done;
146 
147 	if ((result = req_mgr_submit_req(txBlob)))
148 		goto done;
149 
150 	result = UnloadBlob_Header(txBlob, &paramSize);
151 	if (!result) {
152 		result = tpm_rsp_parse(TPM_ORD_Delegate_CreateOwnerDelegation, txBlob, paramSize,
153 				       blobSize, blob, ownerAuth, NULL);
154 	}
155 
156 	LogResult("Delegate_CreateOwnerDelegation", result);
157 
158 done:
159 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
160 
161 	return result;
162 }
163 
164 TSS_RESULT
TCSP_Delegate_LoadOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext,TPM_DELEGATE_INDEX index,UINT32 blobSize,BYTE * blob,TPM_AUTH * ownerAuth)165 TCSP_Delegate_LoadOwnerDelegation_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
166 					   TPM_DELEGATE_INDEX index,	/* in */
167 					   UINT32 blobSize,		/* in */
168 					   BYTE *blob,			/* in */
169 					   TPM_AUTH *ownerAuth)		/* in, out */
170 {
171 	TSS_RESULT result;
172 	UINT64 offset = 0;
173 	UINT32 paramSize;
174 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
175 
176 	LogDebugFn("Enter");
177 
178 	if ((result = ctx_verify_context(hContext)))
179 		return result;
180 
181 	if (ownerAuth) {
182 		if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
183 			return result;
184 	}
185 
186 	if ((result = tpm_rqu_build(TPM_ORD_Delegate_LoadOwnerDelegation, &offset, txBlob, index,
187 				    blobSize, blob, ownerAuth)))
188 		goto done;
189 
190 	if ((result = req_mgr_submit_req(txBlob)))
191 		goto done;
192 
193 	result = UnloadBlob_Header(txBlob, &paramSize);
194 	if (!result) {
195 		result = tpm_rsp_parse(TPM_ORD_Delegate_LoadOwnerDelegation, txBlob, paramSize,
196 				       ownerAuth);
197 	}
198 
199 	LogResult("Delegate_LoadOwnerDelegation", result);
200 
201 done:
202 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
203 
204 	return result;
205 }
206 
207 TSS_RESULT
TCSP_Delegate_ReadTable_Internal(TCS_CONTEXT_HANDLE hContext,UINT32 * familyTableSize,BYTE ** familyTable,UINT32 * delegateTableSize,BYTE ** delegateTable)208 TCSP_Delegate_ReadTable_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
209 				 UINT32 *familyTableSize,	/* out */
210 				 BYTE **familyTable,		/* out */
211 				 UINT32 *delegateTableSize,	/* out */
212 				 BYTE **delegateTable)		/* out */
213 {
214 	TSS_RESULT result;
215 	UINT64 offset = 0;
216 	UINT32 paramSize;
217 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
218 
219 	LogDebugFn("Enter");
220 
221 	if ((result = ctx_verify_context(hContext)))
222 		return result;
223 
224 	if ((result = tpm_rqu_build(TPM_ORD_Delegate_ReadTable, &offset, txBlob, NULL)))
225 		return result;
226 
227 	if ((result = req_mgr_submit_req(txBlob)))
228 		return result;
229 
230 	result = UnloadBlob_Header(txBlob, &paramSize);
231 	if (!result) {
232 		result = tpm_rsp_parse(TPM_ORD_Delegate_ReadTable, txBlob, paramSize,
233 				       familyTableSize, familyTable, delegateTableSize,
234 				       delegateTable, NULL, NULL);
235 	}
236 
237 	LogResult("Delegate_ReadTable", result);
238 
239 	return result;
240 }
241 
242 TSS_RESULT
TCSP_Delegate_UpdateVerificationCount_Internal(TCS_CONTEXT_HANDLE hContext,UINT32 inputSize,BYTE * input,TPM_AUTH * ownerAuth,UINT32 * outputSize,BYTE ** output)243 TCSP_Delegate_UpdateVerificationCount_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
244 					       UINT32 inputSize,		/* in */
245 					       BYTE *input,			/* in */
246 					       TPM_AUTH *ownerAuth,		/* in, out */
247 					       UINT32 *outputSize,		/* out */
248 					       BYTE **output)			/* out */
249 {
250 	TSS_RESULT result;
251 	UINT64 offset = 0;
252 	UINT32 paramSize;
253 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
