1 files changed, 119 insertions, 0 deletions

diff --git a/src/tspi/tspi_transport.c b/src/tspi/tspi_transport.c
new file mode 100644
index 0000000..bd956cd
--- /dev/null
+++ b/src/tspi/tspi_transport.c
@@ -0,0 +1,119 @@
+
+/*
+ * Licensed Materials - Property of IBM
+ *
+ * trousers - An open source TCG Software Stack
+ *
+ * (C) Copyright International Business Machines Corp. 2004-2007
+ *
+ */
+
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <inttypes.h>
+
+#include "trousers/tss.h"
+#include "trousers/trousers.h"
+#include "trousers_types.h"
+#include "spi_utils.h"
+#include "capabilities.h"
+#include "tsplog.h"
+#include "obj.h"
+
+
+TSS_RESULT
+Tspi_Context_SetTransEncryptionKey(TSS_HCONTEXT hContext,	/* in */
+				   TSS_HKEY     hIdentKey)	/* in */
+{
+	if (!obj_is_rsakey(hIdentKey))
+		return TSPERR(TSS_E_INVALID_HANDLE);
+
+	return obj_context_set_transport_key(hContext, hIdentKey);
+}
+
+TSS_RESULT
+Tspi_Context_CloseSignTransport(TSS_HCONTEXT    hContext,		/* in */
+				TSS_HKEY        hSigningKey,		/* in */
+				TSS_VALIDATION* pValidationData)	/* in, out */
+{
+	TSS_RESULT result;
+	TSS_HPOLICY hPolicy;
+	TSS_BOOL usesAuth;
+	UINT32 sigLen;
+	BYTE *sig;
+	UINT64 offset;
+	Trspi_HashCtx hashCtx;
+	TPM_DIGEST digest;
+	TPM_SIGN_INFO signInfo;
+
+	if (!obj_is_context(hContext))
+		return TSPERR(TSS_E_INVALID_HANDLE);
+
+	if ((result = obj_rsakey_get_policy(hSigningKey, TSS_POLICY_USAGE, &hPolicy, &usesAuth)))
+		return result;
+
+	if (pValidationData) {
+		if (pValidationData->ulExternalDataLength != sizeof(TPM_NONCE))
+			return TSPERR(TSS_E_BAD_PARAMETER);
+
+		memcpy(signInfo.replay.nonce, pValidationData->rgbExternalData, sizeof(TPM_NONCE));
+	} else {
+		if ((result = get_local_random(hContext, FALSE, sizeof(TPM_NONCE),
+					       (BYTE **)&signInfo.replay.nonce)))
+			return result;
+	}
+
+	/* the transport sessions properties are kept in the context object itself, so just pass
+	 * in what this function provides and let it call ReleaseTransportSigned */
+	if ((result = obj_context_transport_close(hContext, hSigningKey, hPolicy, usesAuth,
+						  &signInfo, &sigLen, &sig)))
+		return result;
+
+	/* inside obj_context_transport_close we set up all the fields of the sign info structure
+	 * other than the tag and 'fixed' */
+	signInfo.tag = TPM_TAG_SIGNINFO;
+	signInfo.fixed[0] = 'T';
+	signInfo.fixed[1] = 'R';
+	signInfo.fixed[2] = 'A';
+	signInfo.fixed[3] = 'N';
+
+	/* hash the sign info struct for use in verifying the TPM's signature */
+	result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
+	result |= Trspi_Hash_SIGN_INFO(&hashCtx, &signInfo);
+	if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) {
+		free(sig);
+		return TSPERR(TSS_E_INTERNAL_ERROR);
+	}
+
+	offset = 0;
+	if (pValidationData) {
+		/* tag the returned allocated memory as alloc'd by the TSP */
+		if ((result = __tspi_add_mem_entry(hContext, sig))) {
+			free(sig);
+			return TSPERR(TSS_E_INTERNAL_ERROR);
+		}
+		pValidationData->rgbValidationData = sig;
+		pValidationData->ulValidationDataLength = sigLen;
+
+		/* passing a NULL blob here puts the exact size of TPM_SIGN_INFO into offset */
+		Trspi_LoadBlob_SIGN_INFO(&offset, NULL, &signInfo);
+		pValidationData->rgbData = calloc_tspi(hContext, offset);
+		if (pValidationData->rgbData == NULL) {
+			LogError("malloc of %" PRIu64 " bytes failed.", offset);
+			free_tspi(hContext, pValidationData->rgbValidationData);
+			pValidationData->rgbValidationData = NULL;
+			pValidationData->ulValidationDataLength = 0;
+			return TSPERR(TSS_E_OUTOFMEMORY);
+		}
+		pValidationData->ulDataLength = (UINT32)offset;
+
+		offset = 0;
+		Trspi_LoadBlob_SIGN_INFO(&offset, pValidationData->rgbData, &signInfo);
+	} else
+		result = __tspi_rsa_verify(hSigningKey, TSS_HASH_SHA1, sizeof(TPM_DIGEST), digest.digest,
+				    sigLen, sig);
+
+	return result;
+}