1
2 /*
3 * Licensed Materials - Property of IBM
4 *
5 * trousers - An open source TCG Software Stack
6 *
7 * (C) Copyright International Business Machines Corp. 2004-2007
8 *
9 */
10
11 #include <stdlib.h>
12 #include <stdio.h>
13 #include <string.h>
14 #include <inttypes.h>
15
16 #include "trousers/tss.h"
17 #include "trousers/trousers.h"
18 #include "trousers_types.h"
19 #include "spi_utils.h"
20 #include "capabilities.h"
21 #include "tsplog.h"
22 #include "obj.h"
23
24
25 TSS_RESULT
owner_get_pubek(TSS_HCONTEXT tspContext,TSS_HTPM hTPM,TSS_HKEY * hPubEk)26 owner_get_pubek(TSS_HCONTEXT tspContext, TSS_HTPM hTPM, TSS_HKEY *hPubEk)
27 {
28 TSS_RESULT result;
29 UINT32 tpmVersion, pubEKSize;
30 TSS_HPOLICY hPolicy;
31 Trspi_HashCtx hashCtx;
32 BYTE *pubEK = NULL;
33 TSS_HKEY hRetKey;
34 TPM_AUTH ownerAuth;
35 TPM_DIGEST digest;
36
37
38 if ((result = obj_context_get_tpm_version(tspContext, &tpmVersion)))
39 return result;
40
41 if ((result = obj_tpm_get_policy(hTPM, TSS_POLICY_USAGE, &hPolicy)))
42 return result;
43
44 switch (tpmVersion) {
45 case 2:
46 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
47 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub);
48 result |= Trspi_Hash_UINT32(&hashCtx, TPM_KH_EK);
49 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
50 goto done;
51
52 if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadInternalPub,
53 hPolicy, FALSE, &digest, &ownerAuth)))
54 goto done;
55
56 if ((result = TCS_API(tspContext)->OwnerReadInternalPub(tspContext, TPM_KH_EK,
57 &ownerAuth, &pubEKSize,
58 &pubEK)))
59 goto done;
60
61 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
62 result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS);
63 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadInternalPub);
64 result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK);
65 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
66 goto done;
67
68 if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth)))
69 goto done;
70 break;
71 default:
72 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
73 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek);
74 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
75 goto done;
76
77 if ((result = secret_PerformAuth_OIAP(hTPM, TPM_ORD_OwnerReadPubek, hPolicy, FALSE,
78 &digest, &ownerAuth)))
79 goto done;
80
81 if ((result = TCS_API(tspContext)->OwnerReadPubek(tspContext, &ownerAuth,
82 &pubEKSize, &pubEK)))
83 goto done;
84
85 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
86 result |= Trspi_Hash_UINT32(&hashCtx, TPM_SUCCESS);
87 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_OwnerReadPubek);
88 result |= Trspi_HashUpdate(&hashCtx, pubEKSize, pubEK);
89 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
90 goto done;
91
92 if ((result = obj_policy_validate_auth_oiap(hPolicy, &digest, &ownerAuth)))
93 goto done;
94
95 break;
96 }
97
98 if ((result = obj_rsakey_add(tspContext, TSS_KEY_SIZE_2048|TSS_KEY_TYPE_LEGACY, &hRetKey)))
99 goto done;
100
101 if ((result = obj_rsakey_set_pubkey(hRetKey, TRUE, pubEK)))
102 goto done;
103
104 *hPubEk = hRetKey;
105 done:
106 free(pubEK);
107 return result;
108 }
109