diff options
Diffstat (limited to 'src/tcs/tcsi_aik.c')
| -rw-r--r-- | src/tcs/tcsi_aik.c | 227 |
1 files changed, 227 insertions, 0 deletions
diff --git a/src/tcs/tcsi_aik.c b/src/tcs/tcsi_aik.c new file mode 100644 index 0000000..8915d13 --- /dev/null +++ b/src/tcs/tcsi_aik.c @@ -0,0 +1,227 @@ + +/* + * Licensed Materials - Property of IBM + * + * trousers - An open source TCG Software Stack + * + * (C) Copyright International Business Machines Corp. 2004 + * + */ + + +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <inttypes.h> + +#include "trousers/tss.h" +#include "trousers_types.h" +#include "tcs_tsp.h" +#include "tcs_utils.h" +#include "tcs_int_literals.h" +#include "capabilities.h" +#include "tcslog.h" +#include "tcsps.h" +#include "req_mgr.h" +#include "tcs_aik.h" + + +TSS_RESULT +TCSP_MakeIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /* in */ + BYTE * idKeyInfo, /* in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding, /* out */ + UINT32 * pcEndorsementCredentialSize, /* out */ + BYTE ** prgbEndorsementCredential, /* out */ + UINT32 * pcPlatformCredentialSize, /* out */ + BYTE ** prgbPlatformCredential, /* out */ + UINT32 * pcConformanceCredentialSize, /* out */ + BYTE ** prgbConformanceCredential) /* out */ +{ + UINT64 offset; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (pSrkAuth != NULL) { + LogDebug("SRK Auth Used"); + if ((result = auth_mgr_check(hContext, &pSrkAuth->AuthHandle))) + goto done; + } else { + LogDebug("No SRK Auth"); + } + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + goto done; + + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_MakeIdentity, &offset, txBlob, identityAuth.authdata, + IDLabel_PrivCAHash.digest, idKeyInfoSize, idKeyInfo, pSrkAuth, + pOwnerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_MakeIdentity, txBlob, paramSize, idKeySize, + idKey, pcIdentityBindingSize, prgbIdentityBinding, + pSrkAuth, pOwnerAuth))) + goto done; + + /* If an error occurs, these will return NULL */ + get_credential(TSS_TCS_CREDENTIAL_PLATFORMCERT, pcPlatformCredentialSize, + prgbPlatformCredential); + get_credential(TSS_TCS_CREDENTIAL_TPM_CC, pcConformanceCredentialSize, + prgbConformanceCredential); + get_credential(TSS_TCS_CREDENTIAL_EKCERT, pcEndorsementCredentialSize, + prgbEndorsementCredential); + } + LogResult("Make Identity", result); +done: + auth_mgr_release_auth(pSrkAuth, pOwnerAuth, hContext); + return result; +} + +TSS_RESULT +TCSP_ActivateTPMIdentity_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCS_KEY_HANDLE idKey, /* in */ + UINT32 blobSize, /* in */ + BYTE * blob, /* in */ + TPM_AUTH * idKeyAuth, /* in, out */ + TPM_AUTH * ownerAuth, /* in, out */ + UINT32 * SymmetricKeySize, /* out */ + BYTE ** SymmetricKey) /* out */ +{ + UINT64 offset; + TSS_RESULT result; + UINT32 paramSize; + UINT32 keySlot; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + LogDebug("TCSP_ActivateTPMIdentity"); + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (idKeyAuth != NULL) { + if ((result = auth_mgr_check(hContext, &idKeyAuth->AuthHandle))) + goto done; + } + if ((result = auth_mgr_check(hContext, &ownerAuth->AuthHandle))) + goto done; + + if ((result = ensureKeyIsLoaded(hContext, idKey, &keySlot))) + goto done; + + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_ActivateIdentity, &offset, txBlob, keySlot, blobSize, + blob, idKeyAuth, ownerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_ActivateIdentity, txBlob, paramSize, + SymmetricKeySize, SymmetricKey, idKeyAuth, ownerAuth))) + goto done; + } + +done: + auth_mgr_release_auth(idKeyAuth, ownerAuth, hContext); + return result; +} + +TSS_RESULT +TCS_GetCredential_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + UINT32 ulCredentialType, /* in */ + UINT32 ulCredentialAccessMode, /* in */ + UINT32 * pulCredentialSize, /* out */ + BYTE ** prgbCredentialData) /* out */ +{ + TSS_RESULT result; + + if ((result = ctx_verify_context(hContext))) + return result; + + if ((ulCredentialType != TSS_TCS_CREDENTIAL_EKCERT) && + (ulCredentialType != TSS_TCS_CREDENTIAL_TPM_CC) && + (ulCredentialType != TSS_TCS_CREDENTIAL_PLATFORMCERT)) { + LogError("GetCredential - Unsupported Credential Type"); + return TCSERR(TSS_E_BAD_PARAMETER); + } + + if (ulCredentialAccessMode == TSS_TCS_CERT_ACCESS_AUTO) { + get_credential(ulCredentialType, pulCredentialSize, prgbCredentialData); + } else { + LogError("GetCredential - Unsupported Credential Access Mode"); + return TCSERR(TSS_E_FAIL); + } + + return TSS_SUCCESS; +} + +TSS_RESULT +TCSP_MakeIdentity2_Internal(TCS_CONTEXT_HANDLE hContext, /* in */ + TCPA_ENCAUTH identityAuth, /* in */ + TCPA_CHOSENID_HASH IDLabel_PrivCAHash, /* in */ + UINT32 idKeyInfoSize, /* in */ + BYTE * idKeyInfo, /* in */ + TPM_AUTH * pSrkAuth, /* in, out */ + TPM_AUTH * pOwnerAuth, /* in, out */ + UINT32 * idKeySize, /* out */ + BYTE ** idKey, /* out */ + UINT32 * pcIdentityBindingSize, /* out */ + BYTE ** prgbIdentityBinding) /* out */ +{ + UINT64 offset; + UINT32 paramSize; + TSS_RESULT result; + BYTE txBlob[TSS_TPM_TXBLOB_SIZE]; + + if ((result = ctx_verify_context(hContext))) + goto done; + + if (pSrkAuth) { + if ((result = auth_mgr_check(hContext, &pSrkAuth->AuthHandle))) + goto done; + } + + if ((result = auth_mgr_check(hContext, &pOwnerAuth->AuthHandle))) + goto done; + + offset = 0; + if ((result = tpm_rqu_build(TPM_ORD_MakeIdentity, &offset, txBlob, identityAuth.authdata, + IDLabel_PrivCAHash.digest, idKeyInfoSize, idKeyInfo, pSrkAuth, + pOwnerAuth))) + goto done; + + if ((result = req_mgr_submit_req(txBlob))) + goto done; + + result = UnloadBlob_Header(txBlob, ¶mSize); + if (!result) { + if ((result = tpm_rsp_parse(TPM_ORD_MakeIdentity, txBlob, paramSize, idKeySize, + idKey, pcIdentityBindingSize, prgbIdentityBinding, + pSrkAuth, pOwnerAuth))) + goto done; + } + LogResult("Make Identity", result); +done: + auth_mgr_release_auth(pSrkAuth, pOwnerAuth, hContext); + return result; +} + |