254 
255 	LogDebugFn("Enter");
256 
257 	if ((result = ctx_verify_context(hContext)))
258 		return result;
259 
260 	if (ownerAuth) {
261 		if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle)))
262 			return result;
263 	}
264 
265 	if ((result = tpm_rqu_build(TPM_ORD_Delegate_UpdateVerification, &offset, txBlob, inputSize,
266 				    inputSize, input, ownerAuth, NULL)))
267 		goto done;
268 
269 	if ((result = req_mgr_submit_req(txBlob)))
270 		goto done;
271 
272 	result = UnloadBlob_Header(txBlob, &paramSize);
273 	if (!result) {
274 		result = tpm_rsp_parse(TPM_ORD_Delegate_UpdateVerification, txBlob, paramSize,
275 				       outputSize, output, ownerAuth, NULL);
276 	}
277 
278 	LogResult("Delegate_UpdateVerificationCount", result);
279 
280 done:
281 	auth_mgr_release_auth(ownerAuth, NULL, hContext);
282 
283 	return result;
284 }
285 
286 TSS_RESULT
TCSP_Delegate_VerifyDelegation_Internal(TCS_CONTEXT_HANDLE hContext,UINT32 delegateSize,BYTE * delegate)287 TCSP_Delegate_VerifyDelegation_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
288 					UINT32 delegateSize,		/* in */
289 					BYTE *delegate)			/* in */
290 {
291 	TSS_RESULT result;
292 	UINT64 offset = 0;
293 	UINT32 paramSize;
294 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
295 
296 	LogDebugFn("Enter");
297 
298 	if ((result = ctx_verify_context(hContext)))
299 		return result;
300 
301 	if ((result = tpm_rqu_build(TPM_ORD_Delegate_VerifyDelegation, &offset, txBlob,
302 				    delegateSize, delegateSize, delegate, NULL, NULL)))
303 		return result;
304 
305 	if ((result = req_mgr_submit_req(txBlob)))
306 		return result;
307 
308 	result = UnloadBlob_Header(txBlob, &paramSize);
309 
310 	LogResult("Delegate_VerifyDelegation", result);
311 
312 	return result;
313 }
314 
315 TSS_RESULT
TCSP_DSAP_Internal(TCS_CONTEXT_HANDLE hContext,TPM_ENTITY_TYPE entityType,TCS_KEY_HANDLE keyHandle,TPM_NONCE * nonceOddDSAP,UINT32 entityValueSize,BYTE * entityValue,TCS_AUTHHANDLE * authHandle,TPM_NONCE * nonceEven,TPM_NONCE * nonceEvenDSAP)316 TCSP_DSAP_Internal(TCS_CONTEXT_HANDLE hContext,	/* in */
317 		   TPM_ENTITY_TYPE entityType,	/* in */
318 		   TCS_KEY_HANDLE keyHandle,	/* in */
319 		   TPM_NONCE *nonceOddDSAP,	/* in */
320 		   UINT32 entityValueSize,	/* in */
321 		   BYTE *entityValue,		/* in */
322 		   TCS_AUTHHANDLE *authHandle,	/* out */
323 		   TPM_NONCE *nonceEven,	/* out */
324 		   TPM_NONCE *nonceEvenDSAP)	/* out */
325 {
326 	TSS_RESULT result;
327 	UINT64 offset = 0;
328 	UINT32 paramSize;
329 	TPM_KEY_HANDLE tpmKeyHandle;
330 	BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
331 
332 	LogDebugFn("Enter");
333 
334 	if ((result = ctx_verify_context(hContext)))
335 		return result;
336 
337 	if (ensureKeyIsLoaded(hContext, keyHandle, &tpmKeyHandle))
338 		return TCSERR(TSS_E_KEY_NOT_LOADED);
339 
340 	/* are the maximum number of auth sessions open? */
341 	if (auth_mgr_req_new(hContext) == FALSE) {
342 		if ((result = auth_mgr_swap_out(hContext)))
343 			goto done;
344 	}
345 
346 	if ((result = tpm_rqu_build(TPM_ORD_DSAP, &offset, txBlob, entityType, tpmKeyHandle,
347 				    nonceOddDSAP, entityValueSize, entityValue)))
348 		return result;
349 
350 	if ((result = req_mgr_submit_req(txBlob)))
351 		return result;
352 
353 	result = UnloadBlob_Header(txBlob, &paramSize);
354 	if (!result) {
355 		if ((result = tpm_rsp_parse(TPM_ORD_DSAP, txBlob, paramSize, authHandle,
356 					    nonceEven->nonce, nonceEvenDSAP->nonce)))
357 			goto done;
358 
359 		/* success, add an entry to the table */
360 		result = auth_mgr_add(hContext, *authHandle);
361 	}
362 done:
363 	LogResult("DSAP", result);
364 
365 	return result;
366 }
367