1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004
8 *
9 */
10
11
12 #include <stdlib.h>
13 #include <stdio.h>
14 #include <string.h>
15 #include <inttypes.h>
16
17 #include "trousers/tss.h"
18 #include "trousers_types.h"
19 #include "tcs_tsp.h"
20 #include "tcsps.h"
21 #include "tcs_utils.h"
22 #include "tcs_int_literals.h"
23 #include "capabilities.h"
24 #include "tcslog.h"
25 #include "req_mgr.h"
26 #include "tcsd_wrap.h"
27 #include "tcsd.h"
28
29 TSS_RESULT
TCSP_Seal_Internal(UINT32 sealOrdinal,TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE keyHandle,TCPA_ENCAUTH encAuth,UINT32 pcrInfoSize,BYTE * PcrInfo,UINT32 inDataSize,BYTE * inData,TPM_AUTH * pubAuth,UINT32 * SealedDataSize,BYTE ** SealedData)30 TCSP_Seal_Internal(UINT32 sealOrdinal, /* in */
31 TCS_CONTEXT_HANDLE hContext, /* in */
32 TCS_KEY_HANDLE keyHandle, /* in */
33 TCPA_ENCAUTH encAuth, /* in */
34 UINT32 pcrInfoSize, /* in */
35 BYTE * PcrInfo, /* in */
36 UINT32 inDataSize, /* in */
37 BYTE * inData, /* in */
38 TPM_AUTH * pubAuth, /* in, out */
39 UINT32 * SealedDataSize, /* out */
40 BYTE ** SealedData) /* out */
41 {
42 UINT64 offset = 0;
43 TSS_RESULT result;
44 UINT32 paramSize;
45 TCPA_KEY_HANDLE keySlot;
46 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
47
48 LogDebug("Entering Seal");
49 if (!pubAuth)
50 return TCSERR(TSS_E_BAD_PARAMETER);
51
52 if ((result = ctx_verify_context(hContext)))
53 goto done;
54
55 if ((result = auth_mgr_check(hContext, &pubAuth->AuthHandle)))
56 goto done;
57
58 if ((result = ensureKeyIsLoaded(hContext, keyHandle, &keySlot)))
59 goto done;
60
61 /* XXX What's this check for? */
62 if (keySlot == 0) {
63 result = TCSERR(TSS_E_FAIL);
64 goto done;
65 }
66
67 if ((result = tpm_rqu_build(sealOrdinal, &offset, txBlob, keySlot, encAuth.authdata,
68 pcrInfoSize, PcrInfo, inDataSize, inData, pubAuth)))
69 return result;
70
71 if ((result = req_mgr_submit_req(txBlob)))
72 goto done;
73
74 offset = 10;
75 result = UnloadBlob_Header(txBlob, ¶mSize);
76
77 if (!result) {
78 result = tpm_rsp_parse(sealOrdinal, txBlob, paramSize, SealedDataSize,
79 SealedData, pubAuth);
80 }
81 LogResult("Seal", result);
82 done:
83 auth_mgr_release_auth(pubAuth, NULL, hContext);
84 return result;
85 }
86
87 TSS_RESULT
TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext,TCS_KEY_HANDLE parentHandle,UINT32 SealedDataSize,BYTE * SealedData,TPM_AUTH * parentAuth,TPM_AUTH * dataAuth,UINT32 * DataSize,BYTE ** Data)88 TCSP_Unseal_Internal(TCS_CONTEXT_HANDLE hContext, /* in */
89 TCS_KEY_HANDLE parentHandle, /* in */
90 UINT32 SealedDataSize, /* in */
91 BYTE * SealedData, /* in */
92 TPM_AUTH * parentAuth, /* in, out */
93 TPM_AUTH * dataAuth, /* in, out */
94 UINT32 * DataSize, /* out */
95 BYTE ** Data) /* out */
96 {
97 UINT64 offset = 0;
98 UINT32 paramSize;
99 TSS_RESULT result;
100 TCPA_KEY_HANDLE keySlot;
101 BYTE txBlob[TSS_TPM_TXBLOB_SIZE];
102
103 LogDebug("Entering Unseal");
104
105 if (dataAuth == NULL)
106 return TCSERR(TSS_E_BAD_PARAMETER);
107
108 if ((result = ctx_verify_context(hContext)))
109 goto done;
110
111 if (parentAuth != NULL) {
112 LogDebug("Auth used");
113 if ((result = auth_mgr_check(hContext, &parentAuth->AuthHandle)))
114 goto done;
115 } else {
116 LogDebug("No Auth");
117 }
118
119 if ((result = auth_mgr_check(hContext, &dataAuth->AuthHandle)))
120 goto done;
121
122 if ((result = ensureKeyIsLoaded(hContext, parentHandle, &keySlot)))
123 goto done;
124
125 /* XXX What's this check for? */
126 if (keySlot == 0) {
127 result = TCSERR(TSS_E_FAIL);
128 goto done;
129 }
130
131 if ((result = tpm_rqu_build(TPM_ORD_Unseal, &offset, txBlob, keySlot, SealedDataSize,
132 SealedData, parentAuth, dataAuth)))
133 return result;
134
135 if ((result = req_mgr_submit_req(txBlob)))
136 goto done;
137
138 offset = 10;
139 result = UnloadBlob_Header(txBlob, ¶mSize);
140
141 if (!result) {
142 result = tpm_rsp_parse(TPM_ORD_Unseal, txBlob, paramSize, DataSize, Data,
143 parentAuth, dataAuth);
144 }
145 LogResult("Unseal", result);
146 done:
147 auth_mgr_release_auth(parentAuth, dataAuth, hContext);
148 return result;
149 }
150